SIST EN ISO 22367:2020

SLOVENSKI STANDARD
01-maj-2020
Nadomešča:
SIST-TS CEN ISO/TS 22367:2010
Medicinski laboratoriji - Uporaba obvladovanja tveganja v medicinskih
laboratorijih (ISO 22367:2020)
Medical laboratories - Application of risk management to medical laboratories (ISO
22367:2020)
Medizinische Laboratorien - Fehlerverringerung durch Risikomanagement und ständige
Verbesserung (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la gestion des risques aux
laboratoires de biologie médicale (ISO 22367:2020)
Ta slovenski standard je istoveten z: EN ISO 22367:2020
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
11.100.01 Laboratorijska medicina na Laboratory medicine in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 22367
EUROPEAN STANDARD
NORME EUROPÉENNE
March 2020
EUROPÄISCHE NORM
ICS 11.100.01 Supersedes CEN ISO/TS 22367:2010
English Version
Medical laboratories - Application of risk management to
medical laboratories (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la Medizinische Laboratorien - Fehlerverringerung durch
gestion des risques aux laboratoires de biologie Risikomanagement und ständige Verbesserung (ISO
médicale (ISO 22367:2020) 22367:2020)
This European Standard was approved by CEN on 7 February 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22367:2020 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 22367:2020) has been prepared by Technical Committee ISO/TC 212 "Clinical
laboratory testing and in vitro diagnostic test systems" in collaboration with Technical Committee
CEN/TC 140 “In vitro diagnostic medical devices” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2020, and conflicting national standards
shall be withdrawn at the latest by March 2023.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN ISO/TS 22367:2010.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22367:2020 has been approved by CEN as EN ISO 22367:2020 without any modification.

INTERNATIONAL ISO
STANDARD 22367
First edition
2020-02
Medical laboratories — Application
of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion des
risques aux laboratoires de biologie médicale
Reference number
ISO 22367:2020(E)
©
ISO 2020
ISO 22367:2020(E)
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

ISO 22367:2020(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 8
4.1 Risk management process . 8
4.2 Management responsibilities . 9
4.3 Qualification of personnel .10
4.4 Risk management plan .10
4.4.1 General.10
4.4.2 Scope of the plan .11
4.4.3 Contents of the plan .11
4.4.4 Revisions to the plan .11
4.4.5 Risk management documentation .12
5 Risk analysis .12
5.1 General .12
5.2 Risk analysis process and documentation .13
5.3 Intended medical laboratory use and reasonably foreseeable misuses .13
5.4 Identification of characteristics related to safety .13
5.5 Identification of hazards .13
5.6 Identification of potentially hazardous situations .14
5.7 Identification of foreseeable patient harms .14
5.8 Estimation of the risk(s) for each hazardous situation.14
6 Risk evaluation .15
6.1 Risk acceptability criteria .15
6.2 Risk evaluation process .16
7 Risk control .16
7.1 Risk control options.16
7.2 Risk control verification .17
7.3 Role of standards in risk control.17
7.4 Role of IVD medical devices in risk control .17
7.5 Risks arising from risk control measures .17
7.6 Residual risk evaluation .17
8 Benefit-risk analysis .18
9 Risk management review .18
9.1 Completeness of risk control .18
9.2 Evaluation of overall residual risk .18
9.3 Risk management report .19
10 Risk monitoring, analysis and control activities .19
10.1 Surveillance procedure .19
10.2 Internal sources of risk information .20
10.3 External sources of risk information .20
10.4 Immediate actions to reduce risk .20
Annex A (informative) Implementation of risk management within the quality
management system .22
Annex B (informative) Developing a risk management plan .32
Annex C (informative) Risk acceptability considerations .34
ISO 22367:2020(E)
Annex D (informative) Identification of characteristics related to safety .37
Annex E (informative) Examples of hazards, foreseeable sequences of events and
hazardous situations .44
Annex F (informative) Nonconformities potentially leading to significant risks .52
Annex G (informative) Risk analysis tools and techniques .60
Annex H (informative) Risk analysis of foreseeable user actions .65
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm .69
Annex J (informative) Overall residual risk evaluation and risk management review .75
Annex K (informative) Conducting a benefit-risk analysis .77
Annex L (informative) Residual risk(s) .80
Bibliography .81
iv © ISO 2020 – All rights reserved

ISO 22367:2020(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test systems.
