Risk Matrix used by my company

david316

Involved In Discussions
#1
Hello,

The company I work for constructs a risk matrix in order to define its risk acceptability criteria. Severities and probabilities are defined and the matrix is broken down into regions of unacceptable and acceptable risk. In order to document the regions that are acceptable the project team is supposed to consider the following:

-what risks will a device have after implementation of standards. These are assumed to broadly acceptable.
-given the benefit of the proposed device what are the accepted risks. This effectively embeds a risk vs benefit within the matrix.

There are numerous reasons why I disagree with this approach but I would be interested in other people thoughts...

Thanks
 
Elsmar Forum Sponsor

Marcelo

Inactive Registered Visitor
#2
what risks will a device have after implementation of standards. These are assumed to broadly acceptable.
ISO 24971 does have a way to use the risk management with standards that, if you follow an evaluation (the flowchart in ISO 24971), perform testing and the test passes, you can consider the risk acceptable. But obviously you do not need a risk matrix for this, as this is an alternate risk acceptability criteria.

given the benefit of the proposed device what are the accepted risks. This effectively embeds a risk vs benefit within the matrix.
The next edition of ISO 14971 will always require a benefit/risk analysis (for aggregate risks, not individual risks), but again this does not have anything to do with a risk matrix.

As discussed in our previous discussion, I think your company has been using a risk matrix in a weird way (and unfortunately, most people do).
 

david316

Involved In Discussions
#3
I agree. I think its a very weird approach and pretty much impossible to do! It seems very counter intuitive to me to use risk and benefit as part of the justification in the matrix for acceptable risk. What we end up effectively saying is that a product with more benefits is allowed to have more risks as they relate to things like fire, electrocution, burns, etc. I feel this is wrong. I can accept that a product with more benefits can have more risks that relate to a consequence of the therapy but I cannot accept that a product with more benefits can have more risks as a consequence of poor design!
 
S

Soogwoog

#4
I think this is where we start to enter the territory of reducing risk "as far as possible". Yes, a device with greater benefits can more easily justify the existence of risks - however, this doesn't remove the need to reduce those risks "as far as possible". Reducing it as far as possible needs to happen before you can be judging a residual risk acceptable or not.
 
Thread starter Similar threads Forum Replies Date
C Risk Matrix vs FMEAs ISO 14971 - Medical Device Risk Management 3
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
A Risk Evaluation Matrix-Product Portfolio ISO 14971 - Medical Device Risk Management 13
V Risk Assessment Precedence - FMEA > Risk Matrix (Modified PHA) > Ishikawa? FMEA and Control Plans 11
D Developing a Supplier Risk Matrix Supplier Quality Assurance and other Supplier Issues 4
N Risk Acceptance - Consequence Matrix ISO 14971 - Medical Device Risk Management 12
R Risk Assessment Matrix Question - Inputs from the DFMEA, etc. FMEA and Control Plans 9
A 5X5 Risk Analysis Matrix for Suppliers Supplier Quality Assurance and other Supplier Issues 3
B ISO 17025:2017 risk management Risk Management Principles and Generic Guidelines 0
Q FMEA and Risk assessment in MS ACCESS FMEA and Control Plans 2
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 6
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
Aymaneh Medical Device Cybersecurity Risk Management IEC 27001 - Information Security Management Systems (ISMS) 2
S Traceability of requirements to design and risk Design and Development of Products and Processes 3
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
D Deciding whether or not pre-market clinical investigation is required for low risk device EU Medical Device Regulations 5
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
_robinsingh Security Risk Assessment Tool IEC 27001 - Information Security Management Systems (ISMS) 0
A 21 CFR 820 - Risk Management - Looking for some guidance US Food and Drug Administration (FDA) 3
bryan willemot Contract Review and risk managment AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
Sravan Manchikanti Software Risk Management & probability of occurrence as per IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
silentmonkey Rationalising the level of effort and depth of software validation based on risk ISO 13485:2016 - Medical Device Quality Management Systems 10
R Risk assessment on IT containers and the information they contain IEC 27001 - Information Security Management Systems (ISMS) 4
B Threat/Vulnerability Catalogue for risk assessment IEC 27001 - Information Security Management Systems (ISMS) 4
R Opportunity For Improvement vs Opportunity (Positive Risk) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
R FOD Risk Assessment - What tools would you recommend for assessing FOD risk? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
Q Example of the Risk Template Document Control Systems, Procedures, Forms and Templates 1
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
A Risk Number for each software requirement IEC 62304 - Medical Device Software Life Cycle Processes 7
A IEC 60601 11.2.2.1 Risk of Fire in an Oxygen Rich Environment, Source of Ignition IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Importing a general wellness low risk product Other US Medical Device Regulations 3
C Quantifying risk in choosing the number of parts, operators and replicates in a GR&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
R AQL, Consumer Risk and MA Statistical Analysis Tools, Techniques and SPC 2

Similar threads

Top Bottom