Medical devices -- Guidance on the application of ISO 14971

This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019. The risk management process can be part of a quality management system, for example one that is based on ISO 13485:2016[24], but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016 (Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook: ISO 13485:2016 — Medical devices — A practical guide[25].

Dispositifs médicaux -- Recommandations relatives à l'application de l'ISO 14971

Le présent document fournit des recommandations relatives au développement, ŕ la mise en œuvre et ŕ la tenue ŕ jour d'un systčme de gestion des risques pour les dispositifs médicaux conformément ŕ l'ISO 14971:2019. Le processus de gestion des risques peut faire partie d'un systčme de management de la qualité qui s'appuie, par exemple, sur l'ISO 13485:2016[24], mais cela n'est pas requis par l'ISO 14971:2019. Certaines exigences de l'ISO 13485:2016 (Article 7 relatif ŕ la réalisation du produit et 8.2.1[eXtyles1] relatives aux retours d'information au cours de la surveillance et du mesurage) portent sur la gestion des risques et peuvent ętre satisfaites en appliquant l'ISO 14971:2019. Voir également le manuel ISO: ISO 13485:2016 — Medical devices — A practical guide[25]. [eXtyles1]No section matches the in-text citation "8.2.1". Please supply the missing section or delete the citation.

General Information

Status
Published
Publication Date
15-Jun-2020
Current Stage
6060 - International Standard published
Start Date
16-Jun-2020
Ref Project

RELATIONS

Buy Standard

Technical report
ISO/TR 24971:2020REDLINE - Medical devices -- Guidance on the application of ISO 14971
English language
87 pages
sale 15% off
Preview
sale 15% off
Preview
Technical report
ISO/TR 24971:2020 - Medical devices -- Guidance on the application of ISO 14971
English language
87 pages
sale 15% off
Preview
sale 15% off
Preview
Technical report
ISO/TR 24971:2020 - Medical devices -- Guidance on the application of ISO 14971
English language
87 pages
sale 15% off
Preview
sale 15% off
Preview
Technical report
ISO/TR 24971:2020 - Dispositifs médicaux -- Recommandations relatives à l'application de l'ISO 14971
French language
104 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL ISO/TR
REPORT 24971
Redline version
compares Second edition to
First edition
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Recommandations relatives à l'application
de l'ISO 14971
Reference number
ISO/TR 24971:redline:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 24971:redline:2020(E)
IMPORTANT
This marked-up version uses the following colour-coding in the marked-up text:
Text example 1 — Text has been added (in green)
— Text has been deleted (in red)
Text example 2
— Graphic figure has been added
— Graphic figure has been deleted
1.x ... — If there are changes in a clause/subclause, the corresponding clause/
subclause number is highlighted in yellow in the Table of contents
DISCLAIMER

This marked-up version highlights the main changes in this edition of the document

compared with the previous edition. It does not focus on details (e.g. changes in

punctuation).

This marked-up version does not constitute the official ISO document and is not intended to

be used for implementation purposes.
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 24971:redline:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

2 3 The role of international product safety and process standards in risk

management Terms and definitions ................................................................................................................................................. 1

2.1 Overview ...................................................................................................................................................................................................... 1

2.2 Use of international product safety standards in risk management ........................................................ 2

2.3 International process standards and ISO 14971 ....................................................................................................... 4

3 4 Developing the policy for determining the criteria for General requirements for risk

acceptability management system ...................................................................................................................................................... 6

4.1 Risk management process ........................................................................................................................................................ 7

4.2 Management responsibilities ..................................................................................................................................................... 7

4.2.1 Top management commitment ......................................................................................................................... 7

4.2.2 Policy for establishing criteria for risk acceptability ....................................................................... 7

4.2.3 Suitability of the risk management process ........................................................................................ 7

4.3 Competence of personnel .............................................................................................................................................................. 7

4.4 Risk management plan .................................................................................................................................................................. 9

4.4.1 General...................................................................................................................................................................................... 9

4.4.2 Scope of the risk management plan ............................................................................................................. 9

4.4.3 Assignment of responsibilities and authorities .................................................................................... 9

4.4.4 Requirements for review of risk management activities ........................................................... 9

4.4.5 Criteria for risk acceptability ................................................................................................................................ 9

4.4.6 Method to evaluate overall residual risk and criteria for acceptability ......................10

4.4.7 Verification activities ...............................................................................................................................................10

4.4.8 Activities related to collection and review of production and post-

production information .........................................................................................................................................10

4.5 Risk management file ................................................................................................................................................................11

4 5 Production and post-production feedback loop Risk analysis  ..........................................................................11

5.1 Risk analysis process ..................................................................................................................................................................11

5.2 Intended use and reasonably foreseeable misuse ..........................................................................................11

5.3 Identification of characteristics related to safety ................................................................................................12

4.1 5.4 Overview Identification of hazards and hazardous situations ...............................................................13

5.4.1 Hazards ...............................................................................................................................................................................13

5.4.2 Hazardous situations in general ..................................................................................................................13

5.4.3 Hazardous situations resulting from faults ........................................................................................13

5.4.4 Hazardous situations resulting from random faults ...................................................................14

5.4.5 Hazardous situations resulting from systematic faults ............................................................14

5.4.6 Hazardous situations arising from security vulnerabilities .................................................15

5.4.7 Sequences or combinations of events ........................................................................................................15

4.2 5.5 Observation and transmission Risk estimation  .....................................................................................................17

5.5.1 General...................................................................................................................................................................................19

5.5.2 Probability ..........................................................................................................................................................................19

5.5.3 Risks for which probability cannot be estimated .............................................................................20

5.5.4 Severity ...............................................................................................................................................................................21

5.5.5 Examples ..............................................................................................................................................................................21

4.3 Assessment ..............................................................................................................................................................................................23

4.4 Action ...........................................................................................................................................................................................................24

6 Risk evaluation .....................................................................................................................................................................................................24

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TR 24971:redline:2020(E)

5 7 Differentiation of information for safety and disclosure of residual risk Risk control  .............24

7.1 Risk control option analysis ....................................................................................................................................................24

7.1.1 Risk control for medical device design ...................................................................................................24

7.1.2 Risk control for manufacturing processes ...........................................................................................26

7.1.3 Standards and risk control ................................................................................................................................27

7.2 Implementation of risk control measures ..................................................................................................................27

7.3 Residual risk evaluation .............................................................................................................................................................27

5.1 7.4 Difference between “information for safety” and “disclosure of residual risk”

 Benefit-risk analysis ......................................................................................................................................................................27

7.4.1 General...................................................................................................................................................................................28

7.4.2 Benefit estimation .......................................................................................................................................................28

7.4.3 Criteria for benefit-risk analysis ....................................................................................................................29

7.4.4 Benefit-risk comparison........................................................................................................................................29

7.4.5 Examples of benefit-risk analyses ................................................................................................................30

5.2 Information for safety ....................................................................................................................................................................30

5.3 7.5 Disclosure of residual risk Risks arising from risk control measures ..............................................30

7.6 Completeness of risk control ................................................................................................................................................31

6 8 Evaluation of overall residual risk ...................................................................................................................................................31

6.1 8.1 Overview General considerations.........................................................................................................................................31

8.2 Inputs and other considerations ..........................................................................................................................................32

6.2 8.3 Inputs and other considerations for overall residual risk evaluation Possible

approaches ..............................................................................................................................................................................................33

9 Risk management review ..........................................................................................................................................................................35

10 Production and post-production activities..............................................................................................................................35

10.1 General ........................................................................................................................................................................................................35

10.2 Information collection ...................................................................................................................................................................35

10.3 Information review ..........................................................................................................................................................................37

10.4 Actions .........................................................................................................................................................................................................38

Annex A (informative) Identification of hazards and characteristics related to safety ................................40

Annex B (informative) Techniques that support risk analysis ................................................................................................48

Annex C (informative) Relation between the policy, criteria for risk acceptability, risk

control and risk evaluation ......................................................................................................................................................................53

Annex D (informative) Information for safety and information on residual risk ...............................................58

Annex E (informative) Role of international standards in risk management .........................................................61

Annex F (informative) Guidance on risks related to security ..................................................................................................66

Annex G (informative) Components and devices designed without using ISO 14971 ...................................71

Annex H (informative) Guidance for in vitro diagnostic medical devices .....................................................................73

Bibliography .............................................................................................................................................................................................................................96

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 24971:redline:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2. (see www .iso .org/ directiveswww .iso .org/ directives

-and -policies).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received. (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see the following

URL: www .iso .org/ iso/ foreword .html.

