Technical documentation section 5. Risk management:

5.1 Risk management plan

A Risk Management Plan defines the framework and methodology for conducting risk management activities throughout the lifecycle of the medical device. It identifies the medical device under assessment and defines the strategy and methods for risk analysis and control.

The plan sets clear responsibilities for risk management tasks, establishes criteria for risk acceptability, and defines the algorithms for risk analysis, risk evaluation, risk control, and post-market risk monitoring. It also ensures traceability between identified hazards, associated risks, control measures, and residual risks.

Typically, the Risk Management Plan includes (the following structure may be adapted and used as a template for a Risk Management Plan):

1. Overview
2. Validity of this Risk Management Plan
3. Definitions and abbreviations
4. Identification of subject device
   1. Product description
   2. Preliminary MDSW risk class according to 62304 (for software)
      1. Process for determination of risk classification
      2. Background
      3. Rationale
      4. Product risk class
5. Risk management process
   1. Risk Management Process Steps
6. Product life cycle
7. Management responsibility
8. Qualification of personnel
9. Scope of planned risk management activities
10. Assignment of responsibilities and authorities
11. Requirements for review of risk management activities
12. Verification activities
13. Production and post-production
14. Risk Control Strategy
15. Risk Management Process Flow
16. Risk Management Process Description
17. Documents & Records
18. Detailed description of risk management process steps
    1. Identification of hazards
    2. Identified hazards
19. Criteria for risk estimation
    1. Determination of occurrence
       1. Probability of hazardous situation occurrence (P1)
       2. Probability of detecting the hazardous situation before harm occurs (P2)
       3. Probability of a hazardous situation leading to harm (P3)
       4. Calculation of P(gen)
       5. Correlation between General Probability (Pgen) and Occurrence (O)
       6. Risks for which probabilities (P1, P2 or P3) cannot be estimated
    2. Occurrence of hazards related to identified hazardous
    3. Determination of Severity (S) and severity levels (source: ISO TR 24971:2020)
    4. Determination of Risk Priority Number
20. Risk control record
    1. Possibility of reduction during mitigation process (for Occurrence)
21. Criteria for risk estimation and acceptability
    1. Risk ranges (Three region model – ISO TR 24971:2020)
    2. Risk Rating Chart (three region 5x5 matrix)
       1. Risk Evaluation 5x5 Matrix
       2. Bias Towards Unacceptable Risks
    3. Risk-Benefit Analysis for ALARP (residual) risks
    4. Evaluation of overall residual risk

The Risk Management Plan is a living document and should be updated as new information becomes available during the development, production, and post-market phases.