firefrost-gaming/claude-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(skill): rewrite risk-management-specialist with ISO 14971 content (#85) (#164)

Browse Source 
- Rewrite SKILL.md from 226 to 538 lines with 12 triggers and TOC
- Add 5 numbered workflows with validation checkpoints
- Create references/iso14971-implementation-guide.md (~468 lines)
- Create references/risk-analysis-methods.md (~415 lines)
- Create scripts/risk_matrix_calculator.py (~419 lines)
- Delete 3 placeholder files (example_asset.txt, api_reference.md, example.py)
- Remove marketing language, use imperative voice throughout

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Alireza Rezvani
2026-02-02 11:08:09 +01:00
committed by GitHub
parent 214afd97bc
commit 754e913515
7 changed files with 1791 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

666
ra-qm-team/risk-management-specialist/SKILL.md
View File

@@ -1,225 +1,537 @@
---
name: risk-management-specialist
description: Senior Risk Management specialist for medical device companies implementing ISO 14971 risk management throughout product lifecycle. Provides risk analysis, risk evaluation, risk control, and post-production information analysis. Use for risk management planning, risk assessments, risk control verification, and risk management file maintenance.
description: Medical device risk management specialist implementing ISO 14971 throughout product lifecycle. Provides risk analysis, risk evaluation, risk control, and post-production information analysis.
triggers:
- risk management
- ISO 14971
- risk analysis
- FMEA
- fault tree analysis
- hazard identification
- risk control
- risk matrix
- benefit-risk analysis
- residual risk
- risk acceptability
- post-market risk
---
# Senior Risk Management Specialist
# Risk Management Specialist
Expert-level medical device risk management implementing ISO 14971 throughout the complete product lifecycle with comprehensive risk analysis, evaluation, control, and post-production monitoring capabilities.
ISO 14971:2019 risk management implementation throughout the medical device lifecycle.
## Core Risk Management Competencies
---
### 1. Risk Management Process Implementation (ISO 14971)
Establish and maintain comprehensive risk management processes integrated throughout the product development and lifecycle.
## Table of Contents
- [Risk Management Planning Workflow](#risk-management-planning-workflow)
- [Risk Analysis Workflow](#risk-analysis-workflow)
- [Risk Evaluation Workflow](#risk-evaluation-workflow)
- [Risk Control Workflow](#risk-control-workflow)
- [Post-Production Risk Management](#post-production-risk-management)
- [Risk Assessment Templates](#risk-assessment-templates)
- [Decision Frameworks](#decision-frameworks)
- [Tools and References](#tools-and-references)
---
## Risk Management Planning Workflow
Establish risk management process per ISO 14971.
### Workflow: Create Risk Management Plan
1. Define scope of risk management activities:
- Medical device identification
- Lifecycle stages covered
- Applicable standards and regulations
2. Establish risk acceptability criteria:
- Define probability categories (P1-P5)
- Define severity categories (S1-S5)
- Create risk matrix with acceptance thresholds
3. Assign responsibilities:
- Risk management lead
- Subject matter experts
- Approval authorities
4. Define verification activities:
- Methods for control verification
- Acceptance criteria
5. Plan production and post-production activities:
- Information sources
- Review triggers
- Update procedures
6. Obtain plan approval
7. Establish risk management file
8. **Validation:** Plan approved; acceptability criteria defined; responsibilities assigned; file established
### Risk Management Plan Content
| Section | Content | Evidence |
|---------|---------|----------|
| Scope | Device and lifecycle coverage | Scope statement |
| Criteria | Risk acceptability matrix | Risk matrix document |
| Responsibilities | Roles and authorities | RACI chart |
| Verification | Methods and acceptance | Verification plan |
| Production/Post-Production | Monitoring activities | Surveillance plan |
### Risk Acceptability Matrix (5x5)
| Probability \ Severity | Negligible | Minor | Serious | Critical | Catastrophic |
|------------------------|------------|-------|---------|----------|--------------|
| **Frequent (P5)** | Medium | High | High | Unacceptable | Unacceptable |
| **Probable (P4)** | Medium | Medium | High | High | Unacceptable |
| **Occasional (P3)** | Low | Medium | Medium | High | High |
| **Remote (P2)** | Low | Low | Medium | Medium | High |
| **Improbable (P1)** | Low | Low | Low | Medium | Medium |
### Risk Level Actions
| Level | Acceptable | Action Required |
|-------|------------|-----------------|
| Low | Yes | Document and accept |
| Medium | ALARP | Reduce if practicable; document rationale |
| High | ALARP | Reduction required; demonstrate ALARP |
| Unacceptable | No | Design change mandatory |
---
## Risk Analysis Workflow
Identify hazards and estimate risks systematically.
### Workflow: Conduct Risk Analysis
1. Define intended use and reasonably foreseeable misuse:
- Medical indication
- Patient population
- User population
- Use environment
2. Select analysis method(s):
- FMEA for component/function analysis
- FTA for system-level analysis
- HAZOP for process deviations
- Use Error Analysis for user interaction
3. Identify hazards by category:
- Energy hazards (electrical, mechanical, thermal)
- Biological hazards (bioburden, biocompatibility)
- Chemical hazards (residues, leachables)
- Operational hazards (software, use errors)
4. Determine hazardous situations:
- Sequence of events
- Foreseeable misuse scenarios
- Single fault conditions
5. Estimate probability of harm (P1-P5)
6. Estimate severity of harm (S1-S5)
7. Document in hazard analysis worksheet
8. **Validation:** All hazard categories addressed; all hazards documented; probability and severity assigned
### Hazard Categories Checklist
| Category | Examples | Analyzed |
|----------|----------|----------|
| Electrical | Shock, burns, interference | ☐ |
| Mechanical | Crushing, cutting, entrapment | ☐ |
| Thermal | Burns, tissue damage | ☐ |
| Radiation | Ionizing, non-ionizing | ☐ |
| Biological | Infection, biocompatibility | ☐ |
| Chemical | Toxicity, irritation | ☐ |
| Software | Incorrect output, timing | ☐ |
| Use Error | Misuse, perception, cognition | ☐ |
| Environment | EMC, mechanical stress | ☐ |
### Analysis Method Selection
| Situation | Recommended Method |
|-----------|-------------------|
| Component failures | FMEA |
| System-level failure | FTA |
| Process deviations | HAZOP |
| User interaction | Use Error Analysis |
| Software behavior | Software FMEA |
| Early design phase | PHA |
### Probability Criteria
| Level | Name | Description | Frequency |
|-------|------|-------------|-----------|
| P5 | Frequent | Expected to occur | >10⁻³ |
| P4 | Probable | Likely to occur | 10⁻³ to 10⁻⁴ |
| P3 | Occasional | May occur | 10⁻⁴ to 10⁻⁵ |
| P2 | Remote | Unlikely | 10⁻⁵ to 10⁻⁶ |
| P1 | Improbable | Very unlikely | <10⁻⁶ |
### Severity Criteria
| Level | Name | Description | Harm |
|-------|------|-------------|------|
| S5 | Catastrophic | Death | Death |
| S4 | Critical | Permanent impairment | Irreversible injury |
| S3 | Serious | Injury requiring intervention | Reversible injury |
| S2 | Minor | Temporary discomfort | No treatment needed |
| S1 | Negligible | Inconvenience | No injury |
See: [references/risk-analysis-methods.md](references/risk-analysis-methods.md)
---
## Risk Evaluation Workflow
Evaluate risks against acceptability criteria.
### Workflow: Evaluate Identified Risks
1. Calculate initial risk level from probability × severity
2. Compare to risk acceptability criteria
3. For each risk, determine:
- Acceptable: Document and accept
- ALARP: Proceed to risk control
- Unacceptable: Mandatory risk control
4. Document evaluation rationale
5. Identify risks requiring benefit-risk analysis
6. Complete benefit-risk analysis if applicable
7. Compile risk evaluation summary
8. **Validation:** All risks evaluated; acceptability determined; rationale documented
### Risk Evaluation Decision Tree
**Risk Management Process Framework:**
```
ISO 14971 RISK MANAGEMENT PROCESS
├── Risk Management Planning
├── Risk management plan development
│ ├── Risk acceptability criteria definition
├── Risk management team formation
── Risk management file establishment
├── Risk Analysis
├── Intended use and reasonably foreseeable misuse
│ ├── Hazard identification and analysis
├── Hazardous situation evaluation
└── Risk estimation and documentation
├── Risk Evaluation
│ ├── Risk acceptability assessment
│ ├── Risk benefit analysis
├── Risk control necessity determination
── Risk evaluation documentation
├── Risk Control
├── Risk control option analysis
├── Risk control measure implementation
│ ├── Residual risk evaluation
