Quick Tip - Consider Lifecycle Management of Your Risk Management Plan

ISO 14971 requires a documented risk management plan in the risk management file. Consider adding requirements for lifecycle management of your plan as a best practice.

Clause 4.4 in ISO 14971:2019, the International Standard for Application of Risk Management to Medical Devices, requires that all risk management activities be planned and documented in a risk management plan (RMP).

Specifically, the International Standard requires the following 7 essential elements in the RMP:

1. Brief description of the medical device (e.g., intended use), scope of planned risk management activities and corresponding lifecycle phase(s) for these activities.

2. Assignment of responsibilities and authorities of relevant personnel

3. Requirements for review of risk management activities

4. Criteria for risk acceptability consistent with policy

5. Method to evaluate the overall residual risk and criteria for acceptability

6. Verification of both implementation and effectiveness of risk control measures

7. Activities related to production and post-production information

It is important to understand that risk management activities for a specific medical device, or a device family, are expected to span the entire product lifecycle. Therefore, the RMP should be considered a “living document” and updated timely to reflect the most current planning at any point in the lifecycle.

As a best practice, I recommend adding an additional section to reflect your actions for the lifecycle management of the RMP itself. As a starting point, your plan may be informed by experience gained with a similar device in the market.

I have prepared a template with detailed instructions for this purpose.

Paid subscribers of Let’s Talk Risk! newsletter can get a PDF of my RMP template below.

Think of your RMP as a communication tool, not just a record in your risk management file for the purpose of compliance.