Exercise set
Medical Device Verification, Validation, and Risk Management Exercises
Worked biomedical engineering exercises for medical device V&V and risk management covering traceability, RPN, measurement uncertainty, usability validation, leakage current, latency, sterilization process evidence, reliability, sampling, and change impact.
These exercises practise medical device verification, validation, and risk management from an engineering evidence perspective. They cover traceability, hazard controls, RPN reduction, measurement uncertainty, usability validation, electrical leakage, sampling and latency, sterilization process evidence, reliability, acceptance sampling, and change impact.
The purpose is not to provide regulatory advice or clinical guidance. The purpose is to train the engineering reasoning needed to decide whether a medical device requirement, risk control, test result, validation scenario, or lifecycle change is supported by objective evidence.
Assume simplified project-specific criteria unless an exercise states otherwise. Real medical device programs must also follow the applicable regulatory, quality-system, risk-management, usability, software, electrical safety, biocompatibility, sterilization, cybersecurity, and clinical evidence requirements for the device and market.
How to Use These Exercises
For each calculation, define:
- the intended use, user, patient or sample population, and environment;
- the requirement, claim, hazard, or risk control being tested;
- the acceptance criterion and the evidence method;
- the configuration covered by the result;
- the residual risk or follow-up action after the result.
The common mistake is treating a passed test as universal proof. Medical device evidence is only meaningful when it is tied to intended use, configuration, risk control, measurement method, and realistic use conditions.
For each result, state whether the evidence supports a requirement, a risk control, a validation claim, a release gate, or a change-impact decision. Passing arithmetic does not close an item unless the acceptance criterion and covered configuration are explicit.
Exercise 1: Traceability from Claim to Evidence
A device team makes 42 design claims in its design input file. A traceability review finds:
| Trace status | Count |
|---|---|
| Claim linked to requirement, risk control, and verification or validation evidence | 29 |
| Claim linked to requirement and evidence but no risk-control link | 6 |
| Claim linked to requirement only | 5 |
| Claim with no controlled downstream evidence | 2 |
Calculate the full traceability closure rate and the number of claims that cannot yet support release evidence.
Solution
Full traceability closure:
Claims not fully closed:
Open fraction:
Engineering Comment
Only 69.0 percent of claims are fully connected to requirements, risk controls, and evidence. That is weak for release readiness because a medical device claim may affect safety, clinical interpretation, usability, manufacturing, or labeling.
The two claims with no downstream evidence are immediate blockers. The six claims missing risk-control linkage should be reviewed carefully because a claim can sound like performance evidence while still leaving an associated hazard uncontrolled.
Exercise 2: RPN Reduction After a Design Control
A reusable device has a failure mode: the user can assemble a connector in the wrong orientation. Initial ratings are:
| Rating | Value |
|---|---|
| Severity | 7 |
| Occurrence | 5 |
| Detection | 4 |
The team adds asymmetric keying, a status interlock, and a setup screen that confirms correct connection. Revised ratings are:
| Rating | Value |
|---|---|
| Severity | 7 |
| Occurrence | 2 |
| Detection | 2 |
Calculate the initial and revised RPN values.
Solution
Initial RPN:
Revised RPN:
Relative reduction:
Engineering Comment
The controls reduce occurrence and improve detection, but severity remains unchanged. The harm is still serious if the user defeats the keying, ignores the screen, or the interlock does not detect the failure.
The next engineering question is evidence: keying verification, interlock fault testing, usability validation of the setup screen, and field monitoring for repeated connection questions or workarounds.
Exercise 3: Measurement Error Budget
A diagnostic accessory reports pressure. The project acceptance criterion is:
The root-sum-square error components are estimated as:
| Error component | Standard uncertainty |
|---|---|
| Pressure transducer calibration | 1.1 mmHg |
| Analog front-end noise | 0.8 mmHg |
| Fixture positioning | 0.9 mmHg |
| Temperature sensitivity | 0.7 mmHg |
| Software rounding and quantization | 0.4 mmHg |
Estimate combined standard uncertainty using root-sum-square. Compare it with the criterion.
Solution
Combined standard uncertainty:
Compared with the 3.0 mmHg criterion:
Engineering Comment
The standard uncertainty screen passes, but this is not yet a complete claim. The team must define whether the 3.0 mmHg criterion applies to standard uncertainty, expanded uncertainty, worst-case error, or clinical decision error.
If the claim is based on expanded uncertainty, a coverage factor may be required by the project method. The evidence should also check drift, user placement, patient variability, environmental conditions, and reference-method uncertainty.
Exercise 4: Usability Validation of Critical Tasks
A simulated-use validation study includes 30 representative users. A critical task is successful only if the user completes the task without critical error and without moderator assistance.
Results:
| Outcome | Users |
|---|---|
| Completed without critical error | 27 |
| Completed after assistance | 2 |
| Critical error | 1 |
The project criterion is 95 percent unassisted success and zero critical errors. Evaluate the result.
Solution
Unassisted success rate:
Critical-error count:
The criterion requires:
The observed result is:
Engineering Comment
The validation fails both criteria. The two assisted completions are not clean successes because the released device will not include a moderator. The critical error must be traced to interface design, labeling, training, workflow, packaging, alarm behavior, or task sequence.
The correct engineering response is not to average the result away. The team should identify the use-error mechanism, update the risk analysis and design control, and repeat affected validation scenarios after correction.
Exercise 5: Leakage Current from Insulation Resistance
A patient-connected accessory is tested with an applied voltage of:
The measured insulation resistance is:
Use Ohm’s law to estimate leakage current:
Compare the result with a project screening limit of 5 microA.
