1. New edition of ISO 14971:2019.
  2. Medical device risk management – technical report and provisions of the standard.
  3. Change in the interpretation of risk management of medical devices.
  4. Changes to the standard from previous editions.

New edition of ISO 14971:2019.

ISO revised the standard under review in December 2019. This is the third edition: ISO 14971:2019 Medical Devices – Application of Risk Management to Medical Devices. This standard includes the terminology, principles, and processes of medical device risk management, including both medical device software and diagnostics.

ISO 14971:2019 – medical device risk management

Medical device risk management – technical report and provisions of the standard

Proper risk management is a key process throughout the medical device lifecycle. It is a process that enables companies to develop safe and effective devices that improve and save lives.

The changes to ISO 14971: 2019 and the accompanying technical report ISO TR 24971: 2020 (effective July 2020) are quite extensive and relevant to all medical device manufacturers.

The final approach was that the informative appendices would mostly be contained in ISO TR 24971, since the technical report is easier to update than the standard.

Although the technical report complements the standard, it is important to note that the information in ISO TR 24971:2019 serves only as guidance, not requirements. In addition, the first 3 appendices in ISO 14971:2019 act as guidance, not requirements.

Changing the interpretation of medical device risk management

It is important to note that the basic risk management process has not changed, but its interpretations have been updated. The standard now also discusses the “risk management system,” not just the risk management process.

Risk management occurs in three steps:

Hazard identification.
Risk assessment (i.e., analysis and evaluation).
Risk management.
ISO 14971:2019 – medical device risk management

Changes in the standard compared to previous editions

The main changes from the previous edition are as follows:

  • Included a paragraph on regulatory references.
  • Defined terms are updated and many of them are taken from the ISO/IEC 63:2019 manual. Certain terms are printed in italics to help the reader find them in the text of the document.
  • Integration with the quality management system.
  • Definitions have been introduced: benefit, reasonably foreseeable abuse, and state-of-the-art scientific and technological development.
  • More attention is paid to the benefits that are expected from the use of a medical device. The term “benefit and risk analysis” is consistent with the terminology used in some regulations.
  • It is explained that the process described in ISO 14971 can be used to manage risks associated with medical devices, including those related to data and system security.
  • The risk assessment method and acceptance criteria should be defined in the risk management plan. This method may include the collection and analysis of medical device data.
  • The residual risk disclosure requirements have been moved and combined into one requirement after the overall residual risk has been assessed and deemed acceptable.
  • Before commercial distribution of the medical device, the review concerns the implementation of the risk management plan. The results of the review are documented in the form of a risk management report.
  • Requirements for production and post-production activities have been clarified and restructured. The information to be collected and the actions to be taken when the information collected is reviewed and determined to be safety-relevant are outlined in more detail.