Residual Risk

‍Residual Risk is the leftover risk(the probability and severity of harm) that an organization cannot eliminate through design features, protective barriers, or labeling/training. This remaining risk must be evaluated against established acceptance criteria and typically requires a documented justification that the device's benefits outweigh its risks.

The term Residual Risk refers to the level of risk that remains associated with a product, device, or process after all reasonable steps have been taken to implement risk control measures (mitigations). In safety-critical industries, particularly medical devices, determining the acceptability of residual risk is a mandatory step in the Quality Management System (QMS) process.

The evaluation of residual risk is the final stage of the risk control process described in ISO 14971, the international standard for applying risk management to medical devices.

Context and Timing

Residual risk is assessed only after risk control measures (mitigations) have been fully planned, implemented, and verified.

• Risk Control Measures: When a risk is identified, measures are taken to reduce the likelihood or severity of the hazardous situation occurring. These measures, applied in order of preference (inherently safe design, protective features, then warnings/training), leave behind a certain level of remaining risk.
• Application of Criteria: The residual risk acceptance criteria apply only .
• after
• risk controls are complete

Evaluating and Accepting Residual Risk

The evaluation of residual risk determines whether the device is safe enough to be released to the market.

Residual Risk Acceptance Criteria

The organization must establish criteria defining the acceptable level of residual risk.

• Predefined Criteria: These criteria must be clearly specified in the Risk Management Plan during the earliest design phase, before risk analysis begins, to ensure objectivity.
• Failure to Meet Criteria: Failure to meet the residual risk acceptance thresholds does not automatically halt the project; it indicates that the risk must be further mitigated, if possible, by repeating the iteration of identifying, implementing, and verifying risk controls.

Overall Residual Risk and Risk-Benefit Rationale

The final evaluation must consider the residual risk across all identified hazards and for the overall device.

Comparison to Benefits

The residual risk is compared against the acceptability criteria by considering the expected benefits that the device confers on the user or patient when used according to its intended use.

Risk-Benefit Rationale

The overall residual risk may be documented by identifying the residual risk for each hazardous situation and then adding a statement about the overall risk-benefit rationale. The findings must conclude that the residual risk is acceptable or otherwise document that the risk-benefit rationale determined the benefit outweighs the risks.

Unacceptable Risk

Suppose the overall residual risk is determined to be unacceptable. In that case, the manufacturer can proceed to another iteration of risk control measures, or, if improvement is not promising, the residual risk must be documented as unacceptable, and design and development should be halted.

Documentation and Communication

Residual risks must be thoroughly documented in the Risk Management File (RMF) and communicated externally where necessary.

• RMF Traceability: The RMF must contain traceability for each hazard to the associated risk analysis, risk controls, and the evaluation of residual risks.
• Disclosure (Labeling): Any significant risks that still remain (residual risks) must be identified and disclosed. These residual risks are typically identified in the Instructions for Use (IFU) for the device. If the device is undergoing the clinical trial process, they are added to the Investigator’s Brochure.
• Software Design: In detailed requirements for medical devices, documentation must include mitigation measures to manage failure and operator errors on output accuracy. The labeling must disclose unresolved anomalies, annotated with an explanation of the impact on safety or effectiveness [177(3)(ii)].

Ongoing Review

The management of residual risk is not a one-time activity; it must be continuously monitored throughout the product lifecycle.

Post-Production Review

Post-production data (e.g., complaints, recalls, scientific literature) must be collected and reviewed periodically to determine whether new information suggests that the documented residual risk estimate may no longer be accurate.

Revision Trigger

If, for example, the rate of a surgical complication exceeds expectations, the risk estimate will need to be revised, and the residual risk will need to be re-evaluated. This maintains the integrity of the risk-benefit rationale over time.

Analogy for Understanding Residual Risk

Imagine launching a new plane (the device). Before launch, you conduct Risk Analysis to identify hazards (e.g., engine failure, turbulence). You implement Risk Controls (e.g., installing dual engines, implementing pilot training procedures, installing seat belts).

Residual Risk is the slight, irreducible chance of an incident (like a minor engine vibration during a storm) that remains after all these safety measures are in place. You then evaluate this Residual Risk against your Acceptance Criteria: Is this small chance acceptable, given the significant Benefit of rapid air travel? If the answer is yes, you proceed, but you must document this residual risk (e.g., a note in the flight manual about potential vibration) and continue monitoring it through regular maintenance and flight data review (Post-Production Surveillance).

‍