Configuring Jama for Risk Management - Multiple Controls

Dan Rittersdorf
Dan Rittersdorf Member, Jama Connect Interchange™ (JCI) Posts: 3

Hello,

We're getting started on our Jama journey and are struggling with the guidance we see, for example, in the Jama Connect Medical Risk Management guidance, about configuring the Risk Analysis records.

Every example I see has a single Risk Item and a single Mitigation.   Does nobody assign multiple mitigations to a single Risk Item?   (We see this more often in Cybersecurity Risk Management)  If so, how are you representing your Risk Control Measures in a way that allows traceability to Risk Requirements and Verification Test for a single control measure?

We've considered documenting Risk Control Measures in a separate record, and relating them via links to the Risks they Mitigate, but this makes it more difficult to present a single table view of Risks and their Mitigations.   (If only we could create a view that merges the tables)

How are you handling multiple RCMs on a single Risk Item, and the associated traceability?

Thanks for your consideration.

------------------------------
-dan'l
Dan Rittersdorf
DornerWorks, Grand Rapids, MI
------------------------------

Comments

  • Anuja Harpale
    Anuja Harpale Member, Medical Devices & Life Sciences Solution Posts: 4
    edited January 5

    Hello Dan, did the Jama team help you resolve this? I am experiencing a similar problem.

    ------------------------------
    Anuja Harpale
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 11-14-2023 07:40
    From: Dan Rittersdorf
    Subject: Configuring Jama for Risk Management - Multiple Controls

    Hello,

    We're getting started on our Jama journey and are struggling with the guidance we see, for example, in the Jama Connect Medical Risk Management guidance, about configuring the Risk Analysis records.

    Every example I see has a single Risk Item and a single Mitigation.   Does nobody assign multiple mitigations to a single Risk Item?   (We see this more often in Cybersecurity Risk Management)  If so, how are you representing your Risk Control Measures in a way that allows traceability to Risk Requirements and Verification Test for a single control measure?

    We've considered documenting Risk Control Measures in a separate record, and relating them via links to the Risks they Mitigate, but this makes it more difficult to present a single table view of Risks and their Mitigations.   (If only we could create a view that merges the tables)

    How are you handling multiple RCMs on a single Risk Item, and the associated traceability?

    Thanks for your consideration.

    ------------------------------
    -dan'l
    Dan Rittersdorf
    DornerWorks, Grand Rapids, MI
    ------------------------------
  • Dan Rittersdorf
    Dan Rittersdorf Member, Jama Connect Interchange™ (JCI) Posts: 3
    edited January 8

    We talked about several ways to do this, and embarked on a "relational database" model style of organization, but quickly back-pedaled due to the complexity of generating reports and providing traces.

    We settled for replicating the risk items per RCM.   This wastes space and provides opportunity for maintenance to diverge the replicated data, but reporting and more importantly tracing are maintained.

    ------------------------------
    Dan Rittersdorf
    DornerWorks
    MI
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 01-05-2024 09:58
    From: Anuja Harpale
    Subject: Configuring Jama for Risk Management - Multiple Controls

    Hello Dan, did the Jama team help you resolve this? I am experiencing a similar problem.

    ------------------------------
    Anuja Harpale
    ------------------------------

    Original Message:
    Sent: 11-14-2023 07:40
    From: Dan Rittersdorf
    Subject: Configuring Jama for Risk Management - Multiple Controls

    Hello,

    We're getting started on our Jama journey and are struggling with the guidance we see, for example, in the Jama Connect Medical Risk Management guidance, about configuring the Risk Analysis records.

    Every example I see has a single Risk Item and a single Mitigation.   Does nobody assign multiple mitigations to a single Risk Item?   (We see this more often in Cybersecurity Risk Management)  If so, how are you representing your Risk Control Measures in a way that allows traceability to Risk Requirements and Verification Test for a single control measure?

    We've considered documenting Risk Control Measures in a separate record, and relating them via links to the Risks they Mitigate, but this makes it more difficult to present a single table view of Risks and their Mitigations.   (If only we could create a view that merges the tables)

    How are you handling multiple RCMs on a single Risk Item, and the associated traceability?

    Thanks for your consideration.

    ------------------------------
    -dan'l
    Dan Rittersdorf
    DornerWorks, Grand Rapids, MI
    ------------------------------
  • Peter Lampacher
    Peter Lampacher Member, Jama Connect Interchange™ (JCI), Jama Validation Kit (JVK) + Functional Safety Kit (FSK) Posts: 14
    edited January 9

    Hi!

    We decided for a separate risk mitigation item. Within Jama, traceability can be displayed in Trace View. For reporting, we developed a custom Velocity report.

    Kind regards,

    ------------------------------
    Peter Lampacher
    MED-EL
    Innsbruck
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: 11-14-2023 07:40
    From: Dan Rittersdorf
    Subject: Configuring Jama for Risk Management - Multiple Controls

    Hello,

    We're getting started on our Jama journey and are struggling with the guidance we see, for example, in the Jama Connect Medical Risk Management guidance, about configuring the Risk Analysis records.

    Every example I see has a single Risk Item and a single Mitigation.   Does nobody assign multiple mitigations to a single Risk Item?   (We see this more often in Cybersecurity Risk Management)  If so, how are you representing your Risk Control Measures in a way that allows traceability to Risk Requirements and Verification Test for a single control measure?

    We've considered documenting Risk Control Measures in a separate record, and relating them via links to the Risks they Mitigate, but this makes it more difficult to present a single table view of Risks and their Mitigations.   (If only we could create a view that merges the tables)

    How are you handling multiple RCMs on a single Risk Item, and the associated traceability?

    Thanks for your consideration.

    ------------------------------
    -dan'l
    Dan Rittersdorf
    DornerWorks, Grand Rapids, MI
    ------------------------------