Understanding Risk with Medical Devices

On November 15, 2022, I had the pleasure to log in to a “live” FDA CDRH Industry Basics Seminar on Understanding Risk with Medical Devices.  You can view the workshop at this link: https://fda.yorkcast.com/webcast/Play/4aecf454d2d54039a1d5a6a3001d78c31d

I did enjoy the materials presented and I do think the presenters Joseph and Tonya did a great job. I would recommend viewing this presentation when it does become available as a resource on the FDA website.

The presentation is a good introduction on FDA “requirements” and “thinking” related to Medical Device Risk Management, This presentation simply pops open the door to the topic of medical device risk management.

This would make an excellent educational resource for a new hire or any-one new to medical device risk management.

Here are my top take aways from what I heard:

  • There is risk associate with every medical device
  • They emphasize that “you” the medical device manufacturer are responsible for the risk management of your device
  • You will have to identify hazards, hazardous situations and harms associated with your device
  • They reminded us that the FDA also uses risk management when making various regulatory decisions
  • The FDA will review your risk analysis and make an assessment
  • The specific definition of risk depends on many regulations and many different contexts of use a.k.a. CDRH does not have one consistent uniform definition
  • Risk Management Tools:

The FDA does not recommend or approve risk management tools.

The FDA does not require any specific risk management tool.

The FDA thinks that you will have to use more than one risk management tool to get the job done.

  • There are many different methods, processes and procedures that can be used to implement an effective risk management program
  • You will need defined and documented procedures and records to implement your risk management process
  • To achieve success, you will need appropriate SMEs, open and honest discussions, and you will need to cast a wide net.
  • Your device’s Post-market data and information will modify your device risk profile
  • Your risk management process does not end until your device ends
  • The primary reference for this risk discussion was ISO 14971
  • The presentation does not touch on software or software risk management

To gain further knowledge of “software risk management” and the integration of 62304 and 14971.

I recommend that you consider Public Course – Jan 9-11, 2023 – Risk Management (in-person) Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective public training course.  Fill out the form below to get a special, limited time discounted registration:

About the author

John is a 25 year FDA veteran. John served as a regulatory and compliance expert for FDA regulated computers and software. Practice (focus) areas include FDA software related guidances, software device classification determination, pre-market software review, post market software inspectional 483’s, additional information software requests, Digital Health Pre-certification, AAMI Software related TIRs and related medical device software standards.

Upcoming SoftwareCPR Training Courses:

Public Course – Jan 9-11, 2023 – Risk Management (in-person)

Our newly updated ISO 14971:2019 Medical Device Risk Management, A Software Organization’s Perspective public training course is now open for registration!

Where:  Tampa, Florida

  • Coverage of ISO 14971:2019, IEC 62304; amd1, and IEC/TR 80002-1.
  • System level hazards analysis – mapping to software, cybersecurity, and usability
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.

Instructors: Dr. Peter Rech, Brian Pate

Discount Registration through October 31, 2022.  Reserve your spot!

Register here: https://events.eventzilla.net/e/2023-softwarecpr-public-training-course–iso-14971-medical-device-risk-management-a-software-organizations-perspective-2138576610


Public Course – Dec 12-15, 2022 – Being Agile & Yet Compliant (virtual)

COST: 4 half days for $1,920 per person

HOURS: 11 am until 3 pm EDT each day

TRAINING LOCATION: Virtual – live online

Register here:



Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.