ISO/TR 24971This document was prepared jointly by Technical Committee ISO/TC 210,

Quality management and corresponding general aspects for medical devices, and Technical

CommitteeSubcommittee IEC/SC 62A, Common aspects of electrical equipment used in medical practice.

The draft was circulated for voting to the national bodies of both ISO and IEC.

This second edition cancels and replaces the first edition, which has been technically revised. The main

changes compared to the previous edition are as follows:

— The clauses of ISO/TR 24971:2013 and some informative annexes of ISO 14971:2007 are merged,

restructured, technically revised, and supplemented with additional guidance.

— To facilitate the use of this document, the same structure and numbering of clauses and subclauses

as in ISO 14971:2019 is employed. The informative annexes contain additional guidance on specific

aspects of risk management.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/TR 24971:redline:2020(E)
Introduction

Experience indicates thatThis document provides guidance to assist manufacturers have difficulty

with practical implementation of some clauses of the in the development, implementation and

maintenance of a risk management International Standard, process for medical devices that aims to meet

the requirements of ISO 14971:20072019, Medical devices — Application of risk management to medical

devices. This Technical Report provides guidance to assist in the development, implementation and

maintenance of risk management for medical devices that aim to meet the requirements of It provides

guidance on the application of ISO 14971:2019. It provides guidance for specific aspects of for ISO 14971

for a wide variety of medical devices. These medical devices include active, non-active, implantable, and

non-implantable medical devices, software as medical devices and in vitro diagnostic medical devices.

This Technical Report is not intended to be an overall guidance document on the implementationThe

clauses and subclauses in this document have the same structure and numbering as the clauses

and subclauses of ISO 14971:2019 for organizations. It supplements the guidance contained in the

informative annexes, to facilitate the use of this guidance in applying the requirements of the standard.

Further division into subclauses is applied where considered useful. The informative annexes contain

additional guidance on specific aspects of risk management. The guidance consists of the clauses

of ISO 14971/TR 24971:2013 related to the following areasand some of the informative annexes of

ISO 14971:2007, which are merged, restructured, technically revised, and supplemented with additional

guidance.

— Guidance on the role of international product safety and process standards in risk management

— Guidance on developing the policy for determining the criteria for risk acceptability

— Guidance on how the production and post-production feedback loop can work

— Guidance on the differentiation of information for safety as a risk control measure and disclosure of

residual risk
— Guidance on the evaluation of overall residual risk

Annex H was prepared in cooperation with Technical Committee ISO/TC 212, Clinical laboratory testing

and in vitro diagnostic test systems.

This Technical Report provides somedocument describes approaches that manufacturersan organization

can use to develop, implement and maintain some aspects of a risk management process system that

conformsconforming to ISO 14971:2019. Alternative approaches can be used if thesealso satisfy the

requirements of ISO 14971:2019.

When judging the applicability of the guidance in this Technical Reportdocument, one should consider

the nature of the medical device(s) to which it will apply, the risks associated with the use ofhow and by

whom these medical devices are used, and the applicable regulatory requirements.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 24971:redline:2020(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope

This Technical Report provides guidance in addressing specific areasdocument provides guidance on

the development, implementation and maintenance of ISO 14971 when implementing risk managementa

risk management system for medical devices according to ISO 14971:2019.

The risk management processguidance is intended can be part of a quality management system, for

[24]

example one that is based on ISO 13485:2016 , but this is not required by ISO 14971:2019. Some

requirements in ISO 13485:2016 (Clause 7 on product realization and 8.2.1 on feedback during

monitoring and measurement) are related to risk managementassist manufacturers and other

users of and the standard tocan be fulfilled by applying ISO 14971:2019. See also the ISO Handbook:

[25]
ISO 13485:2016 — Medical devices — A practical guide .

— understand the role of international product safety and process standards in risk management;

— develop the policy for determining the criteria for risk acceptability;
— incorporate production and post-production feedback loop into risk management;

— differentiate between “information for safety” and “disclosure of residual risk”; and

— evaluate overall residual risk.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 14971:2019, Medical devices — Application of risk management to medical devices

2 3 The role of international product safety and process standards in risk
management Terms and definitions
2.1 Overview

International product safety and process standards play a significant role in risk management as

described by ISO 14971. In principle, these standards are developed using a type of risk management

that can include identifying hazards and hazardous situations, estimating risks, evaluating risks,

and specifying risk control measures. More information on a process for developing medical device

standards using a type of risk management can be found in documents such as ISO/IEC Guide 51 and

ISO/IEC Guide 63. International product safety and process standards are developed by experts in the

field and represent the generally accepted state of the art (see D.4 of ISO 14971:2007).

These standards can have an important role in risk management. When performing risk management,

the manufacturer first needs to consider the medical device being designed, its intended use and the

hazards/hazardous situations related to it. Manufacturers can, if they choose, identify standard(s)

that contain specific requirements that help manage the risks related to those hazards/hazardous

situations.

For medical devices that satisfy the requirements and compliance criteria of these standards, the

residual risks related to those hazards/hazardous situations can be considered acceptable unless there

© ISO 2020 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/TR 24971:redline:2020(E)

is objective evidence to the contrary. Some potential sources of objective evidence to the contrary can

include reports of adverse events, product recalls and complaints. The requirements of International

Standards, such as engineering or analytical processes, specific output limits, warning statements, or

design specifications, can be considered risk control measures established by the standards writers

that are intended to address the risks of specific hazardous situations that have been identified and

evaluated as needing risk control.

In many cases, the standards writers have taken on and completed elements of risk management

and provided manufacturers with answers in the form of design requirements and test methods for

establishing conformity. When performing risk management activities, manufacturers can take

advantage of the work of the standards writers and need not repeat the analyses leading to the

requirements of the standard. International standards, therefore, provide valuable information on risk

acceptability that has been validated during a worldwide evaluation process, including multiple rounds

of review, comment, and voting.
2.2 Use of international product safety standards in risk management

An international product safety standard can establish requirements that, when implemented, result in

acceptable risk for specific hazardous situations (e.g. safety limits). The manufacturer can apply these

requirements in the following way when managing risk.

a) Where an international product safety standard specifies technical requirements addressing

particular hazards or hazardous situations, together with specific acceptance criteria, compliance

with those requirements is presumed to establish that the residual risks have been reduced to

acceptable levels unless there is objective evidence to the contrary. For example, in IEC 60601-

1, Medical electrical equipment — Part 1: General requirements for basic safety and essential

performance, leakage current must be controlled to achieve an acceptable level of risk. IEC 60601-1

provides leakage current limits that are considered to result in an acceptable level of risk when

measured under the conditions stated in 8.7 of IEC 60601-1:2005. For this example, further risk

management would not be necessary. The following steps need to be taken in this case.

1) Implement 4.2 and 4.3 of ISO 14971:2007 to identify characteristics related to safety and

identify hazards and hazardous situations associated with the device as completely as possible.

2) Identify those hazards and hazardous situations relevant to the particular medical device that

are exactly covered by the international product safety standard.

3) For those identified hazards and hazardous situations exactly covered by the international

product safety standard, the manufacturer may choose not to estimate (4.4 of ISO 14971:2007)

or evaluate (Clause 5 of ISO 14971:2007) the risks so identified but rather rely on the

requirements contained in the international standard to demonstrate the completion of risk

estimation and risk evaluation.

4) To the extent possible, the manufacturer should identify the design specifications that satisfy

the requirements in the standard and serve as risk control measures (6.2 of ISO 14971:2007).

NOTE For some international product safety standards, the possibility of identifying all the specific

risk control measures is limited. One example is electromagnetic compatibility testing in IEC 60601–1-2,

Medical electrical equipment — Part 1-2: General requirements for basic safety and essential performance

— Collateral standard: Electromagnetic compatibility — Requirements and tests, for complex medical

devices.

