Medical laboratories — Application of risk management to medical laboratories

This document specifies a process for a medical laboratory to identify and manage the risks to patients, laboratory workers and service providers that are associated with medical laboratory examinations. The process includes identifying, estimating, evaluating, controlling and monitoring the risks. The requirements of this document are applicable to all aspects of the examinations and services of a medical laboratory, including the pre-examination and post-examination aspects, examinations, accurate transmission of test results into the electronic medical record and other technical and management processes described in ISO 15189. This document does not specify acceptable levels of risk. This document does not apply to risks from post-examination clinical decisions made by healthcare providers. This document does not apply to the management of risks affecting medical laboratory enterprises that are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.

Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale

Le présent document spécifie un processus permettant à un laboratoire de biologie médicale d'identifier et de gérer les risques pour les patients, le personnel de laboratoire et les prestataires de service qui sont associés aux examens de laboratoire de biologie médicale. Le processus inclut l'identification, l'estimation, l'évaluation, la maîtrise et la gestion des risques. Les exigences du présent document sont applicables à tous les aspects relatifs aux examens et aux services d'un laboratoire de biologie médicale, y compris les aspects préanalytiques et postanalytiques, les examens, la transmission rigoureuse des résultats d'examen dans un dossier médical électronique et les autres processus techniques et managériaux décrits dans l'ISO 15189. Le présent document ne spécifie pas les niveaux de risque acceptables. Le présent document ne s'applique pas aux risques liés aux décisions cliniques postanalytiques prises par des prestataires de soins de santé. Le présent document ne s'applique pas à la gestion des risques afférents aux entreprises de laboratoire de biologie médicale qui sont couverts par l'ISO 31000, tels que les risques commerciaux, économiques, juridiques et réglementaires.

General Information

Status: Not Published

ICS: 11.100.01 - Laboratory medicine in general

Technical Committee: ISO/TC 212 - Clinical laboratory testing and in vitro diagnostic test systems
Drafting Committee: ISO/TC 212/WG 1 - Quality and competence in the medical laboratory

Current Stage: 5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date: 06-Jan-2026
Completion Date: 06-Jan-2026

Relations

Revises: ISO 22367:2020 - Medical laboratories - Application of risk management to medical laboratories
Effective Date: 16-Sep-2023

Overview - ISO/FDIS 22367 (Medical laboratories, Risk Management)

ISO/FDIS 22367 specifies a structured process for applying risk management in medical laboratories. It guides laboratories to identify, estimate, evaluate, control and monitor risks to patients, laboratory personnel and service providers that arise from laboratory examinations and associated processes. The standard covers all phases of testing - pre‑examination, examination, and post‑examination (including accurate transmission of results into the electronic medical record). It does not set acceptable risk levels, nor does it cover clinical decisions made after results are reported or enterprise business risks managed under ISO 31000.

Key topics and technical requirements

The standard emphasizes practical, process‑oriented risk management with topics that include:

Risk management process: structured steps to identify, estimate, evaluate, control and monitor risk.
Proactive and reactive risk management: planning and analysis before implementation, and handling risks arising from incidents or nonconformities.
Benefit‑risk analysis: assessing whether benefits justify residual risks where appropriate.
Risk control and verification: selection of control options, evaluation of residual risk, and verification of control effectiveness.
Risk monitoring and review: ongoing data sources, internal/external inputs and periodic management review.
Qualification and responsibilities: management commitment and personnel competencies for risk activities.
Scope of application: includes transmission of test results into electronic medical records and interfaces with ISO 15189 technical/management processes.
Informative annexes with guidance on acceptability criteria, risk analysis tools, foreseeable hazards, nonconformities, and benefit‑risk methods.

Practical applications and benefits

ISO/FDIS 22367 helps medical laboratories to:

Systematically reduce patient and staff harm from laboratory activities.
Integrate risk management into quality systems and workflows required by ISO 15189.
Improve incident investigation, corrective actions and continual improvement.
Manage risks related to laboratory‑developed tests (LDTs) and interactions with IVD device manufacturers (concepts aligned with ISO 14971).
Support safer result reporting and electronic health record integration.

Practical outcomes include clearer risk registers, prioritized mitigation actions, documented benefit‑risk decisions, and better alignment between technical processes and management oversight.

Who should use this standard

Medical laboratory directors and quality managers
Clinical laboratory scientists and safety officers
Accreditation bodies and auditors
Laboratories developing LDTs or integrating IVD devices
Healthcare organizations coordinating laboratory services

Related standards

ISO 15189 (Medical laboratories - Quality and competence)
ISO 14971 (Medical device risk management concepts referenced for IVDs)
ISO 31000 (Enterprise risk management - business/economic/legal risk guidance)

ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 1 preview

ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 2 preview

ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 3 preview

Draft

ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories Released:23. 12. 2025

English language

83 pages

sale 15% off

REDLINE ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 1 preview

REDLINE ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 2 preview

REDLINE ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories
Released:23. 12. 2025 - Page 3 preview

Draft

REDLINE ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories Released:23. 12. 2025

English language

83 pages

sale 15% off

ISO/FDIS 22367 - Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale
Released:27. 01. 2026 - Page 1 preview

Draft

ISO/FDIS 22367 - Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale Released:27. 01. 2026

French language

94 pages

sale 15% off

Get Certified

Connect with accredited certification bodies for this standard

BSI Group

BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

UKAS United Kingdom Verified

Visit Website

TÜV Rheinland

TÜV Rheinland is a leading international provider of technical services.

DAKKS Germany Verified

Visit Website

TÜV SÜD

TÜV SÜD is a trusted partner of choice for safety, security and sustainability solutions.

DAKKS Germany Verified

Visit Website

Frequently Asked Questions

What is ISO/FDIS 22367?

ISO/FDIS 22367 is a draft published by the International Organization for Standardization (ISO). Its full title is "Medical laboratories — Application of risk management to medical laboratories". This standard covers: This document specifies a process for a medical laboratory to identify and manage the risks to patients, laboratory workers and service providers that are associated with medical laboratory examinations. The process includes identifying, estimating, evaluating, controlling and monitoring the risks. The requirements of this document are applicable to all aspects of the examinations and services of a medical laboratory, including the pre-examination and post-examination aspects, examinations, accurate transmission of test results into the electronic medical record and other technical and management processes described in ISO 15189. This document does not specify acceptable levels of risk. This document does not apply to risks from post-examination clinical decisions made by healthcare providers. This document does not apply to the management of risks affecting medical laboratory enterprises that are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.

What is the scope of ISO/FDIS 22367?

What ICS categories does ISO/FDIS 22367 belong to?

ISO/FDIS 22367 is classified under the following ICS (International Classification for Standards) categories: 11.100.01 - Laboratory medicine in general. The ICS classification helps identify the subject area and facilitates finding related standards.

What standards are related to ISO/FDIS 22367?

ISO/FDIS 22367 has the following relationships with other standards: It is inter standard links to ISO 22367:2020. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

How can I access ISO/FDIS 22367?

ISO/FDIS 22367 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)

FINAL DRAFT
International
Standard
ISO/TC 212
Medical laboratories — Application
Secretariat: ANSI
of risk management to medical
Voting begins on:
laboratories
2026-01-06
Laboratoires de biologie médicale — Application de la gestion
Voting terminates on:
des risques aux laboratoires de biologie médicale
2026-03-03
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
International
Standard
ISO/TC 212
Medical laboratories — Application
Secretariat: ANSI
of risk management to medical
Voting begins on:
laboratories
2026-01-02
Laboratoires de biologie médicale — Application de la gestion
Voting terminates on:
des risques aux laboratoires de biologie médicale
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO 2026
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 9
4.1 Risk management process .9
4.2 Management responsibilities .9
4.3 Qualification of personnel .10
4.4 Risk management activities .10
4.4.1 General .10
4.4.2 Foreseeable risk . 12
4.4.3 Opportunity . 13
4.4.4 Information provided to users . 13
5 Proactive risk management .13
5.1 Proactive risk management plan. 13
5.2 Scope of the plan .14
5.3 Contents of the plan .14
5.4 Revisions to the plan .14
5.5 Documentation of the risk management plan. 15
6 Proactive risk analysis .15
6.1 General . 15
6.2 Risk analysis process . 15
6.3 Documentation of the risk analysis process .16
6.3.1 General .16
6.3.2 Intended medical laboratory use and reasonably foreseeable misuses .16
6.3.3 Identification of characteristics related to safety .16
6.3.4 Identification of hazards .16
7 Risk evaluation . 17
7.1 Overview .17
7.1.1 General .17
7.1.2 Reactive evaluation of risks .17
7.1.3 Proactive evaluation of risks .17
7.2 Benefit-risk analysis .18
7.3 Proactive risk evaluation .18
7.3.1 Risk acceptability criteria .18
7.3.2 Risk reduction . . .19
8 Risk control . 19
8.1 General .19
8.2 Risk control options . 20
8.2.1 General . 20
8.2.2 Role of standards in risk control . 20
8.2.3 Role of IVD medical devices in risk control . 20
8.3 Risks external to the laboratory .21
8.4 Risks arising from risk control measures .21
8.5 Residual risk evaluation .21
8.6 Risk control verification . 22
9 Risk management review .22
9.1 General . 22
9.2 Completeness of risk control . 22
9.3 Evaluation of overall residual risk . 22

iii
9.4 Risk management report . 23
10 Risk monitoring, analysis and control activities .23
10.1 Risk monitoring procedure . 23
10.2 Internal sources of risk information .24
10.3 External sources of risk information.24
11 Immediate actions to reduce risk .24
Annex A (informative) Implementation of risk management within the management system .25
Annex B (informative) Guidance on establishing risk acceptability criteria .35
Annex C (informative) Guidance on risk acceptability considerations .37
Annex D (informative) Identification of characteristics related to safety .40
Annex E (informative) Examples of foreseeable risks, hazards, foreseeable sequences of events
and hazardous situations . 47
Annex F (informative) Nonconformities potentially leading to significant risks .55
Annex G (informative) Risk analysis tools and techniques.63
Annex H (informative) Risk analysis of foreseeable user actions .68
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm .72
Annex J (informative) Overall residual risk evaluation and risk management review .77
Annex K (informative) Conducting a benefit-risk analysis .79
Annex L (informative) Residual risks.81
Bibliography .82

iv
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, Medical laboratories and in vitro diagnostic
systems, in collaboration with the European Committee for Standardization (CEN) Technical Committee
CEN/TC 140, in vitro diagnostic medical devices, in accordance with the Agreement on technical cooperation
between ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO 22367:2020), which has been technically
revised.
The main changes are as follows:
— the application of risk management to processes has been emphasized;
— reactive and proactive risk management has been discussed, differentiated, and illustrated;
— the content is as far as possible in agreement the requirements for risk management in ISO 15189:2022;
— the relation with ISO 15189:2022 is indicated in Annex A in which Figure A.1 provides a flow chart for
the underlying management system to underpin this document;
— Clause I.5 has been slightly modified to emphasize that risks most often require benefit-risk assessment
to determine risk acceptability.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

