Risk Management Report (EN ISO 14971)

Risk management is present in all business management disciplines and in particular in the medical device sector.


Both the regulations (EU) 2017/745 or 2017/746, and the ISO 13485 standard, require the identification, assessment and minimization of risks related to the activities of the quality management system, but also with the use and the entire life cycle of the medical device.


The harmonized standard EN ISO 14971 for regulations (EU) 2017/745 and 2017/746 advocates a comprehensive risk management process. The word process means the implementation of a PDCA approach. It means, therefore, a risk management that does not end in an exercise but that improves over time as it collects and reassess risks.


The risk management process of standard EN ISO 14971 has the following steps:

  • Risk analysis
  • Risk assessment
  • Risk control
  • Overall residual risk assessment
  • Review of the risk management process
  • Production and Post-Production Activities.


The implementation of these steps is supported by a risk management plan and evidenced by a “Risk Management Report“.