What is risk?
The word “risk” may seem simple, but it is interpreted in different ways by different people. Even when the same word “risk” is used, it is sometimes used in completely different ways by different people. This is the reason why people sometimes have difficulty in discussing risk.
Although there are various definitions of risk, it is generally understood to be a concept that refers to the possibility of encountering danger or loss associated with an action (or not acting).
Risk is sometimes translated as “danger” or “hazard” in Japanese. Hazard refers to a potential source of danger, while risk is a combination of the possibility that a hazard may actually occur and become a real danger. The risk is low if the hazard is unlikely to occur, while the risk is high if the probability is low but the consequences of its occurrence are severe.
1. Issues and Risks
Risks and problems are different. Problems are to be solved; risks are to be reduced.
A problem is an obstacle that is currently occurring. Since it is happening now, it will have to be resolved. A risk, on the other hand, is an event that has not yet occurred and may occur in the future. We must think about avoiding the occurrence of these possible future events or reducing their impact if they do occur. Risk is always in the future. As soon as it is in the past, it is no longer a risk.
Let me explain in an episode.
For example, let’s say there are several pits dug into the beach. You do not know how many pits are dug. However, you have to walk along the beach. Naturally, the risk is that you might fall into one of the pits and get hurt.
How, then, can we avoid risk? Naturally, it can be avoided by looking for and filling in all the pitfalls.
However, since you do not know how many pitfalls were dug, it is possible that even if you found and buried some pitfalls, there may still be some left. This is called residual risk.
In general, time limitations and technical or cost issues make it difficult to avoid all risks.
If we cannot discover all the pitfalls and avoid risk altogether, what must we do next?
It is risk reduction. For example,
- Two people walk together so that if they fall into a pit, they can be rescued.
- Walking with a helmet on to avoid injury if you fall into a pit.
- Walk around with a cell phone so that you can call an ambulance if you are injured.
and other risk reduction measures.
This example is analogous to software bug squashing. It is generally unknown how many bugs (program defects) are latent in software. Software developers test and test again and again, trying to find as many bugs as they can. However, it is generally impossible to find and fix all bugs.
Of course, software developers do not know how many bugs may be latent in even their own programs.
As you have already understood, what has happened is not a risk. Again, an event that has occurred is a “problem. Problems require CAPA (Corrective and Preventive Action) to prevent recurrence.
This is something that the author feels many people misunderstand during risk management consultations and seminars. For example, many companies receive complaints, repairs, or inquiries from the market, but conduct risk analysis in response. Is it not stated in the procedure manual that if there is a complaint, repair, health hazard, etc., a risk assessment should be conducted? Complaints, repairs, health hazards, etc. are not risks. They are problems because they have already occurred. Therefore, CAPA is implemented, not risk management.
For example, many company procedures require a probability of occurrence when an injury is reported, but it is meaningless to require a probability of occurrence because it has already happened; CAPA must be conducted on the assumption that if one case occurs, it will surely occur in the future. Only the severity of the incident must be taken into account when deciding whether or not to prevent recurrence.
2. Swiss Cheese Model
Often when talking about risk, the Swiss cheese model is used. One often hears of “a misfortune upon misfortune” or “an accident upon accident.”
As you may intuitively know, there are several opportunities to break the chain of events during the accident analysis process. Safety-oriented systems have multiple preparations in place to ensure that they do not lead to an eventual accident.
Accidents occur precisely through these multiple gaps. In most cases, accidents would not have occurred if the chain of events leading to the accident had been broken somewhere along the way.
For example, medical devices are always equipped with safety devices, but accidents occur when safety devices happen to be inoperative, when human error happens to occur, or when these circumstances coincide.
The idea of multiplexing safety devices must be taken to ensure that risks do not occur by accident.
3.Definition of Risk in ISO 9000
In ISO 9000:2008 “Quality management systems – Fundamentals and terminology”, the definition of risk was “the combination of the probability of occurrence of harm and the severity of that harm”, which was changed to “the effect of uncertainty” in ISO 9000:2015.
This may be because ISO 9001:2015 “Quality management systems – Requirements” covers not only the manufacturing industry, but also the service industry, etc., and is aligned with ISO Guide 73:2009 “Risk management – Terminology – Standards ISO Guide 73:2009 “Risk management – Terminology – Guidelines for use in standards”.
On the other hand, ISO 13485:2016 defines risk as “the combination of the probability of occurrence of harm and the severity of that harm.
It should be noted that ISO 9000 and ISO 13485 define risk differently.
