Risk management by BS EN ISO 14971

General

The risk management process described in BS EN ISO 14971 [1] consists of several steps, as illustrated in Figure 1, which apply to the design, development, production and post-production stages of every medical device. The distinct process steps are numbered from 1 to 6 and discussed in detail in this paper. It is important to recognize that these steps need to be documented in procedures in the manufacturer’s organization. The procedures for risk management can be embedded in a quality management system, but this is not required by BS EN ISO 14971. The reason is that regulations in some countries do not oblige manufacturers of low-risk medical devices to implement a quality management system.

However, if a manufacturer has implemented a quality management system, it is recommended to integrate the risk management procedures into that system. In this context, it is emphasized that the European MDR and IVDR [6, 7] require the manufacturer to implement a quality management system that addresses risk management.

A selection of important definitions in BS EN ISO 14971 [1] is given in Table 1. These defined terms are frequently used in this paper. The definitions for benefit and reasonably foreseeable misuse are new in the third edition of the standard. It is further noted that the numbering of the clauses has changed in the third edition of BS EN ISO 14971, because a clause on normative references has been inserted following requirements by the ISO/IEC Directives.

Table 1 – Important definitions in BS EN ISO 14971 [1]

This blog post is an excerpt from our updated whitepaper: Risk management for medical devices and the new BS EN ISO 14971. Please download the full whitepaper to find out more information. The Compliance Navigator blog is issued for information only. It does not constitute an official or agreed position of BSI Standards Ltd or of the BSI Notified Body. The views expressed are entirely those of the authors.