Risk Management (ISO 14971)
SFDA requirement
The SFDA requires manufacturers to implement a risk management process in accordance with ISO 14971:2019 (Medical devices — Application of risk management to medical devices) for all device classes. Risk management is both an Essential Principle requirement and a QMS requirement under ISO 13485.
Key ISO 14971 requirements
The risk management process must cover:
- Risk analysis — hazard identification and estimation of risk for all intended uses and reasonably foreseeable misuse
- Risk evaluation — comparison of estimated risks against acceptability criteria
- Risk control — selection and implementation of controls to reduce risks as far as possible
- Residual risk evaluation — assessing acceptability of remaining risks
- Risk-benefit analysis — determining whether the overall residual risk is acceptable given the device's benefits
- Risk management report — summary of the process and conclusions
What to include in the technical file
The technical file must include:
- The Risk Management Plan — scope, criteria, and process
- The Risk Analysis — hazard identification for all device aspects
- The Risk Control measures and their verification
- The Residual Risk Evaluation
- The Risk Management Report — signed summary of the process and conclusions
- A reference to how PMS data feeds back into risk management
Standard — ISO 14971:2019
The 2019 version of ISO 14971 is the current standard. Ensure your risk management documentation references the correct version and that your process meets its requirements. ISO TR 24971 provides additional guidance on applying ISO 14971.
Further reading
- ISO 14971:2019 — Medical devices — Application of risk management
- Technical File Overview
- Essential Principles
- Post-Market Surveillance