Risk Management Process (ISO 14971)
ISO 14971:2019 defines the process for manufacturers to identify hazards associated with medical devices, estimate and evaluate the associated risks, control these risks, and monitor the effectiveness of controls throughout the device lifecycle. Risk management is required by the FDA Quality System Regulation (21 CFR 820.30(g)) as part of design validation, and by the EU MDR (Annex I, Chapter I) as a fundamental element of the general safety and performance requirements.
Primary reference: ISO 14971:2019 -- Medical devices: Application of risk management to medical devices. Supporting guidance: ISO/TR 24971:2020.
1. Risk Management Plan (Clause 4.4)
The risk management plan defines the scope, planning, and documentation for risk management activities. It must include:
| Element | Description |
|---|---|
| Scope | Identification of the medical device and lifecycle phases covered by the plan |
| Responsibilities and authorities | Assignment of qualified personnel for risk management activities and management review |
| Risk acceptability criteria | Criteria for risk acceptability based on severity and probability; may reference a risk acceptability matrix |
| Verification activities | Plan for verification of risk control measures |
| Production and post-production activities | Plan for collecting and reviewing production/post-production information relevant to risk management |
| Risk management review | Timing and method for reviewing the risk management process and risk management file |
2. Hazard Identification (Clause 5.3)
Systematically identify known and foreseeable hazards associated with the medical device in both normal and fault conditions. ISO 14971 Annex C provides guidance on hazard categories to consider:
Energy Hazards
Electrical, thermal, mechanical, radiation, acoustic, electromagnetic
Biological/Chemical Hazards
Biocompatibility, degradation products, chemical residues, biological contamination
Operational Hazards
Use error, incorrect output, incorrect data, inadequate instructions, loss of function
Information Hazards
Inadequate labeling, incomplete IFU, missing warnings, unclear user interface
Common methods for hazard identification include: Preliminary Hazard Analysis (PHA), Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA), Hazard and Operability Studies (HAZOP), and use error analysis (IEC 62366-1).
3. Risk Estimation (Clause 5.4)
For each identified hazardous situation, estimate the risk by determining the severity of potential harm and the probability of occurrence. A common approach uses severity and probability scales:
| Severity Level | Description | Examples |
|---|---|---|
| S1 -- Negligible | Inconvenience or temporary discomfort | Temporary skin irritation, cosmetic defect |
| S2 -- Minor | Temporary injury not requiring medical intervention | Minor abrasion, temporary pain |
| S3 -- Serious | Injury requiring medical intervention | Infection, fracture, delayed treatment |
| S4 -- Critical | Permanent impairment or life-threatening injury | Loss of limb function, organ damage |
| S5 -- Catastrophic | Death | Patient death, multiple fatalities |
Note: The specific severity and probability scales should be defined in the risk management plan and be appropriate for the device type and intended use. ISO 14971 does not mandate specific scales.
4. Risk Evaluation (Clause 5.5)
Using the risk acceptability criteria defined in the risk management plan, determine whether each estimated risk requires risk reduction. Risks are typically categorized as:
Acceptable
Risk is within acceptable limits. No further risk reduction required, though further reduction should be considered if practicable.
ALARP Region
Risk reduction required to As Low As Reasonably Practicable. Benefits must outweigh residual risk. Document risk-benefit analysis.
Unacceptable
Risk exceeds acceptable limits. Risk reduction measures are mandatory before the risk can be accepted.
5. Risk Control (Clause 7)
For risks requiring reduction, implement risk control measures in the following priority order (ISO 14971 Clause 7.1):
- Inherent safety by design: Eliminate the hazard or reduce the associated risk by design (e.g., eliminate sharp edges, reduce energy levels, use biocompatible materials, simplify the user interface)
- Protective measures in the device or manufacturing process: Alarms, interlocks, safety features, error-proofing mechanisms, redundant systems, fail-safe design
- Information for safety: Warnings on the device or packaging, safety information in labeling/IFU, training requirements. This is the least preferred measure as it relies on user behavior.
For each risk control measure: verify implementation (Clause 7.2), verify effectiveness in reducing risk (Clause 7.3), evaluate whether new hazards are introduced by the control measure (Clause 7.4), and confirm the overall residual risk is acceptable (Clause 7.5).
6. Residual Risk Assessment (Clause 7.4, 8)
After implementing all risk control measures, evaluate the overall residual risk:
Individual Residual Risks (Clause 7.4)
Re-estimate each risk after implementation of control measures. Confirm each individual residual risk meets the acceptability criteria. Check for new hazards introduced by the control measures.
Overall Residual Risk (Clause 8)
Evaluate the overall residual risk posed by the device, considering all individual residual risks in aggregate. If the overall residual risk is not acceptable, perform a benefit-risk analysis. The medical benefits must outweigh the overall residual risk.
Risk Management Report (Clause 9)
Document the results of the risk management process in a risk management report. Include: confirmation that the risk management plan was implemented, the overall residual risk is acceptable, appropriate methods are in place to collect post-production information.
7. Risk Management File (Clause 4.5)
The risk management file is a collection of records and documents produced by the risk management process. It must contain or reference:
- Risk management plan
- Risk analysis records (hazard identification, hazardous situations, severity/probability estimates)
- Risk evaluation records (acceptability determinations)
- Risk control records (measures implemented, verification of implementation and effectiveness)
- Residual risk evaluation (individual and overall)
- Benefit-risk analysis (where applicable)
- Risk management report
- Post-production risk management information
Practical Notes
- Risk management is a lifecycle process -- continue through production, post-market surveillance, and device retirement
- Integrate with design controls (21 CFR 820.30) -- risk analysis feeds into design input, and design V&V confirms risk controls
- Use FMEA (per IEC 60812) for systematic failure analysis of device components and subsystems
- For usability-related risks, apply IEC 62366-1 (application of usability engineering) in conjunction with ISO 14971
- Maintain traceability: each hazard should trace to risk controls, and risk controls should trace to verification evidence
- The EU MDR requires manufacturers to update the risk management file throughout the device lifecycle and include it in the technical documentation