Northridge Management Services

Contact Us

    Software Validation

    Process Validation

    Risk Management

    Quality Systems

    Process Improvement


    Technical Writing

    Interim Management

Are you ISO 14971:2012 compliant? Understanding Content Deviations
3rd September 2019

Technical Writing Tip of the Month - Understand your Audience
30th August 2019

ISO 14971: 2012 Compliance Content Deviations #1 and #2: Treatment of Negligible Risks and Risk Acceptabililty
1st August 2019


Are you ISO 14971:2012 compliant? Understanding Content Deviations

Why is there currently so much controversy surrounding ISO 14971?

During the process of harmonisation of ISO 14971: 2007 as an EN standard, it became apparent that the standard did not comply with all the requirements of the Medical Devices European Directives, namely 90/385/EEC, 93/42/EEC and 98/79/EC. Seven discrepancies were identified; these discrepancies are described in EN 14971 as “Content Deviations”.


What does this mean for the medical device manufacturer?

This means that conforming to ISO 14971: 2007 no longer guarantees conformance with the Medical Device Directives. If you are selling devices in Europe then you will need to revise your risk management process to become EN 14971: 2012 compliant, unless you have already done so. *

(*EN 14971: 2012 applies only to manufacturers selling devices on the European market – if your devices are not sold in Europe or countries requiring compliance with the Medical Devices Directives, then ISO 14971: 2007 is still the applicable standard for your company.)


What does EN 14971: 2012 require?

In summary; EN 14971: 2012 has the following implications:


  • All risks identified, whatever their size, must be reduced as far as possible, without consideration being given to the cost of doing so.


  • Risk Benefit Analysis is always required


  • Providing safety information on labelling cannot be considered a risk reduction measure


Only the Annexes of EN 14971 have changed in the 2012 version, the rest of the content of the standard remains the same. The differences seven between the Medical Devices Directives’ Essential Requirements and the requirements of ISO 14971:2007, known as Content Deviations are outlined in the new  “Z” Annexes of EN 14971: 2012

The seven Content Deviations are as follows:

1. Treatment of Negligible Risk


  1. Risk Acceptability Assessment


  2. Risk Reduction Economic Considerations


  3. Risk-Benefit Analysis Not Optional


  4. Risk Control Options


  5. First Risk Control Option


  6. Labelling Information Cannot Influence Residual Risk


Does this mean an end to ALARP?

 Yes. For devices sold in Europe, the ALARP concept will no longer be permissible as a means of risk acceptance because it involves an economic element in the justification of acceptable risk.


In future, there will only be two categories of risk;


 1) Intolerable risk – the presence of which means a device cannot be placed on the market unless justified through risk/benefit analysis.


2) Acceptable risk – risks that have been reduced as low as possible and have been justified through risk/benefit analysis. (Risk/benefit analysis must be conducted for each individual risk and for the totality of the risk)


What lead-in time do I have to comply?

For a new or revised standard, the lead in time is normally three years but for EN 14971:2012 immediate compliance is what is expected. This is because the Medical Device Directive has been in place since 1993 and manufacturers should have already been compliant with the Directive.


What should I do if not already compliant?

Follow these 3 steps


1. Draw up a plan to achieve full compliance.


  1. Prioritise the highest risk items;


-      Remove economic considerations from ALARP risk acceptance.


-      Conduct risk/benefit analysis.


  1. Talk to your Notified Body as soon as possible; well in advance of your next audit or submission, and outline your plan for compliance to them.


Next newsletter Treatment of Negligible Risks?

 In our upcoming newsletter, we will discuss the first of the seven Content Deviations - Treatment of Negligible Risks, the challenges that the newly stated requirements present and what needs to be done to achieve compliance. 




Post A Comment:



    Home - Services - Clients - News - About Us - Contact Us