Summary

The Risk Assessment systematically identifies, analyzes, and evaluates all potential hazards and risks associated with your medical device, establishing the foundation for risk control measures and demonstrating compliance with ISO 14971 requirements throughout the device development process.

Why is a Risk Assessment Important?

A comprehensive Risk Assessment provides the analytical foundation for medical device safety by systematically identifying all foreseeable hazards before they can cause harm. Without thorough risk assessment, development teams miss critical safety issues, leading to inadequate risk controls, post-market safety problems, and regulatory compliance failures that can result in device recalls or market withdrawal.

This assessment transforms potential safety concerns into documented risks with quantified likelihood and severity, enabling informed decision-making about risk acceptability and control measures. It establishes the evidence base for demonstrating that your device is safe for its intended use and that all foreseeable risks have been appropriately addressed.

For medical device development, risk assessment serves as your safety roadmap by identifying where risk controls are needed and providing the rationale for design decisions. It demonstrates to regulatory authorities that your organization has systematically considered device safety and implemented appropriate measures to protect users and patients from harm.

Regulatory Context

Under 21 CFR Part 820.30 (Design Controls), the FDA requires:

  • Risk analysis as part of design and development activities
  • Documented evaluation of device-related hazards and risks
  • Risk control measures implemented based on risk assessment findings
  • Design review of risk assessment results and risk control decisions
  • Risk management file maintained with complete risk assessment documentation

The FDA recognizes ISO 14971:2019 as the consensus standard for risk assessment, requiring:

  • Systematic hazard identification and risk analysis
  • Risk evaluation against predefined acceptance criteria
  • Risk control implementation and verification
  • Residual risk assessment and overall risk evaluation
  • Post-market risk monitoring and assessment updates

Special attention required for:

  • Software risk assessment must follow IEC 62304 requirements and integrate with overall device risk assessment
  • Cybersecurity risks require ongoing assessment per FDA cybersecurity guidance including threat modeling
  • Use-related risks must be assessed per FDA Human Factors guidance and IEC 62366-1
  • Combination devices require coordinated risk assessment across all device components

Guide

Your Risk Assessment must comprehensively identify and evaluate all foreseeable risks associated with your medical device while providing clear justification for risk acceptability decisions.

Preliminary Hazard Analysis

Begin with systematic hazard identification using structured methods appropriate to your device type. Conduct preliminary hazard analysis (PHA) to identify system-level hazards, failure mode and effects analysis (FMEA) for component-level failures, and use-related risk analysis for human factors issues.

Consider multiple hazard categories including software malfunctions, hardware failures, user interface issues, environmental factors, cybersecurity threats, and biological risks. Review similar devices, incident databases, and published literature to ensure comprehensive hazard identification. Engage multidisciplinary teams to capture different perspectives on potential hazards.

Hazard-to-Harm Analysis

Establish clear linkages between identified hazards, hazardous situations, and potential harms. For each hazard, identify the sequence of events that could lead to a hazardous situation and the potential harms that could result. Document the causal relationships and consider multiple pathways from hazard to harm.

Define harm categories that reflect the severity of potential consequences including temporary discomfort, reversible injury, irreversible injury, and life-threatening situations. Consider both immediate and delayed effects, direct and indirect harms, and impacts on different user populations.

Risk Analysis and Estimation

Conduct probability estimation for each identified risk using available data, expert judgment, and appropriate analysis methods. Estimate both the probability of hazardous situation occurrence (P1) and the probability of harm given the hazardous situation (P2). Calculate overall probability as P1 multiplied by P2.

Perform severity assessment for each potential harm using your established severity categories. Consider worst-case scenarios while maintaining realistic assessments based on available evidence. Document assumptions and uncertainty in probability and severity estimates.

Risk Evaluation and Acceptability

Apply risk acceptance criteria from your Risk Management Plan to determine if each risk is acceptable, requires reduction as far as possible (AFAP), or is unacceptable. Use your risk acceptance matrix to make consistent decisions across all identified risks.

Document risk acceptability decisions with clear rationale including consideration of intended use, user population, and available alternatives. For risks requiring reduction, identify potential risk control measures and their expected effectiveness.

Software Safety Classification

For devices containing software, determine IEC 62304 safety classification (Class A, B, or C) based on the potential for software failure to contribute to hazardous situations. Consider both direct software failures and software contributions to system-level hazards.

Document software risk analysis that addresses software-specific hazards including coding errors, integration failures, cybersecurity vulnerabilities, and software-hardware interface issues. Ensure software safety classification drives appropriate development rigor and verification activities.

Risk Control Planning

Identify potential risk control measures for unacceptable risks and those requiring reduction AFAP. Prioritize controls following the ISO 14971 hierarchy: inherent safety by design, protective measures, and information for safety.

Evaluate risk control effectiveness and potential for introducing new risks. Document how risk controls will be implemented as design requirements, protective features, or user information. Plan verification activities to confirm risk control effectiveness.

