Showing results for 
Search instead for 
Do you mean 

Morris Medical Monthly: RiskPack Basics (Part 1 of 2)

by Dreamer on ‎05-11-2015 09:25 PM

Welcome back to Morris Medical Monthly: a monthly series for medical device development companies (and companies who are related to such companies), providing some useful information about Polarion solutions and Polarion extensions. Today we will start on the subject of Polarion's RiskPack extension, and have a look into RiskPack's Basics.

The RiskPack approach to risk management

Screenshot image - Polarion RiskPack ExtensionThe RiskPack is build upon the requirements of the international standard for risk management for medical devices, ISO 14971. It supports all elements commonly used in risk management:
  • defining categories for the severities of harm and the probability of their occurrence
  • defining acceptance levels for all risk/probability-combinations
  • defining harms, hazards, hazardous situations and sequences of events
  • estimating and evaluating risks
  • defining risk control measures and track their implementation and verification
  • displaying all relevant information in a table view
  • displaying risks before and after mitigation in a matrix view
  • creating an overall risk-benefit analysis
  • creating a risk management report

How RiskPack deals with information

In traditional risk management approaches, all relevant information is stored in a table-like structure, applications like Microsoft's Excel are often used for this. The problem with this approach is that when the table gets bigger, it's getting more and more inconvenient to maintain. In addition to this, often information (like hazards or harm) have to be repeated and copy-and-pasted within the table. So, as the table grows, people are getting more and more anxious to make any changes to the table and rather keep things like they are - which is exactly the opposite of what risk management should be. The RiskPack has a different approach - it stores its data as pieces of information. Those pieces can be entered in any order and can be combined to rather complex statements by creating links between them. The RiskPack uses Polarion's work items to store these information and adds powerful visualization capabilities to create table views just like in the "old Excel approach". The resulting table view can be customized to only show the information that are relevant for the device under consideration. Of course, only these information must then be provided by work items. This approach makes the RiskPack flexible to support an efficient risk management process that lets you concentrate on the facts independent on their representation.

Which information can be stored

In general, RiskPack can store any kind of information. For a proper risk management, harms must be identified and both their severity and the probability of their occurrence must be recorded. With this information, risk analysis compliant to ISO 14971 is possible. RiskPack provides a data type "harm" with an attribute "severity" and a data type "risk" with the attribute "probability". So identification of possible harms and their severity can be done independently of considering the probability of their occurrence. A "risk" then estimates the probability that a harm can occur. The harm that is considered by that risk is simply linked to the risk. Unfortunately, things are rarely that easy and the sequence of events that finally leads to a harm can be quite complex. RiskPack provides a data type "sequence of events" for exactly that purpose. A sequence of events describes something that is going on, it has a start and an end and "something in between". For example, a sequence of events might start with a system component, taking hazards and hazardous situations into account and finally ending with a harm to a patient. All this can be documented using distinct work item types for system components, hazards, hazardous situations and - as described above - harms. The sequence of events that glues all this together is also a work item type and provides link possibilities for all the other types mentioned above. A "risk" would now consider the probability of occurrence of a whole sequence of events instead of a single harm. But as a harm is part of the sequence of events, the severity of it can be identified and the risk can be estimated for both severity (which is an attribute of the harm) and probability of occurrence (which is an attribute of the risk). To sum it up, information storage within the RiskPack can be quite detailed or quite simple - it only depends on the level of detail needed for the device risk management is done for. The major point is to decide where the risk analysis starts and which information is considered along the way to the harm. In any case, compliance to ISO 14971 can be achieved. For more information about Polarion's RiskPack visit our Extension Portal using following link: I hope you liked this article and you will visit our Blog again when there is another Morris Medical Monthly article.

Free eGuide: How to Make Risk a First-class Citizen in Your Development