Isolated risk management is not effective risk management

Risk Management is an essential requirement for compliance to the European Union and FDA Medical Device regulations. Standards-developing agencies have also focused on the importance of applying Risk Management to medical devices in view of ensuring patient safety, most notably in the ISO 14971 standard.

However, Risk Management is not just a compliance requirement. It is the identification of hazards and hazardous conditions, estimation and evaluation of the associated risks, establishment of controls for those risks and continuous monitoring of the effectiveness of the controls throughout the product lifecycle. When initiated early and employed frequently as an integrated part of development, risk management provides opportunities for product innovation, as well as reducing costs of defects and rework.

The FDA recognizes that Risk Management must be an integrated part of the overall development process.

"Although each participant has a role in managing risks, no participant can be successful alone. Optimal safety can be accomplished only by an integrated system in which the roles and responsibilities, as well as capabilities and limitations, of each participant are known to all." (http://www.fda.gov/Safety/SafetyofSpecificProducts/ucm180580.htm)

Each participant in product development, whether an engineer, medical specialist, compliance specialist, or verification and validation expert, needs to be integrated into Risk Management. They need to collaborate in order to be effective.

Unfortunately, most organizations practice Risk Management as an isolated process, separate from the design, development and verification. The use of standalone Risk Management tools or office software to record and manage the Risk Management process encourages this. This reduces the efficacy of Risk Management and complicates the demonstration of compliance.

To leverage Risk Management's potential for innovation and cost reduction and reduce the effort required for audits, Medical Device Engineering companies need dynamic traceability between Risk Management and the other development disciplines. Risks must not only be readily traceable to the identified hazards. Developers and engineers must also be able to easily trace their development artifacts such as system, hardware and software requirements, design, and verification and validation plans to the risk control measures.

When Risk Management is integrated into the development process, design and requirement change impacts can be quickly evaluated without having to sort through pages of spreadsheets and documents. Development has real time visibility into risk coverage and can ensure that hazards and risks are appropriately controlled and that the controls have verification and validation plans in place.

We recently witnessed just how effective this approach can be with a customer using MKS Integrity for Medical Device Engineering. This customer uses Integrity across their entire development process, and when they were audited recently, the auditor stated in his report "This traceability is the absolute best this auditor has ever seen." In addition to this outcome, the customer has compressed development cycles, improved productivity, mitigated risk, and streamlined regulatory and internal reporting.