online, Akademie: Basic course: Risk management for medical device software according to ISO 14971

This seminar will be held in English.

Medical device software (stand alone, mobile medical apps, web applications) or software that is integrated into medical devices (firmware, embedded software) must be designed to ensure reliability and performance in accordance with its intended use. According to the EU MDR / IVDR regulations, risks must be eliminated or minimized as far as possible without worsening the risk-benefit ratio.

The establishment of an interactive risk management process over the product life cycle is indispensable for every manufacturer of medical devices. It is important to observe legal requirements and applicable standards. Especially for medical device software, additional requirements are imposed, e.g., effects of software errors, negative interactions, aspects of the IT environment and IT security, safety-relevant functions. The overall risk assessment in the context of the verification and validation steps poses major challenges for manufacturers of medical device software.

In this seminar, you will learn the basic requirements for risk analysis for medical software according to the applicable standards, be able to perform a risk analysis and document the results properly. You will be able to evaluate risks in your software and create a risk management report based on this.

This basic course is also suitable for participants with no or little previous knowledge. For industry career changers and start-ups, this course offers an optimal introduction to the topic of risk management for medical device software.

This basic course is part of our online course: Medical Software Specialist!


  • Risk management basics, definitions of terms
  • Risk management process and ISO 14971
  • Risk Management Analysis, Documentation Requirements
  • Risk analyses for software (Scenario Based Risk Analysis, software architecture, root-cause analyses, FTA, FMEA, third-party components, concepts of IEC/TR 80002-1)
  • Risk assessment and risk management report
  • Production and post-production activities, (configuration management, deployment, updates of databases, operating systems, etc.)
  • Change management and risk
  • Normative requirements (EN ISO 14971:2019/A11:2021, references of ISO/TR 24971 and IEC/TR 80002-1:2009 ,… etc.)