News from Arrotek

Estimating the Probability of Occurrence and Severity of Harm When Assessing Medical Device Risks

by Ger O'Carroll

There are a number of steps that need to be taken in relation to risk management when designing a new medical device. This includes identifying hazards and hazardous situations.

You then need to evaluate the hazards and hazardous situations you identify before, potentially, putting control/mitigation measures in place and then monitoring those controls.

The second stage of the above process, evaluating hazards and hazardous situations, involves estimating two essential factors:

  1. The probability of occurrence
  2. The severity of harm

By combining these two estimations together you will be able to define the risk as being either acceptable or unacceptable. This definition of acceptability will determine what you do next.

Risk Acceptability = Severity of Harm X Probability of Occurrence

This is all outlined in ISO 14971 which is a common framework used by regulators when deciding on whether or not to approve your medical device.

Medical Device Risk Acceptability Table

It can be helpful to create a risk acceptability table to determine the acceptability of each hazard and hazardous situation you identify. The table will need to be customised for your medical device, but an example of such a table is below.

Medical Device Risk Acceptability Table

In this example of a risk acceptability table, hazards or hazardous situations that are green are low risks while orange indicates a medium risk and red highlights high risks. Without further steps, only those that are green can be deemed to be acceptable.

In other words, hazards and hazardous situations that have a negligible severity of harm are likely to be classified as acceptable regardless of the probability of occurrence. Therefore, for these hazards and hazardous situations, no further action is needed apart from documenting why you reached this conclusion.

However, hazards or hazardous situations that could cause the patient or user a minor injury or worse would require further steps if you deem the probability of occurrence to be probable or frequent.

Those further steps would involve putting mitigation or control measures in place. Once you do this, you then need to estimate the probability of occurrence and severity of risk again to determine if the risk is now acceptable.

As you move further across the severity of harm axis, there is an increased requirement for the taking of additional mitigation and control steps, i.e. as the potential harm that can be caused becomes more severe and the probability of occurrence increases.

Readily Predictable Human Behaviour

When going through the above, you can’t simply assume that people will use your medical device the way you have designed it when you are identifying and evaluating hazards and hazardous situations. There is also a requirement for you to anticipate misuse or user error and to then:

  • Evaluate how user error impacts your existing acceptability evaluations; and,
  • Identify additional hazards and/or hazardous situations the user error/misuse creates.

To determine device misuse and user error under ISO 14971, you must take into account “readily predictable human behaviour”.

Benefit-Risk Analysis

In an ideal world, you would be able to determine that all the hazards and hazardous situations you identify are acceptable, particularly after applying control measures to those that needed them. In reality, however, this is not possible.

Even after applying all the control measures you can, you may still have risks that remain categorised as unacceptable. What do you do in these situations?

For risks that remain categorised as unacceptable even after all possible control measures are taken you will need to conduct a Benefit-Risk Analysis. Put simply, this means assessing whether the benefit outweighs the risk.

It’s important to note the phrasing of this in ISO 14971 as Benefit-Risk Analysis rather than Risk-Benefit Analysis. In the 2019 update to ISO 14971, more emphasis is placed on benefits, with a benefit being anything that has a desirable outcome or positive impact.

Data to Back-Up Your Evaluations

Finally, you need to document the above process in detail to get regulatory approval for your medical device product. To make sure this documentation is watertight when you submit it to regulators, make sure you gather data from everywhere.

This includes data from:

  • Published standards
  • Clinical data
  • Investigation results
  • Technical data
  • Results from your own tests
  • Information from user/patient complaints
  • Expert opinion
  • And more

The above data should clearly show how and why you reached your risk acceptability and benefit-risk analysis conclusions.

Arrotek’s Spirit of Christmas!!

by Connell Boal

This year Arrotek took part in the Spirit of Christmas Gift Appeal by buying a gift for a resident of Nazareth House nursing home in Sligo. It was a small offering, but very much appreciated by the residents of Nazareth house and brightened up what can be a lonely time of year for some of the residents.

Thank you to all the staff in Arrotek who took part in the appeal, and to all the staff and residents in Nazareth house for their lovely warm welcome when we went to deliver the gifts.

#spiritofchristmas #timeforgiving

Medical Device Risk Management Plan – What You Need to Know

by Ger O'Carroll

As we have covered in a previous blog, risk management is essential when designing and developing a new medical device product. An important part of this process involves creating and maintaining a risk management plan.

Before going any further, it’s helpful to define risk management. What is risk management?

Risk management is not the act of carrying out a risk analysis at various points during the design of your medical device. This is an action that is part of risk management.

Instead, risk management is a process and, for that process to be effective, documented, and transparent, you need a plan – a risk management plan.

An Introduction to Medical Device Risk Management Plans

A medical device risk management plan should be put together in the very early stages of the product development and design process.

You then must review and update the plan regularly as the development progresses. In other words, a risk management plan is a document that evolves along with the product.

Key Questions Answered

What Is a Medical Device Risk Management Plan?