└── Risk control effectiveness verification
└── Production and Post-Production Information
├── Information collection and analysis
├── Risk management file updates
├── Risk benefit analysis review
└── Risk control measure adjustment
Risk Estimated
Apply Acceptability Criteria
── Low Risk ──────────► Accept and document
├── Medium Risk ───────► Consider risk reduction
│ │ Document ALARP if not reduced
│ ▼
│ Practicable to reduce?
│ │
│ Yes──► Implement control
│ No───► Document ALARP rationale
── High Risk ─────────► Risk reduction required
│ │ Must demonstrate ALARP
│ ▼
│ Implement control
│ Verify residual risk
└── Unacceptable ──────► Design change mandatory
Cannot proceed without control
```
### 2. Risk Analysis and Hazard Identification
Conduct systematic risk analysis identifying all potential hazards and hazardous situations throughout device lifecycle.
### ALARP Demonstration Requirements
**Risk Analysis Methodology:**
1. **Intended Use and Context Analysis**
- Medical indication and patient population
- Use environment and conditions
- User characteristics and training
- **Decision Point**: Define scope of risk analysis
| Criterion | Evidence Required |
|-----------|-------------------|
| Technical feasibility | Analysis of alternative controls |
| Proportionality | Cost-benefit of further reduction |
| State of the art | Comparison to similar devices |
| Stakeholder input | Clinical/user perspectives |
2. **Hazard Identification Process**
- **For Hardware Components**: Mechanical, electrical, thermal, chemical hazards
- **For Software Components**: Software failure modes per IEC 62304
- **For Combination Products**: Drug-device interaction risks
- **For Connected Devices**: Cybersecurity and data privacy risks
### Benefit-Risk Analysis Triggers
3. **Hazardous Situation Analysis**
- Sequence of events leading to hazardous situations
- Foreseeable misuse and use error scenarios
- Single fault condition analysis
- Multiple fault condition evaluation
| Situation | Benefit-Risk Required |
|-----------|----------------------|
| Residual risk remains high | Yes |
| No feasible risk reduction | Yes |
| Novel device | Yes |
| Unacceptable risk with clinical benefit | Yes |
| All risks low | No |
### 3. Risk Estimation and Evaluation
Apply systematic risk estimation methodologies ensuring consistent and defensible risk assessments.
---
**Risk Estimation Framework:**
- **Probability Assessment**: Statistical data, literature, expert judgment
- **Severity Assessment**: Clinical outcome evaluation and classification
- **Risk Level Determination**: Risk matrix application and documentation
- **Risk Acceptability Evaluation**: Criteria application and justification
## Risk Control Workflow
Implement and verify risk control measures.
### Workflow: Implement Risk Controls
1. Identify risk control options:
- Inherent safety by design (Priority 1)
- Protective measures in device (Priority 2)
- Information for safety (Priority 3)
2. Select optimal control following hierarchy
3. Analyze control for new hazards introduced
4. Document control in design requirements
5. Implement control in design
6. Develop verification protocol
7. Execute verification and document results
8. Evaluate residual risk with control in place
9. **Validation:** Control implemented; verification passed; residual risk acceptable; no unaddressed new hazards
### Risk Control Hierarchy
| Priority | Control Type | Examples | Effectiveness |
|----------|--------------|----------|---------------|
| 1 | Inherent Safety | Eliminate hazard, fail-safe design | Highest |
| 2 | Protective Measures | Guards, alarms, automatic shutdown | High |
| 3 | Information | Warnings, training, IFU | Lower |
### Risk Control Option Analysis Template
**Risk Evaluation Decision Tree:**
```
RISK EVALUATION PROCESS
├── Is Risk Acceptable? (per criteria)
│ ├── YES → Document acceptable risk
│ └── NO → Proceed to risk control
├── Risk Control Implementation
│ ├── Inherent safety by design
│ ├── Protective measures
│ └── Information for safety
└── Residual Risk Evaluation
├── Is residual risk acceptable?
├── Risk benefit analysis
└── Final risk acceptability decision
RISK CONTROL OPTION ANALYSIS
Hazard ID: H-[XXX]
Hazard: [Description]
Initial Risk: P[X] × S[X] = [Level]
OPTIONS CONSIDERED:
| Option | Control Type | New Hazards | Feasibility | Selected |
|--------|--------------|-------------|-------------|----------|
| 1 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
| 2 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
SELECTED CONTROL: Option [X]
Rationale: [Justification for selection]
IMPLEMENTATION:
- Requirement: [REQ-XXX]
- Design Document: [Reference]
VERIFICATION:
- Method: [Test/Analysis/Review]
- Protocol: [Reference]
- Acceptance Criteria: [Criteria]
```
### 4. Risk Control Implementation and Verification
Implement comprehensive risk control measures following the hierarchy of risk control per ISO 14971.
### Risk Control Verification Methods
**Risk Control Hierarchy:**
1. **Inherent Safety by Design**
- Design modifications eliminating hazards
- Fail-safe design implementation
- Redundancy and diversity application
- Human factors engineering integration
| Method | When to Use | Evidence |
|--------|-------------|----------|
| Test | Quantifiable performance | Test report |
| Inspection | Physical presence | Inspection record |
| Analysis | Design calculation | Analysis report |
| Review | Documentation check | Review record |
2. **Protective Measures in the Medical Device**
- Alarms and alert systems
- Automatic shut-off mechanisms
- Physical barriers and shields
- Software safety functions
### Residual Risk Evaluation
3. **Information for Safety**
- User training and education
- Labeling and instructions for use
- Warning systems and alerts
- Contraindications and precautions
| After Control | Action |
|---------------|--------|
| Acceptable | Document, proceed |
| ALARP achieved | Document rationale, proceed |
| Still unacceptable | Additional control or design change |
| New hazard introduced | Analyze and control new hazard |
**Risk Control Verification:**
- Risk control effectiveness testing and validation
- Verification protocol development and execution
- Test results analysis and documentation
- Risk control performance monitoring
---
## Advanced Risk Management Applications
## Post-Production Risk Management
### Software Risk Management (IEC 62304 Integration)
Integrate software lifecycle processes with risk management ensuring comprehensive software safety assessment.
Monitor and update risk management throughout product lifecycle.
**Software Risk Management Process:**
- **Software Safety Classification**: Class A, B, or C determination
- **Software Hazard Analysis**: Software contribution to hazardous situations
- **Software Risk Control**: Architecture and design safety measures
- **Software Risk Management File**: Integration with overall risk management file
### Workflow: Post-Production Risk Monitoring
### Cybersecurity Risk Management
Implement cybersecurity risk management per FDA guidance and emerging international standards.
1. Identify information sources:
- Customer complaints
- Service reports
- Vigilance/adverse events
- Literature monitoring
- Clinical studies
2. Establish collection procedures
3. Define review triggers:
- New hazard identified
- Increased frequency of known hazard
- Serious incident
- Regulatory feedback
4. Analyze incoming information for risk relevance
5. Update risk management file as needed
6. Communicate significant findings
7. Conduct periodic risk management review
8. **Validation:** Information sources monitored; file current; reviews completed per schedule
**Cybersecurity Risk Framework:**
1. **Cybersecurity Threat Modeling**
- Asset identification and vulnerability assessment
- Threat source analysis and attack vector evaluation
- Impact assessment on patient safety and device functionality
- Cybersecurity risk estimation and prioritization
### Information Sources
2. **Cybersecurity Controls Implementation**
- **Preventive Controls**: Authentication, authorization, encryption
- **Detective Controls**: Monitoring, logging, intrusion detection
- **Corrective Controls**: Incident response, recovery procedures
- **Compensating Controls**: Additional safeguards and mitigations
| Source | Information Type | Review Frequency |
|--------|------------------|------------------|
| Complaints | Use issues, failures | Continuous |
| Service | Field failures, repairs | Monthly |
| Vigilance | Serious incidents | Immediate |
| Literature | Similar device issues | Quarterly |
| Regulatory | Authority feedback | As received |
| Clinical | PMCF data | Per plan |
### Human Factors and Use Error Risk Management
Integrate human factors engineering with risk management addressing use-related risks.
### Risk Management File Update Triggers
**Use Error Risk Management:**
- **Use-Related Risk Analysis**: Task analysis and use scenario evaluation
