Monday, April 15 2024

ISO 14971 requirements - Application of risk management to medical devices - version 2019

07/01/2024

Quiz requirements ISO 14971 version 2019

You want to familiarize yourself with the structure of the standard, identify and understand the requirements of ISO 14971 version 2019, then it's up to you to play!

Start

The “Requirements of ISO 14971 version 2019” quiz will help you understand the main requirements of the standard.
 
The questions (requirements) of this quiz are 119, don't panic. The requirements of the standard are 134 but these 119 requirements are among the most important, so don't hesitate to learn in a fun way!
 
Don't think you can finish this quiz in less than an hour, or even two hours, unless of course, you are a genius!
 
 
The 134 requirements (shall) of clauses 4 to 10 of ISO 14971 are distributed as follows:
Requirements ISO 14971 version 2019 copyleft
Nb
Clause
cycle PDCA
Requirements Nb
Amount
4
General requirements Plan
1 ÷ 40
40
5 Risk analysis Plan
41 ÷ 64
24
6 Risk evaluation Check
65 ÷ 70
6
7 Risk control Do
71 ÷ 98
28
8 Evaluation of overall residual risk Check
99 ÷ 103
5
9 Risk management review Check 104 ÷ 111 8
10 Production and post-production activities Act 112 ÷ 134 23
Total

134

 requirements

ISO 14971 requirements in clauses 4 to 10

PDCA

 

Notice 1. Any requirement normally begins with "The manufacturer shall...". To simplify we present the requirements directly starting with the verb.

Notice 2. Sub-clauses of the standard are replaced by the paragraph sign §, for simplification.

ISO 14971 - Requirements and omments
Nb
Clause sub-clause
Requirement
PDCA cycle, links, comments
4
General requirements
 
4.1
Risk management process
 
1
4.1 a)

Establish, implement, document and maintain a process

For identitying hazards and hazardous situations of the MD
2
4.1 b)

Establish, implement, document and maintain a process

For estimating and evaluating the associated risks
3
4.1 c)

Establish, implement, document and maintain a process

For controlling these risks
4
4.1 d)

Establish, implement, document and maintain a process

For monitoring the effectiveness of the risk control measures
5
4.1

Apply this process throughout the life cycle

Of the MD
6
4.1

Include the following elements

Such as risk analysis, cf. ISO 13485, clause 7
7
4.1

Include the following elements

Such as risk evaluation, cf. ISO 13485, clause 7
8
4.1

Include the following elements

Such as risk control, cf. ISO 13485, clause 7
9
4.1

Include the following elements

Such as production and post-production, cf. ISO 13485, clause 7
10
4.1

Incorporate the appropriate parts of the risk management process

When a documented product realization process exists
11
4.1

Check compliance of risk management process

By inspection of appropriate documents (risk management file), cf. annex B.2
 
4.2
Top management responsibilities
 
12
4.2
Provide evidence of top management commitment to the manage risk process By ensuring the provision of available adequate resoures
13 4.2 Provide evidence of top management commitment to the manage risk process By ensuring the assignment of competent personnel for risk management, cf. § 4.3 and annex A.2.4.3
14 4.2 Define and document a policy (regarding top management) For establishing criteria for risk acceptability, cf. ISO/TR 24971
15 4.2 Provide a framework (related to the policy) Ensuring that criteria are based on national or regional regulations and relevant international standards
16 4.2 Take into account available information (related to the policy)

Such as the generally acknowledged state of the art and known stakeholder concerns

17 4.2 Review the suitability of the risk management process at planned intervals (regarding top management)

To ensure continuing effectiveness of the risk management process. This review can be part of the audit of the quality management system

18 4.2 Document any decisions (regarding top management) And action taken
19 4.2 Check compliance of policy By inspection of appropriate documents (risk management file)
 
 4.3
Competence of personnel
 up
20
4.3
Recruit competent personnel

In order to master MD risk management activities, based on the required knowledge and experience. Know how to implement the risk management process

21  4.3 Develop the necessary knowledge and experience In order to be able to use specific MDs, technologies or techniques. Know how the MD is built, works, is manufactured and is actually used.
22  4.3 Maintain appropriate records (objective evidence) On the competence of personnel. These records are confidential and do not enter into the risk management file
23 4.3 Check compliance of competence  By inspection of appropriate documents (risk management file)
4.4
Risk management plan
 
