risk-management-specialistMedical device risk management specialist implementing ISO 14971 throughout product lifecycle. Provides risk analysis, risk evaluation, risk control, and post-production information analysis.
Install via ClawdBot CLI:
clawdbot install alirezarezvani/risk-management-specialistISO 14971:2019 risk management implementation throughout the medical device lifecycle.
Establish risk management process per ISO 14971.
| Section | Content | Evidence |
|---------|---------|----------|
| Scope | Device and lifecycle coverage | Scope statement |
| Criteria | Risk acceptability matrix | Risk matrix document |
| Responsibilities | Roles and authorities | RACI chart |
| Verification | Methods and acceptance | Verification plan |
| Production/Post-Production | Monitoring activities | Surveillance plan |
| Probability \ Severity | Negligible | Minor | Serious | Critical | Catastrophic |
|------------------------|------------|-------|---------|----------|--------------|
| Frequent (P5) | Medium | High | High | Unacceptable | Unacceptable |
| Probable (P4) | Medium | Medium | High | High | Unacceptable |
| Occasional (P3) | Low | Medium | Medium | High | High |
| Remote (P2) | Low | Low | Medium | Medium | High |
| Improbable (P1) | Low | Low | Low | Medium | Medium |
| Level | Acceptable | Action Required |
|-------|------------|-----------------|
| Low | Yes | Document and accept |
| Medium | ALARP | Reduce if practicable; document rationale |
| High | ALARP | Reduction required; demonstrate ALARP |
| Unacceptable | No | Design change mandatory |
Identify hazards and estimate risks systematically.
| Category | Examples | Analyzed |
|----------|----------|----------|
| Electrical | Shock, burns, interference | β |
| Mechanical | Crushing, cutting, entrapment | β |
| Thermal | Burns, tissue damage | β |
| Radiation | Ionizing, non-ionizing | β |
| Biological | Infection, biocompatibility | β |
| Chemical | Toxicity, irritation | β |
| Software | Incorrect output, timing | β |
| Use Error | Misuse, perception, cognition | β |
| Environment | EMC, mechanical stress | β |
| Situation | Recommended Method |
|-----------|-------------------|
| Component failures | FMEA |
| System-level failure | FTA |
| Process deviations | HAZOP |
| User interaction | Use Error Analysis |
| Software behavior | Software FMEA |
| Early design phase | PHA |
| Level | Name | Description | Frequency |
|-------|------|-------------|-----------|
| P5 | Frequent | Expected to occur | >10β»Β³ |
| P4 | Probable | Likely to occur | 10β»Β³ to 10β»β΄ |
| P3 | Occasional | May occur | 10β»β΄ to 10β»β΅ |
| P2 | Remote | Unlikely | 10β»β΅ to 10β»βΆ |
| P1 | Improbable | Very unlikely | <10β»βΆ |
| Level | Name | Description | Harm |
|-------|------|-------------|------|
| S5 | Catastrophic | Death | Death |
| S4 | Critical | Permanent impairment | Irreversible injury |
| S3 | Serious | Injury requiring intervention | Reversible injury |
| S2 | Minor | Temporary discomfort | No treatment needed |
| S1 | Negligible | Inconvenience | No injury |
See: references/risk-analysis-methods.md
Evaluate risks against acceptability criteria.
Risk Estimated
β
βΌ
Apply Acceptability Criteria
β
βββ Low Risk βββββββββββΊ Accept and document
β
βββ Medium Risk ββββββββΊ Consider risk reduction
β β Document ALARP if not reduced
β βΌ
β Practicable to reduce?
β β
β YesβββΊ Implement control
β NoββββΊ Document ALARP rationale
β
βββ High Risk ββββββββββΊ Risk reduction required
β β Must demonstrate ALARP
β βΌ
β Implement control
β Verify residual risk
β
βββ Unacceptable βββββββΊ Design change mandatory
Cannot proceed without control| Criterion | Evidence Required |
|-----------|-------------------|
| Technical feasibility | Analysis of alternative controls |
| Proportionality | Cost-benefit of further reduction |
| State of the art | Comparison to similar devices |
| Stakeholder input | Clinical/user perspectives |
| Situation | Benefit-Risk Required |
|-----------|----------------------|
| Residual risk remains high | Yes |
| No feasible risk reduction | Yes |
| Novel device | Yes |
| Unacceptable risk with clinical benefit | Yes |
| All risks low | No |
Implement and verify risk control measures.
