EXECUTIVE SUMMARY

ISO 14971 is an international risk management standard for
medical devices (including in vitro diagnostic medical devices).
It defines a set of medical device risk management requirements.

The purpose of this standard is to help manufacturers to establish
a medical device risk management process that can be used to
identify hazards, to estimate and evaluate risks, and to implement
and monitor the effectiveness of risk control measures.

ISO 14971 was first published in 2000. This second edition was
officially published on March 1, 2007. It cancels and replaces the first
edition. ISO 14971 was developed because no standard existed at the
time and because regulators throughout the world wanted manufacturers
to apply risk management to their medical devices. When the standard
development process began it soon became obvious that “absolute
safety” was not achievable.

In addition, it became clear that product safety standards cannot
deal with all possible risks. There are just too many products and
applications for a product oriented approach to work effectively.
Because of this, and because there was a great need to manage
risks throughout the entire product life-cycle, the standards
development committee decided to prepare ISO 14971.

SCOPE OF STANDARD

ISO 14971 applies to all medical device manufacturers and all
medical devices and should be used to manage risk throughout
all stages of the product life-cycle from initial concept right through
to final disposal. It applies to product design, production, and all
post-production activities. Since risks can be introduced throughout
the product life-cycle and since risks that emerge at one point can
often be controlled at a completely different point, ISO 14971
must be used throughout the product’s entire existence.

However, this standard does not apply to clinical decision making.
Whether or not a medical device should be used in the context of a
particular clinical procedure is a matter of judgment. Such judgments
are usually made by qualified health care professionals and are not
regulated by this international standard.

REGULATORY ENVIRONMENT

ISO 14971 is widely recognized as the official standard for medical
device risk management. Regulators in most major markets expect
medical device manufacturers to use this standard to manage risk.
ISO 14971 has been officially recognized by the U.S. FDA and by
Health Canada. In addition, the European Union has adopted it as
a harmonized standard and Australia and Japan have accepted it
as the official standard for medical device risk management.

Medical device risk management is now mandatory in most
countries and regions of the world. Every regulated medical device
manufacturer now needs to be able to prove to regulators that they
use risk management methods to control risk and to ensure that
their products are safe.

CERTIFICATION

ISO 14971 does not expect medical device manufacturers to
become certified. You can simply use the standard to manage
risk and then declare that you are in compliance (if you can
demonstrate that this is in fact true).

However, regulators may require certification and your customers
may be more impressed if an independent registrar (certification body)
has confirmed that you use the standard to manage risk and that you
actually are in compliance.

While this standard does not expect you to become certified,
several registrars now offer certification services. Some of these
include BSI, Underwriters Laboratories, Intertek, and SGS.

STEP-BY-STEP OVERVIEW

ISO 14971 describes a risk management process
(Parts 3 to 9) and is organized in the following way:

3. Establish your risk management framework.
4. Perform a risk analysis for each medical device.
5. Evaluate risk for each identified hazardous situation.
6. Develop risk control measures when risk must be reduced.
7. Evaluate the overall residual risk posed by each device.
8. Review risk management process and prepare report.
9. Monitor device during production and post-production.

The following flowchart summarizes this material in diagrammatic form.
It highlights key decision points and lists the steps that should be taken.