Risk Assessment- What to do?

Tidge said:

The "individual lines" should be about risks, not harms. Risks need to be acceptable (enough) and it should be documented that benefits outweigh whatever risks there are.

It's not really possible to mitigate harms, but it is possible to mitigate the risks that lead to harms.

Click to expand...

Yes this is essentially how I was looking at it-- which is why I was trying to figure out how to combine them.. Let me illustrate with a hypothetical (chatGPT helped me come up with this, but it understood exactly the point I was getting at lol)...

The below table is a quick and dirty partial PHA/Risk Trace Table based on what I've seen. In my understanding you would list a, say, "Hazard" (or HazSit) line item, i.e. HAZ-0001. And then you would list the associated Harms associated with that HAZ-0001 and determine probabilities and severities for each.

THEN, I would typically see each Harm assessed (using risk tables) for whether risk remediation was needed (i.e. a relatively minor risk that happens very frequently vs a relatively major risk that happens infrequently....... one of them may be deemed a worse risk based on the particulars, so you should assess each individually). My concern is that if these individual assessments all lead to a "low risk" when assessed individually, you are ignoring the fact that there is potentially a larger overall risk related to chemical exposure. To put it another way, the PoH of the specific harms might be relatively low, but the PoH of ANY harm may be "High". In the below table, I would be thinking to mitigate the risk related to chemical exposure, but I may not get to that conclusion if i look at each line item in a vacuum.


I have been perusing these forums and have learned alot re: 14971 already-- I kept being directed to a large (and contentious lol) thread where you made alot of points that really hit for me, @Tidge , so I'm hoping you may have some insight on the above (or maybe I am just looking at something wrong!)

I'd go with @Tidge recommendation. When you have several different "bad" outcomes from one input risk, you better have to resolve this input risk situation via inherent design changes etc., than trying to mitigate these outcomes one by one. For me it looks more, like justification to leave input situation (i.e. design change to resolve is major, or there is any other reason) and solve it by splitting to several outcomes and possibly mitigate them one by one with less "device overhauling" methods. It could be acceptable from reviewer/auditor point of view, i guess.

In a non hazard/harm environment the FMEA simply uses the highest severity of the effects and doesn’t worry about the various probabilities of each effect. Which is what I believe Tidge is suggesting. The effect in this case is analogous to the harms…Only the probability of occurrence of the harm is useful.

You are (1) overthinking this, (2) not knowledgable about how probabilities are combined and (3) in any case not using anything close to actual probabilities that would allow you to combine them in a mathematically valid way (medium, low and very low probabilities are ‘ordinal’ at best and cannot be added, subtracted, multiplied or divided as ordinal data does not meet any of the requirements for traditional mathematical operands.) This is exacerbated by what appears to be a guess at probability and not any empirically supported quantification making any math at this point just an exercise in formula crunching that will provide no real insight.

Bev D said:

In a non hazard/harm environment the FMEA simply uses the highest severity of the effects and doesn’t worry about the various probabilities of each effect. Which is what I believe Tidge is suggesting. The effect in this case is analogous to the harms…Only the probability of occurrence of the harm is useful.

You are (1) overthinking this, (2) not knowledgable about how probabilities are combined and (3) in any case not using anything close to actual probabilities that would allow you to combine them in a mathematically valid way (medium, low and very low probabilities are ‘ordinal’ at best and cannot be added, subtracted, multiplied or divided as ordinal data does not meet any of the requirements for traditional mathematical operands.) This is exacerbated by what appears to be a guess at probability and not any empirically supported quantification making any math at this point just an exercise in formula crunching that will provide no real insight.

Click to expand...

I understand I may be overthinking this, which is why I am asking for advice. Making belittling comments (how they are coming across whether you mean them that way or not) is not remotely helpful to me so not sure what you expect me to do with them lol. I also understand the general thought behind combining probabilities. I am asking for a practical answer to my question-- surely people are not always bringing in statistics gurus to handle the situations I am talking about. My example is a simplified one- I understand it is presented ordinally, but the same situation can occur if you had actual quantitative values instead.