A medical device risk management plan identifies and documents all the activities you plan to take to manage risks associated with your new medical device. Medical device risk management plans are product-level documents.

How Does a Medical Device Risk Management Plan Fit into the Risk Management Process?

Your risk management plan is a planning document and should be part of your medical device risk management file.

What Does a Risk Management File Include?

  • Risk management plan
  • Individual risk analyses
  • Risk evaluations
  • Risk control measures
  • Evaluation of risk acceptability
  • Risk management reports

What Does a Risk Management Plan Include?

A medical device risk management plan should contain six important sections:

1. Scope of the Risk Management Plan

In this section, you should define the scope of the risk management plan. This definition should include a detailed description of your medical device including who will use it, who benefits from it, its lifecycle, etc.

You should also include the more formal intended use definition of the product.

Other information that should be in this section includes details of the quality management system.

2. Roles and Responsibilities

This section should include details of the risk management team. These are the people who are responsible for all aspects of risk management in relation to your medical device.

This team needs to be qualified and experienced medical device product designers. They also must know everything about the device from how it’s made to what it does to how it is used.

3. Risk Management Activities

This section is for outlining the risk management activities you will take over the entire lifecycle of the product. This includes details of the risk evaluation and mitigation process as well as information about your quality management system.

4. Criteria You Will Use to Determine the Product’s Risk Acceptability

Outlining acceptable risks for your medical device product is an important step that you should document in your risk management plan. Specifically, you need to define quality standards, margins of deviation that are acceptable, and the requirements for approval whenever deviations occur.

5. Measures to Verify Risk Control

In this section of your medical device risk management plan, you should include the quality assurance activities you will use to ensure the proper implementation of risk control measures. Examples of those activities include:

  • Design verification and validation testing
  • Shelf-life testing
  • Packaging testing
  • Shipping testing
  • Process validation

6. Measures to Capture and Use Post-Production Information

As already mentioned, a medical device risk management plan is a living document that remains relevant after the product has gone into production. Therefore, you need to outline the post-production risk management activities you plan to take.

This includes how post-production information will be fed into the risk management process to further manage, control, and mitigate risks as well as to ensure continued improvements in product quality.

Creating a Medical Device Risk Management Plan

The team you appoint to design your new medical device product should lead the process to create a risk management plan and establish effective processes. You will still be a part of these activities, however, so it’s important you have a clear overview.

An Overview of Risk Management in Medical Device Product Design

by Ger O'Carroll

Risk management is an essential part of the medical device product design process. It ensures the safety of patients, users, and operators so it’s no surprise that risk management is a regulatory requirement.

Risk management is also essential to the medical and commercial success of the new product you plan to develop.

In terms of the processes and steps required to ensure the proper management of risk, this is part of the Quality System that you need to have in place when designing a medical device product.

In addition to risk management, a Quality System includes management controls, document control, and more.

Risk Management and Getting Regulatory Approval for a New Medical Device

Risk management is a complex part of the regulatory approval process. There are several reasons for this, not least the fact there are many different variables that can impact risk type and severity.

In addition, the analysis of risk is often subjective which means there can be many different interpretations of the same risk.

On the positive side, regulators around the world all use the international standard ISO 14971. This provides a common framework for risk management when designing a new medical device.

How Do You Define a Risk in Medical Device Product Design?

A risk is a combination of two things:

  1. The probability of a particular event, situation, or outcome occurring
  2. The severity of the consequences if the above happens

What is Risk Management in Medical Device Product Design?

Risk management in medical device product design involves taking a structured and documented approach to analysing, evaluating, controlling, and monitoring risks.

Why Is Risk Management Important?

We’ve already touched on the essential role risk management plays in the regulatory approval process. However, its importance goes much further than this.

When you are designing and developing a new medical device, you have an obligation to ensure patient safety. You also need to ensure the safety of the operator or user of the medical device product if that person is different from the patient or person getting the benefit.

From a regulatory, moral, and commercial standpoint, this safety must be proven beyond doubt.

The Risk Management Process in Medical Device Product Design

Risk management in medical device product design requires a plan at the beginning which eventually leads to a report at the end. The process in the middle is the most important.

There are four main steps in this process:

The Risk Management Process in Medical Device Product Design


  1. Identify risks
  2. Evaluate risks
  3. Control risks
  4. Monitor the controls

Let’s look at each in more detail.

1. Identify Risks

The types of risks you can identify include:

  • Risks in the design of the medical device
  • Risks in how the device is manufactured

Both are important. To start with, does the design of the product itself create risks? Hazards the design might present include biological, chemical, or mechanical energy hazards, with vibration being an example of the latter.

What about the manufacturing process? What if parts are assembled incorrectly? What if there is a lack of consistency in a particular manufacturing process? What is the risk of these things occurring and what impact will they have on safety let alone the quality and reputation of the product?

2. Evaluate Risks

Once you identify risks you need to score them. For example, you could assess risk as being high, medium, or low. This will be based on the probability of the risk occurring and how severe the consequences will be.

