🇺🇸English
Risk Management Specialist
ISO 14971:2019 risk management implementation throughout the medical device lifecycle.
Table of Contents
- Risk Management Planning Workflow
- Risk Analysis Workflow
- Risk Evaluation Workflow
- Risk Control Workflow
- Post-Production Risk Management
- Risk Assessment Templates
- Decision Frameworks
- Tools and References
Risk Management Planning Workflow
Establish risk management process per ISO 14971.
Workflow: Create Risk Management Plan
- Define scope of risk management activities:
- Medical device identification
- Lifecycle stages covered
- Applicable standards and regulations
- Establish risk acceptability criteria:
- Define probability categories (P1-P5)
- Define severity categories (S1-S5)
- Create risk matrix with acceptance thresholds
- Assign responsibilities:
- Risk management lead
- Subject matter experts
- Approval authorities
- Define verification activities:
- Methods for control verification
- Acceptance criteria
- Plan production and post-production activities:
- Information sources
- Review triggers
- Update procedures
- Obtain plan approval
- Establish risk management file
- Validation: Plan approved; acceptability criteria defined; responsibilities assigned; file established
Risk Management Plan Content
| Section | Content | Evidence |
|---|
| Scope | Device and lifecycle coverage | Scope statement |
| Criteria | Risk acceptability matrix | Risk matrix document |
| Responsibilities | Roles and authorities | RACI chart |
| Verification | Methods and acceptance | Verification plan |
| Production/Post-Production | Monitoring activities | Surveillance plan |
Risk Acceptability Matrix (5x5)
| Probability \ Severity | Negligible | Minor | Serious | Critical | Catastrophic |
|---|
| Frequent (P5) | Medium | High | High | Unacceptable | Unacceptable |
| Probable (P4) | Medium | Medium | High | High | Unacceptable |
| Occasional (P3) | Low | Medium | Medium | High | High |
| Remote (P2) | Low | Low | Medium | Medium | High |
|
Risk Level Actions
| Level | Acceptable | Action Required |
|---|
| Low | Yes | Document and accept |
| Medium | ALARP | Reduce if practicable; document rationale |
| High | ALARP | Reduction required; demonstrate ALARP |
| Unacceptable | No | Design change mandatory |
Risk Analysis Workflow
Identify hazards and estimate risks systematically.
Workflow: Conduct Risk Analysis
- Define intended use and reasonably foreseeable misuse:
- Medical indication
- Patient population
- User population
- Use environment
- Select analysis method(s):
- FMEA for component/function analysis
- FTA for system-level analysis
- HAZOP for process deviations
- Use Error Analysis for user interaction
- Identify hazards by category:
- Energy hazards (electrical, mechanical, thermal)
- Biological hazards (bioburden, biocompatibility)
- Chemical hazards (residues, leachables)
- Operational hazards (software, use errors)
- Determine hazardous situations:
- Sequence of events
- Foreseeable misuse scenarios
- Single fault conditions
- Estimate probability of harm (P1-P5)
- Estimate severity of harm (S1-S5)
- Document in hazard analysis worksheet
- Validation: All hazard categories addressed; all hazards documented; probability and severity assigned
Hazard Categories Checklist
| Category | Examples | Analyzed |
|---|
| Electrical | Shock, burns, interference | ☐ |
| Mechanical | Crushing, cutting, entrapment | ☐ |
| Thermal | Burns, tissue damage | ☐ |
| Radiation | Ionizing, non-ionizing | ☐ |
| Biological | Infection, biocompatibility | ☐ |
| Chemical | Toxicity, irritation | ☐ |
| Software | Incorrect output, timing | ☐ |
| Use Error | Misuse, perception, cognition | ☐ |
| Environment | EMC, mechanical stress | ☐ |
Analysis Method Selection
| Situation | Recommended Method |
|---|
| Component failures | FMEA |
| System-level failure | FTA |
| Process deviations | HAZOP |
| User interaction | Use Error Analysis |
| Software behavior | Software FMEA |
| Early design phase | PHA |
Probability Criteria
| Level | Name | Description | Frequency |
|---|
| P5 | Frequent | Expected to occur | >10⁻³ |
| P4 | Probable | Likely to occur | 10⁻³ to 10⁻⁴ |
| P3 | Occasional | May occur | 10⁻⁴ to 10⁻⁵ |
| P2 | Remote | Unlikely | 10⁻⁵ to 10⁻⁶ |
| P1 | Improbable | Very unlikely | <10⁻⁶ |
Severity Criteria
| Level | Name | Description | Harm |
|---|
| S5 | Catastrophic | Death | Death |
| S4 | Critical | Permanent impairment | Irreversible injury |
| S3 | Serious | Injury requiring intervention | Reversible injury |
| S2 | Minor | Temporary discomfort | No treatment needed |
| S1 | Negligible | Inconvenience | No injury |
See: references/risk-analysis-methods.md
Risk Evaluation Workflow
Evaluate risks against acceptability criteria.