- **Use Error Identification**: Critical task and use error analysis
- **Use Error Risk Estimation**: Probability and severity assessment
- **Use Error Risk Control**: Design controls and user interface optimization
| Trigger | Response Time | Action |
|---------|---------------|--------|
| Serious incident | Immediate | Full risk review |
| New hazard identified | 30 days | Risk analysis update |
| Trend increase | 60 days | Trend analysis |
| Design change | Before implementation | Impact assessment |
| Standards update | Per transition period | Gap analysis |
## Risk Management File Management
### Periodic Review Requirements
### Risk Management Documentation
Maintain comprehensive risk management files ensuring traceability and regulatory compliance.
| Review Element | Frequency |
|----------------|-----------|
| Risk management file completeness | Annual |
| Risk control effectiveness | Annual |
| Post-market information analysis | Quarterly |
| Risk-benefit conclusions | Annual or on new data |
**Risk Management File Structure:**
- **Risk Management Plan**: Objectives, scope, criteria, and responsibilities
- **Risk Analysis Records**: Hazard identification, risk estimation, evaluation
- **Risk Control Records**: Control measures, verification, validation results
- **Production and Post-Production Information**: Surveillance data, updates
- **Risk Management Report**: Summary of risk management activities and conclusions
---
### Risk Management File Maintenance
Ensure risk management files remain current throughout product lifecycle.
## Risk Assessment Templates
**File Maintenance Protocol:**
- **Design Change Impact Assessment**: Risk analysis updates for design changes
- **Post-Market Information Integration**: Surveillance data incorporation
- **Risk Control Effectiveness Review**: Ongoing effectiveness verification
- **Periodic Risk Management Review**: Systematic file review and updates
### Hazard Analysis Worksheet
## Cross-functional Integration
```
HAZARD ANALYSIS WORKSHEET
### Quality Management System Integration
Ensure seamless integration of risk management with quality management system processes.
Product: [Device Name]
Document: HA-[Product]-[Rev]
Analyst: [Name]
Date: [Date]
**QMS-Risk Management Interface:**
- **Design Controls**: Risk management integration in design and development
- **Document Control**: Risk management file configuration management
- **CAPA Integration**: Risk assessment for corrective and preventive actions
- **Management Review**: Risk management performance reporting
| ID | Hazard | Hazardous Situation | Harm | P | S | Initial Risk | Control | Residual P | Residual S | Final Risk |
|----|--------|---------------------|------|---|---|--------------|---------|------------|------------|------------|
| H-001 | [Hazard] | [Situation] | [Harm] | [1-5] | [1-5] | [Level] | [Control ref] | [1-5] | [1-5] | [Level] |
```
### Regulatory Submission Integration
Coordinate risk management documentation with regulatory submission requirements.
### FMEA Worksheet
**Regulatory Integration Points:**
- **FDA Submissions**: Risk analysis and risk management summaries
- **EU MDR Technical Documentation**: Risk management file integration
- **ISO 13485 Certification**: Risk management process compliance
- **Post-Market Requirements**: Risk management in post-market surveillance
```
FMEA WORKSHEET
### Clinical and Post-Market Integration
Integrate risk management with clinical evaluation and post-market surveillance activities.
Product: [Device Name]
Subsystem: [Subsystem]
Analyst: [Name]
Date: [Date]
**Clinical-Risk Interface:**
- **Clinical Risk Assessment**: Clinical data integration with risk analysis
- **Clinical Investigation**: Risk management in clinical study design
- **Post-Market Surveillance**: Risk signal detection and evaluation
- **Clinical Evaluation Updates**: Risk-benefit analysis integration
| ID | Item | Function | Failure Mode | Effect | S | Cause | O | Control | D | RPN | Action |
|----|------|----------|--------------|--------|---|-------|---|---------|---|-----|--------|
| FM-001 | [Item] | [Function] | [Mode] | [Effect] | [1-10] | [Cause] | [1-10] | [Detection] | [1-10] | [S×O×D] | [Action] |
## Resources
RPN Action Thresholds:
>200: Critical - Immediate action
100-200: High - Action plan required
50-100: Medium - Consider action
<50: Low - Monitor
```
### scripts/
- `risk-assessment-automation.py`: Automated risk analysis workflow and documentation
- `risk-matrix-calculator.py`: Risk estimation and evaluation automation
- `risk-control-tracker.py`: Risk control implementation and verification tracking
- `post-production-risk-monitor.py`: Post-market risk information analysis
### Risk Management Report Summary
### references/
- `iso14971-implementation-guide.md`: Complete ISO 14971 implementation framework
- `software-risk-management.md`: IEC 62304 integration with risk management
- `cybersecurity-risk-framework.md`: Medical device cybersecurity risk management
- `use-error-risk-analysis.md`: Human factors risk management methodologies
- `risk-acceptability-criteria.md`: Risk acceptability frameworks and examples
```
RISK MANAGEMENT REPORT
### assets/
- `risk-templates/`: Risk management plan, risk analysis, and risk control templates
- `risk-matrices/`: Standardized risk estimation and evaluation matrices
- `hazard-libraries/`: Medical device hazard identification libraries
- `training-materials/`: Risk management training and competency programs
Product: [Device Name]
Date: [Date]
Revision: [X.X]
SUMMARY:
- Total hazards identified: [N]
- Risk controls implemented: [N]
- Residual risks: [N] Low, [N] Medium, [N] High
- Overall conclusion: [Acceptable / Not Acceptable]
RISK DISTRIBUTION:
| Risk Level | Before Control | After Control |
|------------|----------------|---------------|
| Unacceptable | [N] | 0 |
| High | [N] | [N] |
| Medium | [N] | [N] |
| Low | [N] | [N] |
CONTROLS IMPLEMENTED:
- Inherent safety: [N]
- Protective measures: [N]
- Information for safety: [N]
OVERALL RESIDUAL RISK: [Acceptable / ALARP Demonstrated]
BENEFIT-RISK CONCLUSION: [If applicable]
APPROVAL:
Risk Management Lead: _____________ Date: _______
Quality Assurance: _____________ Date: _______
```
---
## Decision Frameworks
### Risk Control Selection
```
What is the risk level?
├── Unacceptable ──► Can hazard be eliminated?
│ │
│ Yes─┴─No
│ │ │
│ ▼ ▼
│ Eliminate Can protective
│ hazard measure reduce?
│ │
│ Yes─┴─No
│ │ │
│ ▼ ▼
│ Add Add warning
│ protection + training
└── High/Medium ──► Apply hierarchy
starting at Level 1
```
### New Hazard Analysis
| Question | If Yes | If No |
|----------|--------|-------|
| Does control introduce new hazard? | Analyze new hazard | Proceed |
| Is new risk higher than original? | Reject control option | Acceptable trade-off |
| Can new hazard be controlled? | Add control | Reject control option |
### Risk Acceptability Decision
| Condition | Decision |
|-----------|----------|
| All risks Low | Acceptable |
| Medium risks with ALARP | Acceptable |
| High risks with ALARP documented | Acceptable if benefits outweigh |
| Any Unacceptable residual | Not acceptable - redesign |
---
## Tools and References
### Scripts
| Tool | Purpose | Usage |
|------|---------|-------|
| [risk_matrix_calculator.py](scripts/risk_matrix_calculator.py) | Calculate risk levels and FMEA RPN | `python risk_matrix_calculator.py --help` |
**Risk Matrix Calculator Features:**
- ISO 14971 5x5 risk matrix calculation
- FMEA RPN (Risk Priority Number) calculation
- Interactive mode for guided assessment
- Display risk criteria definitions
- JSON output for integration
### References
| Document | Content |
|----------|---------|
| [iso14971-implementation-guide.md](references/iso14971-implementation-guide.md) | Complete ISO 14971:2019 implementation with templates |
| [risk-analysis-methods.md](references/risk-analysis-methods.md) | FMEA, FTA, HAZOP, Use Error Analysis methods |
### Quick Reference: ISO 14971 Process
| Stage | Key Activities | Output |
|-------|----------------|--------|
| Planning | Define scope, criteria, responsibilities | Risk Management Plan |
| Analysis | Identify hazards, estimate risk | Hazard Analysis |
| Evaluation | Compare to criteria, ALARP assessment | Risk Evaluation |
| Control | Implement hierarchy, verify | Risk Control Records |
| Residual | Overall assessment, benefit-risk | Risk Management Report |
| Production | Monitor, review, update | Updated RM File |
---
## Related Skills
| Skill | Integration Point |
|-------|-------------------|
| [quality-manager-qms-iso13485](../quality-manager-qms-iso13485/) | QMS integration |
| [capa-officer](../capa-officer/) | Risk-based CAPA |
| [regulatory-affairs-head](../regulatory-affairs-head/) | Regulatory submissions |
| [quality-documentation-manager](../quality-documentation-manager/) | Risk file management |

