Medical Device Vigilance Manual
Chapter 2

The Mechanics of Expectedness: Risk Analysis vs. Labeling

For medical devices, "expectedness" is anchored not only in user-facing labeling but critically in the Risk Management File produced under ISO 14971. An event may be known to the manufacturer through hazard analysis yet absent from the Instructions for Use — creating a bifurcated assessment that has no direct parallel in pharmaceutical vigilance.

Reference Safety Information

RSI Hierarchy for Devices

Click each document layer to reveal its role in expectedness determination.

1
Instructions for Use (IFU)

The IFU is the primary user-facing disclosure document shipped with the device. It lists known risks, contraindications, warnings, and precautions that clinicians and patients rely upon.

If the event is not listed in the IFU → "Unexpected / Unlabeled"
2
Risk Management File (RMF)

The RMF is the manufacturer's internal hazard analysis per ISO 14971. It catalogues foreseeable hazards, failure modes, and residual risks — many of which may never appear in user-facing labeling.

If the event is not identified in the RMF → "Unanticipated"
3
Company Core Safety Information (CCSI)

The CCSI represents the manufacturer's internal global safety position for the entire device family. It is housed within the Technical File and serves as the benchmark across all regional labeling variants.

Internal reference document — housed in the Technical File
4
Investigator's Brochure (IB)

For investigational devices undergoing clinical trials, the IB is the sole Reference Safety Information document. It determines whether an event qualifies as a Suspected Unexpected Serious Adverse Reaction (SUSAR).

Sole RSI for SUSAR determination in clinical investigations
Decision Logic

Expectedness Decision Flow

Trace the path from a new safety event to its regulatory classification.

New Device Safety Event Is the event in the Risk Management File? YES NO Same severity & failure mode as documented? YES NO Expected / Anticipated (Routine Reporting) Unexpected (Greater Severity/Specificity) Unexpected / Unanticipated (Not in RMF) Expedited Reporting 2 / 10 / 15 days
Classification Rules

Specificity & Severity Rule

An event becomes "unexpected" when it exceeds what was documented in either dimension.

Greater Severity
Label
"Local skin irritation"
Actual
"Necrotic tissue damage from thermal runaway"
= Unexpected (escalated severity)
Greater Specificity
RMF
"General software error"
Actual
"AI software failure in chest X-ray diagnosis"
= Unexpected (greater specificity)
Regulatory Clock

Day 0 Timeline

The clock starts when any employee first becomes aware of a potential reportable event.

Day 0
Any employee first becomes aware (sales, clinical specialists, admin)
Day 1–2
Triage & reportability assessment
Day 3–7
Technical investigation initiated
Day 2
Regulatory deadline
Public Health Threat
Day 10
Regulatory deadline
Death / Serious
Day 15
Regulatory deadline
Other Reportable
!

Day 0: The Awareness Principle

Day 0 is triggered when any person within the manufacturer's organization first becomes aware of information suggesting a reportable event — not when the safety or regulatory team is notified. This includes sales representatives receiving a verbal complaint, clinical application specialists witnessing a malfunction during a procedure, or administrative staff opening a customer letter. The regulatory clock does not wait for internal escalation. This principle demands robust intake training across all customer-facing and back-office functions, ensuring that awareness anywhere in the company is treated as awareness by the company.

Medical Device Vigilance Manual — Root Cause Analysis & Signal Detection · Chapter 2