Product Risk Management Process
The process includes the analysis, compilation and maintenance of a product risk analysis according to ISO14971:
for a product with it's intended use
containing the analysis of risks (pre-
utilizing different analysis views (e.g. customer interaction/ workflow, instrument process, hardware, software, disposables, reagents, manufacturing, environmental),
providing risk estimates according to defined criteria for e.g. severity, occurrence and detectability
and introducing mitigation measures, which may be defined as safety requirements.
A risk management plan defines the execution for a specific project, with:
The risk management process should integrate the management of software risks as needed (IEC 62304).
Event driven risk analysis for individual (design) changes is recommened from the end of the realization phase on. The assessment links and tracks into change control processes for requirements, V&V documents, version control of components and respective revalidation effort, and confirms successful mitigation of change w/o altering the product performance.
The risk management file follows a project specific hierarchical document organization, according to the refinement of the product into components, vendor ownerships and related processes (e.g. manufacturing, logistic). This structure also is applied for plans and reports (see below).