Everyone is applying risk management somehow during their entire life. Some do this consciously and to feel safe. Others do risk management intuitively and situational, for instance, if they will cross the street. A good situation to explain intuitive risk management in childhood is when a child weighs up to ride the bicycle hand-free. The probability of getting hurt if falling over stands for the potential risk and the friends’ recognization stands for the created value or benefit. The benefit/value is increasing if there are more people and by the importance of peoples. Risk mitigation in such a situation is adapting the velocity, but the most effective mitigation would also be to forego the value ergo: don’t do it. In most cases, the children are not aware of or capable of determining the sequence of events leading to harm and overestimate the benefit. The result we all know. If we all start in childhood more or less successful with risk management, it is not astonishing that risk management is applied most probably across every industry systematically or just by personal moods. Insurance, financial services, investments, space, etc are permanently dealing with risk management and related systems. Some are based on highly complex algorithms, and others are performed purely on feelings and best guesses.
Principle of risk management
In some industries, risk management is the backbone of the services, products, and daily business. Furthermore, risk management is the most relevant activities for the company’s success. This can include damage liability insurance, financial investments, product development, petrochemical and chemical processes, railway, aviation, and nuclear power plants. The naming might be different, but the purpose is always the same, reducing the probability of harm and its severity. Aviation is managing the safety and not the risk.
General risk management described by the standard ISO 31000 has the scope to reduce or at least detect the risk related to the products, services, daily business, and business decisions. Usually, risk management is integrated into a management system and is used for decision-making processes. The standard ISO 31000 is applicable mostly for every company and demands to design the risk management suitable for the company size. The described principles are similar to other known management systems so as Quality Management Systems. Risk management is similar to quality management; it must be lived so that it also becomes effective.
Risk management and medical devices
Most regulatory authorities for medical device around the world demand to reduce with a systematic approach the risk to the patient, users, and environment. Hence it is not astonishing the international standard organization describes the requirements for risk management system in the ISO 14971 and the technical documentation how to implement it in ISO/TR 24971.
The standard describes general requirements for a systematic and planned approach for risk management, but it does not consider all regulatory requirement from each country or economy area, it is a consensus of the standard members. Hence, it might be the regulation requirements are stricter as the standard.
European Union, medical device regulation MDR 2017/745
Medical device regulation specifies the requirement to apply a risk management system within the regulation 2017/745 in article…
United State of America, FDA Title 21 CFR
Food and Drug Administration of the United State of America demands within the Title 21 CFR a systematic risk management approach.