Risk Management & Human Factors
Risk management under ISO 14971 and usability engineering under IEC 62366-1 are not optional documentation exercises. They are foundational requirements that Notified Bodies scrutinise in every conformity assessment, and they run through the entire device lifecycle from initial concept to post-market surveillance.
We design and run these processes as part of the development programme, not as standalone compliance activities. The risk management file and usability engineering file we produce feed directly into the technical documentation we compile and the Notified Body submissions we manage.
Visitors who previously worked with CE plus will find the same teams and expertise here. CE plus has been fully integrated into regenold, and all device, IVD, and software capabilities continue under the regenold brand.
Examples of How We Support
These are just examples to illustrate the kind of work we do day to day. The fastest way is usually a short call to understand your situation and discuss how we can help.
Early risk integration
You are starting a new device development project and need risk management and usability engineering processes set up from the beginning, integrated with your ISO 13485 design controls. You want these running in parallel with design activities, not bolted on retrospectively before a Notified Body submission.
ISO 14971 file remediation
You are preparing for Notified Body certification and your risk management documentation was produced ad hoc during development. The risk management plan, hazard analysis, and risk management report exist in fragments but don't meet ISO 14971 requirements as a coherent file. You need the file restructured, gaps filled, and the overall risk management report completed before submission.
Human factors program
You are developing a device with a complex user interface, such as a connected patient monitor, a surgical navigation system, or an infusion pump with a touchscreen, and need a human factors program: formative testing during iterative design, followed by summative validation testing with representative users in a simulated use environment.
Non-EU usability bridging
You already have usability data for your product, but the data was established for non-EU submissions. You need a strategy to pragmatically transfer your data to satisfy CE requirements.
SaMD integrated risk framework
You are developing software as a medical device and need a risk management framework that addresses both patient safety risks under ISO 14971 and cybersecurity risks under IEC 81001-5-1 in a single coherent process. For the software-specific regulatory requirements, see Software as a Medical Device & Cybersecurity.
Understanding Risk Management & Human Factors
Risk management and usability engineering are cross-cutting disciplines that inform and are informed by multiple other activities in device development: design controls, clinical evaluation, preclinical testing, post-market surveillance, and the technical documentation. They are not standalone services. They run through the programme and connect to everything else.
This page covers the process design, execution, and documentation for risk management per ISO 14971 and usability engineering per IEC 62366-1. The broader technical documentation compilation (where the risk management file and usability engineering file sit as core components) is covered on Medical Device Regulatory Services. The QMS framework and design control procedures that these processes operate within are covered on Quality & Compliance. The clinical evaluation that uses risk-benefit data from the risk management process is covered on Medical & Scientific Writing and Clinical Development. The PMS processes that feed post-market data back into risk management are covered on Pharmacovigilance & Device Vigilance.
For software-specific risk management including cybersecurity risk assessment under IEC 81001-5-1, see Software as a Medical Device & Cybersecurity.
What We Do
Risk management and usability engineering run in parallel with device development. Here is what we deliver across both disciplines.
Our Workstreams
We organise risk management and human factors work into defined workstreams. Most device development programmes involve at least the first three.
Risk Management Process Design
ISO 14971 process setup integrated with ISO 13485 design controls. Risk acceptability criteria definition (probability, severity, risk matrix). Risk management plan authoring. Template and procedure development for hazard analysis, risk evaluation, and risk control. Review gate integration into the development process.
Risk Analysis & Documentation
Hazard identification using FMEA, FTA, HAZOP, or combined methods. Risk estimation (severity and probability). Risk evaluation against acceptability criteria. Risk control specification and verification. Residual risk assessment. Overall risk management report with benefit-risk determination. Risk management file compilation for Notified Body submission.
Usability Engineering Process
IEC 62366-1 process setup. Use specification development (user profiles, use environments, use scenarios). User interface evaluation planning. Task analysis and critical task identification. Use-related hazard integration with risk management. Usability engineering file compilation.
Human Factors Studies
Formative evaluations: expert review, cognitive walkthrough, heuristic evaluation, early-stage user testing with think-aloud protocols. Summative (validation) testing: protocol development, participant recruitment (minimum 15 per user group per FDA guidance), simulated use environment setup, task scenario execution, use error analysis, and reporting. Study coordination with specialist lab facilities and recruitment partners.
