The third edition of ISO 14971 and its relation to other standards

The second edition of ISO 14971 was published in 2007 and the third edition is expected in 2019, together with the revised companion document ISO/TR 24971 containing extensive guidance on the application of ISO 14971. The requirements in the third edition of ISO 14971 are expressed more accurately and are elaborated with more detail compared to the second edition.

ISO 14971 provides a generic process for risk management of all kinds of medical devices, applicable to the entire life cycle from design and development through production and post-production until decommissioning and disposal. The standard is primarily aimed at medical device manufacturers, but it can also be used by other parties involved in the life cycle of the medical device such as suppliers. It can also be applied to other products that are not necessarily considered as medical devices in all jurisdictions but that can be subject to medical-device regulations or similar regulations, such as the products without an intended medical purpose listed in Annex XVI of the EU MDR. Due to its generic character, ISO 14971 needs to be applied in combination with other process standards and device-specific standards in order to ensure the safety of the medical device and to demonstrate compliance with all regulatory requirements.

It is important to investigate use errors in the medical device development. The kind and type of use errors are difficult to predict and also the probability that they will actually occur. The usability engineering process described in IEC 62366-1 can replace some steps in the risk management process, because this standard provides dedicated methods to identify hazardous situations related to use error and to evaluate the effectiveness of the risk control measures in the user interface of the medical device. Similarly, other process standards can be used in conjunction with ISO 14971. For example, ISO 10993-1 provides the general principles of and a process for the evaluation of biological risks of materials expected to come in contact with the patient or the user of the medical device. ISO 14155 applies to the clinical investigation of medical devices on humans and provides the principles for good clinical practice. This includes ethical considerations, responsibilities of the parties involved, and requirements for planning, conduct, recording and reporting of clinical investigations. IEC 62304 defines a common framework for the life-cycle processes of medical device software, which can be embedded software intended to be incorporated in a medical device or stand-alone software intended to be used as a medical device. This framework includes requirements for development and maintenance planning, documentation, classification and risk management.

Device-specific standards need to be applied together with ISO 14971. These standards can be regarded as representing the generally acknowledged state of the art, providing technical solutions to control specific risks that are typical for the given category of medical devices. Compliance with such standards can be used to deduce that the corresponding risks are reduced to acceptable levels, unless there is objective evidence to the contrary. Many device-specific ISO standards exist for a wide range of (mostly non-electrical) medical devices and their components. Also, there are many particular standards IEC 60601-2-x and IEC/ISO 80601-2-x for the basic safety and essential performance of medical electrical equipment. Each of these particular standards applies to a specific category of medical electrical equipment and has been developed as a dedicated version of the general safety standard IEC 60601-1. The manufacturer needs to consider which combination of process standards and device-specific standards is appropriate for the medical device or medical equipment that is being developed.

This is an excerpt from the forthcoming white paper Risk management for medical devices and the new ISO 14971. To download our other medical device white papers, please visit the Insight page on the Compliance Navigator website.