Risk Analysis Process

Ok, buckle up, it’s a bumpy ride.

Not really, but this is where the rubber meets the road and matters can get intense.

Section 5.1 in the standard says you conduct risk analysis per this standard!

Hopefully, no surprise there.

The standard provides some notes about possible ways to kickstart using previous analyses available for a similar device, but we’ll assume we’re starting from scratch.

The standard requires the following:

  • Identification and description of the medical device that was analyzed
  • Identification of the person(s) and organization who carried out the risk analysis and
  • Scope and date of the risk analysis.

You may read those last and try to fall back on the “risk management is FMEA” fallacy.

That last bullet point sounds like you can huddle for a day and be done.

Not even close… well, if you want to do it right.

The “date of the risk analysis” is going to be a set of dates for individual analyses and possibly a range of dates for the overall analysis.

As we mentioned earlier, it’s important to have traceability back to the individuals involved so competency can be confirmed.