Risk Management selection Probability of Occurrence and Severity

E

eileenr

#1
Hello everyone,
I am currently producing a risk management procedure following the ISO 14971 standard. I appreciate that the Risk Management Team who will complete the risk table will be trained and experienced, but I also believe that my procedure should be comprehensive enough that anyone ought to be able to pick it up and use it. Therefore I am wondering, I have my probability of occurrence table and the probability of severity table, however, is there some sort of formula that ought to be used to ensure that the probabilities selected are correct versus estimates? So my question is do other people put guidance at the end of their procedures or equations on how to actually determine the probability of hazard, hazardous situation, harm occurring etc?
Thank you in advance for any feedback
Eileen
 
Elsmar Forum Sponsor

Sam Lazzara

Trusted Information Resource
#2
This up to the manufacturer to define in their risk management process - no standardization I am aware of.
What I see most commonly are 5 levels of Probability (1 through 5) with corresponding numeric ranges, typically logarithmic.
That way, the persons doing the estimates have a reasonable basis for making those estimates instead of only having vague words like probable, remote, once every blue moon, etc. to think about.

For example, P=3 could correlate to 0.1% to 1.0%.
The P values should correspond to the probability of a particular cause leading to harm through a sequence of events.
You could choose to incorporate detectability into your P estimates although at least for Process FMEA type analyses most people seem to have Detectability as a third component of the Residual Risk Index calculation.

Side note - Most people do not speak about the probability of severity. The Severity (also typically a 5 point scale in my experience) is the severity of the worst imagined consequence/harm stemming from the imagined hazards/failures. While I suppose Severity is probabilistic, most tend to just assume the worst will happen (within reason).
 
Last edited:
E

eileenr

#3
Good Morning Sam,
Thank you for your response. I was hoping that there might be some equation I could use, something very concrete. Having discussed this with the engineering team who will be completing the risk management they have decided not to use the detectability equation. It was just a question I asked when I was actually going through the risk management, I found that the numbers being selected were estimates versus being concrete fact, I imagine when the actual procedure is being used, there will be exact risks and hence there will be evidence to support the answers- I hope!!!!
Thank you again for your response.
E
 
#4
I find that the informative Annex D to 14971 to be very helpful as it gives clear examples of both qualitative and semi-quantitative analyses, as well as examples of a 3x3 matrix and 5x5 matrix.

For what it's worth we now tend to use a 4x4 matrix, having previously used a 3S x 5P. We changed that because we could not separate two of the probability levels with anything other than guess work.

The choice of matrix size does tend to be based on the expected overall risk and complexity of the manufacturers device. Simple low risk devices tend to use a smaller matrix (that is; have fewer defined levels for severity and probability). And, with a more complex device you may have more "solid data" that can be used in calculations of probability, so moving more towards the "quantitative" approach.
 
E

eileenr

#5
Dear Pads38
Thank you for that advice, I have been referencing ISO 14971 and have found it to be so useful. I think the key to it all is the amount of data that is available for the medical device that is undergoing the risk assessment. I have been working on a hypothetical risk assessment and its too abstract. I am sure when I am actually doing the risk management assessment for real it will all fall into place. I will use the information provided in annex D.3. Thank you :)
 

sagai

Quite Involved in Discussions
#6
Recently I tend to ignore the probability part of this story to be honest.
I think the only certainty we may have is solely our impression if the mitigation moves probability up, down or stays more or less the same, that' all.
And this is also coming through for me based on some of the recently mentioned deviations among the sevenish.
Regards
 

Bev D

Heretical Statistician
Staff member
Super Moderator
#7
I was hoping that there might be some equation I could use, something very concrete... I found that the numbers being selected were estimates versus being concrete fact, I imagine when the actual procedure is being used, there will be exact risks and hence there will be evidence to support the answers- I hope!!!!
the only way to determine the probability of occurence is to test for it. which is the purpose of verification and validation testing...Even then it will be an 'estimate' but you can calculate the precision of the estimate based on the value and the sample size.

