ISO/IEC Guide 63:2019

GUIDE 63
Third edition
2019-08
Guide to the development and
inclusion of aspects of safety in
International Standards for medical
devices
Guide pour l'élaboration des aspects de sécurité et leur incorporation
dans des Normes internationales relatives aux dispositifs médicaux
Reference number
©
ISO/IEC 2019
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved

Contents Page
Foreword .v
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Use of the terms “safety”, “safe”, “effective”, and “effectiveness” . 4
4.1 Safety . 4
4.2 Safe . 5
4.3 Effective . 5
4.4 Effectiveness . 5
5 Principles for including aspects of safety in medical device standards .5
5.1 Scope of medical device standards that include aspects of safety . 5
5.2 Objective of medical device standards that include aspects of safety . 6
5.3 Types of standards . 6
5.3.1 Product standards . 6
5.3.2 Process standards . 6
5.3.3 Installation and environmental standards . 7
5.3.4 In-service standards . 7
5.4 Taking a practical view of safety . 7
5.5 Coordination of medical device standards . 7
5.6 Implications of the regulatory or legal use of standards . 8
6 The nature of risk . 8
6.1 The elements of risk . 8
6.2 Systematic or random nature of risks . 9
6.2.1 Types of causes of risks . 9
6.2.2 Risks arising from systematic causes .10
6.2.3 Risks arising from random causes .10
7 Risk-based process for developing a medical device standard that includes aspects
of safety .10
7.1 General .10
7.2 Preparatory work .11
7.2.1 Identifying the need for a new or revised standard including aspects of safety .11
7.2.2 Establishing the risk management framework under which the standard
will be developed . .11
7.2.3 Risk acceptability criteria .12
7.3 Drafting .14
7.3.1 General.14
7.3.2 Iterative process of managing risk .14
7.3.3 Intended use and characteristics that can influence safety .16
7.3.4 Identification of hazards and hazardous situations .17
7.3.5 Risk estimation .18
7.3.6 Risk evaluation .19
7.3.7 Identification of risk controls .19
7.3.8 Verification of effectiveness.22
7.3.9 Assessment of residual risks .22
7.3.10 Impact of introduced risk control measures .22
7.3.11 All identified hazards and hazardous situations considered .22
7.4 Validation of the standard .22
7.5 Conclusion .22
8 Overview of the application of medical device standards including aspects of safety
in a risk management framework .22
© ISO/IEC 2019 – All rights reserved iii

Annex A (informative) Product and process safety standards .24
Annex B (informative) Risk information .25
Bibliography .26
iv © ISO/IEC 2019 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents) or the IEC
list of patent declarations received (see http: //patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso
.org/iso/foreword .html.
ISO/IEC Guide 63 was prepared by a Joint Working Group of ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and IEC/SC 62A, Common aspects of electrical
equipment used in medical practice.
This third edition cancels and replaces the second edition (ISO/IEC Guide 63:2012), which has been
technically revised.
The main changes compared with the previous edition are as follows:
― restructuring of content to more closely follow the structure of ISO/IEC Guide 51:2014;
― revision of clause numbering, including the inclusion of Clause 2 on normative references, in
order to respect the fixed clause structure for the first three clauses specified in the ISO/IEC
Directives, Part 2;
― updating of defined terms in Clause 3, with many derived from ISO/IEC Guide 51:2014, and the
definitions of “manufacturer” and “medical device” now based on the GHTF guidance documents
GHTF/SG1/N055: 2009 and GHTF/SG1/N071: 2012;
― addition of new content in Clause 4 to provide guidance on the use of the terms “safety”, “safe”,
“effective” and “effectiveness”;
― reorganization of existing content into Clause 5 discussing the principles, Clause 6 discussing the
nature of risk, Clause 7 focusing on the process for developing standards that include aspects of
safety, and Clause 8 providing an overview of the application of medical device standards;
― revision of Figure 1 to better illustrate how a sequence of events can transform a hazard into a
hazardous situation that can lead to harm;
― addition of Figure 2 to illustrate the iterative process of risk management.
© ISO/IEC 2019 – All rights reserved v

Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
vi © ISO/IEC 2019 – All rights reserved

