ISO 14791 Medical Devices Risk Management
This standard details terminology, principles and a process for risk management of medical devices, including software when it is used as a medical device and also in-vitro diagnostic medical devices.
The approach described in this document is written to help the makers of medical devices to identify the hazards involved with the medical device, to assess the associated risks, to control these risks, and to check up on those controls subsequently.
The standard’s requirements apply to each part of the life cycle of a medical device. It specifically relates to risks associated with a medical device, such as those linked to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.
These processes can also be applied to non medical devices in some jurisdictions and circumstances and can also be used by others involved in the medical device life cycle.
This standard requires manufacturers to create objective criteria for risk acceptability but does not specify acceptable risk levels – which is left to the determination and business judgement of the manufacturer.
Risk management should be an integral part of any quality management system. However, this document does not require the manufacturer to have a formal quality management system in place.
Specifically, ISO 14971 is a nine-part standard which first establishes a framework for risk analysis, evaluation, control, and review, and also specifies a procedure for review and monitoring during production and post-production.