Basically, a distinction is made between the four stages of risk identification, risk assessment, risk management and risk control. They are accompanied by a company risk policy and process monitoring. The framework and starting point of every risk management strategy is the formulation of a company-specific and risk-specific policy. Last but not least, it also takes into account the company’s safety concept and how much risk a company wants to or can take. This risk policy defines opportunities and basic rules for dealing with risks at both the divisional as well as the overall company level. The phase of risk identification involves the collection of current and future risks. During product development, the company should go even further and include not only the potential risks in the intended use, but also the risks associated with inadvertent, or off-label use. Thus, risk identification is probably the most significant component of the risk management process. The risk assessment relates to the dimensions of the probability of occurrence and the amount of damage, or harm. The phase of risk control involves finding ways of responding to the identified and assessed risk and ultimately the damage. The risk control ultimately refers to the correspondence between the actual and the planned risk situation of the company.