Establish a Risk Management Plan

Pattern Attributes

Intervention Process
Domain Medical
Work Programme SPRTMDRC
Research Area Any
Evidence Type Standard
Evidence Source Standard
Evidence Strength Hypothetical
Trigger product_domain == medical, need_risk_mgt == true


You are developing a new medical device and you need to implement a risk management process. The organisation has not performed risk management of a medical device before and a risk management process needs to be clearly outlined.


During the development of a new medical device project, it is essential to ensure that all aspects of the project are planned. As part of this process a risk management plan should be established to detail the scope of the risk management activities and to define the authorities and responsibilities of all persons involved in the risk management process. The plan should also provide guidance on when a risk is acceptable and when it requires risk control. This plan should be documented for reference throughout the development of the medical device.


  1. Define the scope of the risk management activities, identifying and describing the medical device and the life cycle phases for which each element of the plan is applicable.
  2. Establish responsibilities and authorities of personnel involved in the risk management process.
  3. Define the requirements for review of risk management activities including how and when these management reviews will take place.
  4. Define the criteria for risk acceptability.
  5. Define how verification activities required by the standard (verification of risk control measure and verification of effectiveness of risk control measure) will be performed.
  6. Define methods for obtaining post-production information.


  1. ISO 14971 (2007) - Medical Devices - Application of risk management to medical devices, Switzerland, ISO.