Really the probability or occurence (or frequency of occurence) is really only of value in relationship to the severity of the effect. very serious effects should be mitigated so that there is a very low probability/frequency of occurence and trivial severities can have much larger occurences...

Risk assessment is not intended to be a mathematically precise excercise. it requires thought, logic and good science.
 
E

eileenr

#8
Good Morning Sagai & Bev D
Thank ye both for your replies. I am only learning about all this risk management at the moment, I suppose having a scientific background, I really wanted an equation, but it seems that one does not apply. That answers my question, thank you for your replies, I do appreciate all the feedback.
Thanks
E :yes:
 

sagai

Quite Involved in Discussions
#9
E,
We can take a huge advantage on this forum to save a massive number of years for the journey that takes us to the more or less same conclusion.
:bigwave:
 

somashekar

Staff member
Admin
#10
Good Morning Sagai & Bev D
Thank ye both for your replies. I am only learning about all this risk management at the moment, I suppose having a scientific background, I really wanted an equation, but it seems that one does not apply. That answers my question, thank you for your replies, I do appreciate all the feedback.
Thanks
E :yes:
A serious approach to this can be going out of the organization into the medical field, hospitals, doctors and other medical professionals and assess from their experience. It is worth to have such professionals on your panel for any sort of discussions that throws more light on risk management
 
Thread starter Similar threads Forum Replies Date
V Criteria and Rationale for Selection of Risk Management Tool ISO 14971 - Medical Device Risk Management 2
Sidney Vianna ISO Practical Guide on ISO 31000:2018 - Risk Management Other ISO and International Standards and European Regulations 0
T Risk Assessment and Management Misc. Quality Assurance and Business Systems Related Topics 0
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 MDR requirement: Risk Management Plan for "each device" ISO 14971 - Medical Device Risk Management 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
C AS9100 Rev D 8.1.1 & APQP - Operational risk management process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B ATP 5-19 "Risk Management" Misc. Quality Assurance and Business Systems Related Topics 2
N Risk Management besides mandated FDA requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M Identifying Hazards - Risk management process ISO 14971 - Medical Device Risk Management 6
R Risk Management in the Medical Device Industry ISO 14971 - Medical Device Risk Management 4
F Linking an ISO 31000 Risk management SOP to ISO 17025 ISO 17025 related Discussions 2
Ronen E The unbearable insensitivity of risk management language Other Medical Device and Orthopedic Related Topics 1
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Risk/Benefit vs. benefit-risk - Revising an SOP covering Risk Management with the MDR in mind EU Medical Device Regulations 10
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
R Linking the Processes of Continual Improvement, Change Management, Risk Management, Action Planning, etc? Preventive Action and Continuous Improvement 5
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
J Software for Techfiles and Risk management ISO 14971 - Medical Device Risk Management 1
M Informational ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 6
M Medical Device News ISO TC 210 IEC SC 62A JWG 1 Medical device risk management – São Paulo meeting 2019 Medical Device and FDA Regulations and Standards News 0
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
T Risk Management Report as per MDR Requirements EU Medical Device Regulations 4
S Medical Device Cybersecurity Risk Management File ISO 14971 - Medical Device Risk Management 2
M Medical Device News Health Canada Notice of intent: Strengthening the post-market surveillance and risk management Canada Medical Device Regulations 1
Q Evidence of precautions (clinical evaluation report, risk management report) EU Medical Device Regulations 6
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
A How to view supplier APQP timeline and do risk management APQP and PPAP 4
O Medical Device EMC Risk Management CE Marking (Conformité Européene) / CB Scheme 4
S ISO 13485:2016 - How I can integrate a risk management approach in our SOPs ISO 13485:2016 - Medical Device Quality Management Systems 1
B Time necessary for all Risk Management activities ISO 14971 - Medical Device Risk Management 2
W Virtual Manufacturer and Risk Management ISO 14971 - Medical Device Risk Management 3
O CQE Handbook - Missing Section VII - Risk Management Misc. Quality Assurance and Business Systems Related Topics 1

Similar threads

Top Bottom