SIST EN ISO 22367:2026

SLOVENSKI STANDARD
01-junij-2026
Medicinski laboratoriji - Uporaba obvladovanja tveganja v medicinskih
laboratorijih (ISO 22367:2026)
Medical laboratories - Application of risk management to medical laboratories (ISO
22367:2026)
Medizinische Laboratorien - Anwendung des Risikomanagements auf medizinische
Laboratorien (ISO 22367:2026)
Laboratoires de biologie médicale - Application de la gestion des risques aux
laboratoires de biologie médicale (ISO 22367:2026)
Ta slovenski standard je istoveten z: EN ISO 22367:2026
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
11.100.01 Laboratorijska medicina na Laboratory medicine in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 22367
EUROPEAN STANDARD
NORME EUROPÉENNE
April 2026
EUROPÄISCHE NORM
ICS 11.100.01 Supersedes EN ISO 22367:2020
English Version
Medical laboratories - Application of risk management to
medical laboratories (ISO 22367:2026)
Laboratoires de biologie médicale - Application de la Medizinische Laboratorien - Anwendung des
gestion des risques aux laboratoires de biologie Risikomanagements auf medizinische Laboratorien
médicale (ISO 22367:2026) (ISO 22367:2026)
This European Standard was approved by CEN on 4 April 2026.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2026 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22367:2026 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 22367:2026) has been prepared by Technical Committee ISO/TC 212 "Medical
laboratories and in vitro diagnostic systems" in collaboration with Technical Committee CEN/TC 140
“In vitro diagnostic medical devices” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by October 2026, and conflicting national standards shall
be withdrawn at the latest by April 2029.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22367:2020.
Any feedback and questions on this document should be directed to the users’ national standards
body/national committee. A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Endorsement notice
The text of ISO 22367:2026 has been approved by CEN as EN ISO 22367:2026 without any modification.

International
Standard
ISO 22367
Second edition
Medical laboratories — Application
2026-04
of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion
des risques aux laboratoires de biologie médicale
Reference number
ISO 22367:2026(en) © ISO 2026
ISO 22367:2026(en)
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO 22367:2026(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 9
4.1 Risk management process .9
4.2 Management responsibilities .9
4.3 Qualification of personnel .10
4.4 Risk management activities .10
4.4.1 General .10
4.4.2 Foreseeable risk . 12
4.4.3 Opportunity . 13
4.4.4 Information provided to users . 13
5 Proactive risk management .13
5.1 Proactive risk management plan. 13
5.2 Scope of the plan .14
5.3 Contents of the plan .14
5.4 Revisions to the plan .14
5.5 Documentation of the risk management plan. 15
6 Proactive risk analysis .15
6.1 General . 15
6.2 Risk analysis process . 15
6.3 Documentation of the risk analysis process .16
6.3.1 General .16
6.3.2 Intended medical laboratory use and reasonably foreseeable misuses .16
6.3.3 Identification of characteristics related to safety .16
6.3.4 Identification of hazards .16
7 Risk evaluation . 17
7.1 Overview .17
7.1.1 General .17
7.1.2 Reactive evaluation of risks .17
7.1.3 Proactive evaluation of risks .17
7.2 Benefit-risk analysis .18
7.3 Proactive risk evaluation .18
7.3.1 Risk acceptability criteria .18
7.3.2 Risk reduction . . .19
8 Risk control . 19
8.1 General .19
8.2 Risk control options . 20
8.2.1 General . 20
8.2.2 Role of standards in risk control . 20
8.2.3 Role of IVD medical devices in risk control . 20
8.3 Risks external to the laboratory .21
8.4 Risks arising from risk control measures .21
8.5 Residual risk evaluation .21
8.6 Risk control verification . 22
9 Risk management review .22
9.1 General . 22
9.2 Completeness of risk control . 22
9.3 Evaluation of overall residual risk . 22

