Risk Management Specialist

ISO 14971:2019 risk management implementation throughout the medical device lifecycle.

Table of Contents

• Risk Management Planning Workflow
• Risk Analysis Workflow
• Risk Evaluation Workflow
• Risk Control Workflow
• Post-Production Risk Management
• Risk Assessment Templates
• Decision Frameworks
• Tools and References

Risk Management Planning Workflow

Establish risk management process per ISO 14971.

Workflow: Create Risk Management Plan

1. Define scope of risk management activities:
   • Medical device identification
   • Lifecycle stages covered
   • Applicable standards and regulations
2. Establish risk acceptability criteria:
   • Define probability categories (P1-P5)
   • Define severity categories (S1-S5)
   • Create risk matrix with acceptance thresholds
3. Assign responsibilities:
   • Risk management lead
   • Subject matter experts
   • Approval authorities
4. Define verification activities:
   • Methods for control verification
   • Acceptance criteria
5. Plan production and post-production activities:
   • Information sources
   • Review triggers
   • Update procedures
6. Obtain plan approval
7. Establish risk management file
8. Validation: Plan approved; acceptability criteria defined; responsibilities assigned; file established

Risk Management Plan Content

Risk Acceptability Matrix (5x5)

Risk Level Actions

Risk Analysis Workflow

Identify hazards and estimate risks systematically.

Workflow: Conduct Risk Analysis

1. Define intended use and reasonably foreseeable misuse:
   • Medical indication
   • Patient population
   • User population
   • Use environment
2. Select analysis method(s):
   • FMEA for component/function analysis
   • FTA for system-level analysis
   • HAZOP for process deviations
   • Use Error Analysis for user interaction
3. Identify hazards by category:
   • Energy hazards (electrical, mechanical, thermal)
   • Biological hazards (bioburden, biocompatibility)
   • Chemical hazards (residues, leachables)
   • Operational hazards (software, use errors)
4. Determine hazardous situations:
   • Sequence of events
   • Foreseeable misuse scenarios
   • Single fault conditions
5. Estimate probability of harm (P1-P5)
6. Estimate severity of harm (S1-S5)
7. Document in hazard analysis worksheet
8. Validation: All hazard categories addressed; all hazards documented; probability and severity assigned

Hazard Categories Checklist

Analysis Method Selection

Probability Criteria

Severity Criteria

See: references/risk-analysis-methods.md

Risk Evaluation Workflow

Evaluate risks against acceptability criteria.

Workflow: Evaluate Identified Risks

1. Calculate initial risk level from probability × severity
2. Compare to risk acceptability criteria
3. For each risk, determine:
   • Acceptable: Document and accept
   • ALARP: Proceed to risk control
   • Unacceptable: Mandatory risk control
4. Document evaluation rationale
5. Identify risks requiring benefit-risk analysis
6. Complete benefit-risk analysis if applicable
7. Compile risk evaluation summary
8. Validation: All risks evaluated; acceptability determined; rationale documented

Risk Evaluation Decision Tree

Risk Estimated
      │
      ▼
Apply Acceptability Criteria
      │
      ├── Low Risk ──────────► Accept and document
      │
      ├── Medium Risk ───────► Consider risk reduction
      │   │                    Document ALARP if not reduced
      │   ▼
      │   Practicable to reduce?
      │   │
      │   Yes──► Implement control
      │   No───► Document ALARP rationale
      │
      ├── High Risk ─────────► Risk reduction required
      │   │                    Must demonstrate ALARP
      │   ▼
      │   Implement control
      │   Verify residual risk
      │
      └── Unacceptable ──────► Design change mandatory
                               Cannot proceed without control

ALARP Demonstration Requirements

Benefit-Risk Analysis Triggers

Risk Control Workflow

Implement and verify risk control measures.

Workflow: Implement Risk Controls

1. Identify risk control options:
   • Inherent safety by design (Priority 1)
   • Protective measures in device (Priority 2)
   • Information for safety (Priority 3)
2. Select optimal control following hierarchy
3. Analyze control for new hazards introduced
4. Document control in design requirements
5. Implement control in design
6. Develop verification protocol
7. Execute verification and document results
8. Evaluate residual risk with control in place
9. Validation: Control implemented; verification passed; residual risk acceptable; no unaddressed new hazards

Risk Control Hierarchy

Risk Control Option Analysis Template

RISK CONTROL OPTION ANALYSIS

Hazard ID: H-[XXX]
Hazard: [Description]
Initial Risk: P[X] × S[X] = [Level]

OPTIONS CONSIDERED:
| Option | Control Type | New Hazards | Feasibility | Selected |
|--------|--------------|-------------|-------------|----------|
| 1 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
| 2 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |

SELECTED CONTROL: Option [X]
Rationale: [Justification for selection]

IMPLEMENTATION:
- Requirement: [REQ-XXX]
- Design Document: [Reference]

VERIFICATION:
- Method: [Test/Analysis/Review]
- Protocol: [Reference]
- Acceptance Criteria: [Criteria]

Risk Control Verification Methods

Residual Risk Evaluation

Post-Production Risk Management

Monitor and update risk management throughout product lifecycle.

Workflow: Post-Production Risk Monitoring

1. Identify information sources:
   • Customer complaints
   • Service reports
   • Vigilance/adverse events
   • Literature monitoring
   • Clinical studies
2. Establish collection procedures
3. Define review triggers:
   • New hazard identified
   • Increased frequency of known hazard
   • Serious incident
   • Regulatory feedback
4. Analyze incoming information for risk relevance
5. Update risk management file as needed
6. Communicate significant findings
7. Conduct periodic risk management review
8. Validation: Information sources monitored; file current; reviews completed per schedule

Information Sources

Risk Management File Update Triggers

Periodic Review Requirements

Risk Assessment Templates

→ See references/risk-assessment-templates.md for details

Decision Frameworks

Risk Control Selection

What is the risk level?
        │
        ├── Unacceptable ──► Can hazard be eliminated?
        │                    │
        │                Yes─┴─No
        │                 │     │
        │                 ▼     ▼
        │            Eliminate  Can protective
        │            hazard     measure reduce?
        │                           │
        │                       Yes─┴─No
        │                        │     │
        │                        ▼     ▼
        │                   Add       Add warning
        │                   protection + training
        │
        └── High/Medium ──► Apply hierarchy
                            starting at Level 1

New Hazard Analysis

Risk Acceptability Decision

Tools and References

Scripts

Risk Matrix Calculator Features:

• ISO 14971 5x5 risk matrix calculation
• FMEA RPN (Risk Priority Number) calculation
• Interactive mode for guided assessment
• Display risk criteria definitions
• JSON output for integration

References

Quick Reference: ISO 14971 Process

Related Skills