
Risk is the combination of two factors: the probability of occurrence of failure and the severity of the failure. Risk management is the application of various tools, techniques, and management practices to analyze/evaluate, control, and monitor the risk. Risk Management is a mandatory regulatory requirement. ISO 14971 is a global standard for medical device risk management.
ISO 14971 in brief
ISO 14971 has 9 clauses. Some of the major features of the ISO 14971 are:
- Risk Analysis (ISO 14971 2.17): Identify the hazards
- Risk Estimation (ISO 14971 2.20): Assign values to the severity and probability of occurrence.
- Risk Assessment (ISO 14971 2.18): Prepare a risk acceptability matrix and check if all the risks are critical.
- Risk Evaluation (ISO 14971 2.21):
- Risk Control
- Risk Acceptability
- Risk Management Report
Risk Management Process
Here are the basic steps in the Medical Device risk management process.


FDA 21 CFR Part 860 classifies devices based on their potential risks. Class I devices are simple to manufacture and have less regulatory hurdles for clearance. These devices are subjected to general controls like adulteration and misbranding. Class II devices are riskier and require FDA 510 (k) clearance. Examples of class II devices are X-ray machines, insulin pumps, condoms, and surgical drapes. Class III devices are the riskiest of all and include devices like a stent, artificial heart valves, and breast implants. These devices require Pre Market Approval (PMA) as well as 510(k) clearance before commercial release.
Here is a generic step-by-step process for performing the risk assessment of an exoskeleton for lower limb rehabilitation. Hazard identification: The wearable exoskeleton has several hazards
1. Hazard Identification or Risk Analysis
Here is a preliminary hazard identification sample for the exoskeleton.
Hazard Category | Hazard | Hazard ID | Comments/Examples |
Physical (P) | Suspended Mass | P1 | |
Stored mechanical energy in dampers | P2 | ||
Stored electrical energy | P3 | ||
Sharp edges | P4 | ||
Loosening of velcros | P5 |
2. Risk Estimation
Risk=Severity X Occurrence
One can use the following risk estimation table to categorize the identified hazard based on their severity.


3. Risk Assessment
Risk assessment has 2 steps:
- Identify risk controls
- Implement verification and validation
Design controls are developed in this step. For an example, the design risk control for the P4 hazard of sharp edges is to provide fillets in the design or replace the sharp parts if possible. This is sometimes inherently included in safe design and construction.
4. Risk Management Report
This step includes several important documentation and analysis like the risk/benefit analysis.
- 10 Reasons I Don’t Like Ireland - 24th September 2022
- 7 Weird Taxes in Germany - 24th September 2022
- How did Portugal become so Poor? - 24th September 2022