v
Introduction
Medical laboratories deal with risks as part of their usual activities; these risks affect patients, personnel,
caregivers, and the organization as a whole. Risks span the range of services: pre-examination, examination
and post-examination processes, including the design and development of laboratory examinations. The
intent of this document is not to introduce risk as a concern for the laboratory but to provide a structure
for addressing, managing, and documenting risks that are part of the day-to-day and long-term (strategic)
activities of the laboratory.
ISO 15189 requires that medical laboratories review all work processes to identify potential failures for
risk of harm to patients and opportunities for improvement, modify the processes to reduce or eliminate
the identified risks, and document the decisions and actions taken. This document describes a process
for managing these risks to the patient, the operator, other persons, equipment and other property, the
healthcare enterprise as a whole, and the environment. It does not address business enterprise risks, which
are the subject of ISO 31000; however, ISO 31000 is consistent with and can provide further understanding
for the concepts in this document.
Medical laboratories span a broad range of activities, some of which rely on the use of in vitro medical
devices to achieve their quality objectives. When such devices are involved, risk management is a shared
responsibility between the in vitro diagnostic (IVD) manufacturer and the medical laboratory. Since most
IVD manufacturers have already implemented ISO 14971, this document has adopted similar concepts,
principles and framework to manage the risks associated with the medical laboratory when appropriate.
This is especially meaningful for laboratories that implement their own examinations on devices (laboratory
developed tests or LDTs); concepts integral to ISO 14971 can be directly applicable. ISO 5649 is a useful
reference for identifying and addressing risks in the development, implementation and retirement phases of
LDTs.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of hazards,
which can lead directly or indirectly to varying degrees of harm. The concept of risk has two components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder can place a different value on the risk of harm.
Risk management interfaces with quality management at many points in the medical laboratory. In
ISO 15189, as an example, risk management is a component of complaint management, internal audit,
corrective action, quality control, management review and external assessment (for both accreditation
and proficiency testing). Management of risk also coincides with the management of safety in the medical
laboratories, as exemplified by the safety audit checklists in ISO 15190. This document is intended to assist
medical laboratories with the integration of risk management into their routine organization, operation and
management.
While this document is intended for use throughout the currently recognized medical laboratory disciplines,
it can effectively be applied to other healthcare services, such as diagnostic imaging, respiratory therapy,
physiological sciences, blood banks and transfusion services.
The use of this document facilitates cooperation between medical laboratories and other healthcare services,
assists in the exchange of information, and in the harmonization of methods and procedures.

vi
FINAL DRAFT International Standard ISO/FDIS 22367:2026(en)
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations. The
process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of a
medical laboratory, including the pre-examination, examination, and post-examination aspects including
accurate transmission of examination results into the electronic medical record, as well as other technical
and management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document complements the management of risks affecting medical laboratory enterprises that are
addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
benefit
impact or desirable outcome of a process (3.21), procedure (3.19) or the use of a medical device on the health
of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, relief of symptoms, improvement in function,
or an increased sense of well-being.
3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.

Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close
call”.
[SOURCE: ISO 31073:2022, 3.3.11. modified — Note to entry 2 was changed; the original Note 3 to entry was
removed, and a new Note 3 to entry and a Note 4 were added.]
3.3
examination
set of operations having the objective of determining the numerical value, text value or characteristics of a
property
Note 1 to entry: An examination may be the total of a number of activities, observations or measurements required to
determine a value or characteristics.
Note 2 to entry: Laboratory examinations that determine a numerical value of a property are called “quantitative
examinations”; those that determine the characteristics of a property are called “qualitative examinations”.
Note 3 to entry: Laboratory examinations are also called “assays” or “tests”.
[SOURCE: ISO 15189:2022, 3.8]
3.4
foreseeable risk
risk (3.25) that is predictable prior to its occurrence
Note 1 to entry: Risk can be known from prior experience, assessment of current circumstances, prior occurrence of
an event (3.2), or other sources.
Note 2 to entry: Addressing foreseeable risk results in preventive action.
Note 3 to entry: A risk that is foreseeable does not imply that it has been anticipated or addressed.
3.5
frequency
number of events (3.2) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events or to potential future events, where it can be used as a
measure of likelihood or probability (3.20)
[SOURCE: ISO 31073:2022, 3.3.20]
3.6
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.7
hazard
source of potential harm (3.6)
[SOURCE: ISO 31073:2022, 3.3.12, modified — Note 1 to entry has been deleted.]
3.8
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.7)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]

3.9
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician, laboratory
technologist, biomedical laboratory scientist, medical assistant, medical specialist, respiratory care practitioner.
[SOURCE: ISO 18113-1:2022, 3.1.28, modified — “laboratory technologist” and “biomedical laboratory
scientist” were added to the example.]
3.10
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design and/or manufacture of an IVD medical device (3.11)
with the intention of making the IVD medical device available for use, under his name, whether or not such
an IVD medical device is designed and/or manufactured by that person himself or on that person’s behalf by
another person(s)
[SOURCE: ISO 14971:2019, 3.9, modified — The term “manufacturer” was changed to “in vitro diagnostic
manufacturer”; in the definition, “medical device” was changed to “IVD medical device”; Notes to entry were
removed.]
3.11
in vitro diagnostic medical device
IVD medical device
medical device, whether used alone or in combination, intended by the manufacturer for the in vitro
examination (3.3) of specimens derived from the human body solely or principally to provide information for
diagnostic, monitoring or compatibility purposes
Note 1 to entry: The device includes reagents, calibrators, control materials, specimen receptacles, software, and
related instruments or apparatus or other articles.
Note 2 to entry: Adapted from ISO 18113-1:2022, 3.1.53.
3.12
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manufacturer to be used as an IVD medical device (3.11)
[SOURCE: ISO 18113-1:2022, 3.1.32]
3.13
information supplied by the manufacturer
information that is related to identification, technical description, intended use (3.15) and proper use of the
IVD medical device (3.11), but excluding shipping documents
EXAMPLE Labels, instructions for use, manual, written, printed, electronic, or graphic matter.
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important information
for the responsible organization or operator, particularly regarding safety, are called “accompanying documents”.
Note 2 to entry: Catalogues and material safety data sheets are not considered information supplied by the
manufacturer of IVD medical devices.
Note 3 to entry: Adapted from ISO 18113-1:2022, 3.1.35.
3.14
instructions for use
information supplied by the manufacturer (3.13) to enable the safe and proper use of an IVD medical device
(3.11)
Note 1 to entry: It includes the directions supplied by the manufacturer for the use, maintenance, troubleshooting and
disposal of an IVD medical device, as well as warnings and precautions.

Note 2 to entry: Instructions for use can also be referred to as “package insert” or manual for instruments.
Note 3 to entry: Adapted from ISO 18113-1:2022, 3.1.36.
3.15
intended use
intended purpose
objective intent of an IVD manufacturer (3.10) regarding the use of a product, process (3.21) or service (3.38)
as reflected in the specifications, instructions and information supplied by the IVD manufacturer
Note 1 to entry: Intended use statements for IVD information supplied by the manufacturer (3.13) can include two
components: a description of the functionality of the IVD medical device (3.11) (e.g. an immunochemical measurement
procedure (3.19) for the detection of analyte “x” in serum or plasma), and a statement of the intended medical use of
the examination (3.3) results.
[SOURCE: ISO 18113-1:2022, 3.1.37, modified — In Note 1 to entry, “labelling” was changed to “information
supplied by the manufacturer”; Note 2 was removed.]
3.16
laboratory management
person(s) with responsibility for, and authority over, a laboratory
Note 1 to entry: Laboratory management has the power to delegate authority and provide resources within the
laboratory.
Note 2 to entry: The laboratory management includes the laboratory director(s) and delegates together with
individuals specifically assigned to ensure the quality of the activities of the laboratory.
[SOURCE: ISO 15189:2022, 3.15]
3.17
likelihood
chance of something happening
Note 1 to entry: In risk management terminology, the word “likelihood” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and
described using general terms or mathematically (such as a probability (3.20) or a frequency (3.5) over a given time
period).
Note 2 to entry: The English language term “likelihood” does not have a direct equivalent in some languages; instead,
the equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted
as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that it should
have the same broad interpretation as the term “probability” has in many languages other than English.
[SOURCE: ISO 31073:2022, 3.3.16]
3.18
medical laboratory
laboratory
entity for the examination (3.8) of materials derived from the human body for the purpose of providing
information for the diagnosis, monitoring, management, prevention and treatment of disease, or assessment
of health
Note 1 to entry: The laboratory can also provide advice covering all aspects of examinations including appropriate
selection, the interpretation of results and advice on further examinations.
Note 2 to entry: Laboratory activities include pre-examination, examination and post-examination processes (3.21).
Note 3 to entry: Materials for examination include but are not limited to, microbiological, immunological, biochemical,
immunohaematological, haematological, biophysical, cytological, tissue and cells, and genetic material.
[SOURCE: ISO 15189:2022, 3.20]

3.19
procedure
specified way to carry out an activity or a process (3.21)
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.20
probability
measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1
is absolute certainty
Note 1 to entry: See definition of likelihood (3.17), Note 2 to entry.
[SOURCE: ISO 31073:2022, 3.3.19]
3.21
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service (3.38) depends on the
context of the reference.
[SOURCE: ISO 9000:2015, 3.4.1, modified — Notes 2 to 6 have been removed.]
3.22
reasonably foreseeable misuse
use of a product, process (3.21) or service (3.38) in a way not intended by the supplier, but which can result
from readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of intended users (3.43).
Note 2 to entry: In the context of consumer safety, the term “reasonably foreseeable use” is increasingly used as a
synonym for both “intended use” (3.15) and “reasonably foreseeable misuse”.
Note 3 to entry: Applies to use of examination (3.3) results by a healthcare provider (3.9) contrary to the intended use,
as well as use of IVD medical devices (3.11) by the laboratory contrary to the instructions for use (3.14).
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use of the device in a way not intended by the
manufacturer.
Note 5 to entry: Misuse is intended to mean incorrect or improper performance of an examination procedure (3.19) or
any procedure critical for patient safety.
[SOURCE: ISO/IEC Guide 51:2014, 3.7 modified — In the definition, “system” was changed to “process or
service”; examples were removed from Note 1; Notes 3 to 5 were added.]
3.23
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of verification
(3.45), preventive action and corrective action.
Note 2 to entry: Generally, records need not be under revision control.
[SOURCE: ISO 9000:2015, 3.8.10]
3.24
residual risk
risk (3.25) remaining after risk control (3.28) measures have been taken
[SOURCE: ISO/IEC Guide 63:2019, 3.9]

