iTeh Standards logo
EURUSD
Your shopping cart is empty.
IEC

ISO TR 24971:2013

(Main)

Medical devices -- Guidance on the application of ISO 14971

Medical devices -- Guidance on the application of ISO 14971

ISO TR 24971:2013 provides guidance in addressing specific areas of ISO 14971 when implementing risk management. This guidance is intended to assist manufacturers and other users of the standard to understand the role of international product safety and process standards in risk management, develop the policy for determining the criteria for risk acceptability, incorporate production and post-production feedback loop into risk management, differentiate between "information for safety" and "disclosure of residual risk", and evaluate overall residual risk.

General Information

Status
Published
Publication Date
18-Jun-2013
ICS
11.040.01 - Medical equipment in general
29.035.50 - Mica based materials
Technical Committee
SC 62A - Common aspects of medical equipment, software, and systems
Drafting Committee
JWG 1 - TC 62/SC 62A/JWG 1
Current Stage
DELPUB - Deleted Publication
Start Date
19-Jun-2020
Completion Date
24-Nov-2017
Ref Project

Relations

Revised
ISO TR 24971:2020 - Medical devices - Guidance on the application of ISO 14971
Effective Date
05-Sep-2023
ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971
PreviousNext
Technical report
ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971
English language
12 pages
sale 15% off
Preview
sale 15% off
Preview
ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971 Released:6/19/2013ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971 Released:6/19/2013
PreviousNext
Technical report
ISO TR 24971:2013 - Medical devices -- Guidance on the application of ISO 14971 Released:6/19/2013
English language
12 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/TR
REPORT 24971
First edition
2013-07-01
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Directives relatives à l’ISO 14971
Reference number
ISO/TR 24971:2013(E)
©
ISO 2013
ISO/TR 24971:2013(E)
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 The role of international product safety and process standards in risk management .1
2.1 Overview . 1
2.2 Use of international product safety standards in risk management . 2
2.3 International process standards and ISO 14971 . 4
3 Developing the policy for determining the criteria for risk acceptability .6
4 Production and post-production feedback loop . 6
4.1 Overview . 6
4.2 Observation and transmission . 7
4.3 Assessment . 9
4.4 Action . 9
5 Differentiation of information for safety and disclosure of residual risk .10
5.1 Difference between “information for safety” and “disclosure of residual risk” .10
5.2 Information for safety .10
5.3 Disclosure of residual risk .10
6 Evaluation of overall residual risk .11
6.1 Overview .11
6.2 Inputs and other considerations for overall residual risk evaluation .11
ISO/TR 24971:2013(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
ISO/TR 24971 was prepared jointly by Technical Committee ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and Technical Committee IEC/SC 62A, Common aspects
of electrical equipment used in medical practice. The draft was circulated for voting to the national bodies
of both ISO and IEC.
iv © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
Introduction
Experience indicates that manufacturers have difficulty with practical implementation of some clauses
of the risk management International Standard, ISO 14971:2007, Medical devices — Application of risk
management to medical devices. This Technical Report provides guidance to assist in the development,
implementation and maintenance of risk management for medical devices that aim to meet the
requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety
of medical devices. These medical devices include active, non-active, implantable, and non-implantable
medical devices and in vitro diagnostic medical devices.
This Technical Report is not intended to be an overall guidance document on the implementation of
ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of
ISO 14971 related to the following areas.
— Guidance on the role of international product safety and process standards in risk management
— Guidance on developing the policy for determining the criteria for risk acceptability
— Guidance on how the production and post-production feedback loop can work
— Guidance on the differentiation of information for safety as a risk control measure and disclosure of
residual risk
— Guidance on the evaluation of overall residual risk
This Technical Report provides some approaches that an organization can use to implement and maintain
some aspects of a risk management system that conforms to ISO 14971. Alternative approaches can be
used if these satisfy the requirements of ISO 14971.
When judging the applicability of the guidance in this Technical Report, one should consider the nature
of the medical device(s) to which it will apply, the risks associated with the use of these medical devices,
and the applicable regulatory requirements.
TECHNICAL REPORT ISO/TR 24971:2013(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope
This Technical Report provides guidance in addressing specific areas of ISO 14971 when implementing
risk management.
The guidance is intended to assist manufacturers and other users of the standard to:
— understand the role of international product safety and process standards in risk management;
— develop the policy for determining the criteria for risk acceptability;
— incorporate production and post-production feedback loop into risk management;
— differentiate between “information for safety” and “disclosure of residual risk”; and
— evaluate overall residual risk.
2 The role of international product safety and process standards in risk manage-
ment
2.1 Overview
International product safety and process standards play a significant role in risk management as
described by ISO 14971. In principle, these standards are developed using a type of risk management
that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,
and specifying risk control measures. More information on a process for developing medical device
standards using a type of risk management can be found in documents such as ISO/IEC Guide 51 and
ISO/IEC Guide 63. International product safety and process standards are developed by experts in the
field and represent the generally accepted state of the art (see D.4 of ISO 14971:2007).
These standards can have an important role in risk management. When performing risk management,
the manufacturer first needs to consider the medical device being designed, its intended use and the
