Language
Branch
Start Your Career
Regulatory & Compliance

Risk management according to ISO 14971.

We assist medtech and pharmaceutical companies in establishing, reviewing, and continuously maintaining their risk management systems—as the foundation for MDR/IVDR compliance and product safety.

Engineers are discussing a large fault tree analysis diagram

Why choosing a method alone won't improve your risk analysis.

When it comes to risk analysis, people often ask only about the method (FMEA, FTA). But the real challenge lies in the analytical interpretation:

Methods such as PHA, FTA, ETA, or FMEA are established tools, but they are not synonymous with hazard analysis as defined by ISO 14971. A failure mode is not automatically a hazard. A top event is not automatically a risk. There is almost always a critical translation step between the output of the FMEA and the risk dossier. This is precisely where most weaknesses arise.

An engineer fills out a risk assessment matrix with a pencil

Our risk management services.

We develop systems that are compliant with regulatory standards (ISO 14971) and easy to use in everyday practice.

Risk Analysis & Risk Assessment
Preparation and review of risk analyses in accordance with ISO 14971 (FMEA, FTA, PHA). Definition and documentation of risk acceptance criteria based on clinical data.
Risk Management File & Lifecycle
Creation of a complete risk management file in accordance with ISO 14971 Annex B. Integration into the MDR lifecycle: development, market launch, and PMS.
Post-Production Risk Review
Systematic analysis of PMS data, field reports, and pharmacovigilance information for ongoing risk assessment. Updating the file based on field findings.
Risk Management for Software as a Medical Device (SaMD)
Risk management for software as a medical device (SaMD) in accordance with ISO 14971 and IEC 62304. Classification, analysis, and documentation for regulatory submissions.
Free White Paper

Risk Management for AI (AI Act)

Learn how to seamlessly integrate the new safety and cybersecurity requirements of the EU AI Act into your existing ISO 14971 QMS.

Download the white paper for free →

Frequently Asked Questions About Risk Management.

What is ISO 14971, and why is it mandatory?
ISO 14971 defines the framework for risk management in medical devices (identification, assessment, mitigation). MDR Annex I refers directly to this standard—flawless risk management is a prerequisite for CE marking.
What is an FMEA, and when is it used?
An FMEA (Failure Mode and Effects Analysis) identifies potential failures, their causes, and their effects. In the medical technology industry, it is often used as a design FMEA and a process FMEA, but on its own, it does not constitute a complete risk analysis.
How is risk management linked to clinical evaluation?
Clinical data is incorporated as evidence into the risk acceptance decision. Conversely, risk management informs the clinical evaluation regarding known product risks. The MDR explicitly requires this two-way link.
What has changed with ISO 14971:2019?
The 2019 version clarifies the requirements for risk acceptance, removes the ALARP principle for Europe, and calls for much greater integration of clinical evidence.

Additional expertise regarding ISO 14971.

Expertise

MDR Consulting

Integration of risk management with the essential requirements of the MDR.

 Expertise

Post-Market Surveillance

Monitoring of risks in the field (PMS & PMCF).

 Expertise

Usability Engineering

User-centered risk minimization in accordance with IEC 62366.

Compliance with risk management standards saves lives.

Turn methodology into real product safety. We seamlessly integrate your risk management documentation with clinical evaluation and post-market surveillance.

Submit a project inquiry.

Please briefly describe your current challenge. An expert from our team will contact you shortly.