<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=489233&amp;fmt=gif">

5 Risk Assessment tools used by Life Sciences Companies


Quality risk management is a non-negotiable requirement to comply with ISO13485 and 21 CFR 820. Yet, every year, Life Sciences companies face warnings from regulatory bodies, such as the FDA in the U.S., the EMA in Europe and MHRA in the U.K. Warnings can lead to import alerts, and that’s when products and medicines get pulled off the shelves or never even reach them, ultimately depriving those that need them most.

To prevent such a scenario from unfolding, bottlenecks of non-conformities need to be addressed as soon as possible. To resolve them, regulatory agencies unite before the ICH (The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use) to work together in following common guidelines (e.g.  Q7,Q8(R2), Q9 and Q10 ). Despite their best efforts though, non-conformities just keep accumulating. 

The cause? Failures in the quality management processes of organizations. And the main reason underpinning that is poor risk assessment and management.

In order to improve their risk management strategy, life science organizations around the world, especially those in healthcare, turn to several different risk assessment tools. This helps them to uncover the underlying chain of events (or causes) that result in their non-conformities.


The 5 Tools used by Life Sciences Companies in Risk Assessment

The five most common risk assessment methods used by Life Sciences companies for their quality issues include Cause and Effect Analysis, the ‘Five Whys’, Fault Tree Analysis, Failure Mode Effect Analysis (FMEA) and Risk Ranking. Below is a brief summary of each of these five risk assessment tools.


1. Cause and Effect Analysis

    • Popularly known as an Ishikawa Diagram, Fishbone diagram, herringbone diagram or Fishikawa diagram.

    • A visual diagram that displays the causes of an event. It’s often used in manufacturing and product development to lay out the different steps in a process, demonstrate where quality control issues might arise, and determine which resources are needed at certain times.

    • The causal factors (fishbones) attribute to a final outcome (fish head).

    • Causes are grouped in broad categories such as Man, Materials, Machinery, Methods, and Miscellaneous so as to cover all possible origins of the issue.

Ishikawa (fishbone) diagram example as the first risk assessment tool proposed by ScilifeAn Ishikawa (Fishbone) diagram is a type of cause and effect analysis used in Risk Assessment.



2. The Five Whys

    • The Five Whys technique is a simple, iterative, and team-driven process that aims to uncover the root cause of a problem or defect by interrogating the issue through asking ‘Why?’ five times.

    • Each answer forms the basis of the next question, and the final ‘why?’ should lead to corrective action.

The "5 Whys" diagram example as the second risk assessment tool proposed by ScilifeAsking the ‘5 Whys’ is useful in determining the root cause of an issue during Risk Assessment.



3. Fault Tree Analysis (FTA)

    • A graphical tool to explore the causes of system level failures.

    • A top-down, deductive failure analysis. 

    • It uses Boolean Logic to combine a series of lower (component) level events to find out the cause of a top level event (such as system level failure.)

    • Consists of two elements “events” and “logic gates” which connect the events to identify the cause of the top undesired event.

    • Easier method than FMEA since it incorporates all possible system failures of an undesired top event. FMEA, in contrast, conducts analysis to find all possible system failure modes irrespective of their severity.

Fault Tree Analysis (FTA) diagram example as the third risk assessment tool proposed by Scilife
A Fault Tree Analysis example.



4. Failure Mode Effect Analysis (FMEA)

    • Failures are prioritized according to how serious their consequences are, how frequently they occur, and how easily they can be detected.

    • It also documents current knowledge and actions about the risks of failures, for use in continuous improvement.

    • It uses clear assignments of responsibilities and timeline for each action.


Failure Mode Effect Analysis (FMEA) table example as the fourth risk assessment tool proposed by Scilife
An FMEA template used in Risk Assessment.


5. Risk Ranking

    • Identified risks are assessed either quantitatively or qualitatively, to ascertain which ones have the highest likelihood of occurrence and which ones have the greatest consequence of occurrence, this ranks the risks in overall order of importance.

Failure Mode Risk Ranking table example as the last risk assessment tool proposed by Scilife
Risk Ranking, taking into account probability and consequence of each potential risk.



Why organizations fail at Risk Assessment, and why it matters.

Despite being quick to adopt the tools we’ve just described for risk assessment, many organizations fail miserably in extrapolating the results and actually using them in product life cycle management. Why is that?

