As a part of ISO9001-2015, companies are required to have a risk assessment process in place. This is also a requirement of ISO13485.
You may be able to have one risk assessment process, but you will need to exercise in several areas all over your company.
When companies first startup, they always do a thorough risk assessment to determine if they should even start their business. Often, this process is not repeated in the future even though it would be a good idea.
I am working through an engineering requirements procedure with a customer and we have identified the usual suspects. Working from the customer requirements, derive your engineering requirements. Traceability is important, so make sure you can match the engineering requirements to the customer requirements. Collaborate with manufacturing to be sure the design is manufacturable. Perform a technical assessment. Uncover all costs to manufacture the product. Determine the sales price of the product. What will be your profit margin and is that acceptable? Perform a risk assessment [for example: what could go wrong and what would it cost you?] In their case, they will pass the design output to a contract manufacturer to build their product.
Your risk assessment process should include the following:
– Identify possible risks
– What is the likelihood of this risk happening?
– What is the financial impact of this risk?
– Can you avoid it, control it, finance it or transfer it?
– Develop a plan to address the risk
– Address the risk
– How well did your plan work? Does it need changes?
I am not attempting to simplify managing risk, just pointing out that you need to have a process in place to address it. I also think that it is important to have more than one person do the assessment. Contact me if you would like some help…