Session 2: Risk Management Principles and Practices Objectives Session 2: Participants will be introduced to the basic elements of risk management (RM), their importance, sequence, and potential for misuse. They will be able to: ◦Articulate and begin to utilize the basic elements of the RM process; ◦Recognize and begin to employ the steps of the risk assessment process; ◦Distinguish relevant hierarchies of hazard prevention and control for future applications

Basic Elements of the Risk Management (RM) Process  Risk Management Planning & Staffing  That’s why it is called MANAGEMENT, not ANALYSIS  Hazard Identification  Hazard Recognition ( or Acceptance )  Risk Evaluation ( or Assessment )  Risk Prioritization  Risk Control ( or Mitigation )  Reduce or “Transfer” risk  Risk Control Verifications  Risk Control Properly Applied?  Reduces Targeted Risk?  Residual Risk Analysis  Risk Management Reporting

RM Part of Design Control

Sources of Product Risk ◦MANAGEMENT: you are implicitly specifying the product risks with your choice of features and cost/schedule constraints ◦ENGINEERING: you are designing the risks into your product with your design choices ◦PRODUCTION: you are building the risks into your product with your manufacturing choices ◦DISTRIBUTION: your selected channel (timing, mode of transportation, environment) creates an environment that allows risks

Engineering Product Risks Product engineering is all about tradeoffs, balancing cost, schedule, scope, and quality. Every engineering decision (hardware, software, & human factors) AND every quality engineering compromise or shortcut impacts your product’s risk profile. The impact may be large or small, direct or indirect, and beneficial or not. It is those small or indirect effects that require a robust premarket risk management process because ◦They are easy to overlook ◦They can combine

ROBUST = Complete, Correct, & Iterative

Premarket Risk Management Risk management BEFORE you push your product out the back door Required of every manufacturer in every industrial sector, not just for medical devices or other healthcare products

How To Determine Risk? The PRACTICAL MEASURE of risk of an identified hazard has two components: the PROBABILITY of occurrence of the hazard AND the SEVERITY of the consequence of that hazard occurring.

“Fear of harm ought to be proportional not merely to the gravity of the harm, but also to the probability of the event” - Attributed to A. Arnaud Logic, or the Art of Thinking, cf. Bernstein, Loc. 1514

Review of Basic Definitions HAZARD (al zahr, Arabic for dice): ◦Potential source of harm HARM: ◦Physical injury or damage to the health of persons, property, or environment RISK: ◦Future uncertainty of the deviation from an expected outcome PRACTICAL MEASURE OF RISK: ◦Combination of probability of occurrence of harm and severity of that harm

Risk RISK (R) has TWO Components ◦Probability of a Hazard Occurring [P] ◦Probability of Exposure to Hazardous Situation ◦Probability of Harm Actually Occurring ◦Severity of Consequences of Hazard Occurring [S] Practical Measure of Risk R = S x P … actually, just a relative risk index ◦not mathematically sound (do the dimensional analysis) Detection or Detectability [D] ◦NEVER, EVER a part of RISK: D is a risk CONTROL (and a poor one, at that!)

Risk Assessment (RA) Process

RA STEP 1: Hazard Identification  To identify hazards that might impact your medical device, you need to consider the intersection of the:  Top level device attributes, and  Top level hazard categories

RA STEP 1: Hazard Identification– Top Level Device Attributes

RA STEP 1: Hazard Identification– Top Level Hazard Categories for Medical Devices

RA STEP 2: Recognize Hazards  Determine whether hazard categories and specific identified hazards exist within the established and agreed boundaries  REJECT hazards outside the specified boundaries  ACCEPT hazards within or on the specified boundaries  NOTE: You can only accept hazards for yourself & your organization! You cannot accept hazards for customers & users

RA STEP 2: Recognize Hazards – Acceptance Matrix

RA STEP 3: Evaluate Risks  Define (operationalize) the Specific Hazard  Determine the Severity of Harm(s)  Person, Property, Environment  Determine the Probability of Occurrence  Probability of Exposure to Hazard  Probability of Harm Occurring  Determine (for processes only) the Probability of Timely Detection

RA STEP 4: Prioritize Risks  All hazards must be considered and mitigated if reasonably possible  No organization has infinite resources (e.g., time, money, personnel, etc.), so you and your management get to decide what is reasonable  Prioritizing risks permits risk management to focus resources beginning with highest priority risks  When you decide to stop expending resources, you have decided to accept the residual risks as your own; it is a fallacy to think you can transfer the product risk(s) to your users.

Risk Prioritization Number (RPN) Product (Design) Risks dRPN = S x P dRPN ≠ S x P x D Process Risks pRPN = S x P x D NOTE: it is critically important that you have control over the detection (D) function (e.g., audits, inspector training, automated inspection, etc.) You never have control over users!

Risk Control

Risk Control has two basic activities: ◦Proposal of a risk control method, and ◦Verification of the efficacy of the proposed risk control The two components are specified in the medical device risk management international consensus standard recognized by the FDA (Recog #5-40): ◦ISO 14971:2007 § 6.2: Risk control option analysis ◦ISO 14971:2007 § 6.3: Implementation of risk control measure(s)

Risk Control Hierarchy BEST: Inherent safety by design ◦Eliminates or substitutes the hazard ACCEPTABLE: Protective measures ◦“Engineering control” WORST: Information for safety ◦Relies on uncontrolled user to attend to labeling, training, etc. NOTE: Considering the full cost over the full lifecycle, inherent safety by design may be the most cost-effective

Risk Control Verification There are 5 types of engineering verifications: Three (3) from systems engineering ◦Requirements (Design Inputs) Verification ◦Specifications (Design Outputs) Verification ◦Version Verification Two (2) from risk management ◦Risk Control Application Verification ◦Risk Control Effectiveness Verification These are compared & contrasted on the next slide

Risk Verification

Without complete & correct risk control verification, you have no knowledge of the effectiveness of your proposed risk control method. So, that means when you choose “labeling” as your risk control, in order to comply with the standard, you need to conduct a scientifically-valid label comprehension study in all classes of affected user groups (e.g., Pts, HCP, cleaners, maintainers, etc.)

Business Case for Premarket RM In brief, it is well understood that the farther you go in the product development lifecycle, the more expensive it gets to make changes Some estimates are that the cost of change increases by a factor of ten (10x) with each ensuing phase of development Why? Because these are systems, they are interconnected, and any design change will impact other previous design decisions.

Managing Design Risk is Business- critical! Companies that get in trouble seem to do a stellar job of managing financial, process, and other non-product-design risks; when it comes to PRODUCT DESIGN RISKS … not so much. WHY? Because unlike financial risk, you cannot transfer product design risk to others.

Post Market Risks & Management Risk management AFTER you push your product out the back door and through your distribution channel.  Post market vigilance refers to the activities relating to the detection, assessment, understanding and prevention of adverse effects or any other device-related problems (malfunctions) after they have been marketed.  Postmarket vigilance is risk management; it is your last and only safety net for protecting your patients, your customers, and your organization, once your product is beyond your control.

Pre- vs. Post-Market RA Comparison