What’s the difference between EN and ISO versions of 14971:2019? Part 2

  • Post author:

Written by John Lafferty

John Lafferty, Northridge Quality and Validation

(Read Time: 3 minutes)

Following on from my previous blog which explored the difference between EN and ISO versions of 14971:2019 – Part 1, and based on feedback we received, it is apparent that our readers are interested in answers to the following question:

With regard to decoupling and presumption of conformity, how does one comply with MDR now – in light of the fact that EN ISO 14971:2012 is now withdrawn?

This is an excellent question; until EN ISO 14971 is republished with its Z Annexes, which will detail the compliance gaps between ISO 14971:2019 and the Medical Devices Regulations, we really have nothing to go on. In the meantime, I would suggest three courses of action;

3 Courses of Action to Comply with MDR

1. Comply with Annex 1 of the MDR

Comply directly with Annex 1 by carrying out the following 3 steps:  a. Conduct a detailed analysis of the requirements of Annex 1 of the relevant regulation (EU MDR 2017/745 or EU IVDMDR 2017/746 and its Safety and Performance Requirements (SPR).  b. Draw up an SPR Checklist and state how you are addressing each risk and the standards that you are applying.  c. Ensure that the principles, practices, wording and terminology of your risk management activities and documents concur with the principles, practices, wording and terminology contained in the applicable Medical Devices Regulation.

2. Review the Content Deviations

Review the 7 Content Deviations outlined in the 2012 version: In the absence of Z Annexes in EN ISO 14971:2019, review the 7 Content Deviations which were outlined in the Z Annexes of EN ISO 14971:2012 and ensure that your risk management activities and documents are in line with the thrust of the message delivered in those 7 Content Deviations. I expect that the message contained in the Z Annexes of EN ISO 14971:2019 when it is published will be largely similar to that of the 2012 version e.g. Risk reduction As-Far-As-Possible (AFAP) and mandatory Benefit-Risk analysis etc. For details of those 7 Content Deviations and how to comply with them, please see my past blogs on the subject, which can be accessed here.

3. Apply the above to allied standards

Apply the above to allied standards: Any standards used to implement risk management must be read through the lens of the requirements of the Medical Devices Regulations. Some of these allied standards such as IEC 60601 (Electrical Safety), IEC 62304 (Software) and IEC 62366 (Usability) contain the same principles and terminology as contained in ISO 14971, and as such do not comply with the MDRs. These standards may refer to ‘As-low-as-reasonably-practicable (ALARP)’ and use terminology such as ‘if risk reduction is required’ which are not in compliance with the Medical Devices Regulations. Risk reduction is always required by the MDRs and must be AFAP. Also, these standards may use the phrase ‘reduce risk to an acceptable level’; it should be remembered that according to the MDRs, risk can only be considered acceptable on the basis of Benefit-Risk Analysis.


As compliance with the EU Medical Device Regulations becomes mandatory, it is essential that your risk management activities and files comply. Direct application of EN ISO 14971:2019 and allied standards will not result in compliance with the EU MDRs; to achieve this, we need to apply the principles of risk reduction As-Far-As-Possible and Benefit-Risk analysis to all risks irrespective of their magnitude. Adopting the three courses of action outlined above will help to achieve compliance, not alone for the EU but with worldwide regulations.

ISO 14971:2019 Training Course Information

Northridge Quality & Validation and our training partners, SQT Training are running a comprehensive training course on ISO 14971:2019. Note: This course will be delivered via a Virtual Classroom (not in person) 

Course Title: Quality Risk Management and ISO 14971:2019

Course Content: The course will cover the principles and practices of Risk Management and the actions that Medical Device Manufacturers need to do to comply with ISO 14971:2019 and the Medical Devices Regulations.
Course Dates and Booking: This course is  now available by virtual classroom delivery so that you can attend the course without leaving your office or home. See details of upcoming courses here.


ISO 14971 Virtual online course
Ongoing Updates on 14971:2019
In the months ahead, Northridge Quality & Validation and our training partners SQT Training Ltd. will bring you further updates as the documents referenced above are published. You can follow the Northridge Quality & Validation LinkedIn company page here.
Note 1: A harmonised standard is a European standard developed by a recognised European Standards Organisation: CEN, CENELEC, or ETSI. It is created following a request from the European Commission to one of these organisations. Manufacturers, other economic operators, or conformity assessment bodies can use harmonised standards to demonstrate that products, services, or processes comply with relevant EU legislation. The references of harmonised standards must be published in the Official Journal of the European Union. Source: www.ec.europa.eu
Note 2: A list of harmonised standards can be found at https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards_en Please be aware that the current (as of 21st Feb 2020) published list of harmonised standards relates to the three Medical Devices Directives and not to the Medical Devices Regulations 2017/745 and 2017/746.
About the Author – John Lafferty  
John Lafferty is the owner of the Northridge Quality & Validation which provides consultancy to the Medical Device industry.
Specialities  His specialities include Software Validation, MDSAP, ISO 13485, ISO 14971 and MDR. John is the holder of a Degree in Manufacturing Technology, Certificate in Training & Continuing Education, Certificate in Quality Management.
Experience  He has over 25 years’ experience in the medical device and pharmaceutical industry. He was a Senior Manager of a multinational Medical Devices plant where he managed the Quality, Regulatory, Environmental and Health & Safety Management Systems. He has successfully completed numerous consultancy projects with medical device manufacturers in Ireland and throughout Europe.
SQT Training Tutor   John is also a Life Sciences Tutor