Risk Management Specialist
Structure ISO 14971:2019 medical-device risk management—from plan through post-production—when you are scoping or shipping regulated health software.
Overview
risk-management-specialist is an agent skill most often used in Validate (also Ship security, Operate iterate) that guides ISO 14971:2019 risk management from planning through post-production documentation.
Install
npx skills add https://github.com/alirezarezvani/claude-skills --skill risk-management-specialistWhat is this skill?
- End-to-end ISO 14971:2019 flow: planning, analysis, evaluation, control, residual risk, report, and post-production surv
- Risk management plan template with scope, RACI, review schedule, verification, and surveillance sections
- Tabulated requirements for plan content (scope, responsibilities, acceptability matrix, verification activities)
- Risk control and overall residual risk evaluation frameworks aligned to the standard’s lifecycle stages
- Production and post-production activity guidance for ongoing risk management
- Seven major ISO 14971 workflow sections from planning through production and post-production
Adoption & trust: 757 installs on skills.sh; 17.5k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
You must produce defensible ISO 14971 risk files but only have fragmented notes instead of a linked plan, analysis, controls, and surveillance package.
Who is it for?
Indie teams building SaMD or hardware-adjacent devices who already know FDA/MDR context and need ISO 14971-shaped documentation.
Skip if: Non-regulated web apps with no clinical claims, or teams that already have a signed risk management file under change control.
When should I use this skill?
You need ISO 14971:2019-aligned risk management planning, analysis, or report structure for a medical device lifecycle.
What do I get? / Deliverables
You get section-aligned risk management planning, analysis, evaluation, control, residual-risk, and report structure plus a filled plan template ready for QMS integration.
- Risk management plan document from the included template
- Structured sections for analysis, evaluation, controls, and residual risk reporting
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Validate because risk management planning and acceptability criteria are decided before design freeze and full build commitment. Scope subphase matches risk management plan scope, lifecycle coverage, and acceptability policy—the first gate in ISO 14971.
Where it fits
Draft scope, intended use, and risk acceptability matrix before committing to detailed design.
Map implemented controls to risk evaluation records ahead of release verification.
Extend surveillance plans when production or complaint data triggers ISO 14971 review.
How it compares
Use as a compliance documentation framework—not a generic threat-model checklist for everyday SaaS.
Common Questions / FAQ
Who is risk-management-specialist for?
Solo builders and small med-device or SaMD teams who need ISO 14971:2019 structure for plans, risk files, and surveillance without outsourcing the whole QMS.
When should I use risk-management-specialist?
During Validate scope when defining acceptability and lifecycle coverage; during Ship security when tying controls to verification; and during Operate iterate when updating post-production surveillance after field feedback.
Is risk-management-specialist safe to install?
Review the Security Audits panel on this Prism page before installing; the skill is procedural documentation guidance and does not by itself access your systems.
SKILL.md
READMESKILL.md - Risk Management Specialist
# ISO 14971:2019 Implementation Guide Complete implementation framework for medical device risk management per ISO 14971:2019. --- ## Table of Contents - [Risk Management Planning](#risk-management-planning) - [Risk Analysis](#risk-analysis) - [Risk Evaluation](#risk-evaluation) - [Risk Control](#risk-control) - [Overall Residual Risk Evaluation](#overall-residual-risk-evaluation) - [Risk Management Report](#risk-management-report) - [Production and Post-Production Activities](#production-and-post-production-activities) --- ## Risk Management Planning ### Risk Management Plan Content | Element | Requirement | Documentation | |---------|-------------|---------------| | Scope | Medical device and lifecycle stages covered | Scope statement | | Responsibilities | Personnel and authority assignments | Organization chart, RACI | | Review Requirements | Timing and triggers for reviews | Review schedule | | Acceptability Criteria | Risk acceptance matrix and policy | Risk acceptability criteria | | Verification Activities | Methods for control verification | Verification plan | | Production/Post-Production | Activities for ongoing risk management | Surveillance plan | ### Risk Management Plan Template ``` RISK MANAGEMENT PLAN Document Number: RMP-[Product]-[Rev] Product: [Device Name] Revision: [X.X] Effective Date: [Date] 1. SCOPE AND PURPOSE 1.1 Medical Device Description: [Description] 1.2 Intended Use: [Statement] 1.3 Lifecycle Stages Covered: [Design/Production/Post-Market] 1.4 Plan Objectives: [Objectives] 2. RESPONSIBILITIES AND AUTHORITIES | Role | Responsibility | Authority | |------|----------------|-----------| | Risk Management Lead | Overall RM process | RM decisions | | Design Engineer | Risk identification | Design changes | | QA Manager | RM file review | File approval | | Clinical | Clinical input | Clinical risk assessment | 3. RISK ACCEPTABILITY CRITERIA 3.1 Risk Matrix: [Reference to matrix] 3.2 Acceptability Policy: [Acceptable/ALARP/Unacceptable definitions] 3.3 Benefit-Risk Considerations: [When applicable] 4. VERIFICATION ACTIVITIES 4.1 Risk Control Verification Methods: [Test, Analysis, Review] 4.2 Verification Timing: [Design phase, V&V] 4.3 Acceptance Criteria: [Pass/fail criteria] 5. PRODUCTION AND POST-PRODUCTION 5.1 Information Collection: [Sources] 5.2 Review Triggers: [Events requiring review] 5.3 Update Process: [RM file update procedure] 6. REVIEW AND APPROVAL Prepared By: _________________ Date: _______ Reviewed By: _________________ Date: _______ Approved By: _________________ Date: _______ ``` ### Risk Acceptability Criteria Definition | Risk Level | Definition | Action Required | |------------|------------|-----------------| | Broadly Acceptable | Risk so low that no action needed | Document and monitor | | ALARP (Tolerable) | Risk reduced as low as reasonably practicable | Verify ALARP, consider benefit | | Unacceptable | Risk exceeds acceptable threshold | Risk control mandatory | ### Risk Matrix Example (5x5) | Probability \ Severity | Negligible | Minor | Serious | Critical | Catastrophic | |------------------------|------------|-------|---------|----------|--------------| | Frequent | Medium | High | High | Unacceptable | Unacceptable | | Probable | Low | Medium | High | High | Unacceptable | | Occasional | Low | Medium | Medium | High | High | | Remote | Low | Low | Medium | Medium | High | | Improbable | Low | Low | Low | Medium | Medium | **Risk Level Actions:** - **Low (Acceptable):** Document, no action required - **Medium (ALARP):** Consider risk reduction, document rationale - **High (ALARP):** Risk reduction required unless ALARP demonstrated - **Unacceptable:** Risk reduction mandatory before proceeding --- ## Risk Analysis ### Hazard Identification Methods | Method | Application | Standard Reference | |--------|-------------|-------------------| | FMEA | Component/subsystem failures | IEC 608