Risk management as a strategy

risk managment consultant ISO 14971

Risks are almost inseparable from any entrepreneurial activity and especially during product development. For this reason, risks also have a not to be underestimated influence on the course of goal setting and achievement. They are based on the uncertainty of future events and their effects. Not recognized and mastered in time, risks often jeopardize the successful further development of a company.

To avoid a deviation from the company goals

The term risk management refers to the handling of all risks resulting from the day-to-day business of a company. Risk management does not limit itself to dealing with insurable risks. As part of the leadership, risk management avoids, e.g. according to ISO 31000, a departure from the company’s goals. Its need arises from a number of statutory provisions, such as the risk-based approach to product development of medical devices or pharmaceuticals. Risk management is also used in projects in order to identify risks early and thus to maximize the probability of success of the project.

From risk identification to risk control

Basically, a distinction is made between the four stages of risk identification, risk assessment, risk management and risk control. They are accompanied by a company risk policy and process monitoring. The framework and starting point of every risk management strategy is the formulation of a company-specific and risk-specific policy. Last but not least, it also takes into account the company’s safety concept and how much risk a company wants to or can take. This risk policy defines opportunities and basic rules for dealing with risks at both the divisional as well as the overall company level. The phase of risk identification involves the collection of current and future risks. During product development, the company should go even further and include not only the potential risks in the intended use, but also the risks associated with inadvertent, or off-label use. Thus, risk identification is probably the most significant component of the risk management process. The risk assessment relates to the dimensions of the probability of occurrence and the amount of damage, or harm. The phase of risk control involves finding ways of responding to the identified and assessed risk and ultimately the damage. The risk control ultimately refers to the correspondence between the actual and the planned risk situation of the company.

The application to medical devices

ISO 14971 is the standard for the application of risk management to medical devices. It describes a risk management process for identifying, evaluating and monitoring the risks of medical devices with the aim of patient safety. This process includes risk analysis, the preparation of risk management reports, the definition of risk acceptance criteria and the definition and implementation of risk minimization measures. The call for an efficient and successful risk management strategy is the most central of the essential requirements of the Medical Device Regulation (MDR 2017/745). If a medical device manufacturer follows this standard-compliant risk management process, it largely meets the legal requirements.

Errors in the documentation and the use of terms

If a company develops medical devices for the first time, risk management is often the biggest challenge. The application of the process to medical devices requires knowledge of the context as well as competencies of the risk assessment procedures. Due to this, a large number of companies pursue an inadequate risk management strategy. The errors usually lie in the use of terminology as well as in the documentation of the verification and effectiveness of risk-minimizing measures. Furthermore, the risks are often only partially used to efficiently monitor a marketed medical device in the post-market surveillance process. Since risk management files are not only created during product development but must be kept up-to-date throughout the product lifecycle, these documents have a high potential for error, as some prominent examples in the past have shown.

Development of an individual and bespoke risk management strategy

Avanti Europe supports you in creating a risk management process and file. Finally, risk management is one of the most important tools for assessing the safety of a service or product. A robust and efficient risk management process guarantees the safe and effective use of the products by the defined user group. As a key activity, the process begins with the design of the product or service. The experts of Avanti Europe guide you through all regulations and requirements. Based on our many years of practical and theoretical experience, we support you quickly and reliably in the development of an individual and bespoke risk management strategy that can also be used for post-market surveillance of the service or product.