24
ra-qm-team/risk-management-specialist/assets/example_asset.txt
View File

@@ -1,24 +0,0 @@
# Example Asset File
This placeholder represents where asset files would be stored.
Replace with actual asset files (templates, images, fonts, etc.) or delete if not needed.
Asset files are NOT intended to be loaded into context, but rather used within
the output Claude produces.
Example asset files from other skills:
- Brand guidelines: logo.png, slides_template.pptx
- Frontend builder: hello-world/ directory with HTML/React boilerplate
- Typography: custom-font.ttf, font-family.woff2
- Data: sample_data.csv, test_dataset.json
## Common Asset Types
- Templates: .pptx, .docx, boilerplate directories
- Images: .png, .jpg, .svg, .gif
- Fonts: .ttf, .otf, .woff, .woff2
- Boilerplate code: Project directories, starter files
- Icons: .ico, .svg
- Data files: .csv, .json, .xml, .yaml
Note: This is a text placeholder. Actual assets can be any file type.

34
ra-qm-team/risk-management-specialist/references/api_reference.md
View File

@@ -1,34 +0,0 @@
# Reference Documentation for Risk Management Specialist
This is a placeholder for detailed reference documentation.
Replace with actual reference content or delete if not needed.
Example real reference docs from other skills:
- product-management/references/communication.md - Comprehensive guide for status updates
- product-management/references/context_building.md - Deep-dive on gathering context
- bigquery/references/ - API references and query examples
## When Reference Docs Are Useful
Reference docs are ideal for:
- Comprehensive API documentation
- Detailed workflow guides
- Complex multi-step processes
- Information too lengthy for main SKILL.md
- Content that's only needed for specific use cases
## Structure Suggestions
### API Reference Example
- Overview
- Authentication
- Endpoints with examples
- Error codes
- Rate limits
### Workflow Guide Example
- Prerequisites
- Step-by-step instructions
- Common patterns
- Troubleshooting
- Best practices

468
ra-qm-team/risk-management-specialist/references/iso14971-implementation-guide.md Normal file
View File

