ISO 14971 is the standard well recognized by FDA and other regulatory agencies around the world for Risk Management. Some of the key aspects required to comply with ISO 14971 and therefore to be considered to have a risk management process are:

Establish a risk management plan (RMP): the plan will define upfront the process (during development and post market) how risks of the product will be identified and controlled. For example, the plan will include types of risk analysis tools to be used (e.g. FMECA, FMEA), risk criteria (e.g. severity and probability of occurrence of harm ratings), acceptability of risks, and benefit-risk analysis requirements.

Perform risk assessments: Using the information from the RMP these are the actual risk assessments that take place assessing risks related to design, manufacturing, and/or use of the product. These assessments include identification of hazards and root cause, risk estimation, and risk control measures that reduce risks to an acceptable level based on the company’s risk acceptability criteria.

Establish a risk management report: The report documents the risk management process has been followed according to the RMP and will include key aspects such as; summary of the risks identified in the risk assessments, benefit-risk analysis, evaluation of the overall risk acceptability, and documents that mechanisms are in place such as CAPAs, complaints, customer feedback, etc. that feed into risk management process.