Introduction
This document provides practical guidance to standards writers on how to include safety aspects in the
development of medical device standards, including management system standards related to medical
devices. This document is based on risk management principles and ISO/IEC Guide 51:2014 to address
the needs of the medical device sector.
The concept of safety, as described in this document, is closely related to protecting patients who
are the subjects of medical care, as well as those persons who provide the care and other potentially
affected persons. Safety is also related to harm to property or the environment.
The approach described in this document aims to reduce the risk arising during the life cycle of a
medical device, including design, production, distribution, installation, use, service, maintenance, and
destruction or disposal. The complete life cycle of a medical device (including both the intended use
and the reasonably foreseeable misuse) is considered. The goal is to achieve acceptable risk for people,
property and the environment.
As different circumstances warrant different approaches to ensuring safety, it is impossible to provide
precise requirements and recommendations that apply to every case. Examples of such differences
are the development of standards for manufacturers of medical devices and standards for health care
providers and institutions. However, this document, when followed on a judicious “use when applicable”
basis, will help in developing standards that include aspects of safety which are consistent with the
generally acknowledged state of the art.
NOTE The term “standard” used throughout this document includes International Standards, Technical
Specifications, Publicly Available Specifications, Technical Reports and Guides developed by ISO or IEC.
© ISO/IEC 2019 – All rights reserved vii

GUIDE ISO/IEC GUIDE 63:2019(E)
Guide to the development and inclusion of aspects of safety
in International Standards for medical devices
1 Scope
This document provides requirements and recommendations to writers of medical device standards
on the inclusion of aspects related to safety in International Standards, based on well-established risk
management concepts and methodology.
This document is applicable to any aspect related to the safety of people, property, the environment, or
a combination of these.
In this document, the term “product” includes a medical device or a system consisting of one or more
medical devices, possibly combined with non-medical devices.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.2
hazard
potential source of harm (3.1)
[SOURCE: ISO/IEC Guide 51:2014, 3.2]
3.3
hazardous situation
circumstance in which people, property or the environment is/are exposed to one or more hazards (3.2)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
3.4
intended use
use for which a product, process or service is intended according to the specifications, instructions and
information provided by the manufacturer (3.6)
Note 1 to entry: The intended medical indication, patient population, part of the body or type of tissue interacted
with, user profile, use environment, and operating principle are typical elements of the intended use.
© ISO/IEC 2019 – All rights reserved 1

3.5
life cycle
series of all phases in the life of a medical device (3.7), from the initial conception to final decommissioning
and disposal
3.6
manufacturer
natural or legal person with responsibility for design and/or manufacture of a medical device (3.7) with
the intention of making the medical device available for use, under his name; whether or not such a
medical device is designed and/or manufactured by that person himself or on his behalf by another
person(s)
Note 1 to entry: This "natural or legal person" has ultimate legal responsibility for ensuring compliance with all
applicable regulatory requirements for the medical device in the countries or jurisdictions where it is intended to
be made available or sold, unless this responsibility is specifically imposed on another person by the Regulatory
Authority within that jurisdiction.
Note 2 to entry: The manufacturer’s responsibilities are described in other GHTF guidance documents. These
responsibilities include meeting both pre-market requirements and post-market requirements, such as adverse
event reporting and notification of corrective actions.
Note 3 to entry: “Design and/or manufacture” can include specification development, production,
fabrication, assembly, processing, packaging, repackaging, labelling, relabelling, sterilization, installation, or
remanufacturing of a medical device; or putting a collection of devices, and possibly other products, together for
a medical purpose.
Note 4 to entry: Any person who assembles or adapts a medical device that has already been supplied by another
person for an individual patient, in accordance with the instructions for use, is not the manufacturer, provided
the assembly or adaptation does not change the intended use (3.4) of the medical device.
Note 5 to entry: Any person who changes the intended use of, or modifies, a medical device without acting on
behalf of the original manufacturer and who makes it available for use under his own name, should be considered
the manufacturer of the modified medical device.
Note 6 to entry: An authorized representative, distributor or importer who only adds its own address and
contact details to the medical device or the packaging, without covering or changing the existing labelling, is not
considered a manufacturer.
Note 7 to entry: To the extent that an accessory is subject to the regulatory requirements of a medical device, the
person responsible for the design and/or manufacture of that accessory is considered to be a manufacturer.
[SOURCE: GHTF/SG1/N055: 2009, 5.1, modified - The words "may include" have been replaced with "can
include" in Note 3 to entry.]
3.7
medical device
instrument, apparatus, implement, machine, appliance, implant, reagent for in vitro use, software,
material or other similar or related article, intended by the manufacturer (3.6) to be used, alone or in
combination, for human beings, for one or more of the specific medical purpose(s) of
— diagnosis, prevention, monitoring, treatment or alleviation of disease,
— diagnosis, monitoring, treatment, alleviation of or compensation for an injury,
— investigation, replacement, modification, or support of the anatomy or of a physiological process,
— supporting or sustaining life,
— control of conception,
— disinfection of medical devices,
— providing information by means of in vitro examination of specimens derived from the human body,
2 © ISO/IEC 2019 – All rights reserved

