Mehr Infos

How do Risk Management and Usability Engineering work together?

Author: Marvin Kolb

Reading time:

Jun 2023

In this article, we answer the following questions:

  • Why does it make sense for the two processes to be intertwined?
  • What is the goal of risk management according to ISO 14791?
  • What is the goal of the usability engineering process according to IEC 62366-1?
  • What does the risk management deliver to the usability engineering process?
  • What does the usability engineering process provide to the risk management?

When we talk about risk management in the following article, we mean risk management for medical devices as defined in ISO 14791 (“Application of risk management to medical devices”). When we talk about usability engineering, we are talking about usability engineering according to the process found in IEC 62366-1 (“Application of usability engineering to medical devices”). Let’s start directly with the basics.

Why does it make sense for the two processes to be intertwined?

Risk management and usability engineering work closely together because both disciplines pursue the common goal of ensuring the safety and effectiveness of medical devices. However, they do so from different perspectives.

Risk management according to ISO 14971 focuses on the identification, assessment, control and monitoring of risks arising from the technical and clinical function of the device. It takes into account all possible risks that may occur during the entire life cycle of the product, from design to manufacture, use and finally disposal.

Usability engineering according to IEC 62366-1, on the other hand, focuses on human factors – how is the device actually used by the user? How easy and intuitive is it to use? What errors can occur during use and how can they be avoided? Operating errors resulting from poor usability can lead to serious safety problems.

In this context, usability engineering is a part of large-scale risk management. You could say usability engineering is risk management related to the user interface of a medical device.

Both approaches are critical to medical device safety. By working closely together, risk management and usability engineering can provide a more complete picture of the risks associated with a medical device, helping to ensure that the final product is safe and effective for its intended use.

Let’s take a closer look at the goals of both processes to understand.

What is the goal of risk management according to ISO 14791?

The goal of risk management according to ISO 14971 is to provide you, the manufacturer, with a clear system for identifying, assessing, controlling and monitoring risks to ensure that the medical device is as safe as possible. This means that, according to ISO 14971, risk should be reduced as much as possible and any remaining risk should be acceptable compared to the benefit that the product provides.

The specific objectives of risk management according to ISO 14971 are:

  • Risk analysis of hazards and risk situations associated with the medical device.
  • Risk assessments resulting from these hazards and risk situations.
  • Risk control: control of these risks through the application of appropriate measures.
  • Monitoring the effectiveness of these control measures throughout the life cycle of the device.
  • Assessing the overall risk associated with the use of the device and determining whether these risks are acceptable.

What is the goal of the usability engineering process according to IEC 62366-1?

IEC 62366-1 is an international standard that specifies requirements for the usability engineering process for medical devices and is compliant with the requirements of the MDR. It is aimed at you as a medical device manufacturer and gives you a guideline for integrating usability into the entire product development process.

The main goal of the usability engineering process according to IEC 62366-1 is to ensure the safety of medical devices by considering usability during the development and design of the product. The standard assumes that medical devices that are easier to use are also safer because the likelihood of user error is reduced. It also specifies that critical situations must be identified and tested in advance.

The specific goals of the usability engineering process according to IEC 62366-1 are:

  • Identification of users, their tasks and use environments.
  • Identification and evaluation of hazard-related usage scenarios.
  • Development and implementation of measures to reduce or eliminate the identified risks.
  • Conducting summative evaluations (mostly usability tests) to assess the effectiveness of the implemented measures.
  • Documenting the entire process for review and validation.

What does risk management add to the usability engineering process?

