ISO 14971 is the international standard that defines how medical device manufacturers must identify, evaluate, and control risks associated with their products. Published by the International Organization for Standardization, the current version (ISO 14971:2019) applies to all medical devices, including software classified as a medical device and in vitro diagnostic devices. It is the single most referenced standard in medical device regulation worldwide, recognized by the FDA in the United States and required under the EU Medical Device Regulation in Europe.
If you work in the medical device industry, interact with quality management systems, or are preparing for regulatory submissions, understanding this standard is essential. Here’s what it covers and how it works in practice.
What the Standard Actually Requires
At its core, ISO 14971 requires manufacturers to build a systematic, documented process for managing risk across the entire life of a medical device, from the earliest concept through design, production, market release, and eventual disposal. The standard doesn’t tell you exactly how to do risk management. It tells you what your process must include and what outcomes it must achieve.
The types of risk it covers are broad: biocompatibility (how materials interact with the body), electrical safety, moving parts, radiation, data security, and usability problems where a user might misunderstand instructions or controls. If something about a device could potentially cause injury, property damage, or environmental harm, it falls within scope.
How ISO 14971 Defines Risk
The standard uses three connected terms that form the backbone of its risk model. A hazard is a potential source of harm, like a sharp edge on a surgical instrument or a software glitch in a monitoring system. A hazardous situation is the circumstance where someone is actually exposed to that hazard, for example, a clinician handling the sharp instrument without protective gloves. Harm is the actual injury or damage that results.
Risk, in ISO 14971’s framework, is the combination of how likely harm is to occur and how severe that harm would be. This two-dimensional view is important because it means a rare but catastrophic failure and a frequent but minor irritation can both demand attention, just through different control strategies.
The Risk Management Process, Step by Step
The standard lays out a sequence of activities that manufacturers repeat and refine throughout a device’s life cycle.
Risk Analysis
This is where the team identifies what could go wrong. Manufacturers use structured techniques to do this systematically rather than relying on intuition. Common methods include Preliminary Hazard Analysis (identifying hazards and the situations that expose people to them), Fault Tree Analysis (working backward from a potential failure to find root causes), and Failure Mode and Effects Analysis (examining each individual component or process step to see how it could fail and what would happen if it did). The goal is a comprehensive inventory of hazards, not just the obvious ones.
Risk Evaluation
Once risks are identified and estimated, the manufacturer evaluates each one against predefined acceptability criteria. These criteria are set by the manufacturer based on applicable regulations, industry standards, and the device’s intended use. A risk acceptability chart is a common tool here, mapping probability against severity to sort risks into categories like “acceptable,” “as low as reasonably practicable,” or “unacceptable.”
Risk Control
For any risk that isn’t acceptable, the manufacturer must implement controls. The standard establishes a priority order that both the FDA and EU MDR reinforce: first, try to eliminate the hazard through safer design. If that isn’t possible, add protective measures (guards, alarms, software limits). As a last resort, provide safety information, labeling, or user training. You can’t skip straight to a warning label if a design change could have removed the hazard entirely.
After implementing controls, the manufacturer must verify they actually work and check whether they’ve introduced any new risks. A protective barrier that makes a device harder to clean, for instance, might create a new infection risk.
Overall Residual Risk Evaluation
Even after controlling individual risks, the manufacturer must step back and evaluate the overall residual risk of the device as a whole. This is where benefit-risk analysis comes in. The standard requires manufacturers to weigh any remaining risks against the device’s anticipated clinical benefits. A higher level of residual risk may be acceptable for a life-saving implant than for a cosmetic device, because the benefit side of the equation is fundamentally different.
The Risk Management File
ISO 14971 requires all of this work to be documented in a Risk Management File. This isn’t a single document but a collection of records that traces every decision: the risk management plan, hazard identification results, risk analysis worksheets, evaluation decisions, control measures and their verification, and the overall residual risk evaluation. Regulators reviewing a device submission expect to see this file, and auditors will examine it during quality system inspections. The file serves as evidence that the manufacturer followed a deliberate, traceable process rather than making ad hoc safety decisions.
Risk Management Doesn’t Stop at Launch
One of the standard’s most important requirements is that risk management continues after a device reaches the market. Manufacturers must collect and analyze production and post-production data to see whether their risk estimates hold up in the real world. Data sources on the production side include supplier performance monitoring, inspection results, environmental monitoring, and audit findings. On the post-production side, the inputs are complaints, adverse event reports, customer feedback, servicing records, clinical studies, scientific literature, and even media reports.
When this monitoring reveals an unforeseen hazard or suggests that an existing risk was underestimated, the manufacturer feeds that information back into the risk management process. If the new data identifies a genuine problem, a corrective and preventive action (CAPA) process is triggered. If no action is needed, monitoring simply continues. This creates a closed loop where real-world experience continuously refines the safety profile of the device.
Regulatory Recognition and Alignment
The FDA formally recognizes ISO 14971:2019 as a consensus standard. It was entered into the FDA’s recognized standards database on December 23, 2019, with complete recognition, meaning the agency accepts the full standard without carving out exceptions. The U.S. adoption is published as ANSI/AAMI/ISO 14971:2019. When manufacturers declare conformity to this recognized standard in their FDA submissions, it can streamline the review process by demonstrating that an internationally accepted risk management approach was followed.
In Europe, the EU Medical Device Regulation (MDR 2017/745) doesn’t name ISO 14971 directly in its legal text, but its General Safety and Performance Requirements in Annex I align closely with the standard’s framework. The MDR requires manufacturers to eliminate or reduce risks as far as possible through safe design, implement protective measures for risks that can’t be eliminated, and inform users about any residual risks. This mirrors ISO 14971’s risk control priority order almost exactly, making compliance with the standard a practical path to meeting EU requirements.
The Companion Guidance Document
ISO 14971 tells manufacturers what they need to do. A separate document, ISO/TR 24971:2020, explains how to do it. This technical report is non-mandatory but widely used because it bridges the gap between the standard’s requirements and day-to-day implementation. It provides detailed explanations of concepts that manufacturers often find difficult, like how to set risk acceptability criteria, how to conduct a benefit-risk analysis, and how to define “reasonably foreseeable misuse” of a device.
The technical report also includes practical examples, guidance on hazard identification techniques, and a dedicated annex for in vitro diagnostic devices, which have unique characteristics that don’t always map neatly onto the general framework. For organizations trying to apply ISO 14971 consistently across multiple product lines or development teams, ISO/TR 24971 offers a shared reference point that reduces the chance of different groups interpreting the same requirement in conflicting ways.