and which does not achieve its primary intended action by pharmacological, immunological or metabolic
means, in or on the human body, but which can be assisted in its intended function by such means
Note 1 to entry: Products which can be considered to be medical devices in some jurisdictions but not in others
include:
— disinfection substances,
— aids for persons with disabilities,
— devices incorporating animal and/or human tissues,
— devices for in-vitro fertilization or assisted reproductive technologies.
[SOURCE: GHTF/SG1/N071: 2012, 5.1, modified — The words "may be assisted" have been replaced
with "can be assisted" in the definition, and the words "may be considered" have been replaced with
"can be considered" in Note 1 to entry.]
3.8
reasonably foreseeable misuse
use of a product or system in a way not intended by the manufacturer (3.6), but which can result from
readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of users, e.g. lay and
professional users.
Note 2 to entry: Reasonably foreseeable misuse can be intentional or unintentional.
[SOURCE: ISO/IEC Guide 51:2014, 3.7, modified — The word “supplier” has been replaced with
“manufacturer”, the example in Note 1 to entry has been modified, and Note 2 to entry has been
replaced with a new Note to entry.]
3.9
residual risk
risk (3.10) remaining after risk control (3.12) measures have been implemented
[SOURCE: ISO/IEC Guide 51:2014, 3.8, modified — The words “risk reduction measures” have been
replaced with “risk control measures”.]
3.10
risk
combination of the probability of occurrence of harm (3.1) and the severity (3.17) of that harm
Note 1 to entry: The probability of occurrence includes the exposure to a hazardous situation (3.3) and the
possibility to avoid or limit the harm.
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified — The words "the occurrence of a hazardous event"
have been removed from Note 1 to entry.]
3.11
risk analysis
systematic use of available information to identify hazards (3.2) and to estimate the risk (3.10)
[SOURCE: ISO/IEC Guide 51:2014, 3.10]
3.12
risk control
process in which decisions are made and measures implemented by which risks (3.10) are reduced to,
or maintained within, specified levels
© ISO/IEC 2019 – All rights reserved 3

3.13
risk estimation
process used to assign values to the probability of occurrence of harm (3.1) and the severity (3.17) of
that harm
3.14
risk evaluation
process of comparing the estimated risk (3.10) against given risk criteria to determine the acceptability
of the risk
3.15
risk management
systematic application of management policies, procedures and practices to the tasks of analysing,
evaluating, controlling and monitoring risk (3.10)
3.16
safety
freedom from unacceptable risk (3.10)
3.17
severity
measure of the possible consequences of a hazard (3.2)
3.18
state of the art
developed stage of technical capability at a given time as regards products, processes and services,
based on the relevant consolidated findings of science, technology and experience
Note 1 to entry: The state of the art embodies what is currently and generally accepted as good practice in technology
and medicine. The state of the art does not necessarily imply the most technologically advanced solution. The state
of the art described here is sometimes referred to as the “generally acknowledged state of the art”.
[SOURCE: ISO/IEC Guide 2:2004, 1.4, modified — Note 1 to entry has been added.]
3.19
verification
confirmation, through the provision of objective evidence, that specified requirements have been
fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other
forms of determination such as performing alternative calculations or reviewing documents.
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process.
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO 9000:2015, 3.8.12]
4 Use of the terms “safety”, “safe”, “effective”, and “effectiveness”
4.1 Safety
The use of the term “safety” in medical device standards should be as a noun rather than as a descriptive
adjective. As an adjective, it is likely to be misinterpreted as an assurance of freedom from risk. The
recommended approach is to replace, wherever possible, the terms “safety” with an indication of the
objective.
EXAMPLE “Protective helmet” instead of “safety helmet”; “protective impedance device” instead of “safety
impedance".
4 © ISO/IEC 2019 – All rights reserved

