Risk Management Guide for a Digital Health or a Medical Device Company on Jira Cloud

25 May 2021
by Marion
Table of Contents

    Why Risk Management

    In the fast-paced world of medical device development, safety and quality are of utmost importance. Manufacturers must adhere to stringent regulations and standards to ensure that their devices are safe and effective for patients. One such standard that plays a crucial role in the medical device industry is ISO 14971, which focuses on medical device risk management. In this article, we will delve into the intricacies of ISO 14971, its significance, and how it shapes the landscape of medical device development and manufacturing.

    What is ISO 14971/ Medical Device Risk Management?

    ISO 14971 is an international standard that provides guidance on the application of risk management to medical devices. It outlines the principles and process for identifying, evaluating, and controlling risks associated with medical devices throughout their lifecycle. The standard emphasizes the need for manufacturers to proactively identify potential hazards and implement measures to mitigate those risks.

    The Importance of ISO 14971/ Medical Device Risk Management

    Medical devices play a critical role in the diagnosis, treatment, and monitoring of patients. Ensuring their safety and efficacy is paramount to protect both patients and healthcare providers. ISO 14971 serves as a comprehensive framework that helps manufacturers assess and manage risks associated with medical devices. By adhering to this standard, manufacturers can identify potential hazards early on, implement appropriate risk controls, and continuously monitor the performance and safety of their devices.

    ISO 14971/ Medical Device Risk Management: A Regulatory Requirement

    Regulatory bodies across the globe recognize the importance of risk management in medical device development and have incorporated ISO 14971 into their regulatory frameworks. Compliance with ISO 14971 is often a requirement for obtaining regulatory approvals to market medical devices in various countries. By following this standard, manufacturers demonstrate their commitment to patient safety and regulatory compliance, gaining trust and credibility in the marketplace.

    The Process of ISO 14971/ Medical Device Risk Management

    ISO 14971 outlines a systematic process for managing risks associated with medical devices. This process consists of several interconnected steps that manufacturers must follow diligently to ensure the safety and effectiveness of their products.

    Step 1: Risk Management Planning The first step in the ISO 14971 risk management process is to establish a risk management plan. This plan defines the scope, objectives, and responsibilities of the risk management activities. It outlines the methodologies, tools, and resources that will be utilized throughout the risk management process. By developing a comprehensive risk management plan, manufacturers can ensure a structured and consistent approach to identifying and mitigating risks.

    Step 2: Risk Analysis Risk analysis involves systematically identifying and assessing potential hazards associated with a medical device. It entails analyzing the device’s design, materials, manufacturing processes, and user interactions to identify potential risks. Manufacturers use various tools and techniques, such as fault tree analysis and failure mode and effects analysis, to evaluate the severity of each identified hazard and estimate the likelihood of its occurrence.

    Step 3: Risk Evaluation After conducting a thorough risk analysis, the next step is to evaluate the identified risks. Manufacturers assess the acceptability of each risk based on predefined criteria, such as the severity of harm, the probability of occurrence, and the detectability of the risk. Risks that exceed acceptable levels are deemed unacceptable and require further risk control measures.

    Step 4: Risk Control Risk control involves implementing measures to mitigate identified risks. Manufacturers prioritize risks based on their severity and implement appropriate controls to reduce or eliminate them. These controls can include design modifications, protective measures, warnings, or instructions for use.

    Risk Management Solutions for ISO 14971 Compliance

    When searching for a risk management solution, medical device companies typically look for certain key features:

    • Affordability: Cost-effective solutions with no intimidating price tags.

    • Pay-as-you-go license fee: Flexible payment options without the need for extensive approval processes.

    • Integration with existing software tools: Seamless integration without requiring additional training for employees.

    • Embedded guidance: Intuitive tools with built-in support and guidance. • Full customization: Solutions that cater to various departments, teams, and plants regardless of the risk management methods employed.

    • Automated traceability: Streamlined traceability features to simplify the process for Quality Assurance.

    • Cloud-based and secure: Reliable and secure cloud-based systems, requiring minimal involvement from IT departments.

    Standalone vs Integrated Risk Management Solutions

    Standalone solutions for risk management or for system design constitute the traditional way that safety-critical domains have taken. Each standalone system is managed and operated independently with no integration or interface between different systems within the organization or with their suppliers. This leads to cumbersome and time-consuming integration as well as updating efforts.

    With an increasing amount of software in safety-critical systems, software developers often prefer to work with open and integrated solutions where different aspects of system development are seamlessly linked to one another.

    The main benefit of integrated solutions is the utilization of the already existing systems in the organization. Utilizing and integrating various aspects with the existing systems like Atlassian’s Jira will speed up the process of automation, reporting and preparing for regulatory audits.