@@ -0,0 +1,468 @@
# ISO 14971:2019 Implementation Guide
Complete implementation framework for medical device risk management per ISO 14971:2019.
---
## Table of Contents
- [Risk Management Planning](#risk-management-planning)
- [Risk Analysis](#risk-analysis)
- [Risk Evaluation](#risk-evaluation)
- [Risk Control](#risk-control)
- [Overall Residual Risk Evaluation](#overall-residual-risk-evaluation)
- [Risk Management Report](#risk-management-report)
- [Production and Post-Production Activities](#production-and-post-production-activities)
---
## Risk Management Planning
### Risk Management Plan Content
| Element | Requirement | Documentation |
|---------|-------------|---------------|
| Scope | Medical device and lifecycle stages covered | Scope statement |
| Responsibilities | Personnel and authority assignments | Organization chart, RACI |
| Review Requirements | Timing and triggers for reviews | Review schedule |
| Acceptability Criteria | Risk acceptance matrix and policy | Risk acceptability criteria |
| Verification Activities | Methods for control verification | Verification plan |
| Production/Post-Production | Activities for ongoing risk management | Surveillance plan |
### Risk Management Plan Template
```
RISK MANAGEMENT PLAN
Document Number: RMP-[Product]-[Rev]
Product: [Device Name]
Revision: [X.X]
Effective Date: [Date]
1. SCOPE AND PURPOSE
1.1 Medical Device Description: [Description]
1.2 Intended Use: [Statement]
1.3 Lifecycle Stages Covered: [Design/Production/Post-Market]
1.4 Plan Objectives: [Objectives]
2. RESPONSIBILITIES AND AUTHORITIES
| Role | Responsibility | Authority |
|------|----------------|-----------|
| Risk Management Lead | Overall RM process | RM decisions |
| Design Engineer | Risk identification | Design changes |
| QA Manager | RM file review | File approval |
| Clinical | Clinical input | Clinical risk assessment |
3. RISK ACCEPTABILITY CRITERIA
3.1 Risk Matrix: [Reference to matrix]
3.2 Acceptability Policy: [Acceptable/ALARP/Unacceptable definitions]
3.3 Benefit-Risk Considerations: [When applicable]
4. VERIFICATION ACTIVITIES
4.1 Risk Control Verification Methods: [Test, Analysis, Review]
4.2 Verification Timing: [Design phase, V&V]
4.3 Acceptance Criteria: [Pass/fail criteria]
5. PRODUCTION AND POST-PRODUCTION
5.1 Information Collection: [Sources]
5.2 Review Triggers: [Events requiring review]
5.3 Update Process: [RM file update procedure]
6. REVIEW AND APPROVAL
Prepared By: _________________ Date: _______
Reviewed By: _________________ Date: _______
Approved By: _________________ Date: _______
```
### Risk Acceptability Criteria Definition
| Risk Level | Definition | Action Required |
|------------|------------|-----------------|
| Broadly Acceptable | Risk so low that no action needed | Document and monitor |
| ALARP (Tolerable) | Risk reduced as low as reasonably practicable | Verify ALARP, consider benefit |
| Unacceptable | Risk exceeds acceptable threshold | Risk control mandatory |
### Risk Matrix Example (5x5)
| Probability \ Severity | Negligible | Minor | Serious | Critical | Catastrophic |
|------------------------|------------|-------|---------|----------|--------------|
| Frequent | Medium | High | High | Unacceptable | Unacceptable |
| Probable | Low | Medium | High | High | Unacceptable |
| Occasional | Low | Medium | Medium | High | High |
| Remote | Low | Low | Medium | Medium | High |
| Improbable | Low | Low | Low | Medium | Medium |
**Risk Level Actions:**
- **Low (Acceptable):** Document, no action required
- **Medium (ALARP):** Consider risk reduction, document rationale
- **High (ALARP):** Risk reduction required unless ALARP demonstrated
- **Unacceptable:** Risk reduction mandatory before proceeding
---
## Risk Analysis
### Hazard Identification Methods
| Method | Application | Standard Reference |
|--------|-------------|-------------------|
| FMEA | Component/subsystem failures | IEC 60812 |
| FTA | System-level failure analysis | IEC 61025 |
| HAZOP | Process hazard identification | IEC 61882 |
| PHA | Preliminary hazard assessment | - |
| Use FMEA | Use-related hazards | IEC 62366-1 |
### Intended Use Analysis Checklist
| Category | Questions to Address |
|----------|---------------------|
| Medical Purpose | What condition is treated/diagnosed? |
| Patient Population | Age, health status, contraindications? |
| User Population | Healthcare professional, patient, caregiver? |
| Use Environment | Hospital, home, ambulatory? |
| Duration | Single use, repeated, continuous? |
| Body Contact | External, internal, implanted? |
### Hazard Categories (Informative Annex C)
| Category | Examples |
|----------|----------|
| Energy | Electrical, thermal, mechanical, radiation |
| Biological | Bioburden, pyrogens, biocompatibility |
| Chemical | Residues, degradation products, leachables |
| Operational | Incorrect output, delayed function, unexpected operation |
| Information | Incomplete instructions, inadequate warnings |
| Use Environment | Electromagnetic, mechanical stress |
### Hazardous Situation Documentation
```
HAZARD ANALYSIS WORKSHEET
Product: [Device Name]
Analyst: [Name]
Date: [Date]
| ID | Hazard | Hazardous Situation | Sequence of Events | Harm | P1 | P2 | Initial Risk |
|----|--------|--------------------|--------------------|------|----|----|--------------|
| H-001 | [Hazard] | [Situation] | [Sequence] | [Harm] | [Prob] | [Sev] | [Level] |
P1 = Probability of hazardous situation occurring
P2 = Probability of harm given hazardous situation
Initial Risk = Risk before controls
```
### Risk Estimation
**Probability Categories:**
| Level | Term | Definition | Frequency |
|-------|------|------------|-----------|
| 5 | Frequent | Expected to occur | >10⁻³ |
| 4 | Probable | Likely to occur | 10⁻³ to 10⁻⁴ |
| 3 | Occasional | May occur | 10⁻⁴ to 10⁻⁵ |
| 2 | Remote | Unlikely to occur | 10⁻⁵ to 10⁻⁶ |
| 1 | Improbable | Very unlikely | <10⁻⁶ |
**Severity Categories:**
| Level | Term | Definition | Patient Impact |
|-------|------|------------|----------------|
| 5 | Catastrophic | Results in death | Death |
| 4 | Critical | Results in permanent impairment | Permanent impairment |
| 3 | Serious | Results in injury requiring intervention | Injury requiring treatment |
| 2 | Minor | Results in temporary injury | Temporary discomfort |
| 1 | Negligible | Inconvenience or temporary discomfort | No injury |
---
## Risk Evaluation
### Evaluation Workflow
1. Apply risk acceptability criteria to estimated risk
2. Determine if risk is acceptable, ALARP, or unacceptable
3. For ALARP risks, document ALARP demonstration
4. For unacceptable risks, proceed to risk control
5. Document evaluation rationale
6. **Validation:** All risks evaluated against criteria; rationale documented
### Risk Acceptability Decision
| Initial Risk | Benefit Available | Decision |
|--------------|-------------------|----------|
| Acceptable | N/A | Accept, document |
| ALARP | No | Verify ALARP |
| ALARP | Yes | Include in benefit-risk |
| Unacceptable | No | Design change required |
| Unacceptable | Yes | Benefit-risk analysis |