iii
ISO 22367:2026(en)
9.4 Risk management report . 23
10 Risk monitoring, analysis and control activities .23
10.1 Risk monitoring procedure . 23
10.2 Internal sources of risk information .24
10.3 External sources of risk information.24
11 Immediate actions to reduce risk .24
Annex A (informative) Implementation of risk management within the management system .25
Annex B (informative) Guidance on establishing risk acceptability criteria .35
Annex C (informative) Guidance on risk acceptability considerations .37
Annex D (informative) Identification of characteristics related to safety .40
Annex E (informative) Examples of foreseeable risks, hazards, foreseeable sequences of events
and hazardous situations . 47
Annex F (informative) Nonconformities potentially leading to significant risks .55
Annex G (informative) Risk analysis tools and techniques .63
Annex H (informative) Risk analysis of foreseeable user actions .68
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm .72
Annex J (informative) Overall residual risk evaluation and risk management review .77
Annex K (informative) Conducting a benefit-risk analysis .79
Annex L (informative) Residual risks .81
Bibliography .82

iv
ISO 22367:2026(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO’s adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, Medical laboratories and in vitro diagnostic
systems, in collaboration with the European Committee for Standardization (CEN) Technical Committee
CEN/TC 140, In vitro diagnostic medical devices, in accordance with the Agreement on technical cooperation
between ISO and CEN (Vienna Agreement).
This second edition cancels and replaces the first edition (ISO 22367:2020), which has been technically
revised.
The main changes are as follows:
— the application of risk management to processes has been emphasized;
— reactive and proactive risk management has been discussed, differentiated, and illustrated;
— the content is as far as possible in agreement the requirements for risk management in ISO 15189:2022;
— the relation with ISO 15189:2022 is indicated in Annex A in which Figure A.1 provides a flow chart for
the underlying management system to underpin this document;
— Clause I.5 has been slightly modified to emphasize that risks most often require benefit-risk assessment
to determine risk acceptability.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

v
ISO 22367:2026(en)
Introduction
Medical laboratories deal with risks as part of their usual activities; these risks affect patients, personnel,
caregivers, and the organization as a whole. Risks span the range of services: pre-examination, examination
and post-examination processes, including the design and development of laboratory examinations. The
intent of this document is not to introduce risk as a concern for the laboratory but to provide a structure
for addressing, managing, and documenting risks that are part of the day-to-day and long-term (strategic)
activities of the laboratory.
ISO 15189 requires that medical laboratories review all work processes to identify potential failures for
risk of harm to patients and opportunities for improvement, modify the processes to reduce or eliminate
the identified risks, and document the decisions and actions taken. This document describes a process
for managing these risks to the patient, the operator, other persons, equipment and other property, the
healthcare enterprise as a whole, and the environment. It does not address business enterprise risks, which
are the subject of ISO 31000; however, ISO 31000 is consistent with and can provide further understanding
for the concepts in this document.
Medical laboratories span a broad range of activities, some of which rely on the use of in vitro medical
devices to achieve their quality objectives. When such devices are involved, risk management is a shared
responsibility between the in vitro diagnostic (IVD) manufacturer and the medical laboratory. Since most
IVD manufacturers have already implemented ISO 14971, this document has adopted similar concepts,
principles and framework to manage the risks associated with the medical laboratory when appropriate.
This is especially meaningful for laboratories that implement their own examinations on devices (laboratory
developed tests or LDTs); concepts integral to ISO 14971 can be directly applicable. ISO 5649 is a useful
reference for identifying and addressing risks in the development, implementation and retirement phases of
LDTs.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of hazards,
which can lead directly or indirectly to varying degrees of harm. The concept of risk has two components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder can place a different value on the risk of harm.
Risk management interfaces with quality management at many points in the medical laboratory. In
ISO 15189, as an example, risk management is a component of complaint management, internal audit,
corrective action, quality control, management review and external assessment (for both accreditation
and proficiency testing). Management of risk also coincides with the management of safety in the medical
laboratories, as exemplified by the safety audit checklists in ISO 15190. This document is intended to assist
medical laboratories with the integration of risk management into their routine organization, operation and
management.
While this document is intended for use throughout the currently recognized medical laboratory disciplines,
it can effectively be applied to other healthcare services, such as diagnostic imaging, respiratory therapy,
physiological sciences, blood banks and transfusion services.
The use of this document facilitates cooperation between medical laboratories and other healthcare services,
assists in the exchange of information, and in the harmonization of methods and procedures.

vi
International Standard ISO 22367:2026(en)
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations. The
process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of a
medical laboratory, including the pre-examination, examination, and post-examination aspects including
accurate transmission of examination results into the electronic medical record, as well as other technical
and management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document complements the management of risks affecting medical laboratory enterprises that are
addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
benefit
impact or desirable outcome of a process (3.21), procedure (3.19) or the use of a medical device on the health
of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, relief of symptoms, improvement in function,
or an increased sense of well-being.
3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.

