What is a Benefit-Risk Analysis & How To Do It?

March 17, 2023

The Benefit-Risk analysis (a.k.a. Benefit-Risk determination or Benefit-Risk ratio) is one of the most misinterpreted areas of the Risk Management process, in particular when coupled with the requirements of MDR / IVDR.

And consequently one of the preferred digging points for the Notified Bodies.

The spirit of the regulations and standards is “the benefit provided by the use of the device must outweigh the associated risk”.

That sounds simple doesn’t it?

Let’s take a step back.

The basic requirements are listed in ISO 14971 (EN ISO 14971:2019+A11:2021):

  1. Par. 7.1: “If, during risk control option analysis, the manufacturer determines that risk reduction is not practicable, the manufacturer shall conduct a benefit-risk analysis of the residual risk.”
  2. Par. 7.4: “If a residual risk is not judged acceptable using the criteria established in the risk management plan and further risk control is not practicable, the manufacturer may gather and review data and literature to
    determine if the benefits of the intended use outweigh this residual risk.”

What often slips through the cracks is that the ISO 14971 is usually supplemented by additional requirements in each region. In particular, when the EU adopts a standard, additional information is added to it. Unlike the 2012 version, the latest EN version of ISO 14971 does not contain detailed additional requirements in Annexes ZA and ZB.

But what was in ZA and ZB of the previous version still applies. In particular:

  1. A Benefit-Risk analysis is not a way out of an unacceptable risk. Unacceptable risks are unacceptable.
  2. A Benefit-Risk analysis must always be carried out:
    1. The Benefit of using the device vs the Overall residual risk.
    2. Each residual risk vs the benefit of that specific feature under analysis.

To summarize: ALWAYS carry out a Benefit-Risk analysis before a product is placed on the market, and include ALL risk items, regardless of their acceptability.

How to Conduct a Benefit-Risk Analysis

Benefit-(Overall residual) Risk Analysis in 3 Simple Steps:

  1. Summarize all risk items from all risk analysis documents;
    1. e.g. using diagrams, charts, statistics, etc.
  2. Summarize the traceability to risk mitigation actions;
  3. Arrange a review with the project team, management, Regulatory, Quality and ideally an external expert on the device / use (e.g. a doctor / specialist / surgeon):
    1. Agree that the risks have been mitigated As Far As Possible and additional risk controls do not significantly reduce the risk.
    2. Agree that each residual risk is acceptable.
    3. Agree that the overall residual risk is acceptable.
    4. Agree that the benefit of using the device outweigh the residual risk
  4. Summarize the outcome of the Review into the Risk Management Report.
    1. The Benefit-Risk assessment is only a part of the Risk Management Review / Report, don’t forget it!

To manage risks in Jira and automate risk traceability, make sure to check out the SoftComply Risk Management apps!

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Xray SoftComply Risk Based Testing Solution
Picture of Marion Lepmets

Marion Lepmets

CEO
July 7, 2026

Risk management is a critical part of product development and QA, especially in regulated industries where every feature must meet strict safety and compliance standards. Yet, as teams move faster in agile environments, managing the connection between risk and testing often becomes messy or manual. What if your risk management...

Frictionless CISO in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
July 2, 2026

What if your next ISO 27001 audit required almost no preparation? That’s exactly how Lemuel Valdez, CISO at Cobham Satcom, approaches security. Instead of scrambling to collect evidence before an audit, he builds systems where audit readiness is simply a byproduct of everyday work. “Controls, risk approvals, documents and evidence...

e-signature
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
June 30, 2026

Not every Confluence e-signature app is designed for regulated industries. This guide explains how to evaluate Atlassian Marketplace apps against 21 CFR Part 11 and choose the right solution for MedTech, pharma, and biotech teams. Looking for an E-Signature App for Confluence? Open the Atlassian Marketplace and search for electronic...