{"id":4265,"date":"2019-07-23T07:12:08","date_gmt":"2019-07-23T05:12:08","guid":{"rendered":"https:\/\/lorit-consultancy.com\/2019\/07\/iso-standards-part-3-is-your-understanding-of-risk-management-a-risk\/"},"modified":"2022-09-26T15:49:08","modified_gmt":"2022-09-26T13:49:08","slug":"iso-standards-part-3-is-your-understanding-of-risk-management-a-risk-2","status":"publish","type":"post","link":"https:\/\/lorit-consultancy.com\/de\/2019\/07\/iso-standards-part-3-is-your-understanding-of-risk-management-a-risk-2\/","title":{"rendered":"ISO Standards &#8211; Part 3: Is Your Understanding of Risk Management a Risk?"},"content":{"rendered":"<p>Welcome back to this final instalment of this three part blog series on Quality Management and supporting processes.<span class=\"Apple-converted-space\">\u00a0 <\/span>One of the critical components of any quality management system today is the need to develop a robust risk management programme.<span class=\"Apple-converted-space\">\u00a0 <\/span>As such, this final blog will focus on<a href=\"https:\/\/lorit-consultancy.com\/en\/standards\/medical-devices\/iso14971\/\" target=\"_blank\" rel=\"noopener\"> ISO 14971:2012<\/a> Medical Devices \u2013 Application of risk management to medical devices, and its companion document ISO TR 24971 Medical Devices \u2013 Guidance on the application of ISO 14971.<\/p>\n<p>ISO TR 24971 is a technical report first published in 2013 by ISO to provide organisation with guidance on implementing the requirements of ISO 14971.<span class=\"Apple-converted-space\">\u00a0 <\/span>Now, you would be forgiven for scratching your head and wondering why you haven\u2019t heard of this document before but let me reassure you that you would not be alone in your thinking. ISO TR 24971 was developed by the ISO TC 210 working groups and one of its own members was quoted as saying that ISO TR 24971 was not widely known about due to a failure in marketing.<\/p>\n<p>However, before you rush out and purchase your own copy of the document, please be aware that both ISO 14971 and ISO TR 24971 are currently under revision which will see some major changes to the structure and content of both documents. First things first though let me give you a very brief outline of the type of content contained in the current ISO TR 24971, the guidance includes information on:<\/p>\n<ul>\n<li>The role of international product safety and process standards in risk management<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>Developing the policy for determining the criteria for risk acceptability<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>Evaluation of overall residual risk<\/li>\n<\/ul>\n<p>In 2016 the ISO TC 210 working groups were charged with making the following changes to 14971 and 24971:<\/p>\n<ul>\n<li>Informative annexes to be removed from ISO 14971 and placed in ISO TR 24971<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>ISO 14971 to include a clause 2 (normative references)<span class=\"Apple-converted-space\">\u00a0<\/span><\/li>\n<li>Inclusion of cybersecurity risks in 14971<\/li>\n<li>Consideration of the application of ISO 31000 \u2013 Risk Management Guidelines<\/li>\n<\/ul>\n<p>Please note <b><i>THERE IS NO CHANGE TO THE RISK MANAGEMENT PROCESS.<\/i><\/b><\/p>\n<p><b>Table 1<\/b> below outlines the proposed changes to both documents:<\/p>\n<p><a href=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4811\" src=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-1.jpg\" alt=\"\" width=\"966\" height=\"302\" srcset=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-1.jpg 966w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-1-768x240.jpg 768w\" sizes=\"auto, (max-width: 966px) 100vw, 966px\" \/><\/a><\/p>\n<p><strong>Table 2\u00a0<\/strong>outlines the current and proposed new structure of ISO 14971:<\/p>\n<p><a href=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-4813\" src=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG-1024x505.jpg\" alt=\"\" width=\"1024\" height=\"505\" srcset=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG-1024x505.jpg 1024w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG-768x379.jpg 768w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG-1536x758.jpg 1536w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-2-JPEG.jpg 1658w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p><strong>Table 3\u00a0<\/strong>outlines the current and proposed new structure of ISO TR 24971:<\/p>\n<p><a href=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-4815\" src=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG-1024x443.jpg\" alt=\"\" width=\"1024\" height=\"443\" srcset=\"https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG-1024x443.jpg 1024w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG-768x333.jpg 768w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG-1536x665.jpg 1536w, https:\/\/lorit-consultancy.com\/wp-content\/uploads\/2019\/07\/44-Table-3-JPEG.jpg 1760w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p>As well as the items outlined in the tables above, there are some other noteworthy additions to ISO 24971 that will aid users in interpreting the requirements of ISO 14971. The newly proposed annexes F &amp; G are of particular interest.<\/p>\n<p>Annex F is titled \u201cGuidance on risks related to (cyber)Security\u201d, although the term cybersecurity does not appear in either the current or proposed revision of ISO 14971 the standard does make reference to \u201cdata systems security\u201d. Annex F also provides guidance on the relationship and the differences between health risk and cybersecurity risks.<\/p>\n<p>Annex G is titled \u201cComponents and devices not designed using ISO 14971\u201d and provides guidance on those devices that were manufactured prior to 2000 (the year ISO 14971 was first published). This annex provides guidance on the collation of a risk management file for pre 2000 products i.e.:<\/p>\n<ul>\n<li>Collection of post-production data, collection of safety related data, forming the basis for building of a risk management file.<\/li>\n<\/ul>\n<p>Timelines, which may be subject to change, for issue of the revised ISO 14971 and ISO TR 24971 are outlined below:<\/p>\n<ul>\n<li>ISO 14971 FDIS (final draft) work expected to be completed in Oct 2019<\/li>\n<li>New version of 14971 expected to be published in Nov 2019<\/li>\n<li>ISO TR 24971 is expected to be issued around 2 months later, Jan 2020<\/li>\n<\/ul>\n<p>I hope that this series of blogs has shown that there is help &amp; guidance available, even in the form of other ISO standards and their guidance documents, \u00a0when trying to translate the requirements of ISO 9001:2015 into actionable items that your organisation can undertake to help implement and attain an internationally recognised and accredited quality management system.<\/p>\n<p>I will end this series by leaving you with a quote from historian Yuval Noah Harari, \u201cIn a world deluged by irrelevant information, clarity is power.\u201d<\/p>\n<p><strong>Stuart Hardie, Quality Management Consultant<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome back to this final instalment of this three part blog series on Quality Management and supporting processes.\u00a0 One of the critical components of any quality management system today is the need to develop a robust risk management programme.\u00a0 As such, this final blog will focus on ISO 14971:2012 Medical Devices \u2013 Application of risk [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":3881,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[92,96],"tags":[],"class_list":["post-4265","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-medical-devices","category-quality-management"],"acf":[],"_links":{"self":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/comments?post=4265"}],"version-history":[{"count":5,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4265\/revisions"}],"predecessor-version":[{"id":5485,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/posts\/4265\/revisions\/5485"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/media\/3881"}],"wp:attachment":[{"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/media?parent=4265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/categories?post=4265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lorit-consultancy.com\/de\/wp-json\/wp\/v2\/tags?post=4265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}