ISO 22367:2026(en)
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or “close
call”.
[SOURCE: ISO 31073:2022, 3.3.11. modified — Note to entry 2 was changed; the original Note 3 to entry was
removed, and a new Note 3 to entry and a Note 4 were added.]
3.3
examination
set of operations having the objective of determining the numerical value, text value or characteristics of a
property
Note 1 to entry: An examination may be the total of a number of activities, observations or measurements required to
determine a value or characteristics.
Note 2 to entry: Laboratory examinations that determine a numerical value of a property are called “quantitative
examinations”; those that determine the characteristics of a property are called “qualitative examinations”.
Note 3 to entry: Laboratory examinations are also called “assays” or “tests”.
[SOURCE: ISO 15189:2022, 3.8]
3.4
foreseeable risk
risk (3.25) that is predictable prior to its occurrence
Note 1 to entry: Risk can be known from prior experience, assessment of current circumstances, prior occurrence of
an event (3.2), or other sources.
Note 2 to entry: Addressing foreseeable risk results in preventive action.
Note 3 to entry: A risk that is foreseeable does not imply that it has been anticipated or addressed.
3.5
frequency
number of events (3.2) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events or to potential future events, where it can be used as a
measure of likelihood or probability (3.20).
[SOURCE: ISO 31073:2022, 3.3.20]
3.6
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.7
hazard
source of potential harm (3.6)
[SOURCE: ISO 31073:2022, 3.3.12, modified — Note 1 to entry has been deleted.]
3.8
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.7)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]

ISO 22367:2026(en)
3.9
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician, laboratory
technologist, biomedical laboratory scientist, medical assistant, medical specialist, respiratory care practitioner.
[SOURCE: ISO 18113-1:2022, 3.1.28, modified — “laboratory technologist” and “biomedical laboratory
scientist” were added to the example.]
3.10
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design and/or manufacture of an IVD medical device (3.11)
with the intention of making the IVD medical device available for use, under his name, whether or not such
an IVD medical device is designed and/or manufactured by that person himself or on that person’s behalf by
another person(s)
[SOURCE: ISO 14971:2019, 3.9, modified — The term “manufacturer” was changed to “in vitro diagnostic
manufacturer”; in the definition, “medical device” was changed to “IVD medical device”; Notes to entry were
removed.]
3.11
in vitro diagnostic medical device
IVD medical device
medical device, whether used alone or in combination, intended by the manufacturer for the in vitro
examination (3.3) of specimens derived from the human body solely or principally to provide information for
diagnostic, monitoring or compatibility purposes
Note 1 to entry: The device includes reagents, calibrators, control materials, specimen receptacles, software, and
related instruments or apparatus or other articles.
Note 2 to entry: Adapted from ISO 18113-1:2022, 3.1.53.
3.12
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manufacturer to be used as an IVD medical device (3.11)
[SOURCE: ISO 18113-1:2022, 3.1.32]
3.13
information supplied by the manufacturer
information that is related to identification, technical description, intended use (3.15) and proper use of the
IVD medical device (3.11), but excluding shipping documents
EXAMPLE Labels, instructions for use, manual, written, printed, electronic, or graphic matter.
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important information
for the responsible organization or operator, particularly regarding safety, are called “accompanying documents”.
Note 2 to entry: Catalogues and material safety data sheets are not considered information supplied by the
manufacturer of IVD medical devices.
Note 3 to entry: Adapted from ISO 18113-1:2022, 3.1.35.
3.14
instructions for use
information supplied by the manufacturer (3.13) to enable the safe and proper use of an IVD medical device
(3.11)
Note 1 to entry: It includes the directions supplied by the manufacturer for the use, maintenance, troubleshooting and
disposal of an IVD medical device, as well as warnings and precautions.

