You’ve heard the phrase, “Plan your work and work your plan” before. Nowhere is that more true than in your Risk Management Plan.

The Risk Management Plan should identify the risk management activities you anticipate and plan throughout the product’s life-cycle. It is dynamic and should be revisited and updated often. This is not a do it one time and it’s done activity.

A Risk Management Plan must include the following criteria:

  1. Scope of the Risk Management activities. Define the product included. It is possible to have multiple products described within a single Risk Management Plan.
  2. Describe the intended use of the product(s).
  3. Identify all Risk Management activities planned throughout the product lifecycle.
  4. Define roles and responsibilities. Identify the Risk Management team that will be reviewing and approving risk documentation.
  5. Criteria for the product’s risk acceptability. (Note, that often times this is likely to be defined within your Risk Management Procedure.)
  6. Specify methods to verify Risk Control measures are implemented and reduce risks.
  7. Define how post-production information will be captured and fed into Risk Management activities for the product.

The Risk Management Plan evolves and should be kept current--even after product development is completed.

The Role of Executive Leaders in the Risk Management Plan
People often think that Risk Management is a job for developers, designers, and engineers. The product people. While it is true that these resources provide valuable insights to Risk Management efforts, these individuals are not the only contributors. .

In addition to product developers and engineers, other functional areas including business development, marketing, manufacturing, sales, and end-users should be an integral part of your Risk Management process.

Ultimately, though, the cornerstone of a medical device company’s risk management process must be executive management.

Executive management is the final authority in the company and must be the one to decide if a risk is acceptable. Executive management is also responsible for ensuring their adequate resources for risk management activities.

Executive management also has the responsibility for defining the company’s risk management policy. This involves determining the risk acceptability criteria. The criteria should be based on solid, objective evidence, such as industry standards.

Leadership must come from the top, and that’s especially true when it comes to the Risk Management Plan.

Interested in how the Risk Management Plan fits into the broader Risk Management Process as described by ISO 14971? Check out the infographic below!