Medical device risk management

Compliance with MDR and IVDR requirements

Let us help you with your documents

We excel in coordinating risk management processes and in writing and organizing the resulting documentation to ensure complete traceability. Contact us to discuss how Biotop Medical can support your compliance and technical documentation needs with precision and efficiency.

Contact us

Effective risk management is essential for compliance with MDR and IVDR requirements and crucial for the safety and performance of medical devices. This risk management covers topics such as design and development, device materials and manufacturing, but also risks related to the usability of the device or biocompatibility. Device risk management is intended to be a continuous process throughout the device life cycle and the mandate is to reduce risks as far as possible.

Biotop Medical provides structured support in setting up, executing, and maintaining comprehensive risk management processes aligned with MDR, IVDR, EN ISO 14971, EN IEC 62366-1 and other related requirements. Our approach ensures traceable documentation, practical integration into product development, and readiness for audits and technical documentation submissions.

EN ISO 14971 compliance

EN ISO 14971 defines the framework for systematic risk management throughout the device lifecycle. Our services include the establishment of risk management plans, risk analyses (e.g., FMEA/FMECA, fault tree analysis), risk estimation, risk evaluation and the implementation and verification of risk control measures. We ensure that your risk management file is fully integrated into the technical documentation and aligns with the expectations of notified bodies and competent authorities.

EN IEC 62366-1 compliance

EN IEC 62366-1 focuses on the application of usability engineering to mitigate risks associated with use errors. We support the development of usability engineering files by performing use error analysis, user interface evaluations, and usability validation testing. Integration with risk management ensures that use-related risks are systematically controlled, enhancing both product safety and regulatory compliance.

Application of risk management process

The risk management process follows the following structure as defined in EN ISO 14971:

Identify hazards and hazardous situations related to their device.
Estimation of the probability and evaluation of the severity of the risks related to their device.
Establishing risk controls to minimize the risks
Evaluating the effectiveness of the risk controls.
Establishing residual risks and determining the risk/benefit profile.

BioTop Medical assists manufacturers in their responsibilities to perform and document these steps.

Implementation of risk control measures

The mandate of medical device risk management is to reduce risks as far as possible and for the device to have a positive benefit-risk profile. Risk control option analysis is performed to determine the best risk control measures to achieve the goals of risk management. The priority is to reduce risks through inherent safety by design, for example by changing device materials, rather than using protective measures and providing information for safety. Through our long and varied experience with different types of devices, Biotop Medical is able to assist in defining effective risk control strategies, verifying their implementation, and validating residual risk acceptability — fully in line with EN ISO 14971 and other requirements.

Application of usability engineering

Usability engineering relates to controlling the risks related to the user interface of the device to ensure the medical device is safe for patients, users or others. Identification of risks related to usability and the user interface of the device demands the systematic identification of use-related hazards, task analysis, and linkage to harm scenarios. These steps allow manufacturers to design the user interface of the device which is followed by formative and summative usability evaluation.

BioTop Medical guides manufacturers through the entire process from identification of risks related to usability, to the writing of formative and summative evaluation plans and reports and creating usability engineering files that meet EN IEC 62366-1 and MDR Annex I, General Safety and Performance Requirements (GSPR) expectations.

Get in touch!

    privacy statement

    Why BioTop Medical?

    Expert guidance through complex compliance processe

    Questions? Contact us

    For direct contact call
    +31 (0)71 528 01 12

    You can also email us
    info@biotopmedical.nl

    Services

    For direct contact call
    +31 (0)71 528 01 12

    Questions? Contact us
    info@biotopmedical.nl

    FAQ about medical device risk management

    When is medical device risk management performed?

    The medical device risk management is intended to be performed throughout the entire device life cycle. This means that the medical device risk management needs to be started in the beginning of the design and development activities and will end only when the medical device is removed from the market.

    What documents are required for the medical device risk management file?

    The risk management file includes the Risk Management Plan and the Risk Management Report. However, the risk management file is also important as input for the Clinical Evaluation Plan (CEP) and Report (CER), the Biological Evaluation Plan (BEP) and Report (BER) and include usability risk management activities as well. It is one of the pillar documents that influences many other documents in the Technical Documentation.

    What does it mean to reduce risks as far as possible?

    The full requirement is  “reduction of risks as far as possible without adversely affecting the benefit-risk ratio.” As an example: a device contains materials that are potentially harmful to patients or users. In this case the evaluation to replace the material for a less harmful one depends on the function of the material. If the material cannot be replaced without severely impacting the benefit of the device, this may be a justification for not reducing the risk in this manner. If the material is not tied to the device benefit in a significant way and can be replaced, the change should be made.

    Is a medical device risk management the same as a Failure Modes and Effects Analysis (FMEA)?

    The FMEA is a risk analysis technique which can be and is often used as part of the medical devices risk management under EN ISO 14971 standard. FMEA does not include risk control option analysis, benefit-risk analysis or residual risk evaluation and other essential parts of EN ISO 14971.

    What is a Formative Evaluation?

    The goal of the formative evaluation is to aid design and development of the user interface by performing (typically) small scale experiments which allow exploring of the user interface design strengths, weaknesses and potential use errors. This type of evaluation can be performed multiple times through the design and development process, but prior to the Summative Evaluation.

    What is a Summative Evaluation?

    This type of user interface evaluation is conducted at the end of user interface development phase to obtain evidence that the user interface can be used safely. The summative evaluation is intended to be adequately representative of the users and the use environment that the device will be used in.

    What documents are required for the usability engineering file?

    The usability engineering file contains the Usability Engineering Plan (UEP) and Report (UER) and any formative and summative evaluation plans and reports that have been performed. In the case of user interfaces that were developed prior to the publishing of the EN 62366-1 standard, the formative and summative evaluations are not always necessary to perform, in which case only the UEP and UER are required.