4.2 Safe
The term “safe” in medical device standards should be used to indicate the state where the risks from
recognized hazardous situations have been reduced to an acceptable level.
The term “safe” should only be used with the term “effective” to describe the situation where a balance
has been achieved between the state where the risks from recognized hazardous situations have been
reduced to an acceptable level and the product is achieving the intended use. Other uses of safe should
be replaced, whenever possible, with an indication of the objective.
EXAMPLE “Slip resistant floor-covering” instead of “safe floor-covering”.
4.3 Effective
The term “effective” in medical device standards should be used to characterize a medical device that
fulfils its intended use.
4.4 Effectiveness
The term “effectiveness” can be used in medical device standards to express a variety of related
concepts depending upon the context of where it is used. Standards writers need to carefully establish
the meaning within the context of their standard, if it differs from the context established in this
document, and then use it consistently. In this document, the term is used in the context of verification
of risk control measures.
EXAMPLE In IEC 62366-1:2015, 3.4, "effectiveness" is defined as "accuracy and completeness with which
users achieve specified goals". In IEC 80001-1:2010, 2.6, "effectiveness" defined as "ability to produce the
intended result for the patient and the responsible organization".
5 Principles for including aspects of safety in medical device standards
5.1 Scope of medical device standards that include aspects of safety
The planning and development of medical device standards that include aspects of safety requires a
global approach that includes manufacturers, users, regulatory authorities and other stakeholders.
This document is intended to assist committees responsible for different medical device standards to
create a coherent approach to the treatment of safety in the preparation of those standards. Defining
the scope of these standards will ensure that each standard is restricted to specific aspects and that
each standard makes reference to standards of wider application for all other relevant aspects. A useful
hierarchy is built on:
— basic standards, including fundamental concepts, principles and requirements with regard to
general aspects of safety applicable to all kinds or a wide range of products, processes and services
(basic standards are sometimes referred to as horizontal standards);
— group standards, including aspects of safety applicable to several products, processes or services
dealt with by two or more technical committees or subcommittees, making reference, as far as
possible, to basic standards;
— (a family of) specific product and/or process standards, including all necessary aspects of
safety applicable to a specific, or a family of, product(s), process(es), or service(s) within the scope
of a single technical committee or subcommittee, making reference, as far as possible, to basic
standards and group standards (family product and process standards are sometimes referred to
as vertical standards);
— other standards containing aspects of safety, but which do not deal exclusively with aspects of
safety, making reference as far as possible to basic standards, group standards, and family product
and process standards.
© ISO/IEC 2019 – All rights reserved 5

This hierarchy is based on ISO/IEC Guide 51:2014, 7.1.
Requirements dealing with aspects of safety for medical devices can be incorporated in different types
of standards (see 5.3) that can be found at any appropriate level in the hierarchy described above.
5.2 Objective of medical device standards that include aspects of safety
The goal of medical device standards including aspects related to safety is to support the development
and production of medical devices with a predictable, consistent level of safety.
To achieve this goal, these standards should:
a) assist manufacturers in the design and production of safe and effective medical devices;
NOTE See 4.2 and 4.3 for guidance on the use of the terms "safe" and "effective".
b) assist manufacturers, certification bodies, testing laboratories or test houses, and regulatory
authorities in assessing compliance with legal and market requirements;
c) assist health care providers and users in managing risks associated with the use of medical devices.
To produce medical device standards that include aspects of safety that are well suited to assisting the
stakeholders listed above, standards writers should employ the risk-based framework in this document.
When writing medical device standards that include aspects of safety, standards writers should
carefully adhere to the definitions in Clause 3 in order to support this goal and to help ensure that the
standards can be correctly applied.
5.3 Types of standards
5.3.1 Product standards
These can be:
a) standards that state safety or performance parameters and include reference test methods that
can be used to demonstrate conformance to those parameters; or
b) standards that require provision of information for safety or test method standards where
adherence to declared pass/fail criteria are necessary for safety and performance.
See Clause A.1 for a discussion of how product standards can contribute to safe and effective medical
devices.
5.3.2 Process standards
These can be:
a) management system standards, such as those addressing quality or risk management, that establish
a framework within which the manufacturer can design, develop and produce medical devices that
consistently meet specifications; or
b) process standards that establish a framework within which the manufacturer can design, develop
and produce consistently safe and effective medical devices, (e.g. sterilization, biological evaluation,
clinical investigation).
See Clause A.2 for a discussion of how process standards can contribute to safe and effective medical
devices.
Some types of standards cannot be easily allocated to one of these categories since they combine
properties of product standards and process standards. Examples are described in 5.3.3 and 5.3.4.
6 © ISO/IEC 2019 – All rights reserved

