Risk Management Starter Kit - a beginner's guide to medical device risk management and the ISO 14971 standard

Medical Device Risk Management Starter Kit

Leave a Comment / Risk Management, Training, V2026 / By

A Beginner’s Guide to Medical Device Risk Management

Last updated: 6-APR-2026

Curated by:  Nishitha Cherukuri, Sharanya Kumar, Aaron Joseph

Introduction

Medical device risk management can feel overwhelming when you first encounter it. There are formal standards, dense terminology, and strong opinions about what “good” looks like. This guide simplifies the starting point. It brings together practical, trustworthy resources that help you understand and apply the ISO 14971 risk management standard in real projects. Whether you are a student, engineer, founder, project manager, quality professional, or regulatory specialist, this list can help you move from confusion to clarity.

The resources are grouped by experience level and topic so you know where to begin and what to explore next.  

How to Use This Guide

If you are new to medical device risk management, start with the Introductory Material. 

If you already work in medical devices, skim the Introductory Material and focus on Practical Foundations and Specialized Risk topics.

🟢 Beginner → “First exposure / core concepts”

🔵 Intermediate → “Applying methods”

⬛ Advanced → “Regulatory nuance / edge cases / efficiency”

Learning Context

Risk management for medical devices is governed primarily by the ISO 14971 international risk management standard that defines how manufacturers identify hazards, estimate and evaluate risks, implement controls, and monitor safety throughout a product’s lifecycle.

In practice, this means:

  • Understanding how medical devices can cause harm
  • Making design decisions that reduce risk
  • Documenting your reasoning in a structured way
  • Meeting regulatory expectations across regions

Different experts teach slightly different approaches. That is normal. This beginner’s guide to risk management focuses on technically sound resources that comply with the ISO 14971 standard and are widely accepted in the industry. So even though these resources have been reviewed for accuracy, their recommendations will differ based on the authors’ varying experiences.

🟢 Introductory Material

(Start Here!)

These are ideal if you are new to risk management or need a clean refresher.

🟢 Illustrated Guide to Medical Device Risk Management and ISO 14971– a comprehensive, plain language walkthrough of the full risk management process. Strong visuals and examples make it approachable for beginners while still being technically accurate. By Peter Sebelius of MedicalDeviceHQ (a member of the ISO 14971 standards committee)

🟢 ISO 14971 Risk Management for Medical Devices: The Definitive Guide– a structured step-by-step guide that explains the standard clause by clause. Useful if you want both conceptual clarity and practical implementation guidance; includes a large flowchart illustrating the risk management process. By Etienne Nichols of Greenlight Guru.

🟢 The Safety Net of Medical Devices– a short and simple summary of what risk management is and why we need it for medical devices. By Sharanya Kumar

 

🔵 Practical Foundations

(Intermediate)

Once you understand the basic concepts, these resources help you apply risk management effectively. 

🔵 ISO/TR 24971:2020 Medical Devices – Guidance on Application of ISO 14971– This is the companion guidance to the ISO 14971 standard and is much more readable than the standard itself. This guidance expands on ISO 14971 with detailed explanations and examples. It is pretty technical and dense (87 pages), but extremely valuable as a reference once you know the basics. Annex A has the famous list of questions for hazard analysis (“characteristics for safety”). Unfortunately, the 24971 guidance is not free but your company should have a copy of it along with ISO 14971.

🔵 5 Tips for Efficient Risk Assessments– a useful article full of practical advice, such as “Don’t brainstorm,” for becoming more rigorous and efficient in risk management. By Karl Larsson of Aligned Elements

🔵 Common Mistakes in Risk Management– video describing errors that even experienced medical device professionals make in risk management. By Naveen Agarwal of “Let’s Talk Risk” podcast.

🔵 Using a Hazards and Harms List– Explains how to start risk analysis using structured hazard lists. Includes a helpful systems-level diagram that shows how risk activities connect. By Aaron Joseph

Risk Analysis Methods

There are many different methods for risk analysis.  FMEA seems to be the most well-known but it is only one of many methods and by itself is not sufficient for compliance with the ISO 14971 standard (see articles below). Each method has strengths and weaknesses and companies need to use the methods most appropriate to their products and their organization.