hazards/hazardous situations related to it. Manufacturers can, if they choose, identify standard(s) that
contain specific requirements that help manage the risks related to those hazards/hazardous situations.
For medical devices that satisfy the requirements and compliance criteria of these standards, the
residual risks related to those hazards/hazardous situations can be considered acceptable unless there
is objective evidence to the contrary. Some potential sources of objective evidence to the contrary can
include reports of adverse events, product recalls and complaints. The requirements of International
Standards, such as engineering or analytical processes, specific output limits, warning statements, or
design specifications, can be considered risk control measures established by the standards writers
that are intended to address the risks of specific hazardous situations that have been identified and
evaluated as needing risk control.
In many cases, the standards writers have taken on and completed elements of risk management
and provided manufacturers with answers in the form of design requirements and test methods for
establishing conformity. When performing risk management activities, manufacturers can take
advantage of the work of the standards writers and need not repeat the analyses leading to the
requirements of the standard. International standards, therefore, provide valuable information on risk
acceptability that has been validated during a worldwide evaluation process, including multiple rounds
of review, comment, and voting.
ISO/TR 24971:2013(E)
2.2 Use of international product safety standards in risk management
An international product safety standard can establish requirements that, when implemented, result in
acceptable risk for specific hazardous situations (e.g. safety limits). The manufacturer can apply these
requirements in the following way when managing risk.
a) Where an international product safety standard specifies technical requirements addressing
particular hazards or hazardous situations, together with specific acceptance criteria, compliance
with those requirements is presumed to establish that the residual risks have been reduced to
acceptable levels unless there is objective evidence to the contrary. For example, in IEC 60601-1,
Medical electrical equipment — Part 1: General requirements for basic safety and essential performance,
leakage current must be controlled to achieve an acceptable level of risk. IEC 60601-1 provides
leakage current limits that are considered to result in an acceptable level of risk when measured
under the conditions stated in 8.7 of IEC 60601-1:2005. For this example, further risk management
would not be necessary. The following steps need to be taken in this case.
1) Implement 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and
identify hazards and hazardous situations associated with the device as completely as possible.
2) Identify those hazards and hazardous situations relevant to the particular medical device that
are exactly covered by the international product safety standard.
3) For those identified hazards and hazardous situations exactly covered by the international
product safety standard, the manufacturer may choose not to estimate (4.4 of ISO 14971:2007) or
evaluate (Clause 5 of ISO 14971:2007) the risks so identified but rather rely on the requirements
contained in the international standard to demonstrate the completion of risk estimation and
risk evaluation.
4) To the extent possible, the manufacturer should identify the design specifications that satisfy
the requirements in the standard and serve as risk control measures (6.2 of ISO 14971:2007).
NOTE For some international product safety standards, the possibility of identifying all the specific risk
control measures is limited. One example is electromagnetic compatibility testing in IEC 60601–1-2, Medical
electrical equipment — Part 1-2: General requirements for basic safety and essential performance — Collateral
standard: Electromagnetic compatibility — Requirements and tests, for complex medical devices.
5) Verification of the implementation of the risk control measures for these hazardous situations
is obtained from the design documents. Verification of the effectiveness of the risk control
measures is obtained from the tests and test results demonstrating that the device meets the
relevant requirements of the international product safety standard.
6) If the relevant requirements are met, the associated residual risk is considered acceptable.
b) Where an international product safety standard does not completely specify technical requirements
and associated tests and test acceptance criteria, the situation is more complex. In some cases, the
standard directs the manufacturer to perform specific tests related to known hazards or hazardous
situations but does not provide specific test acceptance criteria (e.g. IEC 60601-2-16, Medical
electrical equipment — Part 2-16: Particular requirements for basic safety and essential performance of
haemodialysis, haemodiafiltration and haemofiltration equipment). In some other cases, the standard
can simply direct the manufacturer to investigate specific hazards or hazardous situations in
their risk analysis (e.g. 10.2 of IEC 60601-1:2005). The range of alternatives is too large to provide
specific guidance on how to use such standards in the risk management process. Manufacturers
are encouraged, however, to use the content of such standards in their risk management of the
particular medical device.
c) For hazards or hazardous situations that are identified for the particular medical device but are
not specifically addressed in any standard, the manufacturer needs to address those hazards or
hazardous situations in the risk management process. The manufacturer is required to estimate
and evaluate the risks and, if necessary, control these risks (see 4.4 and Clauses 5 and 6 of
ISO 14971:2007).
2 © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
See Figure 1 for a flowchart and an example outlining the use of international product safety standards.
Identify Hazards/Hazardous situations Hazardous situation identi€ied: patient (and medical device)
(H/HS)
needs to be transfered from one room to another; if put in
(4.3 of ISO 14971:2007).
transport position, equipment overbalances and patient falls
2 c) Input the identi€ied Are the H/HS
hazards and hazardous addressed in international
No Yes: IEC 60601-1:2005, Subclause 9.4.2.1
situations into the risk product safety
management process. standard(s)?
Yes
2 b) Use the identi€ied hazards,
hazardous situations, test How is it
methods, or other relevant 2 b) addressed? Choose between 2 a)
information in the risk 2 a) and 2 b).
management process.
2 a)
