Risk Management for Medical Devices Via ISO 14971

Risk Management for Medical Devices Via ISO 14971

For medical devices produced under the later versions of IEC 60601-1, medical device manufacturers have been required to go through risk assessment and management processes. One way they can meet risk-related requirements is by following the guidelines outlined in the voluntary standard ISO 14971, “Application of Risk Management to Medical Devices.”

If the device is going to come into contact with patients, the appropriate levels of protection need to be in place. Following ISO 14971 demonstrates a commitment to patient safety, and needs to consider all parts of a medical device, including the power supply. We’ll cover the basics of the standard and what it means for your power supply choice.

Summary of ISO 14971

ISO 14971 details the process of risk management, which includes analysis, evaluation, control, and review. Medical devices that come into contact with patients, as well as those that don’t (in vitro diagnostic medical devices) are included in this standard. With ISO 14971, a framework and process is provided to help medical device manufacturers determine which hazards may be relevant to their device to better aid them in assessing and mitigating risks.

Risks associated with medical devices can include electricity, radiation, biocompatibility, moving parts, usability, and data and systems security. Every stage of the medical device life cycle is covered by this standard, including for products that may serve as medical devices at one point in the cycle but wouldn’t be deemed medical devices at other points. Production and post-production monitoring and review is included in the standard.

There is no specification for risk levels in ISO 14971. Instead, the standard covers the process of establishing risk acceptability criteria for medical device manufacturers. This can also play into a quality management system, but that system is not part of or a requirement of ISO 14971.

Changes With the 2019 Version of ISO 14971

Because ISO 14971 is a voluntary standard, it’s not designed to replace any national laws. The third edition is still current and was published in December 2019.

The biggest change from the 2019 edition compared to the previous version, published in 2007, is a focus on the benefit-risk ratio. ISO 14971 defines medical benefit in this edition and requires manufacturers to demonstrate that the benefits of a device outweigh the risks. This means that risk management is about more than outlining and mitigating risks. They also must provide a clear patient advantage compared to the risks.

Main steps in ISO 14971

  • Risk Analysis: Which hazards could be associated with the medical device, based on use and potential harm they could cause to patients and operators?
  • Risk Evaluation: For each hazard that is identified, what is the likelihood of its occurrence and what is the potential severity of the hazard?
  • Risk Control: What strategies need to be developed to reduce the likelihood or severity of the harm? How can you prioritize inherent safety in the process of manufacturing the device?
  • Risk Review and Monitoring: How do you evaluate the effectiveness of certain risk controls and adjust as needed throughout the lifecycle of the device, including in post-production?

Risk Management Options in ISO 14971

The ISO 14971 standard includes options for risk management including incorporating inherent safety by design, adding protective measures along the lifecycle, and providing safety information along with the medical device.

Inherent safety by design

There are many things medical device manufacturers can do to make their products safer by design, including getting rid of connectors that could attach to the wrong elements, causing unnecessary risk, or removing features that could cause errors with incorrect interactions. Making labels and displays more readable or automating device functions that may be more likely to fall victim to user error are other steps manufacturers could take to make their devices more inherently safe.

Protective measures

Through each stage of the lifecycle, manufacturers could add protective measures to make their devices safer. This could include physical guards and shields, warning screens, alerts for hazardous conditions, and reducing the amount of maintenance that needs to be done on a device.

Safety Information

Manufacturers should produce safety information for their devices in the user manual and can also train users to reduce the likelihood of human errors.

While ISO 14971 is a voluntary standard, the guidelines outlined in the document align with electromagnetic compatibility (EMC) regulations in IEC 60601-1-2 and are an accepted form of risk management as recognized by IEC 60601-1. All components of a medical device need to be assessed for risk, so it’s important for patient-centric devices that all parts are safe that may come in contact with the patient.

RAM Technologies’ PC-based medical power supply units abide by the stricter guidelines of IEC 60601-1-2 Version 4 and align with ISO 14971. To learn more about our PSUs and how they can make the risk management process easier, contact us today.


RAM Technologies’ power supplies are 60601-1 3.2 certified. When you’re designing your medical device and need help with a PSU,  contact us for details.

More Resources:

What the FDA Moving to IEC 60601-1 3.2 Means for Manufacturers

Downloadable Guide to IEC 60601-1

EMC Compliance Testing for Medical Devices


Subscribe to the RAM Technologies Newsletter

Get the latest posts in your email
This field is for validation purposes and should be left unchanged.