ISO 14971 specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The requirements of ISO 14971 apply to all phases of the life cycle of a medical device. The process described in ISO 14971 applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability. The requirements contained in ISO 14971 provide manufacturers with a framework within which experience, insight and judgment are applied systematically to manage the risks associated with the use of medical devices.
This standard was developed specifically for manufacturers of medical devices on the basis of established principles of risk management that have evolved over many years. ISO 14971 could be used as guidance in developing and maintaining a risk management process for other products that are not necessarily medical devices in some jurisdictions and for suppliers and other parties involved in the medical device life cycle. The process described in ISO 14971 intends to assist manufacturers of medical devices in identifying the hazards associated with the medical device, estimating and evaluating the associated risks, controlling these risks, and monitoring the effectiveness of the controls.
This document does not apply to:
— decisions on the use of a medical device in the context of any particular clinical procedure; or
— business risk management.
ISO 14971 requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels. Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place.
The main changes in the new edition are:
— More attention is given to the benefits that are expected from the use of the medical device. The term benefit-risk analysis has been aligned with the terminology used in some regulations.
— The method for the evaluation of the overall residual risk and the criteria for its acceptability are required to be defined in the risk management plan.
— The review before commercial distribution of the medical device concerns the execution of the risk management plan. The results of the review are documented as the risk management report.
— The requirements for production and post-production activities have been clarified and restructured, and more detail is given on the information to be collected.
The text of ISO 14971:2019 has been approved in Europe as EN ISO 14971:2019 without any modification and it supersedes EN ISO 14971:2012. Guidance on the application of this standard can be found in ISO/TR 24971.