Yes: there is a speci€ied requirement:
2 a): International product
The equipment shall not overbalance when placed in any
safety standard speci€ies
transport position of normal use on a plane inclined at an angle
requirements and provides
of 10° from the horizontal plane, and speci€ic acceptance criteria
speci€ic test acceptance
(de€ined test). If the equipment overbalances, it does not comply
criteria.
with the requirement.
Use the identi€ied hazards,
Do
hazardous situations, test
requirement(s) fully match Yes, equipment is transportable, and it can be transported with
methods, or other relevant No
the design including the patient on it to accommodate patient transfers.
information in the risk
intended use?
management process.
Yes
No need to estimate (4.4) Risk is not estimated nor evaluated prior to implementation of
or evaluate risk (5) risk control measure.
Identify the design
speci€ications that achieve
Identi€ied in the risk management €ile
the requirement in the
standard (6.2).
Verify the effectiveness Test performed: equipment placed on a plane inclined at an
(6.3) by performing test(s) angle 10º from the horizontal plane. Result: medical device does
according to the standard. not overbalance
If the test is passed,
related residual risks Medical device does not overbalance, so the related residual risk
are considered is considered acceptable.
acceptable (6.4).
Figure 1 — Use of international product safety standards and example of such standard that
specifies requirements and provides specific test acceptance criteria
ISO/TR 24971:2013(E)
2.3 International process standards and ISO 14971
International process standards, as shown in the examples below, can often be used in conjunction with
ISO 14971. This is performed in one of two ways:
— The international process standard requires application of ISO 14971 as part of the implementation
of the international process standard, e.g. IEC 62304 on software life cycle processes; or
— The international process standard is intended to be used in risk management, e.g. IEC 62366 on
usability engineering and the ISO 10993 series on biological evaluation.
In either case, proper use of the international process standard requires attention to the interfaces
between that standard and ISO 14971 in order to achieve acceptable levels of risk for the medical device.
The two standards should work together such that inputs, outputs and their timing are optimized. Three
examples are given below to demonstrate this ideal situation.
a) IEC 62304, Medical device software — Software life cycle processes
The relationship between IEC 62304 and ISO 14971 is well-described in the introduction to IEC 62304:
As a basic foundation it is assumed that medical device software is developed and maintained
within a quality management system (see 4.1 of IEC 62304:2006) and a risk management process
(see 4.2 of IEC 62304:2006). The risk management process is already very well addressed by the
International Standard ISO 14971. Therefore IEC 62304 makes use of this advantage simply by a
normative reference to ISO 14971. Some minor additional risk management requirements are
needed for software, especially in the area of identification of contributing software factors related
to hazards. These requirements are summarized and captured in Clause 7 of IEC 62304:2006 as
the software risk management process.
Whether software is a contributing factor to a hazard is determined during the hazard identification
activity of the risk management process. hazards that could be indirectly caused by software
(for example, by providing misleading information that could cause inappropriate treatment to be
administered) need to be considered when determining whether software is a contributing factor.
The decision to use software to control risk is made during the risk control activity of the risk
management process. The software risk management process required in this standard has to
be embedded in the device risk management process according to ISO 14971.
IEC 62304 makes a normative reference to ISO 14971 and specifically requires:
— software development planning (5.1 of IEC 62304:2006) that is consistent with the risk
management plan required by ISO 14971; and
— a software risk management process (Clause 7 of IEC 62304:2006) based upon ISO 14971.
b) IEC 62366, Medical devices — Application of usability engineering to medical devices
The flow diagram in Figure A.1 of IEC 62366:2007 demonstrates the relationship and interconnection
of the two parallel and interconnecting processes. In addition to making a normative reference to
ISO 14971, IEC 62366:2007 identifies three specific clauses where the usability engineering process
can supplement and interact with risk management as described in ISO 14971:
— 5.3.1 of IEC 62366:2007 requires: “An identification of characteristics related to safety (part of
a risk analysis) that focuses on usability shall be performed according to ISO 14971:2007, 4.2.”
— 5.3.2 of IEC 62366:2007 requires: “The manufacturer shall identify known or foreseeable
hazards (part of a risk analysis) related to usability according to ISO 14971:2007, 4.3.”
— 5.9 of IEC 62366:2007 on Usability Validation makes several references to activities that would
be undertaken as part of risk management.
4 © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
c) ISO 10993 (all parts), Biological evaluation of medical devices
The introduction to ISO 10993-1 states that ISO 10993-1 is intended to be a guidance document
for the biological evaluation of medical devices within risk management, as part of the overall
evaluation and development of each device.
Annex B of ISO 10993-1:2009 applies ISO 14971 to provide guidance on the risk management approach
for identification of biological hazards associated with medical devices, estimation and evaluation of
the risks, control of the risks, and monitoring the effectiveness of the risk control measures.
This approach combines the review and evaluation of existing data from all sources, with the
selection and application of additional tests (where necessary), thus enabling a full evaluation to be
made of the biological responses to each medical device, relevant to its safety in use.
ISO 10993-1:2009 aligns itself explicitly within risk management as described in ISO 14971.
The biological evaluation should be conducted in a manner similar to that used for other product
risks, and should include:
— Risk analysis (What are the hazards and associated risks?)
— Risk evaluation (Are they acceptable?)
— Risk control (How will they be controlled?)
— Overall residual risk/benefit evaluation
Following the processes defined in ISO 14971, if the overall residual risk evaluation concludes from
existing data that t
...


