Information | Understanding | Best Practice.

ISO 14971 Risk Management Medical Devices.


General requirements of the ISO 14971 Risk Management Standard.

The scope of the standard covers design, development, manufacture, processing, distribution and post production patient use. Essentially risk needs to be considered at all stages throughout the life cycle of a product.

Management need to demonstrate an active commitment to risk management, must appoint competent staff to drive the risk processes and ensure that risk management is an on-going activity within the organization.

The risk analysis process needs to consider the intended and potentially any non intended use of a product. Clearly, a developer of a product cannot be held responsible for “off label” use, however potential “off label” risks should be considered and if possible minimized.

The overall risk associated with a product needs to be evaluated and the risks versus the benefits assessed.

On an on-going basis, feedback from production and post production activity needs to input into the risk management process so that risk levels and potential risk exposure can be continually updated.


When performing a Risk Assessment per ISO 14971, those responsible need to:


i) Clearly define the intended use of the device

ii) Identify potential hazards

iii) Estimate risk levels

iv) Determine if risks are acceptable when the benefits are considered

v) Ascertain if the risks can viably be reduced?

vi) Investigate if, by implementing risk reduction, are there potential new risks introduced?

vii) Confirm the final risks levels? Are they acceptable?


The above will be performed in accordance with a risk management plan and will result in the completion of a risk report. This report will remain a “live” document, continually being updated as new information comes available.

ISO 14971 Information & Training

Medical Device Regulation. Validation. Classification. Risk Identification. Risk Control. …
Information | Understanding | Best Practice >>>

What are the Types of Questions that need to be asked to ascertain risk levels associated with a Medical Device ?


How will the product be used?

Where will the product be used? Will it be implanted?

The extent of patient contact. The duration of contact.

Will energy be applied to the device during use?

Are there cleaning requirements?

Will the device take and record measurements?

Will the device provide or remove fluids from a patient?

Will the device influence a patient’s environment?

Is there controlling software incorporated with the device?

Will the device emit or be susceptible to any form of EMI / radiation?

Etc., …



The Risk Process (ISO 14971) should be based on a defined and documented Risk Management Plan.

The risk plan should reflect the potential risk associated with the development, manufacture and use of the product. The plan should cover the full product life cycle from initial concept, design, development through to patient use and follow-on impacts.  The risk plan should define responsibilities for each of the risk management elements in addition to requiring risk to be considered during the annual or bi-annual management review process.

Risk level acceptability should be pre-determined within the organization to ensure that the risks versus the benefits are clearly understood and accepted by management. The risk “appetite” of the organization needs to be pre-defined and consistently applied to individual products.

The risk plan needs to define how analysis, evaluation, control and monitoring will be performed in addition to ensuring that processes are in place to assure effective feedback from product use.


Medical Device:

Risk Management Full Details

Risk Management: