What is a Risk/Benefit Analysis & How To Do It?

12 May 2017
by Marion

The Risk / Benefit analysis is one of the most misinterpreted areas of the Risk Management process.

And consequently one of the preferred digging points for the Notified Bodies.

The spirit of the regulations and standards is “the benefit provided by the use of the device must outweigh the associated risk”.

That sounds simple doesn’t it?

Let’s take a step back.

The basic requirements are listed in ISO 14971 (2012) par 6.5. This paragraph allows for the following case:

If a residual risk is acceptable, a risk/benefit analysis is not required.

What often slips through the cracks is that the ISO 14971 is usually supplemented by additional requirements in each region. In particular, when the EU adopts a standard, additional information is added to it. In this case, there are several Annexes are added to ISO 14971 when is becomes the European Edition of the standard – EN ISO 14971. These annexes describe the gaps and deviations from the Medical Device Directives.

The one that usually catches the device manufacturers is Annex ZA par 4:

“[…] the manufacturer must undertake the risk-benefit analysis for the individual risks and the overall risk-benefit analysis (weighing all risks combined against their benefit) in all cases.”

To summarize: ALWAYS carry out a Risk/Benefit analysis before a product is placed on the market, and include ALL risk items, regardless of their acceptability.

How to conduct a Risk/Benefit Analysis?


Risk/Benefit Analysis in 3 Simple Steps:

1. Summarize all risk items from all risk analysis documents;

2. Summarize the traceability to risk mitigation actions;

3. Arrange a review with the project team, management, Regulatory, Quality and ideally an external expert on the device / use (e.g. a surgeon):

(a) Agree that the risks have been mitigated As Far As Possible and additional risk controls do not significantly reduce the risk.

(b) Agree that each residual risk is acceptable.

(c) Agree that the overall residual risk is acceptable.

(d) Agree that the benefit of using the device outweigh the residual risk

We help medical device companies automate their compliant Risk Management with the help of the SoftComply Risk Manager – our Atlassian add-on for JIRA.

Try us out on

SoftComply apps are available on Atlassian Marketplace – you can try them all out for free!