3.25
risk
combination of the probability (3.19) of occurrence of harm (3.6) and the severity (3.39) of that harm
Note 1 to entry: This definition focuses on risks to the safety of patients and other persons. Other documents that
emphasize risk to a business enterprise will have alternative definitions
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified — The original Note 1 to entry was removed and a new note
was added.]
3.26
risk analysis
systematic use of available information to identify hazards (3.7) and to estimate the risk (3.25)
Note 1 to entry: Risk analysis includes examination of different sequences of events (3.2) that can produce hazardous
situations (3.8) and harm (3.6).
[SOURCE: ISO/IEC Guide 51:2014, 3.10, modified — Note 1 to entry was added.]
3.27
risk assessment
overall process (3.21) comprising a risk analysis (3.26) and a risk evaluation (3.30)
[SOURCE: ISO/IEC Guide 51:2014, 3.11]
3.28
risk control
process (3.21) in which decisions are made and measures implemented by which risks (3.25) are reduced to,
or maintained within, specified levels
[SOURCE: ISO/IEC Guide 63:2019, 3.12]
3.29
risk estimation
process (3.21) used to assign values to the probability (3.19) of occurrence of harm (3.6) and the severity
(3.39) of that harm
[SOURCE: ISO/IEC Guide 63:2019, 3.13]
3.30
risk evaluation
process (3.21) of comparing the estimated risk (3.25) against given risk criteria to determine the acceptability
of the risk
[SOURCE: ISO/IEC Guide 63:2019, 3.14]
3.31
risk management
systematic application of management policies, procedures (3.19) and practices to the tasks of analysing,
evaluating, controlling and monitoring risk (3.25)
[SOURCE: ISO/IEC Guide 63:2019, 3.15]
3.32
risk management documentation
set of records (3.23) and other documents that are produced by risk management (3.31)
[SOURCE: ISO 14971:2019, 3.25, modified — The term “risk management file” was changed to “risk
management documentation”.]
3.33
risk management plan
scheme specifying the approach, the management components and resources to be applied to the
management of risk (3.25)
[SOURCE: ISO 31073:2022, 3.2.3, modified — “scheme within the risk management framework” was changed
to “scheme”; the Notes to entry were removed.]
3.34
risk management policy
statement of the overall intentions and direction of an organization related to risk management (3.31)
[SOURCE: ISO 31073:2022, 3.2.2]
3.35
risk monitoring
surveillance
continual checking, critically observing or determining the status in order to identify change from the risk
(3.25) level required or expected
[SOURCE: ISO 31073:2022, 3.3.40, modified — The term “monitoring” has been changed to “risk monitoring”,
and surveillance was added as a preferred term; in the definition, “supervising” was deleted, and
“performance level” was changed to “risk level”; Note 1 to entry was deleted.]
3.36
risk reduction
actions taken to lessen the probability (3.19) or negative consequences, or both, associated with a risk (3.25)
[SOURCE: ISO 22300:2025, 3.2.20]
3.37
safety
freedom from unacceptable risk (3.25)
[SOURCE: ISO/IEC Guide 63:2019, 3.16]
3.38
service
laboratory medicine activity performed by a medical laboratory for the benefit (3.1) of patients, the
healthcare providers (3.9) responsible for the care of those patients, or screened populations
Note 1 to entry: Medical laboratory services include arrangements for examination (3.3) requests, patient preparation,
patient identification, collection, transportation, storage, processing and examination of clinical samples, together
with subsequent interpretation, reporting and advice, in addition to the considerations of safety (3.36) and ethics in
medical laboratory work.
3.39
severity
measure of the possible consequences of a hazard (3.7)
[SOURCE: ISO/IEC Guide 63:2019, 3.17]
3.40
stakeholder
person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or
activity
[SOURCE: ISO 31073:2022, 3.3.2, modified — The preferred term “interested party” was removed.]

3.41
state of the art
developed stage of technical capability at a given time as regards products, processes (3.21) and services
(3.38), based on the relevant consolidated findings of science, technology and experience
Note 1 to entry: The state of the art embodies what is currently and generally accepted as good practice. The state of
the art does not necessarily imply the most technologically advanced solution. The state of the art described here is
sometimes referred to as the “generally acknowledged state of the art”.
[SOURCE: ISO/IEC Guide 63:2019, 3.18]
3.42
use error
laboratory medicine user (3.43) action or lack of user action while performing a laboratory examination (3.3)
or using an IVD medical device (3.11) or performing any task in any procedure (3.19) that leads to a different
result than that intended by the laboratory or manufacturer or expected by the user
Note 1 to entry: Use error includes the inability of the user to complete a task.
Note 2 to entry: Use errors can result from a mismatch between the characteristics of the user, user interface, task, or
use environment.
Note 3 to entry: Users might be aware or unaware that the use error has occurred.
Note 4 to entry: An unexpected physiological response of the patient is not by itself considered use error.
Note 5 to entry: A malfunction of an IVD medical device that causes an unexpected result is not considered a use error.
Note 6 to entry: Use error includes the use of an examination result for an unintended target group or for an unintended
diagnostic or patient management purpose.
Note 7 to entry: The term was chosen over “user error”, “human error” or “laboratory error” because not all causes
of error are partially or solely due to the user. Use errors are often the result of poorly designed user interface or
processes (3.21), or, inadequate instructions for use (3.14).
[SOURCE: IEC 62366-1:2015, 3.21 modified — In the definition, “user” was changed to “laboratory medicine
user”, and “performing a laboratory examination” and “performing any task in any procedure” were added;
the original Note 6 to entry was removed and a new Note 6 to entry and a Note 7 were added.]
3.43
user
individual responsible for an action that is intended to lead to a desired outcome
Note 1 to entry: Although such individuals are often laboratory personnel that are expected to be trained and
competent to perform the action, this term is not limited to such personnel and can include the patient.
Note 2 to entry: The use of this term is not intended to imply that a device is utilized for the action; it is used as a
general term to include any individual that has a role in producing the desired outcome.
3.44
validation
confirmation, through the provision of objective evidence, that the requirements for a specific intended use
(3.15) or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination
such as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO 9000:2015, 3.8.13]

3.45
verification
confirmation, through the provision of objective evidence
...

ISO/DISFDIS 22367:2025(en)
ISO/TC 212
Secretariat: ANSI
Date: 2025-06-2312-22
Medical laboratories — Application of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale
FDIS stage
TThhiis drs draafftt i is s susubbmmiitttteed d ttoo aa ppaarraallellel l vvoottee i inn IISSOO,, CCEEN.N.
VVoottiing bng beegiginsns o on:n: 20220266--0101--0202
VoVotintingg t tererminminatateses o onn::

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO/DISFDIS 22367:20252026(en)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 10
4.1 Risk management process . 10
4.2 Management responsibilities . 10
4.3 Qualification of personnel . 11
4.4 Risk management activities . 11
5 Proactive risk management . 15
5.1 Proactive risk management plan . 15
5.2 Scope of the plan . 16
5.3 Contents of the plan . 16
5.4 Revisions to the plan . 17
5.5 Documentation of the risk management plan . 17
6 Proactive risk analysis . 17
6.1 General . 17
6.2 Risk analysis process . 18
6.3 Documentation of the risk analysis process . 18
7 Risk evaluation . 19
7.1 Overview . 19
7.2 Benefit-risk analysis . 20
7.3 Proactive risk evaluation . 21
8 Risk control . 22
8.1 General . 22
8.2 Risk control options . 22
8.3 Risks external to the laboratory . 24
8.4 Risks arising from risk control measures . 24
8.5 Residual risk evaluation . 24
8.6 Risk control verification . 25
9 Risk management review . 25
9.1 General . 25
9.2 Completeness of risk control . 25
9.3 Evaluation of overall residual risk . 25
9.4 Risk management report . 26
10 Risk monitoring, analysis and control activities . 26
10.1 Risk monitoring procedure . 26
10.2 Internal sources of risk information . 27
10.3 External sources of risk information . 27
11 Immediate actions to reduce risk . 27
Annex A (informative) Implementation of risk management within the management system . 29
Annex B (informative) Guidance on establishing risk acceptability criteria . 41
Annex C (informative) Guidance on risk acceptability considerations . 43
iii
Annex D (informative) Identification of characteristics related to safety . 46
Annex E (informative) Examples of foreseeable risks, hazards, foreseeable sequences of events
and hazardous situations . 53
Annex F (informative) Nonconformities potentially leading to significant risks . 62
Annex G (informative) Risk analysis tools and techniques . 71
Annex H (informative) Risk analysis of foreseeable user actions . 77
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm . 82
Annex J (informative) Overall residual risk evaluation and risk management review . 88
Annex K (informative) Conducting a benefit-risk analysis . 91
Annex L (informative) Residual risks . 94
Bibliography . 95

iv
ISO/DISFDIS 22367:20252026(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights
in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s)
which may be required to implement this document. However, implementers are cautioned that this may not
represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO'sISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, Medical laboratories and in vitro diagnostic
systems, in collaboration with the European Committee for Standardization (CEN) Technical Committee
CEN/TC 140, Inin vitro diagnostic medical devices, in accordance with the Agreement on technical cooperation
between ISO and CEN (Vienna Agreement).).
This second edition cancels and replaces the first edition (ISO 22367:2020), which has been technically
revised.
The main changes are as follows:
— — the application of risk management to processes has been emphasized;
— — reactive and proactive risk management has been discussed, differentiated, and illustrated;
— — the content is as far as possible in agreement the requirements for risk management in
ISO 15189:2022;
— — the relation with ISO 15189:2022 is indicated in Annex AAnnex A in which Figure A.1Figure A.1
provides a flow chart for the underlying management system to underpin this standarddocument;
— Clause I.5— Clause I.5 has been slightly modified to emphasize that risks most often require
benefit-risk assessment to determine risk acceptability.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
Introduction
Medical laboratories deal with risks as part of their usual activities; these risks affect patients, personnel,
caregivers, and the organization as a whole. Risks span the range of services: pre-examination, examination
and post-examination processes, including the design and development of laboratory examinations. The
intent of this document is not to introduce risk as a concern for the laboratory but to provide a structure for
addressing, managing, and documenting risks that are part of the day-to-day and long-term (strategic)
activities of the laboratory.
ISO 15189 requires that medical laboratories review all work processes to identify potential failures for risk
of harm to patients and opportunities for improvement, modify the processes to reduce or eliminate the
identified risks, and document the decisions and actions taken. This document describes a process for
managing these risks to the patient, the operator, other persons, equipment and other property, the healthcare
enterprise as a whole, and the environment. It does not address business enterprise risks, which are the
subject of ISO 31000; however, ISO 31000 is consistent with and can provide further understanding for the
concepts in this document.
Medical laboratories span a broad range of activities, some of which rely on the use of in vitro medical devices
to achieve their quality objectives. When such devices are involved, risk management is a shared responsibility
between the in -vitro diagnostic (IVD) manufacturer and the medical laboratory. Since most IVD
manufacturers have already implemented ISO 14971, this document has adopted similar concepts, principles
and framework to manage the risks associated with the medical laboratory when appropriate. This is
especially meaningful for laboratories that implement their own examinations on devices (laboratory
developed tests or LDTs); concepts integral to ISO 14971:2019 can be directly applicable. ISO 5649 is a useful
reference for identifying and addressing risks in the development, implementation and retirement phases of
LDTs.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of hazards,
which can lead directly or indirectly to varying degrees of harm. The concept of risk has two components:
a) a) the probability of occurrence of harm;
b) b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder can place a different value on the risk of harm.
Risk management interfaces with quality management at many points in the medical laboratory. In ISO 15189,
as an example, risk management is a component of complaint management, internal audit, corrective action,
quality control, management review and external assessment (for both accreditation and proficiency testing).
Management of risk also coincides with the management of safety in the medical laboratories, as exemplified
by the safety audit checklists in ISO 15190. This standarddocument is intended to assist medical laboratories
with the integration of risk management into their routine organization, operation and management.
While this document is intended for use throughout the currently recognized medical laboratory disciplines,
it can effectively be applied to other healthcare services, such as diagnostic imaging, respiratory therapy,
physiological sciences, blood banks and transfusion services.
The use of this document facilitates cooperation between medical laboratories and other healthcare services,
assists in the exchange of information, and in the harmonization of methods and procedures.
vi
DRAFT International Standard ISO/DIS 22367:2025(en)

