Designing for Safety: Medical Device Risk Management

The primary goal of any innovator in the field of medical technology is to develop a device that fills a market gap and addresses an unmet clinical need. While design, prototyping, manufacturing, and innovation form the foundation of medical device development, one must not lose sight of the most critical factor, user safety. This is precisely why Regulation (EU) 2017/745 (MDR) requires manufacturers to implement a comprehensive process of medical device risk management.
Similarly, the ISO 13485 standard also emphasizes risk management, requiring manufacturers to establish effective processes for identifying and controlling hazards to ensure the safety and reliability of medical devices throughout their entire lifecycle. But is all this fuss about risk management really necessary? Ask yourself: Would you trust a medical device that hasn’t been properly verified or tested? What if, during surgery, a device unexpectedly failed, with no clear reason why? Would you be comfortable relying on it for a diagnosis that could change your life?
That’s exactly why the MDR puts such a strong emphasis on risk management. So let’s take a closer look at what this process involves and why it matters so much in the development of medical devices.
Regulatory Foundations of Risk Management
The MDR places a legal obligation on manufacturers to manage risks. It requires that risks be reduced as far as possible. To achieve this, manufacturers must implement a comprehensive risk management system and apply it to every device they develop. State-of-the-art control measures must be used, and risks related to human factors must also be taken into account. Risk mitigation measures must remain effective throughout the entire lifecycle of the device, including during transport and storage. Any residual risks must be weighed against the clinical benefits of using the device. While the MDR is legally binding and must be complied with, it does not provide detailed instructions on how to achieve compliance.
This is where the harmonized standard ISO 14971:2019 plays a key role. ISO 14971 defines a systematic process that helps manufacturers identify hazards associated with medical devices, assess and evaluate the risks, implement risk control measures, and monitor their effectiveness throughout the product’s lifecycle.
Step-by-Step Medical Device Risk Management
The risk management process for medical devices should encompass risk analysis and assessment, risk control measures, and activities conducted during the design and production phases, as well as after the device has been placed on the market. Let’s take a closer look at each stage of the process.
Risk Analysis
This stage involves identifying hazards associated with the intended use of the device, as well as reasonably foreseeable misuse, situations where the device may be used in a way not intended by the manufacturer, but which could realistically occur. As part of the risk analysis, it’s necessary to determine the safety-relevant features of the device, identify possible hazards and hazardous situations, and estimate the potential consequences and the likelihood of their occurrence. It is also important to consider how users are expected to interact with the device.
Risk Evaluation
The next step is to evaluate whether the identified risks are acceptable. The manufacturer must determine whether the level of risk associated with a given hazardous situation is: acceptable, in which case it is considered a residual risk, the risk remaining after control measures have been applied, or unacceptable, in which case action must be taken to reduce the risk to an acceptable level.
Risk Control
If the risk exceeds the established acceptability criteria, the manufacturer must implement appropriate risk control measures aimed at reducing it. These may include: design changes that eliminate hazards at the source, protective measures integrated into the device or applied during manufacturing, safety information, such as instructions for use, warnings, or labeling. Once these measures are in place, the residual risk must be reassessed to determine whether it is now acceptable. If it remains unacceptable, further action may be required.
Where additional risk reduction is not technically or practically feasible and the residual risk remains high, the manufacturer should carry out a thorough evaluation of clinical data, scientific literature, and post-market surveillance information. Based on this, they must demonstrate that the benefits of using the device outweigh the residual risks. Simultaneously, the effectiveness of the implemented risk management measures must be reviewed to ensure that they have not introduced new hazards or hazardous situations.

Engineering a medical device requires risk management
Production and Post-Production Activities
These activities are intended to ensure the ongoing monitoring and control of risks associated with a medical device, even after it has been placed on the market. During this phase, the manufacturer should actively gather and evaluate relevant data obtained during both production and post-market use. This includes information from sources such as customer feedback, complaints, incident reports, servicing records, and post-market surveillance systems. The collected data should be systematically reviewed to assess its impact on device safety and performance. If new risks are identified, or if the probability or severity of known risks changes, the manufacturer must update the risk management documentation accordingly and implement any necessary corrective or preventive actions.
Final Thoughts
In the medical device world, innovation without safety isn’t innovation, its liability. That’s why risk management under MDR and ISO 14971 is more than just a regulatory requirement. It’s a mindset that protects patients, empowers clinicians, and builds long-term trust. At Consonance, we help medtech teams integrate effective, compliant risk management systems, from the earliest design stages through to post-market support. Whether you’re developing your first prototype or scaling a certified product, our team can guide you through each step of the risk management journey.
Need support with risk management in medical devices? Consonance can help you implement a compliant and efficient process. Let’s make safe innovation a reality – together.
