New Medical Devices Regulation & Risk Management

March 15, 2017

The revised Medical Devices Regulation (MDR) will change the regulatory environment of medical devices in Europe to a more stringent one.

Compared to the MDD, the MDR promotes a life-cycle approach similar to what the US FDA and many international standards advocate.

MDR highlights the importance of medical device risk management. Although risk management has been a requirement also in the MDD, it has never before been stated in such clear terms:

“/…/ in order to minimize risks or prevent incidents related to medical devices, manufacturers should establish a system for risk management and a system for reporting of incidents and field safety corrective actions./…/”

Annex I of the new MDR goes significantly into more details than the current MDDs:

“/…/ In carrying out risk management manufacturers shall:

(a) establish and document a risk management plan for each device;

(b) identify and analyse the known and foreseeable hazards associated with each device;

(c) estimate and evaluate the risks associated with, and occurring during, the intended use and during reasonably foreseeable misuse;

(d) eliminate or control the risks referred to in point (c) in accordance with the requirements of Section 4;

(e) evaluate the impact of information from the production phase and, in particular, from the post-market surveillance system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio and risk acceptability; and

(f) based on the evaluation of the impact of the information referred to in point (e), if necessary amend control measures in line with the requirements of Section 4. /…/”

These requirements are in line with ISO 14971, so they should not catch anyone by surprise.

The new regulation will apply three years after its formal publication, becoming mandatory by most likely early 2020. For Quality Management System regulation, the ISO 13485 that was released in 2016 will replace the earlier versions and become mandatory in early 2019.

For more information about medical device risk management system in Atlassian JIRA – SoftComply Risk Manager

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

Compliance Workshop cover page
Picture of Marion Lepmets

Marion Lepmets

CEO
October 15, 2025

During Atlassian Team25 Europe, the Compliance Alliance hosted the 4th Compliance Workshop in Barcelona. Despite a wild thunderstorm, nearly 30 compliance enthusiasts braved the rain to join the workshop – a session packed with insights on AI in regulated industries, Atlassian Isolated Cloud, Cybersecurity of Marketplace Cloud apps, and selling...

Vendor Security Risk Assessment in Jira
Picture of Marion Lepmets

Marion Lepmets

CEO
October 1, 2025

Every company depends on others to survive. From your cloud provider to your payroll processor, your business is connected to a web of vendors. But here’s the reality: over 60% of data breaches originate from third-party vendors. This is why managing your vendor security risks has become more important than...

31000
Picture of Marion Lepmets

Marion Lepmets

CEO
September 22, 2025

Most companies have informal risk discussions in meetings. You know the type – “What happens if our lead developer leaves?” or “What if this big deal doesn’t close?”. These conversations usually end without any real action plan and you find yourself talking about the same risks over and over again....