Back to the Glossary

Risk Control

Risk Control is the mandatory phase of risk management in which mitigation measures are identified, implemented, and verified to reduce the likelihood of harm occurring or its severity to meet predefined acceptability criteria.

The term Risk Control refers to the actions, methods, and practices implemented by an organization during the risk management process to reduce the estimated risk associated with a hazardous situation to an acceptable level.

Risk control is a critical step (Part 5) in implementing the ISO 14971 standard, which governs risk management for medical devices.

Purpose and Relationship to Risk Analysis

The results of the Risk Analysis and Risk Evaluation steps directly trigger risk control.

Risk Reduction

When a risk is identified, risk control measures are taken to reduce the risk of the hazardous situation occurring. The intent of risk analysis, per the Quality System Regulation (QSR) preamble, is to identify hazards, calculate risk, determine acceptability, and reduce unacceptable risks to acceptable levels.

Actionable Step

Risk control is the step where the full risk assessment is reviewed, and steps are taken to reduce risk to an acceptable level. The implementation and verification of these controls must be documented as evidence of a compliant Quality Management System (QMS).

Continuous Cycle

Suppose the residual risk remaining after the initial implementation of risk controls is not acceptable. In that case, the manufacturer must iterate through the risk control process again, repeating the steps of identifying, implementing, and verifying controls to bring the risk levels down.

Hierarchy of Risk Control Measures

ISO 14971 specifies a preferred order for applying risk control measures, prioritizing inherent safety over external protection or information.

The preferred order of risk control application is based on three layers of control:

  1. Inherently Safe Design and Manufacture: The organization must first place the onus of safety on the design and manufacturing process itself. This layer includes selecting appropriate materials or designing devices to avoid features like sharp edges that could puncture a sterile barrier.
  2. Protective Features: The next layer involves using protective features within the device or the manufacturing process. Examples include safety guards, product markings, or quality control checks.
  3. Information for Safety: The final, and least effective, layer of control involves providing information such as labeling and instructions for use (IFU), and user training. This is considered the least effective because it relies on the user to perform the correct action, which the manufacturer cannot sufficiently control.

Specific regulatory requirements mandate the implementation of risk mitigation elements, such as appropriate end user device training programs, as part of the risk management activities performed under 21 CFR 820.30 Design Controls for various devices [125, 140(i), 147(6), 148(7), 149(4), 161(8), 163(10)]. The instructions for use (IFU) may also contain risk mitigation elements, including descriptions of additional procedures, methods, and practices that mitigate risks associated with testing [170(iii), 172(iii), 174(iv), 175(G), 178(G), 184(iv)].

Implementation and Documentation Requirements

Once risk controls are determined, they must be formally documented and integrated into the QMS.

Verification

Controls must be implemented and verified. Process qualifications and validation activities conducted during design and development can serve as the verification check for many mitigating factors.

Effectiveness Check

The verification should aim to confirm the effectiveness of the control measure in reducing the probability of harm.

Traceability

The evidence of implementation and verification must be part of the Risk Management File (RMF) and must be traceable to each hazardous situation identified during the risk analysis. The RMF must contain traceability for each hazard to the associated risk analysis, risk evaluation, risk controls, and evaluation of residual risks.

Software Design

For software devices, documentation must show how risk control measures are implemented to address device system hazards [126(i), 144(vii), 146(vii), 167(ii)]. This includes mitigation measures to manage failure and operator errors on output accuracy [188(iv), 189(iv), 192(ii)]. Furthermore, the labeling must disclose unresolved anomalies, annotated with an explanation of their impact on safety or effectiveness [138(ii)].

Supplier Requirements

Suppliers of medical device components are often required to demonstrate risk mitigation of process risk per ISO 14971, utilizing tools such as Process Failure Mode Effect Analysis (pFMEA).

Special Controls as Risk Control Measures

In the FDA's regulatory framework, Special Controls are regulatory requirements specific to certain Class II medical devices, which function as mandatory risk control measures required for assuring safety and effectiveness.

  • Manufacturers must provide an argument demonstrating that all reasonably foreseeable hazards have been adequately addressed with respect to users and conditions of use [197(1)].
  • This argument must demonstrate that controls are implemented to address device system hazards and their causes [198(ii)].
  • The manufacturer must include a justification supporting the acceptability criteria for each hazard control [198(iii)].
  • A traceability analysis must be included, demonstrating that all credible hazards have at least one corresponding control and that all controls have been verified and validated in the final design [126(iii), 198(iv)].

Analogy for Understanding Risk Control

If Risk Analysis is identifying that a canyon crossing is dangerous (Hazard) and determining the high likelihood of a fall (Risk Estimation), Risk Control is the engineered solution and implementation plan to cross safely.

The risk controls are the specific actions taken, applied in priority:

  1. Inherent Safety (Design): Building a solid steel bridge instead of using a rope swing.
  2. Protective Features: Installing guardrails and safety netting along the sides of the bridge.
  3. Information/Training: Posting large signs with warnings ("Danger: Do not lean on railing") and providing mandatory training (Instructions for Use) on how to walk safely across the bridge.

The Risk Control process documents every step—the design specifications of the steel bridge, the testing reports showing the guardrails meet load requirements (Verification), and the content of the warning signs (Labeling)—to prove that the risk of falling into the canyon is now acceptably low.

Ready to see what Botable can do for you?

Book your demo now to see how Botable can transform your workplace.

Identify your unique challenges

Flexible pricing options

Easy integrations

Step-by-step implementation plan

Customize Botable for your workflow

Book a demo

Find out how Botable can answer your employee’s questions in just 30 minutes.