Length: 2 Days
Print Friendly, PDF & Email

Medical Device Risk Assessment Training


Medical device risk assessment is needed because we have a collective interest in ensuring that medical devices are safe and effective.

Medical devices that are manufactured for human applications like treatment and diagnosis must be safe and effective. Such devices include instruments, an apparatus, or a material that are used for daily patient care or medical scientific purposes.

For that reason, risk management is not optional – it is a regulatory requirement worldwide. The FDA mandates it in the Quality System Regulation (21 CFR Part 820). Europe requires it in the Medical Device Regulation (MDR 2017/745). Likewise, Japan, Canada, Australia, Brazil, and all other major markets require the application of risk management, which is either referenced in their national regulations or ISO 13485:2016.

For medical devices, manufacturers refer to two primary definitions:

  • Risk – The combination of probability of occurrence of harm and the severity of that harm.
  • Risk management – The systematic application of management policies, procedures, and practices to the tasks of analyzing, controlling and monitoring risk.

Manufacturers responsible for developing new devices should take adequate precautionary measures to ensure that the devices don’t cause hazards when people use them. Under medical device risk assessment regulations, they are responsible for such things as:

  • Identifying hazards that are related to the device
  • Estimating and assessing the related risks
  • Controlling the identified risks
  • Evaluating if the residual risks are acceptable
  • Regularly monitoring and reviewing new data with regard to these risks

Experts in this area say it’s important to create a risk management plan for your medical device. If you manufacture multiple types of devices, your risk management plan needs to be specific to each device/device family.  The information in your plan should include all of the appropriate steps you defined in the risk management procedure.

Medical Device Risk Assessment Training Course by Tonex

Medical Device Risk Assessment Training 2-day training program that covers the importance of Risk Analysis, Risk Management Process, Application of Risk Management tools, and the benefit of the Risk Management Analysis to medical devices. Participants will learn how to minimize use-related hazards, assure that intended users are able to use medical devices safely and effectively throughout the product life cycle, and to facilitate review of new device submissions and design control documentation.

Risk assessment of medical device and equipment is an integral part of best practices to protect connected medical device from lethal vulnerabilities that can put patient’s lives at risk. Learn about real-world medical device risks and mitigation best practices in this 2-day interactive training course.

Participants will learn about:

  • The real risks posed by connected medical devices.
  • Learn about attack scenarios that make medical devices vulnerable.
  • Learn about the steps to apply a risk-based security framework.
  • Get recommendations to prevent patient safety from being compromised

Course Modules

Module 1: Introduction:

  • Introduction
  • Regulatory Requirements for Risk Management
  • Overview of ISO 14971
  • Risk Management Terms and Definitions
  • Clause 3 General Requirements

Module 2: Regulatory Requirements for Risk Management:

  • Regulatory requirements for risk management
  • FDA 21 CFR 820
  • ISO 13485:2016
  • Other country regulations
  • Medical Device Single Audit Program and linkages to risk management

Module 3: ANSI/AAMI/ISO 14971 Overview

  • ISO 14971:2019 Medical devices— Application of risk management to medical devices
  • ISO/TR 24971:2020 Medical devices — Guidance on the application of ISO 14971
  • Review the scope of ISO 14971
  • ANSI/AAMI/ISO 14971:2019 standard
  • Overview of FDA looks for Human Factors, SW Risk, Cyber, etc

Module 4: Risk Management Terms and Concepts:

  • Key risk management terms and definitions
  • Hazard
  • Hazardous situation
  • Harm, and
  • Risk
  • Identify hazards, hazardous situations, and harms

Module 5: ISO 14971 – Clause 3 General Requirements

  • Specific policy for development of criteria for risk acceptability and the development of criteria for risk acceptability  and examples
  • Exercise – Given a scenario, establish risk acceptance criteria based on the company policy for development of criteria for risk acceptability.
  • Example of when design is good enough

Module 6: Design and Development:

  • Risk Management during design input
  • Explain the Risk Management process with respect to Design Input
  • Explain how human factors impact Risk Management in the Design Input phase
  • Define the types of risk analysis methods – used by company with company procedures
  • Demonstrate how to construct a simple – With company example:
  • Preliminary Hazard Analysis (PHA)
  • Fault Tree Analysis (FTA)-
  • Exercise – Identifying hazards and developing safety related design input using Annex A in ISO TR 24971:2020 –
  • Highlight FMEA examples, Include SW Risk Analysis examples and activities

Module 7:  Risk Management During Design Output

  • Types of risk verification
  • Options for risk assessment, evaluation, and risk reduction
  • Need for determining outputs that are essential
  • Examples of methods for identifying essential design outputs
  • Design FMEA using company specific procedure-
  • Exercise – Build a subset of a dFMEA using the company procedure for dFMEA and company subcomponents of a product.

Module 8: Risk Management During Design Validation

  • Risk management process during design validation
  • Define design validation
  • Validation, verification of risk controls
  • Risk Management during design change
  • Discuss what constitutes a design change
  • Understand the risk activities during design change

Module 9: Production Realization – Production and Service Provision:

  • Requirements for risk management in production and service provision and acceptance activities within product realization in ISO 13485:2016 and 21CFR 820
  • Tools for supporting risk-based decision-making during production and service provision
  • Process FMEA
  • Risk Register
  • Risk management during design transfer
  • Risk management process during design transfer
  • Applying risk management during design transfer
  • Risk management and design transfer decisions

Module 10: Software Risk Management:

  • Special considerations for medical device software risk management
  • Apply ANSI/AAMI/ISO 14971 and SW specific standards and guidance ( e.g., IEC62304 and IER TR 80002-1) to medical device software

Module 11: Overall Residual Risk:

  • Risk management process for overall residual risk
  • Barriers/issues to assess overall residual risk
  • Role legacy risk plays in determining overall residual risk
  • How to deal with legacy products

Workshop 1: Working with a Medical Device Risk Management

  • Identification, understand, control, and prevent failures
  • Identify possible hazards associated with the design in both normal and fault conditions
  • Risks associated with the hazards, including those resulting from user error
  • Basic Principles of Risk Management for Medical Device Design
  • Risk Management Flow Chart
  • Risk control and monitoring activities
  • Risk controls
  • Regulatory schemes
  • Inherent safety by design
  • Protective measures in the device or its manufacture
  • Information for safety, such as warnings, maintenance schedules, etc.
  • Throughout the life cycle of the device the manufacturer monitors whether the risks continue to remain acceptable and whether any new hazards or risks are discovered.

Workshop 2: Risk Control Measures

  • Protective measures, e.g. default operating modes
  • Information for safety, e.g., warnings in labeling
  • Safety Risk Zone
  • Basic Principles of Risk Management for Medical Device Design
  • Risk Assessment Matrix
  • Mitigation
  • 1st Line of Defense Avoid or eliminate failure causes
  • 2nd Line of Defense Identify or detect the failure earlier
  • 3rd Line of Defense Reduce the impacts/consequences of failure
  • Hazard Analysis
  • Procedure Analysis
  • HAZOP, FMEA, and FTA
  • ISO 14971:2007
  • Reviewing the intended use (intended purpose) of the medical device
  • Identification of hazards (known and foreseeable)
  • Estimation of the probability of occurrence of harm
  • Estimation of the severity of each hazard and its harm
  • Evaluation of associated risks (decision making)
  • Control of these risks
  • Monitoring of the effectiveness of these controls throughout the whole life-cycle of a medical device.


Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.