Info Isotr24971 (Ed2.0) en

Download as pdf or txt
Download as pdf or txt
You are on page 1of 7

This is a preview - click here to buy the full publication

TECHNICAL ISO/TR
REPORT 24971

Second edition
2020-06

Medical devices — Guidance on the


application of ISO 14971
Dispositifs médicaux — Recommandations relatives à l'application de
l'ISO 14971

Reference number
ISO/TR 24971:2020(E)

© ISO 2020
This is a preview - click here to buy the full publication
ISO/TR 24971:2020(E)


COPYRIGHT PROTECTED DOCUMENT


© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland

ii  © ISO 2020 – All rights reserved


This is a preview - click here to buy the full publication
ISO/TR 24971:2020(E)


Contents Page

Foreword...........................................................................................................................................................................................................................................v
Introduction................................................................................................................................................................................................................................. vi
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references....................................................................................................................................................................................... 1
3 Terms and definitions...................................................................................................................................................................................... 1
4 General requirements for risk management system....................................................................................................... 1
4.1 Risk management process ......................................................................................................................................................... 1
4.2 Management responsibilities...................................................................................................................................................... 1
4.2.1 Top management commitment.......................................................................................................................... 1
4.2.2 Policy for establishing criteria for risk acceptability........................................................................ 2
4.2.3 Suitability of the risk management process ......................................................................................... 2
4.3 Competence of personnel............................................................................................................................................................... 2
4.4 Risk management plan................................................................................................................................................................... 3
4.4.1 General...................................................................................................................................................................................... 3
4.4.2 Scope of the risk management plan.............................................................................................................. 4
4.4.3 Assignment of responsibilities and authorities..................................................................................... 4
4.4.4 Requirements for review of risk management activities............................................................ 4
4.4.5 Criteria for risk acceptability................................................................................................................................. 4
4.4.6 Method to evaluate overall residual risk and criteria for acceptability.......................... 5
4.4.7 Verification activities................................................................................................................................................... 5
4.4.8 Activities related to collection and review of production and post-
production information............................................................................................................................................. 5
4.5 Risk management file .................................................................................................................................................................... 5
5 Risk analysis .............................................................................................................................................................................................................. 6
5.1 Risk analysis process ...................................................................................................................................................................... 6
5.2 Intended use and reasonably foreseeable misuse .............................................................................................. 6
5.3 Identification of characteristics related to safety .................................................................................................... 7
5.4 Identification of hazards and hazardous situations........................................................................................... 7
5.4.1 Hazards .................................................................................................................................................................................. 7
5.4.2 Hazardous situations in general...................................................................................................................... 8
5.4.3 Hazardous situations resulting from faults............................................................................................ 8
5.4.4 Hazardous situations resulting from random faults....................................................................... 8
5.4.5 Hazardous situations resulting from systematic faults................................................................ 8
5.4.6 Hazardous situations arising from security vulnerabilities..................................................... 9
5.4.7 Sequences or combinations of events............................................................................................................ 9
5.5 Risk estimation .................................................................................................................................................................................. 11
5.5.1 General................................................................................................................................................................................... 11
5.5.2 Probability........................................................................................................................................................................... 12
5.5.3 Risks for which probability cannot be estimated.............................................................................. 13
5.5.4 Severity ................................................................................................................................................................................ 13
5.5.5 Examples............................................................................................................................................................................... 13
6 Risk evaluation......................................................................................................................................................................................................16
7 Risk control...............................................................................................................................................................................................................16
7.1 Risk control option analysis..................................................................................................................................................... 16
7.1.1 Risk control for medical device design.................................................................................................... 16
7.1.2 Risk control for manufacturing processes ........................................................................................... 18
7.1.3 Standards and risk control ................................................................................................................................. 19
7.2 Implementation of risk control measures................................................................................................................... 19
7.3 Residual risk evaluation.............................................................................................................................................................. 19
7.4 Benefit-risk analysis........................................................................................................................................................................ 19
7.4.1 General................................................................................................................................................................................... 19
7.4.2 Benefit estimation........................................................................................................................................................ 20

© ISO 2020 – All rights reserved  iii


This is a preview - click here to buy the full publication
ISO/TR 24971:2020(E)


7.4.3 Criteria for benefit-risk analysis..................................................................................................................... 21


7.4.4 Benefit-risk comparison........................................................................................................................................ 21
7.4.5 Examples of benefit-risk analyses................................................................................................................. 21
7.5 Risks arising from risk control measures.................................................................................................................... 22
7.6 Completeness of risk control ................................................................................................................................................. 22
8 Evaluation of overall residual risk....................................................................................................................................................22
8.1 General considerations.................................................................................................................................................................. 22
8.2 Inputs and other considerations........................................................................................................................................... 23
8.3 Possible approaches......................................................................................................................................................................... 24
9 Risk management review...........................................................................................................................................................................25
10 Production and post-production activities..............................................................................................................................25
10.1 General......................................................................................................................................................................................................... 25
10.2 Information collection.................................................................................................................................................................... 25
10.3 Information review........................................................................................................................................................................... 27
10.4 Actions.......................................................................................................................................................................................................... 28
Annex A (informative) Identification of hazards and characteristics related to safety.................................30
Annex B (informative) Techniques that support risk analysis.................................................................................................38
Annex C (informative) Relation between the policy, criteria for risk acceptability, risk
control and risk evaluation.......................................................................................................................................................................43
Annex D (informative) Information for safety and information on residual risk................................................48
Annex E (informative) Role of international standards in risk management..........................................................51
Annex F (informative) Guidance on risks related to security...................................................................................................56
Annex G (informative) Components and devices designed without using ISO 14971....................................61
Annex H (informative) Guidance for in vitro diagnostic medical devices......................................................................63
Bibliography.............................................................................................................................................................................................................................. 86

