What Is Risk Management for Medical Devices? A Startup Primer
Risk management for medical devices under MDR is a lifecycle process, not a spreadsheet. A startup primer from a notified body lead auditor.
Category
Risk Management Under MDR
37 in-depth guides in this cluster
MDR Risk Management: How EN ISO 14971 Proves Conformity
EN ISO 14971:2019+A11:2021 gives presumption of conformity with MDR Annex I GSPR 1 to 9. The Annex Z bridge is what makes the standard MDR-compliant.
MDR Annex I and Risk Management: Why the Regulation Leads
MDR Annex I GSPR 1 to 9 is where risk management obligations live. EN ISO 14971 is one accepted path. A startup walk through the regulation text itself.
The MDR Risk Management Process: Using EN ISO 14971
The MDR risk management process EN ISO 14971 demands: planning, analysis, evaluation, control, residual evaluation, report. Walkthrough for startups.
Writing a Risk Management Plan Under MDR
The risk management plan MDR EN ISO 14971 requires: scope, acceptability criteria, verification, post-production activities. With a startup-sized template.
The Risk Management File: Contents and Organisation
Risk management file contents MDR requires: plan, analysis, evaluation, controls, residual risk, verification, PMS feedback, report. Structured as a living set.
Intended Use and Reasonably Foreseeable Misuse in Risk Analysis
How intended purpose under MDR Article 2(12) and reasonably foreseeable misuse drive hazard identification in EN ISO 14971 risk analysis.
Hazard Identification: Systematic Methods for Finding What Can Go Wrong
Systematic hazard identification methods for medical devices under EN ISO 14971 and MDR Annex I, from multidisciplinary brainstorming to AI-assisted discovery.
Risk Estimation: Probability and Severity Scales for MedTech Startups
How to build defensible probability and severity scales for medical device risk estimation under EN ISO 14971 clause 5.5 and MDR Annex I GSPR 2.
Risk Evaluation: Defining Acceptable and Unacceptable Risks Under MDR
How risk evaluation MDR acceptable unacceptable differs from EN ISO 14971 alone, and why the Annex Z ratchet catches startups who copy-paste the standard.
Risk Acceptability Criteria: How to Set Them for Your Startup's Device
How to write risk acceptability criteria startup auditors will accept, why low and medium buckets are not enough, and how to defend the matrix.
The Risk Matrix: Designing One That Works for Your Device Type
How to design a risk matrix medical device teams can defend: 3x3 vs 5x5, severity scales tied to real clinical consequence, and auditor-proof structure.
Information for Safety: Warnings and Training as Last Line of Defense
Information for safety medical device: why labels, warnings, and training are the weakest risk control under EN ISO 14971 and how auditors scrutinise them.
Verifying Risk Control Effectiveness Under MDR
Verify risk control effectiveness EN ISO 14971: how to link verification evidence to each control and what notified body auditors expect to see.
Residual Risk Evaluation: Demonstrating Overall Acceptability
Residual risk evaluation MDR: how to document overall residual risk acceptability defensibly and what happens when post-market data contradicts your file.
How to Link Risk Management to Clinical Evaluation Under MDR
How risk management outputs feed clinical evaluation inputs under MDR Article 61 and EN ISO 14971, with the benefit-risk loop auditors expect.
How Risk Management Drives Your PMS Plan Under MDR
Residual risks tell your PMS plan what to monitor and PMS signals feed the risk file. How to build the MDR closed loop around EN ISO 14971.
MDR Risk Management for Software as a Medical Device
Risk management for SaMD under MDR bridges EN ISO 14971 and EN 62304:2006+A1:2015, with algorithmic, data, state and concurrency hazards specific to software.
FTA (Fault Tree Analysis) for Medical Devices: When and How to Use It
Fault tree analysis medical device guide: top-down FTA vs bottom-up FMEA, when each fits, and how to defend the choice to a notified body.
HAZOP for Medical Devices: Applying Hazard and Operability Studies
HAZOP medical device guide: the deviation-guideword method, a worked drug delivery example, and when HAZOP beats FMEA for MedTech startups.
ISO/TR 24971 Risk Management Guidance: Key Takeaways for Startups
ISO TR 24971 risk management guidance: what the technical report adds to EN ISO 14971:2019+A11:2021 and how startups should use it.
Risk Management for Combination Products: Drug-Device
How risk management combination products MDR actually works. The drug-device interface is a hazard source. Primary mode of action decides where the risk file lives.
Cybersecurity Risk Management for Medical Devices Under MDR
Cybersecurity risk management MDR is not a separate file. It is integrated into the EN ISO 14971 risk file, anchored to EN IEC 81001-5-1:2022 and MDCG 2019-16.
Risk Management During Design Changes: Reassessing After Modifications
Risk management design changes MDR: every design change triggers risk reassessment. What needs a full hazard analysis versus a quick review, mapped to Article 120.
Train Your Startup Team on Risk Management Basics
How to train a MedTech startup team on EN ISO 14971 risk management basics, cover the MDR as-low-as-possible ratchet, and document it under EN ISO 13485 clause 6.2.
Risk Management Software Tools for Startups: What Works 2026
How to pick a risk management software tool for MedTech startups in 2026, what a good tool must do, and how to validate it under EN ISO 13485 clause 4.1.6.
Risk Management and Usability Engineering Under MDR
How risk management and usability engineering connect under MDR: use-related risks bridge EN ISO 14971 and EN 62366-1 for startups.
Known and Foreseeable Hazards Under MDR Annex I
Known foreseeable hazards MDR Annex I ยง3 demands. How to map the Annex I hazard list into the EN ISO 14971 risk file explicitly, with no blind spots.
Common MDR Risk Management Mistakes: EN ISO 14971 Gaps
Common risk management mistakes MDR startups make: Excel-only files, EN ISO 14971 Section 6 misread, one-person workshops, broken PMS loops. Fix each one.
The Auditor's Guide to Reviewing Risk Management Files
Auditor review risk management file MDR: what a Notified Body Lead Auditor opens first, in what order, and what gets flagged. Tibor's own checklist.
Risk Management Checklist for MedTech Startups
Risk management checklist startup MedTech teams can execute end to end: plan, analysis, controls, residual, report, PMS feedback. The close-out reference.
MDR Cybersecurity and ISO 27001: When and Why to Get Certified
ISO 27001 is useful but not required for MDR. This is when certification accelerates enterprise sales and when it is overkill for a pre-revenue startup.
ISO 27001 vs. IEC 81001-5-1: Different Purposes, Same Goal
ISO 27001 is an organisational ISMS. EN IEC 81001-5-1:2022 is a product-level security lifecycle. Both valuable, different scopes, and both may be needed.
Cybersecurity for AI/ML Medical Devices: Adversarial Attacks
Cybersecurity AI ML medical device adversarial attacks cover poisoning, evasion, model theft and membership inference. MDR, EN IEC 81001-5-1 and MDCG 2019-16 apply.
Cybersecurity Documentation for Technical Files Under MDR
Cybersecurity technical file documentation MDR requires a security plan, threat model, risk assessment, V and V evidence, SBOM and IFU section.
How to Handle a Cybersecurity Breach
Cybersecurity breach medical device regulatory response: detection, patient impact, MDR vigilance Articles 87 to 92, FSCA and GDPR 72-hour clock.
The EN ISO 14971 Annex Z Trap: Why the Global Version Is Not Enough
EN ISO 14971 Annex Z MDR risk reduction: why the global ISO version does not satisfy MDR, and what AFAP means in practice for EU manufacturers.