ISO 22367:2026(en)
Note 2 to entry: Instructions for use can also be referred to as “package insert” or manual for instruments.
Note 3 to entry: Adapted from ISO 18113-1:2022, 3.1.36.
3.15
intended use
intended purpose
objective intent of an IVD manufacturer (3.10) regarding the use of a product, process (3.21) or service (3.38)
as reflected in the specifications, instructions and information supplied by the IVD manufacturer
Note 1 to entry: Intended use statements for IVD information supplied by the manufacturer (3.13) can include two
components: a description of the functionality of the IVD medical device (3.11) (e.g. an immunochemical measurement
procedure (3.19) for the detection of analyte “x” in serum or plasma), and a statement of the intended medical use of
the examination (3.3) results.
[SOURCE: ISO 18113-1:2022, 3.1.37, modified — In Note 1 to entry, “labelling” was changed to “information
supplied by the manufacturer”; Note 2 was removed.]
3.16
laboratory management
person(s) with responsibility for, and authority over, a laboratory
Note 1 to entry: Laboratory management has the power to delegate authority and provide resources within the
laboratory.
Note 2 to entry: The laboratory management includes the laboratory director(s) and delegates together with
individuals specifically assigned to ensure the quality of the activities of the laboratory.
[SOURCE: ISO 15189:2022, 3.15]
3.17
likelihood
chance of something happening
Note 1 to entry: In risk management terminology, the word “likelihood” is used to refer to the chance of something
happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively, and
described using general terms or mathematically (such as a probability (3.20) or a frequency (3.5) over a given time
period).
Note 2 to entry: The English language term “likelihood” does not have a direct equivalent in some languages; instead,
the equivalent of the term “probability” is often used. However, in English, “probability” is often narrowly interpreted
as a mathematical term. Therefore, in risk management terminology, “likelihood” is used with the intent that it should
have the same broad interpretation as the term “probability” has in many languages other than English.
[SOURCE: ISO 31073:2022, 3.3.16]
3.18
medical laboratory
laboratory
entity for the examination (3.8) of materials derived from the human body for the purpose of providing
information for the diagnosis, monitoring, management, prevention and treatment of disease, or assessment
of health
Note 1 to entry: The laboratory can also provide advice covering all aspects of examinations including appropriate
selection, the interpretation of results and advice on further examinations.
Note 2 to entry: Laboratory activities include pre-examination, examination and post-examination processes (3.21).
Note 3 to entry: Materials for examination include but are not limited to, microbiological, immunological, biochemical,
immunohaematological, haematological, biophysical, cytological, tissue and cells, and genetic material.
[SOURCE: ISO 15189:2022, 3.20]

ISO 22367:2026(en)
3.19
procedure
specified way to carry out an activity or a process (3.21)
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.20
probability
measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is impossibility and 1
is absolute certainty
Note 1 to entry: See definition of likelihood (3.17), Note 2 to entry.
[SOURCE: ISO 31073:2022, 3.3.19]
3.21
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service (3.38) depends on the
context of the reference.
[SOURCE: ISO 9000:2015, 3.4.1, modified — Notes 2 to 6 have been removed.]
3.22
reasonably foreseeable misuse
use of a product, process (3.21) or service (3.38) in a way not intended by the supplier, but which can result
from readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of intended users (3.43).
Note 2 to entry: In the context of consumer safety, the term “reasonably foreseeable use” is increasingly used as a
synonym for both “intended use” (3.15) and “reasonably foreseeable misuse”.
Note 3 to entry: Applies to use of examination (3.3) results by a healthcare provider (3.9) contrary to the intended use,
as well as use of IVD medical devices (3.11) by the laboratory contrary to the instructions for use (3.14).
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use of the device in a way not intended by the
manufacturer.
Note 5 to entry: Misuse is intended to mean incorrect or improper performance of an examination procedure (3.19) or
any procedure critical for patient safety.
[SOURCE: ISO/IEC Guide 51:2014, 3.7 modified — In the definition, “system” was changed to “process or
service”; examples were removed from Note 1; Notes 3 to 5 were added.]
3.23
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of verification
(3.45), preventive action and corrective action.
Note 2 to entry: Generally, records need not be under revision control.
[SOURCE: ISO 9000:2015, 3.8.10]
3.24
residual risk
risk (3.25) remaining after risk control (3.28) measures have been taken
[SOURCE: ISO/IEC Guide 63:2019, 3.9]

