Risk Management

Risk management is the process of identifying, monitoring and managing potential risks to minimise the negative impact they have … and can be one of the most overlooked aspects of product design and development.

Risk is more than a tick box exercise and should be part of the product life-cycle – not just a ‘one and done’ exercise.  The risk management process can be broken down into a number of key steps:

  • Assessment and analysis
  • Evaluation
  • Treatment and control
  • Review

PS Partnerships work with companies within the medical device, construction, cosmetic and oil and gas sectors to implement risk management processes that comply with regulations and international standards.

If you want to simplify your risk management process or implement a new policy and process from scratch, get in touch at hello@ps-partnerships.com.

Medical Devices

Risk management for medical devices is a regulatory or legal requirement in most countries, and without it you won’t gain approval for releasing to the market.

ISO 14971 provides a framework to identify medical device hazards, assess and control risks and monitor the effectiveness of risk controls throughout the lifetime of the device.

PS Partnerships provides comprehensive training on ISO 14971 and medical device regulations as well as supporting businesses develop, implement and integrate compliant policies and procedures.

Explosive Atmospheres

A potentially explosive atmosphere exists when a mixture of air gases, vapours, mists, or dusts combine in a way that can ignite under certain operating conditions.

Equipment and protective systems intended for use in potentially explosive atmospheres (ATEX) cover a range of products, including those used on fixed offshore platforms, petrochemical plants, mines, and flour mills, amongst others.

Risk analysis and risk assessments are a requirement of Directive 2014/34/EU (of the European Parliament and of the Council of 26 February 2014 on the harmonisation of the laws of the Member States relating to equipment and protective systems intended for use in potentially explosive atmospheres (recast)).  Annex III(3)(c), Annex VIII(2) and Annex IX(2.1) explicitly state that technical documentation must include an adequate risk analysis and risk assessment, covering all risks as well as those being non-typical for explosion protection (e.g. risks caused by voltage, noise or moveable parts).  

Information Security 

Risk assessments are at the centre of your information security management system.  They help you to assess and manage incidents that have the potential to cause harm to your data.

Risk assessment is one of the most complex parts of ISO 27001 and sets the basis for you information security management system – but vitally important.  Simply put, they are to identify what incidents could occur and implement the most appropriate ways for avoiding such incidents.  By assessing the importance of each risk, focus can be on the key ones.  

ISO/IEC 27005: Information security risk management provides guidelines for information security risk management and supports the concepts in ISO 27001.