5.3.3 Installation and environmental standards
These standards are generally appropriate for complex, integrated systems, active medical devices and
medical devices operating in an information technology (IT) environment. These can be:
a) construction and installation standards (e.g. X-ray shielding, electrical wiring);
b) system standards that address the proper precautions and procedures for interconnection of
multiple devices into a single system;
c) commissioning standards that address the proper testing and inspection procedures to apply to
permanently installed equipment and systems prior to initial use;
d) environmental standards that address precautions and testing to ensure that a medical device
does not negatively affect its environment and that the environment does not degrade or otherwise
impair the performance of a medical device (e.g. electromagnetic compatibility standards); or
e) IT security or cybersecurity standards.
5.3.4 In-service standards
These can be
a) routine in-service testing standards to ensure that the safety and effectiveness of medical devices
is maintained over the useful life of the equipment; or
b) quality assurance and calibration standards to ensure the continued proper function and accuracy
of medical devices where relevant to safety.
5.4 Taking a practical view of safety
Risk needs to be balanced against other demands on the product, process or service. These other
demands include benefit, suitability and availability. Standards writers should remember that the level
of required effort from the manufacturer (e.g. for required documentation or testing) should be scaled
to the level of risk.
Because zero risk is unattainable, safety is defined as freedom from unacceptable risk. A practical
approach is to establish a level of acceptable risk that takes into account available information, such as
the generally acknowledged state of the art and known stakeholder concerns, and that results in a high
level of safety and protection of health.
In assessing the safety of medical devices, it is also necessary to consider that certain medical devices,
because of their means of operation, composition or the circumstances of their use, carry with them
an inherent risk that cannot be eliminated without degrading their effectiveness (e.g. surgical lasers,
electrosurgery, X-ray imaging and radiotherapy devices).
Differences exist in medical and health practices in different parts of the world including judgments
about the safety of medical devices. Furthermore, what is considered safe evolves over time as
technologies and social values change. These issues can often be addressed by identifying the specific
conditions under which a technical requirement applies.
5.5 Coordination of medical device standards
The development of each new medical device standard needs to be viewed in the context of existing
medical devices and standards, as well as national, regional and international laws. New standards
should make use of the body of existing standards, whenever relevant, either by reference or by
reproduction of text where this is justified by convenience or clarity.
© ISO/IEC 2019 – All rights reserved 7

5.6 Implications of the regulatory or legal use of standards
Standards writers should be aware of the possible legal and regulatory implications of the standard
they develop.
Safe and effective medical devices, whose sale and use is regulated in many countries, are of particular
concern to regulatory authorities in those countries. However, International Standards should not be
written to address only a specific regulation.
Standards can be cited in regulations and legislation, in which case the standards themselves become
legally binding. Alternatively, there are regulatory schemes where a medical device that complies with
a specified standard is “deemed to comply” with the regulations.
Standards writers need to be aware that the application of standards can also be modified by regulatory
authorities.
Standards can also be cited in litigation as what should reasonably be expected by society, and thus
used to establish compliance with these expectations.
Experience shows that non-normative information, like an informative annex or notes with rationales
and examples can be misinterpreted as normative. The inclusion of informative annexes other than
explanatory rationales should be carefully considered and be worded accordingly.
6 The nature of risk
6.1 The elements of risk
The risk associated with a particular hazardous situation is a combination of the following elements
(see Figure 1):
a) the probability of occurrence of harm, which can be considered to be composed of:
— the probability P that a specific sequence or combination of events leads to the hazardous
situation (i.e. exposure to the hazard);
— the probability P that the hazardous situation leads to a harm;
b) the severity of harm that can result from the hazardous situation.
Depending on the complexity of the medical device, the intended use, or the frequency or duration
of exposure, the probability of occurrence of harm can be expressed as a combination of separate
probabilities (P , P ), or expressed as a single probability (P). Figure 1 illustrates how these elements
1 2
are related to each other. A decomposition into P and P is not mandatory.
1 2
The risk can then be assessed by combining the independent estimates of the severity and probability
of occurrence of harm.
If the probability of occurrence of harm cannot be estimated, it is usually necessary to evaluate the risk
on the basis of the severity of the harm alone. The greater the consequence and the less effective the
risk control measures, the higher the required rigour of the relevant risk control.
In situations where either P or P can be estimated and the other probability cannot, a conservative
1 2
approach can be followed by setting the unknown probability equal to 1. The risk can then be assessed
based on the severity and the conservative estimate of the probability of occurrence of harm.
NOTE Annex B provides guidance on the use of sources and methods for obtaining risk information.
8 © ISO/IEC 2019 – All rights reserved

