Medical device Risk Management analysis

A detailed guide and analysis on the benefits to medical device Risk Management assessments under the Medical Device Regulation.

What is medical device Risk Management?

Medical device Risk Management is the structured process of identifying, analysing, mitigating, eliminating and drawing conclusions from medical risks associated with use of a medical device.

All medical devices have inherent risks. It is a fact of healthcare that every patient interaction carries with it a risk of harm, and the use of medical devices is in no way an exception.

Medical device Risk Management is not the process of eliminating every conceivable risk that could emanate from use of a device. Rather, it is the elimination of unacceptable risks, along with the mitigation of any risks that cannot reasonably be eliminated.

Performed correctly, medical device Risk Management allows the formulation of a risk benefit assessment (expressed as “benefit-risk” in the text of the EU MDR) that will determine whether the potential benefits of using a device outweigh any residual risks.

What is a medical device risk?

The formal definition of a medical device risk is provided in Article 2 MDR, where it is stated that a medical device risk is:

“…the combination of the probability of occurrence of harm and the severity of that harm.”

Therefore, acceptability of a medical device risk and processes required to ensure its elimination or mitigation will differ according to a function of both severity and frequency.

Medical device risks must not be confused with other categories of risk such as business risks or commercial risks. Medical device risk analysis is concerned only with risks as defined in Article 2 MDR.

What role does Risk Management play within The MDR?

Medical device Risk Management is a central component of MDR compliance. Risk Management is a direct component of clinical evaluation and a benefit-risk analysis is one of the required technical documents specified in Annex II MDR.

Risk Management

Article 10 MDR requires all manufacturers to establish, document, implement and maintain a system for Risk Management. Annex I provides greater detail about requirements for medical device Risk Management stating that Risk Management shall be a continuous iterative process that is conducted throughout the entire lifecycle of a device.

Annex I states that manufacturers must:

  • establish and document a Risk Management plan for each device
  • identify and analyse the known and foreseeable hazards associated with each device
  • estimate and evaluate the risks associated with, and occurring during, the intended use of the device and those resulting from any reasonably foreseeable misuse of the product
  • eliminate or control identified risks
  • evaluate the impact benefit-risk ratio and overall risk acceptability of any information arising from the production phase of the device and, in particular, from the post-market surveillance system
  • if necessary, implement suitable changes to risk control measures

Annex I also requires that devices are designed to be able to withstand stresses, strains, temperature fluctuations, conditions of storage and transport, and environmental conditions to which they can be expected to be subject. Risk analysis therefore becomes a component of product design and must be documented from the initial product realisation phase onwards.

How to plan and develop a Risk Management strategy for medical devices

A solid medical device Risk Management strategy can be developed through an application of a process common to many requirements under the MDR: Plan, document, implement, maintain, update, report.

Planning a Risk Management strategy will require a combination of technical, regulatory and clinical knowledge. Detailed product knowledge and an understanding of the clinical context to which it will be applied will allow an initial risk matrix to be developed. The plan must:

  • outline any assumptions made and provide justification for them
  • detail strategies for confirming or refuting assumptions
  • contain a plan for accurately determining frequency and severity of identified risks
  • detail a plan for collating information about new or emerging product risks
  • outline methods for determining risk acceptability
  • detail a risk mitigation and risk elimination plan
  • outline roles, responsibilities and reporting lines for members within the organisation whose activities may have a bearing on Risk Management

Risk Management documentation will form a component of the technical documents (Annex II MDR) that will be submitted as a component of the device conformity assessment process. Alongside the substantive Risk Management files it is necessary to document procedures for updating, maintaining, archiving and retrieving Risk Management documents.

Implementing a Risk Management strategy includes ensuring that activities documented with the Risk Management plan are undertaken in the correct manner. Risk Management activities interface with those conducted in running Vigilance systems, Post-Market Surveillance (PMS), and Clinical Evaluation, and so Risk Management activities are inherently cross-organisational.

Maintaining and updating a Risk Management strategy requires scheduled review and appraisal sessions to analyse system suitability. The clinical evaluation cycle offers an opportunity to assimilate Risk Management data collected and to re-perform a benefit-risk analysis of the device. Any updates or changes to the process must be reflected in documentation and disseminated across the organisation to ensure the changes are implemented.

What is ISO 14971?

ISO 14971:2019 - “Application of Risk Management to medical devices” is the most up-to-date version of the ISO 14971 standard. It has been updated to reflect changes to Risk Management imposed by the MDR.

As with all internationally-recognised ISO standards relating to medical devices, ISO 14971 is regarded as a harmonised standard meaning that compliance with the ISO standard will lead to a rebuttable presumption of conformity with aspects of MDR relating to Risk Management.

ISO 14971:2019 outlines a process for Risk Management and extends its coverage to software as a medical device and in-vitro diagnostic medical devices. It can be applied to all phases of a product’s life cycle.

Do you need help with your MDR strategy?

Contact us

MDR Services

Our team of medical doctors are specialists at building the clinical evidence portfolio that you need for MDR compliance of your products.

  • Through our bespoke Post-Market Surveillance (PMS) service we will apply clinical knowledge to design, update, implement, and maintain your MDR compliant PMS systems.

    Learn more about our Post-Market Surveillance service

    • PMS system design
    • Vigilance systems
    • Complaints handling
    • PMS plan & PSUR writing
    • Clinical investigations
    • Risk management
    • PACA / FSCA need identification
  • Our medical experts will design a robust and adaptable clinical evidence generation system to collect Post-Market Clinical Follow-up (PMCF) data on your medical devices.

    Learn more about our Post-Market Clinical Follow-up service

    • PMCF strategy design
    • Build Medical Device Registries
    • Complete lifecycle evidence generation
    • Evidence reports for other departments
    • Reduce administration time
  • Our full Clinical Evaluation service involves a 360-degree analysis of your medical devices, writing and reviewing CERs, and designing clinical development plans.

    Learn more about our Clinical Evaluation service

    • 360-degree Clinical Evaluations
    • CER writing / reviewing
    • Literature appraisals
    • Clinical evidence Gap Analysis
    • Clinical development plans
    • Clinical investigation design / implementation
  • Our medics will apply powerful clinical techniques to quickly and effectively identify and minimise any gaps in your clinical evidence portfolio.

    Learn more about our Gap Analysis service

    • Genreal SPR identification
    • Evidence portfolio gap analysis
    • Literature reviews
    • Clinical development plans
    • Risk Management impact analysis

MDR Training

Our comprehensive training solutions are delivered by experts and address all aspects of MDR compliance.

Download our free Mastering the MDR White Paper — Our easily digestible summary of the EU MDR


Do you have any questions about our services or training?

Contact us