### ALARP Demonstration
| Criterion | Evidence Required |
|-----------|-------------------|
| Technical feasibility | Analysis of alternatives |
| Economic proportionality | Cost-benefit assessment |
| State of the art | Review of similar devices |
| User acceptance | Stakeholder input |
---
## Risk Control
### Risk Control Hierarchy
| Priority | Control Type | Examples |
|----------|--------------|----------|
| 1 | Inherent safety by design | Remove hazard, substitute material |
| 2 | Protective measures in device | Guards, alarms, software limits |
| 3 | Information for safety | Warnings, training, IFU |
### Risk Control Option Analysis
```
RISK CONTROL OPTION ANALYSIS
Hazard ID: [H-XXX]
Risk Level: [Unacceptable/High]
| Option | Control Type | Effectiveness | Feasibility | New Risks | Selected |
|--------|--------------|---------------|-------------|-----------|----------|
| Option 1 | [Type] | [H/M/L] | [H/M/L] | [Yes/No] | [Yes/No] |
| Option 2 | [Type] | [H/M/L] | [H/M/L] | [Yes/No] | [Yes/No] |
Selected Option: [Option X]
Rationale: [Justification]
```
### Risk Control Implementation Record
```
RISK CONTROL IMPLEMENTATION
Control ID: RC-[XXX]
Related Hazard: H-[XXX]
Control Description: [Description]
Control Type: [ ] Inherent Safety [ ] Protective Measure [ ] Information
Implementation:
- Specification/Requirement: [Reference]
- Design Document: [Reference]
- Verification Method: [Test/Analysis/Review]
- Verification Criteria: [Pass criteria]
Verification:
- Protocol Reference: [Document]
- Execution Date: [Date]
- Result: [ ] Pass [ ] Fail
- Evidence Reference: [Document]
New Risks Introduced: [ ] Yes [ ] No
If Yes: [New Hazard ID references]
Residual Risk:
- P1: [Probability]
- P2: [Severity]
- Residual Risk Level: [Level]
Approved By: _________________ Date: _______
```
### Risk Control Verification Methods
| Method | Application | Evidence |
|--------|-------------|----------|
| Test | Quantifiable control effectiveness | Test report |
| Inspection | Physical control presence | Inspection record |
| Analysis | Design analysis confirmation | Analysis report |
| Review | Document/drawing review | Review record |
---
## Overall Residual Risk Evaluation
### Evaluation Process
1. Compile all individual residual risks
2. Consider cumulative effects of residual risks
3. Assess overall residual risk acceptability
4. Conduct benefit-risk analysis if required
5. Document overall evaluation conclusion
6. **Validation:** All residual risks compiled; overall evaluation complete
### Benefit-Risk Analysis
| Factor | Assessment |
|--------|------------|
| Clinical Benefit | Documented therapeutic benefit |
| State of the Art | Comparison to alternative treatments |
| Patient Expectation | Benefit patient would accept |
| Medical Opinion | Clinical expert input |
| Risk Quantification | Residual risk characterization |
### Benefit-Risk Documentation
```
BENEFIT-RISK ANALYSIS
Product: [Device Name]
Date: [Date]
BENEFITS:
1. Primary Clinical Benefit: [Description]
- Evidence: [Reference]
- Magnitude: [Quantification]
2. Secondary Benefits: [List]
RISKS:
1. Residual Risks Summary:
| Risk Category | Count | Highest Level |
|---------------|-------|---------------|
| Acceptable | [N] | Low |
| ALARP | [N] | Medium/High |
2. Cumulative Considerations: [Assessment]
COMPARISON:
- State of the Art: [How device compares]
- Alternative Treatments: [Risk comparison]
- Patient Acceptance: [Expected acceptance]
CONCLUSION:
[ ] Benefits outweigh risks - Acceptable
[ ] Benefits do not outweigh risks - Not Acceptable
Rationale: [Justification]
Approved By: _________________ Date: _______
```
---
## Risk Management Report
### Report Content Requirements
| Section | Content |
|---------|---------|
| Results of Risk Analysis | Summary of hazards and risks identified |
| Risk Control Decisions | Controls selected and implemented |
| Overall Residual Risk | Evaluation and acceptability conclusion |
| Benefit-Risk Conclusion | If applicable |
| Review and Approval | Formal sign-off |
### Risk Management Report Template
```
RISK MANAGEMENT REPORT
Document Number: RMR-[Product]-[Rev]
Product: [Device Name]
Date: [Date]
1. EXECUTIVE SUMMARY
- Total hazards identified: [N]
- Risk controls implemented: [N]
- Residual risks: [N] acceptable, [N] ALARP
- Overall conclusion: [Acceptable/Not Acceptable]
2. RISK ANALYSIS SUMMARY
- Methods used: [FMEA, FTA, etc.]
- Scope coverage: [Lifecycle stages]
- Hazard categories addressed: [List]
3. RISK EVALUATION SUMMARY
| Risk Level | Before Control | After Control |
|------------|----------------|---------------|
| Unacceptable | [N] | [N] |
| High | [N] | [N] |
| Medium | [N] | [N] |
| Low | [N] | [N] |
4. RISK CONTROL SUMMARY
- Inherent safety controls: [N]
- Protective measures: [N]
- Information for safety: [N]
- All controls verified: [Yes/No]
5. OVERALL RESIDUAL RISK
- Individual residual risks: [Summary]
- Cumulative assessment: [Conclusion]
- Acceptability: [Acceptable/ALARP demonstrated]
6. BENEFIT-RISK ANALYSIS (if applicable)
- Conclusion: [Statement]
7. PRODUCTION AND POST-PRODUCTION
- Monitoring plan: [Reference]
- Review triggers: [List]
8. CONCLUSION
[Statement of overall risk acceptability]
9. APPROVAL
Risk Management Lead: _________________ Date: _______
Quality Assurance: _________________ Date: _______
Management Representative: _________________ Date: _______
```
---
## Production and Post-Production Activities
### Information Sources
| Source | Information Type | Review Frequency |
|--------|------------------|------------------|
| Complaints | Use-related issues, failures | Continuous |
| Service Reports | Field failures, repairs | Monthly |
| Vigilance Reports | Serious incidents | Immediate |
| Literature | Similar device issues | Quarterly |
| Regulatory Feedback | Authority communications | As received |
| Clinical Data | Post-market clinical follow-up | Per PMCF plan |
### Risk Management File Update Triggers
| Trigger | Action Required |
|---------|-----------------|
| New hazard identified | Risk analysis update |
| Control failure | Risk control reassessment |
| Serious incident | Immediate risk review |
| Design change | Impact assessment |
| Standards update | Compliance review |
| Regulatory feedback | Risk evaluation update |
### Risk Management Review Record
```
RISK MANAGEMENT REVIEW RECORD
Review Date: [Date]
Review Type: [ ] Periodic [ ] Triggered
Trigger (if applicable): [Description]
INFORMATION REVIEWED:
| Source | Period | Findings |
|--------|--------|----------|
| Complaints | [Period] | [Summary] |
| Vigilance | [Period] | [Summary] |
| Literature | [Period] | [Summary] |
RISK MANAGEMENT FILE STATUS:
- Current and complete: [ ] Yes [ ] No
- Updates required: [ ] Yes [ ] No
ACTIONS:
| Action | Owner | Due Date |
|--------|-------|----------|
| [Action 1] | [Name] | [Date] |
CONCLUSION:
[ ] No changes to risk profile
[ ] Risk profile updated - see [Document Reference]
[ ] Further investigation required
Reviewed By: _________________ Date: _______
```

415
ra-qm-team/risk-management-specialist/references/risk-analysis-methods.md Normal file
View File

