Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971)



Hello everyone, advance apologies for an incoming wall of text.

I'm currently trying to plan and execute risk management for a new device according to ISO 14971 and I'm running up against a wall.

My first problem seems to be in documenting the sequences of events resulting in a hazardous situation. No matter how I seem to approach this, I find the posssible sequences multiplying and branching out uncontrollably.

For example;

For my device (a novel vascular access system) a hazard is 'Loss of functionality (gas/fluid sealing)' with an associated hazardous situation of 'Leakage of device connections'.

In considering the foreseeable sequence of events leading to the hazardous situation the basic iniating events come easily enough (eg, "Connector design/materials are inappropriate for expected loadings" or "User applies pressure loadings outside the safe range"), but once I start to consider more detailed initiators (eg, "production deviations result in degraded connection sealing" or "Degradation due to environmental exposures during transport/storage or use") the possible event sequences multiply uncontrollably due to consideration of issues such as multiple degradation sources (temperature, humidity, x-ray, UV, procedural materials etc) in multiple environments (transport/storage, cath lab, hospital environment, outpatient environment etc).

This becomes further compounded by consideration of deviations in the production and how these interact with the identified events and I end up with multiple additional events to consider "Production deviations result in compromised performance of connections" and "Production deviations result in substitution of materials incompatible with expected environmental. exposures"​

At this point I'm already confused, but this is further exacerbated by the fact that each control I consider seems to beg additional controls, for example; if I introduce a control "Device packaging will include an opaque outer layer to prevent degradation due to UV exposure" or "Device materials will be selected for compatibility with expected X-ray exposure over in-situ life", I find myself compelled to consider the possibility of production deviations resulting in omission of these controls, introducing new events ad infinitum (ad nauseam?).

I think there must be some principle for organising risk analyses (particularly sequences of events), or dividing it into manageable chunks that I must be missing. Otherwise, something about my approach is deeply, fundamentally flawed.

Does anyone have any insights into this particular madness that might steer me in the right direction?

Elsmar Forum Sponsor

Gert Sorensen

A few thoughts:

It is not unreasonable to see multiple hazardous situations and harms related to one hazard, they sort of branch out in a tree-like manner. So, one hazard can have e.g. 5 hazardous situations, and 15 harms. But use the hazard to bundle them into manageable chunks.

Remember to keep in mind that Risk Analysis should handle reasonably foreseeable risks, i.e. you should not get yourself into this mindset where everybody dies at the end of every hazard. Likewise some of the mitigating scenarios may be irrelevant as the defined lifetime of the device renders the hazardous situation obsolete. You may think about it like this: Is degradation of material a real risk if the lifetime as defined is one year or less?


Super Moderator
One thought for organizing may be to take a Fault Tree Analysis approach. That may help with the bundling Gert mentioned.


I have tried documenting the sequences of events for each hazardous situation in the form of trees, but I still find the sequences for a particular hazardous situation multiplying ridiculously out of control once I begin to bring in material degradation (and all of its root causes such as material selection or exposure to conditions outside operating ranges) and production deviations as contributing events for each of the individual device assemblies (overall device consists of multiple 'sub-devices' used together).

Also I still can't get past the problem that many controls I try to introduce seem to require an additional control. For instance, one of the identified hazards I have is thrombosis inside the lumen of the device, the main control for that is an occlusive member meant to exclude blood from the main device assembly when not in use. Do I then have to consider all the possible circumstances that could lead to non-functioning of the occluder (such as inappropriate dimensioning, deviation in production, failure to correctly insert the occluder etc). It seems very clumsy to be applying additional controls directly to a selected risk control.

To clarify for Gert: My issue isn't multiple hazardous situations and harms coming from a single hazard, its consistently dealing with the multiplicity of sequences of contributing events for a single hazardous situation.


Peter Selvey

Super Moderator
This highlights one of the failures of ISO 14971 to provide any kind of screen or filter to decide what goes in the risk management file. In reality there are literally 10,000s of viable scenarios which could reasonably be considered in a risk control context (i.e. scenarios which have significant risk and there is some form of a risk control).

I saw an ISO 14971 youtube video on once that used an example of putting the wrong size fuse in an electrical device during production. Yes, it is a valid sequence, but the inclusion should make any reasonable engineer shudder, as there are literally 1000s of similar scenarios in final production alone, let alone suppliers, shipment, installation, interface between the medical device and the user, environment, other medical devices and the patient operator, servicing, removal ...

In practice the example makes no sense as including it in the risk management file provides no tangible benefit. Any manufacturer that is so poorly organised such that wrong fuse is a realistic concern should not be in the business of making medical devices. Production controls will exist, adding the line in the file makes no difference and actually increases risk by diverting resources and cluttering up the file with useless data.

Each organisation should have a filter in place which decides what information should go in the file. Considerations for excluding scenarios might include:
- is the situation covered by a risk control that is well established, understood and broadly accepted, such that a reasonably qualified person would be expected to implement irrespective of the risk management file;
- are the specifications such that the risk acceptability is obvious by inspection (clearly safe)
- is the issue already well covered by published standards
- is there a "gate" type of risk control that catches a large number of scenarios (meaning individual scenarios don't need to be documented)

Considerations that might trigger scenarios being put in the file:
- borderline situations where the manufacturer chooses to take no action (cost, limit of technology, competition influence the decision)
- situations where the risk control type is clear, but the suitability of the specifications is not obvious by inspection (e.g. reason why ±15°C limits were set for a temperature alarm in a production process which might appear high to a reasonably qualified person)
- risk controls that could be plausible forgotten even if simple
- for gate type of risk controls, a line item that lumps a large number of scenarios together

Other reasons/rational for the could be developed based on experience, it is likely to be different for different types of products.