5) Verification of the implementation of the risk control measures for these hazardous situations

is obtained from the design documents. Verification of the effectiveness of the risk control

measures is obtained from the tests and test results demonstrating that the device meets th

...

TECHNICAL ISO/TR
REPORT 24971
Second edition
2020-06
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Recommandations relatives à l'application de
l'ISO 14971
Reference number
ISO/TR 24971:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 24971:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 24971:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 General requirements for risk management system ...................................................................................................... 1

4.1 Risk management process ........................................................................................................................................................ 1

4.2 Management responsibilities ..................................................................................................................................................... 1

4.2.1 Top management commitment ......................................................................................................................... 1

4.2.2 Policy for establishing criteria for risk acceptability ....................................................................... 2

4.2.3 Suitability of the risk management process ........................................................................................ 2

4.3 Competence of personnel .............................................................................................................................................................. 2

4.4 Risk management plan .................................................................................................................................................................. 3

4.4.1 General...................................................................................................................................................................................... 3

4.4.2 Scope of the risk management plan ............................................................................................................. 4

4.4.3 Assignment of responsibilities and authorities .................................................................................... 4

4.4.4 Requirements for review of risk management activities ........................................................... 4

4.4.5 Criteria for risk acceptability ................................................................................................................................ 4

4.4.6 Method to evaluate overall residual risk and criteria for acceptability ......................... 5

4.4.7 Verification activities .................................................................................................................................................. 5

4.4.8 Activities related to collection and review of production and post-

production information ............................................................................................................................................ 5

4.5 Risk management file ................................................................................................................................................................... 5

5 Risk analysis ............................................................................................................................................................................................................. 6

5.1 Risk analysis process ..................................................................................................................................................................... 6

5.2 Intended use and reasonably foreseeable misuse ............................................................................................. 6

5.3 Identification of characteristics related to safety ................................................................................................... 7

5.4 Identification of hazards and hazardous situations .......................................................................................... 7

5.4.1 Hazards .................................................................................................................................................................................. 7

5.4.2 Hazardous situations in general ..................................................................................................................... 8

5.4.3 Hazardous situations resulting from faults ........................................................................................... 8

5.4.4 Hazardous situations resulting from random faults ...................................................................... 8

5.4.5 Hazardous situations resulting from systematic faults ............................................................... 8

5.4.6 Hazardous situations arising from security vulnerabilities .................................................... 9

5.4.7 Sequences or combinations of events ........................................................................................................... 9

5.5 Risk estimation .................................................................................................................................................................................11

5.5.1 General...................................................................................................................................................................................11

5.5.2 Probability ..........................................................................................................................................................................12

5.5.3 Risks for which probability cannot be estimated .............................................................................13

5.5.4 Severity ...............................................................................................................................................................................13

5.5.5 Examples ..............................................................................................................................................................................13

6 Risk evaluation .....................................................................................................................................................................................................16

7 Risk control ..............................................................................................................................................................................................................16

7.1 Risk control option analysis ....................................................................................................................................................16

7.1.1 Risk control for medical device design ...................................................................................................16

7.1.2 Risk control for manufacturing processes ...........................................................................................18

7.1.3 Standards and risk control ................................................................................................................................19

7.2 Implementation of risk control measures ..................................................................................................................19

7.3 Residual risk evaluation .............................................................................................................................................................19

7.4 Benefit-risk analysis .......................................................................................................................................................................19

7.4.1 General...................................................................................................................................................................................19

7.4.2 Benefit estimation .......................................................................................................................................................20

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/TR 24971:2020(E)

7.4.3 Criteria for benefit-risk analysis ....................................................................................................................21

7.4.4 Benefit-risk comparison........................................................................................................................................21

7.4.5 Examples of benefit-risk analyses ................................................................................................................21

7.5 Risks arising from risk control measures ...................................................................................................................22

7.6 Completeness of risk control ................................................................................................................................................22

8 Evaluation of overall residual risk ...................................................................................................................................................22

8.1 General considerations .................................................................................................................................................................22

8.2 Inputs and other considerations ..........................................................................................................................................23

8.3 Possible approaches ........................................................................................................................................................................24

9 Risk management review ..........................................................................................................................................................................25

10 Production and post-production activities..............................................................................................................................25

10.1 General ........................................................................................................................................................................................................25

10.2 Information collection ...................................................................................................................................................................25

10.3 Information review ..........................................................................................................................................................................27

10.4 Actions .........................................................................................................................................................................................................28

Annex A (informative) Identification of hazards and characteristics related to safety ................................30

Annex B (informative) Techniques that support risk analysis ................................................................................................38

Annex C (informative) Relation between the policy, criteria for risk acceptability, risk

control and risk evaluation ......................................................................................................................................................................43

Annex D (informative) Information for safety and information on residual risk ...............................................48

Annex E (informative) Role of international standards in risk management .........................................................51

Annex F (informative) Guidance on risks related to security ..................................................................................................56

Annex G (informative) Components and devices designed without using ISO 14971 ...................................61

Annex H (informative) Guidance for in vitro diagnostic medical devices .....................................................................63

Bibliography .............................................................................................................................................................................................................................86

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 24971:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives -and -policies).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see the following

URL: www .iso .org/ iso/ foreword .html.

This document was prepared jointly by Technical Committee ISO/TC 210, Quality management and

corresponding general aspects for medical devices, and Subcommittee IEC/SC 62A, Common aspects of

electrical equipment used in medical practice.

This second edition cancels and replaces the first edition, which has been technically revised. The main

changes compared to the previous edition are as follows:

— The clauses of ISO/TR 24971:2013 and some informative annexes of ISO 14971:2007 are merged,

restructured, technically revised, and supplemented with additional guidance.

— To facilitate the use of this document, the same structure and numbering of clauses and subclauses

as in ISO 14971:2019 is employed. The informative annexes contain additional guidance on specific

aspects of risk management.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/TR 24971:2020(E)
Introduction

This document provides guidance to assist manufacturers in the development, implementation and

maintenance of a risk management process for medical devices that aims to meet the requirements

of ISO 14971:2019, Medical devices — Application of risk management to medical devices. It provides

guidance on the application of ISO 14971:2019 for a wide variety of medical devices. These medical

devices include active, non-active, implantable, and non-implantable medical devices, software as medical

devices and in vitro diagnostic medical devices.

The clauses and subclauses in this document have the same structure and numbering as the clauses

and subclauses of ISO 14971:2019, to facilitate the use of this guidance in applying the requirements

of the standard. Further division into subclauses is applied where considered useful. The informative

annexes contain additional guidance on specific aspects of risk management. The guidance consists of

the clauses of ISO/TR 24971:2013 and some of the informative annexes of ISO 14971:2007, which are

merged, restructured, technically revised, and supplemented with additional guidance.

Annex H was prepared in cooperation with Technical Committee ISO/TC 212, Clinical laboratory testing

and in vitro diagnostic test systems.

This document describes approaches that manufacturers can use to develop, implement and maintain

a risk management process conforming to ISO 14971:2019. Alternative approaches can also satisfy the

requirements of ISO 14971:2019.

When judging the applicability of the guidance in this document, one should consider the nature of

the medical device(s) to which it will apply, how and by whom these medical devices are used, and the

applicable regulatory requirements.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 24971:2020(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope

This document provides guidance on the development, implementation and maintenance of a risk

management system for medical devices according to ISO 14971:2019.

The risk management process can be part of a quality management system, for example one that is based

[24]

on ISO 13485:2016 , but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016

(Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are

related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook:

[25]
ISO 13485:2016 — Medical devices — A practical guide .
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 14971:2019, Medical devices — Application of risk management to medical devices

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 14971:2019 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
[20]

NOTE The defined terms in ISO 14971:2019 are derived as much as possible from ISO/IEC Guide 63:2019

which was developed specifically for the medical device sector.
4 General requirements for risk management system
4.1 Risk management process

ISO 14971:2019 requires that the manufacturer establishes, implements, documents and maintains an

ongoing risk management process throughout the life cycle of the medical device. The required elements

in this process and the responsibilities of top management are given in ISO 14971:2019 and explained in

further detail in this document.
4.2 Management responsibilities
4.2.1 Top management commitment

Top management has the responsibility to establish and maintain an effective risk management process.