@@ -0,0 +1,415 @@
# Risk Analysis Methods
Systematic techniques for hazard identification and risk analysis in medical device development.
---
## Table of Contents
- [Method Selection Guide](#method-selection-guide)
- [FMEA - Failure Mode and Effects Analysis](#fmea---failure-mode-and-effects-analysis)
- [FTA - Fault Tree Analysis](#fta---fault-tree-analysis)
- [HAZOP - Hazard and Operability Study](#hazop---hazard-and-operability-study)
- [Use Error Analysis](#use-error-analysis)
- [Software Hazard Analysis](#software-hazard-analysis)
---
## Method Selection Guide
### Method Application Matrix
| Method | Best For | Standard | Complexity |
|--------|----------|----------|------------|
| FMEA | Component/process failures | IEC 60812 | Medium |
| FTA | System-level failure analysis | IEC 61025 | High |
| HAZOP | Process deviations | IEC 61882 | Medium |
| PHA | Early hazard screening | - | Low |
| Use FMEA | Use-related hazards | IEC 62366-1 | Medium |
| STPA | Software/system interactions | - | High |
### Selection Decision Tree
```
What is the analysis focus?
├── Component failures → FMEA
├── System-level failure → FTA
├── Process deviations → HAZOP
├── User interaction → Use Error Analysis
└── Software behavior → Software FMEA/STPA
```
### When to Use Each Method
| Project Phase | Recommended Methods |
|---------------|---------------------|
| Concept | PHA, initial FTA |
| Design | FMEA, detailed FTA |
| Development | Use Error Analysis, Software HA |
| Verification | FMEA review, FTA validation |
| Production | Process FMEA |
| Post-Market | Trend analysis, FMEA updates |
---
## FMEA - Failure Mode and Effects Analysis
### FMEA Overview
| Aspect | Description |
|--------|-------------|
| Purpose | Identify potential failure modes and their effects |
| Approach | Bottom-up analysis from component to system |
| Output | Failure mode list with severity, occurrence, detection ratings |
| Standard | IEC 60812 |
### FMEA Process Workflow
1. Define scope and system boundaries
2. Develop functional block diagram
3. Identify failure modes for each component/function
4. Determine effects of each failure mode (local, next level, end)
5. Assign severity rating
6. Identify potential causes
7. Assign occurrence rating
8. Identify current controls (detection)
9. Assign detection rating
10. Calculate Risk Priority Number (RPN) or use risk matrix
11. Determine actions for high-priority items
12. **Validation:** All components analyzed; RPNs calculated; actions assigned for high risks
### FMEA Worksheet Template
```
FMEA WORKSHEET
Product: [Device Name]
Subsystem: [Subsystem]
FMEA Lead: [Name]
Date: [Date]
| ID | Item/Function | Failure Mode | Effect (Local) | Effect (End) | S | Cause | O | Controls | D | RPN | Action |
|----|---------------|--------------|----------------|--------------|---|-------|---|----------|---|-----|--------|
| FM-001 | [Item] | [Mode] | [Local Effect] | [End Effect] | [1-10] | [Cause] | [1-10] | [Detection] | [1-10] | [S×O×D] | [Action] |
S = Severity (1=None, 10=Catastrophic)
O = Occurrence (1=Remote, 10=Frequent)
D = Detection (1=Certain, 10=Cannot Detect)
RPN = Risk Priority Number
```
### Severity Rating Scale
| Rating | Severity | Criteria |
|--------|----------|----------|
| 10 | Hazardous | Death or regulatory non-compliance |
| 9 | Serious | Serious injury, major function loss |
| 8 | Major | Significant injury, major inconvenience |
| 7 | High | Minor injury, significant inconvenience |
| 6 | Moderate | Discomfort, partial function loss |
| 5 | Low | Some performance loss |
| 4 | Very Low | Minor performance degradation |
| 3 | Minor | Noticeable effect, no function loss |
| 2 | Very Minor | Negligible effect |
| 1 | None | No effect |
### Occurrence Rating Scale
| Rating | Occurrence | Probability |
|--------|------------|-------------|
| 10 | Almost Certain | >1 in 2 |
| 9 | Very High | 1 in 3 |
| 8 | High | 1 in 8 |
| 7 | Moderately High | 1 in 20 |
| 6 | Moderate | 1 in 80 |
| 5 | Low | 1 in 400 |
| 4 | Very Low | 1 in 2,000 |
| 3 | Remote | 1 in 15,000 |
| 2 | Very Remote | 1 in 150,000 |
| 1 | Nearly Impossible | <1 in 1,500,000 |
### Detection Rating Scale
| Rating | Detection | Likelihood of Detection |
|--------|-----------|------------------------|
| 10 | Absolute Uncertainty | Cannot detect |
| 9 | Very Remote | Very remote chance |
| 8 | Remote | Remote chance |
| 7 | Very Low | Very low chance |
| 6 | Low | Low chance |
| 5 | Moderate | Moderate chance |
| 4 | Moderately High | Moderately high chance |
| 3 | High | High chance |
| 2 | Very High | Very high chance |
| 1 | Almost Certain | Will detect |
### RPN Action Thresholds
| RPN Range | Priority | Action |
|-----------|----------|--------|
| >200 | Critical | Immediate action required |
| 100-200 | High | Action plan required |
| 50-100 | Medium | Consider action |
| <50 | Low | Monitor |
---
## FTA - Fault Tree Analysis
### FTA Overview
| Aspect | Description |
|--------|-------------|
| Purpose | Determine combinations of events leading to top event |
| Approach | Top-down deductive analysis |
| Output | Fault tree diagram with cut sets |
| Standard | IEC 61025 |
### FTA Process Workflow
1. Define top event (undesired system state)
2. Identify immediate causes using logic gates
3. Continue decomposition to basic events
4. Draw fault tree diagram
5. Identify cut sets (combinations causing top event)
6. Calculate probability if quantitative analysis required
7. Identify single points of failure
8. **Validation:** All branches complete; cut sets identified; single points documented
### Fault Tree Symbols
| Symbol | Name | Meaning |
|--------|------|---------|
| Rectangle | Intermediate Event | Event resulting from other events |
| Circle | Basic Event | Primary event, no further development |
| Diamond | Undeveloped Event | Not analyzed further |
| House | House Event | Event expected to occur (condition) |
| AND Gate | AND | All inputs required for output |
| OR Gate | OR | Any input causes output |
### FTA Worksheet Template
```
FAULT TREE ANALYSIS
Top Event: [Description of undesired state]
System: [System name]
Analyst: [Name]
Date: [Date]
BASIC EVENTS:
| ID | Event | Description | Probability | Control |
|----|-------|-------------|-------------|---------|
| BE-001 | [Event] | [Description] | [P] | [Control] |
CUT SETS:
| Cut Set | Events | Order | Probability |
|---------|--------|-------|-------------|
| CS-001 | BE-001 | 1 | [P] |
| CS-002 | BE-001, BE-002 | 2 | [P] |
SINGLE POINTS OF FAILURE:
| Event | Risk | Mitigation |
|-------|------|------------|
| [Event] | [Risk assessment] | [Mitigation strategy] |
```
### Cut Set Analysis
| Cut Set Order | Meaning | Criticality |
|---------------|---------|-------------|
| First Order | Single event causes top event | Highest - single point of failure |
| Second Order | Two events required | High |
| Third Order | Three events required | Moderate |
| Higher Order | Four+ events required | Lower |
---
## HAZOP - Hazard and Operability Study
### HAZOP Overview
| Aspect | Description |
|--------|-------------|
| Purpose | Identify deviations from intended operation |
| Approach | Systematic examination using guide words |
| Output | Deviation analysis with consequences and safeguards |
| Standard | IEC 61882 |
### HAZOP Guide Words
| Guide Word | Meaning | Example Application |
|------------|---------|---------------------|
| NO/NOT | Complete negation | No flow, no signal |
| MORE | Quantitative increase | More pressure, more current |
| LESS | Quantitative decrease | Less flow, less voltage |
| AS WELL AS | Qualitative increase | Extra component, contamination |
| PART OF | Qualitative decrease | Missing component |
| REVERSE | Logical opposite | Reverse flow, reverse polarity |
| OTHER THAN | Complete substitution | Wrong material, wrong signal |
| EARLY | Time-related | Early activation |
| LATE | Time-related | Delayed response |
### HAZOP Process Workflow
1. Select study node (process section or component)
2. Describe design intent for the node
3. Apply guide words to identify deviations
4. Determine causes of each deviation
5. Assess consequences
6. Identify existing safeguards
7. Recommend actions if needed
8. **Validation:** All nodes analyzed; all guide words applied; actions assigned
### HAZOP Worksheet Template
```
HAZOP WORKSHEET
System: [System Name]
Node: [Node Description]
Design Intent: [What the node is supposed to do]
Team Lead: [Name]
Date: [Date]
| Guide Word | Deviation | Causes | Consequences | Safeguards | Actions |
|------------|-----------|--------|--------------|------------|---------|
| NO | [No + parameter] | [Causes] | [Consequences] | [Existing] | [Recommendations] |
| MORE | [More + parameter] | [Causes] | [Consequences] | [Existing] | [Recommendations] |
| LESS | [Less + parameter] | [Causes] | [Consequences] | [Existing] | [Recommendations] |
```
---
## Use Error Analysis
### Use Error Analysis Overview
| Aspect | Description |
|--------|-------------|
| Purpose | Identify use-related hazards and mitigations |
| Approach | Task analysis combined with error prediction |
| Output | Use error list with risk controls |
| Standard | IEC 62366-1 |
### Use Error Categories
| Category | Description | Examples |
|----------|-------------|----------|
| Perception Error | Failure to perceive information | Missing alarm, unclear display |
| Cognition Error | Failure to understand | Misinterpretation, wrong decision |
| Action Error | Incorrect physical action | Wrong button, slip, lapse |
| Memory Error | Failure to recall | Forgotten step, omission |
### Use Error Analysis Process
1. Identify user tasks and subtasks
2. Identify potential use errors for each task
3. Determine consequences of each use error
4. Estimate probability of use error
5. Identify design features contributing to error
6. Define risk control measures
7. Verify control effectiveness
8. **Validation:** All critical tasks analyzed; errors identified; controls defined
### Use Error Worksheet Template
```
USE ERROR ANALYSIS
Device: [Device Name]
Task: [Task Description]
User: [User Profile]
Analyst: [Name]
Date: [Date]
| Step | User Action | Potential Use Error | Error Type | Cause | Consequence | S | P | Risk | Control |
|------|-------------|--------------------| -----------|-------|-------------|---|---|------|---------|
| 1 | [Action] | [Error] | [Type] | [Cause] | [Harm] | [S] | [P] | [Level] | [Control] |
Error Types: Perception (P), Cognition (C), Action (A), Memory (M)
```
### Human Factors Risk Controls
| Control Type | Examples |
|--------------|----------|
| Design | Forcing functions, constraints, affordances |
| Feedback | Visual, auditory, tactile confirmation |
| Labeling | Clear instructions, warnings, symbols |
| Training | User education, competency verification |
| Environment | Adequate lighting, noise reduction |
---
## Software Hazard Analysis
### Software Hazard Analysis Overview
| Aspect | Description |
|--------|-------------|
| Purpose | Identify software contribution to hazards |
| Approach | Analysis of software failure modes and behaviors |
| Output | Software hazard list with safety requirements |
| Standard | IEC 62304 |
### Software Safety Classification
| Class | Contribution to Hazard | Rigor Required |
|-------|------------------------|----------------|
| A | No contribution possible | Basic |
| B | Non-serious injury possible | Moderate |
| C | Death or serious injury possible | High |
### Software Hazard Categories
| Category | Description | Examples |
|----------|-------------|----------|
| Omission | Required function not performed | Missing safety check |
| Commission | Incorrect function performed | Wrong calculation |
| Timing | Function at wrong time | Delayed alarm |
| Value | Function with wrong value | Incorrect dose |
| Sequence | Functions in wrong order | Steps reversed |
### Software FMEA Worksheet
```
SOFTWARE FMEA
Software Item: [Module/Function Name]
Safety Class: [A/B/C]
Analyst: [Name]
Date: [Date]
| ID | Function | Failure Mode | Cause | Effect on System | Effect on Patient | S | P | Risk | Mitigation |
|----|----------|--------------|-------|------------------|-------------------|---|---|------|------------|
| SW-001 | [Function] | [Mode] | [Cause] | [System effect] | [Patient effect] | [S] | [P] | [Level] | [Control] |
Failure Mode Types: Omission, Commission, Timing, Value, Sequence
```
### Software Risk Controls
| Control Type | Implementation |
|--------------|----------------|
| Defensive Programming | Input validation, range checking |
| Error Handling | Exception handling, graceful degradation |
| Redundancy | Dual channels, voting logic |
| Watchdog | Timeout monitoring, heartbeat |
| Self-Test | Power-on diagnostics, runtime checks |
| Separation | Independence of safety functions |
### Traceability Requirements
| From | To | Purpose |
|------|------|---------|
| Software Hazard | Software Requirement | Hazard addressed |
| Software Requirement | Architecture | Requirement implemented |
| Architecture | Code | Design realized |
| Code | Test | Verification coverage |
| Test | Hazard | Control verified |

