Professional Documents
Culture Documents
Free TEMP 012 Risk Management Plan Rev 20170217
Free TEMP 012 Risk Management Plan Rev 20170217
This is a free template. You may find a premium version of this template on Gantus.com that you can
purchase.
What this is
This template will provide you with a framework to complete your risk management plan. It may also
be used as a benchmark on your existing plan. The template includes topics as required by clause 3.4
of ISO 14971:2007, 2009 and 2012. It also includes topics that should be addressed for software risk
management according to IEC 62304:2006.
Why it is useful
A risk management plan is required because an organized approach is essential for good risk
management, the plan provides the roadmap for risk management, encourages objectivity and helps
prevent essential elements being forgotten.
How to use it
1. If you are developing a brand-new product, establish as much as possible of this plan in the
planning phase of your project.
2. If you are making a revision of an old product, or adding a product to a range that this plan
applies to, the plan might only have to be updated slightly.
3. Note that the plan shall be maintained, that is, it should reflect what you are doing and the
other way around.
In this template, instructions and/or explanations are included using blue italic texts such as these.
Instructions and explanations should be removed before review of the document. All texts that are not
blue are example texts that can and should be edited by you. Texts that most certainly should be
replaced or updated are identified by the { and } characters. They should be removed and the example
text customized to work with your current project.
For more information on how to use this template, visit http://gantus.com/templates-help
This document is protected by the terms and conditions accepted during the check-out process at
gantus.com. It may be used for your company internal use, but may not be resold or distributed in any
other way. Please respect this and contact support@gantus.se if you should find this document where
you believe it should not be.
[Your logo]
Doc. No. Document Title Issue Pages
1 Purpose
2 Scope
The risk management plan has to some extent, a dual nature. Responsibility for risk management
should be defined both during product development and during product maintenance phase. Plans to
cover temporary tasks in a project, compared to plans (or even procedures) that outline continuous
operations such as during maintenance phase are difficult to create in the same way. In a project, a
Gantt-chart with responsibilities or a list of phases and deliverables, may do the job, but for continuous
operations, the approach is more process oriented. Why is this important? You should make a choice
whether you want to include project activities in this risk management plan or have them in your
Design and Development plan. This decision affects the section below.
This plan covers …
3 Contents
The Table of Contents have been created by inserting a Table of Contents (native function in MS
Word). If you need to update it, select and press F9.
1 Purpose..........................................................................................................................................1
2 Scope..............................................................................................................................................1
3 Contents.........................................................................................................................................2
4 Assignment of responsibility..........................................................................................................2
4.1 Product development.............................................................................................................2
4.2 Product maintenance.............................................................................................................3
5 Risk management policy.................................................................................................................4
5.1 General...................................................................................................................................4
5.2 Annex Z...................................................................................................................................4
5.3 Risk evaluation matrix............................................................................................................5
6 Determination of risk......................................................................................................................5
6.1 Probability of occurence of harm...........................................................................................5
6.2 Severity...................................................................................................................................6
7 Document and records controls.....................................................................................................6
8 Change History...............................................................................................................................7
[Your logo]
Doc. No. Document Title Issue Pages
4 Assignment of responsibility
If your product includes software, you should have the row with Software safety classification in the
table below. If there is no software, you may remove it.
5.1 General
This section provides the framework that you will be using for the risk evaluation step in risk
management. This policy will define the criteria for risk acceptability that will result in a risk evaluation
matrix. Many manufacturers will reduce the risk management policy to only the risk evaluation matrix,
which is unfortunate. The text below should of course be updated to reflect your product and policy.
In this policy, considerations for compliance with the requirements of Annex Z of the EN ISO
14971:2012 standard has been made.
The Company develops, produces and sells products for use in connection with {XXX}…
If you are manufacturing a product for EU or EFTA countries and want to comply with Annex Z, please
remove the text below since Annex Z requires ALL risks to be identified and minimized as far as
possible. But if you “only” comply with ISO 14971:2007, keep the text below because it lets you avoid
including risks like paper cuts from the instructions for use, which is negligible but should be included
according to Annex Z (at least in theory).
All risks but negligible risks and risks that are commensurate with the risk of everyday life shall be
identified. Unacceptable risks shall be reduced firstly by making the product inherently safe by
design, secondly by applying protective measures and lastly information for safety. Risk/benefit
analysis shall be carried out for unacceptable risks.
5.2 Annex Z
If you are manufacturing a product for EU or EFTA countries and want to comply with Annex Z, please
include this Annex Z section and the text below:
In the risk management process, all risks regardless of magnitude shall be identified and minimized…
The evaluation matrix below is used for evaluating risks with reference to ISO 14971.
Severity
Po 1 2 3 4 5
6 Determination of risk
The basis for the likelihood can be determined in different ways. The simplest way that work for most
products is per use. Alternatives can be per year, or per day at a certain installed base. Please note
that there may be risks also when the product is not used actively if it for example an electric device
that has a live part that someone touches without actively using the device.
The probability of occurrence of harm …
Probability of occurrence of harm (per use)
Probable <1/10 4
Occasional <1/100 3
6.2 Severity
Severity
Records from risk management shall be controlled according to the table below:
Doc type Approver Distribution Note
Use this text if you already have procedures for Control of Documents and Records.
Documentation will be controlled according to the following procedures:
8 Change History