Or use the contact form below
MDR and IVDR state in no uncertain terms that risk management activities should be planned. Therefore, for every single medical device, the manufacturer should establish and document a Risk management plan in accordance with the manufacturer's risk management process. The risk management plan shall be a part of the risk management file, which is a part of the Technical Documentation.
The purpose of a Risk management plan is to describe the process to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls according to ISO 14971:2019 and ISO TR 24971:2020.
The Risk management plan applies to all stages of the product life-cycle including all activities such as design, verification, validation, production and post-market activities.
1. Identification of Risks and Hazards
The first step in the risk management process is the identification of potential risks and the associated hazards that may arise from the use of a medical device. This involves a thorough analysis of the device's design, intended use, and the environments in which it will be employed. It also considers any relevant clinical data, user behaviors, and foreseeable misuse scenarios.
2. Risk Estimation
Once the risks and hazards are identified, the next step is to assess their potential impact. The most common approach here is using the Failure Mode and Effects Analysis (FMEA) based method. This assessment involves two key elements:
a) Determination of Occurrence of Harm (O). This evaluates the likelihood of a risk leading to harm. It considers factors such as the probability of exposure to the hazard and the probability of harm occurring as a result.
b) Determination of Severity of Harm (S). This assesses the potential consequences of a risk materializing. It involves determining the level of harm that could occur, ranging from minor inconvenience to severe injury or even loss of life.
That said, there are a number of other methods for risk estimation apart from FMEA. To find out which method is the best for your particular medical device, please refer to ISO/TR 24971.
3. Risk Control through Mitigation Measures
Based on the estimation of occurrence and severity, risk control measures are implemented to reduce or eliminate identified risks. These measures may include design modifications, the addition of safety features, incorporating warnings or instructions for users, or providing protective equipment. All these measures should be documented.
4. Risk Benefit Analysis for Residual Risks
After applying risk control measures, some residual risks may still exist. A risk benefit analysis is conducted to weigh these remaining risks against the benefits of using the medical device. This involves a careful evaluation of the potential benefits to patients and healthcare providers in comparison to the remaining level of risk.
5. Evaluation of Overall Residual Risk
The final step in the risk management process is the assessment of the overall residual risk. This involves considering the combined impact of all identified risks, even after applying mitigation measures. The goal is to ensure that the residual risk is at an acceptable level, taking into account the benefits provided by the device.
Below is the standard content of the Risk Management Plan. However, it's essential to assess its suitability for your specific medical device and modify it accordingly.
Notified body
certificate
Learn more >>
EUDAMED
registration
Learn more >>
EC REP mandate
Learn more >>
Basic UDI
Learn more >>
Learn more >>
CE-marking process under MDR
Learn more >>
CE-marking process under IVDR
Learn more >>
MDR checklist
Learn more >>
PRRC
Learn more >>
Clinical
evaluation
Learn more >>
Post-marketing
surveillance
Learn more >>
MDR and IVDR state in no uncertain terms that risk management activities should be planned. Therefore, for every single medical device, the manufacturer should establish and document a Risk management plan in accordance with the manufacturer's risk management process. The risk management plan shall be a part of the risk management file, which is a part of the Technical Documentation.
The purpose of a Risk management plan is to describe the process to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls according to ISO 14971:2019 and ISO TR 24971:2020.
The Risk management plan applies to all stages of the product life-cycle including all activities such as design, verification, validation, production and post-market activities.
1. Identification of Risks and Hazards
The first step in the risk management process is the identification of potential risks and the associated hazards that may arise from the use of a medical device. This involves a thorough analysis of the device's design, intended use, and the environments in which it will be employed. It also considers any relevant clinical data, user behaviors, and foreseeable misuse scenarios.
2. Risk Estimation
Once the risks and hazards are identified, the next step is to assess their potential impact. The most common approach here is using the Failure Mode and Effects Analysis (FMEA) based method. This assessment involves two key elements:
a) Determination of Occurrence of Harm (O). This evaluates the likelihood of a risk leading to harm. It considers factors such as the probability of exposure to the hazard and the probability of harm occurring as a result.
b) Determination of Severity of Harm (S). This assesses the potential consequences of a risk materializing. It involves determining the level of harm that could occur, ranging from minor inconvenience to severe injury or even loss of life.
That said, there are a number of other methods for risk estimation apart from FMEA. To find out which method is the best for your particular medical device, please refer to ISO/TR 24971.
