1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Risk Management in Windchill RV&S (formerly PTC Integrity Lifecycle Manager)

Published by SPK Blog Post
on July 1, 2020

An important part of creating any product intended for use in any regulated industry vertical is that the manufacturer should have identified all of the risks involved in using the device. Then, they must have done their best to mitigate those risks before their product ever goes out to the marketplace. With this in mind, PTC bundled a Risk Management module as part of some of their off-the-shelf solutions to be used with Windchill Requirements, Validation & Source. For this article I am going to dive deeper into Risk Management.

Risk Management, as defined in ISO 14971, among other things covers the following: Risk Analysis, Risk Evaluation, and Risk Control.

Risk Analysis

Risk analysis consists of the following three steps:

  1. Determine the intended use and the characteristics related to the safety of the medical device.
  2. Identify the hazards of the medical device.  These are an abstract view of what the risks may be for the patient.
  3. Estimate the potential outcome for each of the identified hazards.

MedDev Security and Compliance

Risk Evaluation

Once you have analyzed the risks associated with your new product, you need to perform an evaluation of the risks. Risk Evaluation consist of the following three items:

  1. Identify the potential sources of the hazards you identified in the phase above.  Each of these potential sources would be considered a Risk.
  2. Determine the severity of each Risk as well as the probability of occurrence. This means you need to determine what could happen to the patient, as well as how likely it is for that outcome to occur.
  3. Based on the severity and the probability of occurrence, you can then determine if the Risk is “Acceptable,” “Unacceptable,” or “Needs Investigation.”

Any risks that are either Unacceptable risks, or risks that require further investigation, need Risk Control.

Risk Control

The risks can be controlled in the following manner:

  1. You first perform a risk control option analysis. An unacceptable or needs investigation risk can be controlled in any of the following three ways:
    1. Inherent safety by design.  This is where you change the design of your product to reduce or eliminate the risk.
    2. A protective measure. This is where you add a safety feature to the product to reduce the risk.
    3. Provide information for the safety of the user. This is where you provide information about the specific risk, and how the customer should safely use the product.
  2. Once risk controls have been implemented, a residual risk evaluation is needed.  The new reduced risks will still require risk control, and possibly new risks were introduced as a result of the risk control measures implemented.
  3. Document risks arising from risk controls.  Document the overall completeness of risk control.

Of course, once you have completed those three parts (Risk Analysis, Risk Evaluation and Risk Control), you need to evaluate overall residual risk acceptability before you can move forward with the product. All of this would be bound together in a Risk Management Report that can be signed off by the appropriate stakeholders.

Risk Management in Windchill RV&S

PTC, in order to implement this in their given solution for Windchill Requirements, Validation and Source, chose to create three new document domains called Hazard, Risk, and Risk Control Measure to handle the Risk Analysis, Risk Evaluation, and Risk Control steps respectively.  The diagram below explains how each of the three new domains are traced to each other and how they can connect into the Requirements Management portion of the given solution.

Windchill Risk Management chart

As you can see, Hazards in the Hazard document are the result of the Risk Analysis step. These Hazards are traced via the “Caused By” trace relationship to Risk document.  You perform your evaluation of each risk within the Risk document.  Those risks that require mitigation are traced by the “Mitigated By” trace relationship to the Risk Control Measure document.  These control measures are integrated into Requirement Specification, Design Specification, and Test Protocol via the “Implemented By” and “Verified/Validated By” trace relationships.

The PTC out-of-the-box risk management solution is a good starting point for most companies.  SPK and Associates focuses on tailoring the Windchill RV&S architecture to meet your specific business needs.  We’ve done this for several large and small medical device manufacturers.    Call us today to implement/transform your risk management process leveraging Windchill RV&S.  

Next Steps

Latest White Papers

Total Economic Impact for Atlassian Open DevOps

Total Economic Impact for Atlassian Open DevOps

Forrester's Total Economic Impact Study found that Atlassian Open DevOps could net your organization a potential ROI of 358%. Discover an overview of this Forrester research paper below and download your free copy. Forrester Research Into Atlassian Open DevOps Agile...

Related Resources

Smarter Engineering For Medical Devices

Smarter Engineering For Medical Devices

Medical devices are subject to some of the strictest design control regulations in the world. And for good reason. U.S. medical devices are governed by the Food and Drug Administration (FDA). In order to meet the high standards, teams must communicate - effectively....

SPK Accelerates Fortune 100 MedDevice Product Sale

SPK Accelerates Fortune 100 MedDevice Product Sale

Our client is Fortune 100 Medical Device manufacturer. SPKAA acts as a product cybersecurity managed service provider for their hospital products which have embedded Windows or Windows OS.   Fortune 100 MedDevice Problem For over 10 years, SPK has provided ongoing...

2022 Guide: Software as a Medical Device (SaMD)

2022 Guide: Software as a Medical Device (SaMD)

What is software as a medical device? Software as a medical device, or SaMD is software that is intended for one or more medical purposes. This software performs those purposes without being part of a hardware medical device.  SaMD devices also need to meet the...