Dynamic risk management for software-enabled medical devices

August 6, 2025 ░░░░░░

Dynamic Risk Management for Software-Enabled Medical Devices

Note: This post is co-authored by Aaron Joseph, Principal Consultant with Sunstone Pilot and Monik Sheth, co-founder of Ultralight Labs. This is the fourth post in a series on product development best practices for software-enabled medical devices.

In our first post, we discussed what happens when a product team needs to implement a design change during V&V while under intense time pressure. We used this challenging scenario to compare two approaches to product development of software-enabled devices:

  1. The traditional, document-based approach
  2. A modern, platform-based approach

The platform-based approach, using a set of software tools we refer to as “The Hub,” enabled the team to rapidly handle the last-minute design change. In this article we’ll explain how the product team can use The Hub to manage risk assessments, risk controls, and testing of risk controls in a way that can keep up with rapid design changes, an approach we call Dynamic Risk Management. 

BONUS RESOURCE: Click here to download the full 2025 Medical Device Industry Report for free!

The challenges of risk management for software-enabled devices

Risk management plays a central role in every aspect of placing a device on the market: product design and testing, regulatory submissions, manufacturing controls, and complaint handling to name a few. During product development there are many methods that can be used for risk analysis, such as System Hazard Analysis, Preliminary Hazard Analysis, Fault Tree Analysis, Design FMEA, and Use FMEA. Regardless of the method, manufacturers need to answer these fundamental questions for safety:

  • What risk controls (mitigations) are needed?  

  • Have they been implemented?  

  • Do they work as intended?

Performing risk analyses is labor intensive and requires a cross-functional team with expertise in many areas (mechanical design, electrical design, software, clinical application, human factors, manufacturing, etc.). The results of risk analyses appear in many documents throughout the quality system, making it difficult to keep them all up-to-date and in-sync. Because risk analysis is labor intensive, highly cross-functional, and affects many documents, a well-designed collaboration platform can provide significant benefits. 

To fully understand the advantages of a platform-based approach to risk management, however, we need to examine the drawbacks of the traditional, document-based approach. 

Shortcomings of the traditional (static) approach

Spreadsheets (Excel, G-Sheet, etc.) are a common tool for performing risk analyses because they are widely available and work well for the initial risk analysis. However, spreadsheets are not a good tool for integrating risk analysis with design controls and the rest of development, and they are extremely difficult to maintain throughout the product’s lifecycle. That’s because spreadsheets are not a good tool for linking to information stored in other documents or making automatic updates. 

 

 

So, when changes are made to a product’s design, the lack of integration between spreadsheets often results in broken traceability and out-of-date content in the risk analysis spreadsheet. Those issues have to be manually corrected, which introduces the risk of human error. On top of that, when risk controls live in a disconnected spreadsheet, they aren’t always visible to members of the product team, which means they may not be properly incorporated into design and labeling.

For example, let’s say you’re analyzing potential risks due to hardware failures and use errors in a new medical device. You define 57 software requirements that are needed as risk controls. You now need to manually monitor all 57 requirements to make sure they are all implemented and verified through many changes during development and after product launch. How will your software engineers know that a particular software requirement is serving as a risk control?

Well, first they need to find the right spreadsheet—and make sure it’s the latest version. Then they have to examine the software requirement and the risk it mitigates and decide if the requirement can be modified. And this all assumes the spreadsheet is correct and up to date. Now, imagine that happening every time there is a change during development.

Spreadsheets can't keep up with changes during development

Software-intensive, connected devices will go through many design iterations during development and will continue to change at regular intervals after product launch. What happens to a carefully completed risk analysis spreadsheet during these design changes?

Every design change can potentially affect the contents of the spreadsheet and may:

  • lead to out-of-date test results for verification of risk controls

  • undermine previously defined risk controls

  • introduce new risks requiring new risk controls

Spreadsheets are good for initially identifying the necessary risk controls but they can’t keep up with rapid design changes in software-intensive medical devices. Spreadsheets are a static solution for a dynamic problem.

