Post-control residual risk re-estimation for every hazardous situation, using the same acceptance criteria applied in initial risk evaluation — before/after record required.
Explicit benefit-risk analysis is mandatory for any unacceptable residual risk; conclusion must be “benefits outweigh residual risks,” not simply “risks are acceptable.”
Benefit-risk record in the Risk Management Report — clinical evidence cited, not engineering judgment alone; synergistic residual risk effects commonly missing.
Maps to
ISO 14971: §7.3 Residual risk evaluation
ISO 13485: §7.1 Planning of product realization
Pre-QMSR Part 820 (legacy QSR): §820.30(g) Design validation.
Requirement text
After implementing risk control measures, the manufacturer shall evaluate the residual risk for each hazardous situation using the criteria for risk acceptability defined in the risk management plan. If residual risk is not judged acceptable and further risk control is not practicable, the manufacturer may gather and review data and literature to determine if the benefits of the intended use outweigh the residual risk.
Why this clause exists
Implementing a risk control measure does not guarantee risk reduction — a software interlock that triggers an audible alarm may reduce one hazard while creating a new one through alarm fatigue. ISO 14971 clause 7.3 requires re-estimation of residual risk after each control is applied because only a documented before-and-after record can demonstrate that the risk management process is actually reducing risk rather than rearranging it. The benefit-risk analysis requirement for unacceptable residual risks reflects the fundamental reality that some medical devices carry irreducible hazards that are nonetheless justified by clinical necessity — an implantable defibrillator carries real risks from inappropriate shocks, but those risks are outweighed by the risk of untreated ventricular fibrillation. Regulators required explicit benefit-risk documentation in the 2019 edition because the prior framework allowed manufacturers to finesse unacceptable residual risks by adjusting acceptance criteria; the shift to a mandatory clinical-evidence-grounded benefit-risk conclusion makes that shortcut auditable and therefore harder to abuse.
What changed
ISO 14971:2019 was a major revision reorganizing the standard from 9 to 10 clauses and moving extensive guidance material into a separate technical report (ISO/TR 24971:2020), making normative requirements clearer and more auditable.
The most significant change was replacing ALARP (As Low As Reasonably Practicable) with AFAP (As Far As Possible), removing the ability to use economic cost as a primary justification for not implementing a risk control. The standard introduced explicit benefit-risk analysis requirements — three new definitions were added (benefit, reasonably foreseeable misuse, state of the art) and the required conclusion shifted from 'risks are acceptable' to 'benefits outweigh residual risks.' Risk acceptability criteria must now be established and documented in the risk management plan before risk analysis begins.
Post-production requirements (Clause 10) were substantially expanded into four sub-clauses (Establish, Collect, Review, Act), mandating active collection and review of post-market data rather than passive complaint handling. The overall residual risk evaluation (Clause 8) was enhanced to require aggregate assessment of all residual risks combined, considering synergistic effects where multiple low risks may create new high-risk situations. Clause 4.3 shifted emphasis from personnel qualifications to demonstrated competence. ISO/TR 24971:2020 (informative companion) adds Annex G (cybersecurity risk management) and Annex H (legacy device risk file remediation).
Common gaps (what we see in audits)
- Synergistic effects of combined residual risks not evaluated — The overall residual risk evaluation must consider synergistic effects where multiple individually 'low' residual risks combine to create a new, higher-risk situation. For example, multiple concurrent alarms each with acceptable individual risk may together create dangerous user confusion. Manufacturers evaluate residual risks in isolation without considering aggregate effects.
- Benefit-risk conclusion not explicitly documented — The 2019 edition shifts the required conclusion from 'risks are acceptable' to 'benefits outweigh residual risks.' Many manufacturers' risk management reports do not include an explicit benefit-risk conclusion with documented rationale, particularly when overall residual risk exceeds pre-defined thresholds.