19
ra-qm-team/risk-management-specialist/scripts/example.py
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env python3
"""
Example helper script for risk-management-specialist
This is a placeholder script that can be executed directly.
Replace with actual implementation or delete if not needed.
Example real scripts from other skills:
- pdf/scripts/fill_fillable_fields.py - Fills PDF form fields
- pdf/scripts/convert_pdf_to_images.py - Converts PDF pages to images
"""
def main():
print("This is an example script for risk-management-specialist")
# TODO: Add actual script logic here
# This could be data processing, file conversion, API calls, etc.
if __name__ == "__main__":
main()

419
ra-qm-team/risk-management-specialist/scripts/risk_matrix_calculator.py Normal file
View File

@@ -0,0 +1,419 @@
#!/usr/bin/env python3
"""
Risk Matrix Calculator
Calculate risk levels based on probability and severity ratings per ISO 14971.
Supports multiple risk matrix configurations and FMEA RPN calculations.
Usage:
python risk_matrix_calculator.py --probability 3 --severity 4
python risk_matrix_calculator.py --fmea --severity 8 --occurrence 5 --detection 6
python risk_matrix_calculator.py --interactive
python risk_matrix_calculator.py --list-criteria
"""
import argparse
import json
import sys
from typing import Tuple, Optional
# Standard 5x5 Risk Matrix per ISO 14971 common practice
PROBABILITY_LEVELS = {
1: {"name": "Improbable", "description": "Very unlikely to occur", "frequency": "<10^-6"},
2: {"name": "Remote", "description": "Unlikely to occur", "frequency": "10^-5 to 10^-6"},
3: {"name": "Occasional", "description": "May occur", "frequency": "10^-4 to 10^-5"},
4: {"name": "Probable", "description": "Likely to occur", "frequency": "10^-3 to 10^-4"},
5: {"name": "Frequent", "description": "Expected to occur", "frequency": ">10^-3"}
}
SEVERITY_LEVELS = {
1: {"name": "Negligible", "description": "Inconvenience or temporary discomfort", "harm": "No injury"},
2: {"name": "Minor", "description": "Temporary injury not requiring intervention", "harm": "Temporary discomfort"},
3: {"name": "Serious", "description": "Injury requiring professional intervention", "harm": "Reversible injury"},
4: {"name": "Critical", "description": "Permanent impairment or life-threatening", "harm": "Permanent impairment"},
5: {"name": "Catastrophic", "description": "Death", "harm": "Death"}
}
# Risk matrix: RISK_MATRIX[probability][severity] = risk_level
RISK_MATRIX = {
1: {1: "Low", 2: "Low", 3: "Low", 4: "Medium", 5: "Medium"},
2: {1: "Low", 2: "Low", 3: "Medium", 4: "Medium", 5: "High"},
3: {1: "Low", 2: "Medium", 3: "Medium", 4: "High", 5: "High"},
4: {1: "Medium", 2: "Medium", 3: "High", 4: "High", 5: "Unacceptable"},
5: {1: "Medium", 2: "High", 3: "High", 4: "Unacceptable", 5: "Unacceptable"}
}
# Risk level definitions and required actions
RISK_ACTIONS = {
"Low": {
"acceptable": True,
"action": "Document and accept. No further action required.",
"color": "green"
},
"Medium": {
"acceptable": "ALARP",
"action": "Reduce risk if practicable. Document ALARP rationale if not reduced.",
"color": "yellow"
},
"High": {
"acceptable": "ALARP",
"action": "Risk reduction required. Must demonstrate ALARP if residual risk remains high.",
"color": "orange"
},
"Unacceptable": {
"acceptable": False,
"action": "Risk reduction mandatory. Design change required before proceeding.",
"color": "red"
}
}
# FMEA scales (1-10)
FMEA_SEVERITY = {
1: "No effect",
2: "Very minor effect",
3: "Minor effect",
4: "Very low effect",
5: "Low effect",
6: "Moderate effect",
7: "High effect",
8: "Very high effect",
9: "Hazardous with warning",
10: "Hazardous without warning"
}
FMEA_OCCURRENCE = {
1: "Remote (<1 in 1,500,000)",
2: "Very low (1 in 150,000)",
3: "Low (1 in 15,000)",
4: "Moderately low (1 in 2,000)",
5: "Moderate (1 in 400)",
6: "Moderately high (1 in 80)",
7: "High (1 in 20)",
8: "Very high (1 in 8)",
9: "Extremely high (1 in 3)",
10: "Almost certain (>1 in 2)"
}
FMEA_DETECTION = {
1: "Almost certain detection",
2: "Very high detection",
3: "High detection",
4: "Moderately high detection",
5: "Moderate detection",
6: "Low detection",
7: "Very low detection",
8: "Remote detection",
9: "Very remote detection",
10: "Cannot detect"
}
def calculate_risk_level(probability: int, severity: int) -> dict:
"""Calculate risk level from probability and severity ratings."""
if probability < 1 or probability > 5:
return {"error": f"Probability must be 1-5, got {probability}"}
if severity < 1 or severity > 5:
return {"error": f"Severity must be 1-5, got {severity}"}
risk_level = RISK_MATRIX[probability][severity]
risk_info = RISK_ACTIONS[risk_level]
return {
"probability": {
"rating": probability,
**PROBABILITY_LEVELS[probability]
},
"severity": {
"rating": severity,
**SEVERITY_LEVELS[severity]
},
"risk_level": risk_level,
"acceptable": risk_info["acceptable"],
"action_required": risk_info["action"],
"risk_index": probability * severity
}
def calculate_rpn(severity: int, occurrence: int, detection: int) -> dict:
"""Calculate FMEA Risk Priority Number."""
if not all(1 <= x <= 10 for x in [severity, occurrence, detection]):
return {"error": "All FMEA ratings must be 1-10"}
rpn = severity * occurrence * detection
# Determine priority level
if rpn > 200:
priority = "Critical"
action = "Immediate action required"
elif rpn > 100:
priority = "High"
action = "Action plan required"
elif rpn > 50:
priority = "Medium"
action = "Consider risk reduction"
else:
priority = "Low"
action = "Monitor"
return {
"severity": {
"rating": severity,
"description": FMEA_SEVERITY[severity]
},
"occurrence": {
"rating": occurrence,
"description": FMEA_OCCURRENCE[occurrence]
},
"detection": {
"rating": detection,
"description": FMEA_DETECTION[detection]
},
"rpn": rpn,
"priority": priority,
"action_required": action,
"max_rpn": 1000,
"rpn_percentage": round(rpn / 10, 1)
}
def display_risk_matrix():
"""Display the full risk matrix."""
print("\n" + "=" * 70)
print("ISO 14971 RISK MATRIX (5x5)")
print("=" * 70)
# Header
print("\n" + " " * 15, end="")
for s in range(1, 6):
print(f"S{s:^10}", end="")
print()
print(" " * 15, end="")
for s in range(1, 6):
print(f"{SEVERITY_LEVELS[s]['name'][:10]:^10}", end="")
print()
print("-" * 70)
# Matrix rows
for p in range(5, 0, -1):
print(f"P{p} {PROBABILITY_LEVELS[p]['name'][:10]:>10} |", end="")
for s in range(1, 6):
level = RISK_MATRIX[p][s]
print(f"{level:^10}", end="")
print()
print("\n" + "-" * 70)
print("Risk Levels: Low (Acceptable) | Medium (ALARP) | High (ALARP) | Unacceptable")
print("=" * 70)
def display_criteria():
"""Display probability and severity criteria."""
print("\n" + "=" * 70)
print("PROBABILITY CRITERIA")
print("=" * 70)
for level, info in PROBABILITY_LEVELS.items():
print(f"\nP{level}: {info['name']}")
print(f" Description: {info['description']}")
print(f" Frequency: {info['frequency']}")
print("\n" + "=" * 70)
print("SEVERITY CRITERIA")
print("=" * 70)
for level, info in SEVERITY_LEVELS.items():
print(f"\nS{level}: {info['name']}")
print(f" Description: {info['description']}")
print(f" Harm: {info['harm']}")
print("\n" + "=" * 70)
print("RISK LEVEL ACTIONS")
print("=" * 70)
for level, info in RISK_ACTIONS.items():
acceptable = "Yes" if info['acceptable'] == True else ("ALARP" if info['acceptable'] == "ALARP" else "No")
print(f"\n{level}:")
print(f" Acceptable: {acceptable}")
print(f" Action: {info['action']}")
def format_result_text(result: dict, analysis_type: str) -> str:
"""Format result for text output."""
lines = []
lines.append("\n" + "=" * 50)
if analysis_type == "risk":
lines.append("RISK ASSESSMENT RESULT")
lines.append("=" * 50)
lines.append(f"\nProbability: P{result['probability']['rating']} - {result['probability']['name']}")
lines.append(f" {result['probability']['description']}")
lines.append(f"\nSeverity: S{result['severity']['rating']} - {result['severity']['name']}")
lines.append(f" {result['severity']['description']}")
lines.append(f"\n{'-' * 50}")
lines.append(f"RISK LEVEL: {result['risk_level']}")
lines.append(f"Risk Index: {result['risk_index']} (P × S)")
lines.append(f"Acceptable: {result['acceptable']}")
lines.append(f"\nAction Required:")
lines.append(f" {result['action_required']}")
elif analysis_type == "fmea":
lines.append("FMEA RPN CALCULATION")
lines.append("=" * 50)
lines.append(f"\nSeverity: {result['severity']['rating']}/10")
lines.append(f" {result['severity']['description']}")
lines.append(f"\nOccurrence: {result['occurrence']['rating']}/10")
lines.append(f" {result['occurrence']['description']}")
lines.append(f"\nDetection: {result['detection']['rating']}/10")
lines.append(f" {result['detection']['description']}")
lines.append(f"\n{'-' * 50}")
lines.append(f"RPN: {result['rpn']} / {result['max_rpn']} ({result['rpn_percentage']}%)")
lines.append(f"Priority: {result['priority']}")
lines.append(f"\nAction Required:")
lines.append(f" {result['action_required']}")
lines.append("=" * 50)
return "\n".join(lines)
def interactive_mode():
"""Run interactive risk assessment."""
print("\n" + "=" * 50)
print("RISK MATRIX CALCULATOR - Interactive Mode")
print("=" * 50)
print("\nSelect analysis type:")
print("1. Risk Matrix (ISO 14971 style)")
print("2. FMEA RPN Calculation")
print("3. Display Risk Matrix")
print("4. Display Criteria")
print("5. Exit")
choice = input("\nEnter choice (1-5): ").strip()
if choice == "1":
display_criteria()
print("\n" + "-" * 50)
try:
p = int(input("Enter Probability (1-5): "))
s = int(input("Enter Severity (1-5): "))
result = calculate_risk_level(p, s)
if "error" in result:
print(f"\nError: {result['error']}")
else:
print(format_result_text(result, "risk"))
except ValueError:
print("Invalid input. Please enter numbers.")
elif choice == "2":
print("\nFMEA Scales:")
print(" Severity: 1 (No effect) to 10 (Hazardous without warning)")
print(" Occurrence: 1 (Remote) to 10 (Almost certain)")
print(" Detection: 1 (Almost certain) to 10 (Cannot detect)")
print("-" * 50)
try:
s = int(input("Enter Severity (1-10): "))
o = int(input("Enter Occurrence (1-10): "))
d = int(input("Enter Detection (1-10): "))
result = calculate_rpn(s, o, d)
if "error" in result:
print(f"\nError: {result['error']}")
else:
print(format_result_text(result, "fmea"))
except ValueError:
print("Invalid input. Please enter numbers.")
elif choice == "3":
display_risk_matrix()
elif choice == "4":
display_criteria()
elif choice == "5":
print("Exiting.")
return
else:
print("Invalid choice.")
def main():
parser = argparse.ArgumentParser(
description="Calculate risk levels per ISO 14971 or FMEA RPN",
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog="""
Examples:
# ISO 14971 risk matrix calculation
python risk_matrix_calculator.py --probability 3 --severity 4
# FMEA RPN calculation
python risk_matrix_calculator.py --fmea --severity 8 --occurrence 5 --detection 6
# Interactive mode
python risk_matrix_calculator.py --interactive
# Display risk matrix
python risk_matrix_calculator.py --show-matrix
# Display criteria definitions
python risk_matrix_calculator.py --list-criteria
# JSON output
python risk_matrix_calculator.py -p 4 -s 3 --output json
"""
)
parser.add_argument("-p", "--probability", type=int, help="Probability rating (1-5)")
parser.add_argument("-s", "--severity", type=int, help="Severity rating (1-5 for risk, 1-10 for FMEA)")
parser.add_argument("-o", "--occurrence", type=int, help="FMEA occurrence rating (1-10)")
parser.add_argument("-d", "--detection", type=int, help="FMEA detection rating (1-10)")
parser.add_argument("--fmea", action="store_true", help="Use FMEA RPN calculation")
parser.add_argument("--output", choices=["text", "json"], default="text", help="Output format")
parser.add_argument("--show-matrix", action="store_true", help="Display risk matrix")
parser.add_argument("--list-criteria", action="store_true", help="Display probability and severity criteria")
parser.add_argument("--interactive", action="store_true", help="Run in interactive mode")
args = parser.parse_args()
if args.interactive:
interactive_mode()
return
if args.show_matrix:
display_risk_matrix()
return
if args.list_criteria:
display_criteria()
return
if args.fmea:
if not all([args.severity, args.occurrence, args.detection]):
parser.error("FMEA requires --severity, --occurrence, and --detection")
result = calculate_rpn(args.severity, args.occurrence, args.detection)
if "error" in result:
print(f"Error: {result['error']}")
sys.exit(1)
if args.output == "json":
print(json.dumps(result, indent=2))
else:
print(format_result_text(result, "fmea"))
else:
if not all([args.probability, args.severity]):
parser.error("Risk calculation requires --probability and --severity")
result = calculate_risk_level(args.probability, args.severity)
if "error" in result:
print(f"Error: {result['error']}")
sys.exit(1)
if args.output == "json":
print(json.dumps(result, indent=2))
else:
print(format_result_text(result, "risk"))
if __name__ == "__main__":
main()