Risk management is a process for identifying, evaluating and mitigating risk. For medical devices, this means product safety, including risks associated with harm to people and damage to property or the environment. Risk management has become an integral part of medical device design and development, production processes and evaluation of field experience. Risk management is applicable to all types of medical devices and evidence of its application is required by most regulatory bodies.
The management of risk for medical devices is described by the International Organization for Standardization (ISO) in ISO 14971:2007, Medical Devices—The application of risk management to medical devices, a product safety standard. This course examines the standard using specific examples. Topics addressed include management responsibilities, risk analysis and evaluation, risk controls and lifecycle risk management.
This course is not intended for implementing Enterprise Risk Management, but is oriented to product safety risk management, a completely separate process. It is important to remember throughout the course that the focus is on product safety for people (not just the patient), property and the environment.
The European version of the risk management standard was updated in 2009 and again in 2012 to refer to the Medical Devices Directive (MDD) and Active Implantable Medical Device Directive (AIMDD) revision in 2007, as well as the In Vitro Medical Device Directive (IVDD). The requirements of EN ISO 14971:2012 are identical to ISO 14971:2007. The only difference is an Annex that refers to the new MDD and AIMDD. Throughout this course, when referring to ISO 14971:2007, it is understood that this includes the EN version of the standard as revised in 2012.