The benefits of using a platform (dynamic) approach 

What is a dynamic approach to risk management? First, we break down the risk table (spreadsheet) into a series of objects (elements) and store the objects and their relationships in a database. The primary relationships are Risk-to-Requirement (mitigation link) and Requirement-to-Test (verification link). This simple model will typically cover about 90% of the risks and risk controls for a software-intensive medical device.

The figure below compares how risk information is stored in a spreadsheet versus how it is stored in The Hub. Each row of the spreadsheet risk table is represented by an object in The Hub, which has multiple attributes (the columns of the spreadsheet). Each object is linked to one or more risk controls (typically design requirements) which are then linked to tests. At any time The Hub can generate a risk document as a set of risk objects and other objects linked to them.

 

This flexible structure for risk analysis in The Hub provides multiple benefits for risk management:

  • Visibility: The risk analysis and risk control information (including the latest drafts) are visible to everyone, creating a single source of truth. Anyone can see immediately if a design requirement is serving as a risk control. For example, test engineers can plan verification testing appropriately for the level of risk associated with particular safety requirements.

  • Integration with design controls: Risk management is integrated with design inputs, design outputs, and design verification. The identified risk controls can be easily organized into appropriate workstreams for different functional groups (Mechanical, Electrical, Software, UX design, Manufacturing, etc.). 

  • Continuously updates as the product is developed: Product team members can write and revise linked content for multiple documents simultaneously. For example, they can add a new risk, define new risk controls for it, and define verification tests for those risk controls—and that content will be incorporated into a half dozen DHF documents automatically.

  • Documentation automation: At any point The Hub can automatically generate a risk assessment document which incorporates all of the latest information about linked risk controls and verification of those risk controls.

  • Change management: The Hub enables rapid and comprehensive change impact assessments. Changes to design requirements can be traced back to the risks they mitigate and to the affected risk documents. 

 

Dynamic Risk Management using Greenlight Guru's software

Now let’s see what Dynamic Risk Management looks like using the Greenlight Guru software.

Defining a single risk object

The screenshot below shows the fields (attributes) for a single risk object. This object is the equivalent of a single row of a risk table in a spreadsheet. The risk has a unique ID (“RSK-4”), descriptions of Hazardous Situation and Harm, risk ratings (Probability of Harm, Severity of Harm, Risk Level) both pre- and post-mitigation, and other information about the risk. The software tracks every change to this object so anyone with access can see a history of changes to each risk (this is the third version “V3” of this individual object).

Linked risk controls

The next screenshot shows the information for a single product requirement that serves as a risk control and was linked to the risk object shown above. Anyone editing this requirement in the future can see immediately the risk the requirement mitigates.

Auto-generation of risk analysis document

Once all of the risk objects are finalized in the software and links completed to all of the risk controls, the author exports the information into a full risk analysis document that will be stored in the Risk Management File for the product. Future revisions to this document are done by editing individual risk objects in the software and their links, then re-exporting the document. Between releases of the document, everyone can see the latest changes in The Hub.

 

BONUS RESOURCE: Click here to download the full 2025 Medical Device Industry Report for free!

Software-enabled devices require a modern, platform-based approach to risk management

The boom in medical devices integrating software and AI to improve patient care has led to an enormous amount of innovation. But it’s also exposed the need for novel solutions to the problems that teams face as they develop software-intensive, connected devices. To be able to manage complexity, especially when it comes to risk management, these teams need tools that are built for fast-paced and highly iterative development—while also ensuring rigorous compliance with all the regulatory requirements that medical devices must meet. 

That’s why at Greenlight Guru, we designed our Dynamic Risk Management solution specifically for fast, continuous changes in design. That way, a last minute change doesn’t create chaos. It simply goes through the same processes the product team has been using throughout development. 

If you want to learn more about how the right tools can transform your approach to risk management, then get your free demo of Greenlight Guru today. 

Aaron Joseph, principal consultant with Sunstone Pilot, is a biomedical engineer based in Waltham, Mass. He helps clients efficiently tackle risk management and design controls for new product development based on his broad experience from surgical robotics to medical imaging to IOT and SaMD products.

2025 Medical Device Industry Report
Download For Free
2025 Medical Device Industry Report
Search Results for:
    Load More Results