The safety of any medical device system is dependent on the application of a disciplined, well-defined, risk management process throughout the product life cycle. Hardware, software, human, and environmental interactions must be assessed in terms of intended use, risk, and cost/benefit criteria. This article addresses these issues in the context of medical devices that incorporate software. The article explains the principles of risk management, using terminology and examples from the domain of software engineering. It may serve as a guide to those new to the concepts of risk management and as an aide-memoire for medical device system/software engineers who are more familiar with the topic.