A quick guide to ISO 14971 Risk Management

By Kamiya Crabtree, Regulatory Medical Writer at Mantra Systems Ltd.

The go-to standard for risk management in medical devices is ISO 14971—Medical devices—Application of risk management to medical devices—which establishes requirements for managing risk throughout the entire life cycle of a medical device, from initial conception to final decommissioning. The current iteration, the third edition, was released in 2019.

What is a risk??

ISO 14971 defines risk as:

"The combination of the probability of occurrence of harm and the severity of that harm."??

This definition serves as the foundation of risk management for medical devices.

What is risk management for medical devices??

Risk management for medical devices helps manufacturers identify potential hazards, assess associated risks, and implement measures to reduce those risks.

The formal definition of risk management according to ISO 14971 is:??

”The systematic application of management policies, procedures and practices to the tasks of analysing, evaluating, controlling and monitoring risk.”?

The six steps in the?risk management process of ISO 14971?

Core Principles of ISO 14971:2019?

One of the biggest differences in ISO 14971:2019, compared to previous editions, is the increased emphasis on post-market risk assessment requirements. As part of a device risk management plan, manufacturers must establish a system to collect and analyse data about products after they are on the market. For some manufacturers, setting up these data collection channels is new and may require creative thinking to determine the best way to gather device data.

ISO 14971:2019 emphasises a few key principles for effective risk management:?

• Risk Acceptability – Defining the acceptable risk levels of the device ?

• Risk-Benefit Analysis – Conducting a benefit-risk analysis for residual risk?

• Lifecycle approach – Apply risk management continuously??

• Documentation and Traceability – Keep a comprehensive record of risk management activities??

Documentation Requirements??

ISO 14971:2019 mandates that all risk management activities are documented in a Risk Management File (RMF). This file should include:?

• The risk management plan and criteria?

• Records of risk analysis, evaluation, and control activities?

• Justifications from the benefit-risk analysis for residual risks?

• Verification records for risk controls and residual risk acceptability?

• Results from periodic reviews and post-market monitoring?

Successful compliance with ISO 14971?

Manufacturers often leave risk management activities to late in the design controls process. Not only does this limit risk management’s ability to improve the design, but it also fails to comply with the requirements of ISO 14971 and ISO 13485. The design controls process, required as part of a quality management system (QMS), ensures that device development is carried out in a structured and organised manner. This process verifies that regulatory and user requirements are met throughout development, leading to improved device design and safety, ultimately reducing nonconformances and field incidents??

By integrating risk management into these early design decisions, hazardous situations can be considered early on and may be mitigated through design choices if needed. This requirement is built into ISO 14971 but is also cross integrated in ISO 13485 directly.??

Need expert guidance on risk management documentation? Contact us today to learn more and ensure compliance with confidence.