Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

Risk Analysis & Technical File - What detail goes in the Risk Management Report


Involved In Discussions
Hi All.

I am hoping to submit our 510(k) early in the New Year and wondered if anyone had a Risk Management Report example that they could share? We have followed 14971 for the Risk Analysis, will produce a traceability report of the risks to testing. What detail goes in the RMR though? Is it simply a couple of pages details certain risks and an overall evaluation of the residual risks?


Ronen E

Problem Solver
Staff member
Super Moderator
1. Why do you need to include a risk analysis (let alone a risk management report) in your 510(k)? Is it a Special 510(k)?

2. ISO 14971 has a dedicated section that tells you what a RMR should include.


Involved In Discussions
We are submitting a standard 510(k).

As we are following 14971, surely the FDA would expect to see the RA for our software device? I would also expect them to be looking for things like the risk management report, evaluation of overall risk etc....

Is this not required?


Involved In Discussions
For the 510(k) submissions I've been part of (including medical devices with software, and software only updates to medical devices, but no 'software as a medical device') we have submitted the overall system hazard analysis and the software hazard analysis, which in our system is a subordinate document to the system HA. I have a couple of areas to tread with caution, but nothing to be seriously worried about.

First: Strictly speaking, the risk management file ought to be supporting the device as marketed, but prior to the FDA's positive response to the submission you probably won't be marketing the device. Don't sweat this: you can use redlines and/or preliminary versions of risk files as long as they are complete enough to support the submission.

Second: For several systems that I have worked with, the overall system hazard analysis has had 'too much' information for the FDA reviewer(s) for some of the more focused 510(k) submissions. If appropriate, it is to your benefit to focus the review to the specific areas covered by the software submission. Those areas will be relatively obvious based on your use of the FDA's "Level of Concern" for the software. See next...

We have a Risk Management Report (as well as an overall RM Plan) but rather than submit that with the 510(k) we submit a standalone assessment of the "Level of Concern" which identifies the Minor/Moderate/Major level of concern and makes it clear we know what we evidence need to include within the submission. The Minor/Moderate/Major levels generally align with software safety class A/B/C from 62304, so you shouldn't have any surprises about what you need for the submission. We have constructed the Software Hazard Analysis such that it shows the elements required by 62304 (per the software system safety classification) for the individual elements of analysis which support the greater Hazard Analysis.
Top Bottom