[Your logo]

Doc. No. Document Title Issue Pages

Risk management plan A 1 (7)

Written/updates by Date Effective date / reference

Reviewed by Signature Date

Approved by Signature Date

This is a free template. You may find a premium version of this template on Gantus.com that you can
purchase.

What this is
This template will provide you with a framework to complete your risk management plan. It may also
be used as a benchmark on your existing plan. The template includes topics as required by clause 3.4
of ISO 14971:2007, 2009 and 2012. It also includes topics that should be addressed for software risk
management according to IEC 62304:2006.

Why it is useful
A risk management plan is required because an organized approach is essential for good risk
management, the plan provides the roadmap for risk management, encourages objectivity and helps
prevent essential elements being forgotten.

How to use it
1. If you are developing a brand-new product, establish as much as possible of this plan in the
planning phase of your project.
2. If you are making a revision of an old product, or adding a product to a range that this plan
applies to, the plan might only have to be updated slightly.
3. Note that the plan shall be maintained, that is, it should reflect what you are doing and the
other way around.
In this template, instructions and/or explanations are included using blue italic texts such as these.
Instructions and explanations should be removed before review of the document. All texts that are not
blue are example texts that can and should be edited by you. Texts that most certainly should be
replaced or updated are identified by the { and } characters. They should be removed and the example
text customized to work with your current project.
For more information on how to use this template, visit http://gantus.com/templates-help
This document is protected by the terms and conditions accepted during the check-out process at
gantus.com. It may be used for your company internal use, but may not be resold or distributed in any
other way. Please respect this and contact support@gantus.se if you should find this document where
you believe it should not be.
[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 2 (7)

1 Purpose

The purpose of this plan is…

2 Scope

The risk management plan has to some extent, a dual nature. Responsibility for risk management
should be defined both during product development and during product maintenance phase. Plans to
cover temporary tasks in a project, compared to plans (or even procedures) that outline continuous
operations such as during maintenance phase are difficult to create in the same way. In a project, a
Gantt-chart with responsibilities or a list of phases and deliverables, may do the job, but for continuous
operations, the approach is more process oriented. Why is this important? You should make a choice
whether you want to include project activities in this risk management plan or have them in your
Design and Development plan. This decision affects the section below.
This plan covers …

3 Contents

The Table of Contents have been created by inserting a Table of Contents (native function in MS
Word). If you need to update it, select and press F9.
1 Purpose..........................................................................................................................................1
2 Scope..............................................................................................................................................1
3 Contents.........................................................................................................................................2
4 Assignment of responsibility..........................................................................................................2
4.1 Product development.............................................................................................................2
4.2 Product maintenance.............................................................................................................3
5 Risk management policy.................................................................................................................4
5.1 General...................................................................................................................................4
5.2 Annex Z...................................................................................................................................4
5.3 Risk evaluation matrix............................................................................................................5
6 Determination of risk......................................................................................................................5
6.1 Probability of occurence of harm...........................................................................................5
6.2 Severity...................................................................................................................................6
7 Document and records controls.....................................................................................................6
8 Change History...............................................................................................................................7
[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 3 (7)

4 Assignment of responsibility

4.1 Product development

If your product includes software, you should have the row with Software safety classification in the
table below. If there is no software, you may remove it.

Risk management Responsible

activities Phase or date (Participants) Notes

4.2 Product maintenance

Risk management Frequency or Responsible

activities trigger (Participants) Notes
[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 4 (7)

5 Risk management policy

5.1 General

This section provides the framework that you will be using for the risk evaluation step in risk
management. This policy will define the criteria for risk acceptability that will result in a risk evaluation
matrix. Many manufacturers will reduce the risk management policy to only the risk evaluation matrix,
which is unfortunate. The text below should of course be updated to reflect your product and policy.
In this policy, considerations for compliance with the requirements of Annex Z of the EN ISO
14971:2012 standard has been made.
The Company develops, produces and sells products for use in connection with {XXX}…
If you are manufacturing a product for EU or EFTA countries and want to comply with Annex Z, please
remove the text below since Annex Z requires ALL risks to be identified and minimized as far as
possible. But if you “only” comply with ISO 14971:2007, keep the text below because it lets you avoid
including risks like paper cuts from the instructions for use, which is negligible but should be included
according to Annex Z (at least in theory).
All risks but negligible risks and risks that are commensurate with the risk of everyday life shall be
identified. Unacceptable risks shall be reduced firstly by making the product inherently safe by
design, secondly by applying protective measures and lastly information for safety. Risk/benefit
analysis shall be carried out for unacceptable risks.

5.2 Annex Z

If you are manufacturing a product for EU or EFTA countries and want to comply with Annex Z, please
include this Annex Z section and the text below:
In the risk management process, all risks regardless of magnitude shall be identified and minimized…

5.3 Risk evaluation matrix

The evaluation matrix below is used for evaluating risks with reference to ISO 14971.

Severity

Po 1 2 3 4 5

1 ACC ACC ACC ACC ACC

[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 5 (7)

2 ACC ACC ACC ACC N ACC

3 ACC ACC ACC N ACC N ACC

4 ACC N ACC N ACC N ACC N ACC

5 N ACC N ACC N ACC N ACC N ACC

6 Determination of risk

6.1 Probability of occurence of harm

The basis for the likelihood can be determined in different ways. The simplest way that work for most
products is per use. Alternatives can be per year, or per day at a certain installed base. Please note
that there may be risks also when the product is not used actively if it for example an electric device
that has a live part that someone touches without actively using the device.
The probability of occurrence of harm …
Probability of occurrence of harm (per use)  

Definition Probability Value

Frequent >= 1/10 5

Probable <1/10 4

Occasional <1/100 3

Remote <1/1 000 2

Improbable <1/10 000 1

If your product contains software or if it is a Software, add the following.

Probability of occurrence of harm is estimated using two components: P1 and P2. P1 is the
probability of occurrence of the hazardous situation ...

6.2 Severity

The severity shall be determined using the table below:

[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 6 (7)

Severity  

Definition Definiton Value

Catastrophic Results in death 5

Critical Results in permanent impairment or life-threatening 4

injury

Serious Results in injury or impairment requiring professional 3

medical intervention

Minor Results in temporary injury or impairment not requiring 2

professional medical intervention

Negligble Inconvenience or temporary discomfort 1

7 Document and records controls

Option 1 – you don’t have a procedure for document control

This is included in case you do not have a Quality management system in place covering document
and records control. It is a very “light” version of document control, but for a class I manufacturer, this
may act as a starting point. If you are planning to or already have implemented a system with
procedures for maintaining documents and records, see option 2.
Documents shall be controlled according to the table below:
Doc type Reviewer Approver Distribution

Records from risk management shall be controlled according to the table below:
Doc type Approver Distribution Note

Risk control measure QA Risk management file binder

verification results

Option 2 – there is a document control procedure

[Your logo]
Doc. No. Document Title Issue Pages

Risk management plan A 7 (7)

Use this text if you already have procedures for Control of Documents and Records.
Documentation will be controlled according to the following procedures:

8 Change History

Revision Ref Description

A Whole document New release