Developers - Meeting risk-management requirements for medical devices

To deploy a compliant healthcare technology safely, you need to implement a risk management system. ISO 14971:2019 sets the requirements for risk management systems for medical devices.

Complying with UK MDR 2002 risk management

Understanding how to manage risk is a key component of meeting the legal requirements of the UK Medical Devices Regulations 2002 (UK MDR 2002).

The UK MDR 2002 and the quality management systems (QMS) standards, ISO 13485, require developers to evaluate the risks of a given process, device component or scenario.

The core aspects of risk management are considered best practice. They are widely used in healthcare to assess:

• clinical safety
• data and information governance
• cybersecurity
• medical device safety

ISO 14971 provides the requirements you need to meet for the risk-management aspects of the UK MDR 2002 and ISO 13485. 

Taking a risk-based approach when developing medical devices

Risk management is a structured way of assessing situations, processes and devices to:

• identify, analyse and quantify risks
• mitigate unacceptable risks
• justify residual risks

To meet the legislative requirements of the UK MDR 2002, you must make assessments and design decisions taking a risk-based approach. This shows that decisions are made in a proportional manner. It also makes sure you identify the overall device risks and show they are outweighed by the expected benefits.

There are several risk-management approaches and tools you can use, depending on your medical device and how it will be used.

How to take a risk-based approach when developing medical devices

Refer to ISO 14971:2019 medical devices – application of risk management to medical devices.

This standard provides the requirements to meet the risk-management aspects of both the UK MDR 2002 and the QMS standard ISO 13485.

This information is not intended to replace formal statutory guidance regarding legal requirements. For an authoritative view of what regulations require beyond this digest, please see the relevant gov.uk web pages pertaining to the MHRA.