Risk Management (ISO 14971)
Overviewโ
Risk management is mandatory for all medical devices under MedDO Annex I ยงยง 1โ9. ISO 14971:2019 is the harmonised standard providing the accepted methodology. Risk management is a lifecycle activity โ not a one-time documentation continuous, integrated throughout design, production, and post-market phases exercise performed before market placement.
Risk Management File (RMF)โ
The RMF documents all risk management activities for a specific device. It must be updated when: new hazards are identified post-market; the device design or intended purpose changes; new clinical evidence affects the known risk profile; an FSCA or serious incident reveals a previously unrecognised risk.
The Five-Stage ISO 14971:2019 Processโ
- Risk analysis โ Define intended use and reasonably foreseeable misuse; identify hazards and hazardous situations; estimate probability and severity of harm
- Risk evaluation โ Determine acceptability of each estimated risk against the risk acceptance criteria
- Risk control โ Apply risk reduction measures in priority order: inherently safe design โ protective measures โ information for safety. Verify effectiveness and absence of new risks
- Benefit-risk analysis โ Where residual risks remain, weigh against clinical benefit; overall residual risk must be acceptable
- Production and post-production โ Collect and review post-market data; update RMF accordingly
Integrationโ
Risk management integrates with: IEC 62304 (software lifecycle); ISO 10993 (biological hazards); GSPR compliance matrix; clinical evaluation; post-market surveillance.
Official Sourcesโ
AI-assisted content for navigation only. Always verify against official Swissmedic and Fedlex sources. Not legal or regulatory advice.
Risk acceptance criteria must be established at the beginning of the risk management process and documented in the Risk Management File. These criteria define the threshold above which risks are considered unacceptable and must be reduced.