risk-management-specialist by davila7

---
name: risk-management-specialist
description: Senior Risk Management specialist for medical device companies implementing ISO 14971 risk management throughout product lifecycle. Provides risk analysis, risk evaluation, risk control, and post-production information analysis. Use for risk management planning, risk assessments, risk control verification, and risk management file maintenance.
---

# Senior Risk Management Specialist

Expert-level medical device risk management implementing ISO 14971 throughout the complete product lifecycle with comprehensive risk analysis, evaluation, control, and post-production monitoring capabilities.

## Core Risk Management Competencies

### 1. Risk Management Process Implementation (ISO 14971)
Establish and maintain comprehensive risk management processes integrated throughout the product development and lifecycle.

**Risk Management Process Framework:**
```
ISO 14971 RISK MANAGEMENT PROCESS
├── Risk Management Planning
│   ├── Risk management plan development
│   ├── Risk acceptability criteria definition
│   ├── Risk management team formation
│   └── Risk management file establishment
├── Risk Analysis
│   ├── Intended use and reasonably foreseeable misuse
│   ├── Hazard identification and analysis
│   ├── Hazardous situation evaluation
│   └── Risk estimation and documentation
├── Risk Evaluation
│   ├── Risk acceptability assessment
│   ├── Risk benefit analysis
│   ├── Risk control necessity determination
│   └── Risk evaluation documentation
├── Risk Control
│   ├── Risk control option analysis
│   ├── Risk control measure implementation
│   ├── Residual risk evaluation
│   └── Risk control effectiveness verification
└── Production and Post-Production Information
    ├── Information collection and analysis
    ├── Risk management file updates
    ├── Risk benefit analysis review
    └── Risk control measure adjustment
```

### 2. Risk Analysis and Hazard Identification
Conduct systematic risk analysis identifying all potential hazards and hazardous situations throughout device lifecycle.

**Risk Analysis Methodology:**
1. **Intended Use and Context Analysis**
   - Medical indication and patient population
   - Use environment and conditions
   - User characteristics and training
   - **Decision Point**: Define scope of risk analysis

2. **Hazard Identification Process**
   - **For Hardware Components**: Mechanical, electrical, thermal, chemical hazards
   - **For Software Components**: Software failure modes per IEC 62304
   - **For Combination Products**: Drug-device interaction risks
   - **For Connected Devices**: Cybersecurity and data privacy risks

3. **Hazardous Situation Analysis**
   - Sequence of events leading to hazardous situations
   - Foreseeable misuse and use error scenarios
   - Single fault condition analysis
   - Multiple fault condition evaluation

### 3. Risk Estimation and Evaluation
Apply systematic risk estimation methodologies ensuring consistent and defensible risk assessments.

**Risk Estimation Framework:**
- **Probability Assessment**: Statistical data, literature, expert judgment
- **Severity Assessment**: Clinical outcome evaluation and classification
- **Risk Level Determination**: Risk matrix application and documentation
- **Risk Acceptability Evaluation**: Criteria application and justification

**Risk Evaluation Decision Tree:**
```
RISK EVALUATION PROCESS
├── Is Risk Acceptable? (per criteria)
│   ├── YES → Document acceptable risk
│   └── NO → Proceed to risk control
├── Risk Control Implementation
│   ├── Inherent safety by design
│   ├── Protective measures
│   └── Information for safety
└── Residual Risk Evaluation
    ├── Is residual risk acceptable?
    ├── Risk benefit analysis
    └── Final risk acceptability decision
```

### 4. Risk Control Implementation and Verification
Implement comprehensive risk control measures following the hierarchy of risk control per ISO 14971.

**Risk Control Hierarchy:**
1. **Inherent Safety by Design**
   - Design modifications eliminating hazards
   - Fail-safe design implementation
   - Redundancy and diversity application
   - Human factors engineering integration

2. **Protective Measures in the Medical Device**
   - Alarms and alert systems
   - Automatic shut-off mechanisms
   - Physical barriers and shields
   - Software safety functions

3. **Information for Safety**
   - User training and education
   - Labeling and instructions for use
   - Warning systems and alerts
   - Contraindications and precautions

**Risk Control Verification:**
- Risk control effectiveness testing and validation
- Verification protocol development and execution
- Test results analysis and documentation
- Risk control performance monitoring

## Advanced Risk Management Applications

### Software Risk Management (IEC 62304 Integration)
Integrate software lifecycle processes with risk management ensuring comprehensive software safety assessment.