It is important to note the emphasis on top management in ISO 14971:2019 Top management has the

power to assign authorities and responsibilities, to set priorities and to provide resources within the

organization. Commitment at the highest level of the organization is essential for the risk management

process to be effective.
© ISO 2020 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/TR 24971:2020(E)

If the manufacturer’s organization consists of separate entities, for example business units or divisions,

then top management can refer to those individuals who direct and control the entity implementing the

risk management process. Each entity can have its own risk management process (and its own quality

management system).
4.2.2 Policy for establishing criteria for risk acceptability

ISO 14971:2019 requires top management to define and document the policy for establishing criteria

for risk acceptability. Annex C provides detailed guidance on how to define such a policy and which

elements should be included, such as applicable regulations, relevant international standards, the

generally acknowledged state of the art and known stakeholder concerns. Annex C also explains the

relation between the policy and the criteria for risk acceptability and how these criteria are used in risk

control and risk evaluation.

The policy can allow specific criteria for each type of medical device (or medical device family). This

can depend on the characteristics of the medical device and its intended use (including the intended

patient population). ISO 14971:2019 requires that the policy provides guidelines on how to establish the

criteria for acceptability of the overall residual risk.
4.2.3 Suitability of the risk management process

ISO 14971:2019 requires top management to review the suitability of the risk management process at

planned intervals. The review of the suitability is a high-level review of the risk management process

and can include reviewing the following aspects, for example:
— the effectiveness of the implemented risk management procedures;

— the adequacy of the criteria for risk acceptability, which can imply the need for an adaptation of the

criteria for risk acceptability for specific medical devices; and

— the effectiveness of the feedback loop of the production and post-production information (see 10.4).

4.3 Competence of personnel

Ensuring the assignment of competent personnel is a responsibility of top management. Examples of

the personnel that can be involved in specific risk management tasks and the relevant knowledge and

experience supporting effective completion of the associated tasks are given in Table 1.

Some risk management activities can be performed by external consultants or specialists. The

required competence should be documented as well as the objective evidence of the fulfilment of these

requirements.
Table 1 — Examples of competent personnel and relevant knowledge and experience
Personnel or function Knowledge and experience
Risk management owner Medical device risk management process
Engineer or scientist Medical device technologies, design and
operating principles
Operations Manufacturing processes
Supply-chain management Sources of material and services, in-
cluding outsourced processes
Medical or clinical expert Clinical evaluation methodologies and
requirements
Use in medical practice, including ben-
efits, hazardous situations and possible
harm
2 © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 24971:2020(E)
Table 1 (continued)
Personnel or function Knowledge and experience
Regulatory affairs Regulatory requirements pertaining to
safety and risk management in coun-
tries/regions where the medical device
is intended to be marketed
Quality assurance Quality management systems and qual-
ity practices
Packaging, storage, handling Hazards and risk control measures in
and distribution relation to packaging, storage, handling
and distribution
Service engineer, biomedical Hazards and risk control measures in
engineer or medical physicist relation to installation, maintenance,
repair, calibration, service and support
processes and practices
Post-production Customer complaints and adverse event
reporting, post-market surveillance
Information services Data mining processes, methodologies
for literature search
All individuals involved in the Expertise in the functional area for
review and approval of the which they are reviewing and approving
records

Consider the need to include the following topics in the education of risk management experts:

— management of a risk management program for medical devices;
— ethics, safety, security and liability;
— concepts of risk, risk acceptability and benefit-risk analysis;
— probability and statistics for risk management and reliability;
— risk management and reliability in design and development;
— relevant standards and regulations;

— risk estimation including methods to determine the severity and probability of occurrence of harm;

— risk assessment methodology;
— methods for risk control;
— methods for verifying the effectiveness of risk control measures;
— methods for analysing production and post-production information.
4.4 Risk management plan
4.4.1 General

The risk management plan describes the scope of the risk management activities, the responsibilities

and authorities of those involved, the criteria for risk acceptability, the production and post-production

information to be collected and reviewed for the medical device, and all risk management activities that

are carried out during the entire product life cycle. The risk management plan can be a separate document,

or it can be integrated with other documentation, e.g. quality management system documentation. It

© ISO 2020 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO/TR 24971:2020(E)

can be self-contained or it can reference other documents, such as planning of clinical, biological or

usability evaluations or planning of post-production activities.

The risk management plan is a “living document” that will be reviewed and updated throughout the life

cycle of the medical device as new information becomes available. The information should be collected

on a continuous basis, even after the last medical device is sold and placed on the market. ISO 14971:2019

requires that changes to the risk management plan be recorded in the risk management file.

The extent of planned activities and the level of detail of the risk management plan should be

commensurate with the level of risk associated with the medical device. The requirements in

ISO 14971:2019 are the minimum requirements for a risk management plan. Manufacturers can include

other items such as time-schedule, risk analysis tools, or a rationale for the choice of specific risk

acceptability criteria.
4.4.2 Scope of the risk management plan

The scope identifies and describes the medical device and the life cycle phases for which each element of

the plan is applicable.

Some of the elements of the risk management plan can apply to the product realization process (design,

development and production of the medical device). Other elements can apply to the production and

post-production phase (such as installation, use, maintenance, decommissioning and disposal of the

medical device).
4.4.3 Assignment of responsibilities and authorities

The risk management plan identifies the personnel or functions with responsibility for the execution

of specific activities related to risk management (see Table 1). In addition, the risk management plan

identifies the individuals with appropriate authority to review and approve risk management decisions

and actions. This can entail assignment of personnel familiar with the unique characteristics of the

medical device (or medical device family) and their possible relevance to safety. This assignment can

be included in a resource allocation matrix defined for the specific life cycle phase and the activities

covered in the scope of the plan.
4.4.4 Requirements for review of risk management activities
The risk management plan details how and when
...

TECHNICAL ISO/TR
REPORT 24971
Second edition
2020-05
Medical devices — Guidance on the
application of ISO 14971
Dispositifs médicaux — Directives relatives à l'ISO 14971
PROOF/ÉPREUVE
Reference number
ISO/TR 24971:2020(E)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 24971:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/TR 24971:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 General requirements for risk management system ...................................................................................................... 1

4.1 Risk management process ........................................................................................................................................................ 1

4.2 Management responsibilities ..................................................................................................................................................... 1

4.2.1 Top management commitment ......................................................................................................................... 1

4.2.2 Policy for establishing criteria for risk acceptability ....................................................................... 2

4.2.3 Suitability of the risk management process ........................................................................................ 2

4.3 Competence of personnel .............................................................................................................................................................. 2

4.4 Risk management plan .................................................................................................................................................................. 3

4.4.1 General...................................................................................................................................................................................... 3

4.4.2 Scope of the risk management plan ............................................................................................................. 4

4.4.3 Assignment of responsibilities and authorities .................................................................................... 4

4.4.4 Requirements for review of risk management activities ........................................................... 4

4.4.5 Criteria for risk acceptability ................................................................................................................................ 4

4.4.6 Method to evaluate overall residual risk and criteria for acceptability ......................... 4

4.4.7 Verification activities .................................................................................................................................................. 5

4.4.8 Activities related to collection and review of production and post-

production information ............................................................................................................................................ 5

4.5 Risk management file ................................................................................................................................................................... 5

5 Risk analysis ............................................................................................................................................................................................................. 6

5.1 Risk analysis process ..................................................................................................................................................................... 6

5.2 Intended use and reasonably foreseeable misuse ............................................................................................. 6

5.3 Identification of characteristics related to safety ................................................................................................... 7

5.4 Identification of hazards and hazardous situations ................................................................................................ 7

5.4.1 Hazards .................................................................................................................................................................................. 7

5.4.2 Hazardous situations in general ......................................................................................................................... 7

5.4.3 Hazardous situations resulting from faults ........................................................................................... 8

5.4.4 Hazardous situations resulting from random faults ...................................................................... 8

5.4.5 Hazardous situations resulting from systematic faults ............................................................... 8

5.4.6 Hazardous situations arising from security vulnerabilities .................................................... 9

5.4.7 Sequences or combinations of events ........................................................................................................... 9

