ISO 14971: Risk Management for Medical Devices

A formidable philosophical debate that I have engaged in with more than one willing participant is whether life poses any true risks or if we are simply fulfilling predetermined destinies. At times, a series of events can certainly seem to give credence to the latter position. Yet, careful observation appears to support that life is definitely filled with risks of varying degree. Have you ever tried crossing a busy street without traffic light assistance? Not surprisingly, that can be a rather terrifying experience. Assuming risks do exist and our choices can increase or decrease the probability of their manifestation, it behooves us to try and manage them to improve our life experience and ward off possible catastrophes.

Risk is not just a philosophical concept. Risks are distinct threats that can positively or negatively impact our endeavors. Consequently, risk management is a major concern for any organization. This is especially true when the risks can lead to severe outcomes, such as injury or even fatality, as is the case when designing and developing medical devices. Medical device development is highly scrutinized and there are many regulations and standards that developers, suppliers, distributors and other service providers must follow. And one standard, ISO 14971, explicitly targets risk management for medical devices. But before diving into a discussion about this standard, let’s first define risk management in general.

Risk Management for Electronics Devices

Risk management can be generally defined as:

The process of predicting, monitoring and analyzing factors (risks) that may have an impact on some operation or function and identifying and implementing ways to control their impact.

Although risk management is often focused on minimizing financial losses, a risk may be any aspect of an activity, such as product development, which may impact the overall activity. For electronics device development, a good risk management process should include the following:

  • Risk identification

The first step in being able to mitigate a risk is to recognize it as a factor that may impact the activity.

  • Risk analysis

Following the identification of a risk, it is necessary to determine how and to what degree it can impact the activity.

  • Risk evaluation

This is a critical step where you should rank the identified risks based on the severity of their impact on the activity. Although a risk may be identified, its impact may be deemed inconsequential or acceptable and not warranting a response.

  • Risk planning

The objective of risk planning is to devise a method to respond to a risk such that negative impacts are mitigated and positive impacts are enhanced.

  • Risk review

The occurrences, responses and impacts of risks need to be monitored for effectiveness. This should be ongoing and the results used to improve the process.

Following the process above will assist you with the development of a well-founded risk management plan.

PCBA Manufacturing for Extreme Environments - Part 1

Download Now

ISO 14971: Risk Management for Medical Devices

Due to the sensitive nature of their usage and the risks associated in the event of a failure, medical devices are classified as critical devices. As such, these devices require regulatory scrutiny beyond that necessary for commercial electronic devices. The most important among these are probably ISO 13485, which defines requirements for quality management systems (QMSs), and ISO 14971, which defines a process for risk management. The importance of managing risk for medical devices is demonstrated by the extent of the standard that includes an implementable plan, hazard and risk examples and techniques that can be used as the basis for your analysis. An overview of the major sections of the standard is included below.

ISO 14971 Overview

Section 3: General Requirements

This section specifies requirements for management personnel and their responsibilities. It also spells out what should be included in your management plan and how to document it.

Section 4: Risk Analysis

How to identify risks and characteristics that indicate potential hazards are described here.

Section 5: Risk Evaluation

Section 6: Risk Control

How to reduce risks is the purpose of this section. It includes analyzing control options, implementing controls, performing risk/benefit analyses, measuring risks of risk control and completing the risk control process.

Section 7: Residual Risk Overall Evaluation

Section 8: Reporting Requirements

Section 9: Information Requirements

Annex D: Medical Devices Risk Concepts

Annex E: Hazard Examples

Examples of hazards, hazard situations and foreseeable event circumstances.

Annex F: Risk Management Plan Template

This section includes a complete template that can be used as the basis for your risk management plan.

Annex G: Risk Management Techniques

G.1. General information

G.2. Preliminary Hazard Analysis (PHA)

G.3. Fault Tree Analysis (FTA)

G.4. Failure Mode and Effects Analysis (FMEA)

G.5. Hazard and Operability Study (HAZOP)

G.6. Hazard Analysis and Critical Control Point (HACCP)

As shown, the ISO 14971 is comprehensive and provides a great deal of information and guidance to help you establish good risk management practices. This should include operational risk management or the continuous and cyclic evaluation and update of your plan.

When supplying devices to physicians, hospitals, research entities or others for medical use, it is critical that you establish and maintain a risk management plan that seeks to minimize negative impacts to the device’s design and development. This plan must comply with ISO 14971 for distribution in the U.S. and most other countries or BS EN ISO 14971:2012 if targeted for Europe.

Tempo's Advanced Custom PCB Manufacturing Service for Complex Medical Systems Development
  • Works with 4 of the top 10 medical devices manufacturing companies.
  • ISO-9001, IPC-600 and IPC-610 commitment to quality certifications.
  • Accurate quote in less than a day.
  • DFM support from Day 1 of design.
  • Fastest turnkey PCB manufacturing in the industry.
  • Rigid, rigid-flex and flex board capabilities for wearables and embedded biosystems.
  • Custom automated BOM verification tool.
  • Sources components from the most reputable suppliers in the industry.
  • Software-driven robotics assembly.
  • Standard quality testing, including X-ray and inline AOI.
  • Superior open, transparent PCB manufacturing experience.

Tempo Automation, the industry leader in fast, high-quality PCB prototype and low-volume production, is ISO 14971 certified and will work with you to identify and mitigate PCB development risks. And to help you get started on the best path, we furnish information for your DFM and enable you to easily view and download DRC files. If you’re an Altium user, you can simply add these files to your PCB design software.

If you are ready to have your design manufactured, try our quote tool to upload your CAD and BOM files. If you want more information on ISO 14971 or how it applies to your PCB design and development, contact us.

The latest PCB news delivered to your inbox.

Search Sign In