Thomas Skogen

Risk Management Is More Than a Spreadsheet

By Thomas Skogen
Thomas Skogen

Mitigating risk of failure is one of the most important disciplines to perform for medical device manufacturers, and for the last couple of years, it has become an increasingly difficult discipline to master.

In a previous article, we discussed several causes that lead to product malfunctions and how to mitigate them. In this article, we will look at how a change from a document-driven risk management approach to a data-driven risk management approach can help mitigate product failure.

Mitigating risk of failure is one of the most important disciplines to perform for medical device manufacturers, and for the last couple of years, it has become an increasingly difficult discipline to master due to:

  • Government and industry compliance regulations being heavily expanded in recent years
  • Products getting increasingly complex
  • Paper-based or disconnected risk management processes

Changes to regulatory requirements, namely the latest updates to Medical Device Single Audit Program (MDSAP) adopted by regulators in the US, Canada, Japan, Brazil, and Australia as well as the EU Medical Device Regulations (MDR), are impacting medical device manufacturers.

These regulatory changes were introduced to raise product quality and the safe use of these devices. They were also introduced to provide manufacturers with better insight into the complete product lifecycle through improved quality metrics and a more efficient inspection process.

In addition, medical devices are becoming increasingly complex, driven by rapid innovation, market demand and the incorporation of software into these devices. Systems within systems must successfully interact with other systems, internal and external to the product itself, to function properly.  Each of these factors adds risks and opportunities that must be identified, analyzed, accepted, mitigated, or exploited early in the design process.

The increase in product complexity has also led to a dramatic increase of product data. It is not the volume of product data, however, that makes risk management processes increasingly difficult to perform. It is the way medical device companies are handling their processes today.

Challenges of Paper-based Processes

Many companies are working with manual paper-based or disconnected processes. Different departments, each with their own processes, create content and data resulting from their individual tasks, decisions, and goals. The data exists in Word or Excel files or other home-grown systems. This results in content and data that live in widely dispersed emails, laptops, desktops, and remote servers not under change management control

Managing risk assessments this way is prone to errors including dead links, deleted data, and insufficient artifacts to describe the certainty for approvals. The risk assessment report based on the data cannot be trusted to represent the process of determining the current state, the history of risk management, and the mitigation it describes. Ultimately, such a system poses risks to end users and stakeholders, as well as the company that relies on the risk management process to bring a product safely to market.

Connecting Risk Management to Product Data

Naturally, risk management should not be managed in disparate databases, documents, or unconnected systems. The risk management process generates live content and data that need to be related to other content and data that is being generated in the design process. Change needs to be tracked as part of an overall change process. A recommendation can set off a chain reaction of changes that create a spider web of relationships. Test plans and results can affect changes in design, material, packaging, documentation, or manufacturing processes. If Failure Modes & Effects Analysis (FMEA) process data is an isolated data instance unrelated to other data in Word, Excel, Access Db, or Lotus Notes, it is very difficult to develop an up-to-date, correct risk management assessment. It is critical that risk management content and data is managed under a change control system that can establish, trace, and report on the impact of identified risks, their assessment, recommendations, and resulting changes to design, product, and processes.

Performing Risk Management in a Product Lifecycle Management (PLM) system enables you to connect your risk management data with your product data. This enables you to create a spider web of data where risk analysis and mitigation processes are directly connected to the exact product data—with a relation to all data and with full traceability of all quality and change processes that may be performed as mitigation processes.

You can easily identify and analyze where to place changes to a product, incorporate updates to a manual or make a change to documentation. When all data are connected and updated throughout the entire process, from start to final change, the risk traceability matrix is automatically generated with no manual updates needed.

With Risk Management in PLM, you become data-driven instead of document-driven. You can create a connection between Risk Identification, Risk Analysis, Risk Mitigation, Risk Traceability Matrix and Requirements—and all this data is automatically connected to your device.

The risk of failure is real, and risk must be managed for patients, operators, external equipment, and the environment. Risk management is only becoming more difficult as product complexity evolves, software replaces many mechanical functions, and the volume of product data keeps increasing. Now is the time to create a more connected and streamlined process for data integration.

About The Author

Thomas Skogen