Risk per ISO 14971 is defined as the combination of the probability of occurrence of harm and the severity of that harm.
The intent behind Risk Management is to identify, evaluate, analyze, assess, and mitigate potential product issues.
ISO 14971 is a risk management standard for medical devices. It defines the rules and describes procedures that the manufacturers of medical devices, including software, have to adhere to concerning risk management.
The aim of ISO 14971 is to help the manufacturers identify, estimate, evaluate, monitor and control risk associated with a medical device. It also helps minimise risk by giving guidance on how to check whether the control measures were implemented correctly.
What’s important, ISO 14971 specifies that the risk management process should be iterative and implemented at every stage of product manufacturing: from the very beginning to the end of a product lifecycle. Risk management should be managed not only during the manufacturing and implementation of medical devices but also after they are released to the end users.
The current version of the ISO 14971 standard came into force in December 2019. Since all standards are regularly reviewed by the International Organization for Standardization, after one of such reviews it was decided that the previous version of ISO 14971 was out-of-date. The definitions it included were no longer accurate and it lacked the guidelines on how to conduct activities related to risk management. There was also a need for adjusting the standard to the EU MDR and other similar regulations, for example, the FDA, as well as the newest version of ISO 13485.