5.5 Risk estimation .................................................................................................................................................................................11

5.5.1 General...................................................................................................................................................................................11

5.5.2 Probability ..........................................................................................................................................................................12

5.5.3 Risks for which probability cannot be estimated .............................................................................12

5.5.4 Severity ...............................................................................................................................................................................13

5.5.5 Examples ..............................................................................................................................................................................13

6 Risk evaluation .....................................................................................................................................................................................................15

7 Risk control ..............................................................................................................................................................................................................15

7.1 Risk control option analysis ....................................................................................................................................................15

7.1.1 Risk control for medical device design ...................................................................................................15

7.1.2 Risk control for manufacturing processes ...........................................................................................17

7.1.3 Standards and risk control ................................................................................................................................18

7.2 Implementation of risk control measures ..................................................................................................................18

7.3 Residual risk evaluation .............................................................................................................................................................18

7.4 Benefit-risk analysis .......................................................................................................................................................................18

7.4.1 General...................................................................................................................................................................................18

7.4.2 Benefit estimation .......................................................................................................................................................19

© ISO 2020 – All rights reserved PROOF/ÉPREUVE iii
---------------------- Page: 3 ----------------------
ISO/TR 24971:2020(E)

7.4.3 Criteria for benefit-risk analysis ....................................................................................................................20

7.4.4 Benefit-risk comparison........................................................................................................................................20

7.4.5 Examples of benefit-risk analyses ................................................................................................................20

7.5 Risks arising from risk control measures ...................................................................................................................21

7.6 Completeness of risk control ................................................................................................................................................21

8 Evaluation of overall residual risk ...................................................................................................................................................21

8.1 General considerations .................................................................................................................................................................21

8.2 Inputs and other considerations ..........................................................................................................................................22

8.3 Possible approaches ........................................................................................................................................................................23

9 Risk management review ..........................................................................................................................................................................24

10 Production and post-production activities..............................................................................................................................24

10.1 General ........................................................................................................................................................................................................24

10.2 Information collection ...................................................................................................................................................................24

10.3 Information review ..........................................................................................................................................................................26

10.4 Actions .........................................................................................................................................................................................................27

Annex A (informative) Identification of hazards and characteristics related to safety ................................29

Annex B (informative) Techniques that support risk analysis ................................................................................................37

Annex C (informative) Relation between the policy, criteria for risk acceptability,risk

control and risk evaluation ......................................................................................................................................................................42

Annex D (informative) Information for safety and information on residual risk ...............................................47

Annex E (informative) Role of international standards in risk management .........................................................50

Annex F (informative) Guidance on risks related to security ..................................................................................................55

Annex G (informative) Components and devices designed without using ISO 14971 ...................................60

Annex H (informative) Guidance for in vitro diagnostic medical devices .....................................................................62

Bibliography .............................................................................................................................................................................................................................85

iv PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/TR 24971:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives -and -policies).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see the following

URL: www .iso .org/ iso/ foreword .html.

This document was prepared jointly by Technical Committee ISO/TC 210, Quality management and

corresponding general aspects for medical devices, and Subcommittee IEC/SC 62A, Common aspects of

electrical equipment used in medical practice.

This second edition cancels and replaces the first edition, which has been technically revised. The main

changes compared to the previous edition are as follows:

— The clauses of ISO/TR 24971:2013 and some informative annexes of ISO 14971:2007 are merged,

restructured, technically revised, and supplemented with additional guidance.

— To facilitate the use of this document, the same structure and numbering of clauses and subclauses

as in ISO 14971:2019 is employed. The informative annexes contain additional guidance on specific

aspects of risk management.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved PROOF/ÉPREUVE v
---------------------- Page: 5 ----------------------
ISO/TR 24971:2020(E)
Introduction

This document provides guidance to assist manufacturers in the development, implementation and

maintenance of a risk management process for medical devices that aims to meet the requirements

of ISO 14971:2019, Medical devices — Application of risk management to medical devices. It provides

guidance on the application of ISO 14971:2019 for a wide variety of medical devices. These medical

devices include active, non-active, implantable, and non-implantable medical devices, software as medical

devices and in vitro diagnostic medical devices.

The clauses and subclauses in this document have the same structure and numbering as the clauses

and subclauses of ISO 14971:2019, to facilitate the use of this guidance in applying the requirements

of the standard. Further division into subclauses is applied where considered useful. The informative

annexes contain additional guidance on specific aspects of risk management. The guidance consists of

the clauses of ISO/TR 24971:2013 and some of the informative annexes of ISO 14971:2007, which are

merged, restructured, technically revised, and supplemented with additional guidance.

Annex H was prepared in cooperation with Technical Committee ISO/TC 212, Clinical laboratory testing

and in vitro diagnostic test systems.

This document describes approaches that manufacturers can use to develop, implement and maintain

a risk management process conforming to ISO 14971:2019. Alternative approaches can also satisfy the

requirements of ISO 14971:2019.

When judging the applicability of the guidance in this document, one should consider the nature of

the medical device(s) to which it will apply, how and by whom these medical devices are used, and the

applicable regulatory requirements.
vi PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT ISO/TR 24971:2020(E)
Medical devices — Guidance on the application of ISO 14971
1 Scope

This document provides guidance on the development, implementation and maintenance of a risk

management system for medical devices according to ISO 14971:2019.

The risk management process can be part of a quality management system, for example one that is based

[24]

on ISO 13485:2016 , but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016

(Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are

related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook:

[25]
ISO 13485:2016 — Medical devices — A practical guide .
2 Normative references

ISO 14971:2019, Medical devices — Application of risk management to medical devices

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 14971:2019 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
[20]

NOTE The defined terms in ISO 14971:2019 are derived as much as possible from ISO/IEC Guide 63:2019

which was developed specifically for the medical device sector.
4 General requirements for risk management system
4.1 Risk management process

ISO 14971:2019 requires that the manufacturer establishes, implements, documents and maintains an

ongoing risk management process throughout the life cycle of the medical device. The required elements

in this process and the responsibilities of top management are given in ISO 14971:2019 and explained in

further detail in this document.
4.2 Management responsibilities
4.2.1 Top management commitment

Top management has the responsibility to establish and maintain an effective risk management process.

It is important to note the emphasis on top management in ISO 14971:2019 Top management has the

power to assign authorities and responsibilities, to set priorities and to provide resources within the

organization. Commitment at the highest level of the organization is essential for the risk management

process to be effective.

If the manufacturer’s organization consists of separate entities, for example business units or divisions,

then top management can refer to those individuals who direct and control the entity implementing the

risk management process. Each entity can have its own risk management process (and its own quality

management system).
© ISO 2020 – All rights reserved PROOF/ÉPREUVE 1
---------------------- Page: 7 ----------------------
ISO/TR 24971:2020(E)
4.2.2 Policy for establishing criteria for risk acceptability

ISO 14971:2019 requires top management to define and document the policy for establishing criteria

for risk acceptability. Annex C provides detailed guidance on how to define such a policy and which

elements should be included, such as applicable regulations, relevant international standards, the

generally acknowledged state of the art and known stakeholder concerns. Annex C also explains the

relation between the policy and the criteria for risk acceptability and how these criteria are used in risk

control and risk evaluation.

The policy can allow specific criteria for each type of medical device (or medical device family). This

can depend on the characteristics of the medical device and its intended use (including the intended

patient population). ISO 14971:2019 requires that the policy provides guidelines on how to establish the

criteria for acceptability of the overall residual risk.
4.2.3 Suitability of the risk management process

ISO 14971:2019 requires top management to review the suitability of the risk management process at

planned intervals. The review of the suitability is a high-level review of the risk management process

and can include reviewing the following aspects, for example:
— the effectiveness of the implemented risk management procedures;

— the adequacy of the criteria for risk acceptability, which can imply the need for an adaptation of the

criteria for risk acceptability for specific medical devices; and

— the effectiveness of the feedback loop of the production and post-production information (see 10.4).

4.3 Competence of personnel

Ensuring the assignment of competent personnel is a responsibility of top management. Examples of

the personnel that can be involved in specific risk management tasks and the relevant knowledge and

experience supporting effective completion of the associated tasks are given in Table 1.

