ISO 14971 is the internationally recognized standard for the application of risk management to medical devices. It defines a systematic process for identifying hazards, estimating and evaluating risks, controlling risks, and monitoring the effectiveness of controls throughout the entire lifecycle of a medical device.
Unlike classification regulations (which assign a device to a regulatory class), ISO 14971 provides a framework for ongoing risk management that must be applied regardless of device class. It is referenced as a harmonised standard by the EU MDR/IVDR and is recognized by the FDA as a consensus standard.
The standard uses a combination of severity, probability of occurrence, and detectability to estimate risk levels. DeviceCompass implements a weighted scoring model based on these three factors to produce a risk classification of Low, Medium, High, or Critical.
Scope & Applicability
→Applies to all medical devices regardless of regulatory classification
→Covers the entire device lifecycle — from initial concept through post-production
→Applies to in vitro diagnostic devices as well as therapeutic devices
→Addresses risks to patients, operators, other persons, other equipment, and the environment
→Companion standard ISO/TR 24971 provides implementation guidance
→Referenced by EU MDR (Annex I, General Safety and Performance Requirements), FDA QSR, and Health Canada regulations
Classification Classes
Low
Low
Risk is broadly acceptable. The combination of severity, probability, and detectability does not require further risk reduction measures. Document the estimation in the Risk Management File and confirm in the Risk Management Report.
Examples
• Minor discomfort from a well-detected, extremely improbable hazard
• Negligible severity combined with any probability level
• Low severity with certain detection
Requirements
✓Document in Risk Management File (RMF)
✓Confirm in Risk Management Report (RMR)
✓Maintain post-production monitoring
✓Review if clinical data changes risk profile
✓No mandatory risk reduction required
Medium
Medium
Risk is in the ALARP (As Low As Reasonably Practicable) region. Risk reduction measures should be applied where reasonably practicable. Benefit-risk analysis must demonstrate that clinical benefits outweigh residual risks.
Examples
• Temporary injury with remote probability and possible detection
• Moderate severity hazards with multiple contributing factors
• Hazards where risk reduction is feasible but not yet implemented
Requirements
✓ALARP analysis required
✓Risk control measures must be implemented and verified
✓Benefit-risk analysis in clinical evaluation
✓Document residual risks and justification
✓Enhanced post-market surveillance recommended
High
High
Risk exceeds the acceptable threshold. Mandatory risk control measures must be applied following the three-step method: (1) inherent safety by design, (2) protective measures, (3) information for safety. Residual risk must be re-evaluated after each control.
Examples
• Serious injury with occasional probability
• Critical harm with remote probability and unlikely detection
• Any catastrophic severity with improbable+ probability
Requirements
✓Mandatory risk reduction (three-step method)
✓Residual risk re-evaluated iteratively
✓FMEA/FTA analysis recommended
✓Clinical benefit must clearly outweigh residual risk
✓Notified Body or Competent Authority scrutiny likely
Critical
Critical
Risk is unacceptable in its current state. The device cannot be placed on the market until risk has been reduced to an acceptable level. All reasonably practicable risk controls must be applied and overall residual risk must be demonstrated acceptable.
Examples
• Patient death with any non-incredible probability
• Permanent impairment with frequent occurrence
• Critical severity with unlikely detection and occasional probability
Requirements
✓Device cannot be placed on market as-is
✓All reasonably practicable controls must be applied
✓Overall residual risk acceptability must be demonstrated
✓Independent risk review strongly recommended
✓Clinical investigation data may be required for justification
Key Rules & Concepts
Risk Estimation Factors
→Severity (S) — The potential consequence of a hazard: Negligible (1) → Minor (2) → Serious (3) → Critical (4) → Catastrophic (5)
→Probability of Occurrence (P) — How likely the hazardous situation occurs: Incredible (1) → Improbable (2) → Remote (3) → Occasional (4) → Frequent (5)
→Detectability (D) — Can the hazard be detected before harm: Certain (0) → Likely (1) → Possible (2) → Unlikely (3)
→Risk Score = S + P + D — DeviceCompass sums these weighted factors to produce an overall risk score (range: 2–13)
→Thresholds: Low (≤5), Medium (6–8), High (9–11), Critical (12–13)
Risk Control Measures (Three-Step Method)
→Step 1: Inherent safety by design — Eliminate the hazard or reduce risk through design choices
→Step 2: Protective measures — Guards, barriers, alarms, automatic shutdowns in the device or manufacturing process
→Step 3: Information for safety — Warnings in labeling, instructions for use, training materials
→Each step must be evaluated in order — skip to step 3 only if steps 1 and 2 are not practicable
→After implementing controls, re-estimate residual risk and verify controls do not introduce new hazards
Key Concepts
→ALARP (As Low As Reasonably Practicable) — Risk in the grey zone between acceptable and unacceptable must be reduced as far as practicable
→Benefit-risk analysis — When residual risk is not broadly acceptable, clinical benefits must outweigh residual risks
→Risk Management File (RMF) — Living document containing all risk management records, maintained throughout device lifecycle
→Risk Management Report (RMR) — Summary document confirming overall residual risk is acceptable before market release
→Post-production monitoring — Systematic collection and review of production and post-production information to identify previously unrecognized hazards
Common Risk Analysis Methods
→FMEA (Failure Mode and Effects Analysis) — Bottom-up analysis of component/process failure modes
→FTA (Fault Tree Analysis) — Top-down analysis starting from an undesired event
→HAZOP (Hazard and Operability Study) — Systematic deviation analysis using guide words