3. Control Risks

This stage involves putting in place controls to eliminate the risks deemed to be unacceptable. In the classification example of risk above, this could mean developing and implementing controls for risks classed as high and medium.

The control measures you put in place usually fall into one of the following three categories:

  1. Changing the design of the product
  2. Changing a manufacturing process
  3. Implementing protective measures on the product or in the manufacturing process. Examples of this type of control include providing instructions for use or warnings on the label.

4. Monitor the Controls

Monitoring risk management controls starts by verifying the control measures have been implemented. You then need to analyse the effectiveness of the controls. This often means re-evaluating the risk to determine if it is now within an acceptable range (i.e. low risk) or if further mitigation measures are required.


Finally, it’s crucially important that all the above steps are properly documented. This means recording all the actions taken in each of the steps as well as the results and decisions.

These records are usually included in the design history file and ensure you not only properly carry out risk management, but that you have documented proof.

Medical Device Design Verification and Design Validation – What They Are and Why They Are Important

by Ger O'Carroll

Design verification and design validation are essential parts of the medical device product development process. Sometimes referred to as V&V, it’s important to understand what both terms mean and how they differ if you are about to embark on a medical device product development project.

This is because V&V can take more time than necessary if proper design controls are not put in place in the early stages of the design process.

In other words, both design verification and design validation are made easier if you have well-documented user needs, design inputs, design outputs, and outcomes from design reviews.

What Do the Terms Design Verification and Design Validation Mean?

Design verification and design validation are terms that are often used together, but they mean very different things.

You then need to add to this mix the fact there are many different types of verification and validation, some of which apply to medical device product design and some don’t.

Design validation is only one type of validation. Another, by way of example, is process validation, a topic we have covered in a previous blog.

In this blog, we are going to focus specifically on design verification and design validation as they apply to Design Controls.

These definitions will help you understand the difference:

  • Design verification confirms the device was designed correctly
  • Design validation confirms you designed the right device

Let’s look at both in more detail.

The Design Verification Process

The objective of design verification is to demonstrate your design outputs (i.e. the medical device product you have designed) meet the design inputs (which you derive from the process of defining user needs).

It is good at this point to reference an image from the FDA we have published previously. It is the design control waterflow diagram and it outlines the design control process:

Design control waterfall diagram

So, in summary:

  • You start by defining user needs
  • You then use the user needs definition to create design inputs, i.e. you define what you want to design
  • Then, you go through the design process
  • The result of the design process is the latest iteration of your medical device product – this is your design output
  • Verification should happen at this stage to ensure the design output matches the design input

How do you verify the design? Testing is often a big part, but design verification often also involves visual inspections and analysis.

As stated previously, having good documentation helps ensure the design verification process is as efficient as possible.

Another good strategy to ensure efficient design verification is to consider how you will verify design inputs before moving forward to the design process. In other words, you should think about and plan for design verification at the earliest possible stage.

The Design Validation Process

Design validation confirms you have designed the correct product. So, design validation must refer all the way back to user needs.

Defining user needs is one of the first things you must do in the medical device product design process. The things this definition will contain includes:

  • The medical device product’s purpose
  • What the medical device does
  • The diseases, conditions, circumstances, or situations where the product will be used
  • Whether the medical device treats, prevents, cures, diagnoses, or mitigates
  • The type of patient who will benefit from the product

Design validation ensures the medical device design meets your user needs definition.

Design validation usually occurs when you are in the final iterations of the design process and it usually involves using a small batch production run of the product.

Importantly, the product must be fully produced including all packaging, labelling, usage instructions, and anything else that will be with the product when it is launched on the market. Everything must be validated.

The process itself usually involves clinical evaluation which often includes either clinical trials or simulated trials using, for example, mathematical modelling.

Another common approach is to compare the medical device product with a similar product already on the market that is used for a similar purpose.

Inspections and analysis are part of the process too, but testing is the most important method of design validation.

The Importance of Design Verification and Design Validation

Both design verification and design validation are essential processes to go through and document to ensure your new medical device product gets regulatory approval. The processes also improve the design of your product to give it the best possible chance of success.

Arrotek Sponsoring Sligo Rovers F.C. U15s team

by Arrotek Medical Ltd

We’re absolutely delighted to sponsor Sligo Rovers F.C. U15s on their trip to Germany. It was great to meet the squad in person and we wish them the best of luck on the trip!  Arrotek have supported Sligo Rovers over the years to help the club with their continued success. 

Arrotek Exhibiting Med in Ireland Event Next Week

by Arrotek Medical Ltd

Arrotek will be one of the 70 indigenous Irish MedTech companies exhibiting at Med in Ireland next week.

Med in Ireland is a key event for the MedTech industry both in Ireland and in Europe. Taking place once every two years, it is led by Enterprise Ireland to highlight innovation in Ireland’s MedTech sector and to showcase the technologies that are shaping future healthcare provision.

More than 800 MedTech and healthcare sector executives from around the world are expected to attend the Med in Ireland event on 10 October in the RDS in Dublin.

It is invitation-only, but if you have an invitation, make sure you visit our stand to meet some of the Arrotek team.