Workflow: Evaluate Identified Risks
- Calculate initial risk level from probability × severity
- Compare to risk acceptability criteria
- For each risk, determine:
- Acceptable: Document and accept
- ALARP: Proceed to risk control
- Unacceptable: Mandatory risk control
- Document evaluation rationale
- Identify risks requiring benefit-risk analysis
- Complete benefit-risk analysis if applicable
- Compile risk evaluation summary
- Validation: All risks evaluated; acceptability determined; rationale documented
Risk Evaluation Decision Tree
Risk Estimated
│
▼
Apply Acceptability Criteria
│
├── Low Risk ──────────► Accept and document
│
├── Medium Risk ───────► Consider risk reduction
│ │ Document ALARP if not reduced
│ ▼
│ Practicable to reduce?
│ │
│ Yes──► Implement control
│ No───► Document ALARP rationale
│
├── High Risk ─────────► Risk reduction required
│ │ Must demonstrate ALARP
│ ▼
│ Implement control
│ Verify residual risk
│
└── Unacceptable ──────► Design change mandatory
Cannot proceed without control
ALARP Demonstration Requirements
| Criterion | Evidence Required |
|---|
| Technical feasibility | Analysis of alternative controls |
| Proportionality | Cost-benefit of further reduction |
| State of the art | Comparison to similar devices |
| Stakeholder input | Clinical/user perspectives |
Benefit-Risk Analysis Triggers
| Situation | Benefit-Risk Required |
|---|
| Residual risk remains high | Yes |
| No feasible risk reduction | Yes |
| Novel device | Yes |
| Unacceptable risk with clinical benefit | Yes |
| All risks low | No |
Risk Control Workflow
Implement and verify risk control measures.
Workflow: Implement Risk Controls
- Identify risk control options:
- Inherent safety by design (Priority 1)
- Protective measures in device (Priority 2)
- Information for safety (Priority 3)
- Select optimal control following hierarchy
- Analyze control for new hazards introduced
- Document control in design requirements
- Implement control in design
- Develop verification protocol
- Execute verification and document results
- Evaluate residual risk with control in place
- Validation: Control implemented; verification passed; residual risk acceptable; no unaddressed new hazards
Risk Control Hierarchy
| Priority | Control Type | Examples | Effectiveness |
|---|
| 1 | Inherent Safety | Eliminate hazard, fail-safe design | Highest |
| 2 | Protective Measures | Guards, alarms, automatic shutdown | High |
| 3 | Information | Warnings, training, IFU | Lower |
Risk Control Option Analysis Template
RISK CONTROL OPTION ANALYSIS
Hazard ID: H-[XXX]
Hazard: [Description]
Initial Risk: P[X] × S[X] = [Level]
OPTIONS CONSIDERED:
| Option | Control Type | New Hazards | Feasibility | Selected |
|--------|--------------|-------------|-------------|----------|
| 1 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
| 2 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
SELECTED CONTROL: Option [X]
Rationale: [Justification for selection]
IMPLEMENTATION:
- Requirement: [REQ-XXX]
- Design Document: [Reference]
VERIFICATION:
- Method: [Test/Analysis/Review]
- Protocol: [Reference]
- Acceptance Criteria: [Criteria]
Risk Control Verification Methods
| Method | When to Use | Evidence |
|---|
| Test | Quantifiable performance | Test report |
| Inspection | Physical presence | Inspection record |
| Analysis | Design calculation | Analysis report |
| Review | Documentation check | Review record |
Residual Risk Evaluation
| After Control | Action |
|---|
| Acceptable | Document, proceed |
| ALARP achieved | Document rationale, proceed |
| Still unacceptable | Additional control or design change |
| New hazard introduced | Analyze and control new hazard |
Post-Production Risk Management
Monitor and update risk management throughout product lifecycle.
