Risk management is more than just checking boxes or filling out forms to satisfy regulatory requirements; it is an essential part of the design process, according to consultant Tom Shoup, who recently finished writing a new guide on the subject for startups and other manufacturers new to the healthcare arena.
“Lots of companies—startups as well as established companies—often think of risk management as a ‘regulatory thing’ and not a ‘design thing,’” Shoup says. “Since risk management is a process that helps make a product with an acceptable total risk, which is the definition of safe, I hope startups will see the advantage of using risk management as part of the design thought process and start it as early as possible.”
“The benefit, in addition to a safe product, is fewer surprises late in development or early post-market, which are very costly.”
As a senior research and development manager, Shoup has always had shared responsibility for risk management during the development or revision of a product, but it was his experience as a principal scientist for a startup company that influenced the content of his book, titled Premarket Risk Management for New Medical Device Companies.
“We were working on a CAPA [corrective and preventive action], and I realized that others in the company didn’t really understand what should be in the risk management file,” Shoup remembers. “So along with the regulatory manager, we sketched that out and used it to train others in the company.”
Although there are a number of standards and technical information reports (TIRs) that outline the process of risk management—such as ANSI/AAMI/ISO 14971, Medical devices—Application of risk management to medical devices, and ANSI/AAMI/IEC TIR80002-1, Application of risk management for IT networks incorporating medical devices—Part 2-1: Step by step risk management of medical IT networks; Practical applications and examples—participants at the 2015 AAMI/FDA Risk Management Summit felt a practical “how to” resource for new entrants to the medical device market was lacking.
In his book, Shoup describes the contents of a risk management file and outlines the activities that go into its creation, such as hazard identification and risk assessment and control. The book also includes useful templates for developing a risk management plan and other necessary documents, as well as a risk management report checklist.
“Startups usually know they need to do something about risk management, but they often think brainstorming a big risk assessment matrix is the heart of the work when that’s not a good approach at all,” Shoup says. “I hope risk management owners in startups will say ‘I get it’ after reading this book and will know how to create a premarket risk management file for their first product.”