Application of Risk Management to Medical Devices

By Editor1


I am sitting in the office of a Polarion customer when he drops a binder that contains over 1,200 pages on the desk. The sound it made was so loud, it startled me in my chair. “That is One Test!” he said with a smirk. As I lifted the monstrous document and leafed through page after page, I was amazed at the detail of the instructions, the explanation of the test environment, and the 10,000+ lines of test measurements. That one test cost $7,000US just to produce the test case, and another $45,000US each time the test was run.

This customer manufactures surgical equipment.

My name is David Merrill, and I am a System Engineer. Far and away for me, the coolest aspect about working for Polarion are the opportunities that I have to work with our customers. The Medical Devices field is on the cutting edge of surgical equipment, biomedical monitoring, therapies for neurological impairments like epilepsy, rehabilitation equipment for spinal cord injuries, and much, much more.

Medical Devices and their manufacture are perhaps the most challenging applications of Mechatronics — they are a highly complex convergence of Mechanical, Electrical, Software, and Human Resource disciplines into the lucrative arenas of modern medicine. The successes and innovations of these devices save lives and make headline news. However, device failures are notoriously public, and often result in injury or the loss of life, decreased corporate revenue, and endless costs in civil litigation.

Remember that one test? It was just one of many safety validations to ensure that the equipment meets the necessary safety requirements that customer has approved for that surgical device. The Design and Process Controls dictated by such regulatory bodies as the US FDA, IEC, and ISO exist to prevent such failures and ensure that the product development process follows the best practices of the industry — each time, every time.

This blog is intended to be an evolution in discussion of the challenges of Risk Management in accordance with EN ISO-14971, and the solutions that we can reach by configuring Polarion to meet those challenges.

Risk Management in Antiquity

The concept of Risk Management is not a new one, by any means. In fact, if we go back to Hippocrates, perhaps history’s preeminent physician and medical device manufacturer, we often think of a term attributed to the Hippocratic Oath, “First do no harm.” I was surprised to learn that such wording does not show up in the oath at all; it was coined by the Roman physician, Galen, as “Primum non nocere.” Beyond the famous oath, in his writings “Of the Epidemics,” he wrote,

“The physician must be able to tell the antecedents, know the present, and foretell the future — must mediate these things, and have two special objects in view with regard to disease, namely, to do good or to do no harm.”

As I mentioned, Hippocrates was more than just a physician, he also manufactured Medical Devices. Here is a picture of the famous “Hippocratic Bench”:

Source: (

 I have to wonder though, since this looks more like an instrument of medieval torture than it does a healing device, did Hippocrates follow his own process of examining antecedent, present, and future good — and weigh it against the potential harm that might come in the misuse, malfunction, or unintended consequences of his bench?

ISO-14971 Risk Management

Risk Management implies much more than mere analysis of risk, and because we, the public, depend on the superlative potential of emerging medical technologies, ISO-14971 has been created to define how companies must create and follow a Risk Management process, which includes:

  • Analyzing any and all applicable Harms and Hazards

  • Taking Actions to Mitigate, Control or Eliminate the Hazards

  • Documenting Residual Risk and Instructions to Medical Professionals and Users

The ISO standard reminds me that this Risk Management applies to every phase of the device: Design, Manufacturing Process, Shipping, Usage, and Disposal. Polarion ALM offers a unique solution to those companies to place all the information in a central repository, where all stakeholders have transparent access to the data, and can confirm its efficacy.

The “Good” to Come

Whether you are designing a new medical device and looking for a system to provide you the ability to bring it to the market quickly; whether you want to be sure that you can survive FDA audits, avoid the liability of device Hazards, reuse expensive test cases, and eliminate the 5 Kg Test Case (Digital Test Cases are so much lighter); or simply ensure you bring a safe, high-quality Medical Device to the market, stay tuned to this blog.

We will see how you can model your best practices for Risk Management and store it all in an ISO-14971 mandated “Risk Management File.”We will publish a Polarion template to allow you to “plug in” key elements of ISO-14971 Harm and Hazard analysis, and link mitigating actions to your new and existing Polarion product development projects with traceability that is always on, always available.

For more information, please visit our Medical Device Solutions web page. You will also be able to download our medical whitepapers: “Polarion FDA 21 CFR Part 820 Full Compliance” and “Polarion FDA 21 CFR Part 11 Full Compliance.”

Stay tuned for part 2.

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at