Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Risk management systems
Transcript of Risk management systems
WHAT IS A RISK MANAGEMENT SYSTEM?
fter a medical device has been acquired
by a responsible organization and is a candidate for incorporation into an IT-network.
- Throughout the
life cycle of IT-networks
incorporating medical devices.
- Where there is no single
medical device manufacturer
assuming responsibility for addressing the key properties of the IT-network incorporating a medical device.
- Applies to responsible organizations,
medical device manufacturers
and providers of other
for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organization.
- Does not specify acceptable
Does not apply to
personal use applications
where the patient, operator and responsible organization are one and the same person
Application of risk management for IT-networks incorporating medical devices
- Recognizing that
are incorporated into
to achieve desirable benefits
- Defines the
that are necessary for
risk management of IT-networks
medical devices to address safety
, effectiveness and data and system security
Risk management systems
Standards can improve the effectiveness of risk management by providing generic guidelines and drawing attention to the key principles and activities required.
Why standards help improve risk management effectiveness?
When it´s applies?
What needs to be done and by whom,
but not how activities are done.
Organization- and activity-focused, relevant to any public, private or community enterprise, group or individual.
Defines risk as ‘effect of uncertainty on objectives’.
An International Organization for Standardization publication.
Eleven principles that an organization should comply with for risk management to be effective
Provides the foundations and arrangements that will embed risk management in the organization
Describes the five activities of communication and consultation; establishing the context; risk assessment; risk treatment; and monitoring and review
1. Creates and protects value
2. Be an integral part of organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and timely
6. Based on the best available information
7. Be tailored
8. Take into account human and cultural factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Facilitate the continual improvement of organizations
How M_o_R meets ISO 31000
Axelos Limited (2014).
Benefits of Management of Risk (M_o_R®)
Catherine Everett (2011).
A risky business: ISO 31000 and 27005 unwrapped
Michael Dallas (2013).
Management of Risk: Guidance for practitioners and the international standard on risk management, ISO 31000:2009
ISO/DIS 31000 (2009)
. Risk management — Principles and guidelines on implementation.
International Organization for Standardization
Alternative system developed in 2002
AXELOS private company, not ISO
Identify, assess and control risks in different levels (strategic, program, project and operational)
Route map for risk mgmt
It combines an overall approach with a set of DETAILED processes and principles
Same users: Ministry of Defense of United Kingdom, BT, BP & GSK
much more detailed
guidance on how to implement risk management
Six times longer
Alignment over most of the
Approach = framework. ISO less detail
Specific chapter about integrating risk mgmt into the organization
Difference approach from the different management perspectives and levels
M_o_R provides a template for a maturity model that can be customized to the needs of the organization.
M_o_R provides more depth of coverage, comprising 145 pages, compared with the 24 pages of ISO 31000
How M_o_R meets ISO 31000
Many organizations have become sensitized to identifying areas of risk in their business. They are looking to systematically identify, measure, prioritize, and respond to all types of risk in the business, and then manage any exposure based on business strategies and priorities.
In this part we need to collect data about the organisation and the environment
Establish the risk management policy
Integration into organisational processes
Establish internal communication & reporting mechanism
Establishing the context