In part, it’s due to the fact that risk assessment is somewhat subjective. Often, risk assessment tasks are assigned to a single individual as they are time consuming, which invites biases. Then, there's the possibility of over-optimistic risk assessment, in order to push a project further to meet certain timelines and please stakeholders. The intention is not to waste time and to get products to those who need them fast, but in the end the resulting non-compliance causes problems that then eat up much, much more time than doing a thorough initial risk assessment. It can even end up in patients missing out on the medication they need. Saying this is an undesirable outcome is an understatement!


Use Risk Assessment tools in combination for better results

Using several of these risk assessment tools in combination instead of just one is helpful. For example, using the Ishikawa Diagram to arrive at various causes of a deviation occurrence, and then making it more effective by narrowing down to the root cause using the Five Whys. The Five Whys technique is useful to arrive at the root cause by clearly differentiating it from its associated symptoms. These symptoms can go on to be listed as ‘failure modes’ and causes can be listed as ‘causes’ in FMEA. The understanding from Fault Tree Analysis can then be used for calculating Risk Prioritization Number (RPN) in FMEA. Finally, risk ranking can be performed using the RPN to avoid subjectivity. In the end, all risk assessment tools can be used to strengthen each other. Ultimately, you benefit from cross-functional teamwork and eliminate the risk of subjectivity and over optimistic assessment that can lead to audit failures.


Continuous Risk Assessment is fundamental

Another reason why a risk management strategy may fail is because risk assessment is believed to be a one-time activity assuming non-conformity to be a one-time instance. A more effective risk management strategy considers risk assessment as a proactive approach to avoid future non-conformities. 

Generally, risk assessment is triggered by a non-conformity or quality issue and then the whole process begins. In an effective risk management strategy, you would use multiple risk assessment tools to identify causes, then take action to eliminate these causes and prevent the recurrence of a nonconforming product, process or other quality problem. This is known as a Corrective and Preventive Action (CAPA). You would then undertake Change Control, which involves evaluating, documenting, approving, and implementing changes that could affect the validated status of facilities, equipment and processes. Finally, continuous re-assessment of the risk is the last but most important (and most commonly forgotten) step.

In order to implement a more successful risk management strategy, the above process needs to be continued throughout the product life cycle, not just once!

Often, organizations stop at the second step, thinking that merely using risk assessment tools is ‘managing risk’. For compliance reasons, it’s essential to document clear CAPAs, implement correct Change Control and review and reassess risks periodically. Documents need to be standardized and follow good documentation practices; which means specifying the title, authors, cross-functional teams involved, concerned stakeholders, date of preparation, version number, page number and signatures of those involved wherever applicable. 

Once every aspect of good and thorough risk management is solidified as a routine, everything gets much easier, we promise!


Scilife for robust Risk Assessment and continual Risk Management

If it sounds like a lot, Scilife has an intuitive Risk Assessment module that provides handy standardized and pre-filled configurable risk management templates, lets you program periodic reviews with automatic notifications to the right people at the right time to take the right actions, and links to powerful CAPA management and Change Control modules all right within the Scilife platform. It takes care of every aspect of Risk Assessment, requiring the least input from your side.


To Sum it Up

Prioritizing risk assessment is all-important, plain and simple. Without it, identifying and solving quality issues becomes a real mess, and could in the worst case even lead to dire consequences to patients. Those fundamental and initial steps are needed to begin digging up the underlying causes of manufacturing issues and then to actually take action to fix them. 

Risk assessment should also be a continuous and ongoing process. Since this is an area that can easily get overwhelming, it’s essential to rank and prioritize risks in order to take quick action where it's needed most urgently. Discovering what these risks are can be done by using the right risk assessment tools. Once those priority risks are identified, it forms the solid basis of a good risk management action plan.

Good documentation practices, a clear action plan, and cross-functional input with the help of correct tools paves the way for more streamlined and successful company processes, not simply audit success. 

If you’re in the Life Sciences industry, Scilife’s Risk Assessment module is a great aid in creating a foolproof quality management system and ensuring compliance in the Life Sciences industry. Find out more about how our purpose-built module can turbocharge your risk management here.


Screenshot of Scilife's Platform and icon of Risk Assessment Module with Book a Demo button


The requirements of Life Sciences companies (including in the pharma and medical device space) inevitably change over time. Sometimes, a change is due to regulatory requirements; sometimes, customer needs change. Keep reading if you want to...