Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Risk management systems

No description

Diego Pérez Martín

on 27 January 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Risk management systems

Thanks for your attention!!
ISO 31000
- A
fter a medical device has been acquired
by a responsible organization and is a candidate for incorporation into an IT-network.

- Throughout the
life cycle of IT-networks
incorporating medical devices.

- Where there is no single
medical device manufacturer
assuming responsibility for addressing the key properties of the IT-network incorporating a medical device.

- Applies to responsible organizations,
medical device manufacturers
and providers of other
information technology
for the purpose of risk management of an IT-network incorporating medical devices as specified by the responsible organization.
IEC 80001-1:2010
- Does not specify acceptable
risk levels

Does not apply to
personal use applications
where the patient, operator and responsible organization are one and the same person
IEC 8001:2010
Application of risk management for IT-networks incorporating medical devices
- Recognizing that
medical devices
are incorporated into
to achieve desirable benefits

- Defines the
that are necessary for
risk management of IT-networks
medical devices to address safety
, effectiveness and data and system security

Risk management systems
ISO 31000
Standards can improve the effectiveness of risk management by providing generic guidelines and drawing attention to the key principles and activities required.
Why standards help improve risk management effectiveness?
Manuel Calderón
Paula Duarte
Álvaro Martín
Ana Ortega
Diego Pérez

EC 80001-1:2010

When it´s applies?
What needs to be done and by whom,
but not how activities are done.
Organization- and activity-focused, relevant to any public, private or community enterprise, group or individual.
Defines risk as ‘effect of uncertainty on objectives’.

An International Organization for Standardization publication.


Eleven principles that an organization should comply with for risk management to be effective

Provides the foundations and arrangements that will embed risk management in the organization

Describes the five activities of communication and consultation; establishing the context; risk assessment; risk treatment; and monitoring and review
1. Creates and protects value
2. Be an integral part of organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic, structured and timely
6. Based on the best available information
7. Be tailored
8. Take into account human and cultural factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Facilitate the continual improvement of organizations
How M_o_R meets ISO 31000
Axelos Limited (2014).
Benefits of Management of Risk (M_o_R®)
Catherine Everett (2011).
A risky business: ISO 31000 and 27005 unwrapped
Michael Dallas (2013).
Management of Risk: Guidance for practitioners and the international standard on risk management, ISO 31000:2009
ISO/DIS 31000 (2009)
. Risk management — Principles and guidelines on implementation.
International Organization for Standardization
Alternative system developed in 2002
AXELOS private company, not ISO
Identify, assess and control risks in different levels (strategic, program, project and operational)
Route map for risk mgmt
It combines an overall approach with a set of DETAILED processes and principles
Same users: Ministry of Defense of United Kingdom, BT, BP & GSK
much more detailed
guidance on how to implement risk management
Six times longer
Alignment over most of the
Approach = framework. ISO less detail
Specific chapter about integrating risk mgmt into the organization
Difference approach from the different management perspectives and levels
M_o_R provides a template for a maturity model that can be customized to the needs of the organization.
M_o_R provides more depth of coverage, comprising 145 pages, compared with the 24 pages of ISO 31000
How M_o_R meets ISO 31000
Many organizations have become sensitized to identifying areas of risk in their business. They are looking to systematically identify, measure, prioritize, and respond to all types of risk in the business, and then manage any exposure based on business strategies and priorities.
ISO 31000
In this part we need to collect data about the organisation and the environment
Establish the risk management policy
Integration into organisational processes
Establish internal communication & reporting mechanism
Establishing the context
Risk assesment
Risk treatment
Full transcript