What is ISO 14971:2007?

Application of Risk Management to Medical Devices

When it comes to the medical device industry, risk management is essential for a company’s process. ISO 14971 addresses risk management, and is the international standard designed for the medical device industry, which defines the best practices throughout the entire life cycle from design to distribution and maintenance. You want to guarantee that all of your products are safe and effective, and having a risk management system in place is crucial to keep things on track.

iso 14971
Buy ISO 14971

ISO 14971 outlines a process to identify the hazards associated with medical devices. It helps insure the safety of a medical device during the product life cycle. The process steps are:

  1. Estimate and evaluate risks
  2. Control risks
  3. Monitor risk control effectiveness

There are many risks associated with the design & production of Medical Devices but also in their use. Risk to safety of patients, users, handlers and Regulatory Product liability must all be managed. Manufacturers must conduct and document a risk management process.

Tools to help with Risk Management:
guide 73
ISO Guide 73
– Risk management vocabulary
Risk Management Exercise and PowerPoint
risk procedure
Risk Management Procedure

ISO 14971 is recognized by:

  • The U.S. Food and Drug Administration (FDA)
  • The EU has harmonized with European Medical Devices Directive 93/42/EEC.
  • ISO 13485 refers to ISO 14971 for guidance related to risk management.

Download a free presentation:

iso14971 Compare Risk Management requirements of ISO 13485, ISO 14971, and FDA QSR-820

How are ISO 14971 and ISO 13485 related?

The two standards work together and are related. ISO 13485 is focused on regulatory and customer requirements and for medical devices. As ISO 13485 requires risk analysis and record keeping pertaining to any risk, ISO 13485 looks to ISO 14971 for guidance. ISO 14971 is more detailed when it comes to risk management requirements.

Risk Management Plan in your organization

ISO 14971 provides a framework of risk management activities as applied to medical devices. From initial analysis to risk control & evaluation, the probability and frequency of harm can be assessed, analyzed & managed.

Risk Analysis and Management Plan

Create a mitigational plan outlining your risk management program, the required resources, and the training/experience of the those calculating the risks. Measure and monitor processes as required in ISO 13485.

risk management

Organizational Commitment

As required in ISO 13485, management commitment and involvement is essential. Risk objectives are part of the organization’s goals and resources must be allocated to properly mitigate risk.

Estimate Risks

ISO 14971 requires medical device manufacturers to consider all possible negative consequences resulting from use of their device. There are several ways to identify the risks in medical devices, then you estimate it’s probability and impact as defined in the standard.

Control Risk

Determine ways to minimize risk to an acceptable level, which must be clearly communicated to all stakeholders.


ISO 9001 All in One Package