5 Foundations of Robust Life Science Risk Management Programs
What does it take to build a robust risk management program at your life science organization?
It’s a tough question, and the answers aren’t always simple. How you plan and implement risk management into your product development depends on many factors, including your organization’s current capacities, competencies, and needs. However, when it comes to building a solid risk management foundation for your organization, there are five important pillars to address.
1. Understanding regulatory requirements
Regulations, guidance documents, and international standards make up the basis for how life science organizations are encouraged and/or required to incorporate risk management into their product development processes. Even though FDA does not expressly require certain types of risk management, they either recommend approaches through guidance or refer to international standards. They lean heavily on ISO 14971 and IEC 62366, for example; plus, they have a number of risk-related guidance documents including:
- Applying Human Factors and Usability Engineering to Medical Devices
- Safety Considerations for Product Design to Minimize Medication Errors
- Q9 Quality Risk Management
- Premarketing Risk Assessment
- Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance, and Enforcement Decisions
Apart from all this guidance, there are also two general risk management principles FDA relies on. First is safety and effectiveness, which is actually codified in 21 CFR 860.7. This principle essentially asks manufacturers to provide valid scientific evidence that the product under review has benefits to the target population that outweigh any probable risks (with adequate controls in place). Additionally, safety and effectiveness requirements demand further evidence that “clinically significant results” can be provided by the product to the target population.
Then there is the (inherent) safety by design principle, which can sometimes be difficult to define but altogether critical for the regulatory submission process. Under safety by design, FDA basically wants to see that risks can be reduced or eliminated through the product’s design as much as possible. When risks cannot be reduced through design, then other avenues for risk control such as labeling or instructions for use should be evaluated.
2. Debunking myths & misconceptions
Why is it so important to debunk myths around risk management when building a strong risk management program at your organization? The answer is simple: those myths and misconceptions can hold your teams back.
Whether as a consequence of entrenched organizational culture, lack of adequate understanding and/or communication, isolated design and risk activities, or other concerns, risk management myths and misconceptions can have a negative impact on how your teams approach, analyze, and control the risks of your life science product. And these myths aren’t confined to one aspect of the risk management process; in fact, they can influence everything from usability and performance analyses to the actual risk documents you submit for regulatory review.
There are many misconceptions out there when it comes to risk management, but perhaps the two most pervasive are:
- Design and risk management are separate development activities
- Risk management is just for meeting regulatory compliance
Both of these are so detrimental to your risk programs because they fail to take into account the necessary integration of risk management and product design (i.e., Design Controls). They provide no avenue for letting quality guide the evolution of your risk controls—not just the regulatory requirements. Quality and risk go hand in hand, which is why such misconceptions need to be debunked to build a more robust risk management program at your organization.
3. Identifying modern risk factors
We live in an age where life science industries are changing at a more rapid pace than at any point in history. This is being fueled by technology, as well as the increasing power of the Voice of the Customer (VOC). Incredible opportunities to improve patient outcomes, offer new and dynamic treatments, and help your organization thrive are now at everyone’s fingertips. However, this changing landscape brings a number of new risks to the foreground.
Cybersecurity, for example, has been a major risk concern for the industry and regulators alike for years now. As interconnectivity increases, so do the risks of hacking and product compromises. And with the rise of mobility, risks related to use environments have become a greater concern. Meeting the VOC demanding mobile products while being able to manage the hazards, hazardous situations, and harms of all the environments the product could enter seems an almost impossible task.
As life science organizations move forward with constructing and marketing new and innovative products, they have to meet the demands of the current state of the art as well as VOCs. Increasingly, products are becoming more interconnected, software-based, and mobile, and they generate vast amounts of data. This shift can be difficult to account for in your risk management, but necessary.
4. Implementing appropriate risk management tools
Choosing what tools your risk management teams use in your premarket development activities is essential for building a strong risk program at your organization. Commonly, one tool is not enough to do the job—you need a number of activities, approaches, and tools dependent on the needs of your organization.
How you identify and apply these is not an easy task. There are many different tools available, and neither regulatory agencies nor international standards recommend one over the other. As a result, figuring out what risk tools can be considered appropriate for implementation into your development activities can sometimes be a guessing game. However, relying on regulatory guidance and standards is a good approach. In addition, identifying industry best practices can be worthwhile. Some FDA-recommended risk tools include:
- Failure mode effects analysis
- Fault tree analysis
- Preliminary hazard analysis
- Usability risk activities (i.e., use error analysis)
5. Iterative risk management
Many organizations think a once-over approach to risk management is sufficient to adequately control risk and provide assurances of safety and effectiveness to regulators. Unfortunately, this is far from the truth. In order to build a fully robust risk management program at your life science organization, you need some repetition.
An iterative risk management approach process helps in identifying high-priority risks early on in the design process, and incorporating the necessary controls to ensure safety and effectiveness. Once the high-impact risks are controlled for, lower-level risks can be managed through design or mitigation. From evaluating and scoring risks to evaluating the impact of resulting controls and implementing them, this process forms new design inputs that also have to be evaluated.
Iterative risk management allows your teams to reduce or eliminate residual risk to acceptable levels, and allows for features that can have less of an impact on the overall product design. In concert with the other foundations of robust risk management, incorporating iteration into your risk activities can transform your overall product development.
About Nick Schofield
Nick Schofield is a content creator for Cognition Corporation. A graduate of the University of Massachusetts Lowell, he has written for newspapers, the IT industry, and cybersecurity firms. In his spare time, he is writing, hanging out with his girlfriend and his cats, or geeking out over craft beer. He can be reached at email@example.com.