iv  © ISO 2020 – All rights reserved


This is a preview - click here to buy the full publication
ISO/TR 24971:2020(E)


Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www​.iso​.org/​directives​-and​-policies).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www​.iso​.org/​patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see the following
URL: www​.iso​.org/​iso/​foreword​.html.
This document was prepared jointly by Technical Committee ISO/TC 210, Quality management and
corresponding general aspects for medical devices, and Subcommittee IEC/SC 62A, Common aspects of
electrical equipment used in medical practice.
This second edition cancels and replaces the first edition, which has been technically revised. The main
changes compared to the previous edition are as follows:
— The clauses of ISO/TR 24971:2013 and some informative annexes of ISO 14971:2007 are merged,
restructured, technically revised, and supplemented with additional guidance.
— To facilitate the use of this document, the same structure and numbering of clauses and subclauses
as in ISO 14971:2019 is employed. The informative annexes contain additional guidance on specific
aspects of risk management.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www​.iso​.org/​members​.html.

© ISO 2020 – All rights reserved  v


This is a preview - click here to buy the full publication
ISO/TR 24971:2020(E)


Introduction
This document provides guidance to assist manufacturers in the development, implementation and
maintenance of a risk management process for medical devices that aims to meet the requirements
of ISO 14971:2019, Medical devices — Application of risk management to medical devices. It provides
guidance on the application of ISO 14971:2019 for a wide variety of medical devices. These medical
devices include active, non-active, implantable, and non-implantable medical devices, software as medical
devices and in vitro diagnostic medical devices.
The clauses and subclauses in this document have the same structure and numbering as the clauses
and subclauses of ISO 14971:2019, to facilitate the use of this guidance in applying the requirements
of the standard. Further division into subclauses is applied where considered useful. The informative
annexes contain additional guidance on specific aspects of risk management. The guidance consists of
the clauses of ISO/TR 24971:2013 and some of the informative annexes of ISO 14971:2007, which are
merged, restructured, technically revised, and supplemented with additional guidance.
Annex H was prepared in cooperation with Technical Committee ISO/TC 212, Clinical laboratory testing
and in vitro diagnostic test systems.
This document describes approaches that manufacturers can use to develop, implement and maintain
a risk management process conforming to ISO 14971:2019. Alternative approaches can also satisfy the
requirements of ISO 14971:2019.
When judging the applicability of the guidance in this document, one should consider the nature of
the medical device(s) to which it will apply, how and by whom these medical devices are used, and the
applicable regulatory requirements.

vi  © ISO 2020 – All rights reserved


This is a preview - click here to buy the full publication

TECHNICAL REPORT ISO/TR 24971:2020(E)

Medical devices — Guidance on the application of ISO 14971

1 Scope
This document provides guidance on the development, implementation and maintenance of a risk
management system for medical devices according to ISO 14971:2019.
The risk management process can be part of a quality management system, for example one that is based
on ISO 13485:2016[24], but this is not required by ISO 14971:2019. Some requirements in ISO 13485:2016
(Clause 7 on product realization and 8.2.1 on feedback during monitoring and measurement) are
related to risk management and can be fulfilled by applying ISO 14971:2019. See also the ISO Handbook:
ISO 13485:2016 — Medical devices — A practical guide[25].

2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 14971:2019, Medical devices — Application of risk management to medical devices

3 Terms and definitions


For the purposes of this document, the terms and definitions given in ISO 14971:2019 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://​w ww​.iso​.org/​obp
— IEC Electropedia: available at http://​w ww​.electropedia​.org/​
NOTE The defined terms in ISO 14971:2019 are derived as much as possible from ISO/IEC Guide 63:2019[20]
which was developed specifically for the medical device sector.

4 General requirements for risk management system

4.1 Risk management process


ISO 14971:2019 requires that the manufacturer establishes, implements, documents and maintains an
ongoing risk management process throughout the life cycle of the medical device. The required elements
in this process and the responsibilities of top management are given in ISO 14971:2019 and explained in
further detail in this document.

4.2 Management responsibilities

4.2.1 Top management commitment

Top management has the responsibility to establish and maintain an effective risk management process.
It is important to note the emphasis on top management in ISO 14971:2019 Top management has the
power to assign authorities and responsibilities, to set priorities and to provide resources within the
organization. Commitment at the highest level of the organization is essential for the risk management
process to be effective.

© ISO 2020 – All rights reserved  1

You might also like