Guest Column | September 12, 2018

Managing Risk For Medical Device Clinical Trials

By Claudia Campbell-Matland, 3Sixty Pharma Solutions


Risk management can be accomplished with your logical thought process!

Let's face it, risk is a difficult topic; thinking about things going wrong is stressful! Planning for and handling risks in medical device — including in vitro diagnostics (IVDs) — clinical trials can seem daunting, as there are so many aspects to consider: patient enrollment behind schedule, delays in delivery of study supplies, and much more.

The clinical trial manager may also need to participate in product risk management efforts for the device itself, which is part of meeting regulatory and quality requirements for device safety and effectiveness. That process can seem complex to those unfamiliar with it.

Risk, in its simplest terms, is the possibility of loss or injury, or, someone or something suggesting a hazard.1 "Risk management" is the process of identifying, evaluating and prioritizing potential hazards (i.e., risks, or things that may go wrong), followed by the application of plans and resources (people and more) to minimize, monitor, and control the likelihood (i.e., probability) of risks occurring, and to minimize the impact of issues (i.e., risks that have occurred).

This article explains the basics of project risk management and how to execute it, and the vital role clinical data play in product risk management, so the clinical trial manager can be better prepared to both manage risks in their trial projects and participate more fully in the device's product risk management effort.

Risk Management — Why Should We Care?

Despite our best efforts, things will go wrong (remember Murphy's Law!). We care about meeting our objectives, and risk management is a best practice strategy for doing so. We innately manage risks in our daily lives by using a logical thought process. Think about your drive to

  • identify a hazard and its cause (traffic delay due to an accident)
  • analyze the situation (you'll be late for work), and
  • consult your Smartphone's map/navigation app to develop and implement mitigations / controls (leave early and take a detour route) to arrive on time

Let's translate that thought process into a risk management framework (Fig. 1).

Fig. 1 — General Risk Management Process

Risk management is a fundamental part of a medical device product's – and a project’s – lifecycle (Table 1), and is grounded in the framework shown above. Like a circle, it is an iterative and ongoing process.

Table 1 — Lifecycle Risk Management for Projects and Medical Device Products

Project Risk Management Process

The nonprofit Project Management Institute (PMI®)2 provides step-by-step best practice guidance for executing project risk management (Table 2). The project lifecycle process consists of five sub-processes: initiating, planning, executing, monitoring & controlling, and closing. The project risk management processes and activities are listed with their corresponding project lifecycle process. “Monitoring & controlling” can be equated to the “monitor & control” circle in the risk management framework shown in Fig. 1. 

Table 2: Project Risk Management Process

Following are additional considerations for managing risks to clinical trial project objectives:

  • View project and product risks holistically; discuss them together for a fuller understanding of how product risks could impact project objectives.
  • Risk planning sets a solid foundation for the trial, but is often not initiated, or is not fully completed due to schedule demands. Make time/brainstorm methods to get your team and other stakeholders together to plan — in-person and/or virtually.
  • Ensure scope/requirements are documented — define in-scope vs. out-of-scope — and manage scope to avoid the risks of "scope creep" (i.e., unapproved changes).
  • Adhere to the change control process; ask for information and justifications for requested changes.
  • For issue escalation, ensure team members know to analyze the situation and bring recommended actions/mitigations, impacts, and rationales. 
  • We are often so focused on negative risks, it's difficult to think about opportunities to exploit to benefit the project — brainstorm ideas to accelerate schedule, leverage resources, etc.
  • Communicate risk status to stakeholders with dashboards or other easy-to-understand methods.
  • Performing risk analysis for the first time? Keep it Simple! Create a small, color-coded table with a just few categories (Table 3). Plan mitigations in priority order - red zone first, then yellow, then green. Quantify risk impacts with a few tiers/ranges of cost increases, schedule delays, and quality impacts.

Table 3 — Example - Negative Risk Chart

Scenario: Clinical Trial Project Risk Management

You are the clinical trial project manager at an IVD company, working with a team to plan a trial for a new influenza diagnostic device under development for use in physician offices. The trial's purpose is to obtain clinical data to complete design validation and prepare the FDA 510(k) submission. Table 4 lists the factors we’ll consider when we begin thinking about potential risks and plans to mitigate them:

Table 4 — Clinical Trial Risk Management Considerations

The Key Role of Clinical Data in Product Risk Management

ISO 149714 points to a variety of regional regulations, as well as regional or harmonized standards. that demonstrate the breadth of product risk management (e.g., usability/human factors, biocompatibility, software, and more). The international standard for clinical evaluation, MEDDEV 2.7/1,5 and FDA Guidances6,7 note the vital role of clinical data in risk management throughout the device TPLC: 


  • Based on the medical device type, intended use, and risk classification, clinical trial data may be required as part of design validation, verification of implemented risk mitigations, and to support the analysis and acceptability determination of a device's residual risks (i.e., risks remaining after risk mitigations implementation & verification) vs. its clinical benefits.


