ISO 13485:2016 requires companies to use risk-based thinking to manage their business.
Risk is inherent in all aspects of a QMS. There are risks in all systems, processes, and functions. Risk-based thinking ensures that any potential risks are identified, considered, and controlled throughout the design and use of the quality management system.
If you want to implement it, these are things you need to know…
Risk is a combination of the probability of occurrence of harm and the severity of that harm.
The risk can be reduced, by reducing the likelihood of occurrence of an unwanted incident or the severity of damage in case of that incident. It is usually more problematic to reduce the severity of the damage than the likelihood of an unpleasant incident from occurring.
Every process in a company is a source of risk. An unwanted incident occurs whenever a process does not perform as intended. The severity of harm is based on the type of process.
Once the processes that make up the QMS system are defined, these are steps to manage process risk with the QMS system:
- risks of the processes must be defined
- action plan to address risks must be developed
The actions taken to reduce the risk should be proportionate to the potential impact that the activities will have on the quality of the delivered products and services. Since companies do not have limitless funds, it is not possible to work on all causes of risk in the processes of the QMS.
The standard does not require the use of any specific risk management tools. Following the steps from ISO 14971 is a sign you’re on a good way in your risk assessment.