Top-Down vs Bottom-Up Risk Analysis

Top-down methods start with hazards or harms and work “downward” to identify causes (initiating events) and contributing sequences. Bottom-up methods start at the component or failure-mode level (initiating event) and work “upward” to understand how failures lead to hazardous situations and harms. Examples of top-down methods are: Fault Tree Analysis, System Hazard Analysis, and Preliminary Hazard Analysis.  Examples of bottom-up methods are: Design FMEA, Process FMEA, and Use FMEA.

Using both top-down and bottom-up methods together provides better coverage because one ensures known hazards are addressed early and comprehensively and the other uncovers detailed design-level failure pathways and identifies safety critical components or steps.

FMEA

These resources clarify how FMEA fits into medical device risk management and where teams often go wrong in using FMEA.

🟢 FMEA vs ISO 14971– Short, clear video tutorial of how traditional FMEA differs from ISO 14971 risk management expectations. By Peter Sebelius of MedicalDeviceHQ.com

🔵 Why FMEA is Not ISO 14971 Risk Management– Explains conceptual gaps between FMEA scoring systems and ISO 14971 risk evaluation requirements. By Etienne Nichols of Greenlight Guru

🔵 What’s Wrong with DFMEA?– a deep dive into issues about misuse and misunderstandings of using FMEAs for medical device risk management; includes a collection of LinkedIn comments on this contentious subject by risk management experts

🔵 FMEA Overview– a practical explanation of the steps to perform a general FMEA (not specific to medical device usage); from the ASQ website

System Hazard Analysis

(Under Construction)

Usability Risk Analysis

🟢 Usability Engineering for Medical Devices and IEC 62366-1– short video introducing the usability engineering process and usability risk analysis. By Michaela Kauer-Franz of MedicalDeviceHQ

(under construction)

Software Risk Analysis

🟢 Medical Software Risk Management – a short video and article describing how basic risk management terminology and principles apply to software, including the use of P1/P2 probabilities. By Christian Kaestner of MedicalDeviceHQ

🔵 The Illustrated Guide to Medical Device Software Development and IEC 62304 – this is a long ‘combo’ article which starts with the IEC 62304 medical software standard then explains software safety classifications (Class A/B/C) and then dives into multiple topics in software risk management, including common mistakes. By Christian Kaestner of MedicalDeviceHQ

Post-Market Risk Management

All that careful work in risk management pre-market is really preparation for when the product is finally launched. Then the real work begins–making sure the new product remains safe in actual usage through continuous monitoring, identifying issues as they arise, and refining the product and its risk controls.

🔵 From Design Controls to Real‑World Safety: What Happens After a Medical Device Ships? – a clear description of the most important considerations for post-market risk management, based on practical experience.  By Pujitha Gourabathini of BD

 

Templates and Practical Tools

Hands-on materials to help you build your risk management documentation.

Aligned Elements Risk Management Templates – Free templates for FMEA and Preliminary Hazard Analysis (PHA).

OpenRegulatory ISO 14971 Templates Collection – Free templates covering core risk management documents.

Standards and Guidances

  • ISO 14971:2019 Medical Devices – Application Of Risk Management To Medical Devices
  • ISO/TR 24971:2020 Medical Devices – Guidance on Application of ISO 14971
  • IEC/TR 80002-1:2009 Medical Device Software – Part 1: Guidance On The Application of ISO 14971 To Medical Device Software
  • IEC 62366-1:2015  Medical Devices – Application of usability engineering to medical devices

Differences Between ISO 14971:2019 and MDR

Risk Management for MDR: Extending Beyond ISO 14971:2019– Clear explanation of additional European MDR expectations, beyond what’s in the international standard, and practical implications; article by NAMSA

Closing

Good risk management is not paperwork. It is structured thinking that protects patients and strengthens the product design. The earlier teams build this mindset, the better their devices and regulatory outcomes become.





Leave a Comment

Your email address will not be published. Required fields are marked *