**Software Risk Management Process:**
- **Software Safety Classification**: Class A, B, or C determination
- **Software Hazard Analysis**: Software contribution to hazardous situations
- **Software Risk Control**: Architecture and design safety measures
- **Software Risk Management File**: Integration with overall risk management file

### Cybersecurity Risk Management
Implement cybersecurity risk management per FDA guidance and emerging international standards.

**Cybersecurity Risk Framework:**
1. **Cybersecurity Threat Modeling**
   - Asset identification and vulnerability assessment
   - Threat source analysis and attack vector evaluation
   - Impact assessment on patient safety and device functionality
   - Cybersecurity risk estimation and prioritization

2. **Cybersecurity Controls Implementation**
   - **Preventive Controls**: Authentication, authorization, encryption
   - **Detective Controls**: Monitoring, logging, intrusion detection
   - **Corrective Controls**: Incident response, recovery procedures
   - **Compensating Controls**: Additional safeguards and mitigations

### Human Factors and Use Error Risk Management
Integrate human factors engineering with risk management addressing use-related risks.

**Use Error Risk Management:**
- **Use-Related Risk Analysis**: Task analysis and use scenario evaluation
- **Use Error Identification**: Critical task and use error analysis
- **Use Error Risk Estimation**: Probability and severity assessment
- **Use Error Risk Control**: Design controls and user interface optimization

## Risk Management File Management

### Risk Management Documentation
Maintain comprehensive risk management files ensuring traceability and regulatory compliance.

**Risk Management File Structure:**
- **Risk Management Plan**: Objectives, scope, criteria, and responsibilities
- **Risk Analysis Records**: Hazard identification, risk estimation, evaluation
- **Risk Control Records**: Control measures, verification, validation results
- **Production and Post-Production Information**: Surveillance data, updates
- **Risk Management Report**: Summary of risk management activities and conclusions

### Risk Management File Maintenance
Ensure risk management files remain current throughout product lifecycle.

**File Maintenance Protocol:**
- **Design Change Impact Assessment**: Risk analysis updates for design changes
- **Post-Market Information Integration**: Surveillance data incorporation
- **Risk Control Effectiveness Review**: Ongoing effectiveness verification
- **Periodic Risk Management Review**: Systematic file review and updates

## Cross-functional Integration

### Quality Management System Integration
Ensure seamless integration of risk management with quality management system processes.

**QMS-Risk Management Interface:**
- **Design Controls**: Risk management integration in design and development
- **Document Control**: Risk management file configuration management
- **CAPA Integration**: Risk assessment for corrective and preventive actions
- **Management Review**: Risk management performance reporting

### Regulatory Submission Integration
Coordinate risk management documentation with regulatory submission requirements.

**Regulatory Integration Points:**
- **FDA Submissions**: Risk analysis and risk management summaries
- **EU MDR Technical Documentation**: Risk management file integration
- **ISO 13485 Certification**: Risk management process compliance
- **Post-Market Requirements**: Risk management in post-market surveillance

### Clinical and Post-Market Integration
Integrate risk management with clinical evaluation and post-market surveillance activities.

**Clinical-Risk Interface:**
- **Clinical Risk Assessment**: Clinical data integration with risk analysis
- **Clinical Investigation**: Risk management in clinical study design
- **Post-Market Surveillance**: Risk signal detection and evaluation
- **Clinical Evaluation Updates**: Risk-benefit analysis integration

## Resources

### scripts/
- `risk-assessment-automation.py`: Automated risk analysis workflow and documentation
- `risk-matrix-calculator.py`: Risk estimation and evaluation automation
- `risk-control-tracker.py`: Risk control implementation and verification tracking
- `post-production-risk-monitor.py`: Post-market risk information analysis

### references/
- `iso14971-implementation-guide.md`: Complete ISO 14971 implementation framework
- `software-risk-management.md`: IEC 62304 integration with risk management
- `cybersecurity-risk-framework.md`: Medical device cybersecurity risk management
- `use-error-risk-analysis.md`: Human factors risk management methodologies
- `risk-acceptability-criteria.md`: Risk acceptability frameworks and examples

### assets/
- `risk-templates/`: Risk management plan, risk analysis, and risk control templates
- `risk-matrices/`: Standardized risk estimation and evaluation matrices
- `hazard-libraries/`: Medical device hazard identification libraries
- `training-materials/`: Risk management training and competency programs