After completing your Risk Analysis, the next step is to perform a Risk Evaluation. According to ISO 14971, “For each identified hazardous situation, the manufacturer shall decide, using the criteria defined in the risk management plan, if risk reduction is required…The results of this risk evaluation shall be recorded in the Risk Management File.”
Risk Evaluation is concerned with assessing the probability and impact of individual risks, as well as defining your company’s tolerance for risk by creating risk evaluation criteria. In this process, you will need to consider the probability and impact of the potential risks. Also consider when the risk might occur – some risks are predicted to be further down the road than others. All known risks should be explicitly prioritized, since a company cannot address and/or control all of them. Consider the following questions for each area of impact:
- What defines a “high” impact on your company?
- What defines a “medium” impact on your company?
- What defines a “low” impact on your company?
The goal is to define specific measures for each of these categories related to risk for your company. There are also two conditions governing risk evaluation criteria that should be considered: there is one set of criteria that covers all areas, and evaluation criteria is created for predefined areas of impact.