3. Risk Control through Mitigation Measures
Based on the estimation of occurrence and severity, risk control measures are implemented to reduce or eliminate identified risks. These measures may include design modifications, the addition of safety features, incorporating warnings or instructions for users, or providing protective equipment. All these measures should be documented.
4. Risk Benefit Analysis for Residual Risks
After applying risk control measures, some residual risks may still exist. A risk benefit analysis is conducted to weigh these remaining risks against the benefits of using the medical device. This involves a careful evaluation of the potential benefits to patients and healthcare providers in comparison to the remaining level of risk.
5. Evaluation of Overall Residual Risk
The final step in the risk management process is the assessment of the overall residual risk. This involves considering the combined impact of all identified risks, even after applying mitigation measures. The goal is to ensure that the residual risk is at an acceptable level, taking into account the benefits provided by the device.
Below is the standard content of the Risk Management Plan. However, it's essential to assess its suitability for your specific medical device and modify it accordingly.
CE-Certificate vs. EC-Certificate
Basic UDI-DI (bUDI) - what is it, where to obtain it, and what to do with it
EUDAMED registration - a brief guide
Contract with the Authorised Representative in the European Union (Authorised Representative Mandate)
GSPR – General Safety and Performance Requirements for medical devices in the European Union
How to obtain CE marking for medical software under the EU MDR or IVDR?
Technical documentation for Medical Device Software in the EU
IEC 62304 - the pivotal standard for software medical devices
Medical Device Regulation (MDR) - basics
ISO and IEC standards for medical device software
Clinical Evaluation, PMCF, and PMS in Medical Device Lifecycle
Notified Bodies and their role in certification of medical devices
What is NANDO and why medical device companies should know about it?
Labeling and UDI requirements for medical devices in the EU
Understanding the roles of Authorised Representatives and Importers under MDR/IVDR
MDR implementation - challenges and solutions
Post-market surveillance under MDR and IVDR - requirements and best practices
Notified Body audit - a manufacturer's guide
Risk management plan - guide for medical device companies
Should my medical device comply with GDPR?
EC-certificate for a medical device - Q&A
How long does it take to CE-mark a medical device?
What is a PRRC?
Essential requirements for importers and distributors under MDR and IVDR
Language requirements for IFUs and labels under the MDR and IVDR
Legal Manufacturer and Original Equipment Manufacturer in medical devices
How to structure a PRRC contract for effective compliance
How to Create a Declaration of Conformity According to MDR or IVDR
All articles >>
We're ready to help you. Contact us whether you have a question about our solutions or need help with regulatory issues
©2024 MDRC - Medical Devices Regulatory Compliance
Medical Device Regulation (MDR) - basics
CE-marking process for medical devices
CE-marking process for in vitro diagnostic medical devices
MDR technical documentation checklist
IVDR technical documentation checklist
Technical documentation checklist for medical device software (MDSW)
MDR-compliant quality system documentation checklist
MDR-compliant quality system documentation checklist for medical device software
CE-Certificate vs. EC-Certificate
Basic UDI-DI (bUDI)
EUDAMED registration - a brief guide
Authorised Representative Mandate
GSPR – General Safety and Performance Requirements
How to obtain CE marking for medical software under the EU MDR or IVDR?
Technical documentation for Medical Device Software in the EU
Read more >>
We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.
Or use the contact form below
Solutions
EU Authorised Representative (EC REP)
EU PRRC
Technical documentation
Risk management
Clinical evaluation
Notified Bodies
Quality management system
Post-market surveillance
Resources
Medical Device Regulation (MDR) - basics
CE-marking process for medical devices
CE-marking process for in vitro diagnostic medical devices
MDR technical documentation checklist
IVDR technical documentation checklist
Technical documentation checklist for medical device software (MDSW)
MDR-compliant quality system documentation checklist
MDR-compliant quality system documentation checklist for medical device software
PRRC under MDR or IVDR
Articles
CE-Certificate vs. EC-Certificate
Basic UDI-DI (bUDI)
EUDAMED registration - a brief guide
Authorised Representative Mandate
GSPR – General Safety and Performance Requirements
More articles >>
Devices
General medical devices and equipment
In vitro diagnostics (IVD)
Medical software
We only use essential cookies that enable core functionality and proper operation of the website. These cookies do not store any personally identifiable data. By continuing to use this website, you consent to the use of the essential cookies. You may disable these cookies by changing your browser settings, but this may affect how the website functions.
We do not use our own or third-party analytical, preferences, statistics, marketing, functional, advertisement, performance or any other non-essential cookies.