24 4.4 Plan risk management activities The plan ensures that no essential elements are forgotten. Monitor plan compliance with the risk management process
25 4.4 Establish a risk management plan For every MD, cf. ISO/TR 24971
26 4.4 Document a risk management plan For every MD
27 4.4 Include the risk management plan in the risk management file Cf. § 4.5
28 4.4 a) Include in the risk management plan The scope of activities, the description of the MD, the phases of the life cycle for which each element of the plan is applicable
29 4.4 b) Include in the risk management plan Responsibilities and autorities. Allows you not to forget any responsibilities
30 4.4 c) Include in the risk management plan Requirements for reviewing risk management activities. In principle, it is the responsibility of top management
31 4.4 d) Include in the risk management plan Risk acceptability criteria; the manufacturer determines the acceptable risks. Criteria to set before analyzing the risks
32 4.4 e) Include in the risk management plan The method for evaluating the overall residual risk and the criteria for acceptability of this risk, cf. clause 8
33 4.4 f) Include in the risk management plan Verification of the implementation and effectiveness of risk control measures, so as not to forget any element, cf. § 7.2
34 4.4 g) Include in the risk management plan Collecting and reviewing relevant production and post-production information, cf. ISO/TR 24971
35 4.4 Make a record of the changes of the plan In order to update the risk management file, cf. § 4.5
4.5
Risk management file
up 
36 4.5 Establish and maintain a risk management file

For each MD, guarantee the completion of the risk management process in its entirety. The recommendations of ISO/TR 24971 for establishing the risk management file are relevant

37 4.5 Provide traceability for each identified hazard In relation to the risk analysis
38 4.5 Provide traceability for each identified hazard In relation to the risk evaluation
39 4.5 Provide traceability for each identified hazard In relation to the implementation and verification of the risk control measures
40 4.5 Provide traceability for each identified hazard In relation to the results of evaluation of the residual risks
5
Risk analysis
 
5.1
Risk analysis process
 
41 5.1 Perform a risk analysis process

For every MD, cf. §§ 5.2 to 5.5 and ISO/TR 24971. Use any information from a similar MD in order to save time

42 5.1 Make records of the activities and results of the risk analysis process In the risk management file, cf. § 4.5 
43 5.1 a) Include in the documentation the identification and description of every MD For every analyzed MD
44 5.1 b) Include in the documentation the person and organization who carried out the risk analysis For every MD, cf. § 4.5
45 5.1 c) Include in the documentation the scope and date of the risk analysis For every MD, cf. § 4.5, proof that the analysis has been completely carried out
46 5.1 Check compliance of risk analysis By inspection of appropriate documents (risk management file)
 
5.2
Itended use and reasonably foreseeable misuse
 up
47 5.2 Document the intended use For each MD. Take into account use by a professional or not, the intended medical indication, the target population, the part of the body or the type of tissue interacting, the user profile, the context of use, the operating principle
48 5.2 Document also reasonably foreseeable misuse For each MD, situations other than those provided by the manufacturer, identify the hazards of the potential misuse of the MD, cf. ISO/TR 24971
49 5.2 Maintain the MD documentation In the risk management file, cf. § 4.5 and IEC 62366-1, § 3.23
50 5.2 Check compliance of use By inspection of appropriate documents (risk management file)
 
5.3
Identification of characteristics related to safety
 
51 5.3 Identify and document qualitative and quantitative characteristics of every MD That may affect the safety of the medical device, including the operating principle of the MD, its intended use and reasonably foreseeable misuse, cf. ISO/TR 24971
52 5.3 Define limits of those characteristics That may affect the safety of the MD, cf. IEC 62366-1
53 5.3 Maintain the MD documentation In the risk management file, cf. § 4.5
54 5.3 Check compliance of characteristics By inspection of appropriate documents (risk management file)
 
5.4
Identification of hazards and hazardous situations
 
55 5.4 Identify and document known and foerseeable for every MD In relation to intended use, reasonably foreseeable misuse and safety features under normal and abnormal conditions, cf. §§ 5.2 and 5.3
56 5.4

Take into consideration, for each identified hazard, the reasonably foreseeable sequences or combinations of events

That can result in a hazardous situation
57 5.4 Identify and document hazardous situations and potential harm That can result, cf. annex C and ISO/TR 24971
58 5.4 Maintain the MD documentation In the risk management file, cf. § 4.5
59 5.4 Check compliance of hazards and hazardous situations By inspection of appropriate documents (risk management file)
 
5.5
Risk estimation
 up
60 5.5 Estimate, for each hazardous situation and every MD the associated risks

Using the available information, cf. ISO/TR 24971. Examples: standards, scientific studies, field data, usability testing, clinical evidence, simulations, expert opinions

