Want to apply risk-based thinking? This you should know

ISO 13485:2016 requires companies to use risk-based thinking to manage their business.

Risk is inherent in all aspects of a QMS. There are risks in all systems, processes and functions. Risk-based thinking ensures that any potential risks are identified, considered and controlled throughout the design and use of the quality management system.

If you want to implement it, these are things you need to know…

Risk is combination of the probability of occurrence of harm and the severity of that harm.

The risk can be reduced, by reducing the likelihood of occurrence of an unwanted incident or the severity of damage in case of that incident. It is usually more problematic to reduce the severity of the damage then the likelihood of an unpleasant incident from occurring.

Every process in a company is a source of risk. An unwanted incident occurs whenever a process does not perform as intended. The severity of harm is based on the type of process.

Once the processes that make up the QMS system are defined, these are steps to manage process risk with the QMS system:

  • risks of the processes must be defined
  • action plan to address risks must be developed

The actions taken to reduce the risk should be proportionate to the potential impact that the activities will have on the quality of the delivered products and services. Since companies do not have limitless funds, it is not possible to work on all causes of risk in the processes of the QMS.

The standard does not require the use of any specific risk management tools. Following the steps from ISO 14971 is the sigh you’re on good way in your risk assessment.

Show comments

Join the discussion

4 replies to “Want to apply risk-based thinking? This you should know”

  1. Phillip says:

    I guess this is based on old ISO 14971?

  2. Benjamin Woods says:

    to @Sofia Nascetti
    I guess you have to have some super fantastic QMS software for it! But to get something cool like that probably has it’s price as well (expenive).

  3. Sofia Nascetti says:

    Great article. But, I’m not sure how the risk-based approach can be implemented in every process within the organization? For example, how is that conducted regarding suppliers? Is the evaluation of suppliers enough? That’s risk-based approach toward suppliers? Hope someone can help…

    1. Jared Corben says:

      Dear Sofia, you are on a good track. Evaluation of your suppliers based on the criteria you define is exactly implementing risk-based approach towards them. Verification of purchased product also.

Leave a Reply

Your email address will not be published. Required fields are marked *