The basic principle of risk management for medical devices - according to ISO 14971 - is based on:

  • Risk analysis
  • Risk evaluation
  • Risk control
  • Residual risk evaluation
  • Risk report
  • Lessons learned in risk management

These basic steps of risk management for medical devices are also applied in the respective norm ISO 14971:2012. With the update of ISO 13485:2016, risk management has become much more prominent again within medical device development. The focus of ISO 14971 is clear: Reduce foreseeable misuse, minimise hazards and avoid hazardous situations when operating a medical device.

Applying the ISO 14971:2012 and managing risks calls for an honest reporting and analysis of potential risks, a precise classification with regards to risk severity and risk probability and finally risk control. Controlling risks can be a challenge when medical devices are already in the field and in operation. Therefore a solid risk management starts in the early stages of a product life-cycle and only stops at the very end of said life-cycle. Key procedures of risk control for medical devices to detect potential for improvement are techniques like the Failure Mode and Effect Analysis (FMEA) or root cause analysis (also known as fishbone diagram or Ishikawa diagram). All the techniques, the FMEA, the root cause analysis or others have a simple goal: Identify process flaws and resolve them. The FMEA for processes or design is a key methodology to help a company to continuously improve their product and with regards to ISO 14971, the safety and security of a medical device.

The result of any analysis such as FMEA or fishbone is actions. These actions can be corrective or preventive. The methodology to introduce them is called CAPA (Corrective Action/Preventive Action). A CAPA action describes tasks to be performed to correct a situation, which has been identified as non-conforming or improvable. A corrective action (CA part of CAPA) is needed for an incident that has already occurred whereas the preventive action (PA part of CAPA) is used to prevent such an incident form ever happening or happening again.

With regards to risk management for medical devices, the alignment with current norms such as ISO 13485:2016 or FDA 21 CFR Part 820 are very important. These services are offered as solutions by rameus solutions with Norms & Regulations and Design Control in combination with our other strong areas of expertise such as Quality AssuranceProcess ManagementAudits/Inspections and Strategy Solutions


Feel free to contact us if you have an inquiry. We will gladly get back to you.