4. What is risk?
As noted above, ISO 13485:2016 defines risk as “the combination of the probability of occurrence of harm and the severity of that harm.” This definition is consistent with ISO/IEC Guide 51.
In fact, this definition is very close to how we make decisions every day.
For example, airplanes are rarely survivable in a crash. However, readers will board airplanes on business trips and vacations. The reason is that they believe that they will not fall. In other words, they think that the probability of an accident is extremely low. On the other hand, they also know that an accident would be serious. In other words, we multiply the probability of occurrence and the severity in our minds and make a decision to board a plane if the risk is of this level. Therefore, the above definition is more natural for us. We always multiply the severity and the probability of occurrence in our minds.
There is an important point to be made here. It is important to note that it is the probability of occurrence of harm, not the probability of occurrence of defects.
In other words, it is not the probability of a defect in a medical device, but the probability of harm to humans as a result of the defect.
5. Approach to risk occurrence
ISO 14971 requires manufacturers to develop a list of known and foreseeable hazards associated with medical devices, for both normal and fault conditions, and to consider hazardous conditions and foreseeable sequences of events that could cause harm.
A hazard does not lead to harm unless a series of events or other ambient conditions (including normal use) create a hazardous condition. A hazard does not lead to harm unless a hazardous condition is created by a series of events or other surrounding circumstances (including normal use). At the point of hazard, the risk can be assessed by estimating the severity and probability of occurrence of the possible hazard (see figure).
In this figure, P1 is the probability that the hazardous condition will occur and P2 is the probability that the hazardous condition will lead to harm.
For example, the probability that a certain part of a device becomes hot is P1, and the probability that a human comes into contact with the hot part is P2. The probability of burns (harm) can thus be calculated as P1 × P2.
The probability of occurrence of harm can be expressed as a combination of two probabilities (P1, P2) or as a single probability (P); decomposition into P1 and P2 is not required.
関連商品
[blogcard url=”https://ecompliance.co.jp/SHOP/191121P.html” title=”医療機器企業におけるリスクマネジメントセミナー” content=”医療機器企業にとって、リスクを管理することは非常に重要です。しかしながら、リスクマネジメントは難解です。医療機器業界では、欧州が先行し、90年代からIOS-14971が制定されました。
医療機器には何がしかのリスクが潜んでいます。リスク分析の結果は、設計管理のインプットとなります。
医療機器事故は、ユーザの意図した利用と設計者の思想のギャップによって起こるとされています。
昨今では、ユーザビリティを含め、合理的な誤使用を予測したリスク分析が求められています。
演者は多くの医療機器企業においてリスクマネジメントの指導を行ってきましたが、各社ともに我流で実施していることが多いようです。
それでは、医療機器の安全が確保できず、また回収(改修)も減少しません。
そのためには、リスクマネジメントの基本的な考え方と規制当局の期待を十分に理解しなければなりません。
本セミナービデオでは、難解なリスクマネジメントを初心者にもわかりやすく解説いたします。”]
[blogcard url=”https://ecompliance.co.jp/SHOP/EL-008.html” title=”【セミナービデオ】医療機器企業におけるリスクマネジメントセミナー” content=”医療機器企業にとって、リスクを管理することは非常に重要です。しかしながら、リスクマネジメントは難解です。医療機器業界では、欧州が先行し、90年代からIOS-14971が制定されました。
医療機器には何がしかのリスクが潜んでいます。リスク分析の結果は、設計管理のインプットとなります。
医療機器事故は、ユーザの意図した利用と設計者の思想のギャップによって起こるとされています。
昨今では、ユーザビリティを含め、合理的な誤使用を予測したリスク分析が求められています。
演者は多くの医療機器企業においてリスクマネジメントの指導を行ってきましたが、各社ともに我流で実施していることが多いようです。
それでは、医療機器の安全が確保できず、また回収(改修)も減少しません。
そのためには、リスクマネジメントの基本的な考え方と規制当局の期待を十分に理解しなければなりません。
本セミナービデオでは、難解なリスクマネジメントを初心者にもわかりやすく解説いたします。”]
[blogcard url=”https://ecompliance.co.jp/SHOP/MD-QMS-026.html” title=”【ISO 14971:2019対応】リスクマネジメント規程・手順書・様式” content=”ISO14971:2019に沿った形のリスクマネジメント規程・手順書・様式です。医療機器設計におけるリスク分析は、ISO-14971に従って実施されています。
リスクマネジメント実施のための手順や様式を整えておかなければなりません。”] [blogcard url=”https://xn--2lwu4a.jp/qms-md/” title=”QMS(手順書)ひな形 医療機器関連” ]
]]>
Comment