Risk Management
The focus of risk management is to identify the hazards associated with functional units and their accessories, estimate and evaluate the risks, control these risks and monitor the effectiveness of the control.
The foundation of effective risk management is a clear commitment from corporate management. There are three key commitments that must be made in order to build the necessary infrastructure for a cost-effective risk management program:
• Organize and maintain the knowledge and information on the design, development and manufacturing of the product and ensure this data is up-to-date and accurate. This process is essential as the quality of the risk management program depends directly on this information.
• Provide knowledgeable and competent personnel throughout the organization to manage the risk management process and to participate in risk assessment and other work activities.
• Create a system that not only documents and maintains risk management files, but also records management’s response to these studies and enforces an audit system to ensure that all approved risk reduction actions are implemented in a timely manner. The risk management process in general includes the following elements:
• Risk Management Plan;
• Risk Assessment—covering both Risk Analysis and Risk Evaluation; • Risk Control;
• Post-Production Information.
Risk Management Plan
Management must clearly define the objectives and scope of the project, which are dependent on a number of factors:
• The part of the product/process/system on which the project focuses; • The phase of the product’s life cycle in which the project takes place; • The amount of information available.
Responsibility and resources should be allocated to ensure that no responsibility is omitted.
Decisions concerning risk acceptability may be based on operational, technical, financial, legal, social, humanitarian or other criteria. The decisions can be justified by doing the following:
• Using product-specific standards. If standards are properly implemented and the product is tested, an acceptable level of risk should result.
• Comparing with levels of risk evident from other similar products/systems on the market, which should consider similarities and differences in:
○ Functionality/intended use; ○ Hazards;
○ Risk;
○ Safety features; ○ Historical data;
• Following appropriate guidance documents.
Risk Assessment (Risk Analysis & Risk Evaluation) Risk analysis addresses three specific questions:
• What can go wrong? • How likely is it? • What are the impacts?
In order to answer the above questions, it is essential to understand the intended use or purpose of the product, including any foreseeable misuse, and to identify the product characteristics that could impact on safety.
The next step is to identify hazards associated with the product and determine the related causes and consequences, and ultimately estimate the risk.
Some potential hazards (if applicable) that should be evaluated include these factors: • Toxicity, flammability and reactivity of raw materials and wastes;
• Sensitivity to environmental factors such as temperature and humidity; • Mechanical or electronic hazards;
• Human factors associated with the operator-equipment interface.
The risk analysis is not restricted to only the design of the product but should also be done for the manufacturing process (e.g. assembly process, packaging) and the process of delivering the product to its intended location. For products that involve materials that are sensitive to the environment (e.g., heat, humidity, cold or light), storage and transportation methods need to be reviewed. If problems are identified, appropriate changes should be made in packaging or warnings on storage or packaging containers.
The software used in the functioning of a product to control or monitor systems also needs to be reviewed. The consequences of software errors can be unpredictable, particularly those that involve data corruption or false alarms. In such cases, the product should have a means of detecting software errors or the consequences. For example,
consider installing separate redundant alarms or interlocks on critical aspects of the system/product.
Depending on the complexity of the system/product, one or a combination of risk analysis techniques can be used to identify hazards. Some common techniques include Failure Mode and Effects Analysis (FMEA), Hazard and Operability Analysis (HAZOP) and Fault Tree Analysis (FTA). The FMEA methodology and its application throughout the entire life cycle of the system/product are addressed later in this manual. The other two techniques are described in the next chapter.
Once the risk estimation for all hazards is completed, the acceptability of risk is determined based on the company’s risk-acceptability criteria (based on what was established in the risk management plan) and, if it is too high, the risk needs to be mitigated.
Risk Control
Risk reduction should focus on reducing the hazard severity, the probability of occurrence, or both. The following are examples of risk control:
• Inherent safety by design; • Use of consensus standards;
• Protective design measures (e.g. incorporating alarms and interlocks into the design to mitigate risks that cannot be eliminated);
• Protective manufacturing measures, with improved process or test capabilities; • Safety information (labeling, instructions for use, training, etc.).
The technical and economic practicality of implementing the options should be evaluated. Once the risk reduction decisions are made, the associated risk reduction actions should be implemented and monitored throughout the product’s life cycle.
Post-Production Information
Throughout the product’s lifetime, new information obtained during postmarketing vigilance regarding a new hazard or risk must be assessed and recorded in the risk management file. Hence, risk analysis and management is an ongoing process throughout a product’s lifetime and it is the continuous responsibility of the manufacturer to ensure the product/system safety.
Risk management should start at the early design stage to establish the highest level of inherent safety. This can significantly offset the cost of implementing risk-mitigating measures.