ISO 14971:2019 Risk Management – A Crash Course on Changes

Risk management has been a challenging subject for businesses, and there are different international standards dealing with the risk management approaches for different applications such as ISO 31000 for general enterprise risk management and ISO 14971 for risk management related to medical devices. In medical devices industry, risk management is vitally important in different phases of product development, production, and post-production activities. The importance of risk management in the medical devices industry has demanded an internationally agreed standard i.e. ISO 14971.

Buy ISO 14971 standard from an online BSI store.

ISO has recently revised the standard in December 2019. It is the third edition and is identified as ISO 14971:2019 and titled “Medical devices — Application of risk management to medical devices”. The third edition of ISO 14971:2019 along with an updated guidance document, ISO/TR 24971 offers sharp guidance and better detail in the implementation of risk management concepts while bringing into line with indispensable safety and performance values. European directives and regulations do not offer sufficient guidance on accompanying stages to structure the risk management process, nor on the acceptance of residual risks, so the standard fulfills the gap.  The new European EU MDR and IVDR mandate companies to implement a quality management system that has a robust system of risk management.

New Terms and Definitions in ISO 14971:2019

These are some new terms and definitions included in ISO 14971:2019:

Benefit: It is defined as per Clause 3.2 as “Positive impact or desirable outcome of the use of a medical device in the health of an individual, or a positive impact on patient management or public health.”

Within the note under the same clause; the standard further clarifies the term benefit as “Benefits can include positive impact on clinical outcome, the patient’s quality of life, outcomes related to diagnosis, positive impact from diagnostic devices on clinical outcomes, or positive impact on public health.”

It is imperative to state here that the requirements on risk-benefit analysis are not anticipated to change.

Reasonably foreseeable misuse: It is defined as per Clause 3.15 as “Use of a product or system in a way not intended by the manufacturer, but which can result from readily predictable human behavior.”

Within the note under the same clause; the standard further clarifies the term as “Readily predictable human behavior includes the behavior of all types of users, e.g. lay and professional user. Reasonably foreseeable misuse can be intentional or unintentional.”

State of the art: It is defined as per Clause 3.28 as “Developed state of technical capability at a given time as regards products, processes and services, based on the relevant consolidated findings of science, technology and experience.”

Within the note under the same clause; the standard further clarifies the term as “The state of the art embodies what is currently and generally accepted as good practice in technology and medicine. The state of the art does not necessarily imply the most technologically advanced solution. The state of the art described here is sometimes referred to as the “generally acknowledged state of the art”.

Other terms and definitions from ISO 14971:2007; for example “user error” “harm”, “manufacturer”, and “in vitro diagnostic medical device” were updated with minor wording changes

ISO 14971:2019 Versus ISO 14971:2007, EN ISO 14971:2012

The main structure of the standard now incorporates ten main clauses instead of nine, in addition to this; three enlightening annexures are also incorporated, listed as under:

  • Annexure A: Rationale for requirements
  • Annexure B: Risk Management Process for Medical Devices
  • Annexure C: Fundamental Risk Concepts.

Some clauses include minor explanation and changes to their notes and these are as under:

  • Clause 5.5 – Risk Estimation
  • Clause 6 – Risk Evaluation
  • Clause 7.1 – Risk Control Option Analysis
  • Clause 7.2 – Implementation of Risk Control Measures
  • Clause 7.3 – Residual Risk Evaluation
  • Clause 7.4 – Benefit-Risk Analysis

Clause 10.1 – Information Collection: A brief account of the important and pertinent updates fused within the standard compared with earlier ones are comprehensively put together below:

Clause 4.4 e) – Risk Management Plan: An update affirming that a method to evaluate and assess the overall risk and the criteria for acceptability of the overall risk needs to be incorporated

Clause 5.2: It elucidates the requirement to document reasonably foreseeable misuse

Clause 5.4: It enhances a requirement for hazardous situations to be reflected and documented. A reference to Annexure C is incorporated.

Clause 8 – Evaluation of overall residual risk: It adds incorporation of residual risk statement

Clause 9 – Risk Management Review: It further enhances the review requirement explaining that manufacturers needs to identify when subsequent reviews of the risk management plan’s implementation to be done and when the risk management report have to be updated.

Clause 10.2 – Information Review: It simplifies the requirement to review for likely significance to safety and incorporates changes in general state of the art.

Clause 10.3 – Actions: It bifurcates the actions and measures into specific medical devices and risk processes. It further enhances focus on medical devices already on the market or post-market analysis..

Annexure B: It offers a thorough correspondence between ISO 14971:2007 and ISO 14971:2019, together with a graphic explaining the changes in 2019.

Annexure C : It offers a graphic that explains the association of hazard, hazardous situation, sequence of events, and harm. Also comprises instances of hazards, events and situations, the connection between hazards foreseeable sequences of events, hazardous circumstances, and harm that can happen.

ISO 14971:2019 Aligns with EU MDR & EU IVDR

ISO 14971:2019 offers a comprehensive process for producers to recognize product hazards, evaluate risks, manage and mitigate risks, and assess the effectiveness of risk controls all over the life of a medical device i.e. life-cycle perspective. This new edition, comprises of ten clauses and three annexes, and is also harmonized with the general safety and product performance requirements within the new EU MDR and EU IVDR; it is likely to become a new European adopted standard and so signifies the state of the art.

TS Q&E can help Companies to Upgrade with the New Standard

While the new revision is intended mainly to demystify confusing concepts, and restructuring the standard but no substantial changes have been incorporated to the entire process to do risk management, companies still need to study device specific standards as well. These can be utilized  along with ISO 14971 and to manage particular risks related with around unique device groups to prove how risks can be minimized to satisfactory levels.

It is expected that few companies will have to employ due time updating references to the earlier standard in present documentation of quality management system (QMS). ISO 14971:2019 abandons and substitutes ISO 14971:2007. But, an interim period of three years subsequent to the official publication is a common practice to facilitate participants to efficiently update to the new edition. TS Quality and Engineering can help you in the process of updating your company’s risk management process, you can inquire us through our Contact Us page.

About the Author

Waqas Imam

S. M. Waqas Imam is associated with TS Quality as a Regional Partner. He is also an ambassador of Medical Device Community. He is an Industrial Engineer by qualification and served the manufacturing industry since 2011. He is also IRCA CQI Lead Auditor of ISO 9001 and other management system standards. He had served as Quality Assurance and Regulatory Affairs Manager in QSA Surgical Pvt. Ltd. and Ultimate Medical Products. He managed requirements of ISO 13485:2003, EU directives, CE marking and FDA. He also served as Expert Blog Writer for 13485Academy and wrote expert articles on various topics of ISO 13485:2016.