ISO 14971 and Risk Management
The ISO 14971 is the standard for the "Application of Risk Management for Medical Devices". It describes a risk management process to ensure that the risks are known and dominated by medical and are acceptable when compared to benefits. This process intends to include the following steps:
- Define risk policy (risk acceptance criteria). This is often done in the form of a risk acceptance matrix.
- Perform hazard analysis: Identify the hazards of the medical device derived from the intended use
- Perform risk analysis: probabilities, severity of harms and thus risk estimate. Decide on the acceptability of those risks
- Define and implement risk mitgation measures, if the risks are not acceptable
- Analyze new risks resulting from these measures
- Decide on the acceptability of risks
- Market surveillance: watch the product in the market and continuously analyze risks and update risk acceptance criteria (according to the state-of-the-art)
Read more about how to integrate the risk management in the product development process.
The Harmonized Standard ISO 14971
The standard for the application of risk management for medical devices
The standard ISO EN DIN ISO 14971 requires that
- in medical devices, the risk policy is defined
- a risk analysis is performed (here you can apply methods for risk analysis such as FMEA, FTA and PHA method)
- the risks must be assessed according to the risk policy
- the risks must be minimized as much as possible
- the effectiveness of risk mitigation measures must be examined.
The ISO 14971 is published as a harmonized standard by the national standardization body as DIN 14971 (Germany) and OE 14971 (Austria).
Here you will find information on the changes by the ISO 14971:2012 (Annex ZA).
ISO 14971:2012 The New Standard for Risk Management
Virtually overnight, from 31.08.2012 to 01.09.2012 the ISO 14971: 2012 was published without a transition period as a harmonized standard for risk management for medical devices. This article introduces you to these changes.
Harm and Severity
The ISO 14971, the standard for risk management for medical devices, defines the term severity as a "measure of the potential impact of a hazard".
The risk acceptance matrix serves manufacturers in assessing the risks based on the probability and severity of harm.
Hazard and Hazardous Situation
Even though the ISO 14971 defines the terms hazard and hazardous situation, it is still often not so easy for medical products manufacturers to differentiate these two terms. This article will help understand these terms clearly.
Each medical device comes with risks. Manufacturers must determine which risks they deem acceptable and which unacceptable. This is usually expressed in the form of a risk acceptance matrix.
Risk Mitigation and Risk Control
Risk analysis is a search of hazards and an assessment of the possibilities and severities resulting damages. The aim of risk analysis is to identify risks. Usually medical device manufacturers act in the following way in terms of risk analysis: First, search for hazards, second, estimate the probabilities and severities of damages, third, decide on the approval of those risks.
The medical device manufacturers define software risk management either the risk management, which they need to operate for the standalone software, or the part of risk management, that an embedded software entails.