This first edition cancels and replaces (ISO/TS 22367:2008) which has been technically revised. [It also
incorporates the Technical corrigendum ISO/TS 22367:2008/Cor.1:2009.]. The main changes compared
to the previous edition are as follows:
— Change in title to indicate this document focusses on the complete risk management cycle for all
processes in the medical laboratory. The part on continual improvement is left out;
— The numbering of the clauses is in accordance with the formal risk management process as indicated
in Figure 1;
— The content is as far as possible in agreement with the approach used in ISO 14971 Medical devices
-Application of risk management to medical devices;
— The relation with ISO 15189:2012 is indicated in Annex A in which Figure A.1 provides a flow chart
which indicates how to apply risk management in the laboratory;
— Addition of 10 new annexes, all informative, providing valuable information about the different
processes in the risk management cycle without demanding more than justified for the specific
purpose;
— Annex F. provides an extensive list of aspects which could be considered as source for risks in the
different types of medical laboratories.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
ISO 22367:2020(E)
Introduction
This document provides medical laboratories with a framework within which experience, insight
and judgment are applied to manage the risks associated with laboratory examinations. The risk
management process spans the complete range of medical laboratory services: pre-examination,
examination and post-examination processes, including the design and development of laboratory
examinations.
ISO 15189 requires that medical laboratories review their work processes, evaluate the impact of
potential failures on examination results, modify the processes to reduce or eliminate the identified
risks, and document the decisions and actions taken. This document describes a process for managing
these safety risks, primarily to the patient, but also to the operator, other persons, equipment and other
property, and the environment. It does not address business enterprise risks, which are the subject of
ISO 31000.
Medical laboratories often rely on the use of in vitro medical devices to achieve their quality objectives.
Thus, risk management has to be a shared responsibility between the IVD manufacturer and the medical
laboratory. Since most IVD manufacturers have already implemented ISO 14971:2007, “Medical devices
-Application of risk management to medical devices,” this standard has adopted the same concepts,
principles and framework to manage the risks associated with the medical laboratory.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of
hazards, which can lead directly or indirectly to varying degrees of harm. The concept of risk has two
components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder may place a different value on the risk of
harm. Alignment of this standard with ISO 14971 and the guidance of the Global Harmonization Task
Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD
manufacturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit of
patients, laboratories and the public health.
Medical laboratories have traditionally focused on detecting errors, which are often the consequence of
use errors during routine activities. Use errors can result from a poorly designed instrument interface,
or reliance on inadequate information provided by the manufacturer. They can also result from
reasonably foreseeable misuse, such as intentional disregard of an IVD manufacturer’s instructions
for use, or failure to follow generally accepted medical laboratory practices. These errors can cause
or contribute to hazards, which may manifest themselves immediately as a single event, or may be
expressed multiple times throughout a system, or may remain latent until other contributory events
occur. The emerging field of usability engineering addresses all of these ‘human factors’ as preventable
‘use errors.’ In addition, laboratories also have to contend with occasional failures of their IVD medical
devices to perform as intended. Regardless of their cause, risks created by device malfunctions and use
errors can be actively managed.
Risk management interfaces with quality management at many points in ISO 15189, in particular
complaint management, internal audit, corrective action, preventive action, safety checklist, quality
control, management review and external assessment, both accreditation and proficiency testing.
Management of risk also coincides with the management of safety in the medical laboratories, as
exemplified by the safety audit checklists in ISO 15190.
Risk management is a planned, systematic process that is best implemented through a structured
framework. This standard is intended to assist medical laboratories with the integration of risk
management into their routine organization, operation and management.
vi © ISO 2020 – All rights reserved

INTERNATIONAL STANDARD ISO 22367:2020(E)
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations.
The process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of
a medical laboratory, including the pre-examination and post-examination aspects, examinations,
accurate transmission of test results into the electronic medical record and other technical and
management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document does not apply to the management of risks affecting medical laboratory enterprises that
are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
benefit
impact or desirable outcome of a process (3.19), procedure (3.17) or the use of a medical device on the
health of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, (relief of symptoms), improvement in
function, or an increased sense of well-being.
3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or
“close call”.
ISO 22367:2020(E)
[SOURCE: ISO Guide 73:2009, 3.5.1.3]
3.3
examination
set of operations having the object of determining the value or characteristics of a property
Note 1 to entry: In some disciplines (e.g., microbiology) an examination is the total activity of a number of tests,
observations or measurements.
Note 2 to entry: Laboratory examinations that determine a value of a property are called quantitative
examinations; those that determine the characteristics of a property are called qualitative examinations.
Note 3 to entry: Laboratory examinations are also often called assays or tests.
