Risk Management Plan in agile process

Hirvo

Starting to get Involved
#1
Hi,

Background:
our company has only one product, cloud based Medical Engine Software service, which have been in production use for about 5 years. We use agile development process. So there is a ready Medical Engine which we are developing further.
Now we are implementing the 14971.

We described the Risk Management Process.
We have written a Risk Management Plan for the original software (this is written afterwards :) ! ) and The Safety Report and all what are needed to the Risk management File. So there everything is done.

But now there is a problem: What is a Risk Management Plan for the next versions.

Our idea is that we recognize the need for safety analysis in the Increment planning Phase. The Clinical Safety Officer reviews the features and epic in the requirement phase. He/she evaluates if there is a potential safety risk or not. If yes, then we make the risk evaluation for this feature/epic. Otherwise the development continues without risk evaluation processa.

We also have a description, how to make the risk evaluation, if the feature/epic is directed to that process.

In addition before publishing the release there is going to happen a risk management review once again (at the same time as the validation).

Now my question is, can we handle this as a Risk Management Plan? Or is this a description of Risk Management Process? If this is a Risk Management Process, what is and when do we make the Risk Management Plan for the epic/feature? Is the Risk Management Plan made for every epic/feature one by one, if CSO decides that it needs the safety analysis or can/must we make a general Risk management Plan for these epics/features?
 
Elsmar Forum Sponsor

indubioush

Quite Involved in Discussions
#2
Hi Hirvo. Your question is not very clear. Does your company have a design control process? Does your company have a change control process? You need one risk management file for each medical device or medical device family. What is a epics/feature?
 

Hirvo

Starting to get Involved
#3
Does your company have a design control process? yes
Does your company have a change control process? yes
You need one risk management file for each medical device or medical device family. Yes. We have only one product, it is cloud based service, which we develop all the time. All customers use same software.
Epic/Feature, they are agile terms: you can think they are development tasks or a development tasks.

We have Risk Management File for the current service. But we develop the product in the increments.
 

yodon

Staff member
Super Moderator
#6
As @indubioush mentioned, the RM Plan is for a product / family and since you already have a plan, that part may not need any updates. Plans are generally fairly static. Is your current plan not appropriate for what you're doing?

I presume your original plan laid out how you were going to do hazard / risk analysis? I would expect that you would review the target release feature set against your current risk file to determine if any updates are warranted (are the new features introducing new risks, new ways to realize risk, etc.)? In other words, this is likely just another iteration through your RM process per the Plan. (You should also have post-production data to give you insight into whether your original estimates are accurate!)
 

Hirvo

Starting to get Involved
#7
I presume your original plan laid out how you were going to do hazard / risk analysis? -> Yes

I would expect that you would review the target release feature set against your current risk file to determine if any updates are warranted (are the new features introducing new risks, new ways to realize risk, etc.)? -> yes, this is what we are doing, I am just wondering is this what we call a "plan". And is the Plan same for the original project and for the changes (=new versions, releases, features, epics...).

Now I understand that you recommend us to use same Plan for the original product and for the new features.
 

yodon

Staff member
Super Moderator
#10
I would suggest you keep off the 14971 and look into the IEC 62304
Um, 62034 calls out 14971:

7.1.1 Identify SOFTWARE ITEMS that could contribute to a hazardous situation
The MANUFACTURER shall identify SOFTWARE ITEMS that could contribute to a hazardous situation identified in the MEDICAL DEVICE RISK ANALYSIS ACTIVITY of ISO 14971

(and several other places)
 
Thread starter Similar threads Forum Replies Date
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
J Differences between a Risk Management Plan vs. Production Part Approval Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
N Non conformance Report to Risk Management-Plan ISO 14971 - Medical Device Risk Management 16
U Product Level Software Risk Management Plan and Report ISO 14971 - Medical Device Risk Management 2
M Risk Management Plan Template - ISO 14971:2007 Compliant ISO 14971 - Medical Device Risk Management 13
E How to write a Validation Risk Management Plan for Equipment ISO 14971 - Medical Device Risk Management 5
T Medical Device Risk Management Plan ISO 14971 - Medical Device Risk Management 11
T Developing the Risk Management Plan - Risk Management Policy and Objectives ISO 14971 - Medical Device Risk Management 25
Y Risk Management Plan for Medical Device - ISO 14971 ISO 14971 - Medical Device Risk Management 1
T Risk Management Plan for a Mature Product - ISO 14971 ISO 14971 - Medical Device Risk Management 2
Q Risk Management Plan for a Class III Medical Device (Bone Void Filler) ISO 13485:2016 - Medical Device Quality Management Systems 5
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 10
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4

Similar threads

Top Bottom