Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Risk management systems

No description
by

Diego Pérez Martín

on 27 January 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Risk management systems

Thanks for your attention!!
WHAT IS A RISK MANAGEMENT SYSTEM?
ISO 31000
- A
fter a medical device has been acquired
by a responsible organization and is a candidate for incorporation into an IT-network.

- Throughout the
life cycle of IT-networks
incorporating medical devices.

- Where there is no single
medical device manufacturer
assuming responsibility for addressing the key properties of the IT-network incorporating a medical device.

- Applies to responsible organizations,
medical device manufacturers
and providers of other
information technology
for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organization.
IEC 80001-1:2010
- Does not specify acceptable
risk levels

-
Does not apply to
personal use applications
where the patient, operator and responsible organization are one and the same person
IEC 8001:2010
Application of risk management for IT-networks incorporating medical devices
- Recognizing that
medical devices
are incorporated into
IT-networks
to achieve desirable benefits

- Defines the
roles
,
responsibilities
and
activities
that are necessary for
risk management of IT-networks
incorporating
medical devices to address safety
, effectiveness and data and system security


Risk management systems
ISO 31000
Standards can improve the effectiveness of risk management by providing generic guidelines and drawing attention to the key principles and activities required.
Why standards help improve risk management effectiveness?
Manuel Calderón
Paula Duarte
Álvaro Martín
Ana Ortega
Diego Pérez

I
EC 80001-1:2010

When it´s applies?
M_o_R
What needs to be done and by whom,
but not how activities are done.
Organization- and activity-focused, relevant to any public, private or community enterprise, group or individual.
Defines risk as ‘effect of uncertainty on objectives’.

An International Organization for Standardization publication.
STRUCTURE
Principles

Framework

Process
Eleven principles that an organization should comply with for risk management to be effective



Provides the foundations and arrangements that will embed risk management in the organization


Describes the five activities of communication and consultation; establishing the context; risk assessment; risk treatment; and monitoring and review
1. Creates and protects value
2. Be an integral part of organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and timely
6. Based on the best available information
7. Be tailored
8. Take into account human and cultural factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Facilitate the continual improvement of organizations
How M_o_R meets ISO 31000
Sources
Axelos Limited (2014).
Benefits of Management of Risk (M_o_R®)
Catherine Everett (2011).
A risky business: ISO 31000 and 27005 unwrapped
Michael Dallas (2013).
Management of Risk: Guidance for practitioners and the international standard on risk management, ISO 31000:2009
ISO/DIS 31000 (2009)
. Risk management — Principles and guidelines on implementation.
International Organization for Standardization
http://www.finance.gov.au/sites/default/files/COV_216905_Risk_Management_Fact_Sheet_FA3_23082010_0.pdf
Alternative system developed in 2002
AXELOS private company, not ISO
Identify, assess and control risks in different levels (strategic, program, project and operational)
Route map for risk mgmt
It combines an overall approach with a set of DETAILED processes and principles
Same users: Ministry of Defense of United Kingdom, BT, BP & GSK
Consistent
but
much more detailed
guidance on how to implement risk management
Six times longer
Alignment over most of the
principles
Approach = framework. ISO less detail
Specific chapter about integrating risk mgmt into the organization
Difference approach from the different management perspectives and levels
M_o_R provides a template for a maturity model that can be customized to the needs of the organization.
M_o_R provides more depth of coverage, comprising 145 pages, compared with the 24 pages of ISO 31000
Strategic
Program
Project
Operations
How M_o_R meets ISO 31000
Many organizations have become sensitized to identifying areas of risk in their business. They are looking to systematically identify, measure, prioritize, and respond to all types of risk in the business, and then manage any exposure based on business strategies and priorities.
ISO 31000
M_o_R
FRAMEWORK
In this part we need to collect data about the organisation and the environment
Establish the risk management policy
Integration into organisational processes
Resources
Establish internal communication & reporting mechanism
PROCESS
PRINCIPLES
Establishing the context
Risk assesment
Risk treatment
Monitoring
Review
Full transcript