Risk Management in Clinical Evaluation

In the Clinical Evaluation Plan (CEP), the primary purpose of the “Risk Management” chapter is not to re-execute risk management activities, but rather to clearly articulate how the risk management process and clinical evaluation activities interrelate and provide input to each other, collectively ensuring that the benefit-risk profile of the device under evaluation is acceptable for its intended use. This chapter should outline the identified clinical risks and detail how the clinical evaluation is planned to further confirm the controllability and acceptability of these risks.

When drafting this chapter, it is crucial to reflect the continuous, bi-directional interaction between risk management and clinical evaluation, a key requirement under the MDR.

Referencing the Existing Risk Management Framework

This chapter should explicitly state that the manufacturer has established and maintains a comprehensive risk management process in accordance with applicable standards (e.g., ISO 14971) and MDR requirements. The Clinical Evaluation Plan is developed within this established risk management framework. Therefore, it is necessary to outline how the risk management process has identified clinical risks associated with the device under evaluation. Typically, this information is derived from a series of core risk management documents, such as the Risk Management Plan, Hazard Analysis (HA, which may include Application HA, Design HA, etc.), Process/Manufacturing FMEA (PFMEA), and ultimately, the Risk Management Report. Referencing these documents in the CEP demonstrates that the risk context for the clinical evaluation is well-documented.

Identified Risks to be Addressed in Clinical Evaluation

After outlining the overall risk management framework, the CEP should briefly describe the significant clinical risks associated with the clinical use of the device under evaluation that have been identified through the aforementioned risk management activities. This includes the preliminary assessment of these risks (both initial risks and residual risks after mitigation by risk control measures) and how their acceptability has been determined against predefined criteria set forth in the Risk Management Plan (usually detailed in the Risk Management Report).

Furthermore, it should be explained how implemented risk control measures—such as conformity to harmonized standards, specification of the device’s useful lifetime, maintenance requirements, and provision of safety information through labeling and instructions for use—are intended to reduce these risks to a level as low as reasonably practicable (AFARP).

Role of Clinical Evaluation in Confirming Acceptability of Residual Risks

The CEP needs to clearly articulate that a core function of the clinical evaluation (and a primary activity planned within this CEP) is to collect and analyze clinical data. This data is used to further confirm the acceptability of the identified residual risks, considering the device’s claimed benefits and by reference to the current state-of-the-art (SOTA). The clinical evaluation will specifically focus on the actual occurrence rates, the severity of clinical manifestations, and the real-world clinical impact of these residual risks.

Planned Data Sources for Evaluating Clinical Risks

To achieve the above objective, the CEP should outline the types of data planned for collection and analysis during the clinical evaluation to assess and confirm clinical risks. This section needs to align with the overall data collection strategy of the clinical evaluation. Potential data sources include:

• Data from preclinical studies , particularly test results that verify and validate the device design’s conformity to relevant safety standards (e.g., harmonized standards).
• Clinical data from published literature on the device under evaluation (if any) or on comparable similar/equivalent devices.
• Post-Market Surveillance (PMS) data from the device under evaluation or similar/equivalent devices, including user complaints, vigilance system reports, trend reports, etc.
• If clinical investigations are planned or ongoing, the clinical data obtained from these will naturally be core evidence for risk assessment.

Ensuring Consistency and Dynamic Updates to Risk Management

It is important to emphasize the continuous maintenance of consistency throughout the product lifecycle between the risk management documentation, the information provided to users (e.g., labeling, Instructions for Use – IFU), and the findings of the clinical evaluation. The CEP should anticipate that this consistency will be reviewed and confirmed in the subsequent Clinical Evaluation Report (CER).

More critically, risk management itself is a dynamic, iterative process. Therefore, the CEP must articulate this interactive mechanism: if the clinical evaluation process (including literature reviews, PMS data analysis, or clinical investigations) uncovers any previously unforeseen new hazards, or if the severity, occurrence, or detectability of existing risks is re-estimated, or if new questions arise concerning the device’s benefit-risk balance, this information will be promptly fed back into the risk management process. This may trigger updates to risk assessment documents and, if necessary, prompt the manufacturer to develop and implement additional risk control measures.

Linkage to State-of-the-Art (SOTA)

The judgment of risk acceptability often needs to be made by reference to the currently accepted state-of-the-art. Therefore, the CEP should also mention that the assessment of risks will involve a comprehensive consideration of acceptable risk levels and benefits associated with similar devices, as documented in the SOTA.