• Risk management policy foundations are background elements that express the values, priorities, and policies of an organisation in relation to risk management. They guide the process and should ideally be in place before the process begins. While generally stable, the foundations should be reviewed periodically so they can be improved as needed.

• Organisations are encouraged to build on these foundations into an overarching risk management policy that:
  • Outlines risk management principles
  • Sets out expectations for conducting assessments
  • Offers direction on communicating risk and engaging stakeholders
  • Specifies the organisations approach to judging risk tolerabilty

• Risk management principles:
  • Beneficence: Decisions must do more good than harm.
  • Fairness: Safety decisions must be fair, while taking cultural values into consideration.
  • Transparency: The decision-making process must be transparent and accessible.
  • Consultation: Stakeholders must be consulted and have a chance to give feedback.
  • Evidence and judgement: Decisions should include an analysis of the risk and comparison of risk management options.
  • Practicality and proportionality: The effort to manage risk should reflect the level of risk.
  • Vigilance: Constant vigilance must be exercised to monitor established and emerging risks, assess risk management measures, and update knowledge.
  • Continuous improvement: All aspects of blood safety risk management must undergo periodic review and improvement.

• Assessment types: Assessments give you the information you need to make decisions about blood safety. They usually include:
  • Blood safety risk assessment
  • Health economics and outcomes assessment
  • Operational risk assessment
  • Assessments contextual to the specific problem (e.g., equity, trust, social concerns)
  • A stakeholder assessment is conducted at Stage 3, Participation strategy.

• Requirements to comply with laws and regulation
  • The intention when making risk based decisions is that each organisation ensures that existing requirements to comply with laws and regulations , as well as minimum laboratory requirements, are met and risk decisions are made within this context.

• Risk tolerability: Unlike an acceptable risk, which requires no management, a tolerable risk:
  • Is managed at a level proportional to the risk
  • Is justified by the benefits gained
  • Is fairly distributed

Risk tolerability is a public risk management principle, concerned with a judgement of the appropriate level of risk to the public from a managed activity. As the concept is applied in this Risk-Based Decision-Making Framework, risk tolerability is an issue-specific judgement made by the blood operator or jointly with other jurisdictionally appropriate agencies, that a risk management approach represents an appropriate societal-scale balance of the associated risks, costs and benefits, and contextual factors. Ensuring that risks are tolerable in this societal perspective builds trust in the risk manager and in the products or activities that are managed.