Medical laboratories — Application of risk management to medical
laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations. The
process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of a medical
laboratory, including the pre-examination, examination, and post-examination aspects including accurate
transmission of examination results into the electronic medical record, as well as other technical and
management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare providers.
This document complements the management of risks affecting medical laboratory enterprises that are
addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— — ISO Online browsing platform: available at https://www.iso.org/obp
— — IEC Electropedia: available at https://www.electropedia.org/
3.1 3.1
benefit
impact or desirable outcome of a process (3.21(3.21),), procedure (3.19(3.19)) or the use of a medical device
on the health of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, relief of symptoms, improvement in function, or
an increased sense of well-being.
3.2 3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close
call”.
[SOURCE: ISO 31073:2022, 3.3.11. modified –— Note to entry 2 is simplified, Notes was changed; the original
Note 3 to entry 3was removed, and a new Note 3 to entry and a Note 4 were added].]
3.3 3.3
examination
set of operations having the objective of determining the numerical value, text value or characteristics of a
property
Note 1 to entry: An examination may be the total of a number of activities, observations or measurements required to
determine a value or characteristics.
Note 2 to entry: Laboratory examinations that determine a numerical value of a property are called “quantitative
examinations”; those that determine the characteristics of a property are called “qualitative examinations”.
Note 3 to entry: Laboratory examinations are also called “assays” or “tests”.
[SOURCE: ISO 15189:2022, 3.8]
3.4 3.4
foreseeable risk
risk (3.25(3.25)) that is predictable prior to its occurrence
Note 1 to entry: Risk (3.25) can be known from prior experience, assessment of current circumstances, prior occurrence
of an event (3.2(3.2),), or other sources.
Note 2 to entry: Addressing foreseeable risk results in preventive action.
Note 3 to entry: A risk (3.25) that is foreseeable does not imply that it has been anticipated or addressed.
3.5 3.5
frequency
number of events (3.2(3.2)) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events (3.2) or to potential future events (3.2),, where it can be used as
a measure of likelihood or probability (3.20(3.20))
[SOURCE: ISO 31073:2022, 3.3.20]
3.6 3.6
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.7 3.7
hazard
source of potential harm (3.6(3.6))
[SOURCE: ISO 31073:2022, 3.3.12, modified — Note 1 to entry has been deleted.]
ISO/DISFDIS 22367:20252026(en)
3.8 3.8
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.7(3.7))
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
3.9 3.9
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician, laboratory
technologist, biomedical laboratory scientist, medical assistant, medical specialist, respiratory care practitioner.
[SOURCE: ISO 18113-1:2022, 3.1.28, modified — “laboratory technologist” and “biomedical laboratory
scientist” were added to the example.]
3.10 3.10
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the designanddesign and/or manufactureofmanufacture of an
IVD medical device (3.11(3.11)) with the intention of making the IVD medical device (3.11) available for use,
under his name, whether or not such an IVD medical device (3.11) is designed and/or manufactured by that
person himself or on that person'sperson’s behalf by another person(s)
[SOURCE: ISO 14971:2019, 3.9, modified –— The term “manufacturer” has beenwas changed to “in vitro
diagnostic manufacturer”. “A ”; in the definition, “medical device” has beenwas changed to “an IVD medical
device” (3.11).]”; Notes to entry were removed.]
3.11 3.11
in vitro diagnostic medical device
IVD medical device
medical device, whether used alone or in combination, intended by the manufacturer for the in vitro
examination (3.3(3.3)) of specimens derived from the human body solely or principally to provide information
for diagnostic, monitoring or compatibility purposes.
Note 1 to entry: The device includes reagents, calibrators, control materials, specimen receptacles, software, and related
instruments or apparatus or other articles.
[SOURCE:Note 2 to entry: Adapted from ISO 18113-1:2022, 3.1.53, modified].
3.12 3.12
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manufacturer to be used as an IVD medical device (3.11(3.11))
[SOURCE: ISO 18113-1:2022, 3.1.32]
3.13 3.13
information supplied by the manufacturer
labelling
information that is related to identification, technical description, intended use (3.15(3.15)) and proper use of
the IVD medical device (3.11(3.11),), but excluding shipping documents
EXAMPLE :
Labels;, instructions for use;, manual;, written, printed, electronic, or graphic matter.
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important information for
the responsible organization or operator, particularly regarding safety, are called “accompanying documents”.
Note 2 to entry: Catalogues and material safety data sheets are not considered information supplied by the manufacturer
of IVD medical devices (3.11).
Note 3 to entry: Adapted from ISO 18113-1:2022, 3.1.35.
3.14 3.14
instructions for use
information supplied by the manufacturer (3.13(3.13)) to enable the safe and proper use of an IVD medical
device (3.11(3.11))
Note 1 to entry: Includes It includes the directions supplied by the manufacturer for the use, maintenance,
troubleshooting and disposal of an IVD medical device (3.11),, as well as warnings and precautions.
Note 2 to entry: Instructions for use can also be referred to as ‘“package insert’insert” or manual for instruments.
[SOURCE: adaptedNote 3 to entry: Adapted from ISO 18113-1:2022, 3.1.36 ].
3.15 3.15
intended use
intended purpose
objective intent of an IVD manufacturer (3.10(3.10)) regarding the use of a product, process (3.21(3.21)) or
service (3.38(3.38)) as reflected in the specifications, instructions and information supplied by the IVD
manufacturer (3.10)
Note 1 to entry: Intended use statements for IVD information supplied by the manufacturer (3.13(3.13)) can include two
components: a description of the functionality of the IVD medical device (3.11(3.11)) (e.g.,. an immunochemical
measurement procedure (3.19(3.19)) for the detection of analyte “x” in serum or plasma), and a statement of the intended
medical use of the examination (3.3(3.3)) results.
[SOURCE: ISO 18113-1:2022, 3.1.37, modified — In Note 1 to entry, “labelling” was changed andto
“information supplied by the manufacturer”; Note 2 deleted]was removed.]
3.16 3.16
laboratory management
person(s) with responsibility for, and authority over, a laboratory
Note 1 to entry: Laboratory management has the power to delegate authority and provide resources within the
laboratory.
Note 2 to entry: The laboratory management includes the laboratory director(s) and delegates together with individuals
specifically assigned to ensure the quality of the activities of the laboratory.
[SOURCE: ISO 15189:2022, 3.15]
3.17 3.17
likelihood
chance of something happening
Note 1 to entry: In risk management terminology, the word “likelihood” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and
described using general terms or mathematically (such as a probability (3.20(3.20)) or a frequency (3.5(3.5)) over a given
time period).
Note 2 to entry: The English language term “likelihood” does not have a direct equivalent in some languages; instead, the
equivalent of the term “probability” (3.20) is often used. However, in English, “probability” (3.20) is often narrowly
ISO/DISFDIS 22367:20252026(en)
interpreted as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that
it should have the same broad interpretation as the term “probability” (3.20) has in many languages other than English.
[SOURCE: ISO 31073:2022, 3.3.16.]
3.18 3.18
medical laboratory
laboratory
entity for the examination (3.8(3.8)) of materials derived from the human body for the purpose of providing
information for the diagnosis, monitoring, management, prevention and treatment of disease, or assessment
of health
Note 1 to entry: The laboratory can also provide advice covering all aspects of examinations including appropriate
selection, the interpretation of results and advice on further examinations.
Note 2 to entry: Laboratory activities include pre-examination (3.25),, examination (3.8) and post-examination processes
(3.21(3.24).).
Note 3 to entry: Materials for examination (3.8) include but are not limited to, microbiological, immunological,
biochemical, immunohaematological, haematological, biophysical, cytological, tissue and cells, and genetic material.
[SOURCE: ISO 15189:2022, 3.20]
3.19
3.19
procedure
specified way to carry out an activity or a process (3.21(3.21) )
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.20 3.20
probability
measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1
is absolute certainty
Note 1 to entry: See definition of likelihood (3.17(3.17),), Note 2 to entry.
[SOURCE: ISO 31073:2022, 3.3.19]
3.21 3.21
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service (3.38(3.38)) depends on
the context of the reference.
[SOURCE: ISO 9000:2015, 3.4.1, modified– Note — Notes 2 to entry to Note 6 to entry have been
deletedremoved.]
3.22 3.22
reasonably foreseeable misuse
use of a product, process (3.21(3.21)) or service (3.38(3.38)) in a way not intended by the supplier, but which
can result from readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of intended users (3.43(3.43).).
Note 2 to entry: In the context of consumer safety, the term “reasonably foreseeable use” is increasingly used as a
synonym for both “intended use” (3.15(3.15)) and “reasonably foreseeable misuse.””.
Note 3 to entry: Applies to use of examination (3.3(3.3)) results by a healthcare provider (3.9(3.9)) contrary to the
intended use (3.15),, as well as use of IVD medical devices (3.11(3.11)) by the laboratory contrary to the instructions for
use (3.14(3.14).).
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use of the device in a way not intended by the
manufacturer.
Note 5 to entry: Misuse is intended to mean incorrect or improper performance of an examination (3.3) procedure
(3.19(3.19)) or any procedure (3.19) critical for patient safety.
[SOURCE: ISO/IEC Guide 51:2014, 3.7 modified — inIn the definition, “system” was changed to “process or
service”; examples were removed from Note 1; Notes 3 to 5 were added.]
3.23 3.23
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of verification
(3.45(3.45),), preventive action and corrective action.
Note 2 to entry: Generally, records need not be under revision control.
[SOURCE: ISO 9000:2015, 3.8.10]
3.24 3.24
residual risk
risk (3.25(3.25)) remaining after risk control (3.28(3.28)) measures have been taken
[SOURCE: ISO/IEC Guide 63:2019, 3.9]
3.25 3.25
risk
combination of the probability (3.19(3.19)) of occurrence of harm (3.6(3.6)) and the severity (3.39(3.39)) of
that harm (3.6)
Note 1 to entryThis entry: This definition focuses on risks to the safety of patients and other persons. Other documents
that emphasize risk to a business enterprise will have alternative definitions
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified — The original Note 1 to entry has been modifiedwas
removed and a new note was added.]
3.26 3.26
risk analysis
systematic use of available information to identify hazards (3.7(3.7)) and to estimate the risk (3.25(3.25))
Note 1 to entry: Risk analysis includes examination of different sequences of events (3.2(3.2)) that can produce hazardous
situations (3.8(3.8)) and harm (3.6(3.6).).
[SOURCE: ISO/IEC Guide 51:2014, 3.10, modified — Note 1 to entry has beenwas added.]
ISO/DISFDIS 22367:20252026(en)
3.27 3.27
risk assessment
overall process (3.21(3.21)) comprising a risk analysis (3.26(3.26)) and a risk evaluation (3.30(3.30))
[SOURCE: ISO/IEC Guide 51:2014, 3.11]
3.28 3.28
risk control
process (3.21(3.21)) in which decisions are made and measures implemented by which risks (3.25(3.25)) are
reduced to, or maintained within, specified levels
[SOURCE: ISO/IEC Guide 63:2019, 3.12]
3.29 3.29
risk estimation
process (3.21(3.21)) used to assign values to the probability (3.19(3.19)) of occurrence of harm (3.6(3.6)) and
the severity (3.39(3.39)) of that harm (3.6)
[SOURCE: ISO/IEC Guide 63:2019, 3.13]
3.30 3.30
risk evaluation
process (3.21(3.21)) of comparing the estimated risk (3.25(3.25)) against given risk criteria to determine the
acceptability of the risk
[SOURCE: ISO/IEC Guide 63:2019, 3.14]
3.31 3.31
risk management
systematic application of management policies, procedures (3.19(3.19)) and practices to the tasks of analysing,
evaluating, controlling and monitoring risk (3.25(3.25))
[SOURCE: ISO/IEC Guide 63:2019, 3.15]
3.32 3.32
risk management documentation
set of records (3.23(3.23)) and other documents that are produced by risk management (3.31(3.31))
[SOURCE: ISO 14971:2019, 3.25, modified — The term “risk management file” was changed to “risk
management documentation”.]
3.33 3.33
risk management plan
scheme specifying the approach, the management components and resources to be applied to the management
of risk (3.25(3.25))
Note 1 to entry: Adapted from ISO 31000:2009.
3.34[SOURCE: ISO 31073:2022, 3.2.3, modified — “scheme within the risk management framework” was
changed to “scheme”; the Notes to entry were removed.]
3.34
risk management policy
statement of the overall intentions and direction of an organization related to risk management (3.31(3.31))
[SOURCE: ISO 31073:2022, 3.2.2]
3.35 3.35
risk monitoring
surveillance
continual checking, critically observing or determining the status in order to identify change from the risk
(3.25(3.25)) level required or expected
[SOURCE: ISO 31073:2022, 3.3.40, modified — The term “Monitoringmonitoring” has been changed to “risk
monitoring”;”, and surveillance was added as a preferred term; in the definition, “supervising” has beenwas
deleted, and “performance level” has beenwas changed to “risk level”; Note 1 to entry has beenwas deleted.]
3.36 3.36
risk reduction
actions taken to lessen the probability (3.19(3.19)) or negative consequences, or both, associated with a risk
(3.25(3.25))
[SOURCE: ISO 22300:20182025, 3.2102.20]
3.37 3.37
safety
freedom from unacceptable risk (3.25(3.25))
[SOURCE: ISO/IEC Guide 63:2019, 3.16]
3.38 3.38
service
laboratory medicine activity performed by a medical laboratory for the benefit (3.1(3.1)) of patients, the
healthcare providers (3.9(3.9)) responsible for the care of those patients, or screened populations.
Note 1 to entry: Medical laboratory services include arrangements for examination (3.3(3.3)) requests, patient
preparation, patient identification, collection, transportation, storage, processing and examination (3.3) of clinical
samples, together with subsequent interpretation, reporting and advice, in addition to the considerations of safety
(3.36(3.36)) and ethics in medical laboratory work.
Note 2 to entry: Adapted from ISO 15189:2022.
3.39 3.39
severity
measure of the possible consequences of a hazard (3.7(3.7))
[SOURCE: ISO/IEC Guide 63:2019, 3.17]
3.40 3.40
stakeholder
person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or
activity
[SOURCE: ISO 31073:2022, 3.3.2, modified from — The preferred term “interested party to stakeholder]” was
removed.]
3.41 3.41
state of the art
developed stage of technical capability at a given time as regards products, processes (3.21(3.21)) and services
(3.38(3.38),), based on the relevant consolidated findings of science, technology and experience
ISO/DISFDIS 22367:20252026(en)
Note 1 to entry: The state of the art embodies what is currently and generally accepted as good practice. The state of the
art does not necessarily imply the most technologically advanced solution. The state of the art described here is
sometimes referred to as the “generally acknowledged state of the art”.
[SOURCE: ISO/IEC Guide 63:2019, 23.18]
3.42 3.42
use error
laboratory medicine user (3.43(3.43)) action or lack of user (3.43) action while performing a laboratory
examination (3.3(3.3)) or using an IVD medical device (3.11(3.11)) or performing any task in any procedure
(3.19(3.19)) that leads to a different result than that intended by the laboratory or manufacturer or expected
by the user (3.43)
Note 1 to entry: Use error includes the inability of the user (3.43 to complete a task.
Note 2 to entry: Use errors can result from a mismatch between the characteristics of the user (3.43),, user interface, task,
or use environment.
Note 3 to entry: Users (3.43) might be aware or unaware that the use error has occurred.
Note 4 to entry: An unexpected physiological response of the patient is not by itself considered use error.
Note 5 to entry: A malfunction of an IVD medical device that causes an unexpected result is not considered a use error.
Note 6 to entry: Use error includes the use of an examination (3.3) result for an unintended target group or for an
unintended diagnostic or patient management purpose.
Note 7 to entry: The term was chosen over “user error”, “human error” or “laboratory error” because not all causes of
error are partially or solely due to the user (3.43). Use errors are often the result of poorly designed user (3.43) interface
or processes (3.21(3.21),), or, inadequate instructions for use (3.14(3.14).).
[SOURCE: IEC 62366-1:2015, 3.21 modified – — In the definition, “user” was changed to “laboratory
medicine” has been added; user”, and “performing a laboratory examination”,” and “performing any task in
any procedure” have beenwere added.; the original Note 6 to entry was deleted. A removed and a new Note 6
to entry and a Note 7 to entry were added.]
3.43 3.43
user
individual responsible for an action that is intended to lead to a desired outcome
Note 1 to entry: Although such individuals are often laboratory personnel that are expected to be trained and competent
to perform the action, this term is not limited to such personnel and can include the patient.
Note 2 to entry: The use of this term is not intended to imply that a device is utilized for the action; it is used as a general
term to include any individual that has a role in producing the desired outcome.
3.44 3.44
validation
confirmation, through the provision of objective evidence, that the requirements for a specific intended use
(3.15(3.15)) or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination such
as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO 9000:2015, 3.8.13]
3.45 3.45
verification
confirmation, through the provision of objective evidence, that specified requirements have been fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other forms of
determination such as performing alternative calculations or reviewing documents.
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process (3.21(3.21).).
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO 9000:2015, 3.8.12]
4 Risk management
4.1 Risk management process
The medical laboratory shall establish, document, implement and maintain processes for identifying hazards
associated with its examinations and services, estimating and evaluating the associated risks, controlling these
risks, and monitoring the effectiveness of the controls. The scope of specific risk management processes may
be broad (e.g. for the development of a new examination with which a laboratory has little or no experience),
or the scope may be limited (e.g. for resolving the risks associated with either anticipated or unanticipated
nonconformities).
NOTE 1 The activities of the laboratory have an underlying concern with risk, especially risks to the patient. The
considerations that occur in developing and implementing such activities involve understanding and approaching such
risks; this can be referred to as “risk-based thinking”. To be an effective part of the quality management system, such risk
management activities require a structured approach.
Where a documented management system exists, such as that described in ISO 15189, it shall incorporate risk
management into the appropriate parts.
A master plan as described in Clause B.2Clause B.2 should be in place when multiple individual risk
management plans are present
NOTE 1 Annex A 2 Annex A provides additional guidance for using a documented management system,
such as is required in ISO 15189, to address patient safety in a systematic manner, in particular to enable the early
identification of hazards and hazardous situations in order to implement appropriate risk control measures.
[3
NOTE 2 3 ISO/TR 24971:2020, Annex H provides guidance on risk management for in vitro diagnostic medical devices.
4.2 Management responsibilities
The medical laboratory management shall show evidence of its commitment to the risk management process
by providing adequate resources and qualified personnel for risk management to ensure conformance to this
document (see 4.34.3).).
The laboratory management shall:
— — define and document the laboratory’s risk management policy, including the policy for determining
risk acceptability (see 7.3.17.3.1););
— — approve all risk assessments and risk management reports;
ISO/DISFDIS 22367:20252026(en)
— — review the suitability of risk management processes at planned intervals to ensure their continuing
effectiveness, and document any decisions and actions taken during the review. This review may be part
of the management system review.
The laboratory shall retain records for each activity required in this standarddocument. The records shall be
retrievable and available for review as needed.
NOTE The required documentation and records can be incorporated within the documentation produced by the
laboratory’s management system.
4.3 Qualification of personnel
Persons performing risk management tasks shall have the knowledge and experience for the tasks assigned
to them. This knowledge and experience shall include, where appropriate, the process and procedures that
are intended to be assessed;, the medical uses of the results that are produced;, and the techniques used to
assess the risks.
Such persons may be qualified by training, competence, and through the provision of sufficient instruction for
managing instances of risk. Qualification does not imply a level of education or responsibility.
NOTE 1 An example of a foreseeable risk (4.4.2(4.4.2)) can be the authorization of routine personnel who receive
specimens to assess whether collection tubes for functional coagulation studies are sufficiently full, given that underfilled
tubes can lead to artificially prolonged measurement times. By training and use of visual aids, such personnel can assess,
reject an underfilled specimen, document this action in the patient record, and contact the provider for a valid specimen
prior to submission for testing. If the provider requests that the specimen be processed regardless, this can be beyond
the training and competence of the individual
...

