A risk analysis is the search for hazards and the estimation of the probabilities and severities of any resulting harm.

When the term risk analysis is used, it often refers to a hazard analysis.

1. Prerequisite for the hazard/risk analysis

To identify the risks, medical device manufacturers must fulfill the following requirements:


The general page on risk management and ISO 14971 provides an overview of all activities in the risk management process and the legal requirements.
ISO 80001-1 is also relevant for hospitals.

2. Methods of hazard/risk analysis

The objective of risk analysis obviously is to identify risks.

Step 1: Identify hazards (hazard analysis)

The first step is to search for hazards based on the intended purpose, the safety-relevant characteristics of the device, and, if applicable, its design.

The hazard analysis procedures are recommended for this purpose:

  1. PHA (Preliminary Hazard Analysis)
  2. FMEA (Failure Mode and Effect Analysis)
  3. Fault Tree Analysis (FTA)
  4. HAZOP (Hazard Operability)

Step 2: Estimate probabilities and severities of resulting harm

Risks are combinations of the probability of occurrence and the severity of harm. Both must, therefore, be assessed in this step.

Step 3: Decide on the justifiability of the risks

Based on risk acceptance, manufacturers decide on the acceptability of individual risks and, later on, the acceptability of all (residual) risks.

Strictly speaking, this step no longer counts as risk analysis.

3. Tips on risk analysis

a) Consider the specifics of risk analysis for software

Our tips on risk analysis for software have become so extensive that we have dedicated a separate article to them.

b) Be aware that one hazard can lead to several risks

One hazard can lead to several risks, as the following example shows.


If a hospital information system has incorrectly saved a laboratory value as negative instead of positive and the doctor, therefore, administers the wrong medication, a patient may come to harm. The patient may die or “only” suffer from nausea.

Depending on your definition of the harm classes, the first harm (death) could be defined as catastrophic, and the second (nausea) as minor. However, both harms have a different probability.

c) Ensure qualification of the persons involved

ISO 14971 requires that the personnel responsible for risk management have the necessary qualifications.

  • Risk manager
    • Methods of hazard analysis and risk analysis
    • Regulatory requirements for risk management
    • Moderation skills, project management skills
    • Capability to document risk management (documents, tools)
  • Technical experts
    • Detailed understanding of system and software architectures
    • Knowledge of internal and external interfaces
    • Knowledge of components and technologies and their failure modes
  • Context experts
    • Thorough knowledge of the context of use
    • Capability to assess hazardous situations resulting from use errors and system malfunctions
  • Doctors and physicians
    • Knowledge of the health status of the intended patients
    • Capability to determine the severity and probabilities resulting from hazardous situations
Further information

As soon as the risk are identified and assessed, these risks must be mitigated as described in this article.

DIN EN IEC 80001-1:2023

IEC 80001-1 has the long title “Application of risk management for IT-networks containing medical devices – Part 1: Tasks, responsibilities and activities“. This article reveals what the standard requires and why manufacturers should also consider it. 1. About DIN EN IEC 80001-1 a) Objectives of DIN EN IEC 80001-1 The standard aims to help minimize…


Probability of software defects

The probability of software defects is difficult to estimate. It’s so difficult that the “old” DIN EN IEC 62304:2006 wrote: “However, there is no agreement on how to determine the probability of the occurrence of software failures using traditional statistical methods.” The standard concluded that “the probability of such a malfunction must be assumed to…


FTA: Fault Tree Analysis

Fault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis. Fault Tree Analysis: Notation The name Fault Tree Analysis already clarifies how it is represented graphically: As a tree. Both mind…