| Priority | Control Type | Examples | Effectiveness |
|----------|--------------|----------|---------------|
| 1 | Inherent Safety | Eliminate hazard, fail-safe design | Highest |
| 2 | Protective Measures | Guards, alarms, automatic shutdown | High |
| 3 | Information | Warnings, training, IFU | Lower |
RISK CONTROL OPTION ANALYSIS
Hazard ID: H-[XXX]
Hazard: [Description]
Initial Risk: P[X] Γ S[X] = [Level]
OPTIONS CONSIDERED:
| Option | Control Type | New Hazards | Feasibility | Selected |
|--------|--------------|-------------|-------------|----------|
| 1 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
| 2 | [Type] | [Yes/No] | [H/M/L] | [Yes/No] |
SELECTED CONTROL: Option [X]
Rationale: [Justification for selection]
IMPLEMENTATION:
- Requirement: [REQ-XXX]
- Design Document: [Reference]
VERIFICATION:
- Method: [Test/Analysis/Review]
- Protocol: [Reference]
- Acceptance Criteria: [Criteria]| Method | When to Use | Evidence |
|--------|-------------|----------|
| Test | Quantifiable performance | Test report |
| Inspection | Physical presence | Inspection record |
| Analysis | Design calculation | Analysis report |
| Review | Documentation check | Review record |
| After Control | Action |
|---------------|--------|
| Acceptable | Document, proceed |
| ALARP achieved | Document rationale, proceed |
| Still unacceptable | Additional control or design change |
| New hazard introduced | Analyze and control new hazard |
Monitor and update risk management throughout product lifecycle.
| Source | Information Type | Review Frequency |
|--------|------------------|------------------|
| Complaints | Use issues, failures | Continuous |
| Service | Field failures, repairs | Monthly |
| Vigilance | Serious incidents | Immediate |
| Literature | Similar device issues | Quarterly |
| Regulatory | Authority feedback | As received |
| Clinical | PMCF data | Per plan |
| Trigger | Response Time | Action |
|---------|---------------|--------|
| Serious incident | Immediate | Full risk review |
| New hazard identified | 30 days | Risk analysis update |
| Trend increase | 60 days | Trend analysis |
| Design change | Before implementation | Impact assessment |
| Standards update | Per transition period | Gap analysis |
| Review Element | Frequency |
|----------------|-----------|
| Risk management file completeness | Annual |
| Risk control effectiveness | Annual |
| Post-market information analysis | Quarterly |
| Risk-benefit conclusions | Annual or on new data |
HAZARD ANALYSIS WORKSHEET
Product: [Device Name]
Document: HA-[Product]-[Rev]
Analyst: [Name]
Date: [Date]
| ID | Hazard | Hazardous Situation | Harm | P | S | Initial Risk | Control | Residual P | Residual S | Final Risk |
|----|--------|---------------------|------|---|---|--------------|---------|------------|------------|------------|
| H-001 | [Hazard] | [Situation] | [Harm] | [1-5] | [1-5] | [Level] | [Control ref] | [1-5] | [1-5] | [Level] |FMEA WORKSHEET
Product: [Device Name]
Subsystem: [Subsystem]
Analyst: [Name]
Date: [Date]
| ID | Item | Function | Failure Mode | Effect | S | Cause | O | Control | D | RPN | Action |
|----|------|----------|--------------|--------|---|-------|---|---------|---|-----|--------|
| FM-001 | [Item] | [Function] | [Mode] | [Effect] | [1-10] | [Cause] | [1-10] | [Detection] | [1-10] | [SΓOΓD] | [Action] |
RPN Action Thresholds:
>200: Critical - Immediate action
100-200: High - Action plan required
50-100: Medium - Consider action
<50: Low - MonitorRISK MANAGEMENT REPORT
Product: [Device Name]
Date: [Date]
Revision: [X.X]
SUMMARY:
- Total hazards identified: [N]
- Risk controls implemented: [N]
- Residual risks: [N] Low, [N] Medium, [N] High
- Overall conclusion: [Acceptable / Not Acceptable]
RISK DISTRIBUTION:
| Risk Level | Before Control | After Control |
|------------|----------------|---------------|
| Unacceptable | [N] | 0 |
| High | [N] | [N] |
| Medium | [N] | [N] |
| Low | [N] | [N] |
CONTROLS IMPLEMENTED:
- Inherent safety: [N]
- Protective measures: [N]
- Information for safety: [N]
OVERALL RESIDUAL RISK: [Acceptable / ALARP Demonstrated]
BENEFIT-RISK CONCLUSION: [If applicable]
APPROVAL:
Risk Management Lead: _____________ Date: _______
Quality Assurance: _____________ Date: _______What is the risk level?
β
βββ Unacceptable βββΊ Can hazard be eliminated?
β β
β Yesββ΄βNo
β β β
β βΌ βΌ
β Eliminate Can protective
β hazard measure reduce?
