Overview of ISO 14971 Certification
ISO 14971 is a recognised risk management standard for all types of medical devices, including software as a medical device & in vitro diagnostic medical devices. It contains a structured framework for manufacturers within which experience, insight & judgement are applied to manage the risks associated with the use of the medical devices. It is an established principle of risk management and is also used as guidance in developing and maintaining a risk management process for products other than medical devices in some jurisdictions and for the suppliers and other parties involved in the life cycle of a medical device.
It deals with processes for managing risks associated with medical devices. Risks are related to injury, not only to the patient but to the user and other persons. Risks are also related to damage to property such as objects, data, other equipment or the environment. Risk management is important in relation to medical devices because of various stakeholders, including the medical practitioners, organisations providing health care, governments, industry, patients and members of the public. The concept of risks has the following two components:
It is well known that there is an inherent degree of risk involved with the use of medical devices even after the risks have been reduced to an acceptable level. In the context of a clinical procedure, some residual risks remain. This ISO standard requires manufacturers to establish objective criteria for risk acceptability but does not specify acceptable risk levels. Risk Management is an integral part of a quality management system; however, this ISO does not require the manufacturer to have a quality management system in place.
The ISO 14971 does not apply to the followings:
The recent version of ISO 14971 was released in December 2019, and it has replaced the previous versions of the standard, i.e., ISO 14971:2007 and EN ISO 14971:2012. This new version of Medical Device Risk Management requires top management involvement, and so the organisation must establish a Risk Management Policy.
And the purpose of this ISO 14971 is to help medical device manufacturers ste up risk management that such manufacturers can use, as follows:
ISO 24971 provides guidance on developing, implementing and maintaining a risk management system for all medical devices according to ISO 14971:2019. It describes approaches manufacturers can use to develop, implement and maintain a risk management process conforming to ISO 14971:2019.
Benefits of ISO 14971 Certification
Following are the benefits of obtaining ISO 14971 Certification:
General Requirements of ISO 14971 Certification
Following is the General Requirements under the Risk Management System and for obtaining the Certification of ISO 14971:
- Risk Management Process:
The manufacturer must establish, implement, necessary paper and maintain the ongoing process in the organisation for the followings:
- Identifying the hazard and the hazardous situation related to the medical device
- Estimating and evaluating the related risks
- Controlling such risks
- Monitoring the effectiveness of risk control measures
And this whole process includes the following elements:
- Risk Analysis
- Risk Evaluation
- Risk Controls
- Evaluation of Overall Residual Risk
- Risk Management Review
- Production and Post-Production Activities
The top management of an organisation provides evidence of its commitment to the risk management process by ensuring the following:
- Provision of adequate resources
- Assignment of a competent personnel for the risk management
It defines and necessary papers a policy for establishing criteria for risk acceptability. The policy provides a framework to ensure that criteria are based upon applicable national or regional regulations and International Standards. The management reviews the suitability of the whole risk management process at intervals to ensure the effectiveness of the risk management process and then necessary papers any decision and action taken.
The manufacturer's policy in establishing the criteria for risk acceptability defines the approaches to risk control:
- Reducing risk as low as reasonably practicable
- Reducing risk as low as reasonably achievable
- Reducing risk as far as possible without negatively affecting the benefit-risk ratio.
The result of reviewing production and post-production information is an input to review the suitability of the risk management process. Necessary Papers may be incorporated within necessary papers produced for the quality management system. Compliance is checked by conducting an inspection of the appropriate necessary papers.
- Competence of Personnel
Those who are performing risk management tasks must be competent based on education, training, skills and appropriate experience in the tasks assigned to them. Such a person must have the knowledge and experience related to a particular medical device (or any similar medical device) and its use, technology involved or risk management techniques employed. Records must be maintained. Representatives of several functions perform the risk management task, each contributing their special knowledge. Compliance is checked by inspection of all the records.
- Risk Management Plan
Risk management includes planned activities. For any particular medical device being considered manufacturer must establish and necessary paper a risk management plan in accordance with the risk management process. The risk management plan must be part of the risk management files. The Risk Management Plan must include the following:
- Scope of planned risk management activities, identifying and describing the medical device and life cycle phases for which each element of the plan is applicable.
- Assignment of responsibilities and authorities.
- Requirements for review of risk management activities.
- Criteria of risk acceptability on the basis of the manufacturer's policy for determining acceptable risk, including the criteria for accepting the risk when the probability of occurrence of harm is not estimated.
Criteria for risk accessibility are important for the ultimate effectiveness of the risk management process. For each risk management plan, the manufacturer requires to establish risk acceptability criteria that are appropriate for the particular medical device.
- A methodology to evaluate the overall residual risk and also criteria for the acceptability of overall residual risk based on the manufacturer's policy to determine the acceptable risk.
Methodology to evaluate overall residual risk is indulged in gathering and reviewing data and literature for the medical device being considered and any similar device on the market and involves judgement by a cross-functional team of experts with application knowledge and clinical expertise.
- Activities for verification of the effectiveness and implementation of risk control measures.
- Activities that are related to the collection and review of relevant production and post-production information.
If the risk management plan changes during the medical device's life cycle, then a record of such changes shall be maintained in the risk management file. Compliances are checked by way of inspection of the risk management file.
- Risk Management File
The manufacturer establishes and maintains the risk management file for a particular medical device being considered. The risk management file must provide traceability for each identified hazard to the followings:
- Risk analysis
- Risk evaluation
- Implementation and verification of risk control measures
- Result of evaluation of residual risks
Records and other necessary papers that are part of the risk management file form part of other necessary papers and files required, such as the manufacturer's quality management system. The risk management file needs to contain at least the references or pointers to all required paper works so that the manufacturer will be able to assemble information referenced in the risk management file in a timely manner.
Book a Free Consultation
Get response within 24 hours
Procedure to obtain ISO 14971 Certification
There are 4 essential steps to be followed while obtaining ISO 14971 Certification:
- Optional Preliminary Audit
A voluntary Site inspection is conducted, and quality management necessary papers are reviewed, assessing the organisation's readiness for scale I and II Auditing Phase.
- Audit: Stage I
Assessment of the eligibility for Certification is understood as well as determined by results of on-site Auditing, business assessment and risk management (maybe, quality management also) necessary papers analysis.
- Audit: Stage II
On-site evaluation of the Risk Management System for excellence in areas where practice & efficiency are applied.
An official confirmation certifies the risk management system's integrity and compliance with the Indian Standards.
Frequently Asked Questions
- generated during the production and monitoring of the production process
- generated by user
- generated by the persons accountable for the installation, use and maintenance of the medical device
- generated by the supply chain
- relates to the acknowledged state of the art.
- Previously unrecognised hazards or hazardous situations are present.
- An estimated risk arising from any hazardous situation is no more acceptable.
- Overall residual risk is no longer acceptable related to benefits of the intended use or acknowledged state of the art has changed.