Quite simply, I am asking, IF you have a PHA or Hazard Trace Table with an entry similar to the table I input above (one that I made as an example in 1 minute, not one that I intended to use to show off my statistical acumen), what should be the next steps? Do you:
1) Look at each PoH/Severity combination separately? (which could neglect the fact that the overall risk associated with that specific HazSit is higher)
2) *somehow* assess the individual harms jointly for the given HazSit?
3) touch on the overall assessment of that specific HazSit when looking at your overall residual risk
4) something else?

I assume an entry in the example table is not terribly uncommon to have--- if it is, please tell me what should be done differently..

stm55 said:

I understand I may be overthinking this, which is why I am asking for advice. Making belittling comments (how they are coming across whether you mean them that way or not) is not remotely helpful to me so not sure what you expect me to do with them lol. I also understand the general thought behind combining probabilities. I am asking for a practical answer to my question-- surely people are not always bringing in statistics gurus to handle the situations I am talking about. My example is a simplified one- I understand it is presented ordinally, but the same situation can occur if you had actual quantitative values instead.

Quite simply, I am asking, IF you have a PHA or Hazard Trace Table with an entry similar to the table I input above (one that I made as an example in 1 minute, not one that I intended to use to show off my statistical acumen), what should be the next steps? Do you:
1) Look at each PoH/Severity combination separately? (which could neglect the fact that the overall risk associated with that specific HazSit is higher)
2) *somehow* assess the individual harms jointly for the given HazSit?
3) touch on the overall assessment of that specific HazSit when looking at your overall residual risk
4) something else?

I assume an entry in the example table is not terribly uncommon to have--- if it is, please tell me what should be done differently..

Click to expand...

sorry if you felt belittled - but your question has been asked and answered in the same way several times. You also don't seem to be responding to other valid points regarding your scenario...

Bev D said:

sorry if you felt belittled - but your question has been asked and answered in the same way several times. You also don't seem to be responding to other valid points regarding your scenario...

Click to expand...

Maybe I am misunderstanding or misexplaining, but I am not seeing an answer to my specific question (hence why I am asking further clarifying questions). I understand the concept that you could look only at the severity. I also understand leaning toward inherent design changes. I am specifically looking for what to do next in my table-- I dont think you should automatically jump to attacking the high severity items as they may truly be very low probability and not need to be addressed. I am more asking if you have a bunch of potential harms related to the same hazard (which may or may not collectively need to be addressed), what is the best way to go about it.

I don't really see a "same answer consensus" here. I took from @Tidge's answer slightly differently than it seems others did- that you should look at the overall risk of a line item (which DOES imply that you should *somehow* aggregate the PoH of different harms), rather than look at a specific harm.

I'm also looking at this from the lens of creating a procedure for how to generically address Hazard tables like this. So I'm not looking for a specific "solve this problem", but rather a general way of proceduralizing how to assess multiple harms that come from the same HazSit... I feel what I currently have is lacking the consideration I keep asking about lol.

Once you sort out hazards and describe how you address them you then address them again after controls. It’s possible they are still too high. In that case you perform a risk benefit analysis. Why is this hazard still acceptable at this currently high level.

For example, x ray device. You can reduce unnecessary exposure to ionizing radiation however in order to obtain an image a radiologist can diagnose the patient will be exposed to radiation. Why is that still ok? Could be a cancer or tumor diagnosis is worth some increased radiation exposure

Your risk files are living documents. You may find that after a year of post market surveillance your estimates were wrong. Update them.

stm55 said:

I'm also looking at this from the lens of creating a procedure for how to generically address Hazard tables like this. So I'm not looking for a specific "solve this problem", but rather a general way of proceduralizing how to assess multiple harms that come from the same HazSit... I feel what I currently have is lacking the consideration I keep asking about lol.

Click to expand...

I recommend backing away from the harms (and to some extent, the hazardous situations), and focusing more on the hazards and what sort of risks derive from the different types hazards. That is: Organize the Hazard Analysis by hazards.(*1)

It has been my experience that any specific hazard can manifest into a wide variety of harms through even a single hazardous situation. It is almost always the case that a risk control for that hazard, in that hazardous situation, is going to reduce all the harms identified on that "line" of risk analysis. For example: proper electrical insulation will presumably protect against both defib (a high severity harm) and electrical discharge (which can have a wide range of severities from burns to tingles).