  • Clinical data/evidence is part of ongoing risk management activities, required in postmarket surveillance (PMS) studies and in postmarket and/or clinical evaluation report updates. Clinical evidence and risk benefit analyses are also incorporated into regulatory enforcement and compliance decision-making processes for commercialized devices.

Integration of clinical data with product risk management is key to the scope and purpose of medical device clinical trials, which require project risk management to ensure the trials meet objectives. The tips in this article can help the clinical trial manager better execute project risk management for their clinical trials, with the aim of providing clinical data meeting pre- and postmarket requirements.

The Clinical Trial Manager And Medical Device Product Risk Management

ISO 149714 describes the product risk management process (Fig. 2). It has the same basic elements as project risk management: plan, identify, analyze, control, monitor, and report. However, ISO focuses on causes of — and mitigations for — situations resulting from product hazards that could harm the patient, users, property, or the environment.

Fig. 2 — ISO 14971 Medical Device Product Risk Management Process

In the scenario described above, we would start our evaluation by considering the intended use and safety characteristics, as well as potential risks from a variety of sources: design, materials, usability/human factors, biocompatibility, performance, processes, labeling, packaging, instructions for use, cybersecurity, and more.

  • Potential for harm is assessed in terms of severity and probability (likelihood of occurrence).
  • Detectability of hazards or situations may be added to provide additional actionable information to the risk analysis.
  • Risk mitigations (controls) are implemented by the cumulative application of inherent safety by design and protective measures within the device itself, or in its processes. Controls must be evaluated for the introduction of new risks or impact on previously identified risks, and addressed accordingly with the risk analysis process.

After verification, the device's residual risks (those remaining after control measures are taken) are weighed against the device's clinical benefits for determination of acceptability. This product risk management process continues for the remainder of the device's post-market life.

The clinical trial manager can contribute to product risk management in a variety of ways:

  • Work with the company's medical advisors to ensure the product's risk process has incorporated applicable clinical risks, and that clinical benefits are supported with clinical evidence
  • Provide their experience with the device's clinical and functional performance, as well as weigh in on how aspects like user interface could cause potential harms
  • Partner with the device's program manager and cross-functional team to ensure clinical trial planning and scope evaluates the breadth of potential risks and verifies implemented mitigations

In Summary

Clinical trial managers can successfully execute risk management for medical device clinical trial projects by using a logic-guided, step-by-step approach. Risk management is a best practice strategy for meeting project and product objectives for medical devices.

About the Author

Claudia Campbell-Matland, PMP, is a 3Sixty Pharma Solutions independent Life Sciences Consultant with over 25 years experience in the IVD industry, focused on compliance, R&D, and business development. She is a certified Project Management Professional (PMP®) and Quality System internal auditor. Campbell has managed business-critical programs for the medical device/IVD total product lifecycle, product acquisitions, and remediation of quality system audit deficiencies. She assists start-up and small medical device/IVD companies with project management and compliance services, and aids universities with research commercialization efforts. She is a corporate outreach speaker for PMI-New Jersey Chapter, and teaches university continuing education classes in project management. Campbell received her M.S. in Microbiology at Rutgers University Graduate School / University of Medicine & Dentistry Graduate School of Biomedical Sciences.


1 Merriam-Webster Dictionary, accessible at:

2 A Guide to the Project Management Body of Knowledge (PMBOK® Guide), Fifth Edition. 2013 Project Management Institute, Inc.®

3 2018-2020 Strategic Priorities, U.S. Food & Drug Administration, Center for Devices and Radiological Health, January 2018. 

4 E. N. ISO 14971: 2012, Medical Devices - Application of risk management to medical devices (ISO 14971:2007, Corrected Version 2007-10-01)

5 MEDDEV 2.7/1 Revision 4, 2016, Clinical Evaluation: A Guide for Manufacturers and Notified Bodies under Directives 93/42/EEC and 90/385/EEC.

6 Factors to Consider When Making Benefit-Risk Determinations in Medical Device Premarket Approval and De Novo Classifications, Guidance for Industry and Food and Drug Administration Staff. Issued August 24, 2016.

7 Factors to Consider Regarding Benefit-Risk in Medical Device Product Availability, Compliance, and Enforcement Decisions, Guidance for Industry and Food and Drug Administration Staff. Issued December 27, 2016.