Risk management is not a document you fill out before FDA submission — it is a living process that runs throughout your product lifecycle. Affinity QMS Risk Management provides the ISO 14971:2019 framework, FMEA tools, and post-market surveillance linkage to keep your risk management file current from design through post-market.
Configurable Risk Matrix — Severity x Probability
Risk matrix is fully configurable — severity categories, probability levels, and risk acceptability criteria are set per your risk management policy.
Risk Register with Configurable Risk Matrix
Maintain a comprehensive risk register for each product — capturing hazards, hazardous situations, foreseeable sequences of events, estimated risks, and risk control measures. The risk matrix (severity x probability) is configurable to your risk management policy. Risk acceptability criteria are defined once and applied consistently across all FMEAs.
FMEA Templates (Failure Mode and Effects Analysis)
Pre-built FMEA templates for design FMEAs (dFMEA) and process FMEAs (pFMEA) — structured per ISO 14971:2019 and aligned to FDA's risk management expectations. Each FMEA captures failure mode, effect, cause, detection method, risk priority, and risk control status. FMEAs link to the risk register automatically.
Risk-Benefit Analysis Documentation
For risks that cannot be reduced to acceptable levels, document the risk-benefit analysis — comparing residual risk to clinical benefit — as required by ISO 14971:2019 Section 8. The risk-benefit determination is captured with supporting evidence, reviewer identity, and approval signature. The record is archived in the risk management file.
Risk Control Implementation and Verification
For each identified risk, document risk control measures — inherently safe design, protective measures, safety information — and link each control to a verification activity confirming implementation and effectiveness. Risk controls are tracked from identification through verification closure, with residual risk recalculated after each control is applied.
Residual Risk Acceptability Assessment
After all risk controls are applied, the overall residual risk for the device is assessed for acceptability — and documented with the criteria used. The residual risk assessment is the culminating document of your risk management file, demonstrating that the benefits of the device outweigh its residual risks. Required by ISO 14971:2019 Section 8 and FDA QMSR.
Post-Market Surveillance Linkage
Post-market data — complaints, MDRs, field service reports — flows back into the risk management file through linkages from the Complaint Management module. When post-market data indicates a new hazard or changes the probability estimate for an existing risk, the risk register is updated and a risk management file review is triggered.
Risk Management File Structure per ISO 14971
The risk management file is pre-structured per ISO 14971:2019 — risk management plan, risk analysis records, risk evaluation, risk control records, residual risk evaluation, risk-benefit analysis, and risk management report. FDA reviewers and notified bodies can navigate the file directly — no assembly required before submission or audit.
| Regulation / Standard | Clause / Section | Risk Management Coverage |
|---|---|---|
| ISO 14971:2019 | Full Standard | Risk management plan, analysis, evaluation, controls, residual risk, post-production information |
| 21 CFR Part 820 (QMSR) | Risk-Based Approach Throughout | Risk-based quality system, design risk management, CAPA risk prioritization |
| ISO 13485:2016 | Clause 7.1 — Planning of Product Realization | Risk management integration into design, production, and post-market processes |
| FDA QMSR (2024) | Incorporates ISO 13485 Clause 7.1 | Risk-based approach to quality system design and monitoring |
| IEC 62366-1 | Usability Engineering — Risk from Use | Use-related risk analysis linkage to FMEA and risk register |
Included in Compliance Suite — Starting at
$1,499/mo
Risk Management is included in the Compliance Suite ($1,499/mo) and Full Platform ($2,999/mo). FMEA templates, configurable risk matrix, and post-market surveillance linkage are included — no add-ons required.
Book a demo and see how Affinity QMS keeps your ISO 14971 risk management file current — from design through post-market — with FMEA tools, risk registers, and post-market surveillance linkage built in.