61 5.5

Establish a list of all possible consequences for hazardous situations whose probability of occurrence of harm cannot be estimated

In order to evaluate and control (decrease) risks
62 5.5 Make a record of these activities In the risk management file, cf. § 4.5
63 5.5 Make a record of the system used for categorization of probability of occurrenceof harm and severity of harm In the risk management file, cf. § 4.5
64 5.5 Check compliance of risk estimation By inspection of appropriate documents (risk management file)
6
Risk evaluation
Comparer (Check
65 6 Evaluate the estimated risks For every hazardous situation identified
66 6 Determine if the risk is acceptable or not For each hazardous situation identified, based on the risk acceptability criteria of the risk management plan, cf. § 4.4
67 6 Treat the risk as residual risk When the risk is acceptable. Do not apply the requirements given in §§ 7.1 to 7.5. Apply requirements given in § 7.6
68 6 Perform risk control activities When the risk is not acceptable. Apply requirements given in §§ 7.1 to 7.5
69 6 Make a record of the results of risk evaluation In the risk management file, cf. § 4.5
70 6 Check compliance of risk evaluation By inspection of appropriate documents (risk management file)
 7
Risk control
Do 
 
7.1
Risk control option analysis
up
71
7.1
Determine risk control measures In order to reduce the risks to an acceptable level, cf. annex A.2.7.1 and guide ISO/IEC 63
72
7.1 a)
Use risk control options such as inherently safe design and manufacture In order of priority a, b, c. Apply relevant standards for risk control options. Examples: eliminating hazardous substances, using separate production lines, adding visual controls
73
7.1 b)

Use risk control options such as protective measures in the MD itself or in the manufacturing process

In order of priority a, b, c. Apply relevant standards for risk control options
74
7.1 c)
Use risk control options such as information for safety or training of users In order of priority a, b, c. Apply relevant standards for risk control options, cf. ISO/TR 24971 annex E
75
7.1
Make a record of risk control measures selected In the risk management file, cf. § 4.5
76
7.1
Conduct a benefit-risk analysis of the residual risk When risk reduction is not practicable, proceed to § 7.4
77
7.1
Check compliance of risk control option analysis By inspection of appropriate documents (risk management file)
 
7.2
Implementation of risk control measures
 
78  7.2 Implement the risk control measures Compared to the chosen option, cf. § 7.1
79  7.2 Verify the implementation of each risk control measure Compared to the chosen option, cf. § 7.1, l'ISO 13485 and ISO/TR 24971
80  7.2 Make a record of every verification done In the risk management file, cf. § 4.5
81  7.2 Verify the effectiveness of the risk control measures As part of the verification and validation of design and development, cf. annex A.2.7.2, ISO 14155 and ISO 20916
82 7.2 Make a record of the results of the verification In the risk management file, cf. § 4.5
83 7.2 Check compliance of risk control measures By inspection of appropriate documents (risk management file)
 
7.3
Residual risk evaluation
 
84
7.3
Evaluate the residual risk, after the implementation of risk control measures Using risk acceptability criteria defined in the risk management plan, cf. 4.4
85
7.3
Make a record of the evaluation In the risk management file, cf. § 4.5
86
7.3
Consider further risk control measures When the residual risk is judged not, go back to § 7.1
87 7.3 Check compliance of residual risk evaluation By inspection of appropriate documents (risk management file)
 
7.4
Benefit-risk analysis
up
88 7.4 Proceed to § 7.5

When the benefits are greater than the residual risk. When the residual risk is not considered acceptable, it can be determined whether the benefits outweigh the residual risk. We can modify the MD and its intended use; return to § 5.2), cf. ISO/TR 24971 and the experimental standard XP S99-223

89 7.4 Make a record of the results of the benefit-risk analysis In the risk management file, cf. § 4.5
90 7.4 Check compliance of benefit-risk analysis By inspection of appropriate documents (risk management file)
 
7.5
Risks arising from risk control measures
 
91 7.5 Review the effects of the risk control measures

Considering whether new hazards or hazardous situations are present

92 7.5 Review the effects of the risk control measures

By considering whether the new risk control measures have an impact on the risks of hazardous situations already identified

93 7.5 Manage any new or increased risk

In accordance with §§ 5.5 to 7.4 

94 7.5 Make a record of the results of the risk review

In the risk management file, cf. § 4.5

95 7.5 Check compliance of new risks

By inspection of appropriate documents (risk management file)