[SOURCE: ISO 15189:2012, 3.7]
3.4
frequency
number of events (3.2) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events (3.2) or to potential future events (3.2), where it can be
used as a measure of likelihood or probability (3.18)
[SOURCE: ISO Guide 73:2009, 3.6.1.5]
3.5
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.6
hazard
source of potential harm (3.5)
[SOURCE: ISO Guide 73:2009, 3.5.1.4, modified – Note 1 to entry has been deleted.]
3.7
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.6)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
3.8
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician,
laboratory technologist, biomedical laboratory scientist medical assistant, medical specialist, respiratory care
practitioner.
[SOURCE: ISO 18113-1:2009, 3.23]
3.9
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design, manufacture, packaging, or labelling (3.12) of
an IVD medical device (3.10), assembling a system, or adapting an IVD medical device (3.10)before it is
placed on the market or put into service, regardless of whether these operations are carried out by that
person or on that person's behalf by a third party
Note 1 to entry: Provisions of national or regional regulations can apply to the definition of manufacturer.
2 © ISO 2020 – All rights reserved

ISO 22367:2020(E)
[SOURCE: ISO 14971:2007, 2.8, modified – “manufacturer” has been changed to “in vitro diagnostic
manufacturer”.“A medical device” has been changed to “an IVD medical device” (3.10). “Attention is
drawn to the fact that” has been deleted in Note 1 to entry. In addition, Note 2 to entry has been deleted.]
3.10
in vitro diagnostic medical device
IVD medical device
device, whether used alone or in combination, intended by the manufacturer for the in vitro examination
(3.3) of specimens derived from the human body solely or principally to provide information for
diagnostic, monitoring or compatibility purposes and including reagents, calibrators, control materials,
specimen receptacles, software, and related instruments or apparatus or other articles
[SOURCE: ISO 18113-1:2009, 3.27]
3.11
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manufacturer to be used as an IVD medical device (3.10)
[SOURCE: ISO 18113-1:2009, 3.26]
3.12
information supplied by the manufacturer
labelling
written, printed or graphic matter
— affixed to an IVD medical device (3.10) or any of its containers or wrappers or
— provided for use with an IVD medical device (3.10),
related to identification and use, and giving a technical description, of the IVD medical device (3.10), but
excluding shipping documents
EXAMPLE Labels, instructions for use (3.13).
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important
information for the responsible organization or operator, particularly regarding safety, are called “accompanying
documents”.
Note 2 to entry: Catalogues and material safety data sheets are not considered labelling of IVD medical devices (3.10).
[SOURCE: ISO 18113-1:2009, 3.29]
3.13
instructions for use
information supplied by the manufacturer (3.12) to enable the safe and proper use of an IVD medical
device (3.10)
Note 1 to entry: Includes the directions supplied by the manufacturer for the use, maintenance, troubleshooting
and disposal of an IVD medical device (3.10), as well as warnings and precautions.
[SOURCE: ISO 18113-1:2009, 3.30]
3.14
intended use
intended purpose
objective intent of an IVD manufacturer (3.9) regarding the use of a product, process (3.19) or service (3.37)
as reflected in the specifications, instructions and information supplied by the IVD manufacturer (3.9)
Note 1 to entry: Intended use statements for IVD labelling (3.12) can include two components: a description of
the functionality of the IVD medical device (3.10) (e.g., an immunochemical measurement procedure (3.17) for the
detection of analyte “x” in serum or plasma), and a statement of the intended medical use of the examination (3.3)
results.
ISO 22367:2020(E)
[SOURCE: ISO 18113-1:2009, 3.31, modified — Note 2 has been deleted.]
3.15
laboratory management
person(s) who direct and manage the activities of a laboratory
Note 1 to entry: The term ‘laboratory management’ is synonymous with the term ‘top management’ in
ISO 9000:2015, 3.1.1.
[SOURCE: ISO 15189:2012, 3.10]
3.16
likelihood
chance of something happening
Note 1 to entry: In risk management terminology, the word “likelihood” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively,
and described using general terms or mathematically (such as a probability (3.18) or a frequency (3.4) over a
given time period).
Note 2 to entry: The English language term “likelihood” does not have a direct equivalent in some languages;
instead, the equivalent of the term “probability” (3.18) is often used. However, in English, “probability” (3.18) is
often narrowly interpreted as a mathematical term. Therefore, in risk management terminology, “likelihood”
is used with the intent that it should have the same broad interpretation as the term “probability” (3.18) has in
many languages other than English.
