Time necessary for all Risk Management activities


Hi to all

I'm working in a new project that will lead to a Class I medical device Certification. In our plan of activities we have placed the following steps inside risk management:

1. Risk Management Framework
a) Risk Management Report
b) Device Characteristics
c) Risk Analysis​
Considering that it will be only one person dedicated to this, can you please help me defining a reasonable number of hours to dedicate to these tasks.

We also conceived to subcontract this activities (it is out of our expertise) to a CRO (contract research organization). Do any of you have an idea of reasonable costs for these kind of documents?




Super Moderator
That's way too little information to go on (e.g., does the device contain software, is it powered, and on and on). Without knowing your product in some detail, any estimate would be a guess.

Your post also raises a number of concerns. It's of limited benefit for one person to do the entire risk management activities and the necessary competencies would probably not be represented (e.g., clinical). And you indicate the reason to subcontract is that you don't have the expertise.

Oh, and risk management is not a 1-time event, it's done throughout the life of your product.

Another option would be to hire a consultant well versed in risk management to come in and drive the activities. That might be more beneficial than just outsourcing the whole thing to a CRO - you may get the benefit of some on-the-job training. Depending on where you are, there's probably a local expert.

If you haven't already purchased a copy of 14971, it would be a good idea to get it and give it a read-through. That way, if you go with a consultant or CRO, you'll know at least if their proposal is aligned.


Thanks a lot yodon

It is an active medical device with a software and without direct contact with the patient.

The collaborator responsible for the process will be in contact with other persons in the overall team, but he will be the owner of this part of the process during the assembly of our first technical file. In the future he will stay responsible for keeping it updated.

Have a consultant with us is probable the best way to go, thanks. Our major problem, is that we have difficulties in defining the necessary investment (time and money) in the risk management framework to advance and even to evaluate a CRO proposal at this time.

Hoping to have some additional help, thanks for the advices.
Top Bottom