Risk management is an important aspect of successful project and product delivery. Unless the risks are understood from the outset, project success may require greater investment than originally anticipated, e.g. due to schedule and cost overrun, and/or the device could fail in service.
The RAPAT tool includes generic risk register templates for managing and capturing risks including their criticality and mitigation. Specific application sectors may have their own risk management guidance that should be followed with the templates adapted accordingly. Best practice is for the risk register to be considered a live document that is regularly updated during the project. BS ISO 31000 provides more detailed generic guidance.
Project risks include both technical risks and commercial risks:
The technology readiness level (TRL) provides an indication of the maturity of the technology for an intended application. The level of commercial and technical risk will generally be much greater for low TRL technology due to the uncertainties associated with both the technology performance capability and the investment that will be required for the necessary qualification work ahead of end user acceptance and/or certification. RAPAT includes a “High Level TRL Assessment” worksheet to enable the initial TRL of the technology at the start of the project to be assessed against best practice expectations for achievement of each TRL. A “Detailed TRL Assessment” worksheet is also available for more mature technology. Further guidance on use of TRLs is provided in the “High Level TRL Assessment” help sheet.
The required granularity/detail of the technical risk assessment will depend on the complexity of the device/equipment and its criticality in relation to the intended application. For highly critical equipment, for example safety critical equipment or medical devices, a very detailed technical risk analysis (e.g. FMECA) is required, aligned with regulatory requirements. Completely new or very novel technology, for which industry standards are not applicable, is also likely to require a FMECA to enable appropriate qualification testing to be defined. For simple devices for which the functionality is well understood and the consequences of failure are low, a less detailed approach should be sufficient to manage the risks associated with development, delivery and use of the device.
The RAPAT tool provides three technical risk assessment templates:
To enable selection of the appropriate technical risk assessment, the RAPAT tool “Current Status” worksheet includes identification of the device/equipment development stage, its complexity, any application specific device classification, the device/equipment criticality and any regulatory/application specific requirements for a FMEA/FMECA assessment.
In the absence of regulatory or application/user requirements, the following table can be used as a guide in selecting the appropriate level of detail for the risk assessment. However, this should be considered as a guide only and the choice of which risk assessment worksheet to use is the developer's responsibility; It may be useful to seek advice from relevant certifying bodies and/or end users.
| Device Criticality | ||||
|---|---|---|---|---|
| Low | Medium | High | ||
| Device Complexity / Novelty | High | Detailed or FMECA | FMECA | FMECA |
| Medium | Simple or Detailed | Detailed or FMECA | FMECA | |
| Low | Simple | Simple or Detailed | Detailed or FMECA | |
Once the type of risk assessment has been selected on the RAPAT tool “Current Status” worksheet, the associated technical risk assessment worksheet template will be automatically generated for completion. Further guidance on application of each template is provided with the template.
Both the commercial and technical risk assessments are best undertaken as a workshop involving relevant disciplines and departments/organisations. This is particularly important for a FMECA technical risk assessment which should also include representatives from end user organisations, e.g. NHS, asset operations team. Ahead of the workshop, the risk assessment scales will need to be defined. For technical risk assessments, the left hand side of the worksheet should also be pre-populated with details related to the device design and application requirements and, where already known, any details related to the specific failure mode or risk. For commercial risk assessments, it may be helpful to undertake a market need assessment and/or a competitor analysis assessment as well as develop a high level project plan with associated costs as input to the risk assessment.
The commercial and technical risk assessments should be reviewed and updated on a regular basis to track risk management action progress and to capture emergence of additional risks as more detail relating to the design, manufacture and operation of the device becomes known.
