What is ISO 14971:2007 Risk Management for Medical Devices?
When it comes to the medical device industry, risk management is essential for a company’s process. ISO 14971 addresses risk management, and is the international standard designed for the medical device industry. This standard defines the best practices throughout the entire life cycle from design to distribution and maintenance. It is paramount for your organization to guarantee that your products are safe and effective, and having a risk management system in place is crucial.
|Need Help with Risk Management:|
ISO Guide 73 – Risk management vocabulary
Risk Management Exercise and PowerPoint
Risk Management Procedure
How are ISO 14971 and ISO 13485 related?
The two standards work together and are related. ISO 13485 is focused on regulatory and customer requirements and for medical devices. As ISO 13485 requires risk analysis and record keeping pertaining to any risk, ISO 13485 looks to ISO 14971 for guidance. ISO 14971 is more detailed when it comes to risk management requirements.
Common Risk Assessment Tools
- Risk Matrix
- PHA = Preliminary Hazard Analysis
- FTA = Fault Tree Analysis
- FMEA = Failure Mode Effects Analysis
- HAZOP = Hazard Operability Analysis
- HACCP = Hazard Analysis and Critical Control Point
NOTE: Risk Management Worksheet Required for all operations or training and must be completed during planning phase Reviewed before operations/training
Risk management are becoming front and central to every medical device regulatory agency. Today, regulatory agencies are even using risk based processes throughout their internal processes when reviewing
ISO 14971 outlines a process to identify the hazards associated with medical devices. It helps ensure the safety of a medical device during the product life cycle. The process steps are:
- Estimate and evaluate risks
- Control risks
- Monitor risk control effectiveness
There are many risks associated with the design & production of Medical Devices and also in their use. Risk to safety of patients, users, handlers and Regulatory Product liability must all be managed. Manufacturers must conduct and document a risk management process.
Why Perform risk analysis?
- It is required
- It could save a costs of consequences
- Protection from product liability.
- Regulatory submissions checklists (PMA and 510k) used by the FDA include risk analysis.
Risk Management Plan in your organization
ISO 14971 provides a framework of risk management activities as applied to medical devices. From initial analysis to risk control & evaluation, the probability and frequency of harm can be assessed, analyzed & managed.
Risk Analysis and Management Plan
Create a mitigation plan outlining your risk management program, the required resources, and the training/experience of the those calculating the risks. Measure and monitor processes as required in ISO 13485.
As required in ISO 13485, management commitment and involvement is essential. Risk objectives are part of the organization’s goals and resources must be allocated to properly mitigate risk.
ISO 14971 requires medical device manufacturers to consider all possible negative consequences resulting from use of their device. There are several ways to identify the risks in medical devices, then you estimate it’s probability and impact as defined in the standard.
Determine ways to minimize risk to an acceptable level, which must be clearly communicated to all stakeholders.
- Risk Management Planning
- Risk Analysis
- Risk Evaluation
- Risk Controls
- Overall Residual Risk Acceptability
- Risk Management Report
- Production & Post-Production Information
Three rules of risk management:
- Benefits must exceed cost
- Accept no unnecessary risk
- Make decisions at the appropriate level in the organization
ISO 14971 is recognized by:
- The U.S. Food and Drug Administration (FDA)
- The EU has harmonized with European Medical Devices Directive 93/42/EEC.
- Australia TGA
- Japan MHLW
- ISO 13485 refers to ISO 14971 for guidance related to risk management.