TECHNICAL ISO/TR
REPORT 24971
First edition
2013-07-01
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Directives relatives à l’ISO 14971

Reference number
ISO/TR 24971:2013(E)
©
ISO 2013
ISO/TR 24971:2013(E)
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
Contents Page
Foreword .iv

Introduction .v

1 Scope . 1

2 The role of international product safety and process standards in risk management .1

2.1 Overview . 1

2.2 Use of international product safety standards in risk management . 2

2.3 International process standards and ISO 14971 . 4

3 Developing the policy for determining the criteria for risk acceptability .6
4 Production and post-production feedback loop . 6
4.1 Overview . 6
4.2 Observation and transmission . 7
4.3 Assessment . 9
4.4 Action . 9
5 Differentiation of information for safety and disclosure of residual risk .10
5.1 Difference between “information for safety” and “disclosure of residual risk” .10
5.2 Information for safety .10
5.3 Disclosure of residual risk .10
6 Evaluation of overall residual risk .11
6.1 Overview .11
6.2 Inputs and other considerations for overall residual risk evaluation .11

ISO/TR 24971:2013(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International
orga nizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
ISO/TR 24971 was prepared jointly by Technical Committee ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and Technical Committee IEC/SC 62A, Common aspects
of electrical equipment used in medical practice. The draft was circulated for voting to the national bodies
of both ISO and IEC.
iv © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
Introduction
Experience indicates that manufacturers have difficulty with practical implementation of some clauses

of the risk management International Standard, ISO 14971:2007, Medical devices — Application of risk

management to medical devices. This Technical Report provides guidance to assist in the development,

implementation and maintenance of risk management for medical devices that aim to meet the
requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety
of medical devices. These medical devices include active, non-active, implantable, and non-implantable
medical devices and in vitro diagnostic medical devices.

This Technical Report is not intended to be an overall guidance document on the implementation of

ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of
ISO 14971 related to the following areas.
— Guidance on the role of international product safety and process standards in risk management
— Guidance on developing the policy for determining the criteria for risk acceptability
— Guidance on how the production and post-production feedback loop can work
— Guidance on the differentiation of information for safety as a risk control measure and disclosure of
residual risk
— Guidance on the evaluation of overall residual risk
This Technical Report provides some approaches that an organization can use to implement and maintain
some aspects of a risk management system that conforms to ISO 14971. Alternative approaches can be
used if these satisfy the requirements of ISO 14971.
When judging the applicability of the guidance in this Technical Report, one should consider the nature
of the medical device(s) to which it will apply, the risks associated with the use of these medical devices,
and the applicable regulatory requirements.

TECHNICAL REPORT ISO/TR 24971:2013(E)

Medical devices — Guidance on the application of ISO 14971

1 Scope
This Technical Report provides guidance in addressing specific areas of ISO 14971 when implementing

risk management.
The guidance is intended to assist manufacturers and other users of the standard to:

— understand the role of international product safety and process standards in risk management;
— develop the policy for determining the criteria for risk acceptability;
— incorporate production and post-production feedback loop into risk management;
— differentiate between “information for safety” and “disclosure of residual risk”; and
— evaluate overall residual risk.
2 The role of international product safety and process standards in risk manage-
ment
2.1 Overview
International product safety and process standards play a significant role in risk management as
described by ISO 14971. In principle, these standards are developed using a type of risk management
that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,
and specifying risk control measures. More information on a process for developing medical device
standards using a type of risk management can be found in documents such as ISO/IEC Guide 51 and
ISO/IEC Guide 63. International product safety and process standards are developed by experts in the
field and represent the generally accepted state of the art (see D.4 of ISO 14971:2007).
These standards can have an important role in risk management. When performing risk management,
the manufacturer first needs to consider the medical device being designed, its intended use and the
hazards/hazardous situations related to it. Manufacturers can, if they choose, identify standard(s) that
contain specific requirements that help manage the risks related to those hazards/hazardous situations.
For medical devices that satisfy the requirements and compliance criteria of these standards, the
residual risks related to those hazards/hazardous situations can be considered acceptable unless there

is objective evidence to the contrary. Some potential sources of objective evidence to the contrary can
include reports of adverse events, product recalls and complaints. The requirements of International
Standards, such as engineering or analytical processes, specific output limits, warning statements, or
design specifications, can be considered risk control measures established by the standards writers
that are intended to address the risks of specific hazardous situations that have been identified and
evaluated as needing risk control.
In many cases, the standards writers have taken on and completed elements of risk management
and provided manufacturers with answers in the form of design requirements and test methods for
establishing conformity. When performing risk management activities, manufacturers can take
advantage of the work of the standards writers and need not repeat the analyses leading to the
requirements of the standard. International standards, therefore, provide valuable information on risk
acceptability that has been validated during a worldwide evaluation process, including multiple rounds
of review, comment, and voting.
ISO/TR 24971:2013(E)
2.2 Use of international product safety standards in risk management

An international product safety standard can establish requirements that, when implemented, result in

acceptable risk for specific hazardous situations (e.g. safety limits). The manufacturer can apply these

requirements in the following way when managing risk.

a) Where an international product safety standard specifies technical requirements addressing
particular hazards or hazardous situations, together with specific acceptance criteria, compliance

with those requirements is presumed to establish that the residual risks have been reduced to

acceptable levels unless there is objective evidence to the contrary. For example, in IEC 60601-1,

