risk-management-specialist

1. Risk Management Process Implementation (ISO 14971)

Establish and maintain comprehensive risk management processes integrated throughout the product development and lifecycle.

Risk Management Process Framework:

```

ISO 14971 RISK MANAGEMENT PROCESS

├── Risk Management Planning

│ ├── Risk management plan development

│ ├── Risk acceptability criteria definition

│ ├── Risk management team formation

│ └── Risk management file establishment

├── Risk Analysis

│ ├── Intended use and reasonably foreseeable misuse

│ ├── Hazard identification and analysis

│ ├── Hazardous situation evaluation

│ └── Risk estimation and documentation

├── Risk Evaluation

│ ├── Risk acceptability assessment

│ ├── Risk benefit analysis

│ ├── Risk control necessity determination

│ └── Risk evaluation documentation

├── Risk Control

│ ├── Risk control option analysis

│ ├── Risk control measure implementation

│ ├── Residual risk evaluation

│ └── Risk control effectiveness verification

└── Production and Post-Production Information

├── Information collection and analysis

├── Risk management file updates

├── Risk benefit analysis review

└── Risk control measure adjustment

```

2. Risk Analysis and Hazard Identification

Conduct systematic risk analysis identifying all potential hazards and hazardous situations throughout device lifecycle.

Risk Analysis Methodology:

1. Intended Use and Context Analysis

- Medical indication and patient population

- Use environment and conditions

- User characteristics and training

- Decision Point: Define scope of risk analysis

1. Hazard Identification Process

- For Hardware Components: Mechanical, electrical, thermal, chemical hazards

- For Software Components: Software failure modes per IEC 62304

- For Combination Products: Drug-device interaction risks

- For Connected Devices: Cybersecurity and data privacy risks

1. Hazardous Situation Analysis

- Sequence of events leading to hazardous situations

- Foreseeable misuse and use error scenarios

- Single fault condition analysis

- Multiple fault condition evaluation

3. Risk Estimation and Evaluation

Apply systematic risk estimation methodologies ensuring consistent and defensible risk assessments.

Risk Estimation Framework:

• Probability Assessment: Statistical data, literature, expert judgment
• Severity Assessment: Clinical outcome evaluation and classification
• Risk Level Determination: Risk matrix application and documentation
• Risk Acceptability Evaluation: Criteria application and justification

Risk Evaluation Decision Tree:

```

RISK EVALUATION PROCESS

├── Is Risk Acceptable? (per criteria)

│ ├── YES → Document acceptable risk

│ └── NO → Proceed to risk control

├── Risk Control Implementation

│ ├── Inherent safety by design

│ ├── Protective measures

│ └── Information for safety

└── Residual Risk Evaluation

├── Is residual risk acceptable?

├── Risk benefit analysis

└── Final risk acceptability decision

```

4. Risk Control Implementation and Verification

Implement comprehensive risk control measures following the hierarchy of risk control per ISO 14971.

Risk Control Hierarchy:

1. Inherent Safety by Design

- Design modifications eliminating hazards

- Fail-safe design implementation

- Redundancy and diversity application

- Human factors engineering integration

1. Protective Measures in the Medical Device

- Alarms and alert systems

- Automatic shut-off mechanisms

- Physical barriers and shields

- Software safety functions

1. Information for Safety

- User training and education

- Labeling and instructions for use

- Warning systems and alerts

- Contraindications and precautions

Risk Control Verification:

• Risk control effectiveness testing and validation
• Verification protocol development and execution
• Test results analysis and documentation
• Risk control performance monitoring

Software Risk Management (IEC 62304 Integration)

Integrate software lifecycle processes with risk management ensuring comprehensive software safety assessment.

Software Risk Management Process:

• Software Safety Classification: Class A, B, or C determination
• Software Hazard Analysis: Software contribution to hazardous situations
• Software Risk Control: Architecture and design safety measures
• Software Risk Management File: Integration with overall risk management file

Cybersecurity Risk Management

Implement cybersecurity risk management per FDA guidance and emerging international standards.

Cybersecurity Risk Framework:

1. Cybersecurity Threat Modeling

- Asset identification and vulnerability assessment

- Threat source analysis and attack vector evaluation

- Impact assessment on patient safety and device functionality

- Cybersecurity risk estimation and prioritization

1. Cybersecurity Controls Implementation

- Preventive Controls: Authentication, authorization, encryption

- Detective Controls: Monitoring, logging, intrusion detection

- Corrective Controls: Incident response, recovery procedures

- Compensating Controls: Additional safeguards and mitigations

Human Factors and Use Error Risk Management

Integrate human factors engineering with risk management addressing use-related risks.

Use Error Risk Management:

• Use-Related Risk Analysis: Task analysis and use scenario evaluation
• Use Error Identification: Critical task and use error analysis
• Use Error Risk Estimation: Probability and severity assessment
• Use Error Risk Control: Design controls and user interface optimization

Risk Management Documentation

Maintain comprehensive risk management files ensuring traceability and regulatory compliance.

Risk Management File Structure:

• Risk Management Plan: Objectives, scope, criteria, and responsibilities
• Risk Analysis Records: Hazard identification, risk estimation, evaluation
• Risk Control Records: Control measures, verification, validation results
• Production and Post-Production Information: Surveillance data, updates
• Risk Management Report: Summary of risk management activities and conclusions

Risk Management File Maintenance

Ensure risk management files remain current throughout product lifecycle.

File Maintenance Protocol:

• Design Change Impact Assessment: Risk analysis updates for design changes
• Post-Market Information Integration: Surveillance data incorporation
• Risk Control Effectiveness Review: Ongoing effectiveness verification
• Periodic Risk Management Review: Systematic file review and updates

Quality Management System Integration

Ensure seamless integration of risk management with quality management system processes.

QMS-Risk Management Interface:

• Design Controls: Risk management integration in design and development
• Document Control: Risk management file configuration management
• CAPA Integration: Risk assessment for corrective and preventive actions
• Management Review: Risk management performance reporting

Regulatory Submission Integration

Coordinate risk management documentation with regulatory submission requirements.

Regulatory Integration Points:

• FDA Submissions: Risk analysis and risk management summaries
• EU MDR Technical Documentation: Risk management file integration
• ISO 13485 Certification: Risk management process compliance
• Post-Market Requirements: Risk management in post-market surveillance

Clinical and Post-Market Integration

Integrate risk management with clinical evaluation and post-market surveillance activities.

Clinical-Risk Interface:

• Clinical Risk Assessment: Clinical data integration with risk analysis
• Clinical Investigation: Risk management in clinical study design
• Post-Market Surveillance: Risk signal detection and evaluation
• Clinical Evaluation Updates: Risk-benefit analysis integration

scripts/

• risk-assessment-automation.py: Automated risk analysis workflow and documentation
• risk-matrix-calculator.py: Risk estimation and evaluation automation
• risk-control-tracker.py: Risk control implementation and verification tracking
• post-production-risk-monitor.py: Post-market risk information analysis

references/

• iso14971-implementation-guide.md: Complete ISO 14971 implementation framework
• software-risk-management.md: IEC 62304 integration with risk management
• cybersecurity-risk-framework.md: Medical device cybersecurity risk management
• use-error-risk-analysis.md: Human factors risk management methodologies
• risk-acceptability-criteria.md: Risk acceptability frameworks and examples

assets/

• risk-templates/: Risk management plan, risk analysis, and risk control templates
• risk-matrices/: Standardized risk estimation and evaluation matrices
• hazard-libraries/: Medical device hazard identification libraries
• training-materials/: Risk management training and competency programs