Learn how to use risk management tools and techniques to streamline medical device and diagnostic product development.
Claudia Campbell-Matland, PMP
The implementation of effective best practices and policies are essential for successful market introduction of new products or services. In the medical device and in vitro diagnostics (IVD) industries, it is vital that new product development programs:
Additionally, ensuring compliance with QMS requirements and guidances for developing and commercializing products helps achieve long-term lifecycle management.
Risk management is an increasingly important aspect of regulations, quality management system standards, and organizational processes. Due to the complex nature of medical/IVD devices, it is essential for project and product managers to implement risk management principles and tools throughout the product development project and for its resulting product. This is a major area of focus for me as a project manager and the product development program teams that I work with and advise.
While product and project risk management focuses differ, both processes should be aligned and utilize the same risk management principles. The product risk management process focuses on product safety and effectiveness, and is part of verifying the product meets its requirements and validating it fulfills its intended use. The project risk management process is utilized as part of balancing associated project constraints—quality, scope, budget, schedule, and resources—to meet project objectives. If either of these risk processes is treated as a "check the box" exercise, this will not benefit the company and can lead to program/market access delays and potentially negative financial implications.
Both risk processes are equally important and require a considerable allotment of time and focus to achieve objectives. By taking a more holistic approach towards risk management and incorporating a simultaneous focus on product and project risks, teams can leverage product risk management tools and risk assessment processes to enhance the overall project risk management process. This helps to streamline activities and ensures equal focus is applied to both of these important processes, contributing to project success.
Risk Management Lifecycle Approach for Products and Projects
Risk management is to be approached as a lifecycle process—not only for a medical device/IVD product—but also for its development project. The following is a summary of current product and project risk management standards:
Risk in its simplest terms can be defined as the possibility of loss or injury. Uncertainty and probability are commonalities in the standards' definitions of risk, for example:
ISO 14971 views risk in terms of potential harm and negative impact only. The PMBOK views risk not only in terms of reducing the likelihood of harm and negative impact, but also in terms of increasing the likelihood of benefits and positive impacts.
As per ISO 14971, efforts must be made to reduce product risks as far as possible to ensure safety. Project constraints such as schedule, costs, and resources cannot be used as reasons to avoid reducing product risks. However, product risk reduction efforts have to be managed and integrated with the project's risk management effort.
For example: a re-design is required for the product to address an identified performance or safety issue, which causes a schedule delay and increases the project's budget. These effects can have organizational impact. So it's important that the overall risk management effort considers these aspects where they apply. "Lessons learned" should also be utilized from other development projects for both product and project risks.
Leveraging Product Risk Management Tools to a Project
The product's Risk Management File must include:
The process of managing project risk is similar to the process of managing product risk, as both need:
Therefore the product's Risk Management File elements can be used as templates for creating equivalent project risk deliverables, such as the project risk management plan and project risk assessment.
Below is a high-level view of aligning these processes using risk assessment rating tables. The two examples include Table 1 for Product and Table 2 for Project.
The project risk assessment ratings can be aligned with the product risk ratings and categories, as shown here, making it easier to incorporate into team meetings. Either table can be adjusted to a 3x3, 4x4 or 5x5 table.
Table 1 uses a 5x5 format for the product risk assessment. This is the standard best practices template based on ISO 14971 I have used and facilitated with teams when evaluating product risk.
Table 1: Example of a Product Risk Assessment Rating Table (customize according to ISO 14971 and your organization's Product Risk Management procedure):
For the project example in Table 2, I have incorporated a 4x4 format, which may be easier to introduce to the team, but still aligns well with the product 5x5 format.
Table 2: Example of a Project Risk Assessment Rating Table (modified from Fig. D12, Practice Standard for Project Risk Management)
Product and project risk assessments need to be kept separate to ensure that the project's risk mitigations pertaining to cost, schedule, and resources are not inappropriately incorporated into the product risk mitigations. However, evaluating them together can help the team ensure project risk considerations for schedule, cost, and resources are developed and evaluated earlier in the design and development process. This provides options and contingencies for addressing product design risks if and/or when they occur.
Finally, tracing the user needs to the product's design inputs and design outputs, through the risk assessment, to the verification/validation testing is vital and required. This documents the objective evidence demonstrating controls and risk mitigations address the risks. This tracing process is also beneficial for evaluating the progress of addressing project risks, using a similar trace matrix format.
Due to increasing medical device and IVD compliance requirements, it is imperative that companies and project managers leading product development activities adopt new tools for risk management. Aligning product and project risk management activities and leveraging risk management tools—along with proper pre-planning and preparation of the development team—allows project managers to enable successful market entry and achieve company business development objectives.
Claudia Campbell-Matland, PMP, of CNCM Consulting is a project management consultant to start-up and small medical device/IVD companies, and universities. She can be contacted via email at firstname.lastname@example.org.
Acknowledgments: I would like to thank Beth O'Connell and Larry Picciano for their insights for this article.
[Images courtesy of STUART MILES/FREEDIGITALPHOTOS.NET and CLAUDIA CAMPBELL-MATLAND]