XP S99-223:2020 – Medical devices – Benefit/risk management – overview

By Guillaume Promé
Sep. 16, 2021 Risk management

XP S99-223 overview
Overview of the XP S99-223:2020 standard, relating to the management of the benefit / risk ratio of medical devices.

👉 See the summary of XP S99-223

XP S99-223:2020
Rating index: S99-223
T1 Medical devices
T2 Benefit/risk management


This document has been prepared by the afnor committee S95B, Quality management and related general aspects of medical devices.

Attention is drawn to the fact that some of the elements of this document may be subject to intellectual property or similar rights.

For the relationship with European Regulation (eu) 2017/745, see Informative Annex Z.



1 Scope

2 Normative references

3 Terms and definitions

4 General requirements

  • 4.1 Benefit/risk management process
  • 4.2 Risk-based approach
  • 4.3 Consideration of other activities of the organization
  • 4.4 Management responsibility.
  • 4.5 Management of persons involved in benefit/risk management
  • 4.6 Key data management
  • 4.7 Record management
  • 4.8 Benefit/risk management plan
  • 4.9 Reviews
  • 4.10 Updates
  • 4.11 Removal of the device

5 Consideration of opinions

  • 5.1 General
  • 5.2 Consideration of patient opinion
  • 5.3 Consideration of other opinions

6 Benefit analysis

  • 6.1 Identification of benefits
  • 6.2 Estimate of benefits
  • 6.3 Key data for benefit/risk assessment

7 Risk analysis

  • 7.1 General
  • 7.2 Risk control and risk acceptability requirements
  • 7.3 Key data for benefit/risk assessment

8 Estimate of benefit/risk ratio

  • 8.1 Benefit/risk ratio of the different intended uses
  • 8.2 Identification of the different possible situations
  • 8.3 Identification of uncertainties
  • 8.4 Estimate of the temporal evolution of the benefit/risk ratio

9 Assessment of the acceptability of the benefit/risk ratio

  • 9.1 General
  • 9.2 Evaluation planning.
  • 9.3 Input data for the evaluation.
  • 9.4 Evaluations
  • 9.5 Conclusions
  • 9.6 Special cases

10 Information provided with the device

  • 10.1 General
  • 10.2 Information to shape patient opinion
  • 10.3 Information provided to professional health users
  • 10.4 Information provided in the context of clinical investigations

11 Post-market surveillance.

  • 11.1 General
  • 11.2 Monitoring of the device and its use.
  • 11.3 Monitoring the evolution of the context
  • 11.4 Monitoring the number of devices on the market and their use.
  • 11.5 Definition of thresholds and indicators for monitoring
  • 11.6 Consideration of post-marketing data.
  • 11.7 Vigilance

12 Regulatory communications

Appendix A (informative) Risk-based approach

Appendix B (informative) Principles of risk-benefit ratio management

  • B.1 Notations
  • B.2 Concepts around the use of a device
  • B.3 Key data
  • B.4 Identification of risks and benefits
  • B.5 Estimation of risks and benefits
  • B.6 Risk management
  • B.7 Estimate of benefit/risk ratio
  • B.8 Acceptability of the benefit/risk ratio

Appendix C (informative) Benefit/risk management file

  • C.1 Benefit/risk management plan
  • C.2 Definition of the context for the analysis of the benefit/risk ratio
  • C.3 Analyses relating to benefit/risk management
  • C.4 Assessment of the acceptability of the benefit/risk ratio
  • C.5 Post-market surveillance.
  • C.6 Modifications
  • C.7 Vigilance

Appendix D (informative) Identification of opinions

  • D.1 Objectives
  • D.2 Identification of useful opinions
  • D.3 Cases likely to produce an adverse opinion
  • D.4 Methods of identifying opinion.

Appendix E (informative) Risk, benefit and benefit/risk estimates and post-market measurement

  • E.1 Probability
  • E.2 Severity
  • E.3 Importance
  • E.4 Risk
  • E.5 Profit
  • E.6 Overall risk and overall benefit
  • E.7 Benefit/risk ratio
  • E.8 Possible situations
  • E.9 Benefit/risk ratio for a patient population
  • E.10 Post-market surveillance.

Appendix F (informative) Data visualization

  • F.1 Scales
  • F.2 Table
  • F.3 Tree
  • F.4 Forest
  • F.5 Stacked histograms
  • F.6 Infographic
  • F.7 Other representation formats
  • F.8 Choice of units

Appendix G (informative) Assessment of the acceptability of the benefit/risk ratio

  • G.1 Forms of evaluation
  • G.2 Sensitive points
  • G.3 Missing data

Appendix Z (informative) Consideration of Regulation (eu) 2017/745.


The requirements of this standard provide a framework for assessing the acceptability of the risk-benefit balance of medical devices. This standard has been developed specifically for manufacturers of medical devices.

Risk-benefit management consists of identifying, selecting, analysing, summarising, interpreting and monitoring key data, as well as informing and taking into account the views of interested parties.

NOTE : Stakeholders include the manufacturer, patients, patient associations, patient relatives, health professionals, notified bodies and competent authorities.

Risk-benefit management is necessary to establish and maintain regulatory compliance of a medical device. Benefit/risk management takes into account benefits, risks, intended use, patients and the medical and technical context. Managing the risk/benefit balance requires active communication between stakeholders.

The requirements of this Standard have been designed to optimize documentary effort, using processes already in place within the organization. This Standard provides a formal, transparent and objective approach to providing common principles and vocabulary for different stakeholders.

A framework for the analysis of the benefit/risk ratio is defined in the requirements of the standard, methods are presented in the annexes for information purposes.

The benefit/risk ratio is assessed at the patient level, taking into account their opinions.

The requirements for managing the risk/benefit balance are applicable using a risk-based approach.

In this Standard, the following verbal forms are used:

  • ” must” indicates a requirement ;
  • “should” indicates a recommendation ;
  • ” can” indicates a permission, possibility or ability.

Information in the form of a “NOTE” is provided to clarify the associated requirement or to facilitate its understanding.

NOTE : When used alone, the term “analyses” includes risk, benefit and benefit/risk analyses.

Scope of application

This Standard specifies the terminology, principles and a process for managing the risk-benefit balance of medical devices.

This Standard does not specify an acceptable benefit/risk ratio, but requires the organization to define methods for assessing the acceptability of the benefit/risk ratio for each intended use.

This Standard is based on the organization’s risk management, usability engineering, pre-clinical assessment, clinical evaluation, post-market surveillance and quality management system, implemented in accordance with applicable regulatory requirements.

This Standard is intended for medical device manufacturers and other stakeholders, including competent authorities and notified bodies.

Normative references

The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 14971, Medical devices – Application of risk management to medical devices.
ISO/TR 24971, Medical devices – Guidance on the application of ISO 14971.
IEC 62366-1, Medical devices – Application of usability engineering to medical devices.
ISO 13485, Medical devices – Quality management systems – Requirements for regulatory purposes.
ISO 14155, Clinical investigation of medical devices for human subjects – Good clinical practice