ISO TR 24971:2013
(Main)Medical devices -- Guidance on the application of ISO 14971
Medical devices -- Guidance on the application of ISO 14971
ISO TR 24971:2013 provides guidance in addressing specific areas of ISO 14971 when implementing risk management. This guidance is intended to assist manufacturers and other users of the standard to understand the role of international product safety and process standards in risk management, develop the policy for determining the criteria for risk acceptability, incorporate production and post-production feedback loop into risk management, differentiate between "information for safety" and "disclosure of residual risk", and evaluate overall residual risk.
General Information
Relations
Buy Standard
Standards Content (Sample)
TECHNICAL ISO/TR
REPORT 24971
First edition
2013-07-01
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Directives relatives à l’ISO 14971
Reference number
ISO/TR 24971:2013(E)
©
ISO 2013
ISO/TR 24971:2013(E)
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
ISO/TR 24971:2013(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 The role of international product safety and process standards in risk management .1
2.1 Overview . 1
2.2 Use of international product safety standards in risk management . 2
2.3 International process standards and ISO 14971 . 4
3 Developing the policy for determining the criteria for risk acceptability .6
4 Production and post-production feedback loop . 6
4.1 Overview . 6
4.2 Observation and transmission . 7
4.3 Assessment . 9
4.4 Action . 9
5 Differentiation of information for safety and disclosure of residual risk .10
5.1 Difference between “information for safety” and “disclosure of residual risk” .10
5.2 Information for safety .10
5.3 Disclosure of residual risk .10
6 Evaluation of overall residual risk .11
6.1 Overview .11
6.2 Inputs and other considerations for overall residual risk evaluation .11
ISO/TR 24971:2013(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
ISO/TR 24971 was prepared jointly by Technical Committee ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and Technical Committee IEC/SC 62A, Common aspects
of electrical equipment used in medical practice. The draft was circulated for voting to the national bodies
of both ISO and IEC.
iv © ISO 2013 – All rights reserved
ISO/TR 24971:2013(E)
Introduction
Experience indicates that manufacturers have difficulty with practical implementation of some clauses
of the risk management International Standard, ISO 14971:2007, Medical devices — Application of risk
management to medical devices. This Technical Report provides guidance to assist in the development,
implementation and maintenance of risk management for medical devices that aim to meet the
requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety
of medical devices. These medical devices include active, non-active, implantable, and non-implantable
medical devices and in vitro diagnostic medical devices.
This Technical Report is not intended to be an overall guidance document on the implementation of
ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of
ISO 14971 related to the following areas.
— Guidance on the role of international product safety and process standards in risk management
— Guidance on developing the policy for determining the criteria for risk acceptability
— Guidance on how the production and post-production feedback loop can work
— Guidance on the differentiation of information for safety as a risk control measure and disclosure of
residual risk
— Guidance on the evaluation of overall residual risk
This Technical Report provides some approaches that an organization can use to implement and maintain
some aspects of a risk management system that conforms to ISO 14971. Alternative approaches can be
used if these satisfy the requirements of ISO 14971.
When judging the applicability of the guidance in this Technical Report, one should consider the nature
of the medical device(s) to which it will apply, the risks associated with the use of these medical devices,
and the applicable regulatory requirements.
TECHNICAL REPORT ISO/TR 24971:2013(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope
This Technical Report provides guidance in addressing specific areas of ISO 14971 when implementing
risk management.
The guidance is intended to assist manufacturers and other users of the standard to:
— understand the role of international product safety and process standards in risk management;
— develop the policy for determining the criteria for risk acceptability;
— incorporate production and post-production feedback loop into risk management;
— differentiate between “information for safety” and “disclosure of residual risk”; and
— evaluate overall residual risk.
2 The role of international product safety and process standards in risk manage-
ment
2.1 Overview
International product safety and process standards play a significant role in risk management as
described by ISO 14971. In principle, these standards are developed using a type of risk management
that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,
and specifying risk control measures. More information on a process for developing medical device
standards using a type of risk management can be found in documents such as ISO/IEC Guide 51 and
ISO/IEC Guide 63. International product safety and process standards are developed by experts in the
field and represent the generally accepted state of the art (see D.4 of ISO 14971:2007).
These standards can have an important role in risk management. When performing risk management,
the manufacturer first needs to consider the medical device being designed, its intended use and the
hazards/hazardous situations related to it. Manufacturers can, if they choose, identify standard(s) that
contain specific requirements that help manage the risks related to those hazards/hazardous situations.
For medical devices that satisfy the requirements and compliance criteria of these standards, the
residual risks related to those hazards/hazardous situations can be considered acceptable unless there
is objective evidence to the contrary. Some potential sources of objective evidence to the contrary can
include reports of adverse events, product recalls and complaints. The requirements of International
Standards, such as engineering or analytical processes, specific output limits, warning statements, or
design specifications, can be considered risk control measures established by the standards writers
that are intended to address the risks of specific hazardous situations that have been identified and
evaluated as needing risk control.
