Following on from my previous blog which explored the difference between EN and ISO versions of 14971:2019 – Part 1, and based on feedback we received, it is apparent that our readers are interested in answers to the following question:

With regard to decoupling and presumption of conformity, how does one comply with MDR now – in light of the fact that EN ISO 14971:2012 is now withdrawn?

This is an excellent question; until EN ISO 14971 is republished with its Z Annexes, which will detail the compliance gaps between ISO 14971:2019 and the Medical Devices Regulations, we really have nothing to go on. In the meantime, I would suggest three courses of action;

3 Courses of Action to Comply with MDR

1. Comply with Annex 1 of the MDR

Comply directly with Annex 1 by carrying out the following 3 steps:  a. Conduct a detailed analysis of the requirements of Annex 1 of the relevant regulation (EU MDR 2017/745 or EU IVDMDR 2017/746 and its Safety and Performance Requirements (SPR).  b. Draw up an SPR Checklist and state how you are addressing each risk and the standards that you are applying.  c. Ensure that the principles, practices, wording and terminology of your risk management activities and documents concur with the principles, practices, wording and terminology contained in the applicable Medical Devices Regulation.

2. Review the Content Deviations

Review the 7 Content Deviations outlined in the 2012 version: In the absence of Z Annexes in EN ISO 14971:2019, review the 7 Content Deviations which were outlined in the Z Annexes of EN ISO 14971:2012 and ensure that your risk management activities and documents are in line with the thrust of the message delivered in those 7 Content Deviations. I expect that the message contained in the Z Annexes of EN ISO 14971:2019 when it is published will be largely similar to that of the 2012 version e.g. Risk reduction As-Far-As-Possible (AFAP) and mandatory Benefit-Risk analysis etc. For details of those 7 Content Deviations and how to comply with them, please see my past blogs on the subject, which can be accessed here.

3. Apply the above to allied standards

Apply the above to allied standards: Any standards used to implement risk management must be read through the lens of the requirements of the Medical Devices Regulations. Some of these allied standards such as IEC 60601 (Electrical Safety), IEC 62304 (Software) and IEC 62366 (Usability) contain the same principles and terminology as contained in ISO 14971, and as such do not comply with the MDRs. These standards may refer to ‘As-low-as-reasonably-practicable (ALARP)’ and use terminology such as ‘if risk reduction is required’ which are not in compliance with the Medical Devices Regulations. Risk reduction is always required by the MDRs and must be AFAP. Also, these standards may use the phrase ‘reduce risk to an acceptable level’; it should be remembered that according to the MDRs, risk can only be considered acceptable on the basis of Benefit-Risk Analysis.

Conclusion

As compliance with the EU Medical Device Regulations becomes mandatory, it is essential that your risk management activities and files comply. Direct application of EN ISO 14971:2019 and allied standards will not result in compliance with the EU MDRs; to achieve this, we need to apply the principles of risk reduction As-Far-As-Possible and Benefit-Risk analysis to all risks irrespective of their magnitude. Adopting the three courses of action outlined above will help to achieve compliance, not alone for the EU but with worldwide regulations.

ISO 14971:2019 Training Course Information

Northridge Quality & Validation and our training partners, SQT Training are running a comprehensive training course on ISO 14971:2019. Note: This course will be delivered via a Virtual Classroom (not in person) 

Course Title: Quality Risk Management and ISO 14971:2019