SBS - The best value in QMS software

Risk managment report of Surgical Mask Example

Marco83

Starting to get Involved
#1
Good morning,
I just finished my first risk managment report of a surgical mask. I don't know if the approach is correct or not.
Could you take a look to my report and tell me if I'm on a wrong or right way?

I wrote the report in Italian but I quikly translated some part of it in english.
The chapter 2 I translate in english only the requirement 4 just to let you understeand the logic that I applied.
The chapter 3 is in italian but is only a copy of the annex 1 of the Directive 93/42/EEC

I still don't understeand the logic behind the assigment of probabilty and risk values.
Thank you very much
 

Attachments

Elsmar Forum Sponsor

Benjamin Weber

Trusted Information Resource
#2
I still don't understeand the logic behind the assigment of probabilty and risk values.
The goal is, to have an objective procedure for the evaluation of the single risks.

  1. At first you define certain probability and severity levels. It is up to you to define these, but ISO 14971 give some help in Annex D.3.2 and D.3.3.
  2. After that you start to identifiy possible hazards (see Annex E), e.g. bacterial contamination of the user.
  3. Then you have to think of possible events and circumstances, that could lead to this hazard, e.g. "procuction process not according to specification -> wrong force/tempearture/humidity/... applied during production -> bad filtering performance -> contamination of the user with external pathogens"
  4. Then you think of the possibility of these events to occur according to you intial probabilities. This gives you the probability P1.
  5. Then you think of the possible harm (e.g. death due to bacterail contamination) and the probalitiy, that this series of events really leads to the expected harm, here: Not every bad filter mask leads automatically to death of the user. It depends on the type of pathogens the user might be exposed to, of the health status of the user ..... This gives ouy probability P2.
  6. The product of P1 x P2 gives you P. Very often the steps of determining P1 and P2 are combined in one single step.
  7. According to your risk evaluation matrix, you will end up with an acceptable or unaccaptable risk.
  8. (here come risk mitigation, risk-benefig-analysis....)
  9. Repeat steps 2 to 8 for all harzards.
The logic behind this is, that for example the the acceptance ot the harm "death" always depends on the probability, this can occur. You can not rule out, that there will never be a user, woh dies due to bacterial contamination: He or she might have immunological disease or co-morbidities, that he or she is the one of a million people who dies, because your mask was not OK. Is this acceptable for you or not? You organize risk-mitigation methods to reduce the risk even further, let's say to one out of a billion. Is this acceptable to you or not? And on and on...

There might be sequences of actions, that could lead to death which are much more likely, than others. Depending on your objective risk evaluation, you identify the critical ones and reduce the probablity.

I hope this helps a little bit, to understand the "logic" ;-)
 

Marco83

Starting to get Involved
#3
Thank you very much.
Yes you gave me an help to undrsteand the logic. But If you ask me why I assigned as probability index : 10^-2 (infrequent) for the requrment 4 danger 1 "Degradation of materials" I cannot justified you. I admit I gave 10^-2 just because I think that if infrequent but i don't have anything that can support it. This is the point that worries me. I pulled randomly every single requirments that I adopted in this RM.
I don't think is the correct way to built a RM.
Exept for that, how do you find my RM?
Thanks a lot
 

Benjamin Weber

Trusted Information Resource
#4
That is a problem everybody struggles, when doing his first risk analysis. If you don't have any experience with the materials, processes etc., you can try to search other sources (material property databases, scientific literature...) to get more profound information. If that is not feasable, your last chance is to make an educated guess. Just applying different indices randomly is of cource not a very good idea. Your guesses should not be absolutely unreasonable. That's also a good reason, why there should be people from different departments with different background in your RM team. You will have to discuss your decisions with the other members and come to a good agreement. And you will have to review and update your RM frequently, where the experiences over time will lead to an adjustment of your initial assumptions.
 

Marco83

Starting to get Involved
#5
what do you mean for educated guess? I was thinking to switch from a semiquantitative analisys to a qualitative analisys (points D3.4.1 - 3.4.2) Could be a good idea?
 

Benjamin Weber

Trusted Information Resource
#6
Switching to a qualitative analysis might be a good idea. Nevertheless, you also have to justifiy your qualitative decisions in some way.
 

Benjamin Weber

Trusted Information Resource
#8
Basically it is OK, as far as I can judge after a short check.

What I noticed:
  • You identify six risks/hazard only. Is that all or just en extract? ISO 14971 gives you a lot of questions to aks yourself, in order to identify possible risks/hazards. Did you go through these? This hepls you, to think about aspects on more objective basis. Eventually the most of these questions may be answered as not applicable (e.g. electrical risks). But then you can be sure to have not missed anything crucial.
  • In chapter 1 you basically describe the RM process with all relevant compliance documents. OK. But I am not sure, if you cover everything correctly. E.g.: 14971 cl. 6.6 requires you to identify possible new hazard arising from the risk control measures. You refer to the list of hazards and the risk details. But there I cannot find anything about possible new hazards arising from the risk control measures. Maybe this is also just, because it is not the whole RM file?
 
Last edited:

Marco83

Starting to get Involved
#9
Good morning,
thank you for your check.
No itsn't an extrac. That's all. it's too little?
To identify the risks I tried to follow the annex 1 of the Directive 93/42/EEC and try to answer to the clauses (applicable of course).
I also use all the clauses of the annex to write the STED.
In my first RM, as you can see at chapter 3, I insert all the clauses of the annex I, in this RM I didn't. I change the format and the guide to follow.
Do I should increase the examples of the risks?
I will check again the ISO 14971 anyway.
Thank you.
 

Marco83

Starting to get Involved
#10
The clause 6.6 it's an error actually. But if I must be sincere I don't know how fll that clause, because the MD is not still on the market.
Anyway I'm rectifing the RM following yours reccomandations.
thanks
 
Thread starter Similar threads Forum Replies Date
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 10
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 3
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 4
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
F Risk for Quality Assurance Department in a Hospital - Hospital Incident Reporting ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
T How do you define your Hazards? <a Risk Management discussion> ISO 14971 - Medical Device Risk Management 16
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
K Identification of hazards and Risk file IEC 62366 - Medical Device Usability Engineering 7
S Risk based internal auditing Internal Auditing 6
Robert Stanley I'm @ RISK of not showing my RISKS! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20

Similar threads

Top Bottom