Some risk management activities can be performed by external consultants or specialists. The

required competence should be documented as well as the objective evidence of the fulfilment of these

requirements.
Table 1 — Examples of competent personnel and relevant knowledge and experience
Personnel or function Knowledge and experience
Risk management owner Medical device risk management process
Engineer or scientist Medical device technologies, design and
operating principles
Operations Manufacturing processes
Supply-chain management Sources of material and services, in-
cluding outsourced processes
Medical or clinical expert Clinical evaluation methodologies and
requirements
Use in medical practice, including ben-
efits, hazardous situations and possible
harm
Regulatory affairs Regulatory requirements pertaining to
safety and risk management in coun-
tries/regions where the medical device
is intended to be marketed
Quality assurance Quality management systems and qual-
ity practices
2 PROOF/ÉPREUVE © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/TR 24971:2020(E)
Table 1 (continued)
Personnel or function Knowledge and experience
Packaging, storage, handling Hazards and risk control measures in
and distribution relation to packaging, storage, handling
and distribution
Service engineer, biomedical Hazards and risk control measures in
engineer or medical physicist relation to installation, maintenance,
repair, calibration, service and support
processes and practices
Post-production Customer complaints and adverse event
reporting, post-market surveillance
Information services Data mining processes, methodologies
for literature search
All individuals involved in the Expertise in the functional area for
review and approval of the which they are reviewing and approving
records

Consider the need to include the following topics in the education of risk management experts:

— management of a risk management program for medical devices;
— ethics, safety, security and liability;
— concepts of risk, risk acceptability and benefit-risk analysis;
— probability and statistics for risk management and reliability;
— risk management and reliability in design and development;
— relevant standards and regulations;

— risk estimation including methods to determine the severity and probability of occurrence of harm;

— risk assessment methodology;
— methods for risk control;
— methods for verifying the effectiveness of risk control measures;
— methods for analysing production and post-production information.
4.4 Risk management plan
4.4.1 General

The risk management plan describes the scope of the risk management activities, the responsibilities

and authorities of those involved, the criteria for risk acceptability, the production and post-production

information to be collected and reviewed for the medical device, and all risk management activities that

are carried out during the entire product life cycle. The risk management plan can be a separate document,

or it can be integrated with other documentation, e.g. quality management system documentation. It

can be self-contained or it can reference other documents, such as planning of clinical, biological or

usability evaluations or planning of post-production activities.

The risk management plan is a “living document” that will be reviewed and updated throughout the life

cycle of the medical device as new information becomes available. The information should be collected

on a continuous basis, even after the last medical device is sold and placed on the market. ISO 14971:2019

requires that changes to the risk management plan be recorded in the risk management file.

The extent of planned activities and the level of detail of the risk management plan should be

commensurate with the level of risk associated with the medical device. The requirements in

© ISO 2020 – All rights reserved PROOF/ÉPREUVE 3
---------------------- Page: 9 ----------------------
ISO/TR 24971:2020(E)

ISO 14971:2019 are the minimum requirements for a risk management plan. Manufacturers can include

other items such as time-schedule, risk analysis tools, or a rationale for the choice of specific risk

acceptability criteria.
4.4.2 Scope of the risk management plan

The scope identifies and describes the medical device and the life cycle phases for which each element of

the plan is applicable.

Some of the elements of the risk management plan can apply to the product realization process (design,

development and production of the medical device). Other elements can apply to the production and

post-production phase (such as installation, use, maintenance, decommissioning and disposal of the

medical device).
4.4.3 Assignment of responsibilities and authorities

The risk management plan identifies the personnel or functions with responsibility for the execution

of specific activities related to risk management (see Table 1). In addition, the risk management plan

identifies the individuals with appropriate authority to review and approve risk management decisions

and actions. This can entail assignment of personnel familiar with the unique characteristics of the

medical device (or medical device family) and their possible relevance to safety. This assignment can

be included in a resource allocation matrix defined for the specific life cycle phase and the activities

covered in the scope of the plan.
4.4.4 Requirements for review of risk management activities

The risk management plan details how and when the risk management activities will be reviewed for a

specific medical device (or medical device family). This should include the review method, the responsible

individuals or f
...

RAPPORT ISO/TR
TECHNIQUE 24971
Deuxième édition
2020-06
Dispositifs médicaux —
Recommandations relatives à
l'application de l'ISO 14971
Medical devices — Guidance on the application of ISO 14971
Numéro de référence
ISO/TR 24971:2020(F)
ISO 2020
---------------------- Page: 1 ----------------------
ISO/TR 24971:2020(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2020

Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette

publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,

y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut

être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.

ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii © ISO 2020 – Tous droits réservés
---------------------- Page: 2 ----------------------
ISO/TR 24971:2020(F)
Sommaire Page

Avant-propos ................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Domaine d’application ................................................................................................................................................................................... 1

2 Références normatives ................................................................................................................................................................................... 1

3 Termes et définitions ....................................................................................................................................................................................... 1

4 Exigences générales relatives au système de gestion des risques ...................................................................... 1

4.1 Processus de gestion des risques......................................................................................................................................... 1

4.2 Responsabilités de la direction ................................................................................................................................................. 2

4.2.1 Implication de la direction ..................................................................................................................................... 2

4.2.2 Politique d’établissement des critères d’acceptabilité du risque ......................................... 2

4.2.3 Adéquation du processus de gestion des risques ............................................................................. 2

4.3 Compétence du personnel ............................................................................................................................................................ 2

4.4 Plan de gestion des risques ........................................................................................................................................................ 4

4.4.1 Généralités ............................................................................................................................................................................ 4

4.4.2 Champ d’application du plan de gestion des risques ..................................................................... 4

4.4.3 Attribution des responsabilités et des autorités .................................................................................. 5

4.4.4 Exigences relatives à l’examen des activités de gestion des risques................................. 5

4.4.5 Critères d’acceptabilité du risque .................................................................................................................... 5

4.4.6 Méthode d’évaluation du risque résiduel global et critères d’acceptabilité ............... 5

4.4.7 Activités de vérification............................................................................................................................................ 5

4.4.8 Activités associées à la collecte et à l’examen des informations de

production et de postproduction ..................................................................................................................... 6

4.5 Dossier de gestion des risques ............................................................................................................................................... 6

5 Analyse des risques ............................................................................................................................................................................................. 7

5.1 Processus d’analyse des risques .......................................................................................................................................... 7

5.2 Utilisation prévue et mauvaise utilisation raisonnablement prévisible ..................................... 7

5.3 Identification des caractéristiques relatives à la sécurité ................................................................................ 8

5.4 Identification des dangers et des situations dangereuses ........................................................................... 9

5.4.1 Dangers ................................................................................................................................................................................... 9

5.4.2 Situations dangereuses en général ............................................................................................................... 9

5.4.3 Situations dangereuses résultant de défaillances ............................................................................ 9

5.4.4 Situations dangereuses résultant de défaillances aléatoires ................................................. 9

5.4.5 Situations dangereuses résultant de défaillances systématiques ...................................10

5.4.6 Situations dangereuses découlant de vulnérabilités de sûreté .........................................10

5.4.7 Séquences ou combinaisons d’événements ...........................................................................................11

5.5 Estimation des risques ...............................................................................................................................................................13

5.5.1 Généralités .........................................................................................................................................................................13

5.5.2 Probabilité ..........................................................................................................................................................................14

5.5.3 Risques pour lesquels la probabilité ne peut pas être estimée ............................................15

5.5.4 Gravité ...................................................................................................................................................................................16

5.5.5 Exemples ..............................................................................................................................................................................16

6 Évaluation des risques ..................................................................................................................................................................................19

7 Maîtrise des risques .........................................................................................................................................................................................19

7.1 Analyse des options de maîtrise des risques ...........................................................................................................19

7.1.1 Maîtrise des risques lors de la conception de dispositifs médicaux ...........................19

7.1.2 Maîtrise des risques lors des processus de fabrication ...........................................................21

7.1.3 Normes et maîtrise des risques .....................................................................................................................22

7.2 Mise en œuvre des mesures de maîtrise des risques .......................................................................................22

7.3 Évaluation des risques résiduels ........................................................................................................................................22

