Considered the internationally accepted standard for the medical device industry, ISO 14971 is a guide for risk management of medical device manufacturing. Companies need to maintain explicit risk management policies and risk management plans, as well as training on the topics, while designing and developing products through their entire life cycle. There are two major co-dependent factors used in determining whether the risks the medical device poses are acceptable. On one axis there is probability of a hazardous event’s occurrence, or the likelihood of this event happening. On the other axis there is the evaluation of the severity of the event, or how risky the consequences are. In such cases where risk falls in an unacceptable range, there must be a review of the genuine benefit that comes with the continued permission of the residual risks. If found that the risk continues to remain unacceptable, steps for risk control must be taken to effectively mitigate or eliminate risk. ISO 14971 outlines this in a nine-part process of going through risk analysis, a risk evaluation, risk mitigations, and a residual risk analysis and management for medical device companies to prove risk management is accounted for in their reports. A digital copy of ISO 14971 (2007) has been made available online and can be viewed here.

Applications to medical device risk management

When dealing with high levels of investment as well as pioneering innovative ideals, regulations like ISO 14971 become a necessary factor in ensuring streamlined device design and development is safe—without unacceptable risk for all stakeholders involved. Original Equipment Manufacturers (OEMs) often overlook ISO 14971 with concerns the costs associated with risk factors are not justified and proceed to face a variety of complications that prevent their product from ever reaching production. Risk analysis of hazardous factors, like viruses or user inattentiveness, must be taken into account throughout the process of production and post-production, but especially so at the initial planning stages. This is to ensure solutions are met for possible risks early on which in turn lowers both potential monetary and time costs and sources of harm. Once to market, reliable ISO 14971 compliant risk management assures consumers that the industry approved product will provide a positive experience that is best suited for the nature of their intent. To learn more about risk management, read Sterling’s Risk Management page here.

Background information

ISO 14971 is published by the International Organization for Standardization, commonly referred to as ISO. ISO is derived from the Greek word Isos, meaning “equal”. ISO 14791 was made to be a culmination of ISO/IEC Guide 51 and 63, with the most significant revision published in 2007 considered the most up to date standard, especially in comparison to FMEA which only focuses on failure analysis rather than risk management. Since 2013, there is now an advanced technical report known as ISO/TR 2491 to provide expert guidance on the applications of ISO 14971.