ISO 22367:2026(en)
3.25
risk
combination of the probability (3.19) of occurrence of harm (3.6) and the severity (3.39) of that harm
Note 1 to entry: This definition focuses on risks to the safety of patients and other persons. Other documents that
emphasize risk to a business enterprise will have alternative definitions.
[SOURCE: ISO/IEC Guide 51:2014, 3.9, modified — The original Note 1 to entry was removed and a new note
was added.]
3.26
risk analysis
systematic use of available information to identify hazards (3.7) and to estimate the risk (3.25)
Note 1 to entry: Risk analysis includes examination of different sequences of events (3.2) that can produce hazardous
situations (3.8) and harm (3.6).
[SOURCE: ISO/IEC Guide 51:2014, 3.10, modified — Note 1 to entry was added.]
3.27
risk assessment
overall process (3.21) comprising a risk analysis (3.26) and a risk evaluation (3.30)
[SOURCE: ISO/IEC Guide 51:2014, 3.11]
3.28
risk control
process (3.21) in which decisions are made and measures implemented by which risks (3.25) are reduced to,
or maintained within, specified levels
[SOURCE: ISO/IEC Guide 63:2019, 3.12]
3.29
risk estimation
process (3.21) used to assign values to the probability (3.19) of occurrence of harm (3.6) and the severity
(3.39) of that harm
[SOURCE: ISO/IEC Guide 63:2019, 3.13]
3.30
risk evaluation
process (3.21) of comparing the estimated risk (3.25) against given risk criteria to determine the acceptability
of the risk
[SOURCE: ISO/IEC Guide 63:2019, 3.14]
3.31
risk management
systematic application of management policies, procedures (3.19) and practices to the tasks of analysing,
evaluating, controlling and monitoring risk (3.25)
[SOURCE: ISO/IEC Guide 63:2019, 3.15]
3.32
risk management documentation
set of records (3.23) and other documents that are produced by risk management (3.31)
[SOURCE: ISO 14971:2019, 3.25, modified — The term “risk management file” was changed to “risk
management documentation”.]
ISO 22367:2026(en)
3.33
risk management plan
scheme specifying the approach, the management components and resources to be applied to the
management of risk (3.25)
[SOURCE: ISO 31073:2022, 3.2.3, modified — “scheme within the risk management framework” was changed
to “scheme”; the Notes to entry were removed.]
3.34
risk management policy
statement of the overall intentions and direction of an organization related to risk management (3.31)
[SOURCE: ISO 31073:2022, 3.2.2]
3.35
risk monitoring
surveillance
continual checking, critically observing or determining the status in order to identify change from the risk
(3.25) level required or expected
[SOURCE: ISO 31073:2022, 3.3.40, modified — The term “monitoring” has been changed to “risk monitoring”,
and surveillance was added as a preferred term; in the definition, “supervising” was deleted, and
“performance level” was changed to “risk level”; Note 1 to entry was deleted.]
3.36
risk reduction
actions taken to lessen the probability (3.19) or negative consequences, or both, associated with a risk (3.25)
[SOURCE: ISO 22300:2025, 3.2.20]
3.37
safety
freedom from unacceptable risk (3.25)
[SOURCE: ISO/IEC Guide 63:2019, 3.16]
3.38
service
laboratory medicine activity performed by a medical laboratory for the benefit (3.1) of patients, the
healthcare providers (3.9) responsible for the care of those patients, or screened populations
Note 1 to entry: Medical laboratory services include arrangements for examination (3.3) requests, patient preparation,
patient identification, collection, transportation, storage, processing and examination of clinical samples, together
with subsequent interpretation, reporting and advice, in addition to the considerations of safety (3.36) and ethics in
medical laborato
...