Compliance with ISO 14971:2012 Application of Risk Management to Medical Devices

For medical device managers, it is that time of the year when precautions should be especially considered. Medical products have international standards which must be complied with if these devices are to be internationally used and shipped. Most importantly, understanding and complying with ISO 14971 and its most recent version is necessary, and you must be prepared to lead your team in a risk evaluation that follows these standards. But first, what are the standards of the ISO 14971:2012 exactly, and what is it all about?

ISO 14971:2012

According to, “ISO 14971 is an international standard for the application of risk management, by a manufacturer, to medical devices.” ISO 14971 is a risk management guideline that is meant to reduce patient risk as much as possible. “ISO 14971 is also concerned with the risk to other people, including operators, other equipment and the environment.”

The most current version of this standard is the ISO 14971:12, which took effect on August 30th 2012, meaning it “superseded former harmonized standard EN ISO 14971:2009” (RAPS). Most importantly, it only applies to you if you are manufacturing medical devices that will be placed on the market in Europe.

Risk Management Standards of ISO 14971:2012

For many types of risk management standards, there is a three region approach:

  • Unacceptable risk
  • Investigate further risk reduction
  • Insignificant risk

With the standards put forth by ISO 14971:2012, this is not the most acceptable approach to risk management, especially if you are going to be manufacturing devices for the European market. Under this standard, insignificant risks can still be discarded but “the directives require that all risks, regardless of their dimension, need to be reduced as much as possible.” This means that, when the possible risks associated with a certain device are evaluated and managed, they must be shown to have been reduced as much as feasibly possible or they will not meet the ISO 14971 standards.

Also, it is important to remember that not only are the risks presented to the patient a factor, but any risk associated with any individual as well as those presented to other devices and to the environment as a whole must be evaluated and diminished as much as possible. These are some of the reasons why many manufacturers have had issues complying with the standards of the current version of ISO 14971, but there are ways to streamline the process and make sure that your company and device apply to these standards.

How to Comply

When considering risk management, there are a few ways you can comply more easily with ISO 14971:2012 standards. Reducing all risk is naturally the most important. This means reducing every possible risk and even those which are insignificant compared to the benefit of the device itself. You wouldn’t want to find out that your device does not comply well enough with ISO 14971 standards based on a negligible risk that could have been avoided.

All risk must be evaluated with enough time and work in order to be cut down as much as feasibly possible. This means that all possible options to control risk should be applied to the product unless safety is jeopardized by some specific option.

Any and all possible users must be informed about the remaining risks, which means that warnings should be applied and that these risks should still be reviewed afterwards in order to be sure that there are no further actions which can be taken. If you follow these steps and make sure that your device’s risks have been managed and reduced as much as possible, ISO 14971 should be more easily met.

According to RAPS, “It is imperative for medical device manufacturers to understand what these content differences are in order to establish compliance with the harmonized standard and the applicable product directives.” If you remember to reduce risk as much as possible, your compliance with ISO 14971:2012 will be much easier and more practicable.