The following content is supplied to Usability Engineering by Risk Management:

  • Identified risks: Risk Management is responsible for identifying potential risks associated with the medical device. These risks may relate to aspects such as how the product works, its effect on patients, or its interaction with other devices or systems. Some of these risks may affect the usability of the product and should therefore be included in the usability engineering process.
  • Risk assessments and evaluations: These provide valuable information about the likelihood and severity of potential risks. This data can help usability engineers better understand the potential impact of usability errors or design problems and develop appropriate usability improvement measures.
  • Risk mitigation strategies: Risk management develops strategies to mitigate identified risks. These may include aspects of user experience, training, or design that feed directly into the usability engineering process.
  • Post-Market Surveillance Data: Risk management also involves monitoring the product after it has been launched. Information about actual incidents or near misses can provide valuable insights for further usability improvement.

What does the usability engineering process deliver to risk management?

The information provided by the usability engineering process can help risk management identify and mitigate potential risks. The following is provided:

  • User profiles and contexts of use: By examining and defining user profiles and contexts of use, usability engineers can uncover potential risks that may be specific to certain user groups or specific application scenarios.
  • Information about usage errors: Usability tests can provide information about possible sources of errors that can be traced back to a suboptimal design of the user interface. Such information can be used to identify risks associated with the operation of the device.
  • Results of user studies and usability tests: these can provide important information about the behavior of users, their preferences and difficulties in using the medical device. This information can help identify and mitigate risks associated with the operation and use of the device.

This information feeds into the risk management process and helps to provide a more comprehensive and detailed risk analysis. It enables the risk management team to make more informed decisions and develop more effective risk mitigation strategies.

What should you be aware of regarding the collaboration between Risk Management and Usability Engineering?

We have identified the following points for you (these are written from the point of view of the person responsible for usability engineering):

  • The standard and the usability engineering activities it describes require close collaboration between risk management and usability engineering. So create a basis for this close collaboration. Stay in touch and schedule regular meetings (e.g., weekly) to keep each other informed of changes.
  • Avoid inconsistencies between risk management and any risk-related documents created during usability engineering.
  • Avoid duplication of effort. Agree with Risk Management on a common strategy to document and assess usability-related risks before starting to assess and identify usability defects and risks.
  • Get an overview of the status of risk management before beginning and review what hazards and hazardous situations might be use-related
  • Actively seek feedback and input from risk management regarding the assessment of potential use errors, hazards, and hazardous situations. Discuss possible mitigation measures together.
  • Don’t forget to include any safety information used by Risk Management to mitigate risk when labeling the product in your usability engineering process. Their effectiveness must be assessed in the final evaluation (summative evaluation).
  • After the summative evaluation, discuss the results with Risk Management and analyze the residual risk together.


Risk management and usability engineering are a dynamic duo that work closely together to design safe and user-friendly medical devices.

Risk management provides the usability engineering process with identified risks, risk assessments and risk mitigation strategies, and post-market surveillance data that offer valuable insights for improving usability.

In turn, the usability engineering process provides risk management with user profiles and usage contexts, information on usage errors, results of user studies and usability testing, and recommendations for usability improvement to reduce risks and make informed decisions.

Do you need help with usability engineering of your medical device? What is your specific case? Comment on this post or get in touch via our contact form. We look forward to hearing from you.

0 / 5 (0)

Subscribe for our newsletter

E-Mail *
This field is for validation purposes and should be left unchanged.

Related Posts

How can you meet MDR requirements without usability engineering?

To prove that you meet all MDR requirements regarding usability, you need a complete Usability Engineering File. Under certain circumstances, your product could use the abbreviated UOUP process of IEC 62366-1 for this purpose. If your product does not qualify for this, there is the possibility to argue on the basis of the Post Market Surveillance data of your (or a similar) medical device and to prove with an appropriate rationale that your product does not pose any unacceptable risks by its use. However, the latter may lead to unwanted discussions. A summative usability evaluation is often the safer way to go.

read more
Deep Dive: MDR and Usability

The MDR makes demands on the Usability of your medical device, but leaves it open how you fulfill them. There are no regulations on this. However, there is a list of harmonized standards that can greatly facilitate implementation. This includes the Usability Engineering process according to IEC 62366-1.

read more