EN ISO 14971:2012 and the Z-annexes

EN ISO 14971: 2012: What has been changed to the standard

Virtually overnight, namely from 31.08.2012 to 01.09.2012 the ISO 14971: 2012 was published without a transition period as a harmonized standard for risk management for medical devices. This article introduces you to these changes.

One of the main innovations of ISO 14971 in 2012 (ISO 14971: 2012) was the requirement that all general risks must be minimized as far as possible, so there are no acceptable risks, per se. 

The clarifications and additions in the informative (!) Annex ZA were written partly as a reinterpretation. Let's explore the various sub-chapters of this Annex:

  1. Chapter
    Risks that are generally acceptable no longer exist. Every single(!) risk must be assessed. This means that there can no longer be a "classical" risk acceptance matrix made from acceptable, ALARP and unacceptable risks (i.e. "green, yellow and red"). Instead there can only be yellow and red risks, metaphorically speaking. This is really something new.
  2. Chapter
    There is no general threshold below which a manufacturer does not have to do something in order to mitigate risks. There now exists only one threshold below the one of the already reduced risks that can be accepted. There is a difference.
  3. Chapter
    Next, the standard requires that risks no longer be reduced "as low as reasonably practical" but should be reduced to "as low as reasonably possible". The difference is in the economic considerations, which no longer play a role in the second version.
  4. Chapter
    In the old understanding of the ISO 14971, the overall risk-benefit assessment was only necessary when not all the risks were in the green zone. This evaluation, covering all risks, is mandatory now at least with the EN ISO 14971: 2012.
  5. Chapter
    You could have understood the "old 14971” so that you can choose between the measures "intrinsic safety", "protection" and "information", as long as you tried, in this order, to implement the measures. Now it is clarified that all measures are - if applied cumulatively - possible. Why an inherently safe measure, needs further action, remains unclear. To refrain from first seeking inherent measures, however, has always been contrary to the norm.
  6. Chapter
    This chapter is directly connected with what has just been said and repeats that the MDD in talking about the "inherently safe design and construction”. The real problem, namely the lack of definition of the inherent security, is not resolved.
  7. Chapter
    The information to the user can no longer be understood as measures that effectively mitigates risks. However, this is misleading. Of course, a risk does not disappear when one informs a user about the risk in general. If, however, as an example, a medical device asks the user when entering a drug "Are you sure you want to prescribe Mr XY penicillin despite his penicillin allergy?", then this is certainly a suitable measure to reduce the risk posed by the product to prescribe the wrong medication. The reduction in the risk resulting from the reduction of the probability.

The e-learning library shows you over 15 video exercise step by step, how you can create a lean and ISO 14971:2012 compliant risk management file.

EN ISO 14971:2012: Behind the scenes

Requirements by Medical Devices Directive 

Harmonized standards are designed to give manufacturers specific evidence, whether they comply with requirements of the EU directives. A manufacturer meeting these standards, is supposed to fulfill the requirements of the directives as well.

The main concern - perhaps even the only relevant one - is that medical devices must have an acceptable risk / benefit ratio. That means that the products actually help the patient and at the same time, the side effects have to be reduced as far as possible. 

The problems with the (old) ISO 14971

The ALARP area of risk management is defined as the area, in which risks must be reduced "as low as reasonably practical" (ALARP). But this "as far as possible" reference is understood in the ISO 14971 a little differently from the MDD - at least in the formulation they are not entirely clear. Each risk should be reduced "as far as possible" and not "as low as reasonably practical". What does "practical" mean? As far, until they have no more interest? So far, that one would have to design a new device? As far, until there is no more time or money?

In practice this has much to do with economic considerations that should be ignored in risk management. One consequence could be to simply abolish this ALARP region. Another is to establish for each ALARP risk, which is why a reduction is not reasonably possible. So rather an "as low as reasonably possible". This is how we manage it with our customers the whole time.

Changing to EN ISO 14971: 2012 What were the available alternatives

But what do you do when it turns out that a standard is no longer appropriate to maintain this assumption? For example, because it addresses the requirements of the directives incompletely or even wrong? You have several options:

  1. You de-harmonize the standard
  2. You change the standard
  3. You re-interpret the standard

For a short time, de-harmonizing (!) the ISO 14971 was apparently discussed. Now, they picked the third option and complement an appendix. The authors of ISO 14971 are running out of letters for the annex we have now arrived at ZA. There is no shortage of ideas. Because the 2012 edition differs from its predecessors, it’s in a class of its own. 

If you have questions for the practical implementation of the ISO 14971:2012, and have the new features, then use the free audit consulting.


Prof. Dr. Christian Johner

Find out what Johner Institute can do for you

A quick overview: Our


Learn More Pfeil_weiß

Always up to date: Our


Learn More Pfeil_grau

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.