In many cases, the standards writers have taken on and completed elements of risk management
and provided manufacturers with answers in the form of design requirements and test methods for
establishing conformity. When performing risk management activities, manufacturers can take
advantage of the work of the standards writers and need not repeat the analyses leading to the
requirements of the standard. International standards, therefore, provide valuable information on risk
acceptability that has been validated during a worldwide evaluation process, including multiple rounds
of review, comment, and voting.
ISO/TR 24971:2013(E)
2.2 Use of international product safety standards in risk management
An international product safety standard can establish requirements that, when implemented, result in
acceptable risk for specific hazardous situations (e.g. safety limits). The manufacturer can apply these
requirements in the following way when managing risk.
a) Where an international product safety standard specifies technical requirements addressing
particular hazards or hazardous situations, together with specific acceptance criteria, compliance
with those requirements is presumed to establish that the residual risks have been reduced to
acceptable levels unless there is objective evidence to the contrary. For example, in IEC 60601-1,
Medical electrical equipment — Part 1: General requirements for basic safety and essential performance,
leakage current must be controlled to achieve an acceptable level of risk. IEC 60601-1 provides
leakage current limits that are considered to result in an acceptable level of risk when measured
under the conditions stated in 8.7 of IEC 60601-1:2005. For this example, further risk management
would not be necessary. The following steps need to be taken in this case.
1) Implement 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and
identify hazards and hazardous situations associated with the device as completely as possible.
2) Identify those hazards and hazardous situations relevant to the particular medical device that
are exactly covered by the international product safety standard.
3) For those identified hazards and hazardous situations exactly covered by the international
product safety standard, the manufacturer may choose not to estimate (4.4 of ISO 14971:2007) or
evaluate (Clause 5 of ISO 14971:2007) the risks so identified but rather rely on the requirements
contained in the international standard to demonstrate the completion of risk estimation and
risk evaluation.
4) To the extent possible, the manufacturer should identify the design specifications that satisfy
the requirements in the standard and serve as risk control measures (6.2 of ISO 14971:2007).
NOTE For some international product safety standards, the possibility of identifying all the specific risk
control measures is limited. One example is electromagnetic compatibility testing in IEC 60601–1-2, Medical
electrical equipment — Part 1-2: General requirements for basic safety and essential performance — Collateral
standard: Electromagnetic compatibility — Requirements and tests, for complex medical devices.
5) Verification of the implementation of the risk control measures for these hazardous situations
is obtained from the design documents. Verification of the effectiveness of the risk control
measures is obtained from the tests and test results demonstrating that the device meets the
relevant requirements of the international product safety standard.
6) If the relevant requirements are
...
TECHNICAL ISO/TR
REPORT 24971
First edition
2013-07-01
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Directives relatives à l’ISO 14971
Reference number
ISO/TR 24971:2013(E)
©
ISO 2013
ISO/TR 24971:2013(E)
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
ISO/TR 24971:2013(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 The role of international product safety and process standards in risk management .1
2.1 Overview . 1
2.2 Use of international product safety standards in risk management . 2
2.3 International process standards and ISO 14971 . 4
3 Developing the policy for determining the criteria for risk acceptability .6
4 Production and post-production feedback loop . 6
4.1 Overview . 6
4.2 Observation and transmission . 7
4.3 Assessment . 9
4.4 Action . 9
5 Differentiation of information for safety and disclosure of residual risk .10
5.1 Difference between “information for safety” and “disclosure of residual risk” .10
5.2 Information for safety .10
5.3 Disclosure of residual risk .10
6 Evaluation of overall residual risk .11
6.1 Overview .11
6.2 Inputs and other considerations for overall residual risk evaluation .11
ISO/TR 24971:2013(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
orga nizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on
the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
ISO/TR 24971 was prepared jointly by Technical Committee ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and Technical Committee IEC/SC 62A, Common aspects
of electrical equipment used in medical practice. The draft was circulated for voting to the national bodies
of both ISO and IEC.
iv © ISO 2013 – All rights reserved
ISO/TR 24971:2013(E)
Introduction
Experience indicates that manufacturers have difficulty with practical implementation of some clauses
of the risk management International Standard, ISO 14971:2007, Medical devices — Application of risk
management to medical devices. This Technical Report provides guidance to assist in the development,
implementation and maintenance of risk management for medical devices that aim to meet the
requirements of ISO 14971. It provides guidance for specific aspects of ISO 14971 for a wide variety
of medical devices. These medical devices include active, non-active, implantable, and non-implantable
medical devices and in vitro diagnostic medical devices.
This Technical Report is not intended to be an overall guidance document on the implementation of
ISO 14971 for organizations. It supplements the guidance contained in the informative annexes of
ISO 14971 related to the following areas.
