A working committee group has been working on updating the risk management standard ISO 14971 and a technical report (ISO 24971) to support the risk management process. ISO 14971:2019 was published this month (December 2019), and an updated ISO TR 24971 is expected to be published in a couple of months.


What is important to you as a medical device project manager is that the aim of the update is not to revise the risk management process, but rather to improve the information on implementation of the risk management process. So, if your risk management procedure currently follow ISO 14971:2012, do not expect having to make larger revisions to your processes or risk management activities.


The main highlights of the updated risk management standard include:

  • Terminology update, most noticeably the definitions:
    • Benefit
      • ”positive impact or desirable outcome of the use of a medical device on the health of an individual, or a positive impact on patient management or public health.”
    • State of the art
      • “developed stage of technical capability at a given time as regards products, processes and services, based on the relevant consolidated findings of science, technology and experience.”
    • Reasonably foreseeable Misuse
      • “intentional or unintentional use of a product or system in a way not intended by the manufacturer, but which can result from readily predictable human behaviour.”
    • Risk/benefit analysis is now called “Benefit-risk analysis”
    • Furthermore, minor changes have been made to other terms such as: accompanying documentation, harm, in vitro diagnostic medical device, manufacturer, and use error.


  • The section ‘Production and post-production information’ has been split into four sub-sections:
    • General
    • Information collection
    • Information review
    • Actions


  • Several annexes have been moved from ISO 14971 to ISO 24971, which is a guidance document on how to apply risk management according to ISO 14971.



Recommended actions

  • Revise your risk management procedure(s) and templates to reflect the updated terminology of ISO 14971:2019.
  • Ensure that your risk management plan includes a method to evaluate the overall residual risk and the criteria for acceptability of overall residual risk; taking into account the contributions of all residual risks in relation to the benefits of the intended use of the medical device.
    • This method can include gathering and reviewing data and literature for the medical device being considered and similar medical devices on the market.


ISO 24971 suggests that some risk management activities can be performed by external consultants or specialists. Take a look at https://www.technolution.dk/implementing-an-effective-risk-management-process/ to learn more about how Technolution’s risk management specialists can help you and your project.




Morten Purup Andersen

Morten Purup Andersen

Senior Development Engineer, HFE Specialist

Technolution A/S

Telefon: +45 45 26 10 00
E-mail: mpa@technolution.dk

You may also like