Medical electrical equipment — Part 1: General requirements for basic safety and essential performance,

leakage current must be controlled to achieve an acceptable level of risk. IEC 60601-1 provides

leakage current limits that are considered to result in an acceptable level of risk when measured
under the conditions stated in 8.7 of IEC 60601-1:2005. For this example, further risk management
would not be necessary. The following steps need to be taken in this case.
1) Implement 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and
identify hazards and hazardous situations associated with the device as completely as possible.
2) Identify those hazards and hazardous situations relevant to the particular medical device that
are exactly covered by the international product safety standard.
3) For those identified hazards and hazardous situations exactly covered by the international
product safety standard, the manufacturer may choose not to estimate (4.4 of ISO 14971:2007) or
evaluate (Clause 5 of ISO 14971:2007) the risks so identified but rather rely on the requirements
contained in the international standard to demonstrate the completion of risk estimation and
risk evaluation.
4) To the extent possible, the manufacturer should identify the design specifications that satisfy
the requirements in the standard and serve as risk control measures (6.2 of ISO 14971:2007).
NOTE For some international product safety standards, the possibility of identifying all the specific risk
control measures is limited. One example is electromagnetic compatibility testing in IEC 60601–1-2, Medical
electrical equipment — Part 1-2: General requirements for basic safety and essential performance — Collateral
standard: Electromagnetic compatibility — Requirements and tests, for complex medical devices.
5) Verification of the implementation of the risk control measures for these hazardous situations
is obtained from the design documents. Verification of the effectiveness of the risk control
measures is obtained from the tests and test results demonstrating that the device meets the
relevant requirements of the international product safety standard.
6) If the relevant requirements are met, the associated residual risk is considered acceptable.
b) Where an international product safety standard does not completely specify technical requirements
and associated tests and test acceptance criteria, the situation is more complex. In some cases, the
standard directs the manufacturer to perform specific tests related to known hazards or hazardous
situations but does not provide specific test acceptance criteria (e.g. IEC 60601-2-16, Medical
electrical equipment — Part 2-16: Particular requirements for basic safety and essential performance of
haemodialysis, haemodiafiltration and haemofiltration equipment). In some other cases, the standard
can simply direct the manufacturer to investigate specific hazards or hazardous situations in
their risk analysis (e.g. 10.2 of IEC 60601-1:2005). The range of alternatives is too large to provide
specific guidance on how to use such standards in the risk management process. Manufacturers
are encouraged, however, to use the content of such standards in their risk management of the
particular medical device.
c) For hazards or hazardous situations that are identified for the particular medical device but are
not specifically addressed in any standard, the manufacturer needs to address those hazards or
hazardous situations in the risk management process. The manufacturer is required to estimate
and evaluate the risks and, if necessary, control these risks (see 4.4 and Clauses 5 and 6 of
ISO 14971:2007).
2 © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
See Figure 1 for a flowchart and an example outlining the use of international product safety standards.

Identify Hazards/Hazardous situations Hazardous situation identi€ied: patient (and medical device)

(H/HS)
needs to be transfered from one room to another; if put in
(4.3 of ISO 14971:2007).
transport position, equipment overbalances and patient falls

2 c) Input the identi€ied Are the H/HS

hazards and hazardous addressed in international
No Yes: IEC 60601-1:2005, Subclause 9.4.2.1
situations into the risk product safety

management process. standard(s)?

Yes
2 b) Use the identi€ied hazards,
hazardous situations, test How is it
methods, or other relevant 2 b) addressed? Choose between 2 a)
information in the risk 2 a) and 2 b).
management process.
2 a)
Yes: there is a speci€ied requirement:
2 a): International product
The equipment shall not overbalance when placed in any
safety standard speci€ies
transport position of normal use on a plane inclined at an angle
requirements and provides
of 10° from the horizontal plane, and speci€ic acceptance criteria
speci€ic test acceptance
(de€ined test). If the equipment overbalances, it does not comply
criteria.
with the requirement.
Use the identi€ied hazards,
Do
hazardous situations, test
requirement(s) fully match Yes, equipment is transportable, and it can be transported with
methods, or other relevant No
the design including the patient on it to accommodate patient transfers.
information in the risk
intended use?
management process.
Yes
No need to estimate (4.4) Risk is not estimated nor evaluated prior to implementation of
or evaluate risk (5) risk control measure.
Identify the design
speci€ications that achieve
Identi€ied in the risk management €ile
the requirement in the
standard (6.2).
Verify the effectiveness Test performed: equipment placed on a plane inclined at an
(6.3) by performing test(s) angle 10º from the horizontal plane. Result: medical device does
according to the standard. not overbalance
If the test is passed,
related residual risks Medical device does not overbalance, so the related residual risk
are considered is considered acceptable.
acceptable (6.4).
Figure 1 — Use of international product safety standards and example of such standard that
specifies requirements and provides specific test acceptance criteria
ISO/TR 24971:2013(E)
2.3 International process standards and ISO 14971

International process standards, as shown in the examples below, can often be used in conjunction with

ISO 14971. This is performed in one of two ways:

— The international process standard requires application of ISO 14971 as part of the implementation
of the international process standard, e.g. IEC 62304 on software life cycle processes; or

— The international process standard is intended to be used in risk management, e.g. IEC 62366 on

usability engineering and the ISO 10993 series on biological evaluation.

