Software is becoming an increasingly important aspect of medical devices (MDs) and MD regulation. MDs can only be marketed if compliance and approval is achieved from the appropriate regulatory bodies. MD companies must produce a design history file detailing the processes undertaken in the design and development of their MD software. The safety of all MD software produced is of primary importance and it is crucial that an effective and efficient risk management (RM) process is in place. The authors have developed a software process improvement RM model that integrates regulatory MD RM requirements with the goals and practices of the Capability Maturity Model Integration (CMMI). This model is known as the RM Capability Model (RMCM). This paper evaluates how introducing the RMCM into a MD company improved their RM process. © 2008 Springer-Verlag Berlin Heidelberg.