JWG 1 - TC 62/SC 62A/JWG 1

This document provides guidance on the development, implementation and maintenance of a risk management system for medical devices according to ISO 14971:2019.
The risk management process can be part of a quality management system, for example one that is based on ISO 13485:2016[24], but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016 (Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook: ISO 13485:2016 - Medical devices - A practical guide.

This document specifies terminology, principles and a process for risk management of medical devices, including software as a medical device and in vitro diagnostic medical devices. The process described in this document intends to assist manufacturers of medical devices to identify the hazards associated with the medical device, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of this document are applicable to all phases of the life cycle of a medical device. The process described in this document applies to risks associated with a medical device, such as risks related to biocompatibility, data and systems security, electricity, moving parts, radiation, and usability.
The process described in this document can also be applied to products that are not necessarily medical devices in some jurisdictions and can also be used by others involved in the medical device life cycle.
This document does not apply to:
- decisions on the use of a medical device in the context of any particular clinical procedure; or
- business risk management.
This document requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels.
Risk management can be an integral part of a quality management system. However, this document does not require the manufacturer to have a quality management system in place.
NOTE Guidance on the application of this document can be found in ISO/TR 24971[9].

ISO TR 24971:2013 provides guidance in addressing specific areas of ISO 14971 when implementing risk management. This guidance is intended to assist manufacturers and other users of the standard to understand the role of international product safety and process standards in risk management, develop the policy for determining the criteria for risk acceptability, incorporate production and post-production feedback loop into risk management, differentiate between "information for safety" and "disclosure of residual risk", and evaluate overall residual risk.