PROJET FINAL
Norme
internationale
ISO/TC 212
Laboratoires de biologie
Secrétariat: ANSI
médicale — Application de la
Début de vote:
gestion des risques aux laboratoires
2026-01-06
de biologie médicale
Vote clos le:
2026-03-03
Medical laboratories — Application of risk management to
medical laboratories
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
PROJETS DE NORMES
TRAITEMENT PARALLÈLE ISO/CEN
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
NORMES POUVANT
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
Numéro de référence
PROJET FINAL
Norme
internationale
ISO/TC 212
Laboratoires de biologie
Secrétariat: ANSI
médicale — Application de la
Début de vote:
gestion des risques aux laboratoires
2026-01-06
de biologie médicale
Vote clos le:
2026-03-03
Medical laboratories — Application of risk management to
medical laboratories
LES DESTINATAIRES DU PRÉSENT PROJET SONT
INVITÉS À PRÉSENTER, AVEC LEURS OBSERVATIONS,
NOTIFICATION DES DROITS DE PROPRIÉTÉ DONT ILS
AURAIENT ÉVENTUELLEMENT CONNAISSANCE ET À
FOURNIR UNE DOCUMENTATION EXPLICATIVE.
DOCUMENT PROTÉGÉ PAR COPYRIGHT
OUTRE LE FAIT D’ÊTRE EXAMINÉS POUR
ÉTABLIR S’ILS SONT ACCEPTABLES À DES FINS
© ISO 2026 INDUSTRIELLES, TECHNOLOGIQUES ET COM-MERCIALES,
AINSI QUE DU POINT DE VUE DES UTILISATEURS, LES
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
PROJETS DE NORMES
TRAITEMENT PARALLÈLE ISO/CEN
INTERNATIONALES DOIVENT PARFOIS ÊTRE CONSIDÉRÉS
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
DU POINT DE VUE DE LEUR POSSI BILITÉ DE DEVENIR DES
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
NORMES POUVANT
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
SERVIR DE RÉFÉRENCE DANS LA RÉGLEMENTATION
NATIONALE.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse Numéro de référence
ii
Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Gestion des risques . 9
4.1 Processus de gestion des risques .9
4.2 Responsabilités de la direction .10
4.3 Qualification du personnel.10
4.4 Activités de gestion des risques .11
4.4.1 Généralités .11
4.4.2 Risque prévisible . 12
4.4.3 Opportunité . 13
4.4.4 Informations fournies aux utilisateurs . 13
5 Gestion proactive des risques .13
5.1 Plan de gestion proactive des risques . 13
5.2 Objectif du plan .14
5.3 Contenu du plan .14
5.4 Révisions du plan . 15
5.5 Documentation du plan de gestion des risques. 15
6 Analyse proactive du risque .15
6.1 Généralités . 15
6.2 Processus d’analyse du risque .16
6.3 Documentation du processus d’analyse du risque .16
6.3.1 Généralités .16
6.3.2 Utilisation prévue par le laboratoire médical et mauvais usage raisonnablement
prévisible .16
6.3.3 Identification des caractéristiques liées à la sécurité .17
6.3.4 Identification des phénomènes dangereux .17
7 Évaluation du risque . 17
7.1 Vue générale .17
7.1.1 Généralités .17
7.1.2 Évaluation réactive des risques .17
7.1.3 Évaluation proactive des risques.18
7.2 Analyse du rapport bénéfice-risque .18
7.3 Évaluation proactive du risque .19
7.3.1 Critères d’acceptabilité du risque .19
7.3.2 Réduction du risque. 20
8 Maîtrise du risque .20
8.1 Généralités . 20
8.2 Options de maîtrise du risque . 20
8.2.1 Généralités . 20
8.2.2 Rôle des normes dans la maîtrise du risque .21
8.2.3 Rôle des dispositifs médicaux de DIV dans la maîtrise du risque .21
8.3 Risques extérieurs au laboratoire .21
8.4 Risques découlant des mesures de maîtrise du risque . 22
8.5 Évaluation des risques résiduels . 22
8.6 Vérification de la maîtrise du risque . . 23
9 Revue de la gestion des risques .23
9.1 Généralités . 23
9.2 Maîtrise complète des risques . 23