[SOURCE: ISO Guide 73:2009, 3.6.1.1]
3.17
procedure
specified way to carry out an activity or a process (3.19)
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.18
probability
measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility
and 1 is absolute certainty
Note 1 to entry: See definition of likelihood (3.16), Note 2 to entry.
[SOURCE: ISO Guide 73:2009, 3.6.1.4]
3.19
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service (3.37) depends on
the context of the reference.
[SOURCE: ISO 9000:2015, 3.4.1, modified — Note 2 to entry to Note 6 to entry have been deleted.]
3.20
reasonably foreseeable misuse
use of a product, process (3.19) or service (3.37) in a way not intended by the supplier, but which may
result from readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of intended users (3.42).
Note 2 to entry: In the context of consumer safety, the term “reasonably foreseeable use” is increasingly used as a
synonym for both “intended use” (3.14) and “reasonably foreseeable misuse.”
4 © ISO 2020 – All rights reserved

ISO 22367:2020(E)
Note 3 to entry: Applies to use of examination (3.3) results by a healthcare provider (3.8) contrary to the intended
use (3.14), as well as use of IVD medical devices (3.10) by the laboratory contrary to the instructions for use (3.13).
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use of the device in a way not intended by the
manufacturer.
Note 5 to entry: Adapted from ISO Guide 63:2012, 2.8, to apply to medical laboratories.
Note 6 to entry: Misuse is intended to mean incorrect or improper performance of an examination (3.3) procedure
(3.17) or any procedure (3.17) critical for patient safety.
[SOURCE: ISO/IEC Guide 51:2014, 3.7, modified — “a product or system” has been changed to “a product,
process (3.19) or service” (3.37), and “can” has been changed to “may”. In addition, “Note 3 to entry to
Note 6 to entry” have been added.]
3.21
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of verification
(3.44), preventive action and corrective action.
Note 2 to entry: Generally records need not be under revision control.
[SOURCE: ISO 9000:2015, 3.8.10]
3.22
residual risk
risk (3.23) remaining after risk (3.23) control measures have been taken
[SOURCE: ISO/IEC Guide 63:2012, 2.9]
3.23
risk
combination of the probability (3.18) of occurrence of harm (3.5) and the severity (3.38) of that harm (3.5)
Note 1 to entry: In standards that focus on management of risks to a business enterprise, such as ISO 31000, risk
is defined as “the effect of uncertainty on objectives.” ISO 14971 and this document have retained the definition
from ISO/IEC Guide 51:1999 because they are externally focused on risks to the safety of patients and other
persons.
[SOURCE: ISO/IEC Guide 51:2014, 3.9]
3.24
risk analysis
systematic use of available information to identify hazards (3.6) and to estimate the risk (3.23)
Note 1 to entry: Risk analysis includes examination (3.3) of different sequences of events (3.2) that can produce
hazardous situations (3.7) and harm (3.5).
[SOURCE: ISO/IEC Guide 51:2014, 3.10, modified — Note 1 to entry has been added.]
3.25
risk assessment
overall process (3.19) comprising a risk analysis (3.24) and a risk evaluation (3.28)
[SOURCE: ISO/IEC Guide 51:2014, 3.11]
3.26
risk control
process (3.19) in which decisions are made and measures implemented by which risks (3.23) are reduced
to, or maintained within, specified levels
[SOURCE: ISO/IEC Guide 63:2012, 2.12]
ISO 22367:2020(E)
3.27
risk estimation
process (3.19) used to assign values to the probability (3.18) of occurrence of harm (3.5) and the severity
(3.38) of that harm (3.5)
[SOURCE: ISO/IEC Guide 63:2012, 2.13]
3.28
risk evaluation
process (3.19) of comparing the estimated risk (3.23) against given risk criteria to determine the
acceptability of the risk (3.23)
[SOURCE: ISO/IEC Guide 63:2012, 2.14]
3.29
risk management
systematic application of management policies, procedures (3.17) and practices to the tasks of analysing,
evaluating, controlling and monitoring risk (3.23)
[SOURCE: ISO/IEC Guide 63:2012, 2.15]
3.30
risk management documentation
set of records (3.21) and other documents that are produced by risk management (3.29)
[SOURCE: ISO 14971:2007, 2.23]
3.31
risk management plan
scheme specifying the approach, the management components and resources to be applied to the
management of risk (3.23)
[SOURCE: ISO 31000:2009, 2.6]
3.32
risk management policy
statement of the overall intentions and direction of an organization related to risk management (3.29)
[SOURCE: ISO Guide 73:2009, 2.1.2]
3.33
risk matrix
tool for ranking and displaying risks (3.23) by defining ranges for consequence and likelihood (3.16)
[SOURCE: ISO Guide 73:2009, 3.6.1.7]
3.34
risk monitoring
surveillance
continual checking, critically observing or determining the status in order to identify change from the
risk (3.23) level required or expected
[SOURCE: ISO Guide 73:2009, 3.8.2.1, modified — “Monitoring” has been changed to “risk monitoring”.
