Medical device companies use ISO 14971 to identify and manage user risks with their devices. However, we often find these same companies do not manage their project risks well.
The PMBOK Guide[i] defines risk as “an uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.” Therefore, project risk management is the method used on the project to manage the risk. Those activities include planning (how you are going to manage risk), identifying, analyzing, response planning, and controlling the risks on the project.
Project risk management should be an active process used throughout the project to regularly review identified risks, curate those risks, proactively identify new risks, and respond to risks that have become events/ problems/ issues. Project risks include all forms of project risk, including marketing, technical, supplier, operations, sales, etc. This process ends with the project closure.
Strategy 2 Market developed a process called Exploratory PD (ExPD) that helps project teams identify, evaluate, prioritize and track uncertainties and risks throughout a project. To learn more, please go to www.exploratorypd.com.
Medical device companies also need to address user risks, through the process identified in ISO 14971. The steps are somewhat prescribed and device companies must plan, identify, evaluate, and address risks if they will cause patient or user harm. These risks need to be tied in some way to product requirements and a final report is needed that shows the product is safe. In addition, any changes to the product need to include an evaluation of the risk to the user.
Risk management of user risks are required throughout the life of the product, until the device is withdrawn from the market: often long past the end of the project. Users include the patient and care givers who use the product, but may also include other users such as reprocessing groups, inventory management, or surgical setup teams.
Although the scope and use time frames are different between the 2 different risk management processes, there are ways to use both of them effectively.
Risk management is part of every medical device project. You have both user risks, managed through ISO 14971, and project risks which need to be managed. Set up processes that make the 2 types of risk similar to manage and integrate the reviews into your team meetings. You will find that you are much more effective in managing both types of risk.
How to Identify and Manage Project Risk
Dealing with Uncertainty in Product Development
The Multiple Personalities of Risk
[i] Project Management Institute.2013. A Guide to the Project Management Body of Knowledge (PMBOK Guide) – Fifth Edition. Newtown Square, PA. Project Management Institute
Strategy 2 Market helps companies increase growth and decrease product development complexity. www.strategy2market.com
For more information or to speak with one of our consultants, please contact Mary Drotar at 312-212-3144 or [email protected]