Solution
Convert resistance:
Leakage current:
In microamps:
Comparison:
Engineering Comment
The simple screening calculation passes the project limit. It does not replace full electrical safety evidence. A real review would check test method, patient-applied part classification, humidity conditioning, cable configuration, single-fault conditions, leakage paths, insulation material, connector contamination, and production test controls.
Engineering evidence should be at the device level, not only at the component-datasheet level.
Exercise 6: Sampling Rate and Physiological Signal Bandwidth
A wearable monitor analyzes a physiological waveform with useful content up to:
The selected analog-to-digital converter sampling rate is:
Use the sampling condition:
Check whether the sampling rate is sufficient before considering filter roll-off and motion artifacts.
Solution
Minimum sampling rate:
Comparison:
The selected rate satisfies the simple sampling condition.
Engineering Comment
The arithmetic passes, but the margin is small:
The engineering review should still check anti-alias filtering, motion artifact, timestamp jitter, sensor saturation, quantization, data loss, algorithm latency, and whether abnormal waveforms contain higher-frequency components. A sampling theorem screen is necessary but not sufficient for device validation.
Exercise 7: Alarm Latency Budget
A monitoring device must alarm within:
after a sustained critical condition begins. The latency budget is:
| Latency component | Time |
|---|---|
| Sensor response | 0.35 s |
| Analog filtering | 0.20 s |
| ADC buffering | 0.15 s |
| Algorithm detection window | 0.75 s |
| Display and audible alarm activation | 0.25 s |
Calculate total latency and margin.
Solution
Total latency:
Margin:
Engineering Comment
The nominal latency budget passes with 0.30 seconds of margin. That margin may be consumed by processor load, communication retry, low battery state, sensor placement, alarm prioritization, display sleep state, or software task scheduling.
Verification should test worst-case operating modes, not only nominal bench timing. If latency protects patient safety, the evidence should include configuration, firmware version, sensor setup, and abnormal signal conditions.
Exercise 8: Sterilization Process Log-Reduction Screen
A sterile accessory process validation uses a simplified microbial challenge model. Initial bioburden is:
After the process, recovered viable units are estimated as:
Calculate the log reduction:
Solution
Log reduction:
Engineering Comment
The simplified screen indicates a six-log reduction. This does not by itself prove a validated sterilization process. Real sterilization evidence depends on the selected method, product geometry, packaging, load configuration, biological indicators, process parameters, material compatibility, residuals, storage, transport, and revalidation triggers.
The engineering value of the calculation is that it links process effect to evidence. It should not be used as a substitute for the required sterilization validation protocol.
Exercise 9: Reliability from MTBF Over a Mission Interval
A portable device has an estimated constant-failure-rate MTBF of:
The intended mission interval between maintenance opportunities is:
For an exponential reliability approximation:
Estimate mission reliability.
Solution
Substitute:
As a percentage:
Engineering Comment
The mission reliability estimate is high under the constant-failure-rate assumption. That assumption should be checked. Medical devices can fail through battery aging, connector wear, fluid ingress, cleaning damage, calibration drift, software state faults, sensor adhesion loss, and use conditions that are not memoryless.
Reliability evidence should connect to actual failure mechanisms, preventive maintenance, field feedback, environmental exposure, and repair or replacement strategy.
Exercise 10: Acceptance Sampling for a Critical Dimension
A batch of molded components has a critical width requirement:
A sample of 40 parts gives:
Assume a normal distribution for screening. Estimate the z-score to the upper specification limit:
Solution
Upper specification limit:
z-score:
Engineering Comment
The sample mean is inside the specification, but the z-score to the upper limit is only 2.67 standard deviations. That may be weak for a critical dimension depending on severity, distribution stability, measurement uncertainty, lot size, and process capability history.
The engineering action is to check lower-tail margin, measurement system quality, tool wear, cavity effects, environmental conditions, and whether the component dimension is linked to a risk control or essential performance claim.
Exercise 11: Supplier Material Change Impact
A supplier proposes changing a polymer grade used in a reusable device handle. The engineering change review identifies:
| Affected evidence area | Count |
|---|---|
| Requirements requiring review | 8 |
| Risk controls requiring review | 5 |
| Biocompatibility evidence items | 3 |
| Cleaning and disinfection evidence items | 4 |
| Mechanical strength tests | 6 |
| Labeling or maintenance documents | 2 |
Calculate the total affected evidence items and decide whether this can be treated as a documentation-only change.
Solution
Total affected evidence items:
The change affects material safety, cleaning, mechanical strength, risk controls, and documents. It is not documentation-only.
Engineering Comment
A polymer-grade change can alter biocompatibility, cleaning compatibility, fatigue strength, creep, cracking, surface wear, chemical resistance, color stability, sterilization response, and manufacturing process controls. The affected item count confirms that this is a lifecycle evidence change, not a simple purchasing update.
The team should define which prior evidence remains valid, which evidence must be repeated, and which acceptance criteria apply to the changed configuration.
Review Checklist
When reviewing medical device V&V and risk evidence, ask:
- Is the evidence tied to intended use, configuration, users, patients or samples, and environment?
- Does each requirement have an acceptance criterion and verification or validation method?
- Are risk controls specific, testable, and linked to residual-risk review?
- Does usability validation include representative users and critical tasks?
- Do measurement results include uncertainty, reference method, calibration, and worst-case use?
- Do software and sensor tests cover timing, latency, jitter, data integrity, and failure modes?
- Does process validation cover parameters, monitoring, revalidation triggers, and product configuration?
- Does change control define which evidence remains valid and which must be repeated?
- Are release-blocking gaps separated from lower-risk documentation gaps?
- Can every claim be traced to requirement, risk control, evidence record, version, and residual-risk decision?
Strong medical device engineering makes evidence traceable, risk-based, configuration-aware, and usable for lifecycle decisions.