Skip to main content

BETA This is a new service - your feedback (opens in a new tab) will help us to improve it.

Learn more about technical standards, why they are important and how to follow them.

This is required guidance

It is legally required and it is an essential activity.

This Guide covers:

  • Great Britain (England, Scotland, Wales)

From:

Developers - Meeting risk-management requirements for medical devices

To deploy a compliant healthcare technology safely, you need to implement a risk management system. ISO 14971:2019 sets the requirements for risk management systems for medical devices.

Complying with UK MDR 2002 risk management

Understanding how to manage risk is a key component of meeting the legal requirements of the UK Medical Devices Regulations 2002 (UK MDR 2002).

The UK MDR 2002 and the quality management systems (QMS) standards, ISO 13485, require developers to evaluate the risks of a given process, device component or scenario.

The core aspects of risk management are considered best practice. They are widely used in healthcare to assess:

  • clinical safety
  • data and information governance
  • cybersecurity
  • medical device safety

ISO 14971 provides the requirements you need to meet for the risk-management aspects of the UK MDR 2002 and ISO 13485. 

Taking a risk-based approach when developing medical devices

Risk management is a structured way of assessing situations, processes and devices to:

  • identify, analyse and quantify risks
  • mitigate unacceptable risks
  • justify residual risks

To meet the legislative requirements of the UK MDR 2002, you must make assessments and design decisions taking a risk-based approach. This shows that decisions are made in a proportional manner. It also makes sure you identify the overall device risks and show they are outweighed by the expected benefits.

There are several risk-management approaches and tools you can use, depending on your medical device and how it will be used.

How to take a risk-based approach when developing medical devices

Refer to ISO 14971:2019 medical devices – application of risk management to medical devices.

This standard provides the requirements to meet the risk-management aspects of both the UK MDR 2002 and the QMS standard ISO 13485.

This information is not intended to replace formal statutory guidance regarding legal requirements. For an authoritative view of what regulations require beyond this digest, please see the relevant gov.uk web pages pertaining to the MHRA.

Learn more about technical standards, why they are important and how to follow them.

This is required guidance

It is legally required and it is an essential activity.

This Guide covers:

  • Great Britain (England, Scotland, Wales)

From:

Get more support

To discover how the MHRA can assist you and for contact details, visit our 'Get Support' page.

Is this article useful?

How can we improve this piece?

Error:Select how we can improve this piece
Cancel

Thank you for your feedback!

To share additional insights about this page, please use the following link (opens in a new tab) to submit your observations.

Print this guidance (opens a PDF in a new tab)

Regulations are regularly updated. For the latest information, check the website as printed documents may be outdated.