Senior Risk Management Specialist
Expert-level medical device risk management implementing ISO 14971 throughout the complete product lifecycle with comprehensive risk analysis, evaluation, control, and post-production monitoring capabilities.
Core Risk Management Competencies
- Risk Management Process Implementation (ISO 14971)
Establish and maintain comprehensive risk management processes integrated throughout the product development and lifecycle.
Risk Management Process Framework:
ISO 14971 RISK MANAGEMENT PROCESS ├── Risk Management Planning │ ├── Risk management plan development │ ├── Risk acceptability criteria definition │ ├── Risk management team formation │ └── Risk management file establishment ├── Risk Analysis │ ├── Intended use and reasonably foreseeable misuse │ ├── Hazard identification and analysis │ ├── Hazardous situation evaluation │ └── Risk estimation and documentation ├── Risk Evaluation │ ├── Risk acceptability assessment │ ├── Risk benefit analysis │ ├── Risk control necessity determination │ └── Risk evaluation documentation ├── Risk Control │ ├── Risk control option analysis │ ├── Risk control measure implementation │ ├── Residual risk evaluation │ └── Risk control effectiveness verification └── Production and Post-Production Information ├── Information collection and analysis ├── Risk management file updates ├── Risk benefit analysis review └── Risk control measure adjustment
- Risk Analysis and Hazard Identification
Conduct systematic risk analysis identifying all potential hazards and hazardous situations throughout device lifecycle.
Risk Analysis Methodology:
Intended Use and Context Analysis
-
Medical indication and patient population
-
Use environment and conditions
-
User characteristics and training
-
Decision Point: Define scope of risk analysis
Hazard Identification Process
-
For Hardware Components: Mechanical, electrical, thermal, chemical hazards
-
For Software Components: Software failure modes per IEC 62304
-
For Combination Products: Drug-device interaction risks
-
For Connected Devices: Cybersecurity and data privacy risks
Hazardous Situation Analysis
-
Sequence of events leading to hazardous situations
-
Foreseeable misuse and use error scenarios
-
Single fault condition analysis
-
Multiple fault condition evaluation
- Risk Estimation and Evaluation
Apply systematic risk estimation methodologies ensuring consistent and defensible risk assessments.
Risk Estimation Framework:
-
Probability Assessment: Statistical data, literature, expert judgment
-
Severity Assessment: Clinical outcome evaluation and classification
-
Risk Level Determination: Risk matrix application and documentation
-
Risk Acceptability Evaluation: Criteria application and justification
Risk Evaluation Decision Tree:
RISK EVALUATION PROCESS ├── Is Risk Acceptable? (per criteria) │ ├── YES → Document acceptable risk │ └── NO → Proceed to risk control ├── Risk Control Implementation │ ├── Inherent safety by design │ ├── Protective measures │ └── Information for safety └── Residual Risk Evaluation ├── Is residual risk acceptable? ├── Risk benefit analysis └── Final risk acceptability decision
- Risk Control Implementation and Verification
Implement comprehensive risk control measures following the hierarchy of risk control per ISO 14971.
Risk Control Hierarchy:
Inherent Safety by Design
-
Design modifications eliminating hazards
-
Fail-safe design implementation
-
Redundancy and diversity application
-
Human factors engineering integration
Protective Measures in the Medical Device
-
Alarms and alert systems
-
Automatic shut-off mechanisms
-
Physical barriers and shields
-
Software safety functions
Information for Safety
-
User training and education
-
Labeling and instructions for use
-
Warning systems and alerts
-
Contraindications and precautions
Risk Control Verification:
-
Risk control effectiveness testing and validation
-
Verification protocol development and execution
-
Test results analysis and documentation
-
Risk control performance monitoring
Advanced Risk Management Applications
Software Risk Management (IEC 62304 Integration)
Integrate software lifecycle processes with risk management ensuring comprehensive software safety assessment.