iii
9.3 Évaluation du risque résiduel global. 23
9.4 Rapport de gestion des risques . .24
10 Surveillance du risque, analyse et contrôle des activités .24
10.1 Procédure de surveillance du risque .24
10.2 Sources internes d’informations relatives aux risques . 25
10.3 Sources externes d’informations relatives aux risques . 25
11 Actions immédiates pour réduire le risque .25
Annexe A (informative) Mise en œuvre de la gestion des risques au sein du système de
management .27
Annexe B (informative) Recommandations relatives à l'établissement des critères
d'acceptabilité du risque .38
Annexe C (informative) Recommandations relatives aux considérations d'acceptabilité du
risque .40
Annexe D (informative) Identification des caractéristiques liées à la sécurité .43
Annexe E (informative) Exemples de risques prévisibles, phénomènes dangereux,
séquences d’événements prévisibles et situations dangereuses .50
Annexe F (informative) Non-conformités susceptibles d’entraîner des risques significatifs .59
Annexe G (informative) Outils et techniques d’analyse du risque .68
Annexe H (informative) Analyse du risque des actions prévisibles de l’utilisateur .75
Annexe I (informative) Méthodes d’appréciation du risque, y compris l’estimation de la
probabilité et la gravité du dommage .79
Annexe J (informative) Évaluation du risque résiduel global et revue de la gestion des risques .85
Annexe K (informative) Mener une analyse du rapport bénéfice-risque .88
Annexe L (informative) Risques résiduels .91
Bibliographie .92

iv
Avant-propos
L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes nationaux
de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est en général
confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude a le droit de faire
partie du comité technique créé à cet effet. Les organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l’ISO participent également aux travaux. L’ISO collabore étroitement avec
la Commission électrotechnique internationale (IEC) en ce qui concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents
critères d’approbation requis pour les différents types de documents ISO. Le présent document
a été rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2
(voir www.iso.org/directives).
L’ISO attire l’attention sur le fait que la mise en application du présent document peut entraîner l’utilisation
d’un ou de plusieurs brevets. L’ISO ne prend pas position quant à la preuve, à la validité et à l’applicabilité de
tout droit de brevet revendiqué à cet égard. À la date de publication du présent document, l’ISO n’avait pas
reçu notification qu’un ou plusieurs brevets pouvaient être nécessaires à sa mise en application. Toutefois,
il y a lieu d’avertir les responsables de la mise en application du présent document que des informations
plus récentes sont susceptibles de figurer dans la base de données de brevets, disponible à l’adresse
www.iso.org/brevets. L’ISO ne saurait être tenue pour responsable de ne pas avoir identifié de tels droits de
brevet et averti de leur existence.
Les appellations commerciales éventuellement mentionnées dans le présent document sont données pour
information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l’ISO liés à l’évaluation de la conformité, ou pour toute information au sujet de l’adhésion de
l’ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles techniques au
commerce (OTC), voir www.iso.org/avant-propos.
Le présent document a été élaboré par le comité technique ISO/TC 212, Laboratoires médicaux et systèmes
de diagnostic in vitro, en collaboration avec le comité technique CEN/TC 140, Dispositifs médicaux de
diagnostic in vitro, du Comité européen de normalisation (CEN), conformément à l’Accord de coopération
technique entre l’ISO et le CEN (Accord de Vienne).
Cette deuxième édition annule et remplace la première édition (ISO 22367:2020), qui a fait l’objet d’une
révision technique.
Les principales modifications sont les suivantes:
— application de la gestion des risques davantage axée sur les processus;
— présentation, différentiation et illustration de la gestion réactive et proactive des risques;
— mise en concordance, dans la mesure du possible, du contenu avec les exigences concernant la gestion
des risques de l’ISO 15189:2022;
— indication de la relation avec l’ISO 15189:2022 à l’Annexe A, laquelle présente à la Figure A.1 un diagramme
illustrant le système de management venant à l’appui du présent document;
— légère modification de l’Article I.5 pour souligner que les risques nécessitent le plus souvent une
appréciation du rapport bénéfice-risque afin de déterminer l’acceptabilité du risque.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes se
trouve à l’adresse www.iso.org/fr/members.html.

v
Introduction
Les laboratoires médicaux gèrent les risques dans le cadre de leurs activités usuelles; ces risques concernent
les patients, le personnel, les soignants et l’organisme dans son ensemble. Les risques couvrent la gamme de
services proposés: processus pré-analytiques, analytiques et post-analytiques, y compris la conception et le
développement des examens de laboratoire. Le présent document ne vise pas à présenter le risque comme un
problème pour le laboratoire, mais vise à fournir une structure permettant de traiter, gérer et documenter
les risques qui font partie des activités (stratégiques) quotidiennes et à long terme du laboratoire.
L’ISO 15189 exige que les laboratoires médicaux revoient tous leurs processus de travail pour identifier les
défaillances potentielles faisant courir un risque de dommage aux patients et les opportunités d’amélioration,
modifient les processus afin de réduire ou d’éliminer les risques identifiés et documentent les décisions
et actions prises. Le présent document décrit un processus pour la gestion de ces risques pour le patient,
l’opérateur, les autres intervenants, les équipements et autres propriétés, l’établissement de soins de santé
dans son ensemble, ainsi que l’environnement. Il ne s’applique pas aux risques afférents aux entreprises
commerciales, qui sont abordés dans l’ISO 31000; toutefois, l’ISO 31000 est en cohérence avec les concepts
du présent document et peut fournir une meilleure compréhension de ces concepts.
Les laboratoires médicaux couvrent une large gamme d’activités, dont certaines reposent sur l’utilisation
de dispositifs médicaux de diagnostic in vitro (DIV) pour atteindre leurs objectifs qualité. Lorsque de
tels dispositifs sont impliqués, la gestion des risques est une responsabilité partagée entre le fabricant de
diagnostic in vitro (DIV) et le laboratoire médical. Comme la plupart des fabricants de DIV ont déjà mis en
œuvre l’ISO 14971, le présent document a adopté des concepts, des principes et un cadre similaires pour gérer
les risques liés aux laboratoires médicaux, le cas échéant. Cela est particulièrement utile pour les laboratoires
qui mettent en œuvre leurs propres examens sur des dispositifs (essais développés en laboratoire ou EDL).
Les concepts faisant partie intégrante de l’ISO 14971 peuvent être directement applicables. L’ISO 5649 est
une référence utile pour identifier et traiter les risques lors des phases de développement, de mise en œuvre
et de retrait d’EDL.
Les activités pratiquées au sein d’un laboratoire médical peuvent exposer les patients, le personnel et les
autres intervenants à divers dangers, qui peuvent causer directement ou indirectement des dommages dont
les degrés de gravité sont variables. Le concept de risque comporte deux composantes:
a) la probabilité d’occurrence d’un dommage;
b) les conséquences de ce dommage, c’est-à-dire son degré de gravité.
La gestion des risques est complexe, car chaque partie prenante peut apprécier de manière différente le
risque de dommage.
La gestion des risques s’interface avec le management de la qualité en de nombreux points dans le
laboratoire médical. Dans l’ISO 15189, à titre d’exemple, la gestion des risques est une composante de la
gestion des réclamations, de l’audit interne, des actions correctives, du contrôle qualité, de la revue de
direction et de l’évaluation externe (relative aux essais d’aptitude et d’accréditation). La gestion des risques
concorde également avec la gestion de la sécurité dans les laboratoires médicaux, comme l’illustrent les
listes de vérification de la sécurité mentionnées dans l’ISO 15190. Le présent document vise à aider les
laboratoires médicaux dans l’intégration de la gestion des risques dans leurs activités courantes de gestion,
de fonctionnement et d’organisation.
Bien que le présent document soit destiné à être utilisé dans les disciplines actuellement reconnues des
laboratoires médicaux, il peut être efficacement appliqué à d'autres services de soins de santé, tels que
l'imagerie diagnostique, la thérapie respiratoire, les sciences physiologiques, les banques de sang et les
services de transfusion.
L'utilisation du présent document facilite la coopération entre les laboratoires médicaux et d'autres services
de soins de santé, facilite l'échange d'informations et l'harmonisation des méthodes et des procédures.