7.4 Analyse du bénéfice/risque .....................................................................................................................................................23

7.4.1 Généralités .........................................................................................................................................................................23

7.4.2 Estimation des bénéfices ......................................................................................................................................23

© ISO 2020 – Tous droits réservés iii
---------------------- Page: 3 ----------------------
ISO/TR 24971:2020(F)

7.4.3 Critères pour l’analyse du bénéfice/risque ..........................................................................................24

7.4.4 Comparaison du bénéfice/risque .................................................................................................................24

7.4.5 Exemples d’analyses du bénéfice/risque ...............................................................................................25

7.5 Risques découlant des mesures de maîtrise des risques .............................................................................26

7.6 Maîtrise complète des risques .............................................................................................................................................26

8 Évaluation du risque résiduel global .............................................................................................................................................26

8.1 Considérations générales ............................................................................................................................................................26

8.2 Éléments d’entrée et autres considérations ...............................................................................................................27

8.3 Approches possibles........................................................................................................................................................................28

9 Revue de la gestion des risques ...........................................................................................................................................................29

10 Activités de production et de postproduction ......................................................................................................................30

10.1 Généralités ...............................................................................................................................................................................................30

10.2 Collecte des informations ...........................................................................................................................................................30

10.3 Examen des informations ...........................................................................................................................................................32

10.4 Actions .........................................................................................................................................................................................................33

Annexe A (informative) Identification des dangers et des caractéristiques relatives à la sécurité..35

Annexe B (informative) Techniques visant à étayer une analyse des risques .........................................................44

Annexe C (informative) Relation entre la politique, les critères d’acceptabilité du risque, la

maîtrise des risques et l’évaluation des risques .................................................................................................................50

Annexe D (informative) Informations relatives à la sécurité et au risque résiduel ............................................56

Annexe E (informative) Rôle des normes internationales dans la gestion des risques .................................59

Annexe F (informative) Recommandations concernant les risques relatifs à la sûreté ...............................65

Annexe G (informative) Composants et dispositifs conçus sans recourir à l’ISO 14971 .............................70

Annexe H (informative) Recommandations pour les dispositifs médicaux de diagnostic in vitro ......73

Bibliographie .......................................................................................................................................................................................................................103

iv © ISO 2020 – Tous droits réservés
---------------------- Page: 4 ----------------------
ISO/TR 24971:2020(F)
Avant-propos

L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes

nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est

en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude

a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,

gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.

L’ISO collabore étroitement avec la Commission électrotechnique internationale (IEC) en ce qui

concerne la normalisation électrotechnique.

Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont

décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier de prendre note des différents

critères d’approbation requis pour les différents types de documents ISO. Le présent document a été

rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir www

.iso .org/ directives).

L’attention est attirée sur le fait que certains des éléments du présent document peuvent faire l’objet de

droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable

de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant

les références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de

l’élaboration du document sont indiqués dans l’Introduction et/ou dans la liste des déclarations de

brevets reçues par l’ISO (voir www .iso .org/ brevets).

Les appellations commerciales éventuellement mentionnées dans le présent document sont données

pour information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un

engagement.

Pour une explication de la nature volontaire des normes, la signification des termes et expressions

spécifiques de l’ISO liés à l’évaluation de la conformité, ou pour toute information au sujet de l’adhésion

de l’ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles

techniques au commerce (OTC), voir le lien suivant: www .iso .org/ iso/ fr/ avant -propos.

Le présent document a été élaboré conjointement par le Comité technique ISO/TC 210, Management

de la qualité et aspects généraux correspondants des dispositifs médicaux, et le sous-comité IEC/SC 62A,

Aspects généraux des équipements électriques utilisés en pratique médicale.

Cette deuxième édition annule et remplace la première édition, qui a fait l’objet d’une révision technique.

Les principales modifications par rapport à l’édition précédente sont les suivantes:

— les articles de l’ISO/TR 24971:2013 ainsi que certaines annexes informatives de l’ISO 14971:2007 ont

été fusionnés, ont fait l’objet d’une révision technique et ont été enrichis par des recommandations

supplémentaires;

— afin de faciliter l’utilisation du présent document, ce dernier utilise la même structure et la

même numérotation d’articles et de paragraphes que l’ISO 14971:2019. Les annexes informatives

contiennent des recommandations supplémentaires relatives aux aspects spécifiques de la gestion

des risques.

Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent

document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes

se trouve à l’adresse www .iso .org/ fr/ members .html.
© ISO 2020 – Tous droits réservés v
---------------------- Page: 5 ----------------------
ISO/TR 24971:2020(F)
Introduction

Le présent document fournit des recommandations pour aider les fabricants dans le cadre du

développement, de la mise en œuvre et de la tenue à jour d’un processus de gestion des risques pour

les dispositifs médicaux visant à satisfaire aux exigences de l’ISO 14971:2019, Dispositifs médicaux —

Application de la gestion des risques aux dispositifs médicaux. Il fournit des recommandations relatives à

l’application de l’ISO 14971:2019 pour un large éventail de dispositifs médicaux. Ces dispositifs médicaux

comprennent les dispositifs médicaux actifs, non actifs, implantables et non implantables, les logiciels

utilisés en tant que dispositifs médicaux et les dispositifs médicaux de diagnostic in vitro.

Les articles et paragraphes du présent document possèdent une structure et une numérotation

identiques à celles des articles et paragraphes de l’ISO 14971:2019 afin de faciliter l’utilisation des

recommandations relatives à l’application des exigences de cette norme. Certains articles sont divisés

en paragraphes lorsque cela est jugé utile. Les annexes informatives contiennent des recommandations

supplémentaires relatives aux aspects spécifiques de la gestion des risques. Les recommandations

réunissent les articles de l’ISO/TR 24971:2013 ainsi que certaines annexes informatives de

l’ISO 14971:2007 qui ont été fusionnés, ont fait l’objet d’une révision technique et ont été enrichis par

des recommandations supplémentaires.

L’Annexe H a été élaborée en coopération avec le Comité technique ISO/TC 212, Laboratoires d’analyses

de biologie médicale et systèmes de diagnostic in vitro.

Le présent document décrit des approches que les fabricants peuvent utiliser pour développer, mettre

en œuvre et tenir à jour un processus de gestion des risques conforme à l’ISO 14971:2019. D’autres

approches peuvent également satisfaire aux exigences de l’ISO 14971:2019.

Au moment de déterminer l’applicabilité des recommandations contenues dans le présent document,

il convient de tenir compte de la nature du ou des dispositifs médicaux auxquels les recommandations

s’appliqueront, de la façon dont ces dispositifs médicaux sont utilisés et par quelles personnes, ainsi que

des exigences réglementaires applicables.
vi © ISO 2020 – Tous droits réservés
---------------------- Page: 6 ----------------------
RAPPORT TECHNIQUE ISO/TR 24971:2020(F)
Dispositifs médicaux — Recommandations relatives à
l'application de l'ISO 14971
1 Domaine d’application

Le présent document fournit des recommandations relatives au développement, à la mise en œuvre

et à la tenue à jour d’un système de gestion des risques pour les dispositifs médicaux conformément à

l’ISO 14971:2019.

Le processus de gestion des risques peut faire partie d’un système de management de la qualité qui

[24]

s’appuie, par exemple, sur l’ISO 13485:2016 , mais cela n’est pas requis par l’ISO 14971:2019. Certaines

exigences de l’ISO 13485:2016 (Article 7 relatif à la réalisation du produit et 8.2.1 relatives aux retours

d’information au cours de la surveillance et du mesurage) portent sur la gestion des risques et peuvent

être satisfaites en appliquant l’ISO 14971:2019. Voir également le manuel ISO: ISO 13485:2016 — Medical

[25]
devices — A practical guide .
2 Références normatives

Les documents suivants sont cités dans le texte de sorte qu’ils constituent, pour tout ou partie de leur

contenu, des exigences du présent document. Pour les références datées, seule l’édition citée s’applique.

Pour les références non datées, la dernière édition du document de référence s'applique (y compris les

éventuels amendements).

ISO 14971:2019, Dispositifs médicaux — Application de la gestion des risques aux dispositifs médicaux

3 Termes et définitions

Pour les besoins du présent document, les termes et définitions de l’ISO 14971:2019 s’appliquent.