Residual Risk Assessment

Assess residual risks remaining after implementation of risk control measures. Re-evaluate probability and severity considering the effectiveness of implemented controls. Determine if residual risks are acceptable according to your risk acceptance criteria.

Conduct overall residual risk evaluation considering the cumulative effect of all residual risks. Document benefit-risk analysis for any unacceptable residual risks, demonstrating that clinical benefits outweigh remaining risks.

Documentation and Traceability

Maintain comprehensive risk assessment documentation including hazard identification records, risk analysis tables, risk evaluation decisions, and risk control specifications. Ensure traceability between hazards, risks, controls, and verification activities.

Establish review and update procedures for risk assessment documentation including triggers for updates, review frequencies, and approval processes. Plan for incorporating post-market information and design changes into risk assessment updates.

Example

Scenario: You’re conducting risk assessment for a wearable stress monitoring device that collects physiological data and provides stress management recommendations. The assessment must address hardware, software, cybersecurity, and clinical use risks across the complete system.

Risk Assessment

ID: RA-StressWear-2024-001

Device: StressWear Stress Monitoring System

Software Safety Classification: Class B - Non-serious injury possible from software failure (incorrect stress level readings could lead to inappropriate user actions)

Risk Analysis Process:

  • P1: Probability of hazardous situation occurring from hazard
  • P2: Probability of harm occurring from hazardous situation
  • Overall Probability: P1 multiplied by P2
  • Risk Level: Determined using risk acceptance matrix from Risk Management Plan

Risk Analysis Table:

Risk IDRisk TypeHazardP1Hazardous SituationP2HarmSeverityOverall ProbRisk Level
R001HardwareSensor malfunctionP3Inaccurate physiological readingsP3Incorrect stress level information leading to inappropriate actionsS2P3Reduce AFAP
R002SoftwareAlgorithm errorP2Stress level calculation errorP3User misinterprets stress state, ignoring symptomsS2P2Acceptable
R003UsabilityConfusing user interfaceP4User misunderstands stress displayP2Inappropriate action based on misunderstandingS2P3Reduce AFAP
R004CybersecurityData breachP2Unauthorized access to health dataP4Privacy violation and potential discriminationS3P3Reduce AFAP
R005HardwareBattery overheatingP1Device becomes hot during chargingP2Skin burn from prolonged contactS3P1Acceptable
R006BiologicalAllergic reactionP2Skin contact with device materialsP3Contact dermatitis or allergic reactionS2P2Acceptable
R007SoftwareApp crash during critical readingP3Loss of stress monitoring during high-stress periodP2User unaware of stress level when intervention neededS2P2Acceptable
R008EnvironmentalWater damageP2Device exposed to water beyond IP ratingP4Device malfunction leading to no stress monitoringS1P3Acceptable
R009Use ErrorIncorrect device placementP4Device worn incorrectly affecting readingsP3Inaccurate stress measurements, poor managementS2P4Reduce AFAP
R010CybersecurityMalware infectionP1Malicious software affects device operationP2Device provides false readings or stops functioningS3P1Acceptable

Risk Control Measures:

Risk IDRisk Control TypeControl DescriptionImplementationVerification Method
R001Inherent SafetyImplement sensor redundancy and cross-validation algorithmsSoftware Requirements DocumentSystem testing with sensor failure simulation
R001Information for SafetyUser training on recognizing device malfunction indicatorsInstructions for UseUsability testing validation
R003Inherent SafetyRedesign user interface with clear stress level indicators and explanatory textSoftware Requirements DocumentUsability testing with target users
R003Information for SafetyProvide user guide with interpretation examplesInstructions for UseUsability testing validation
R004Protective MeasuresImplement end-to-end encryption and secure authenticationSoftware Requirements DocumentCybersecurity penetration testing
R004Protective MeasuresRegular security updates and vulnerability monitoringSoftware Maintenance PlanPost-market security monitoring
R009Information for SafetyClear placement instructions with visual guidesInstructions for UseUsability testing validation
R009Protective MeasuresDevice placement detection algorithm with user feedbackSoftware Requirements DocumentSystem testing with placement variations

Residual Risk Assessment:

After implementation of risk control measures:

  • R001: Reduced to P2/S2 = Acceptable (sensor redundancy significantly reduces probability)
  • R003: Reduced to P2/S2 = Acceptable (improved UI design reduces misunderstanding)
  • R004: Reduced to P1/S3 = Acceptable (encryption and security measures reduce breach probability)
  • R009: Reduced to P2/S2 = Acceptable (placement detection and training reduce incorrect use)

Overall Residual Risk: Acceptable - All individual risks are acceptable after control measures, and overall benefit-risk ratio is positive based on stress management benefits.

Conclusion: The risk assessment has identified and evaluated all foreseeable risks associated with the StressWear system. Risk control measures have been implemented to reduce unacceptable risks to acceptable levels. The overall residual risk is acceptable considering the clinical benefits of objective stress monitoring and personalized stress management recommendations.

Q&A