Risk Management
Framework: ISO 14971
Indonesia's device registration requirements align with ISO 14971 (Medical devices — Application of risk management to medical devices) as the accepted standard for risk management documentation. Your risk management file should follow the ISO 14971 process:
- Risk analysis
- Risk evaluation
- Risk control
- Evaluation of overall residual risk
- Risk management review
- Production and post-production activities
Risk Management File Requirements
The dossier must include at minimum a Risk Analysis and Control Summary — a document that provides an overview of:
| Element | Content |
|---|---|
| Intended use and reasonably foreseeable misuse | Defined in risk analysis |
| Hazard identification | All identified hazards associated with the device |
| Hazard situations and harms | Analysis of hazard sequences leading to harm |
| Severity and probability of harm | Risk estimation per ISO 14971 |
| Risk control measures | Design, protective, and information-for-safety measures |
| Residual risks | Remaining risks after controls, with acceptability determination |
| Risk–benefit analysis | For Class C/D: formal analysis that benefits outweigh residual risks |
| Completeness check | Confirmation that all known device hazards have been addressed |
Class-Specific Requirements
| Class | Risk Management Depth |
|---|---|
| A | Basic risk summary; simpler hazard/harm analysis acceptable |
| B | Full risk analysis per ISO 14971; risk control measures documented |
| C | Full risk management file; residual risk justification; post-market risk monitoring plan |
| D | Full risk management file; formal risk–benefit analysis mandatory; traceability to FSCA plan; PSUR commitment for ongoing risk review |
Common Evaluator Queries on Risk Management
Kemenkes evaluators frequently raise clarification queries on:
- Insufficient hazard coverage — evaluators may note that specific foreseeable misuse scenarios have not been addressed
- Residual risk acceptability — the basis for accepting a residual risk must be documented; "no incidents reported to date" is generally insufficient
- Risk control effectiveness — evidence that risk control measures actually reduce risk as claimed
ISO 14971:2019 vs Earlier Versions
Indonesia does not mandate a specific edition of ISO 14971, but the 2019 revision is the current applicable standard. If your existing risk management documentation was prepared to ISO 14971:2007, a gap assessment and update to 2019 requirements may be needed before submission.