What to include in the risk analysis table?

Vetty007

Involved In Discussions
Hi,

I am curious what aspects should be included in the risk analysis table and would be happy for comments about it, esp. for the following aspects:

1.) hazard, events, hazardous situation and harm, S, P, risk acceptance, risk-benefit rating is quite clear neeeded

But I wonder, if the Impact of the hazardous situation on Patient, User, Third Party and Environment also needs to be included as the definition of hazard and hazardous situation includes them. But if I add an additional row for this, I consequently need to rate the situation more or less separately for each of it and will end up with a lot of splittings, even if e.g. the harm will be the same for user and patient, but for the environment it will be always different and not always zero, so that its not needed to give.

Also ISO 24971 differentiates for random or systematic faults leading to a hazardous situation, thus this could be an additional row too. While the first point I wonder could be also given in separate lines, rating the fault type makes more sense as separate row.

2. ) Root Cause
I regularly see this given, but didn't found it as requirement. Maybe this is only due as risk analysis was possibly started as FMEA, but then changed to one
according to 14971

3.) Normal use/misuse
Its required to to rate the risks under theses conditions and I use to give this information in a separate row and if the situation is taken care in Usability
engineering.

4.) risk control measures (RCM)
Its required to give the risk controle measure (e.g. control of incoming raw-material), its implementation (e.g. Checklist for this control), Verification of this
implementation (e.g. filled checklist for the raw-material) and Verification of the efficacy of this RCM. The last is a little bit hard do define (e.g. in my example end product control will met specifications allowing the conclusion that the raw materials were also in order; however, this is also very inaccurate, since various other factors also play a role, samples of the raw material are not suitable to prove that my incoming raw-material inspection is effective, but rather prove that I can trust the information provided by the supplier) and after discussion with different people, I am confused as a lot of them rate the first verification I gave also as verification for its efficacy or they simply state, that the verification is no complaints from post market surveillance. Thus I am curious about other views about this and how specific you define the second verification.

Hopefully my question and information is clear and I look forward to your thoughts :)
 

Tidge

Trusted Information Resource
I may come back to the rest of the post, but I want to make a quick comment on this:

Hi,

I am curious what aspects should be included in the risk analysis table and would be happy for comments about it, esp. for the following aspects:

1.) hazard, events, hazardous situation and harm, S, P, risk acceptance, risk-benefit rating is quite clear neeeded

But I wonder, if the Impact of the hazardous situation on Patient, User, Third Party and Environment also needs to be included as the definition of hazard and hazardous situation includes them. But if I add an additional row for this, I consequently need to rate the situation more or less separately for each of it and will end up with a lot of splittings, even if e.g. the harm will be the same for user and patient, but for the environment it will be always different and not always zero, so that its not needed to give.

Also ISO 24971 differentiates for random or systematic faults leading to a hazardous situation, thus this could be an additional row too. While the first point I wonder could be also given in separate lines, rating the fault type makes more sense as separate row.

Hazards exist independent of circumstances of use. The Hazardous Situation is how the user/patient is exposed to a Hazard.

As recognized: There will be different (P1, P2) ratings and possibly different harms (with different Severity ratings). When it comes to "lines of analysis", an organization is allowed to "combine" lines (or cross-reference in a database) in a way that makes sense. I see two reasons to not try to avoid having multiple lines of analyses, even if (a) the same hazards/hazardous situations end up with multiple harms and (b) the same risk controls end up on multiple lines:
  1. During development, splitting the lines of analyses is the mechanism to make sure that no risks got overlooked (or under-appreciated)
  2. After launch, it will be easier to find the appropriate line-of-analysis for complaints/defects.
Specific to the second point: Sometimes there is a temptation in a risk analysis to try to "go only with the worst-cases, if we control those then the device will be safe and effective." However: customer complaints/alleged defects often do not come in for "worst case". Similarly, if a risk analysis skips certain situations it will become impossible to predict which of the included situations will be referenced should a complaint from a not-included situation appears.
 

Vetty007

Involved In Discussions
Thanks a lot for your always very valuable comments :)

Good point with the missing situation to refer to in case of complaints.

I am happy to hear that you share the approach to assess the hazardous situation separately for the parties exposed - I always get told that I am always too precise and thorough and obsessed with details. I want to keep it that way, but it also takes a lot of time, so I want to make sure I don't overshoot again.

Also this site note, with only going with the worst-case, I absolutely agree, but also needs to add that I am sometimes unhappy to add some possible hazards, which in a few cases could also result in a positive outcome (e.g. chemical contamination that as a side effect kills coronavirus), but for which there is no proper rating situation....
 
Top Bottom