Which sequence best describes risk management steps per ISO 14971?

• A. Identify hazards, estimate risks, implement controls, and monitor effectiveness with a risk management file.
• B. Identify hazards, implement risk controls, monitor/verify, and then estimate risks.
• C. Identify hazards, estimate and evaluate risks, implement risk controls, and monitor/verify effectiveness with a documented risk management file.
• D. Identify hazards, document hazards, and discontinue development.

Answer: (C)

ISO 14971 risk management follows a lifecycle: identify potential hazards, assess the associated risk by estimating and evaluating it, implement appropriate risk controls to reduce that risk, and then monitor and verify the effectiveness of those controls while keeping thorough documentation in a risk management file. The option that aligns with this sequence starts with identifying hazards, then estimating and evaluating risks, then implementing risk controls, and finally monitoring/verifying effectiveness with a documented risk management file. This mirrors the standard’s structure: risk analysis (hazard identification, risk estimation, risk evaluation), risk control (selection and implementation of controls with residual risk assessment), and ongoing verification and documentation. The other options either skip the evaluation step, reverse the order by implementing controls before estimating risks, or describe actions (like discontinuing development) that aren’t how ISO 14971 guides risk management.