Workflow: Post-Production Risk Monitoring
- Identify information sources:
- Customer complaints
- Service reports
- Vigilance/adverse events
- Literature monitoring
- Clinical studies
- Establish collection procedures
- Define review triggers:
- New hazard identified
- Increased frequency of known hazard
- Serious incident
- Regulatory feedback
- Analyze incoming information for risk relevance
- Update risk management file as needed
- Communicate significant findings
- Conduct periodic risk management review
- Validation: Information sources monitored; file current; reviews completed per schedule
Information Sources
| Source | Information Type | Review Frequency |
|---|
| Complaints | Use issues, failures | Continuous |
| Service | Field failures, repairs | Monthly |
| Vigilance | Serious incidents | Immediate |
| Literature | Similar device issues | Quarterly |
| Regulatory | Authority feedback | As received |
| Clinical | PMCF data | Per plan |
Risk Management File Update Triggers
| Trigger | Response Time | Action |
|---|
| Serious incident | Immediate | Full risk review |
| New hazard identified | 30 days | Risk analysis update |
| Trend increase | 60 days | Trend analysis |
| Design change | Before implementation | Impact assessment |
| Standards update | Per transition period | Gap analysis |
Periodic Review Requirements
| Review Element | Frequency |
|---|
| Risk management file completeness | Annual |
| Risk control effectiveness | Annual |
| Post-market information analysis | Quarterly |
| Risk-benefit conclusions | Annual or on new data |
Risk Assessment Templates
Hazard Analysis Worksheet
HAZARD ANALYSIS WORKSHEET
Product: [Device Name]
Document: HA-[Product]-[Rev]
Analyst: [Name]
Date: [Date]
| ID | Hazard | Hazardous Situation | Harm | P | S | Initial Risk | Control | Residual P | Residual S | Final Risk |
|----|--------|---------------------|------|---|---|--------------|---------|------------|------------|------------|
| H-001 | [Hazard] | [Situation] | [Harm] | [1-5] | [1-5] | [Level] | [Control ref] | [1-5] | [1-5] | [Level] |
FMEA Worksheet
FMEA WORKSHEET
Product: [Device Name]
Subsystem: [Subsystem]
Analyst: [Name]
Date: [Date]
| ID | Item | Function | Failure Mode | Effect | S | Cause | O | Control | D | RPN | Action |
|----|------|----------|--------------|--------|---|-------|---|---------|---|-----|--------|
| FM-001 | [Item] | [Function] | [Mode] | [Effect] | [1-10] | [Cause] | [1-10] | [Detection] | [1-10] | [S×O×D] | [Action] |
RPN Action Thresholds:
>200: Critical - Immediate action
100-200: High - Action plan required
50-100: Medium - Consider action
<50: Low - Monitor
Risk Management Report Summary
RISK MANAGEMENT REPORT
Product: [Device Name]
Date: [Date]
Revision: [X.X]
SUMMARY:
- Total hazards identified: [N]
- Risk controls implemented: [N]
- Residual risks: [N] Low, [N] Medium, [N] High
- Overall conclusion: [Acceptable / Not Acceptable]
RISK DISTRIBUTION:
| Risk Level | Before Control | After Control |
|------------|----------------|---------------|
| Unacceptable | [N] | 0 |
| High | [N] | [N] |
| Medium | [N] | [N] |
| Low | [N] | [N] |
CONTROLS IMPLEMENTED:
- Inherent safety: [N]
- Protective measures: [N]
- Information for safety: [N]
OVERALL RESIDUAL RISK: [Acceptable / ALARP Demonstrated]
BENEFIT-RISK CONCLUSION: [If applicable]
APPROVAL:
Risk Management Lead: _____________ Date: _______
Quality Assurance: _____________ Date: _______
Decision Frameworks
Risk Control Selection
What is the risk level?
│
├── Unacceptable ──► Can hazard be eliminated?
│ │
│ Yes─┴─No
│ │ │
│ ▼ ▼
│ Eliminate Can protective
│ hazard measure reduce?
│ │
│ Yes─┴─No
│ │ │
│ ▼ ▼
│ Add Add warning
│ protection + training
│
└── High/Medium ──► Apply hierarchy
starting at Level 1
New Hazard Analysis
| Question | If Yes | If No |
|---|
| Does control introduce new hazard? | Analyze new hazard | Proceed |
| Is new risk higher than original? | Reject control option | Acceptable trade-off |
| Can new hazard be controlled? | Add control | Reject control option |
Risk Acceptability Decision
| Condition | Decision |
|---|
| All risks Low | Acceptable |
| Medium risks with ALARP | Acceptable |
| High risks with ALARP documented | Acceptable if benefits outweigh |
| Any Unacceptable residual | Not acceptable - redesign |
Tools and References
Scripts
Risk Matrix Calculator Features:
- ISO 14971 5x5 risk matrix calculation
- FMEA RPN (Risk Priority Number) calculation
- Interactive mode for guided assessment
- Display risk criteria definitions
- JSON output for integration
References
Quick Reference: ISO 14971 Process
| Stage | Key Activities | Output |
|---|
| Planning | Define scope, criteria, responsibilities | Risk Management Plan |
| Analysis | Identify hazards, estimate risk | Hazard Analysis |
| Evaluation | Compare to criteria, ALARP assessment | Risk Evaluation |
| Control | Implement hierarchy, verify | Risk Control Records |
| Residual | Overall assessment, benefit-risk | Risk Management Report |
| Production | Monitor, review, update | Updated RM File |
Related Skills
Weekly Installs
172
Repository
alirezarezvani/…e-skills
GitHub Stars
4.3K
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
claude-code148
opencode129
gemini-cli128
codex116
cursor115
github-copilot103
