The major ISO regulation governing Risk Management for medical device companies is ISO14971. According to the link, the major requirements for a medical device company has to follow is to construct a Failure Mode and Effect Analysis (FMEA) and a Fault-Tree Analysis (FTA). With these documents, the aim is to have the company provide a risk management plan in order to define, evaluate, and control the risks of the medical device in question. With the risk management plan, a company has to define each risk and assess the severity of that risk with the frequency of that risk mapped out. With this, the regulation organizations an the company itself can view the risk of taking a project and if it is viable based on those criteria. In addition to that, it is the company’s responsibility to keep this record up to date should any changes or unforeseen risks arise.