6.2 Systematic or random nature of risks
6.2.1 Types of causes of risks
Risk can arise from either systematic or random causes. Consequently, the probability of occurrence of
harm can be related to either a systematic or a random cause.
For example, a toxic substance can be on a product resulting from a systematic flaw in the production
process (e.g. insufficient washing steps, insufficient aeration after sterilization). On the other hand,
random variations in a raw material or random processing variations can also lead to the presence
of toxic substances. Confidence in risk estimates is enhanced when a quantitative estimate of the
probability of occurrence of harm can be made on the basis of accurate and reliable data or when a
reasonable qualitative estimate is possible. However, this is not always achievable. When the accuracy
of the estimation of the probability of occurrence of harm is in doubt, it is often necessary to establish
a broad range for the probability of occurrence of harm, or to determine that it is no worse than some
particular value.
Standards writers need to consider the difference between systematic and random causes for the
standard they are writing.
NOTE 1 Depending on the complexity of the medical device, a hazard can lead to multiple hazardous situations,
and each hazardous situation can lead to multiple harms.
NOTE 2 The probability of occurrence of harm (P) can be composed of separate P and P values.
1 2
NOTE 3 The thin arrows represent elements of risk analysis and the thick arrows depict how a hazard can
lead to harm.
Figure 1 — Illustration of the relationship between hazard, sequence of events, hazardous
situation and harm
© ISO/IEC 2019 – All rights reserved 9

6.2.2 Risks arising from systematic causes
An error in any activity can lead to a systematic cause, which will give rise to a failure when a particular
combination of inputs or conditions arises. These errors can occur any time during a product’s life cycle.
The probability that a systematic cause will occur can be difficult to estimate.
Examples include the following:
a) software caused failures;
b) inadequate design or flaws in the instructions for use;
c) novel medical applications.
In cases where a hazardous situation occurs due to a systematic cause, the probability of a systematic
cause occurring is not the same as the probability of the occurrence of harm. A cause does not always
result in a hazardous situation, and a hazardous situation does not always result in harm.
Examples of risk control measures applicable for risks arising from systematic causes can include the
following:
— rigour of applied processes in design, development and manufacturing: it is usually assumed that
the more rigorous the processes used in the design and development or manufacturing, the lower
the probability of systematic faults being introduced or remaining undetected;
— applying redundancy of risk control measures: more than one independent risk control measure
usually increases confidence in the overall protection from a specific risk;
— reducing the time window within which two or more independent events contributing to a hazardous
situation and subsequent harm need to happen: detailed actions can range from periodic self-checks
to periodic maintenance;
— applying processes and mechanisms for the continuous monitoring of critical parameters, and
subsequent evaluation and corrective action.
6.2.3 Risks arising from random causes
For many events, a numerical value can be given for the probability that the failure will occur. A
quantitative estimate can only be applied if sufficient information is known about the hazard and the
circumstances affecting the probability of a hazardous situation occurring (exposure to hazard) (P in
Figure 1) and the probability of a hazardous situation leading to harm (P in Figure 1).
The following are some examples of random failures:
— power surge resulting in a failure of a part such as an integrated circuit in an electronic assembly;
— contamination of an IVD reagent resulting in its deterioration;
— presence of an infectious agent in or on a medical device leading to a biological reaction;
— presence of a toxic substance in or on a medical device leading to an allergic reaction.
7 Risk-based process for developing a medical device standard that includes
aspects of safety
7.1 General
When writing medical device standards that include aspects of safety, standards writers should use
a risk-based framework including risk management planning, which includes determination of risk
acceptability criteria, risk analysis, a risk evaluation, risk control, and evaluation of overall residual
risk acceptability. The information in this clause can be applied to both product and process standards.
10 © ISO/IEC 2019 – All rig
...