menu

Article

Risk Management Explained in 4 Points

DesignStandards
Davide Valtorta
Reading time: 4 minutes

All medical device manufacturers must eventually address the issue of product risk management.
It’s a complex topic, rich in concepts and the subject of the harmonized standard EN 14971:2012 (soon to be replaced by the 2019 version). Its complexity often prevents understanding and focusing on the true purpose of the process it deals with.

Every year, there are many training proposals aimed at teaching the content of EN 14971, but in most cases, the theory is tiring, boring, and doesn’t allow for grasping its practical importance.

Risk management, when well applied, becomes an invaluable asset for the design, development, and surveillance activities of your medical device.

This article won’t make you absolute experts on the standard – to do that, alas, you’ll have to arm yourself with patience and read it all – but it will allow you to grasp its logical sense to address risk management correctly and knowingly, through 4 points.

Incidentally, especially standards that describe processes are based on basic logical reasoning. Acquiring and understanding this corresponds to 70% of the work.

TABLE OF CONTENTS
The Process
Blessed Ignorance
The Level of Detail
The Mechanism

The Process

The first thing to understand is precisely that risk management should be considered a process, that is, a journey to undertake and not a document to be drafted. As with all journeys, we must identify the starting point, the path to follow, the means to use, and have a clear goal in mind. The risk management document will be the logbook of our journey. Every event we face must be noted in the logbook, and what hasn’t been written is as if it never happened. It would be a shame, therefore, not to report all the details.

Blessed Ignorance

In association with curiosity and the need to know – which must accompany the drafting – a right degree of ignorance is also fundamental to obtain complete and thorough risk management. Ignorance on a certain topic allows not taking anything for granted and thus initiates a process of searching for answers that will ensure the development of complete and exhaustive documentation. Those who will physically realize the project must therefore allow those who will draft the risk management to ask all the necessary questions and the more they struggle to provide feedback, the more the risk management process is achieving its purpose. So the figure of the ignorant in the risk management group is fundamental.

The Level of Detail

Another thorny issue is understanding what the right level of detail should be. In this case, it wouldn’t be correct to respond in the same way for all topics, so it’s essential not to set limits and not to give yourself a fixed rule.
Risk management must support the design process: in many cases, the state of the art and the evolution of technology allow us to take certain concepts for granted, in other cases, however, it becomes necessary to delve deeper into topics for which, for example, there are no regulatory elements to refer to.

The Mechanism

The risk management mechanism is simple, and it can also be summarized in 4 steps:

  1. I identify a potential problem;
  2. I establish its criticality;
  3. I look for a solution to the problem;
  4. I repeat the criticality assessment to demonstrate the effectiveness of my solution.

Every day we unconsciously apply this process, here’s an example: I need to cross a busy street.
The potential problem is that I might get hit by a car. The street is busy, so the probability of this happening is very high, and if I were hit, I would get seriously hurt. The criticality of the problem is significant.
What can I do? Certainly, I can’t reduce the harm I would suffer if I were hit. However, I can reduce the probability of it happening by using crosswalks, signs, respecting traffic lights, etc.
Sure, if it happened, the effects would still be serious, but I’ve drastically reduced the probability: the potential criticality has decreased.

By applying this concept to topics such as biocompatibility, electrical dispersion, malfunction of controls, incompleteness of instructions for use, etc., risk management will be complete and correct.

Knowing the theory without understanding its meaning only allows you to make a good impression with the notified body. Understanding its true meaning and method of application is what allows you to obtain safe and effective devices and save time and money on future projects.

Recent articles

New

Serious errors in the Ministry guidelines on vigilance

Critical analysis of ministry guidelines on complaints and incidents: conceptual errors, MDR risks and regulatory non-compliance.
Luca Napolitano e Matteo Valtorta
Ministry of HealthSurveillance and vigilance

Mandatory Eudamed registration from May 28, 2026

Published in the Official Journal the notice of full functionality of four Eudamed modules. Registration becomes mandatory.
Dario Bortolotti e Sofia Viganò
Deadlines and exemptionsEudamed

Changes in the Management of Electronic IFUs

With Regulation (EU) 2025/1234, all devices intended for professional users can have electronic instructions for use.
Silvia Pozzi
Manufacturers' dutiesRegulations

Servizi

Services

Accedi alla tua area personale e ai vantaggi della membership.

Log in
Email *
Password *
Reimposta la password
User login/email