In either case, proper use of the international process standard requires attention to the interfaces

between that standard and ISO 14971 in order to achieve acceptable levels of risk for the medical device.
The two standards should work together such that inputs, outputs and their timing are optimized. Three
examples are given below to demonstrate this ideal situation.
a) IEC 62304, Medical device software — Software life cycle processes
The relationship between IEC 62304 and ISO 14971 is well-described in the introduction to IEC 62304:
As a basic foundation it is assumed that medical device software is developed and maintained
within a quality management system (see 4.1 of IEC 62304:2006) and a risk management process
(see 4.2 of IEC 62304:2006). The risk management process is already very well addressed by the
International Standard ISO 14971. Therefore IEC 62304 makes use of this advantage simply by a
normative reference to ISO 14971. Some minor additional risk management requirements are
needed for software, especially in the area of identification of contributing software factors related
to hazards. These requirements are summarized and captured in Clause 7 of IEC 62304:2006 as
the software risk management process.
Whether software is a contributing factor to a hazard is determined during the hazard identification
activity of the risk management process. hazards that could be indirectly caused by software
(for example, by providing misleading information that could cause inappropriate treatment to be
administered) need to be considered when determining whether software is a contributing factor.
The decision to use software to control risk is made during the risk control activity of the risk
management process. The software risk management process required in this standard has to
be embedded in the device risk management process according to ISO 14971.
IEC 62304 makes a normative reference to ISO 14971 and specifically requires:
— software development planning (5.1 of IEC 62304:2006) that is consistent with the risk
management plan required by ISO 14971; and
— a software risk management process (Clause 7 of IEC 62304:2006) based upon ISO 14971.
b) IEC 62366, Medical devices — Application of usability engineering to medical devices

The flow diagram in Figure A.1 of IEC 62366:2007 demonstrates the relationship and interconnection
of the two parallel and interconnecting processes. In addition to making a normative reference to
ISO 14971, IEC 62366:2007 identifies three specific clauses where the usability engineering process
can supplement and interact with risk management as described in ISO 14971:
— 5.3.1 of IEC 62366:2007 requires: “An identification of characteristics related to safety (part of
a risk analysis) that focuses on usability shall be performed according to ISO 14971:2007, 4.2.”
— 5.3.2 of IEC 62366:2007 requires: “The manufacturer shall identify known or foreseeable
hazards (part of a risk analysis) related to usability according to ISO 14971:2007, 4.3.”
— 5.9 of IEC 62366:2007 on Usability Validation makes several references to activities that would
be undertaken as part of risk management.
4 © ISO 2013 – All rights reserved

ISO/TR 24971:2013(E)
c) ISO 10993 (all parts), Biological evaluation of medical devices

The introduction to ISO 10993-1 states that ISO 10993-1 is intended to be a guidance document

for the biological evaluation of medical devices within risk management, as part of the overall

evaluation and development of each device.

Annex B of ISO 10993-1:2009 applies ISO 14971 to provide guidance on the risk management approach

for identification of biological hazards associated with medical devices, estimation and evaluation of

the risks, control of the risks, and monitoring the effectiveness of the risk control measures.

This approach combines the review and evaluation of existing data from all sources, with the

selection and application of additional tests (where necessary), thus enabling a full evaluation to be

made of the biological responses to each medical device, relevant to its safety in use.
ISO 10993-1:2009 aligns itself explicitly within risk management as described in ISO 14971.
The biological evaluation should be conducted in a manner similar to that used for other product
risks, and should include:
— Risk analysis (What are the hazards and associated risks?)
— Risk evaluation (Are they acceptable?)
— Risk control (How will they be controlled?)
— Overall residual risk/benefit evaluation
Following the processes defined in ISO 14971, if the overall residual risk evaluation concludes f
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

IEC
IEC 62541-100:2025(Main)
OPC unified architecture - Part 100: Devices

IEC 62541-100:2025 defines the information model associated with Devices. This document describes three models which build upon each other as follows:
• The (base) Device Model is intended to provide a unified view of devices and their hardware and software parts irrespective of the underlying device protocols.
• The Device Communication Model adds Network and Connection information elements so that communication topologies can be created.
• The Device Integration Host Model finally adds additional elements and rules required for host systems to manage integration for a complete system. It enables reflecting the topology of the automation system with the devices as well as the connecting communication networks.
This document also defines AddIns that can be used for the models in this document but also for models in other information models. They are:
• Locking model – a generic AddIn to control concurrent access,
• Software update model – an AddIn to manage software in a Device.
This second edition cancels and replaces the first edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a a ComponentType that can be used to model any HW or SW element of a device has been defined and a SoftwareType has been added as subtype of ComponentType;
b the new OPC UA interface concept and defined interfaces for Nameplate, DeviceHealth, and SupportInfo has been added.
c) a new model for Software Update (Firmware Update) has been added;
d) a new entry point for documents where each document is represented by a FileType instance has been specified;
e) a model that provides information about the lifetime, related limits and semantic of the lifetime of things like tools, material or machines has been added.

  • Standard
    152 pages
    English language
    sale 15% off
  • Standard
    158 pages
    French language
    sale 15% off
  • Standard
    310 pages
    English and French language
    sale 15% off
IEC
IEC TR 61169-1-8:2025(Main)
Radio-frequency connectors - Part 1-8: Electrical test methods - Voltage standing wave ratio for a single connector by double connector method

IEC TR 61169-1-8:2025 provides a test method for voltage standing wave ratio (VSWR, hereinafter) of single RF connector by double-connector method. This document is applicable to single RF cable connectors and single microstrip RF connectors as well as single adapters if an estimation of the VSWR of a single completely installed RF-connector is used and a time domain feature is not available on the vector network analyzer.