It may be the case that some risk controls only address some hazardous situations, or the risk controls don't offer as much risk reduction for some hazardous situations as they do in others. There should be different lines of analysis for these cases. If this isn't obvious, feel free to ask for more details.

Different hazards can lead to the same harms, but it is rarely the case that the risk control for one hazard is applicable to other hazards. For example, burns can come from electricity, radiation, combustion, etc. Different risk controls are likely necessary for the different hazards, mitigating only the chance of electrical burns may not mean that the risk of burns from combustion have been reduced to the point of acceptability.

(*1) I realize that some software implementations don't necessarily make this easy. For example, I seem to recall that a default implementation of Greenlight Guru prefers to group risks by (reportable types of) harms, even though it does allow for allocation of the harms to different classes of hazards.

Tidge said:

I recommend backing away from the harms (and to some extent, the hazardous situations), and focusing more on the hazards and what sort of risks derive from the different types hazards. That is: Organize the Hazard Analysis by hazards.(*1)

It has been my experience that any specific hazard can manifest into a wide variety of harms through even a single hazardous situation. It is almost always the case that a risk control for that hazard, in that hazardous situation, is going to reduce all the harms identified on that "line" of risk analysis. For example: proper electrical insulation will presumably protect against both defib (a high severity harm) and electrical discharge (which can have a wide range of severities from burns to tingles).

It may be the case that some risk controls only address some hazardous situations, or the risk controls don't offer as much risk reduction for some hazardous situations as they do in others. There should be different lines of analysis for these cases. If this isn't obvious, feel free to ask for more details.

Different hazards can lead to the same harms, but it is rarely the case that the risk control for one hazard is applicable to other hazards. For example, burns can come from electricity, radiation, combustion, etc. Different risk controls are likely necessary for the different hazards, mitigating only the chance of electrical burns may not mean that the risk of burns from combustion have been reduced to the point of acceptability.

(*1) I realize that some software implementations don't necessarily make this easy. For example, I seem to recall that a default implementation of Greenlight Guru prefers to group risks by (reportable types of) harms, even though it does allow for allocation of the harms to different classes of hazards.

Click to expand...

Thank you, that is very helpful and is all making sense. Based on that, in my chemical table example below, you would focus on the Chemical hazard and perhaps choose a less dangerous chemical, etc in order to mitigate the risk associated with the relevant HazSits and Harms.

I guess my general question really boils down to the administrative filling out of the Hazard Tables (which would drive the decisions to reduce risk). The part that I bolded in your response is basically the issue I am having trouble proceduralizing/creating a form for. The examples I see online generally break it down like the below (and this is how I interpret ISO24971 guidance)-- you have a single situation that could lead to different outcomes with their own Severity/Probability values. You would then check those against your risk tables to see if Risk reduction is needed. Based on your answer, it sounds *you* probably would not have your risk table broken down like the below, and would somehow focus on the HAZARD, rather than individually assessing each Harm line item. Let me know if it seems I am misunderstanding. I'll buy all of what you're saying, but then how would you set up your Hazard table to facilitate a review by Hazard?

Apologies if I am asking basic questions, but I think I am grasping this, just struggling with the practical implementation of it!

For example: proper electrical insulation will presumably protect against both defib (a high severity harm) and electrical discharge (which can have a wide range of severities from burns to tingles).

Click to expand...

Using your above example related to electrical hazards, I assume you would have a breakdown of several different HazSits, Harms, Severities, and Occurences--- how do you get to the overall conclusion (using risk tables) to get to the decision that the Electrical Hazard needs to be addressed? If I have this answer, I think I will be good!

For example, a battery fails and leaks contents. There are several harms that can result. 1) Chemical burns on skin 2) power failure of the device, 3) smudged labels, 4) inhalation of toxic fumes, 5) eye irritation

However smudged labels can result from more causes than just battery leakage. Things like Shipping, handling, and environmental conditions can also cause smudged labels.