ISO 14971: Application of Risk Management to Medical Devices

The development of International Organization for Standardization (ISO) 14971 was not carried out in a vacuum but instead was shaped by precedent activities in the European Union to establish risk management (RM) standards quite early in the 1990s. The ISO 14971:2007 "Application of Risk Management to Medical Devices" stipulates an expectation of a risk management framework that considers the total lifecycle of the product. In practice, risk analysis, risk evaluation, and risk control are steps of an iterative process. At the broadest level, the RM process consists of a four-part, continuous-management process: analyze risk, evaluate risk, control risk, and get feedback from both production and postproduction information. A description of each of the RM team members' roles and responsibilities should be defined and recorded. Documentation can be electronically stored records or paper records. The documentation should include policy, procedures, plans, and records of all risk management activities during the entire product life cycle.