Application of ISO 14971 Risk Management to New Medical Devices

February 08, 2018
by SeerPharma

The stages required for applying ISO 14971 principles to risk management for medical devices can be typically broken into 6 steps:

  1. Specify intended use
  2. Identify hazards
  3. Define hazardous situations and foreseeable sequences of events
  4. Estimate risk
  5. Document (proposed) risk controls
  6. Prepare a risk management report for the device as part of design input or output

Risk management at a high level can be broken down into risk assessment and risk control.

Risk Assessment

Risk Identification and Analysis (Risk Estimation)

The Manufacturer must first identify the risks associated with the product; for example risks to the operator and risks to the patient. The ISO standard contains risk profile templates that aid in identification of risk elements and analysis. First the risk elements of the product design should be identified by a team made up of subject matter experts that should come from the various areas involved in the organization such as the design, quality, production and business departments. It is vital that a representative mix of ALL these disciplines are involved at this stage of risk identification. Subject matter experts tend to focus on their specific area and do not always have a thorough appreciation of how other elements can have an impact. Once the risk elements of the product design are identified, an analysis of each element can be performed.

The use of standard templates simplifies this process.

A simple method is FMEA (Failure Mode and Effect Analysis), this can either use numerical values or colours to demonstrate risk.  See examples of such assessments in Figures 1 and 2 below:


Figure 1: Pictorial Risk Ranking


Figure 2: Numerical Risk Ranking

Risk Evaluation and associated Risk Acceptability Decisions

Following the identification and analysis of the risk during device design, the results of the analysis should be evaluated and decisions made upon how to proceed. The process can be split into two sections, though these are frequently combined.

Risk Evaluation

The stage of risk evaluation determines the controls that need to be implemented to mitigate the risks and must be made in the context of the effectiveness of any existing strategies and controls.

Risk Acceptability Decisions

The Risk Acceptability for the design of the medical device must be then made. The acceptability decisions are prioritised using pre determined assessment criteria. Assessment criteria are usually descriptive, for example:

  • High / Critical Risk – should re-design product / processes or not proceed
  • Medium / Moderate Risk - should or may mitigate or control the risk eg. increase verification / testing or other controls

Risk Control

The purpose of risk control is to reduce the risk(s) to an acceptable level, e.g. by inherent safety or by design and implemented during the Concept Design Phase and verified during design output. The effort used in reducing the risks to an acceptable level should be proportional to the significance / impact of the risks.

Control should be targeted at answering questions, such as:

  • How can the risk be eliminated or reduced?
  • What is an acceptable level of risk for the patient?
  • Can the risk be controlled? i.e. can the ‘probability’ be minimised?


When introducing a new Medical Device onto the market a number of well-defined risk analysis and evaluation phases should be undertaken. Risk Management and the performance of Risk Assessment are therefore crucial parts of the design, development and control process. They assist manufacturers to understand the product, ensuring that consideration has been given to user requirements, the patient and the operator. When performed with a multi-disciplinary team using appropriate and consistent rules, problems in the design development and use of the device can often be eliminated.

Risk Assessment is a valuable tool and a regulatory expectation that should be used throughout the whole of the product life cycle to ensure a safe and effective product.

Contact us to explore your needs in 'risk management for medical devices'  while navigating ISO 14971 and learn how SeerPharma can assist you.

You may also be interested in these posts:

Filed Under: Medical Device, Risk Management, Risk Assessment, ISO 14971