L’ISO et l’IEC tiennent à jour des bases de données terminologiques destinées à être utilisées en

normalisation, consultables aux adresses suivantes:

— ISO Online browsing platform: disponible à l’adresse https:// www .iso .org/ obp;

— IEC Electropedia: disponible à l’adresse http:// www .electropedia .org/ .

NOTE Les termes définis dans l’ISO 14971:2019 proviennent dans la mesure du possible du

[20]

Guide ISO/IEC 63:2019 , qui a été spécialement élaboré pour le secteur des dispositifs médicaux.

4 Exigences générales relatives au système de gestion des risques
4.1 Processus de gestion des risques

L’ISO 14971:2019 impose que le fabricant établisse, mette en œuvre, documente et tienne à jour un

processus de gestion des risques tout au long du cycle de vie du dispositif médical. Les éléments requis

dans ce processus et les responsabilités de la direction sont donnés dans l’ISO 14971:2019 et expliqués

plus en détail dans le présent document.
© ISO 2020 – Tous droits réservés 1
---------------------- Page: 7 ----------------------
ISO/TR 24971:2020(F)
4.2 Responsabilités de la direction
4.2.1 Implication de la direction

La direction a la responsabilité d’établir et de tenir à jour un processus de gestion des risques efficace.

Il est important de noter l’accent mis sur la direction dans l’ISO 14971:2019. En effet, la direction a le

pouvoir d’attribuer des responsabilités et des autorités, de définir des priorités et de fournir des

ressources au sein de l’organisme. L’implication au plus haut niveau de l’organisme est essentielle pour

garantir l’efficacité du processus de gestion des risques.

Si l’organisme du fabricant est constitué de deux entités distinctes, par exemple des divisions ou des

unités commerciales, la direction peut en référer aux personnes qui dirigent et contrôlent l’entité

mettant en œuvre le processus de gestion des risques. Chaque entité peut disposer de son propre

processus de gestion des risques (et de son propre système de management de la qualité).

4.2.2 Politique d’établissement des critères d’acceptabilité du risque

L’ISO 14971:2019 impose que la direction définisse et documente une politique pour établir les critères

d’acceptabilité du risque. L’Annexe C fournit des recommandations détaillées sur la façon de définir

cette politique et sur les éléments qu’il convient d’inclure, tels que les réglementations applicables,

les normes internationales pertinentes, l’état de l’art généralement admis ou les préoccupations

connues des parties prenantes. L’Annexe C explique aussi la relation entre la politique et les critères

d’acceptabilité du risque, ainsi que la façon dont ces critères sont utilisés pour assurer la maîtrise des

risques et l’évaluation du risque.

La politique peut prévoir des critères spécifiques pour chaque type de dispositif médical (ou famille de

dispositifs médicaux). Cela peut dépendre des caractéristiques du dispositif médical et de son utilisation

prévue (y compris la population de patients prévue). L’ISO 14971:2019 impose que la politique fournisse

des lignes directrices relatives à la façon d’établir les critères d’acceptabilité du risque résiduel global.

4.2.3 Adéquation du processus de gestion des risques

L’ISO 14971:2019 impose que la direction vérifie l’adéquation du processus de gestion des risques à des

intervalles définis. La vérification de l’adéquation constitue un examen à haut niveau du processus de

gestion des risques et peut inclure, par exemple, l’examen des aspects suivants:
— l’efficacité des procédures de gestion des risques mises en œuvre;

— l’adéquation des critères d’acceptabilité du risque, ce qui peut impliquer d’adapter les critères pour

l’acceptabilité du risque à des dispositifs médicaux spécifiques;

— l’efficacité de la boucle de retour des informations de production et de postproduction (voir 10.4).

4.3 Compétence du personnel

Il incombe à la direction de garantir l’affectation de personnel compétent. Des exemples de fonctions

pouvant être impliquées dans des tâches de gestion des risques spécifiques, ainsi que les connaissances

et l’expérience nécessaires à la réalisation efficace des tâches associées, sont fournis dans le Tableau 1.

La réalisation de certaines activités de gestion des risques peut être confiée à des spécialistes ou à des

consultants externes. Il convient que les compétences requises, ainsi que les preuves objectives de la

satisfaction de ces exigences soient documentées.
2 © ISO 2020 – Tous droits réservés
---------------------- Page: 8 ----------------------
ISO/TR 24971:2020(F)

Tableau 1 — Exemples de personnel compétent ainsi que de connaissances et d’expérience

pertinentes
Personnel ou fonction Connaissances et expérience
Propriétaire de la gestion des Processus de gestion des risques pour les
risques dispositifs médicaux
Ingénieur ou scientifique Technologies, conception et principes de
fonctionnement des dispositifs médicaux
Production Processus de fabrication
Gestion de la chaîne d’approvi- Approvisionnement en produits et
sionnement en services, y compris des processus
externalisés
Expert médical ou clinique Exigences et méthodologies d’évalua-
tion clinique
Utilisation en pratique médicale, y
compris les bénéfices, les situations dan-
gereuses et les dommages potentiels
Affaires réglementaires Exigences réglementaires relatives à la
sécurité et à la gestion des risques dans
les pays/régions où le dispositif médical
est destiné à être mis sur le marché
Assurance qualité Systèmes de management de la qualité
et pratiques en matière de qualité
Emballage, stockage, manuten- Mesures de maîtrise des risques et des
tion et distribution dangers en relation avec l’emballage,
le stockage, la manutention et la dis-
tribution
Ingénieur de maintenance, Mesures de maîtrise des risques et des
ingénieur biomédical ou physi- dangers en relation avec les processus
ciens médicaux et pratiques d’installation, de main-
tenance, de réparation, d’étalonnage,
d’entretien et d’assistance
Postproduction Traitement des réclamations des
clients, signalement des événements
indésirables, surveillance après mise
sur le marché
Services d’information Processus d’extraction de données,
méthodologies de recherche dans la
littérature
Toutes les personnes impli- Expertise dans le domaine d’activité
quées dans l’examen et l’appro- pour lequel ils procèdent à des examens
bation des enregistrements et à des approbations

Réfléchir à la nécessité d’inclure les sujets suivants dans la formation des experts en gestion des risques:

— gestion d’un programme de gestion des risques pour les dispositifs médicaux;
— éthique, sûreté, sécurité et responsabilité;

— concepts de risque, d’acceptabilité du risque et d’analyse du rapport bénéfice/risque;

— probabilité et statistiques pour la gestion des risques et la fiabilité;

— gestion des risques et fiabilité dans le cadre de la conception et du développement;

— normes et réglementations pertinentes;

— estimation des risques, y compris des méthodes pour déterminer la gravité et la probabilité

d’occurrence d’un dommage;
© ISO 2020 – Tous droits réservés 3
---------------------- Page: 9 ----------------------
ISO/TR 24971:2020(F)
— méthodologie d’appréciation du risque;
— méthodes de maîtrise des risques;
— méthodes de vérification de l’efficacité des mesures de maîtrise des risques;
— méthodes d’analyse des informations de production et de postproduction.
4.4 Plan de gestion des risques
4.4.1 Généralités

Le plan de gestion des risques décrit le champ d’application des activités de gestion des risques, les

responsabilités et les autorités des personnes impliquées, les critères d’acceptabilité du risque, les

informations de production et de postproduction à collecter et à examiner pour le dispositif médical,

ainsi que toutes les activités de gestion des risques réalisées tout au long du cycle de vie du produit. Le

plan de gestion des risques peut être un document distinct ou être intégré à d’autres documents, à la

documentation du système de management de la qualité par exemple. Il peut se suffire à lui-même ou

faire référence à d’autres documents, tels que les plans d’évaluation clinique, d’évaluation biologique et

d d’évaluation de l’aptitude à l’utilisation ou de suivi postproduction.

Le plan de gestion des risques est un document évolutif qui sera révisé et mis à jour tout au long du

cycle de vie du dispositif médical à mesure que de nouvelles informations sont disponibles. Il convient

de collecter des informations en continu, même une fois le dernier dispositif médical vendu et mis sur le

marché. L’ISO 14971:2019 impose que les modifications appo
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.