Relation of BS EN ISO 14971 with other standards

Other standards for medical devices and processes

BS EN ISO 14971 [1] provides a generic process for risk management of
all kinds of medical devices, applicable to the entire life cycle from
design and development through production and postproduction until
decommissioning and disposal. The standard is primarily aimed at
medical device manufacturers, but it can also be used by other parties
involved in the life cycle of the medical device such as suppliers. It can
also be applied to other products that are not necessarily considered as
medical devices in all jurisdictions but that can be subject to medicaldevice
regulations or similar regulations, such as the products without
an intended medical purpose listed in Annex XVI of the EU MDR [6]. Due
to its generic character, BS EN ISO 14971 needs to be applied in
combination with other process standards and device-specific standards
in order to ensure the safety of the medical device and to demonstrate
compliance with all regulatory requirements.

As indicated above in Risk assessment (process step 2) where
reasonably foreseeable misuse was discussed, it is important to
investigate use errors in the medical device development. The kind and
type of use errors are difficult to predict, as is the probability that they
will actually occur. The usability engineering process described in IEC
62366-1 [21] can replace some steps in the risk management process,
because this standard provides dedicated methods to identify hazardous
situations related to use error and to evaluate the effectiveness of the
risk control measures in the user interface of the medical device.
Similarly, other process standards can be used in conjunction with BS
EN ISO 14971. For example, BS EN ISO 10993-1 [22] provides the general
principles of and a process for the evaluation of biological risks of
materials expected to come in contact with the patient or the user of the
medical device. BS EN ISO 14155 [23] applies to the clinical investigation
of medical devices on humans and provides the principles for good
clinical practice. This includes ethical considerations, responsibilities of
the parties involved and requirements for planning, conduct, recording
and reporting of clinical investigations. IEC 62304 [24] defines a
common framework for the life-cycle processes of medical device
software, which can be embedded software intended to be incorporated
in a medical device or standalone software intended to be used as a
medical device. This framework includes requirements for development
and maintenance planning, documentation, classification and risk
management.

Device-specific standards need to be applied together with BS EN ISO
14971. These standards can be regarded as representing the generally
acknowledged state of the art, providing technical solutions to control
specific risks that are typical for the given category of medical devices.
Compliance with such standards can be used to deduce that the
corresponding risks are reduced to acceptable levels, unless there is
objective evidence to the contrary. Many device-specific ISO standards
exist for a wide range of (mostly non-electrical) medical devices and
their components. Also, there are many particular standards – IEC
60601-2-x and IEC/ISO 80601-2-x – for the basic safety and essential
performance of medical electrical equipment. Each of these particular
standards applies to a specific category of medical electrical equipment
and has been developed as a dedicated version of the general safety
standard IEC 60601-1 [25]. The manufacturer needs to consider which
combination of process standards and device-specific standards is
appropriate for the medical device or medical equipment that is being
developed.

Other standards and guides for safety and risk management

As a risk management standard, the purpose of BS EN ISO 14971 [1] is to
assist manufacturers in achieving safety (i.e. freedom from unacceptable
risks) for the medical devices that they develop and place on the market.
BS EN ISO 14971 is based on ISO/IEC Guides 51 and 63. ISO/IEC Guide 51
[26] is addressed to writers of international standards for all sectors and
provides guidelines on how to include safety aspects. ISO/IEC Guide 63
[27] provides guidelines on how safety aspects should be included in
standards specifically for the medical device sector.

This guide was developed based on ISO/IEC Guide 51 and is addressed to
writers of international standards for medical devices. This was
considered necessary in view of the high importance of safety and the
strict regulatory requirements in this sector. The two standards
expressing the essential principles for safety and performance of
medical devices [17] and in vitro diagnostic medical devices [18] are
based on BS EN ISO 14971 and ISO/IEC Guides 51 and 63. Risk in all
these documents is defined in terms of the probability of occurrence of
harm and the severity of possible harm. In all safety standards directly or
indirectly derived from ISO/ IEC Guide 51, harm can be injury or damage
to the health of people, but also damage to property or the environment
(see Table 1). Thus, we can say that the concepts of risk in these
documents are based on well-established safety principles.

The concepts and definition of risk in BS EN ISO 14971 are in strong
contrast with those in ISO Guide 73 [28] (risk management vocabulary)
and BS ISO 31000 [29] (risk management guidelines). Risk in [28, 29] is
defined as the effect of uncertainties on (business) objectives. Since
these effects can be positive or negative, the risk in the latter documents
can be related to threats as well as opportunities. The guidelines in BS
ISO 31000 are expressed in general, high-level language and are
intended for business risk management and dealing with uncertainties.
This makes BS ISO 31000 not suitable for applying safety principles and
managing risks in product development. Nevertheless, one can recognize
the typical process steps that are present in any risk management
process [1, 10, 13, 26, 27]. However, the general guidelines of BS ISO
31000 need to be ‘translated’ carefully to each specific situation and
each specific product being considered. For the application of risk
management to medical devices, this translation has already been
performed in ISO/ IEC Guide 63 [27] and BS EN ISO 14971.

This blog post is an excerpt from our updated whitepaper: Risk
management for medical devices and the new BS EN ISO 14971. Please
download the full whitepaper to find out more information.