Strategies for identifying risk and mitigation

By Kelly Huckabone

November 2018

Risk in a laboratory (or any other workplace) can be either internal or external. Let’s focus on internal factors for this discussion. To identify internal risks, you can focus on two areas, people and processes.

For people (employee risk), you need to consider safety and infrastructure. The best ways to identify people and infrastructure risk is to have an EHS (Environmental Health and Safety) audit performed to help you identify particular hazards and from there you can build a mitigation strategy to avoid, eliminate or decrease the risk. Employee risks can be injury that is typically mitigated with safety training - depending on the type of laboratory. People often forget the basics like electrical safety and tend to focus more on the inherent type of work that is being done in the laboratory (i.e. bacterial, viral, etc.). Basically, you build a table of your risk and log your mitigation strategy.

Identification of risk in a process is sometimes not so obvious and I always recommend a process audit. Typically, a process audit will identify inputs and outputs and through discussion with the auditee often risks are identified. Examples of laboratory process risks can include but are not limited to the following:

  • Identification where critical data is being inputted but not being review (mitigation strategy is sometime a QC review or an automated process)
  • Lack of validation (conduct a retrospective validation)
  • Lack of repeatability in a process (create SOPS or training)
  • Calibration equipment not on a required schedule for maintenance
  • Calibration equipment being used that is not traceable to a standard

From experience I can say that the employees performing the work in the lab are the ones that know the risk. What I have done in the past is held brainstorming sessions with these subject matter experts to get their perspectives for both the identification of risk as well as strategies for mitigation.

Download a PDF of this article



About the author

Kelly Huckabone is the North American Audit Program Manager who oversees the Unity™ Lab Services internal and external customer and supplier audit programs. Kelly is a certified risk manager, lead auditor with the American Society for Quality (ASQ), and has been conducting audits for over 25 years for different quality systems, including ISO 9001, 13485, and 17025, as well as Health Canada and the FDA.

Contact me at if you have any questions.