Article 10, 2 of the Regulation requires Manufacturers to establish, document, implement and maintain a product safety risk management system. The detailed requirements of the system are listed in the Annex I Chapter I, points 2-9.
In brief, the Regulation requires the following: (2) any risks associated with the device must be reduced as far as possible, (3) Manufacturers must implement a system for risk management and apply it to each device they develop, (4) the measures used to control the risks must be state of the art, (5) risks related to human factors must also be addressed, (6) the risk mitigation measures must remain effective throughout the life of the device, (7) they must also not be affected by transporting or storing the device, (8) all foreseeable residual risks must be outweighed by the benefits which result from using the device, (9) these risk management requirements also apply to those device like products listed in Annex XVI.
While the EU MDR doesn’t specifically require manufacturers to follow the harmonised standard for risk management, the most straight forward approach for most Manufacturers will be to implement the risk management system described EN ISO 14971. EN ISO 14971 is written in a style that can easily be transposed into an internal company procedure (respecting copyright). However, as the standard describes what needs to be done but not by who or how, the specific responsibilities for various risk management activities will need to be assigned to specific job roles or departments within the manufacturer’s organisation. This includes those items assigned in the standard to the “Manufacturer” and to “Top management”. Experts with the competence to perform those assignments will have to be identified, recruited or trained. The format and media of documents used for activities such as planning, risk analysis, risk evaluation etc. will also need to be decided.
Concerning EN ISO 14971 Section 9: “Production and post-production information”. Section 9 is considered by many the biggest weakness of EN ISO 14971:2012. So in place of the requirements of Section 9, manufacturers should read and implement the requirements for post market surveillance (EU MDR Articles 83-86). Refer to the dedicated page.
Beyond applying EN ISO 14971: Annex I point 5 of the EU MDR specifically requires manufacturers to consider risks related to human factors. Some may argue that a properly performed risk analysis according to EN ISO 14971 should already include risks related to human factors and usability. Nevertheless, regulatory authorities have increasing expectations in this area, and manufacturers are advised to implement an additional dedicated sub-process specifically to identify and assess risks from human factors and usability. Again, the most straight forward approach for most organisations will be to follow the harmonised standard EN 62366.