  • Technical report
    18 pages
    English language
    sale 15% off
IEC
IEC 61757-1-4:2025(Main)
Fibre optic sensors - Part 1-4: Strain measurement - Distributed sensing based on Rayleigh scattering

IEC 61757-1-4:2025 defines the terminology, structure, and measurement methods of distributed fibre optic sensors for absolute strain measurements based on spectral correlation analysis of Rayleigh backscattering signatures in single-mode fibres, where the fibre is the distributed strain measurement element in a measurement range from about 10 m to tens of km. This document also applies to hybrid sensor systems that combine the advantages of Brillouin and Rayleigh backscattering effects to obtain optimal measurement quality. This document also specifies the most important features and performance parameters of these distributed fibre optic strain sensors defines procedures for measuring these features and parameters. This part of IEC 61757 does not apply to point measurements or to dynamic strain measurements. Distributed strain measurements using Brillouin scattering in single-mode fibres are covered in IEC 61757-1-2. The most relevant applications of this strain measurement technique are listed in Annex A, while Annex B provides a short description of the underlying measurement principle.

  • Standard
    27 pages
    English language
    sale 15% off
  • Standard
    29 pages
    French language
    sale 15% off
  • Standard
    56 pages
    English and French language
    sale 15% off
IEC
IEC 62541-13:2025(Main)
OPC Unified Architecture - Part 13: Aggregates

IEC 62541-13:2025 is available as IEC 62541-13:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-13:2025 defines the information model associated with Aggregates. Programmatically produced aggregate examples are listed in Annex A. This third edition cancels and replaces the second edition published in 2020. This edition constitutes a technical revision.
This edition includes the following technical changes with respect to the previous edition:
a) Multiple fixes for the computation of aggregates
• The Raw status bit is always set for non-bad StatusCodes for the Start and End aggregates.
• Entries in the Interpolative examples Tables A2.2 Historian1, Historian2, and Historian3 have been changed from Good to Good, Raw status codes when the timestamp matches with the timestamp of the data source.
• Missing tables have been added for DurationInStateZero and DurationInStateNonZero.
• The value of zero has been removed for results with a StatusCode of bad.
• Data Type was listed as "Status Code" when it is "Double" for both Standard Deviation and both Variance Aggregates.
• Rounding Error in TimeAverage and TimeAverage2 have been corrected.
• The status codes have been corrected for the last two intervals and the value has been corrected in the last interval.
• The wording has been changed to be more consistent with the certification testing tool.
• UsedSlopedExtrapolation set to true for Historian2 and all examples locations needed new values or status' are modified.
• Values affected by percent good and percent bad have been updated.
• PercentGood/PercentBad are now accounted for in the calculation.
• TimeAverage uses SlopedInterpolation but the Time aggregate is incorrectly allowed to used Stepped Interpolation.
• Partial bit is now correctly calculated.
• Unclear sentence was removed.
• Examples have been moved to a CSV.
• The value and status code for Historian 3 have been updated.
• TimeAverage2 Historian1 now takes uncertain regions into account when calculating StatusCodes.
• TimeAverage2 Historian2 now takes uncertain regions into account when calculating StatusCodes.
• Total2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• Total2 Historian2 now takes uncertain regions into account when calculating StatusCodes
• Maximum2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• MaximumActualTime2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• Minimum2 Historian1 now takes uncertain regions into account when calculating StatusCodes
• MinimumActualTime2 Historian1 now has the StatusCodes calculated while using the TreatUncertainAsBad flag.
• Range2 Historian1 now looks at TreatUncertainAsBad in the calculation of the StatusCodes.
• Clarifications have been made to the text defining how PercentGood/PercentBad are used. The table values and StatusCodes of the TimeAverage2 and Total2 aggregates have been corrected.

  • Standard
    64 pages
    English language
    sale 15% off
  • Standard
    64 pages
    French language
    sale 15% off
  • Standard
    128 pages
    English and French language
    sale 15% off
IEC
IEC 62541-7:2025(Main)
OPC Unified Architecture - Part 7: Profiles

IEC 62541-7: 2025 specifies value and structure of Profiles in the OPC Unified Architecture.
OPC UA Profiles are used to segregate features with regard to testing of OPC UA products and the nature of the testing. The scope of this document includes defining functionality that can only be tested. The definition of actual TestCases is not within the scope of this document, but the general categories of TestCases are covered by this document.
Most OPC UA applications will conform to several, but not all of the Profiles.
This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) Profiles and ConformanceUnits are not part of this document, but are solely managed in a public database as described in Clause 1.

  • Standard
    160 pages
    English language
    sale 15% off
  • Standard
    173 pages
    French language
    sale 15% off
  • Standard
    333 pages
    English and French language
    sale 15% off
IEC
IEC TS 62607-6-27:2025(Main)
Nanomanufacturing - Key control characteristics - Part 6-27: Graphene-related products - Field-effect mobility for layers of two-dimensional materials: field-effect transistor method

IEC TS 62607-6-27:2025, which is a Technical Specification, establishes a standardized method to determine the key control characteristic
• field-effect mobility
for semiconducting two-dimensional (2D) materials by the
• field-effect transistor (FET) method.
For two-dimensional semiconducting materials, the field-effect mobility is determined by fabricating a FET test structure and measuring the transconductance in a four-terminal configuration.
- This method can be applied to layers of semiconducting two-dimensional materials, such as graphene, black phosphorus (BP), molybdenum disulfide (MoS₂), molybdenum ditelluride (MoTe₂), tungsten disulfide (WS₂), and tungsten diselenide (WSe₂).
- The four-terminal configuration improves accuracy by eliminating parasitic effects from the probe contacts and cables

