Medical device and MedTech insights, news, tips and more

Risk Management: A Total Product Life-cycle Process [Infographic]

November 6, 2015

Risk Management

Risk Management is a total product life-cycle process. It’s not something you only do at the beginning or the end. As long as you produce a medical device, you must remember to plan for Risk Management.

Unfortunately, risk management efforts have a tendency to trail off and be forgotten once a product is launched. Don’t let this happen to you!

Your product Risk Management File must be a living document.

  1. You need to consider and document production related risk management activities and events.
  2. You need to ensure that post-production processes that you have in place to support your QMS are feeding into your Risk Management process.
  3. Complaints need to tie into Risk Management. Did the complaint identify a new hazard or hazardous situation not captured? Does the occurrence of harm align with what you estimated?
  4. Customer feedback needs to tie into Risk Management. Did you learn something about your product that impacts the Risk Management?
  5. Non-conformances need to tie into Risk Management.
  6. CAPAs need to tie into Risk Management.

The point is this: Once you begin manufacturing and launch your medical device into the market, you are going to learn a great deal about the product. More risks will be revealed, and you need to keep your product and end users up to date.

Make sure that your Risk Management documentation is current and as best as possible, an accurate reflection of the actual risks your product poses.

One poor practice I have observed is adding a “risk” section to CAPA, complaint, non-conformance, and other post-production documents and forms. I do not recommend taking this angle. Yes, these forms should identify whether or not risk management is impacted and require an explanation if not.

If risk is impacted by one of these post-production events, do yourself a HUGE favor and make an update to the actual Risk Management File that you worked so hard on during product development.

Realize that your Risk Management process must include:

  • Risk Management Planning
  • Risk Analysis
  • Risk Evaluation
  • Risk Controls
  • Overall Residual Risk Acceptability
  • Risk Management Report
  • Production & Post-Production Information


Risk Management can be a difficult process. Use ISO 14971 and the infographic below that walks you step by step through the process to help make it easier.

Infographic by:

ISO 14971 Risk Management Process

Author Bio:

Jon SpeerJon Speer is the Founder & VP of QA/RA at, a software company that produces beautifully simple quality and risk management software exclusively for medical device companies. He is also the founder of Creo Quality, a consultancy that specializes in assisting startup medical device companies with product development, quality systems, regulatory compliance & project management. Jon started his career in the medical device industry over 16 years ago as a product development engineer after receiving his BS in chemical engineering from Rose-Hulman Institute of Technology.


More insights

March 7, 2024
FDA Clears Dexcom’s First Over-the-Counter Continuous Glucose Monitor
Learn More
March 1, 2024
FDA greenlights Boston Scientific’s Novel Drug-Coated Balloon for Coronary In-Stent Restenosis
Learn More
February 21, 2024
Sparrow BioAcoustics Launches Software That Turns a Smartphone into a Stethoscope 
Learn More

Begin your legacy now. We are your medtech and medical device talent advisory firm.