Antrix, Inc ANTRIX, Inc
Regulatory Affairs & Quality Assurance Consulting Services for
Medical Device and Medicinal Drugs
O 408 733 1199
F 408 730 5959

Risk Management Plan, Analysis and Report as per ISO 14971based on Preliminary  Hazards Analysis, FMEA, FTA and HACCP

1. Service Description

We provide risk analysis service for both product and process. It consists of risk associated with design, development, manufacturing of the product and processes. We also do extensive software risk management analysis and human factor analysis. The report consists of risk identification, risk priority number assignment, recommended action to reduce the risks to reduce the risk priority number to an acceptable level.

There will be productivity increase and cost savings of more than 90% using our service. Your company will save money from several thousand to millions of dollars adding to your bottom line profit.

The Risk Analysis evaluation method usually used are Preliminary Hazards Analysis, FMEA, FTA and HACCP as listed below:

  1. Preliminary Hazards Analysis:  A high level, step-by-step approach for identifying hazards, assessing risk and recommending actions.  Preliminary Hazard Analysis is a guide for identifying design inadequacies, development of safety requirements and safety design features.  More detailed risk analysis (e.g., FTA, FMEA) may be required following a Preliminary Hazard Analysis
  2. Failure Modes and Effects Analysis: FMEA is a “bottom-up analysis”.  It analyzes each component or subsystem to determine potential failures and how these failures will impact the whole system.  Based on the risk level, actions are planned to minimize the probability of failure and/or reduce the severity of the effects.
  3. Fault Tree Analysis: FTA is a “top-down analysis.”  It identifies system failures and then further analyzes the possible direct causes for the most serious potential failures.  Based on the risk level, actions are planned to minimize the probability of failure and/or reduce the severity of the failures.  
  4. Hazards and Critical Control Point Analysis (HACCP): Used for manufacturing process points analyzed for criticality. Steps followed are
    1. Conduct hazard analysis, identify preventive measures
    2. Identify critical control points
    3. Establish critical limits
    4. Monitor each critical control point
    5. Establish corrective action to be taken when deviation occurs
    6. Establish record-keeping system Establish verification process

2. Cost Savings - Return on Investments (ROI)

Amount of money saved by your company on using our service based on the company size is provided in the Table 1.0.

Projected savings is based on

  1. Process efficiency gains (people)
  2. Less personnel requirements (people)
  3. Infrastructure efficiency gains (systems)
  4. Infrastructure validation and maintenance (systems)
  5. Delivering quality products
  6. Avoid regulatory noncompliance cost
  7. Avoid regulatory fines cost

Compared to cost associated with company's inefficient internal manual methods, , systems, tools, software’s, and personnel etc. Detailed Return on Investment (ROI) information is available on request.

Company Size Small Medium Large
$Savings > 90 % > 90 % > 90 %
Annual Sales < $100 million $100 million < Sales < $500 million > $500 million
Number of Submissions <= 2 per year 2 < Sub <= 4 per year > 4 per year

Table 1.0 - Amount of money saved by your company on using our service. Company size is based on annual sales as per FDA classification.

3. Solution Approach

  • Step 1      Establish Risk Management Team
  • Step 2      Develop, review and approve Risk Management Plan
  • Step 3      For each risks identified, follow steps 4 through 8 below –
  • Step 4      Identification of known or foreseeable risks
  • Step 5      Estimation of the risk(s) for each risk/hazard type
  • Step 6      Risk evaluation
  • Step 7      Listing of risk control recommendations
  • Step 8      Review and approval of Risk Management Reports
  • Step 9      Review and update as required.  Approve and file subsequent versions of the Risk Management Plan and Reports during the product development process
  • Step10     Post-production risk management activities occurring after product release will be the responsibility of the Product Line Sustaining Team

 The Risk Analysis File or Report(s) is created providing traceability to each hazard in the risk analysis and determines whether the residual risk is acceptable based on severity, occurrence and detection rate. It usually consists of:

  • Risk Analysis Method
  • Risk Analysis Summary
  • Risk Analysis Conclusion

The ultimate goal of the risk analysis is to reduce the risks to as low as possible before the product is launched ensuring they are safe and effective.

Schematic Representation of the Risk Management Process

Figure 1 - Schematic Representation of the Risk Management Process -  Source ISO 14971:2007 Standards

Overview of Risk Management Activities as Applied to Medical Devices

Figure 2 - Overview of Risk Management Activities as Applied to Medical Devices - Source ISO 14971:2007 Standards

4. Definitions




Physical injury or damage to the health of people, or damage to property or the environment
[ISO/IEC Guide 51:1999, definition 3.1]


Potential source of Harm
[ISO/IEC Guide 51:1999, definition 3.5]
Hazardous Situation
Circumstance in which people, property or the environment are exposed to one or more Hazard(s)
[ISO/IEC Guide 51:1999, definition 3.6]


Combination of the probability of occurrence of harm and the severity of that harm
[ISO/IEC Guide 51:1999, definition 3.2]

Residual Risk

risk remaining after protective measures have been taken
[ISO/IEC Guide 51:1999, definition 3.9]

Risk Analysis

Systematic use of available information to identify hazards and to estimate the risk
[ISO/IEC Guide 51:1999, definition 3.10]

Risk Assessment

Overall process comprising a risk analysis and a risk evaluation
[ISO/IEC Guide 51:1999, definition 3.12]

Risk Control

process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels
[ISO 14971:2000(E), definition 2.16]

Risk Evaluation

Judgment, on the basis of risk analysis, of whether a risk which is acceptable has been achieved in a given context based on the current values of society
[Based on ISO/IEC Guide 51: 1999, definitions 3.11 and 3.7]

Risk Management

Systematic application of management policies, procedures and practices to the tasks of analyzing, evaluating and controlling risk
[ISO 14971:2000(E), definition 2.18]

Risk Management File

set of records and other documents, not necessarily contiguous, that are produced by a risk management process
[ISO 14971:2000(E), definition 2.19]


Freedom from Intolerable or Unacceptable Risk
[ISO/IEC Guide 51:1999, definition 3.1]


Measure of the possible consequences of a Hazard
[ISO 14971, definition 2.21]

Tolerable Risk (Acceptable Risk)

Risk which is accepted in a given context based on the current values of society
[ISO/IEC Guide 51:1999, definition 3.7]
NOTE 1 Tolerable Risk is the result of a balance between the ideal of absolute safety, the demands to be met by a product, process or service, and factors such as benefit to the user, suitability of purpose, cost effectiveness, Risk Evaluation, conventions of the society concerned, and the state of the art.
NOTE 2 The term “Acceptable Risk” is used in ISO 14971 in the same sense as Tolerable Risk.

Intolerable Risk

Risk that is not a Tolerable or Acceptable Risk
[Based on IEC 61010-2-101, Annex AA]

Reasonably Foreseeable Misuse

Use of a product, process or service in a way not intended by the supplier, but which may result from readily predictable human behavior
[ISO/IEC Guide 51:1999, definition 3.14]


5. Applicable Laws, Regulations and Standards

  1. ISO 14971– Medical Devices – Application of Risk Management to Medical Devices
  2. FDA's Pharmaceutical Quality for the 21st Century - A Risked Based Approach -
  3. ISO/IEC 16085:2004 - Information technology. Software life cycle processes. Risk management
  4. IEC 60601-6 - Medical Electrical Equipment - Requirements for Safety
    AAMI HE74: Human Factors in Medical Device Design
  5. Human Factors User Interface Design Cycle -
  6. ISO/IEC Guide 73:2002 - Risk management -- Vocabulary -- Guidelines for use in standards