It is important not to overload the file, as more line items usually means less detail and lower quality information, yielding poor decisions. It is better to have a file that documents the top 10-20 risks well, than a file with 1000 items documented poorly.

Under the current standard, in the absence of any clause that talks about the filter function, this could be handled through a careful wording of the policy.
Last edited:
Thread starter Similar threads Forum Replies Date
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
B AS9100 Rev D Quality Manual - How are you organizing? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
Proud Liberal Minitab - Organizing a large number of graphs using file details Using Minitab Software 5
S Organizing Uncertainty Budgets for different Measurement Equipment Measurement Uncertainty (MU) 4
M How to handle the task of Organizing a Regulatory File Room Document Control Systems, Procedures, Forms and Templates 2
K Global Quality Department Organizing and Planning Quality Manager and Management Related Issues 3
E Quality Assurance on Event Organizing (Medical Conferences, Yearly Festivals, etc.) Service Industry Specific Topics 0
V Suggestions on Organizing Documents using SharePoint 2010 Document Control Systems, Procedures, Forms and Templates 13
B Newbie, easy to follow guide for organizing/assembling very first PPAP booklet APQP and PPAP 3
B Organizing data to run simple regresson Using Minitab Software 4
T Organizing Medical Device Requirements - How you carried out yours? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
GStough Looking for Options in Organizing Internal Audit Paperwork - Any ideas? Internal Auditing 20
T AS9100D Risk-Based Internal Audit Schedule AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
thisby_ Installation Related Issues and Risk Management ISO 14971 - Medical Device Risk Management 5
W Reconciling FMEA RPN ratings with Risk Acceptability ISO 14971 - Medical Device Risk Management 11
D How to address the content deviation of 'cannot apply criteria of risk acceptability prior to...' ISO 14971 - Medical Device Risk Management 1
Doninina Risk management file according MDR or ISO 14971:P2019 ? EU Medical Device Regulations 2
T Risk based CA AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
T IVD Risk - destruction of patient samples - Harm to property? ISO 14971 - Medical Device Risk Management 5
E Do anyone have document of automotive production risk and control of risk? Lean in Manufacturing and Service Industries 1
R Using RPN to Confirm Risk Reduced to an Acceptable Level Risk Management Principles and Generic Guidelines 12
T IVD Device Software - Risk Classification IEC 62304 - Medical Device Software Life Cycle Processes 16
G Help:Risk Management - Accessories US Food and Drug Administration (FDA) 1
N Writing Risk Management procedure for small manufacturing and we don't know where to start. Manufacturing and Related Processes 9
E How to risk assess tooling? For a medical device and is it needed??? Manufacturing and Related Processes 2
M Clinical evaluation interface with the risk management process EU Medical Device Regulations 9
L Risk analysis Manufacturing and Related Processes 4
J Risk Analysis for Proficiency Testing Reliability Analysis - Predictions, Testing and Standards 1
J ISO 10993-1:2018 Format to Perform Risk Management Process US Food and Drug Administration (FDA) 1
B Risk Management Procedure updates needed for 14971:2019 ISO 14971 - Medical Device Risk Management 11
M What is the Risk of Using Obsolete Versions of C=0 & ANSI/ ASQ Z1.4 Sampling Plans? ISO 13485:2016 - Medical Device Quality Management Systems 8
D AS9100D 8.4.2 Note 2 Significant Operational Risk AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Calculating Risk Estimation ISO 14971 - Medical Device Risk Management 29
M Intended Use vs Actual Use and Scope of Risk Management EU Medical Device Regulations 8
S IDCB 0129/0160 Clinical Risk Management ISO 14971 - Medical Device Risk Management 2
H At what level (harm, hazardous situation, seq. of events, etc) is "risk" estimated? ISO 14971 - Medical Device Risk Management 12
A Risk Management Team IEC 60601 - Medical Electrical Equipment Safety Standards Series 11
S Risk Management File - Procedure Packs ISO 14971 - Medical Device Risk Management 3
B ISO 14001 Risk assesment ISO 14001:2015 Specific Discussions 4
J What risk to cover when NOT using ISO 17025 accredited/certified labs for calibration ISO 17025 related Discussions 3
G Risk Management for IEC 60601-1 and IEC 60601-1-2 IEC 60601 - Medical Electrical Equipment Safety Standards Series 15
S What is your favorite Usability Risk Analysis tool? IEC 62366 - Medical Device Usability Engineering 5
T Assessing risk where harm is indirect - Generic devices / accessories / intermediates ISO 14971 - Medical Device Risk Management 8
K Do you have separate clinical risk management group or experts in your manufactures? EU Medical Device Regulations 4
W IATF Internal Audit how to determine risk IATF 16949 - Automotive Quality Systems Standard 12
S Risk control through Information for safety ISO 14971 - Medical Device Risk Management 12
A Derive Risk Acceptance Matrix from Risk Policy ISO 14971 - Medical Device Risk Management 8
B ERP software validation - risk assessment vs validation scope ISO 13485:2016 - Medical Device Quality Management Systems 11
I Estimation of overall residual risk. How to? EU Medical Device Regulations 11

Similar threads

Top Bottom