Integrating risk management into sustaining engineering: Bridging the gap in medical device lifecycle safety

Abstract

Background

Effective medical device risk management is essential to ensuring patient safety and regulatory compliance across a product’s lifecycle. While early design phases often include robust risk identification and mitigation strategies, sustaining engineering (the phase concerned with post-market support, i.e., updates, maintenance, and modifications) often lacks equally rigorous risk management practices.

Methods

A narrative, scoping-style review was conducted to examine risk management practices during sustaining engineering, following PRISMAScR reporting principles. Searches spanned databases (PubMed, IEEE Xplore, etc.), engineering portals, and regulatory/standards sources (ISO/BSI, FDA, European Commission/MDCG, IMDRF, AAMI), supplemented by gray literature from reputable organizations. Inclusion criteria targeted works published between 2007 and 2025 addressing ISO 14971 application, post-market risk integration, or sustaining engineering workflows. Narrower date windows were applied in specific cases to manage search volume or improve relevance. Of 202 records screened, 16 full-text articles were assessed for eligibility, and 11 were included in the final synthesis. Quality appraisal used JBI tools for peer-reviewed studies and AACODS for gray literature.

Results

The evidence base included peer-reviewed studies, regulatory guidance, and scholarly frameworks. Key barriers to effective risk management in sustaining engineering include fragmented workflows, unclear responsibilities, lack of traceability, and weak quality system integration between engineering changes and risk management.

Conclusions

Integrating ISO 14971 principles into sustaining engineering workflows transforms risk management from a static compliance task into a dynamic, continuous process. This approach strengthens traceability, enhances patient safety, and ensures regulatory alignment across the device lifecycle by proactively identifying, assessing, and mitigating emerging risks in sustaining changes.

Keywords

Risk management medical regulation medical device engineering change ISO 14971 digital risk management platform

Get full access to this article

View all access options for this article.

References

International Organization for Standardization . ISO 14971:2019. Medical devices —Application of risk management to medical devices. Geneva: ISO, 2019.

Nolan

McDermott

. Failure mode effect analysis use and limitations in medical device risk management. J Open Innov Technol Mark Complex 2025; 11: 100439.

Leppänen

. Best practices for risk management of (IVD) medical devices: Identification of development areas [bachelor’s thesis]. Turku, Finland: Turku University of Applied Sciences, 2025 [cited 2025 Sep 28], Available from: https://www.theseus.fi/handle/10024/889332.

Sharma

Luthra

. A comprehensive review of risk management in the medical device industry. J Pharm Res Int 2023; 35: 14–23.

Singh

Patel

. Methods for medical device design, regulatory compliance and risk management. J Eng Res Rep 2024; 26: 373–389.

British Standards Institution . Risk management for medical devices and the new BS EN ISO 14971 [white paper]. London, UK: BSI Group, 2022 Jul [cited 2025 Jun 27], Available from: https://www.bsigroup.com/globalassets/localfiles/en-us/images/wp_risk_management_web.pdf.

Oriel Stat A Matrix . Medical device risk management 101: Learning the basics of how to analyze, evaluate, control, and monitor risk [white paper]. 2019 [cited 2025 Jun 28]. Available from: https://www.orielstat.com/Medical-Device-Risk-Management-101.

U.S. Food and Drug Administration . Risk management activities within a quality system [presentation]. Silver Spring (MD): FDA, 2023 [cited 2025 Jun 28], Available from: https://www.fda.gov/media/163915/download.

U.S. Food and Drug Administration . Class 1 device recall: Medtronic Sprint Fidelis lead [Internet]. 2007 [cited 2025 Jun 28]. Available from: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfres/res.cfm?id=65383.

10.

U.S. Food and Drug Administration . White paper: Infusion pump improvement initiative [Internet]. 2010 [cited 2025 Jun 28]. Available from: https://www.fda.gov/medical-devices/infusion-pumps/white-paper-infusion-pump-improvement-initiative.

11.

Page

McKenzie

Bossuyt

, et al. The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. Br Med J 2021; 372: 71.

12.

Tricco

Lillie

Zarin

, et al. PRISMA Extension for scoping reviews (PRISMA-ScR): checklist and explanation. Ann Intern Med 2018; 169: 467–473.

13.

Joanna Briggs Institute . Critical appraisal tools [Internet]. [cited 2025 Sep 28]. Available from: https://jbi.global/critical-appraisal-tools.

14.

Tyndall

. AACODS checklist for appraising grey literature. Adelaide, AU: Flinders University, 2010 [cited 2025 Sep 28], Available from: https://dspace.flinders.edu.au/xmlui/handle/2328/3326.

15.

European Commission . MDCG 2020-7: Guidance on PMCF plan template [Internet]. Brussels: European Commission, 2020 [cited 2025 Sep 28], Available from: https://health.ec.europa.eu/system/files/2020-09/md_mdcg_2020_7_guidance_pmcf_plan_template_en_0.pdf.

16.

International Medical Device Regulators Forum. NCAR guidance: Post-market surveillance . IMDRF NCAR WG N14 [Internet]. 2025 [cited 2025 Sep 28]. Available from: https://www.imdrf.org/documents/medical-devices-post-market-surveillance-national-competent-authority-report-exchange-criteria-and-report-form.

17.

Association for the Advancement of Medical Instrumentation . TIR57/TIR97: Principles for medical device cybersecurity and post-market risk management [technical information report]. Arlington, VA: AAMI, 2020.

18.

U.S. Food and Drug Administration . Code of Federal Regulations Title 21: Part 820 – Quality System Regulation [Internet]. Silver Spring, MD: FDA, cited 2025 Oct 19, Available from: https://www.ecfr.gov/current/title-21/part-820.

19.

European Parliament and Council of the European Union . Regulation (EU) 2017/745 on medical devices. Off J Eur Union [Internet] 2017 May 5; L117: 1–175. [cited 2025 Oct 19]. Available from: https://eur-lex.europa.eu/eli/reg/2017/745/oj.

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.08 MB