Template: Risk Management Report

The Risk Management Report summarizes the outcomes of risk management activities. While the Risk Management Plan details the planning and methodologies, the actual risks are documented and examined in the Risk Table.

The risk analysis process and its phases are outlined in the SOP Integrated Software Development.

Mapping of ISO 14971:2019 Requirements to Document Sections

ISO 14971:2019 Section	Document Section
4.5 Risk management file	(all)
7.4 Benefit-risk analysis	6
7.6 Completeness of risk control	(reviewed in this document)
8 Evaluation of overall residual risk	3, 5
9 Risk management review	(all)

1. Related Processes and Documents

• SOP Integrated Software Development
• Risk Management Plan
• Risk Acceptance Matrix
• Risk Table

2. Risk Analysis

This section provides an overview of the data included in the Risk Table (a separate document).

2.1 Preliminary Hazard Analysis

\ potential hazards were identified based on Intended Use and Usability Tests, followed by further analysis in the Risk Table.

2.2 Failure Modes

\ failure modes were identified for the software system and analyzed in the Risk Table.

2.3 Failure Mode and Effects Analysis (FMEA)

Preliminary hazards and potential failure modes were assessed, identifying a total of \. The possible hazardous situations and associated harms were evaluated, including intermediate probabilities (p1 and p2).

3. Risk Control Measures

All identified risks were mitigated as extensively as possible (AFAP). For risks classified as “unacceptable” in the Risk Table, appropriate Risk Control Measures were implemented.

Risk Control Measures were prioritized and executed in the following sequence:

1. Inherent safety by design
2. Protective measures
3. Safety information

A total of \ control measures were put into place.

4. Risk Matrix

Following the implementation and verification of Risk Control Measures, the updated Risk Acceptance Matrix showed the following distribution:

Probability	S1: Negligible	S2: Marginal	S3: Critical	S4: Catastrophic	Estimated Maximum Event Count
P5: Certain	acceptable: 0	unacceptable: 0	unacceptable: 0	unacceptable: 0	1000000
P4: Likely	acceptable: 0	unacceptable: 0	unacceptable: 0	unacceptable: 0	10000
P3: Possible	acceptable: 0	acceptable: 0	unacceptable: 0	unacceptable: 0	100
P2: Unlikely	acceptable: 0	acceptable: 0	acceptable: 0	unacceptable: 0	1
P1: Rare	acceptable: 0	acceptable: 0	acceptable: 0	acceptable: 0	0

5. Summary of Risks and Unacceptable Risks

If there are no unacceptable risks (more common), use this section:

After implementing the Risk Control Measures, no unacceptable risks remain. The software meets the risk policy’s specifications and is considered safe. A Benefit-Risk Assessment is not necessary.

If unacceptable risks still exist, use this section:

After implementing the Risk Control Measures, \ unacceptable risks were identified. These will be evaluated in the Benefit-Risk Assessment below.

Optionally, include your device’s software safety classification according to IEC 62304 based on the most significant risks identified.

6. Benefit-Risk Assessment

This section should only be used if there are unacceptable risks.

The \ unacceptable risks are assessed against the benefits outlined in the Clinical Evaluation Report.

The benefits identified are:

\

Summarize the conclusion on whether the benefits outweigh the risks:

When comparing the benefits and risks, we conclude that…

7. Overall Residual Risk

Review the mitigation measures to assess if any combined measures could create an unresolved risk, such as overlapping mitigations.

The overall residual risk is estimated to have a probability of \ and a severity of \. Based on the Risk Acceptance Matrix, this overall residual risk is deemed \<acceptable>.

---