Risk Management (ISO 14971)
ANVISA adopts ISO 14971:2019 (Brazilian: ABNT NBR ISO 14971) as the standard for risk management.
The complete risk management file for Class III/IV includes: risk management plan, hazard identification, risk estimation and evaluation, risk control measures, residual risk evaluation, benefit-risk analysis, risk management report, and post-market data integration.
| Class | Risk management requirement |
|---|---|
| Class I | Summary |
| Class II | Summary with key risk controls |
| Class III | Full ISO 14971 file |
| Class IV | Full file with extended benefit-risk analysis |
Verify all information against official ANVISA sources before making regulatory decisions.
For Class I and II devices, a risk management summary is acceptable and should focus on the most critical hazards and their control measures. Class III devices require the complete ISO 14971 documentation file. Class IV devices require an extended benefit-risk analysis that demonstrates why the residual risks are acceptable and outweighed by the clinical benefits, particularly important for high-risk implantable or life-sustaining devices.