Risk Management (ISO 14971)
Overviewโ
Risk management is mandatory for all medical devices under MedDO Annex I ยงยง 1โ9. ISO 14971:2019 is the harmonised standard providing the accepted methodology. Risk management is a lifecycle activity โ not a one-time documentation exercise.
Risk Management File (RMF)โ
The RMF documents all risk management activities for a specific device. It must be updated when: new hazards are identified post-market; the device design or intended purpose changes; new clinical evidence affects the known risk profile; an FSCA or serious incident reveals a previously unrecognised risk.
The Five-Stage ISO 14971:2019 Processโ
- Risk analysis โ Define intended use and reasonably foreseeable misuse; identify hazards and hazardous situations; estimate probability and severity of harm
- Risk evaluation โ Determine acceptability of each estimated risk against the risk acceptance criteria
- Risk control โ Apply risk reduction measures in priority order: inherently safe design โ protective measures โ information for safety. Verify effectiveness and absence of new risks
- Benefit-risk analysis โ Where residual risks remain, weigh against clinical benefit; overall residual risk must be acceptable
- Production and post-production โ Collect and review post-market data; update RMF accordingly
Integrationโ
Risk management integrates with: IEC 62304 (software lifecycle); ISO 10993 (biological hazards); GSPR compliance matrix; clinical evaluation; post-market surveillance.
Official Sourcesโ
AI-assisted content for navigation only. Always verify against official Swissmedic and Fedlex sources. Not legal or regulatory advice.