Post-Market Risk Management
PMS data integration into the risk management file (complaint trends, incident analysis, PMCF/PMPF findings). Risk signal identification and assessment. Benefit-risk reassessment for marketed devices. Risk control updates and their impact on the clinical evaluation and technical documentation. Triggered by data from the device vigilance team (see Pharmacovigilance & Device Vigilance).
Where This Fits in the Development Journey
Risk management and usability engineering span the full device lifecycle. The most intensive work falls during Design & Development, but the processes start at concept and continue through post-market.
Discovery & Concept
Initial risk assessment for feasibility. Preliminary hazard analysis to identify show-stoppers early. Early use specification and user needs definition that inform the design input requirements.
Design & Development
Full risk management process runs in parallel with design controls. Hazard identification, risk analysis, and risk control implementation iterate with design changes. Formative usability testing during iterative design cycles. This is the most intensive phase for both disciplines.
Clinical
Summative (validation) usability testing. Risk-benefit data that feeds into the clinical evaluation. Clinical investigation risk assessments where applicable.
Regulatory Submission & Approval
Risk management file and usability engineering file compiled as core components of the technical documentation for Notified Body submission. These are among the first documents Notified Bodies review.
Post-Market & Lifecycle Management
Production and post-production risk management. PMS data integration. Benefit-risk reassessment for marketed devices. Usability data from real-world use informing design improvements. Risk management file updates triggered by design changes, incidents, or PMCF findings.
Product Type Considerations
The depth and focus of risk management and usability engineering vary by device type. These considerations affect how we scope the work.
Implantable Devices
High-risk profile requires the most rigorous hazard analysis. Risk acceptability criteria must be stringent given the severity of potential harm. Usability of implantation tools and surgical procedures is critical: surgical human factors testing may require simulated OR environments and surgeons as test participants.
In-Vitro Diagnostics
Risk management focuses on analytical and clinical performance risks: false positives, false negatives, and the consequences of incorrect results. Usability considerations centre on sample handling procedures, result interpretation (particularly for near-patient testing), and operator training requirements.
Reusable Devices
Reprocessing-related risks (cleaning effectiveness, sterilisation validation, material degradation over reprocessing cycles) require specific hazard analysis. Human factors for reprocessing instructions (IFU clarity, cleaning step complexity) are a common area of Notified Body scrutiny.
Active Devices with User Interfaces
Human factors is central to risk control. Complex interfaces (touchscreens, alarm systems, data displays, multi-step workflows) require extensive formative and summative testing. Use error analysis is often the most significant component of the risk management file. IEC 62366-1 compliance is heavily scrutinised by Notified Bodies for these devices.
Software as a Medical Device
Risk management must address both patient safety risks and, for connected software, cybersecurity risks. IEC 81001-5-1 cybersecurity risk assessment builds on the ISO 14971 framework. Usability of the software interface is often the primary risk control mechanism. See Software as a Medical Device & Cybersecurity for the software-specific requirements.
Combination Products
Dual risk framework: ISO 14971 for the device component, ICH Q9 for the drug component. Usability of the combined product (prefilled pen, autoinjector, drug-eluting implant) requires integrated human factors studies covering both device operation and drug administration.
Sample Deliverables
Risk management plan per ISO 14971 with defined scope, risk acceptability criteria, planned activities, and process integration with design controls. 
Hazard analysis document (FMEA, FTA, or equivalent) with systematic hazard identification, risk estimation, evaluation, and risk control measures. 
Risk management report summarising the overall residual risk assessment, benefit-risk determination, and confirmation that the process was executed as planned. 
Complete risk management file for Notified Body submission: plan, analysis, evaluation, controls, verification, and report in a single auditable package. 
Usability engineering file per IEC 62366-1: use specifications, user interface evaluation plan, formative evaluation reports, summative validation test report, and use-related hazard summary. 
Summative usability test protocol: task scenarios, participant selection criteria, simulated use environment specification, acceptance criteria, and data analysis methodology. Summative usability test report: participant demographics, task completion data, use error analysis, root cause assessment for critical use errors, and overall conclusions. Post-market risk management update: revised hazard analysis incorporating PMS data, updated risk controls, and impact assessment on clinical evaluation and technical documentation. Example Projects
Illustrative Example
Risk Management Process for a Digital Health Application (DiGA)
Full ISO 14971 risk management process designed and executed for a DiGA treating a mental health condition, integrated with the software development lifecycle and aligned with BfArM requirements for the German DiGA fast-track pathway.