vi
PROJET FINAL Norme internationale ISO/FDIS 22367:2026(fr)
Laboratoires de biologie médicale — Application de la gestion
des risques aux laboratoires de biologie médicale
1 Domaine d’application
Le présent document spécifie un processus permettant à un laboratoire médical d’identifier et de gérer les
risques pour les patients, le personnel de laboratoire et les prestataires de service qui sont associés aux
examens de laboratoire médical. Le processus inclut l’identification, l’estimation, l’évaluation, la maîtrise et
la gestion des risques.
Les exigences du présent document sont applicables à tous les aspects relatifs aux examens et aux
services d’un laboratoire médical, y compris les aspects avant, pendant et après les examens, y compris la
transmission rigoureuse des résultats d’examen dans un dossier médical électronique ainsi que d’autres
processus techniques et managériaux décrits dans l’ISO 15189.
Le présent document ne spécifie pas les niveaux de risque acceptables.
Le présent document ne s’applique pas aux risques liés aux décisions cliniques postanalytiques prises par
des prestataires de soins de santé.
Le présent document complète la gestion des risques afférents aux entreprises de laboratoire médical qui
sont couverts par l’ISO 31000, tels que les risques commerciaux, économiques, juridiques et réglementaires.
2 Références normatives
Le présent document ne contient aucune référence normative.
3 Termes et définitions
Pour les besoins du présent document, les termes et définitions suivants s’appliquent.
L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en normalisation,
consultables aux adresses suivantes:
— ISO Online browsing platform: disponible à l’adresse https://www.iso.org/obp
— IEC Electropedia: disponible à l’adresse https://www.electropedia.org/
3.1
bénéfice
impact ou conséquence souhaitable d’un processus (3.21), d’une procédure (3.19) ou de l’utilisation d’un
dispositif médical sur la santé d’un individu ou impact positif sur la prise en charge du patient ou sur la santé
publique
Note 1 à l'article: Les bénéfices incluent la prolongation de la vie, la diminution de la douleur (soulagement des
symptômes), l’amélioration fonctionnelle ou le bien-être.
3.2
événement
occurrence ou changement d’un ensemble particulier de circonstances
Note 1 à l'article: Un événement peut être unique ou se reproduire et peut avoir plusieurs causes.
Note 2 à l'article: Un événement peut consister en quelque chose qui ne se produit pas.

Note 3 à l'article: Un événement peut parfois être qualifié «d’incident» ou «d’accident».
Note 4 à l'article: Un événement sans conséquence peut également être appelé «quasi-accident» ou «incident».
[SOURCE: ISO 31073:2022, 3.3.11. modifié — La Note 2 à l'article a été modifiée; la Note 3 à l'article d'origine
a été supprimée et une nouvelle Note 3 à l'article et une Note 4 ont été ajoutées.]
3.3
analyse
examen
ensemble des opérations destinées à déterminer la valeur numérique, la valeur textuelle ou les
caractéristiques d’une propriété
Note 1 à l'article: Une analyse peut correspondre à la totalité des activités, des observations ou des mesures effectuées,
nécessaire pour déterminer une valeur ou une caractéristique.
Note 2 à l'article: Les analyses de laboratoire qui déterminent une valeur numérique d’une propriété sont
nommées «analyses quantitatives»; celles qui déterminent les caractéristiques d’une propriété sont nommées
«analyses qualitatives».
Note 3 à l'article: Les analyses de laboratoire sont également appelées «essais» ou «tests».
[SOURCE: ISO 15189:2022, 3.8]
3.4
risque prévisible
risque (3.25) qui peut être envisagé avant son occurrence
Note 1 à l'article: Un risque peut être identifié à partir d’une expérience antérieure, d’une évaluation des circonstances
actuelles, avant l’occurrence d’un événement (3.2) ou à partir d’autres sources.
Note 2 à l'article: Le traitement des risques prévisibles donne lieu à des actions préventives.
Note 3 à l'article: Un risque prévisible n’induit pas qu’il a été anticipé ou traité.
3.5
fréquence
nombre d’événements (3.2) ou d’effets par unité de temps donnée
Note 1 à l'article: La fréquence peut s’appliquer à des évènements passés ou des évènements futurs potentiels, où elle
peut être utilisée comme mesure de la vraisemblance ou probabilité (3.20).
[SOURCE: ISO 31073:2022, 3.3.20]
3.6
dommage
blessure physique ou atteinte à la santé des personnes, ou atteinte aux biens ou à l’environnement
[SOURCE: Guide ISO/IEC 51:2014, 3.1]
3.7
phénomène dangereux
source de dommage (3.6) potentiel
[SOURCE: ISO 31073:2022, 3.3.12, modifié — La Note 1 à l’article a été supprimée.]
3.8
situation dangereuse
situation dans laquelle des personnes, des biens ou l’environnement sont exposés à un ou plusieurs dangers
(3.7)
[SOURCE: Guide ISO/IEC 51:2014, 3.4]

3.9
prestataire de soins de santé
individu autorisé à fournir des services de santé à un patient
EXEMPLE Médecin, infirmière, ambulancier, dentiste, éducateur spécialisé dans le diabète, technicien de
laboratoire, technologue de laboratoire, scientifique en laboratoire médical, assistant médical, médecin spécialiste,
praticien en soins respiratoires.
[SOURCE: ISO 18113-1:2022, 3.1.28, modifié — «technicien de laboratoire» et «scientifique en laboratoire
médical» ont été ajoutés à l'exemple.]
3.10
fabricant de diagnostic in vitro
fabricant de DIV
personne physique ou morale responsable de la conception et/ou de la fabrication d'un dispositif médical de
DIV (3.11) dans le but de mettre le dispositif médical de DIV à disposition pour utilisation, sous son nom,
que ce dispositif médical de DIV soit ou non conçu et/ou fabriqué par cette personne elle-même ou pour le
compte de cette personne par une ou plusieurs autres personnes
[SOURCE: ISO 14971:2019, 3.9, modifié — Le terme «fabricant» a été remplacé par «fabricant de diagnostic
in vitro»; dans la définition, «dispositif médical» a été remplacé par «dispositif médical de DIV»; les Notes à
l'article ont été supprimées.]
3.11
dispositif médical de diagnostic in vitro
dispositif médical de DIV
dispositif médical, utilisé seul ou en association, conçu par le fabricant pour l’examen (3.3) in vitro de
prélèvements issus du corps humain uniquement ou principalement pour fournir des informations à des fins
de diagnostic, de surveillance ou de compatibilité
Note 1 à l'article: Le dispositif comprend des réactifs, des étalons, des matériaux de contrôle, des réceptacles de
prélèvement, des logiciels et des instruments ou appareils associés ou d'autres articles.
Note 2 à l'article: Adapté de l'ISO 18113-1:2022, 3.1.53.
3.12
instrument pour le diagnostic in vitro
instrument de DIV
équipement ou appareillage destiné par le fabricant à être utilisé comme un dispositif médical de DIV (3.11)
[SOURCE: ISO 18113-1:2022, 3.1.32]
3.13
informations fournies par le fabricant
informations liées à l'identification, la description technique, l'utilisation prévue (3.15) et l'utilisation
correcte du dispositif médical de DIV (3.11), mais à l'exclusion des documents d'expédition
EXEMPLE Étiquettes, instructions d'utilisation, documents manuels, écrits, imprimés, électroniques ou
graphiques.
Note 1 à l'article: Dans les normes de l’IEC, les documents fournis avec un dispositif médical et contenant des
informations importantes pour l’organisation responsable ou l’opérateur, en particulier concernant la sécurité,
sont appelés «documents d’accompagnement».
Note 2 à l'article: Les catalogues et les fiches de données de sécurité ne sont pas considérés comme des informations
fournies par le fabricant des dispositifs médicaux de DIV.
Note 3 à l'article: Adapté de l'ISO 18113-1:2022, 3.1.35.