Software Risk Management Process:
-
Software Safety Classification: Class A, B, or C determination
-
Software Hazard Analysis: Software contribution to hazardous situations
-
Software Risk Control: Architecture and design safety measures
-
Software Risk Management File: Integration with overall risk management file
Cybersecurity Risk Management
Implement cybersecurity risk management per FDA guidance and emerging international standards.
Cybersecurity Risk Framework:
Cybersecurity Threat Modeling
-
Asset identification and vulnerability assessment
-
Threat source analysis and attack vector evaluation
-
Impact assessment on patient safety and device functionality
-
Cybersecurity risk estimation and prioritization
Cybersecurity Controls Implementation
-
Preventive Controls: Authentication, authorization, encryption
-
Detective Controls: Monitoring, logging, intrusion detection
-
Corrective Controls: Incident response, recovery procedures
-
Compensating Controls: Additional safeguards and mitigations
Human Factors and Use Error Risk Management
Integrate human factors engineering with risk management addressing use-related risks.
Use Error Risk Management:
-
Use-Related Risk Analysis: Task analysis and use scenario evaluation
-
Use Error Identification: Critical task and use error analysis
-
Use Error Risk Estimation: Probability and severity assessment
-
Use Error Risk Control: Design controls and user interface optimization
Risk Management File Management
Risk Management Documentation
Maintain comprehensive risk management files ensuring traceability and regulatory compliance.
Risk Management File Structure:
-
Risk Management Plan: Objectives, scope, criteria, and responsibilities
-
Risk Analysis Records: Hazard identification, risk estimation, evaluation
-
Risk Control Records: Control measures, verification, validation results
-
Production and Post-Production Information: Surveillance data, updates
-
Risk Management Report: Summary of risk management activities and conclusions
Risk Management File Maintenance
Ensure risk management files remain current throughout product lifecycle.
File Maintenance Protocol:
-
Design Change Impact Assessment: Risk analysis updates for design changes
-
Post-Market Information Integration: Surveillance data incorporation
-
Risk Control Effectiveness Review: Ongoing effectiveness verification
-
Periodic Risk Management Review: Systematic file review and updates
Cross-functional Integration
Quality Management System Integration
Ensure seamless integration of risk management with quality management system processes.
QMS-Risk Management Interface:
-
Design Controls: Risk management integration in design and development
-
Document Control: Risk management file configuration management
-
CAPA Integration: Risk assessment for corrective and preventive actions
-
Management Review: Risk management performance reporting
Regulatory Submission Integration
Coordinate risk management documentation with regulatory submission requirements.
Regulatory Integration Points:
-
FDA Submissions: Risk analysis and risk management summaries
-
EU MDR Technical Documentation: Risk management file integration
-
ISO 13485 Certification: Risk management process compliance
-
Post-Market Requirements: Risk management in post-market surveillance
Clinical and Post-Market Integration
Integrate risk management with clinical evaluation and post-market surveillance activities.
Clinical-Risk Interface:
-
Clinical Risk Assessment: Clinical data integration with risk analysis
-
Clinical Investigation: Risk management in clinical study design
-
Post-Market Surveillance: Risk signal detection and evaluation
-
Clinical Evaluation Updates: Risk-benefit analysis integration
Resources
scripts/
-
risk-assessment-automation.py : Automated risk analysis workflow and documentation
-
risk-matrix-calculator.py : Risk estimation and evaluation automation
-
risk-control-tracker.py : Risk control implementation and verification tracking
-
post-production-risk-monitor.py : Post-market risk information analysis
references/
-
iso14971-implementation-guide.md : Complete ISO 14971 implementation framework
-
software-risk-management.md : IEC 62304 integration with risk management
-
cybersecurity-risk-framework.md : Medical device cybersecurity risk management
-
use-error-risk-analysis.md : Human factors risk management methodologies
-
risk-acceptability-criteria.md : Risk acceptability frameworks and examples
assets/
-
risk-templates/ : Risk management plan, risk analysis, and risk control templates
-
risk-matrices/ : Standardized risk estimation and evaluation matrices
-
hazard-libraries/ : Medical device hazard identification libraries
-
training-materials/ : Risk management training and competency programs