Why is there currently so much controversy surrounding ISO 14971?
During the process of harmonisation of ISO 14971: 2007 as an EN standard, it became apparent that the standard did not comply with all the requirements of the Medical Devices European Directives, namely 90/385/EEC, 93/42/EEC and 98/79/EC. Seven discrepancies were identified; these discrepancies are described in EN 14971 as “Content Deviations”.
What does this mean for the medical device manufacturer?
This means that conforming to ISO 14971: 2007 no longer guarantees conformance with the Medical Device Directives. If you are selling devices in Europe then you will need to revise your risk management process to become EN 14971: 2012 compliant, unless you have already done so. *
(*EN 14971: 2012 applies only to manufacturers selling devices on the European market – if your devices are not sold in Europe or countries requiring compliance with the Medical Devices Directives, then ISO 14971: 2007 is still the applicable standard for your company.)
What does EN 14971: 2012 require?
In summary; EN 14971: 2012 has the following implications:
- All risks identified, whatever their size, must be reduced as far as possible, without consideration being given to the cost of doing so.
- Risk Benefit Analysis is always required
- Providing safety information on labelling cannot be considered a risk reduction measure
Only the Annexes of EN 14971 have changed in the 2012 version, the rest of the content of the standard remains the same. The differences seven between the Medical Devices Directives’ Essential Requirements and the requirements of ISO 14971:2007, known as Content Deviations are outlined in the new “Z” Annexes of EN 14971: 2012
The seven Content Deviations are as follows:
1. Treatment of Negligible Risk
- Risk Acceptability Assessment
- Risk Reduction Economic Considerations
- Risk-Benefit Analysis Not Optional
- Risk Control Options
- First Risk Control Option
- Labelling Information Cannot Influence Residual Risk
Does this mean an end to ALARP?
Yes. For devices sold in Europe, the ALARP concept will no longer be permissible as a means of risk acceptance because it involves an economic element in the justification of acceptable risk.
In future, there will only be two categories of risk;
1) Intolerable risk – the presence of which means a device cannot be placed on the market unless justified through risk/benefit analysis.
2) Acceptable risk – risks that have been reduced as low as possible and have been justified through risk/benefit analysis. (Risk/benefit analysis must be conducted for each individual risk and for the totality of the risk)
What lead-in time do I have to comply?
For a new or revised standard, the lead in time is normally three years but for EN 14971:2012 immediate compliance is what is expected. This is because the Medical Device Directive has been in place since 1993 and manufacturers should have already been compliant with the Directive.
What should I do if not already compliant?
Follow these 3 steps
1. Draw up a plan to achieve full compliance.
- Prioritise the highest risk items;
- Remove economic considerations from ALARP risk acceptance.
- Conduct risk/benefit analysis.
- Talk to your Notified Body as soon as possible; well in advance of your next audit or submission, and outline your plan for compliance to them.
Next newsletter Treatment of Negligible Risks?
In our upcoming newsletter, we will discuss the first of the seven Content Deviations - Treatment of Negligible Risks, the challenges that the newly stated requirements present and what needs to be done to achieve compliance.