3.14
notice d’utilisation
notice d’emploi
instructions d’utilisation
informations fournies par le fabricant (3.13) pour permettre l’utilisation correcte et sans danger d’un
dispositif médical de DIV (3.11)
Note 1 à l'article: Sont inclus les consignes fournies par le fabricant concernant l’utilisation, l’entretien, le dépannage et
l’élimination d’un dispositif médical de DIV, ainsi que les avertissements et les précautions à prendre.
Note 2 à l'article: Les instructions d’utilisation peuvent également être appelées «notice» ou manuel pour les
instruments.
Note 3 à l'article: Adapté de l'ISO 18113-1:2022, 3.1.36.
3.15
utilisation prévue
usage prévu
intention objective d’un fabricant de DIV (3.10) concernant l’utilisation d’un produit, d’un processus (3.21) ou
d’un service (3.38), telle que reflétée dans les spécifications, les instructions et les informations fournies par
le fabricant de DIV
Note 1 à l'article: Les déclarations d’usage prévu destinées aux informations fournies par le fabricant (3.13) du DIV
peuvent comprendre deux éléments: une description de la fonctionnalité du dispositif médical de DIV (3.11) (par
exemple une procédure (3.19) de mesure immunochimique pour la détection de l’analyte «x» dans le sérum ou dans le
plasma) et une déclaration de l’utilisation médicale prévue des résultats d’examen (3.3).
[SOURCE: ISO 18113-1:2022, 3.1.37, modifié — Dans la Note 1 à l'article, «étiquetage» a été remplacé par
«informations fournies par le fabricant»; la Note 2 a été supprimée.]
3.16
direction du laboratoire
personne(s) ayant la responsabilité d’un laboratoire et exerçant une autorité sur le laboratoire
Note 1 à l'article: La direction du laboratoire a le pouvoir de déléguer son autorité et de fournir des ressources au sein
du laboratoire.
Note 2 à l'article: La direction du laboratoire est constituée par le ou les directeurs du laboratoire et leurs représentants
ainsi que par les personnes spécifiquement désignées pour assurer la qualité des activités du laboratoire.
[SOURCE: ISO 15189:2022, 3.15]
3.17
vraisemblance
possibilité que quelque chose se produise
Note 1 à l'article: Dans la terminologie de la gestion des risques, le mot «vraisemblance» est utilisé pour indiquer la
possibilité que quelque chose se produise, que cette possibilité soit définie, mesurée ou déterminée de façon objective
ou subjective, qualitative ou quantitative, et qu’elle soit décrite au moyen de termes généraux ou mathématiques (telles
une probabilité (3.20) ou une fréquence (3.5) sur une période donnée).
Note 2 à l'article: Le terme anglais «likelihood» (vraisemblance) n’a pas d’équivalent direct dans certaines langues et
c’est souvent l’équivalent du terme «probability» (probabilité) qui est utilisé à la place. En anglais, cependant, le terme
«probability» (probabilité) est souvent limité à son interprétation mathématique. Par conséquent, dans la terminologie
de la gestion des risques, il convient que le terme «vraisemblance» fasse l’objet d’une interprétation aussi large que
celle dont bénéficie le terme «probability» (probabilité) dans de nombreuses langues autres que l’anglais.
[SOURCE: ISO 31073:2022, 3.3.16]

3.18
laboratoire médical
laboratoire
entité pour l'examen (3.8) de matériaux prélevés sur le corps humain dans le but de fournir des informations
à des fins de diagnostic, de surveillance, de gestion, de prévention et de traitement d’une maladie, ou de
l'évaluation de l’état de santé
Note 1 à l'article: Le laboratoire peut également fournir des conseils concernant tous les aspects des examens,
notamment leur choix approprié, l'interprétation des résultats et une orientation vers des examens complémentaires.
Note 2 à l'article: Les activités d’un laboratoire comprennent les processus pré-analytiques, analytiques et post-
analytiques (3.21).
Note 3 à l'article: Les matériaux à examiner comprennent, notamment sans s'y limiter, les matériaux microbiologiques,
immunologiques, biochimiques, immunohématologiques, hématologiques, biophysiques, cytologiques, les tissus et les
cellules ainsi que le matériel génétique.
[SOURCE: ISO 15189:2022, 3.20]
3.19
procédure
manière spécifiée de réaliser une activité ou un processus (3.21)
Note 1 à l'article: Les procédures peuvent ou non faire l’objet de documents.
[SOURCE: ISO 9000:2015, 3.4.5]
3.20
probabilité
mesure des chances d’occurrence, exprimée par un nombre entre 0 et 1, où 0 désigne une impossibilité et 1
une certitude absolue
Note 1 à l'article: Voir la définition de vraisemblance (3.17), Note 2 à l’article.
[SOURCE: ISO 31073:2022, 3.3.19]
3.21
processus
ensemble d’activités corrélées ou en interaction qui utilise des éléments d’entrée pour produire un résultat
escompté
Note 1 à l'article: La désignation du «résultat escompté» d’un processus par élément de sortie, produit ou service (3.38)
dépend du contexte de la référence.
[SOURCE: ISO 9000:2015, 3.4.1, modifié — Les Notes 2 à 6 ont été supprimées.]
3.22
mauvais usage raisonnablement prévisible
utilisation d’un produit, d’un processus (3.21) ou d’un service (3.38) dans des conditions ou à des fins non
prévues par le fournisseur, mais qui peut provenir d’un comportement humain envisageable
Note 1 à l'article: Le comportement humain envisageable inclut le comportement de tous les types d’utilisateurs (3.43)
visés.
Note 2 à l'article: Dans le contexte de la sécurité des consommateurs, le terme «usage raisonnablement prévisible»
est de plus en plus souvent utilisé comme un synonyme commun pour «usage prévu» (3.15) et «mauvais usage
raisonnablement prévisible».
Note 3 à l'article: S’applique à une utilisation des résultats d’examen (3.3) par un prestataire de soins de santé (3.9)
contraire à l’usage prévu, ainsi qu’à une utilisation de dispositifs médicaux de DIV (3.11) par le laboratoire contraire à la
notice d’utilisation (3.14).
Note 4 à l'article: Un mauvais usage inclut une utilisation inhabituelle, c’est-à-dire une utilisation intentionnelle du
dispositif d’une manière non prévue par le fabricant.

Note 5 à l'article: Une mauvaise utilisation désigne l’exécution incorrecte d’une procédure (3.19) d’examen ou de toute
procédure critique pour la sécurité du patient.
[SOURCE: Guide ISO/IEC 51:2014, 3.7 modifié — Dans la définition, le terme «système» a été remplacé par
«processus ou service»; les exemples ont été supprimés de la Note 1; les Notes 3 à 5 ont été ajoutées.]
3.23
enregistrement
document faisant état de résultats obtenus ou apportant la preuve de la réalisation d’une activité
Note 1 à l'article: Les enregistrements peuvent, par exemple, formaliser la traçabilité et apporter la preuve que la
vérification (3.45), les actions préventives et les actions correctives ont été réalisées.
Note 2 à l'article: En général, les enregistrements ne nécessitent pas de maîtrise des révisions.
[SOURCE: ISO 9000:2015, 3.8.10]
3.24
risque résiduel
risque (3.25) subsistant après que des mesures de maîtrise du risque (3.28) ont été prises
[SOURCE: Guide ISO/IEC 63:2019, 3.9]
3.25
risque
combinaison de la probabilité (3.19) de la survenue d’un dommage (3.6) et de sa gravité (3.39)
Note 1 à l'article: Cette définition se concentre sur les risques pour la sécurité des patients et d'autres personnes.
D'autres documents mettant l'accent sur le risque pour une entreprise auront d'autres définitions
[SOURCE: Guide ISO/IEC 51:2014, 3.9, modifié — La Note 1 à l'article d'origine a été supprimée et une nouvelle
note a été ajoutée.]
3.26
analyse du risque
utilisation systématique des informations disponibles pour identifier les dangers (3.7) et estimer le risque
(3.25)
Note 1 à l'article: L’analyse du risque comprend l’examen de différentes séquences d’événements (3.2) pouvant
provoquer des situations dangereuses (3.8) et des dommages (3.6).
[SOURCE: Guide ISO/IEC 51:2014, 3.10, modifié — La Note 1 à l’article a été ajoutée.]
3.27
appréciation du risque
processus (3.21) englobant une analyse du risque (3.26) et une évaluation du risque (3.30)
[SOURCE: Guide ISO/IEC 51:2014, 3.11]
3.28
maîtrise du risque
processus (3.21) au cours duquel des décisions sont prises et des mesures visant à réduire les risques (3.25),
ou à les maintenir dans les limites spécifiées, sont mises en place
[SOURCE: Guide ISO/IEC 63:2019, 3.12]
3.29
estimation du risque
processus (3.21) utilisé pour attribuer des valeurs à la probabilité (3.19) d’occurrence d’un dommage (3.6) et
à la gravité (3.39) de ce dommage
[SOURCE: Guide ISO/IEC 63:2019, 3.13]

3.30
évaluation du risque
processus (3.21) de comparaison des risques (3.25) estimés avec les critères de risque donnés afin de
déterminer l’acceptabilité du risque
[SOURCE: Guide ISO/IEC 63:2019, 3.14]
3.31
gestion des risques
application systématique des politiques de gestion, des procédures (3.19) et des pratiques à des tâches
d’analyse, d’évaluation, de contrôle et de maîtrise des risques (3.25)
[SOURCE: Guide ISO/IEC 63:2019, 3.15]
3.32
documentation de gestion des risques
ensemble des enregistrements (3.23) et d’autres documents produits par la gestion des risques (3.31)
[SOURCE: ISO 14971:2019, 3.25, modifié — Le terme «dossier de gestion des risques» a été remplacé par
«documentation de gestion des risques».]
3.33
plan de gestion des risques
programme spécifiant l’approche, les composantes de la gestion et les ressources auxquelles doit avoir
recours la gestion des risques (3.25)
[SOURCE: ISO 31073:2022, 3.2.3, modifié — «programme dans le cadre de gestion des risques» a été
remplacé par «programme»; les Notes à l'article ont été supprimées.]
3.34
politique de gestion des risques
déclaration des intentions et des orientations générales d’un organisme en relation avec la gestion des risques
(3.31)
[SOURCE: ISO 31073:2022, 3.2.2]
3.35
surveillance du risque
surveillance
vérification, observation critique ou détermination de l’état afin d’identifier continûment des changements
par rapport au niveau de risque (3.25) exigé ou attendu
[SOURCE: ISO 31073:2022, 3.3.40, modifié — Le terme «surveillance» a été remplacé par «surveillance
du risque» et «surveillance» a été ajouté comme terme privilégié; dans la définition, «supervision» a été
supprimé et «niveau de performance» a été remplacé par «niveau de risque»; la Note 1 à l'article a été
supprimée.]
3.36
réduction du risque
actions entreprises afin de réduire la probabilité (3.19) et/ou les conséquences négatives associées à un
risque (3.25)
[SOURCE: ISO 22300:2025, 3.2.20]
3.37
sécurité
absence de risque (3.25) inacceptable
[SOURCE: Guide ISO/IEC 63:2019, 3.16]

3.38
service
activité de médecine de laboratoire pratiquée par un laboratoire médical pour le bénéfice (3.1) des patients,
pour les prestataires de soins de santé (3.9) responsables des soins prodigués à ces patients ou les populations
ciblées
Note 1 à l'article: Les services de laboratoire médical incluent la prise en c
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

Medical laboratories — Application of risk management to medical laboratories

Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale

General Information

Relations

Overview - ISO/FDIS 22367 (Medical laboratories, Risk Management)

Key topics and technical requirements

Practical applications and benefits

Who should use this standard

Related standards

ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories Released:23. 12. 2025

REDLINE ISO/FDIS 22367 - Medical laboratories — Application of risk management to medical laboratories Released:23. 12. 2025

ISO/FDIS 22367 - Laboratoires de biologie médicale — Application de la gestion des risques aux laboratoires de biologie médicale Released:27. 01. 2026

Get Certified

BSI Group

TÜV Rheinland

TÜV SÜD

Frequently Asked Questions

Standards Content (Sample)

Questions, Comments and Discussion

This May Also Interest You