Technical documentation section 5. Risk management:

5.2 Risk analysis and control document

The Risk Analysis and Control document serves as the central record of the actual risk management activities performed on a medical device, positioned between the Risk Management Plan (which outlines the process and responsibilities) and the Risk Management Report (which summarizes outcomes). This document provides detailed evidence of how hazards were identified, analyzed, evaluated, and controlled throughout the device’s development and lifecycle stages. It demonstrates compliance with ISO 14971 and ensures traceability across all phases of the risk management process.

Typical content of a Risk Analysis and Control document includes:

• Device identification
  • Unique device name and version
  • Reference to relevant technical documentation
• Reference to Risk Management Plan
  • Identification of the governing plan
  • Scope and objectives for this specific analysis
• Identification of hazards and hazardous situations
  • Systematic listing of hazards related to intended use, foreseeable misuse, materials, energy sources, and biological, electrical, or software-related aspects
  • Associated hazardous situations
• Risk analysis
  • Estimation of risk for each hazardous situation before applying any control measures
  • Parameters used (e.g. severity and probability levels)
  • Risk level classification based on defined criteria
• Risk evaluation
  • Comparison of estimated risks with the risk acceptability criteria from the Risk Management Plan
  • Determination of whether risk reduction is required
• Risk control measures
  • List of control measures identified and implemented
  • Justification for selected controls
  • Implementation status
  • Traceability to verification and validation activities
• Residual risk evaluation
  • Estimation of risk remaining after control measures
  • Justification of acceptability or application of risk-benefit analysis if risk remains high
• Evaluation of overall residual risk
  • Aggregated analysis of all residual risks
  • Summary judgment on acceptability according to defined criteria
• Verification of risk control effectiveness
  • Confirmation that control measures were implemented as intended and effectively reduce risk
• Risk traceability matrix
  • Mapping between hazards, hazardous situations, risks, control measures, and residual risks
  • Maintains transparency and accountability throughout the document
• Updates and changes
  • Reassessment of risks due to changes in design, intended use, regulatory requirements, or field feedback
• Approval and review
  • Names, roles, and signatures of responsible personnel
  • Dates of analysis and any subsequent reviews or updates

This document is typically structured as a living record, updated continuously during the product development lifecycle and maintained as part of the design history file.