“Supervising” has been deleted, and “performance” has been changed to“risk” (3.23) In addition, Note 1
to entry has been deleted.]
3.35
risk reduction
actions taken to lessen the probability (3.18) or negative consequences or both, associated with a
risk (3.23)
[SOURCE: ISO 22300:2018, 3.210]
6 © ISO 2020 – All rights reserved

ISO 22367:2020(E)
3.36
safety
freedom from unacceptable risk (3.22)
[SOURCE: ISO/IEC Guide 63:2012, 2.16]
3.37
service
activity performed by a medical laboratory for the benefit (3.1) of patients and
the healthcare providers (3.8) responsible for the care of those patients
Note 1 to entry: Medical laboratory services include arrangements for examination (3.3) requests, patient
preparation, patient identification, collection of samples, transportation, storage, processing and examination
(3.3) of clinical samples, together with subsequent interpretation, reporting and advice, in addition to the
considerations of safety (3.36) and ethics in medical laboratory work.
Note 2 to entry: Adapted from ISO 15189:2012, Introduction.
3.38
severity
measure of the possible consequences of a hazard (3.6)
[SOURCE: ISO/IEC Guide 63:2012, 2.17]
3.39
stakeholder
person or organization that can affect, be affected by, or perceive themselves to be affected by a decision
or activity
Note 1 to entry: A decision maker can be a stakeholder.
[SOURCE: ISO Guide 73:2009, 3.2.1.1]
3.40
state of the art
developed stage of technical capability at a given time as regards products, processes (3.19) and services
(3.37), based on the relevant consolidated findings of science, technology and experience
Note 1 to entry: The state of the art embodies what is currently and generally accepted as good practice. The state
of the art does not necessarily imply the most technologically advanced solution. The state of the art described
here is sometimes referred to as the “generally acknowledged state of the art”.
[SOURCE: ISO/IEC Guide 63:2012, 2.19]
3.41
use error
user (3.42) action or lack of user (3.42) action while performing a laboratory
examination (3.3) or using an IVD medical device (3.10) or performing any task in any procedure (3.17)
that leads to a different result than that intended by the laboratory or manufacturer or expected by the
user (3.42)
Note 1 to entry: Use error includes the inability of the user (3.42) to complete a task.
Note 2 to entry: Use errors can result from a mismatch between the characteristics of the user (3.42), user
interface, task, or use environment.
Note 3 to entry: Users (3.42) might be aware or unaware that the use error has occurred.
Note 4 to entry: An unexpected physiological response of the patient is not by itself considered use error.
Note 5 to entry: A malfunction of an IVD medical device that causes an unexpected result is not considered a
use error.
ISO 22367:2020(E)
Note 6 to entry: Use error includes the use of an examination (3.3) result for an unintended target group or for an
unintended diagnostic or patient management purpose.
Note 7 to entry: The term was chosen over “user error”, “human error” or “laboratory error” because not all
causes of error are partially or solely due to the user (3.42). Use errors are often the result of poorly designed user
(3.42) interface or processes (3.19), or, inadequate instructions for use (3.13).
[SOURCE: ISO/IEC 62366-1:2015, 3.21 modified — “(laboratory medicine)” has been added. “Performing
a laboratory examination (3.3) or”, “an IVD” and “laboratory or” have also been added. Note 6 to entry
was deleted. A new Note 6 to entry and a Note 7 to entry were added.]
3.42
user
individual responsible for an action that is intended to lead to a desired outcome
Note 1 to entry: Although such individuals are often laboratory personnel that are expected to be trained and
competent to perform the action, this term is not limited to such personnel
Note 2 to entry: The use of this term is not intended to imply that a device is utilized for the action; it is used as a
general term to include any individual that has a role in producing the desired outcome.
3.43
validation
confirmation, through the provision of objective evidence, that the requirements for a specific intended
use (3.14) or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result of a test or other form of determination
such as performing alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO 9000:2015, 3.8.13]
3.44
verification
confirmation, through the provision of objective evidence, that specified requirements have been
fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result of an inspection or of other
forms of determination such as performing alternative calculations or reviewing documents.
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process (3.19).
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO 9000:2015, 3.8.12]
4 Ris
...