Comprehensive Medical Device Risk Management

By laurencesampson

One of the more difficult system development tasks in the context of a new medical device is how to organize and develop the product risk management strategy. When contemplating how to construct a system to manage this task, it’s necessary to consult not only company work flows and processes, but standards adopted by the competent authorities meant to standardize how medical device products are developed and approved.


At the time of this writing, the two standards used in definition and implementation of medical device risk management are ISO 14971:2009 and TIR 24971:2013. Europe has added to the mix by approving an EN ISO version of 14971, which is EN ISO 14971:2012. The EN version is different in several important aspects, and is required if the company is selling into Europe.

The process used by these standards is outlined in the image below:

Additional Goals of a Risk Management system

  1. The risk management system should provide information back to the product designers on how the design features affect users.

  2. The risk management system should provide a system to develop the hazardous situation control plan (including design, product realization, and labeling mitigations).

  3. Field performance should be linked to the risk analysis in order to assure field issues are considered in the analysis, and to provide rapid integration of issues discovered during product use.

  4. Mitigation to hazardous situations should be requirements in order to assure V&V efforts will be used to verify the requirements are implemented, and effective.

Medical device product development work is a highly integrated and regulated process. Implementation of a requirements tracking solution requires attention to a variety of nuanced topics. When presented with the task of tracking the many conceptual relationships in a project of this type, the software solution of choice tends to be a two-dimensional text system such as MS Excel™ or Apple’s Numbers™.

Some of the factors and analysis required to accurately and efficiently evaluate the product risks are listed below.

Risk Analysis

  • Hazards

  • Foreseeable sequence of events (sometimes defined as a sequence of root causes)

  • Hazardous situation

  • Harms

Risk Evaluation

  • Pre- and post-mitigation occurrence values

  • Harm severity

  • Risk priority level

  • Judgement of risk acceptability

Risk Control

  • Design requirements

  • Realization requirements

  • Labeling Requirements

  • Verification of Implementation

  • Verification of Effectiveness

Closure and Reporting

  • Evaluation of product residual risk

  • Evaluation of risk acceptability

Post-market Surveillance

  • Risk trending codes

  • Risk analysis trending code traceability

In my next blog I will describe a data model to deal with each element required in the development of the risk management system.

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at