β β
β Yesββ΄βNo
β β β
β βΌ βΌ
β Add Add warning
β protection + training
β
βββ High/Medium βββΊ Apply hierarchy
starting at Level 1| Question | If Yes | If No |
|----------|--------|-------|
| Does control introduce new hazard? | Analyze new hazard | Proceed |
| Is new risk higher than original? | Reject control option | Acceptable trade-off |
| Can new hazard be controlled? | Add control | Reject control option |
| Condition | Decision |
|-----------|----------|
| All risks Low | Acceptable |
| Medium risks with ALARP | Acceptable |
| High risks with ALARP documented | Acceptable if benefits outweigh |
| Any Unacceptable residual | Not acceptable - redesign |
| Tool | Purpose | Usage |
|------|---------|-------|
| risk_matrix_calculator.py | Calculate risk levels and FMEA RPN | python risk_matrix_calculator.py --help |
Risk Matrix Calculator Features:
| Document | Content |
|----------|---------|
| iso14971-implementation-guide.md | Complete ISO 14971:2019 implementation with templates |
| risk-analysis-methods.md | FMEA, FTA, HAZOP, Use Error Analysis methods |
| Stage | Key Activities | Output |
|-------|----------------|--------|
| Planning | Define scope, criteria, responsibilities | Risk Management Plan |
| Analysis | Identify hazards, estimate risk | Hazard Analysis |
| Evaluation | Compare to criteria, ALARP assessment | Risk Evaluation |
| Control | Implement hierarchy, verify | Risk Control Records |
| Residual | Overall assessment, benefit-risk | Risk Management Report |
| Production | Monitor, review, update | Updated RM File |
| Skill | Integration Point |
|-------|-------------------|
| quality-manager-qms-iso13485 | QMS integration |
| capa-officer | Risk-based CAPA |
| regulatory-affairs-head | Regulatory submissions |
| quality-documentation-manager | Risk file management |
Generated Mar 1, 2026
A startup is designing a smart insulin pump and needs to implement ISO 14971 risk management from concept to market launch. They require hazard identification for electrical, software, and biological risks, along with creating a risk matrix to evaluate and control failures like dosing errors or connectivity issues.
A hospital is integrating new MRI machines and must assess risks related to electromagnetic interference, patient safety during scans, and user errors by technicians. The risk management specialist helps conduct FMEA and fault tree analysis to ensure compliance and minimize operational hazards.
A company is introducing an auto-injector for a biologic drug and needs to analyze risks from chemical residues, mechanical failures, and misuse by patients. The specialist performs benefit-risk analysis and establishes post-market surveillance to monitor residual risks after launch.
A consultant is assisting a client with FDA pre-market approval for a surgical robot. They use the risk management specialist to document hazard analyses, verify risk controls, and compile evidence for regulatory audits, ensuring all ISO 14971 requirements are met throughout the product lifecycle.
A manufacturer receives adverse event reports for a cardiac monitor and needs to update risk assessments based on real-world data. The specialist analyzes post-production information, re-evaluates risk acceptability, and implements design changes if necessary to maintain safety and compliance.
Offer specialized risk management consulting to medical device companies, providing end-to-end ISO 14971 implementation, audit support, and training. Revenue comes from hourly rates or project-based fees, targeting startups and established firms needing compliance expertise.
Develop a cloud-based tool for automating risk analysis workflows, such as FMEA and risk matrix creation, with templates and collaboration features. Revenue is generated through subscription tiers, appealing to teams managing multiple devices and seeking efficiency gains.
Provide online or in-person courses on ISO 14971 risk management, including certification for professionals in the medical device industry. Revenue streams include course fees, certification renewals, and corporate training packages for regulatory teams.
π¬ Integration Tip
Integrate this skill with project management tools to track risk tasks and link it to regulatory databases for real-time compliance updates, enhancing workflow efficiency.
Create jobs and transact with other specialised agents through the Agent Commerce Protocol (ACP) β extends the agent's action space by discovering and using agents on the marketplace, enables launching an agent token for fundraising and revenue, and supports registering service offerings to sell capabilities to other agents.
Write, structure, and update a business plan for a solopreneur. Use when creating a plan from scratch, updating an existing plan after a pivot or new phase, or preparing a plan to share with investors, partners, or even just to clarify your own strategy. Covers executive summary, market analysis, competitive positioning, revenue model, operations plan, financial projections, and risk assessment β all adapted for a one-person business. Trigger on "write a business plan", "business plan", "create my plan", "business plan template", "update my business plan", "plan for my business", "investor pitch plan".
Executive leadership guidance for strategic decision-making, organizational development, and stakeholder management. Includes strategy analyzer, financial scenario modeling, board governance frameworks, and investor relations playbooks. Use when planning strategy, preparing board presentations, managing investors, developing organizational culture, making executive decisions, or when user mentions CEO, strategic planning, board meetings, investor updates, organizational leadership, or executive strategy.
Strategic product leadership toolkit for Head of Product including OKR cascade generation, market analysis, vision setting, and team scaling. Use for strategic planning, goal alignment, competitive analysis, and organizational design.
B2B SaaS competitive intelligence with 24 scenarios across Sales/HR/Fintech/Ops Tech
Multi-agent war room for brainstorming, system design, architecture review, product specs, business strategy, or any complex problem. Use when a user wants to run a structured multi-agent session with specialist roles, when they mention "war room", when they need to brainstorm a project from scratch, design a system with multiple perspectives, stress-test decisions with a devil's advocate, or produce a comprehensive blueprint/spec. Works for software, hardware, content, business β any domain.