The ISO 14791 Medical Devices Risk Management standard details terminology, principles and a process for risk management of medical devices, including software when it is used as a medical device and also in-vitro diagnostic medical devices.

The approach described in this document is written to help the makers of medical devices to identify the hazards involved with the medical device, to assess the associated risks, to control these risks, and to check up on those controls subsequently.

The standard’s requirements apply to each part of the life cycle of a medical device. It specifically relates to risks associated with a medical device, such as those linked to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.

These processes can also be applied to non medical devices in some jurisdictions and circumstances and can also be used by others involved in the medical device life cycle.

This standard requires manufacturers to create objective criteria for risk acceptability but does not specify acceptable risk levels – which is left to the determination and business judgement of the manufacturer.

Risk management should be an integral part of any quality management system. However, this document does not require the manufacturer to have a formal quality management system in place.

Specifically, ISO 14971 is a nine-part standard which first establishes a framework for risk analysis, evaluation, control, and review, and also specifies a procedure for review and monitoring during production and post-production.

Typical sections include:

A) Inherent safety by design

For example:

• Use specific connectors that cannot be connected to the wrong component.
• Remove features that can be mistakenly selected or eliminate an interaction when it could lead to use error.
• Improve the detectability or readability of controls, labels, and displays.
• Automate device functions that are prone to use error when users perform the task manually.

B) Protective measures in the medical device itself or in the manufacturing process

For example:

• Incorporate safety mechanisms such as physical safety guards, shielded elements, or software or hardware interlocks.
• Include warning screens to advise the user of essential conditions that should exist prior to proceeding with device use, such as specific data entry.
• Use alerts for hazardous conditions, such as a “low battery” alert when an unexpected loss of the device’s operation could cause harm or death.
• Use device technologies that require less maintenance or are “maintenance free.”

C) Information for safety

For example:

• Provide written information, such as warning or caution statements in the user manual that highlight and clearly discuss the use-related hazard.
• Train users to avoid user-related errors.