Risk Management Guide for a Digital Health or a Medical Device Company on Jira Cloud

Why Risk Management

Compliant Risk Management is a mandatory regulatory requirement for companies in medical device and other safety-critical domains. It is a specific aspect of safety-critical system development that requires linking risks to system/software design and testing to ensure the system is safe to use.

Various standalone solutions exist today for safety-critical system developers that help automate regulatory compliance but almost all of them cover the entire software development lifecycle.

The most common checklist for medical device companies looking for a risk management solution are the following:

1. Affordable – No scary numbers;
2. Pay-as-you-go license fee – better than one-offs; no need for capital requests, lump sums that require lengthy approval processes;
3. Integrates with the software tools used in the company, i.e. does not require additional effort to learn the tool – more training? No thanks;
4. Embeds guidance into the tool – a great tool is useless if you don’t know how to use it;
5. Fully customizable, i.e. allows usage across departments, teams and plants regardless of the risk management method used – makes everybody happy;
6. Automates traceability, the nightmare for QAs;
7. Requires no effort from IT being cloud-based yet reliable and secure – IT will love it.

Standalone vs Integrated Risk Management Solutions

Standalone solutions for risk management or for system design constitute the traditional way that safety-critical domains have taken. Each standalone system is managed and operated independently with no integration or interface between different systems within the organization or with their suppliers. This leads to cumbersome and time-consuming integration as well as updating efforts.

With an increasing amount of software in safety-critical systems, software developers often prefer to work with open and integrated solutions where different aspects of system development are seamlessly linked to one another.

The main benefit of integrated solutions is the utilization of the already existing systems in the organization. Utilizing and integrating various aspects with the existing systems like Atlassian’s Jira will speed up the process of automation, reporting and preparing for regulatory audits.

Three main benefits of an integrated risk management solution:

1. An integrated risk management solution allows software developers to utilize the already existing platform (e.g. Atlassian) seamlessly linking software requirements and test cases to risks as required for compliant risk management.
2. Through integrated solution, the existing platform will be fully utilized and there is no need to train the employees thus speeding up the process of compliance as the users already know how to use the platform.
3. The most important benefit of integrated targeted solutions is that the end user of the solution, the Regulatory Affairs Manager, gets exactly the right solution for his or her problem – there will be no additional coding or complex configuration required! Such targeted integrated software solutions address the specific needs of regulated safety-critical system developers while offering a cheaper and more up to date solution.

Risk Management on Jira Cloud

Did you like to manage risks in Excel before your entire development team moved to Jira leaving you to struggle with the manual linking of risks to requirements and tests which is time-consuming and error-prone?

Then you should try the SoftComply Risk Manager app on Jira instead. This is the only Jira app for risk management that provides you with a spreadsheet view of risks enabling you to get a quick overview of the entire data of your risk project! It is also the only risk management app on Jira specifically built for medtech and other safety-critical product risk management requirements.

Quick Guide to Risk Management in Jira Cloud

Main Benefits of the SoftComply Risk Manager app on Jira Cloud:

– Customizable Risk Tables in Jira

There are four out-of-the-box risk tables for risk management you can choose from when you create a new Risk Project with the SoftComply Risk Manager.

The risk tables for Hazard Analysis and FMEA support your medical device or digital health product risk management process automation. Hazard analysis is a top down risk management approach (the minimum required risk management analysis for medical devices) while FMEA is a bottom-up risk analysis approach. You can read more about these risk analysis methods here.

A generic project risk management table provides you with a starting point to manage your project and organisational risks.

Do It Yourself risk table in the Risk Project Creation wizard enables you to build the risk table from scratch completely by yourself. It provides just two columns to start with – Risk ID (Jira issue ID) and Risk Summary (Jira issue summary). Thereafter, you can add the fields you wish to see in your risk management table. Each new column that you create in the DIY table will be a Jira custom field in your system. Once you have created a new risk project from the DIY table, you can start adding Jira issue fields to the table as columns you need for your risk management.

– Use Existing Risk Projects as Templates

Once you have created an intricate risk project with a complex risk table for your product/device risk management, you may want to re-use the project configuration. You can do that easily by cloning the existing configuration, which will copy the existing project’s risk matrices and risk table configuration.

– Automatically Generated Risk Reports

Dashboard Gadgets for Risk Reporting

Dashboard gadgets provide a great way to quickly build and display risk reports. One such SoftComply Risk Manager gadget displays Risk Matrices and thereby visualises how risks have been mitigated to acceptable levels:

Once you have created such a report, you can quickly move from the dashboard back to your risk table to see which of the risks are in a specific risk class. Simply click on any of the risk count numbers in the dashboard gadget and you will be taken to a filtered risk table showing only the risks of that specific risk class.

Generate ISO14971 Compliant Risk Reports

You can also generate the ISO14971 compliant risk reports with the SoftComply Risk Manager, namely the Risk Plan and the Risk Report. The Risk Plan will automatically include your risk matrices configuration together with the detailed description of each Severity and Probability level. The Risk Report includes the entire Initial and Residual Risk Matrix together with the Risk Counts and their respective Risk Classes.

Traceability reports in Confluence

SoftComply Risk Manager automatically builds traceability within all Jira links you have provided within the risk table view – between risks, requirements (mitigation actions) and test cases (verification actions).

You can build additional traceability reports in Confluence with Jira issues macros. Check out the clips of Traceability Tutorial Guide in our YouTube channel:

Establishing Risk Traceability in Jira Part I

From Confluence, you can already integrate the risk reports with your QMS documentation using the SoftComply eQMS solution.

Learn more

1. Full list of features and customization options of the SoftComply Risk Manager app on Jira.
   
2. Additional automation options on top of the SoftComply Risk Manager app with scripting apps or with Jira automation.
   
3. You can also check out the comparison of risk management apps on Jira Cloud.
   
4. To learn more about Risk Management on Jira Cloud, please join our online webinar on Risk Management on Jira Cloud on June 3rd. See you there!