ISO 14971 2019 Medical Device Risk Management

ISO 14971 2019 Risk Management

ISO 14971:2019 is a quality management system that establishes risk management criteria for manufacturers of medical devices.  As defined in the standard, risk is the combination of probabilities that harm could occur and the degree of severity of that harm.  Harm is defined as injury to the health of persons, or damage to the environment or property.

It is therefore essential that risk assessments be conducted by the medical device industry to identify and mitigate these probabilities.  This assessment should include a risk analysis that systematically identifies hazards and a risk evaluation to compare estimated risks against known risks to determine a value of acceptability for that risk.

iso 14971 2019

ISO 14971:2019 Standard and Guidance Document ISO/TR 24971:2020

ISO 14971:2019 establishes the general requirements for risk management.  The standard includes specification for risk analysis, risk evaluation, and risk control execution.  It establishes the requirements for conducting evaluations of residual risk.   It also provides process criteria for risk management review.  Finally, the standard establishes requirements for gathering data of equipment during production and post production phases of the device life cycle.

The standard contains three annexes that contain rationale for the requirements, provide details for risk management processes, and define basic risk concepts.

The Guidance Document, ISO/TR 24971:2020 contains eight informative annexes providing detail on a variety of issues including the identification of risk, the roles and relationships between policies, risk acceptability, risk control, and risk evaluation and special guidance for vitro diagnostic medical devices.

General Requirements

The standard being specifically oriented towards the manufacturer of medical devices establishes requirements for establishment, implementation, documentation, and maintenance of processes controlling the risk management system.   It defines management responsibilities for ensuring that processes have adequate resources and competent personnel to be effective.

Central to ISO 14971:2009 is the Risk Management Plan which identifies risk management activities, assigns responsibilities, defines review activities, establishes risk criteria, creates methods for evaluating residual risk, and defines activities related to verification, and production/post production data collection and review.

Residual Risk

Residual risk is a term that is not used in many quality management systems.  ISO 14971:2019 defines it as the risk remaining after the implementation of risk control measures.  The requirement of this further step involves the evaluation of overall residual risk to determine if it is acceptable or unacceptable.  These residual risks include possible unintended hazards situations introduced by the risk control measures themselves.

For residual risks deemed unacceptable in relation to the benefits of its usage, possible actions include modification of design.  For risks deemed acceptable, it is required that the manufacturer inform users of these risks.

Post Production Activities

As with ISO 13485:2016, ISO 14971:2019 includes requirements for the collection of post production information.  This information should include data from users, the supply chain, and information considered “state of the art”.  This information, once gathered should be reviewed  and be used to make decisions about the implementation of actions to reduce unacceptable risk.

CVG Strategy Quality Management Systems (QMS) Experts

Given the potential risks of harm involved in the design and manufacture of medical equipment, requirements and regulations are rigorous.  Aside from ISO 14971:2009 medical device manufacturers may also need to comply with:

CVG Strategy can help you design and implement a tailored quality management system that harmonizes the requirements for multiple standards and regulations.   Our Global Exemplar Lead Auditors can then prepare you for ISO 14971 certification.  We also can provide training, audits, and consulting services to keep your program effective.

How Can We Help?

CVG Strategy provides expertise to businesses in Quality Management, Product Test and Evaluation, Cybersecurity, and Export Compliance.  Learn more about how we can optimize your organization’s effectiveness by contacting us today.

Latest News