Perhaps the best source to establish a risk management procedure for an FDA regulated facility is ISO 14971. Although this standard is geared towards medical devices, the concept is indispensable to any other industry. The risk analysis tools may be different for specific industry or application, but the fundamentals remain the same.
The Risk is a combination of the probability of occurrence of harm and the severity of that harm. Harm is the physical injury or damage to the health of people, or damage to property or the environment. The risk management principles are to improve the safety of products:
1. Risk management planning is conducted proactively to ensure completion of risk management tasks throughout the product life cycle.
2. Risk acceptability criteria for every product are clearly established.
3. Methodical approaches are followed by those conducting risk management activities for the assessment of risks to patients, operators, other persons, property, equipment and the environment.
4. Risk control techniques are consistently implemented to reduce risks as far as possible to acceptable levels.
5. Product risks are communicated to and accepted by persons with appropriate authority for the product prior to product launch and in the event of significant change in the product risk profile.
6. Processes are established to collect and monitor risk information throughout the product life-cycle for the early detection of adverse trends.
7. Products which might pose unacceptable safety risks are properly contained, corrected, and/or removed from the market.
A typical risk management process in a regulated industry such as a medical device manufacturer is:
Risk Management Methodology is:
1. Risk Management Plan
2. Risk Analysis
3. Risk Evaluation
4. Risk Control
5. Evaluation of Overall Residual Risk Acceptability
6. Risk Management Report
7. Monitor Risks (by tracking and trending data sources)
8. Risk Management File (RMF) which is a set of records that are produced by risk management
OC = Occurrence (frequency of occurrence of a failure cause or hazard, A component of P1)
P1 = Probability of a Hazardous Situation (probability sequence of events leading to hazardous situations; technical probability)
P2 = Probability of a Hazardous Situation leading to Harm (probability that harm occurs when the patient, user, property or environment is exposed to hazardous situation; clinical probability). If P2 is not known or documented, it would be considered 100%. Thus, P(Total) shall be equal to P1.
PTotal = Probability of Harm (probability of sequence of events leading to harm (the overall probability of harm)
S = Severity of harm