    Three main benefits of an integrated risk management solution:

    1. An integrated risk management solution allows software developers to utilize the already existing platform (e.g. Atlassian) seamlessly linking software requirements and test cases to risks as required for compliant risk management.
    2. Through integrated solution, the existing platform will be fully utilized and there is no need to train the employees thus speeding up the process of compliance as the users already know how to use the platform.
    3. The most important benefit of integrated targeted solutions is that the end user of the solution, the Regulatory Affairs Manager, gets exactly the right solution for his or her problem – there will be no additional coding or complex configuration required! Such targeted integrated software solutions address the specific needs of regulated safety-critical system developers while offering a cheaper and more up to date solution.

    Risk Management on Jira Cloud

    Did you like to manage risks in Excel before your entire development team moved to Jira leaving you to struggle with the manual linking of risks to requirements and tests which is time-consuming and error-prone?

    Then you should try the SoftComply Risk Manager app on Jira instead. This is the only Jira app for risk management that provides you with a spreadsheet view of risks enabling you to get a quick overview of the entire data of your risk project! It is also the only risk management app on Jira specifically built for medtech and other safety-critical product risk management requirements.

    Quick Guide to Risk Management in Jira Cloud
    Quick Guide to Risk Management in Jira Cloud
    Quick Guide to Risk Management on Jira Cloud

    Key Features of the SoftComply Risk Manager app on Jira Cloud:

    Customizable Risk Tables in Jira

    There are four out-of-the-box risk tables for risk management you can choose from when you create a new Risk Project with the SoftComply Risk Manager.

    The risk tables for Hazard Analysis and FMEA support your medical device or digital health product risk management process automation. Hazard analysis is a top down risk management approach (the minimum required risk management analysis for medical devices) while FMEA is a bottom-up risk analysis approach. You can read more about these risk analysis methods here.

    generic project risk management table provides you with a starting point to manage your project and organisational risks.

    Do It Yourself risk table in the Risk Project Creation wizard enables you to build the risk table from scratch completely by yourself. It provides just two columns to start with – Risk ID (Jira issue ID) and Risk Summary (Jira issue summary). Thereafter, you can add the fields you wish to see in your risk management table. Each new column that you create in the DIY table will be a Jira custom field in your system. Once you have created a new risk project from the DIY table, you can start adding Jira issue fields to the table as columns you need for your risk management.

    Risk Management Templates for Jira

    Use Existing Risk Projects as Templates

    Once you have created an intricate risk project with a complex risk table for your product/device risk management, you may want to re-use the project configuration. You can do that easily by cloning the existing configuration, which will copy the existing project’s risk matrices and risk table configuration.

    Create a New Risk Project from an Existing Risk Project

    Automatically Generated Risk Reports

    Dashboard Gadgets for Risk Reporting

    Dashboard gadgets provide a great way to quickly build and display risk reports. One such SoftComply Risk Manager gadget displays Risk Matrices and thereby visualises how risks have been mitigated to acceptable levels:

    SoftComply Risk Manager Dashboard Gadget

    Once you have created such a report, you can quickly move from the dashboard back to your risk table to see which of the risks are in a specific risk class. Simply click on any of the risk count numbers in the dashboard gadget and you will be taken to a filtered risk table showing only the risks of that specific risk class.

    Generate ISO14971 Compliant Risk Reports

    You can also generate the ISO14971 compliant risk reports with the SoftComply Risk Manager, namely the Risk Plan and the Risk Report. The Risk Plan will automatically include your risk matrices configuration together with the detailed description of each Severity and Probability level. The Risk Report includes the entire Initial and Residual Risk Matrix together with the Risk Counts and their respective Risk Classes.

    Compliant Risk Reports of the SoftComply Risk Manager app

    Traceability reports in Confluence

    SoftComply Risk Manager automatically builds traceability within all Jira links you have provided within the risk table view – between risks, requirements (mitigation actions) and test cases (verification actions).

    You can build additional traceability reports in Confluence with Jira issues macros. Check out the clips of Traceability Tutorial Guide in our YouTube channel:

    Establishing Risk Traceability in Jira Part I
    Establishing Risk Traceability in Jira Part I
    Risk Traceability Tutorials with the SoftComply Risk Manager app on Jira Cloud

    From Confluence, you can already integrate the risk reports with your QMS documentation using the SoftComply eQMS solution.


    Achieving compliant risk management in the medical device industry is crucial for ensuring product safety and regulatory compliance. Integrated risk management solutions offer significant advantages over standalone systems, enabling companies to leverage existing platforms and streamline their risk management processes. The SoftComply Risk Manager app on Jira Cloud provides a comprehensive and customizable tool that simplifies risk management, automates reporting, and facilitates compliance with the ISO 14971 standard. By embracing integrated solutions like this, medical device companies can enhance their risk management practices and improve overall product safety.

    Learn more

    1. Full list of features and customization options of the SoftComply Risk Manager app on Jira.
    2. Additional automation options on top of the SoftComply Risk Manager app with scripting apps or with Jira automation.
    3. You can also check out the comparison of risk management apps on Jira Cloud.
    Try us out on

    SoftComply apps are available on Atlassian Marketplace – you can try them all out for free!