Rami.Azulay November 23rd, 2019 Posted by Rami Azulay( ) Requirements Management Tool

Are you new to the ISO 14971:2012 & FMEA system or seeking to improve your processes?

As a QA representative or Functional Safety Manager, you will find in the following series of posts all the knowledge you need to get started implementing GDP for your Risk process.


FMEA Risk Management

RISK Summary Report


Quality Risk Management is the evaluation of product quality and risk to patient / passenger / doctor / nurse / operator health or anyone that may be exposed to safety issues when using the device based on data, scientific knowledge, and data. According to regulators, when using a lifecycle approach to implement either an informal or formal risk tool in line with ISO 14971 or ICH Q9 (Pharma) or the Automotive used of the FMEA. The Quality Management System (QMS) should incorporate Quality Risk Management (QRM) for the following purposes:

  • Acceptance of Residual Risks
  • Risk Assessment
  • Communication of Identified Risks
  • Risk Review
  • Risk Control

What will we be covering this series of posts discussing the QRM?

In this series of posts, we will be covering the following topics;

  1.     The concept of Quality Risk Management (QRM).
  2.     How to identify the source of risk.
  3.     Possible areas to apply QRM application.
  4.     Regulatory requirements.
  5.     Risk Management Tools.

People that will benefit from learning Quality Risk Management include people in the following departments:

  • Risk Management
  • Quality assurance
  • Engineering Service Providers
  • Commissioning
  • Product Development
  • Compliance
  • Project Engineers and Managers
  • Validation
  • Manufacturing Operations and
  • All Management related departments should be aware of QRM.


In this series of articles we will cover 3 module categories which include;

  1.     Introduction to Quality Risk Management (QRM)
  2.     Regulatory Requirement
  3.     Risk Management Tool


It is crucial to understand the terms that often appear when discussing Quality Risk Management, hence the need for a dictionary. Some popular terms are;

  • Corrective Action (CA): The action to take to correct a deviation.
  • Critical Control Point (CCP): A point in the process where you can apply a control measure to either remove or reduce to an acceptable level a (pharmaceutical) quality hazard
  • Failure: When an item fails to work as it should work.
  • Failure Mode: How the item failed.
  • Failure Mode and Effects Analysis (FMEA): It is a technique for determining fail modes and their effects. It addresses possible scenarios of what causes failure for low-level components and its impact on the system or application.
  • Failure Modes, Effects, and Criticality Analysis (FMECA): A way of adding an analysis of criticality of severity, detectability, and occurrence of FMEA.
  • Fault Tree Analysis (FTA):  A technique that analysts use to trace the source of failure in a high-level system.
  • Hazard Analysis and Critical Control Point (HACCP): A systemic approach for identifying, evaluating, and control of food safety hazards.
  • Harm: Physical damage to people, environment, and property.  
  • Hazard: A possible source of harm.
  • Hazard Analysis: A way of determining relevant information on the potential hazard to food and how to address it in the HACCP plan.
  • Preliminary Hazard Analysis (PHA): A way to identify hazards and design solutions for them.
  • PIC/S: It stands merely for Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme.
  • Probability of Detection: Estimating the chances of detecting a hazard before it causes harm to the patient.
  • Risk: It is the presence of potential harm as well as its severity.
  • Risk Acceptance: The choice or decision to accept risk.
  • Risk Analysis: The ability to use the information to identify hazards and estimate the risk
  • Risk Assessment: The process of gathering the information that justifies the actions to be taken to manage risk. The process will involve risk identification, analysis, and risk evaluation.
  • Risk Communication: The process of sharing information on risk that exist between stakeholders and decision-makers.
  • Risk Control: The process of reaching a decision that would allow for risk management with the system. In the process, there will decisions on how to identify the risk, measures to take, timeframe, and much more.
  • Risk Evaluation: A way to compare risk criteria to the risk estimate in order to reach a level of acceptance.
  • Risk Identification: A way of using the available information to identify potential hazards in a system or application.
  • Risk Level: A quantitative measure to evaluate the degree of risk in a system.
  • Risk Management: a systematic way of using policies, procedures, and practices to address the tasks of identifying, analyzing, evaluating, control, and monitoring of risk.
  • Risk Priority Number: The total measure of risk in a system. It is evaluated by multiplying severity with the rate of occurrence. The higher the number, the higher the risk in the system.
  • Risk Reduction: Actions that are taken to reduce both the probability and severity of risks.
  • Risk Review: A way of monitoring the outcomes of various risk management plans and strategies.
  • Risk Treatment: The process of selecting and implementing measures to change risk.
  • Risk Management Master Plan (RMMP): A framework that applies to all projects, and it can be used to draft a risk management plan.
  • Risk Management Project Plan (RMPP): This applies to individual projects and the plan specific to that project.
  • Severity: The measure of effects of a hazard

Now that we have covered the list of terms used by the QRM system, we can start to see how they are working together. We will identify events and actions around some of these terms and allow you to practice them in the ORCANOS QMS system.


Reference Links

Risk Management – orcanos FMEA Risk Management Tool
Generate Risk Management File Risk Management (ISO 14971) by Orcanos, based on FDA 2017 Recalls
Orcanos Risk Management – Add Traceability Matrix ALM Requirements Traceability Matrix Tools
10 Reasons why to use EQMS 21 CFR Part 820


About the author, Rami Azulay

Rami has over 24 years of experience in various software development and QA roles. Using his extensive knowledge of operations and quality, Rami was a main architect of the Orcanos software back in 2005 and later became Orcanos VP sales & marketing. Rami holds an MSC degree in Computer Sciences.



8 Tozeret Ha'aretz Street
Tel Aviv, Israel

Copyright © Orcanos, All rights reserved. | Privacy policy | Terms of use