Is there a risk in revising the risk management standard, ISO 14971, for medical devices?

 

Revision of ISO 14971 underway

Risk management is a key process for the medical devices sector. Feeding specific regulatory requirements into a robust risk management process can lead to more effective compliance with user needs and legal obligations. The International Standard ISO 14971:2007 - Medical devices — Application of risk management to medical devices - was adopted as a European standard in 2007. The European adoption of the standard was reissued as EN ISO 14971:2012. The requirements remained identical to the 2007 international edition of the standard.

After much discussion, it was decided late last year that the international standard ISO 14971:2007 would be revised. It is expected that the revised international standard will be adopted as a European Standard and that the requirements of the imminent Medical Devices Regulations will be considered. The Working Group is holding its first face to face meeting to start on the revision in February

The relationship between ISO 14971 and ISO 31000 - an international standard on enterprise risk management – is also an issue. ISO 31000 has a very broad definition of risk but ISO 14971 uses a definition aligned with the use of risk in regulatory requirements for the medical device sector.  The challenge for the revision of ISO 14971 will be trying to achieve consistency between ISO 31000 and device requirements. Perhaps the opportunity is to clarify that the scope of ISO 14971 relates to risk management for products and excludes wider enterprise risk management considerations.

Many comments have been received on the guidance on the application of the standard and not to the requirements themselves. The guidance in ISO 14971 is presented in a series of annexes to the standard. The guidance is not structured to flow parallel with the requirements.  More guidance on some aspects of risk management was published in 2013 in a separate technical report, ISO TR 24971 but not many people know of the existence of this document.

How well does the standard address risk management once a device is placed on the market? These post-market aspects of risk management have been much discussed in the USA and are discussed in a recent report issued by AAMI .

The approval to revise ISO 14971 is intended to leave the underlying risk management process unchanged. Guidance is to be removed from ISO 14971 and included in updated version of the technical report ISO TS 24971.

This is a key standard for the medical device sector. You should keep an eye on progress and provide input when the opportunity comes. The extent of the revision is intended to be limited but watch out for scope creep.

 

Author: Eamonn Hoxey, of E V Hoxey Ltd, UK, is a writer, trainer and consultant on a range of life science areas including regulatory compliance, quality management, sterility assurance and standards development.

The Compliance Navigator blog is issued for information only. It does not constitute an official or agreed position of BSI Standards Ltd or of the BSI Notified Body.  The views expressed are entirely those of the authors.