ISO 14971:2019 Medical devices — Application of risk management to medical devices specifies terminology, principles, and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices.
The process described in the standard is intended to assist manufacturers of medical devices to:
- identify the hazards associated with the device;
- estimate and evaluate the associated risks;
- control these risks;
- monitor the effectiveness of the controls.
The requirements in the standard are applicable to all phases of the life cycle of a medical device. The process described in the standard applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.
ISO 14971 does not apply to:
- decisions on the use of a medical device in the context of any particular clinical procedure; or
- business risk management.
The standard requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels. Risk management can, however, be an integral part of a quality management system. Nonetheless, the standard does not require the manufacturer to have a quality management system in place.
Table of Contents
Introduction |
1 Scope |
2 Normative references |
3 Terms and definitions |
4 General requirements for risk management system |
4.1 Risk management process |
4.2 Management responsibilities |
4.3 Competence of personnel |
4.4 Risk management plan |
4.5 Risk management file |
5 Risk analysis |
5.1 Risk analysis process |
5.2 Intended use and reasonably foreseeable misuse |
5.3 Identification of characteristics related to safety |
5.4 Identification of hazards and hazardous situations |
5.5 Risk estimation |
6 Risk evaluation |
7 Risk control |
7.1 Risk control option analysis |
7.2 Implementation of risk control measures |
7.3 Residual risk evaluation |
7.4 Benefit-risk analysis |
7.5 Risks arising from risk control measures |
7.6 Completeness of risk control |
8 Evaluation of overall residual risk |
9 Risk management review |
10 Production and post-production activities |
10.1 General |
10.2 Information collection |
10.3 Information review |
10.4 Actions |
Annex A Rationale for requirements |
A.1 General |
A.2 Rationale for requirements in particular clauses and subclauses |
Annex B Risk management process for medical devices |
B.1 Correspondence between second and third editions |
B.2 Risk management process overview |
Annex C Fundamental risk concepts |
C.1 General |
C.2 Examples of hazards |
C.3 Examples of events and circumstances |
C.4 Examples of relationships |
Applying ISO 14971
Applying risk management to medical devices in an organization in conformity with ISO 14971 involves several key steps to ensure the safety and effectiveness of the devices throughout their lifecycle.
Here are those steps.
Establish a Risk Management Process
Develop and implement a risk management process that aligns with the principles and requirements outlined in ISO 14971. This process should be documented and tailored to the organization’s specific needs and context.
Define the Scope
- Clearly define the scope of the risk management process, including the medical devices or product lines to which it applies.
- Consider factors such as intended use, patient population, and regulatory requirements.
Identify Hazards
Identify and document potential hazards associated with the medical device throughout its lifecycle. This includes hazards related to design, manufacturing, packaging, labelling, storage, transportation, and use.
Estimate Risk
Evaluate the severity of harm that could result from each identified hazard and assess the probability of occurrence. Use qualitative and/or quantitative methods to estimate the level of risk associated with each hazard.
Evaluate Risk
- Assess the identified risks against predetermined criteria to determine whether they are acceptable or require further risk mitigation.
- Consider factors such as the probability of harm, severity of harm, and the acceptability of risk based on the device’s intended use and patient population.
Implement Risk Controls
Develop and implement risk controls to mitigate or eliminate identified risks to an acceptable level. This may involve design changes, process modifications, protective measures, warnings, instructions for use, or other measures to reduce risk.
Verify Risk Controls
Verify the effectiveness of implemented risk controls through testing, analysis, or other means. Ensure that the risk controls adequately mitigate or eliminate the identified hazards and reduce the associated risks to an acceptable level.
Document Risk Management Activities
- Document all risk management activities, including hazard identification, risk assessment, risk evaluation, risk control measures, and verification activities.
- Maintain a risk management file or record that provides a traceable history of the risk management process.
Review and Update
- Regularly review and update the risk management process and documentation to reflect changes in the medical device, its intended use, the regulatory landscape, or other relevant factors.
- Ensure that risk management activities are conducted throughout the device’s lifecycle.
Integrate with Quality Management System
Integrate the risk management process with the organization’s quality management system (QMS) to ensure alignment and consistency with other regulatory requirements and quality processes.
Monitor and Improve
- Monitor the effectiveness of the risk management process and identify opportunities for improvement.
- Use feedback from post-market surveillance, adverse event reporting, and other sources to continually enhance the safety and effectiveness of the medical device.
In conclusion…
By following these steps, organizations can effectively apply risk management to medical devices in conformity with ISO 14971, leading to safer products, improved regulatory compliance, and enhanced patient outcomes.
ISO 14971 can be purchased through the ISO.org website.
This Post Has 0 Comments