Risk Management of Medical Device Software According to ISO 14971

Identify hazards – analyze causes – control risks – manufacture safe medical devices

Identify hazards – analyze causes – control risks – manufacture safe medical devices

Course Description

Medical device software is software that is intended to be used, alone or in combination, for a purpose as specified in the definition of a “medical device” in the MDR or IVDR, regardless of whether the software is independent (standalone software) or driving or influencing the use of a device (embedded software as part of a medical device). The software has to be designed to ensure reliability and performance according to their intended use.

The establishment of an interactive risk management process across the product lifecycle is very essential for every manufacturer of medical device software in order to eliminate risks or minimize them as much as possible. Thereby, it is important to take applicable standards into account and consider various risk aspects, such as effects of software errors, negative interactions, aspects of the IT environment and IT security, safety-relevant functions and processes or verification- und validation steps. 

In this seminar, you will learn the basic requirements for risk analysis of medical device software according to the applicable standards and you will be able to carry out a risk analysis and document the results properly. You will be able to assess the risks in your software and create a risk management report based on this.

Course Contents

  • Risk management basics, definitions of terms
  • Risk management process and ISO 14971
  • Risk management analysis and documentation requirements
  • Risk analysis for software:
    • Scenario based risk analysis, SW-architecture, root-cause analysis,
    • FTA, FMEA, IT security-analysis and third-party components
    • Concept of EC/TR 80002-1:2009 - Medical device software Part 1:
    • Guidance on the application of ISO 14971 to medical device software
  • Risk assessment and risk management report
  • Production and post-production activities, (configuration management, deployment, updates of databases, operating systems etc.)
  • Change Management and risks
  • Normative requirements according to ISO/EN ISO 14971, to FDA, to MDR and ISO/TR 24971: Medical devices - Guidance on the application of ISO 14971

Who Should Attend

  • Medical device manufacturers whose products contain software or are a standalone software product.
  • Employees who are in charge of:
    • Regulatory affairs management
    • Quality management and risk management
    • IT management
    • Usability, requirements, system and software engineering
    • Project and product management
    • Corporate management
    • Service providers and suppliers in medical device industry
    • Consultants of medical software

Course Objectives

  • You will learn how to set up risk management of medical device software from development to application to patients.
  • You will know how to create risk analyses for medical device software.
  • You will be aware of the requirements for the risk management process.


No requirements are necessary.


This seminar addresses internationally valid standards. The contents of the seminar correspond to the current status of the revision/harmonization.


TÜV SÜD Academy certificate of attendance

Next Steps

Site Selector