  • Technical specification
    19 pages
    English language
    sale 15% off
IEC
IEC 62541-4:2025(Main)
OPC unified architecture - Part 4: Services

IEC 62541-4:2025 is available as IEC 62541-4:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-4:2025 defines the OPC Unified Architecture (OPC UA) Services. The Services defined are the collection of abstract Remote Procedure Calls (RPC) that are implemented by OPC UA Servers and called by OPC UA Clients. All interactions between OPC UA Clients and Servers occur via these Services. The defined Services are considered abstract because no particular RPC mechanism for implementation is defined in this document. IEC 62541‑6 specifies one or more concrete mappings supported for implementation. For example, one mapping in IEC 62541‑6 is to UA-TCP UA-SC UA-Binary. In that case the Services described in this document appear as OPC UA Binary encoded payload, secured with OPC UA Secure Conversation and transported via OPC UA TCP. Not all OPC UA Servers implement all of the defined Services. IEC 62541‑7 defines the Profiles that dictate which Services must be implemented in order to be compliant with a particular Profile. A BNF (Backus-Naur form) for browse path names is described in Annex A. This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) addition of new definitions to Method Call Service to allow optional Method arguments;
b)addition of reference to SystemStatusChangeEventType for event monitored item error scenarios;
c) enhancement of the general description of how determining if a Certificate is trusted;
d) addition of support for ECC;
e) addition of revisedAggregateConfiguration to AggregateFilterResult structure;
f) addition of INVALID to the BrowseDirection enumeration data type;
g) addition of INVALID to the TimestampsToReturn enumeration data type;
h) addition of definitions that make sure the subscription functionality works if retransmission queues are optional;
i) addition of client checks has been added to be symmetric to the Server Certificate check has been added;
j) clarification that ‘local’ top level domain is not appended by server into certificate and not checked by client when returned from LDS-ME;
k) addition of a definition for expiration behaviour of IssuedIdentityTokens;
l) addition of status code Good_PasswordChangeRequired to ActivateSession;
m) restriction of AdditionalInfo to servers in debug mode;
n) addition of new status code Bad_ServerTooBusy;
o) addition of definition for cases where server certificate must be contained in GetEndpoints response.

  • Standard
    245 pages
    English language
    sale 15% off
  • Standard
    257 pages
    French language
    sale 15% off
  • Standard
    502 pages
    English and French language
    sale 15% off
IEC
IEC TS 63414:2025(Main)
Artificial pollution tests on high-voltage polymeric insulators to be used on AC and DC systems

IEC TS 63414:2025 is applicable for the determination of the AC and DC pollution flashover and withstand voltage characteristics of insulators with polymeric housing, to be used outdoors in HV applications and exposed to polluted environments. This is also applicable for insulators with hydrophobic coatings. This document refers to AC systems with a rated voltage greater than 1 000 V and DC systems with a rated voltage greater than 1 500 V.
The object of this technical specification is to prescribe standardized test methods, requirements and procedures for artificial pollution tests applicable to polymeric insulators for overhead lines including traction lines, station post and hollow insulators of equipment. Available test experience with polymeric station post and hollow insulators, especially for DC applications, is limited.
The proposed tests are not applicable to ceramic and glass insulators without polymeric housing, to greased insulators or to special types of insulators (e.g., insulators with semiconducting glaze).
Differently to ceramic and glass insulators without polymeric housing:
- The pollution performance of insulators with polymeric housing varies with the hydrophobicity condition of the surface. The specific conditions simulated by standardized tests might not represent the actual dynamic field conditions.
- The determination of the flashover and/or withstand voltage under pollution conditions is not enough for dimensioning. Additional constraints related to possible ageing are also to be considered.
- If the Hydrophobicity Transfer Material (HTM) test according to IEC TR 62039 confirms that an insulator is non-HTM, it can be tested according to IEC 60507 or IEC TS 61245.

  • Technical specification
    39 pages
    English language
    sale 15% off
IEC
IEC 63522-4:2025(Main)
Electrical relays - Tests and measurements - Part 4: Dielectric strength test

IEC 63522-4:2025 is used for testing along with the appropriate severities and conditions for measurements and tests designed to assess the ability of DUTs to perform under expected conditions of transportation, storage and all aspects of operational use.
The object of this test is to define a standard test method for the dielectric strength test.

  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    10 pages
    French language
    sale 15% off
  • Standard
    20 pages
    English and French language
    sale 15% off
IEC
IEC 62541-10:2025(Main)
OPC Unified Architecture - Part 10: Programs

IEC 62541-10:2025 is available as IEC 62541-10:2025 RLV which contains the International Standard and its Redline version, showing all changes of the technical content compared to the previous edition.IEC 62541-10:2025 defines the Information Model associated with Programs in OPC Unified Architecture (OPC UA). This includes the description of the NodeClasses, standard Properties, Methods and Events and associated behaviour and information for Programs. The complete AddressSpace model including all NodeClasses and Attributes is specified in IEC 62541-3. The Services such as those used to invoke the Methods used to manage Programs are specified in IEC 62541-4. An example for a DomainDownload Program is defined in Annex A. This fourth edition cancels and replaces the third edition published in 2020. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
- StateMachine table format has been aligned.

  • Standard
    42 pages
    English language
    sale 15% off
  • Standard
    45 pages
    French language
    sale 15% off
  • Standard
    87 pages
    English and French language
    sale 15% off