— Guidance on the role of international product safety and process standards in risk management
— Guidance on developing the policy for determining the criteria for risk acceptability
— Guidance on how the production and post-production feedback loop can work
— Guidance on the differentiation of information for safety as a risk control measure and disclosure of
residual risk
— Guidance on the evaluation of overall residual risk
This Technical Report provides some approaches that an organization can use to implement and maintain
some aspects of a risk management system that conforms to ISO 14971. Alternative approaches can be
used if these satisfy the requirements of ISO 14971.
When judging the applicability of the guidance in this Technical Report, one should consider the nature
of the medical device(s) to which it will apply, the risks associated with the use of these medical devices,
and the applicable regulatory requirements.
TECHNICAL REPORT ISO/TR 24971:2013(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope
This Technical Report provides guidance in addressing specific areas of ISO 14971 when implementing
risk management.
The guidance is intended to assist manufacturers and other users of the standard to:
— understand the role of international product safety and process standards in risk management;
— develop the policy for determining the criteria for risk acceptability;
— incorporate production and post-production feedback loop into risk management;
— differentiate between “information for safety” and “disclosure of residual risk”; and
— evaluate overall residual risk.
2 The role of international product safety and process standards in risk manage-
ment
2.1 Overview
International product safety and process standards play a significant role in risk management as
described by ISO 14971. In principle, these standards are developed using a type of risk management
that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,
and specifying risk control measures. More information on a process for developing medical device
standards using a type of risk management can be found in documents such as ISO/IEC Guide 51 and
ISO/IEC Guide 63. International product safety and process standards are developed by experts in the
field and represent the generally accepted state of the art (see D.4 of ISO 14971:2007).
These standards can have an important role in risk management. When performing risk management,
the manufacturer first needs to consider the medical device being designed, its intended use and the
hazards/hazardous situations related to it. Manufacturers can, if they choose, identify standard(s) that
contain specific requirements that help manage the risks related to those hazards/hazardous situations.
For medical devices that satisfy the requirements and compliance criteria of these standards, the
residual risks related to those hazards/hazardous situations can be considered acceptable unless there
is objective evidence to the contrary. Some potential sources of objective evidence to the contrary can
include reports of adverse events, product recalls and complaints. The requirements of International
Standards, such as engineering or analytical processes, specific output limits, warning statements, or
design specifications, can be considered risk control measures established by the standards writers
that are intended to address the risks of specific hazardous situations that have been identified and
evaluated as needing risk control.
In many cases, the standards writers have taken on and completed elements of risk management
and provided manufacturers with answers in the form of design requirements and test methods for
establishing conformity. When performing risk management activities, manufacturers can take
advantage of the work of the standards writers and need not repeat the analyses leading to the
requirements of the standard. International standards, therefore, provide valuable information on risk
acceptability that has been validated during a worldwide evaluation process, including multiple rounds
of review, comment, and voting.
ISO/TR 24971:2013(E)
2.2 Use of international product safety standards in risk management
An international product safety standard can establish requirements that, when implemented, result in
acceptable risk for specific hazardous situations (e.g. safety limits). The manufacturer can apply these
requirements in the following way when managing risk.
a) Where an international product safety standard specifies technical requirements addressing
particular hazards or hazardous situations, together with specific acceptance criteria, compliance
with those requirements is presumed to establish that the residual risks have been reduced to
acceptable levels unless there is objective evidence to the contrary. For example, in IEC 60601-1,
Medical electrical equipment — Part 1: General requirements for basic safety and essential performance,
leakage current must be controlled to achieve an acceptable level of risk. IEC 60601-1 provides
leakage current limits that are considered to result in an acceptable level of risk when measured
under the conditions stated in 8.7 of IEC 60601-1:2005. For this example, further risk management
would not be necessary. The following steps need to be taken in this case.
1) Implement 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and
identify hazards and hazardous situations associated with the device as completely as possible.
2) Identify those hazards and hazardous situations relevant to the particular medical device that
are exactly covered by the international product safety standard.
3) For those identified hazards and hazardous situations exactly covered by the international
product safety standard, the manufacturer may choose not to estimate (4.4 of ISO 14971:2007) or
evaluate (Clause 5 of ISO 14971:2007) the risks so identified but rather rely on the requirements
contained in the international standard to demonstrate the completion of risk estimation and
risk evaluation.
4) To the extent possible, the manufacturer should identify the design specifications that satisfy
the requirements in the standard and serve as risk control measures (6.2 of ISO 14971:2007).
NOTE For some international product safety standards, the possibility of identifying all the specific risk
control measures is limited. One example is electromagnetic compatibility testing in IEC 60601–1-2, Medical
electrical equipment — Part 1-2: General requirements for basic safety and essential performance — Collateral
standard: Electromagnetic compatibility — Requirements and tests, for complex medical devices.
5) Verification of the implementation of the risk control measures for these hazardous situations
is obtained from the design documents. Verification of the effectiveness of the risk contr
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.