Illustrative Example
Revision of a Risk Management File with Notified Body Deviations — Voice Analysis Software
Remediation of a risk management file that had received Notified Body deviations for a software intended to analyse voices. Gaps in hazard identification, missing risk control verification evidence, and an incomplete risk management report were addressed and the file restructured into a coherent, submission-ready package.
Illustrative Example
Risk Management File Creation for an AI-Based Eye Disease Screening Software
End-to-end risk management file created for an AI software intended to scan for eye diseases, addressing both patient safety risks under ISO 14971 and algorithm-specific considerations, with the risk management file compiled as a core component of the technical documentation for Notified Body submission.
Setting Up Risk Management for a New Device, Planning Usability Studies, or Updating a Risk Management File?
Tell us about your device and timeline, and we'll outline how we can help. Start with a focused discussion. A short call is often the fastest way to understand your current position, identify documentation gaps, and define the most efficient path to a submission-ready file.
Speak with Our TeamKey Regulations & Guidance
These standards and guidance documents define the requirements for risk management and usability engineering in medical device development.
Frequently Asked Questions (FAQ)
When should risk management start in the development process?
At the very beginning. ISO 14971 requires risk management to run through the entire lifecycle, starting with a preliminary hazard analysis during the concept phase. Waiting until the design is finalised and then producing the risk management file retrospectively is one of the most common mistakes we see. It creates weak documentation, misses opportunities to design out hazards early, and is immediately apparent to Notified Bodies.
What risk analysis methods do you use?
We select the method based on the device and the hazard type. FMEA (Failure Mode and Effects Analysis) is the most common starting point for systematic component and function-level hazard identification. FTA (Fault Tree Analysis) is used for top-down analysis of specific hazard scenarios. HAZOP is used for process-related hazards. For most devices, we use a combination: FMEA as the primary method, supplemented by FTA for critical hazard pathways.
What is the difference between formative and summative usability testing?
Formative testing happens during design development and is diagnostic: it identifies usability problems so they can be fixed. Methods include expert reviews, cognitive walkthroughs, and early-stage user testing with think-aloud protocols. Summative testing happens after the design is finalised and is evaluative: it validates that the device can be used safely and effectively by representative users performing critical tasks. Summative testing uses a formal protocol with predefined acceptance criteria and is the evidence the Notified Body and FDA review.
How many participants do we need for a summative usability study?
FDA guidance recommends a minimum of 15 participants per distinct user group. If your device is used by surgeons, nurses, and patients, that means 15 of each (45 total). The rationale is statistical: 15 participants provide approximately 95% confidence that a use error occurring with a true probability of 5% or greater will be observed at least once. For EU MDR, IEC 62366-1 does not specify a number, but Notified Bodies increasingly expect justification consistent with the FDA benchmark.
How does post-market surveillance data feed back into risk management?
ISO 14971 Clause 10 requires manufacturers to collect and review production and post-production information and assess whether it creates new hazards, changes existing risk estimates, or renders current risk controls inadequate. In practice, this means the device vigilance team monitors complaint data, incident reports, and PMCF findings and flags anything that could affect the risk profile. We then update the hazard analysis, reassess the benefit-risk determination, and document the changes in the risk management file.
Do Notified Bodies scrutinise the risk management file closely?
Yes. The risk management file is typically one of the core documents a Notified Body reviews. Common NB findings include: risk acceptability criteria that are not clearly defined, hazard identification that is incomplete or not traceable to the intended use, risk controls that lack verification evidence, residual risk assessments that do not reference clinical data, and risk management reports that were clearly written retrospectively rather than maintained throughout development.
How do risk management and usability engineering interact?
They are explicitly linked. IEC 62366-1 requires that use-related hazards identified during usability testing are integrated into the risk management process per ISO 14971. In practice, the usability engineering file and the risk management file must cross-reference each other. Use errors discovered during formative testing become hazards in the risk analysis. Risk controls that rely on user behaviour (training, labelling, interface design) must be validated through usability testing. We manage both processes together to ensure this integration is seamless.
We already have a risk management file, but it was produced retrospectively. Can it be fixed?
Usually, yes. We assess the existing documentation against ISO 14971 requirements, identify the gaps (missing hazard categories, incomplete risk estimation, absent verification records, no post-production plan), and build a remediation plan. The remediation typically involves restructuring the file, filling evidence gaps, and producing the missing elements — particularly the risk management report. The goal is a file that reads as a coherent, maintained document rather than a retrospective compilation. Notified Bodies can tell the difference.