 
7.6
Completeness of risk control
up
96 7.6 Review the risk control activities  In order to ensure that the risks of all identified hazardous situations have been addressed and that risk control activities are completed
97 7.6 Make a record of the review In the risk management file, cf. § 4.5
98  7.6 Check compliance of completeness of risk control By inspection of appropriate documents (risk management file)
8
Evaluation of overall residual risk
Check 
99 8 Evaluate the overall residual risk posed by the MD, after all risk control measures have been implemented and verified Considering the contributions of all residual risks, relative to the benefits for the intended use, according to the risk management plan, cf. § 4.4 e and ISO/TR 24971
100 8 Inform users of significant residual risks When the overall residual risk is judged as acceptable, cf. annex A.2.8
101 8 Include the necessary information in the accompanying documentation

In order to list the residual risks. When the overall residual risk is not considered as acceptable, we can consider implementing other risk control measures (return to § 7.1) or modify the MD or its use (return to § 5.2)

102 8 Make a record of the results of the evaluation of the overall residual risk In the risk management file, cf. § 4.5
103 8 Check compliance of evaluation of overall residual risk By inspection of appropriate documents (risk management file) and accompanying documentation
 
9
Risk management review
104 9.1 Review the execution of the risk management plan Prior to release for commercial distribution of the MD
105 9.1 Ensure the review at least  That the risk management plan has been implemented appropriately
106 9.1 Ensure the review at least  That the overall residual risk is acceptable
107 9.1 Ensure the review at least  That appropriate methods for collecting and reviewing production and post-production information are in place
108 9.1 Make a record of the results of the review And maintain it in the form of a risk management report
109 9.1 Include the results of this review In the risk management file, cf. § 4.5
110 9.1 Assign the responsibility for review to persons having the appropriate authority Cf. §§ 4.4 b) and 4.5
111 9.1 Check compliance of risk management review By inspection of appropriate documents (risk management file)
10
Production and post-production activities
Act 
 
10.1
General
up
112 10.1 Establish, document and maintain a system to actively collect and review information relevant to the MD During design, production and post-production, cf. ISO 13485, §§ 7.3.3, 8.2.1, 8.4, 8.5 and ISO/TR 24971 
113 10.1 Consider appropriate methods for the collection and processing of information When establishing the MD information collection and review system
114 10.1 Check compliance of appropriate documents By inspection of appropriate documents (risk management file). See also ISO/TR 20416 
10.2
Information collection
 
115 10.2 a) Collect  information generated during production And monitoring the production process. The information collection and post-market surveillance plan are described in the technical report ISO/TR 20416
116 10.2 b) Collect informationgenerated by the user Because no simulation can replace the MD in the hands of the end user, cf. ISO 14155
117 10.2 c) Collect information generated by those accountable for the installation and use of the MD And maintenance of the MD
118 10.2 d) Collect information generated by the supply chain Such as suppliers of components or subsystems and software
119 10.2 e) Collect publicly available information Coming from many sources, including similar MDs
120 10.2 f) Collect information related to the state of art Generally acknowledged, cf. ISO/TR 24971
121 10.2 Consider the information about similar MD And other similar products on the market
122 10.2 Check compliance of information collection By inspection of appropriate documents (risk management file)
10.3 
Information review
up 
123 10.3 Review the information collected for possible relevance to safety In order to determine whether new hazards or hazardous situations have emerged
124 10.3 Review the information collected for possible relevance to safety In order to determine whether a risk of a hazardous situation is no longer acceptable
125 10.3 Review the information collected for possible relevance to safety  In order to determine whether the overall residual risk is no longer acceptable, cf. § 7.4
126 10.3 Review the information collected for possible relevance to safety In order to determine whether the generally accepted state of the art has evolved
127 10.3 Make a record of the results of the review In the risk management file, cf. § 4.5
128 10.3 Check compliance of information review By inspection of appropriate documents (risk management file). Use statistical methods, if necessary, cf. ISO 10017
10.4
Actions
 
129 10.4 Review the risk management file, when the collected information is determined to be relevant to safety And determine whether a re-evaluation of old or new risks is necessary. Take into account developments in the state of the art, new MDs, changes in risk perception
130 10.4 Evaluate the impact on risk control measures, when the residual risk is no longer acceptable The impact should be considered as an input for modification of the MD. It is necessary to examine the need for actions of MDs on the market
131 10.4 Make a record of all decisions and actions In the risk management file, cf. § 4.5
132 10.4 Evaluate the impact on risk management activities Previously implemented
133 10.4 Consider the results of this evaluation as an input For review of the adequacy of the risk management process by top management
134 10.4 Check compliance of actions By inspection of appropriate documents (risk management file) 
 
 
 
up