Risk Management Use Case
Risk management is a critical aspect of medical device development. The Risk Management Use Case implements ISO 14971 methodology to help you create and maintain a comprehensive risk management process throughout your product lifecycle.
Understanding Risk Management
The Risk Management Use Case provides a structured approach to identifying, analyzing, and controlling risks associated with your medical device. It ensures compliance with ISO 14971 while maintaining clear traceability throughout the risk management process.
KU/KTs
The Risk Management use case in CertHub includes the following key components:
- Failure Modes – Possible ways a system or component can fail.
- Hazards – Potential sources of harm.
- Hazardous Situations – Circumstances where people, property, or the environment are exposed to hazards.
- Harms – The actual injury or damage that can occur.
- Risks - The actual risk that can be identified.
- Risk Analysis – Evaluation of risks based on probability and severity.
- Risk Control Measures – Actions taken to reduce or eliminate risks.
- Residual Risks – Risks that remain after applying control measures.
- Risk Management Team – Responsible for assessing and managing risks.
Defining Relationships in Risk Analysis
Each Knowledge Topic (KT) can have different relationships defined within the use case configuration.
| Source Knowledge Topic | Relation Name | Target Knowledge Topic | Allow Multiple | Description | Additional Field |
|---|---|---|---|---|---|
| Risks | Relates To | Harm | Yes | Select the possible Harm resulting from this Risk. | |
| Mitigated By | Risk Control Measures | Yes | Select the Risk Control Measure that mitigates this Risk. | ||
| Managed By | Risk Management Team | No | Select the responsible Risk Management Team. | ||
| Failure Modes | Causes | Hazard | Yes | Select the Hazard that the Failure Mode causes. | |
| Residual Risks | Relates To | Risks | Yes | Select the underlying Risk that was mitigated by the Risk Control Measure. | |
| Hazard | Associated With | Hazardous Situation | Yes | Select the Hazardous Situation related to this Hazard. | |
| Hazardous Situation | Caused By | Hazard | Yes | Select the Hazard associated with this Hazardous Situation. | |
| Harm | Caused by | Hazardous Situation | Yes | Select the Hazardous Situation that could lead to this Harm. | |
| Risk Control Measures | Mitigates | Risks | Yes | Select the Risks mitigated by this Risk Control Measure. | |
| Risk Management Team | Manages | Risks | Yes | Select the Risks managed by this Risk Management Team. | |
| Responsible for | Risk Control Measures | Yes | Select the Risk Control Measure this team is responsible for. | ||
| Risks Analysis | Analyzed | Risks | No | Select the Risk being analyzed. | |
| Identified Failure Modes | Failure Modes | No | Select the Failure Mode identified in this analysis. | Probability of Occurrence | |
| Identified Hazard | Hazard | No | Select the Hazard identified in this analysis. | Probability p1 | |
| Identified Situation | Hazardous Situation | No | Select the Hazardous Situation identified in this analysis. | Probability p2 | |
| Identified Harm | Harm | No | Select the Harm identified in this analysis. | Probability p1xp2 | |
| Identified RCM | Risk Control Measures | No | Select the Risk Control Measure determined for this analysis. | ||
| Identified RMT | Risk Management Team | No | Select the Risk Management Team responsible for this risk analysis. |
Concrete Example
A specific identified Risk is saved like this:
This, for example, is a concrete instance that can have a relationship to a specific Harm, Risk Control Measure and Riks Management Team Member.
Risk Analysis Process
The Risk Analysis is a central part of the Risk Management Use Case.
A key example is the Risk Analysis, which connects:
✅ Failure Modes → Hazards → Hazardous Situations → Harms → Risks → Risk Control Measures → Residual Risks
Based on the relationships set between the KT data, one can now trace exactly what caused a risk and evaluate based on all data, whether the risk is Accepted or Not Accepted and what Rsk Control mEasure, if any, needs to be implemented and further, what Residual Risk remains.
Through automatic table completion, the Risk Analysis Table is generated. This table is unique because, unlike other KTs, it does not require additional manual form input fields.
Additional Fields in Risk Analysis
The Risk Analysis includes specific fields that are automatically identified through the key of a field defined in the respective KT form:
| Relation Name | Target Knowledge Topic | Additional Field |
|---|---|---|
| Identified Failure Modes | Failure Modes | Probability of Occurrence |
| Identified Hazard | Hazard | Probability p1 |
| Identified Situation | Hazardous Situation | Probability p2 |
| Identified Harm | Harm | Probability p1 × p2 |
These additional fields are displayed automatically in the table as long as the key in the respective form is correctly set.
The selected trace relationship maps to the respective KT and its name. In order to specify a custom name for a KT, it needs to have a field with the key "name".
Additional fields in use cases need the key conststing of the name connected by '*' in the respective form, e.g. "Probability of Occurence" needs the key "Probability_of_Occurence".
For more details, see Introduction to Use Cases.
With this structured approach, the Risk Analysis process is effectively documented, ensuring transparency and traceability. 🚀
Templates
The Risk Management use case includes two key templates:
- Risk Management Plan – Outlines the strategy, responsibilities, and methods for risk management throughout the product lifecycle.
- Risk Management Report – Summarizes the identified risks, analysis results, applied risk controls, and final risk evaluation.
These templates help ensure a structured and compliant risk management process.
SOPs
Risk Management in CertHub is structured around three essential processes:
- Risk Management Review and Reporting Process – Ensures regular assessment and documentation of risk management activities.
- Risk Evaluation Process – Defines how risks are identified, assessed, and categorized based on severity and probability.
- Risk Management Plan Process – Establishes the framework, responsibilities, and approach for managing risks throughout the product lifecycle.
These processes provide a structured approach to identifying, assessing, and mitigating risks effectively.
Regulatory Compliance
The Risk Management Use Case helps satisfy key regulatory requirements:
- ✅ ISO 14971:2019 Medical Devices - Risk Management
- ✅ EU MDR Article 10 General Obligations
- ✅ FDA Design Controls Risk Management
By following the structured approach provided by this Use Case, you can demonstrate comprehensive risk management during regulatory audits.
Integration with Other Use Cases
The Risk Management use case connects with the Requirements Engineering use case through Risk Control Measures.
This connection is established by including the Risk Control Measure knowledge topic (KT) in both use cases.
By reusing shared KTs, CertHub makes integrating different use cases seamless and efficient, ensuring smooth traceability across processes.
Have a look at the Requirements Use Case for more information on how the Risk Control Measure is used.