Do you need to purchase the latest EN ISO 14971 version?

It is not necessary to purchase the EN ISO 14971 version because you should already be compliant and amendments are sold separately.

Discussion about a risk management standard 1024x664 Do you need to purchase the latest EN ISO 14971 version?

If the above conversation sounds familiar, hopefully, this blog will help.

Note: This is a 2012 blog that will be updated and/or consolidated soon, but here’s a link for risk management training.

Question 1: What is the current version of EN ISO 14971?

Answer 1: EN 14971 was revised to 2012 on July 6, 2012. The previous 2009 version was withdrawn. The ISO version is not changing–just the EN version.

Question 2: What’s new in 2012?

Answer 2: Only the three Annexes related to harmonization with the three directives (MDD, AIMDD, and IVDD) were updated. The content of the Standard itself has not changed.

Question 3: Do I need to buy EN ISO 14971… which really hasn’t changed since 2007?

Answer 3:  No…unless you still have the 2000 version. (just my personal opinion … not anyone else necessarily agrees)

Why you don’t need to buy the  EN ISO 14971 version…

Historically, Annex ZA was the annex at the back of a Standard that would explain how it is harmonized with the European Directives. However, in 2009, Annex ZA was separated into ZA, ZB, and ZC. Each of these Annexes explained how the current version of ISO 14971  (then ISO 14971:2007) differs from each of the three directives. In addition, there was a correction to Figure 1 (i.e., – arrow in the wrong location). Neville Clarke provided a good summary of these minor changes that occurred in 2009. The European Commission was concerned with some of the differences between the 2009 Standard and the Directives. Therefore, the Standard has been updated to clarify these differences.

There are seven technical deviations from the Standard that are required for compliance with the European Directives. Marcelo Antunes is an expert on Standards, and he accurately describes these deviations as “weird” in a discussion thread on Elsmar Cove’s Forum. The deviation that seems to have caught the most attention is the requirement to reduce ALL risk to “as low as possible” (ALAP) rather than to a level that to “as low as reasonably practicable” (ALARP concept). The “ALAP” acronym was a joke, but it wouldn’t be the first time that something like this stuck (i.e., – SWAG).

An alternative approach to verifying compliance with EN ISO 14971

If you sleep with a label maker under your pillow, you should buy the new BS EN 14971:2012 version,  so you can ensure that you are staying in compliance with each of these seven deviations and that you have considered the implications fully in your procedure for Risk Management. However, if you are a practical person that prefers not to upset the entire development team, I recommend a different approach.

1. Download a copy of the relevant Directive from the Europa Website

2. Using Adobe, search the entire Directive for the word “risk”:

AIMDD = 24 times

MDD = 55 times

IVDD = 34 times

3. Systematically review where the word “risk” is used to determine if you need to make adjustments for your CE Marked products. If you already have a CE Mark, there should be no changes required to your risk management documents. Your procedures might need clarification to observe the requirements of the Directive when there is a difference between the Standard and the Directive.

Last Question: What is your Notified Body auditor going to do?

Final Answer: I’m not sure, because every auditor is a little different in their approach. However, as an instructor, I would teach an auditor to ask open-ended questions, such as: “How did you determine if there is an impact upon your procedures and design documentation with regard to the updated Standard?” (i.e., – impact analysis). If the company provides an impact analysis and explains why the existing risk documentation and procedure should not change, I believe this meets the requirements for “equivalency with the State of the Art.”

Honestly, I haven’t seen one single company that was 100% in compliance with the “letter” of the Directives or the Standard. Sometimes, rational thought must overcome political compromises and irrational behaviors.

On the other hand, it’s always possible that these seven deviations, and the information on corrective action, will fundamentally change the way your company approaches risk management (I just dare you to bring it up in your next management review).

If you would like a second opinion, the Document Center’s Standard Forum says, “As you can see, this material is essential to conformance with the EN requirements and will make the purchase of the EN edition (BS EN ISO 14971 is the official English language edition) mandatory for medical device manufacturers certifying to the standard for sales in Europe.” FYI…Document Center’s Standard Forum sells Standards. You can buy this one from them for $324.


13 thoughts on “Do you need to purchase the latest EN ISO 14971 version?”

  1. Pingback: ISO 14971 – Buy the new 2012 version?…comment please « QC is Dead

  2. Hello Rob,

    You seem very well-versed in all things standards. At my company, I administer the standards and have become sort of the resident guru. I do have a question for you regarding EN ISO 14971:2012(e) versus EN ISO 14971:2012(i). What are these alpha versions all about? Do they indicate important changes to the EN adoption? It seems very strange to me that different countries would sell different versions of the same EN adoption. Any clarification that you could provide would be extremely helpful.

    Thank you!


  3. Hi Terese,

    The description at the beginning of the Standard should explain it or you can email the Standards bodies that publish the two versions. I think the letter identifies typos being corrected. Each one publishes their own issue so they may have different typos or dates of issue. For 14971 you only need annexes ZA, but ZB, and ZC. There are others more addicted to Standards than I am that can answer this question more precisely. Marcelo Antunes on the Elsmar Cove website is such a person.

    Enjoy Reading!

  4. Terese sent the following reply to my email response:

    “I was able to figure out finally (following some digging and deduction) what that letter implies EN ISO 14971:2012(E) =English, DIN EN 14971:2012(D) = German, etc.”

    See we learn something every day. Thank you Terese.

  5. Adriaan P. Intveld

    Dear Robert, I’m working for an IVD manufacturer and I’m of course very much interested in Annex ZC. I didn’t buy the standard, but got the Annex ZC for free through the Dutch normalization institute, how’s that!

    Regarding ALARP: in the standard it says: […] “manufacturers and Notified Bodies may not apply the ALARP concept with regard to economic considerations”. In my opinion this means that it is not forbidden to use the ALARP concept as long as you leave out the economic considerations (like we already do). Is this correct?

    Having said this, when reading Annex ZC it clearly states ‘Informative’. In my opinion this makes it not mandatory. Is this correct???

    1. Hi Adriaan,
      Thank you for your great comment. The new ZA, ZB and ZC annexes to the 14971:2012 Standard were additions mandated by EU Commission, and these interpretations of the risk management requirements for CE Marked products are not new. The difference lies in the enforcement. When I was auditing for BSI, I was trained that the concept of ALARP could not be applied for economic reasons. In practice, each NB enforces this requirement a little differently and each auditor’s competence is slightly different. I was responsible for issuing 14971 certificates to clients and I was an instructor for BSI. Therefore, I made this observation whenever I saw that the procedure allowed ALARP for economic reasons. Sometimes the procedure is not clear, sometimes it is wrong, sometimes the procedure doesn’t match the objective evidence. Before I would issue a nonconformity, I would sample three different things:
      1. the procedure
      2. objective evidence of risk analysis
      3. PMS related to the specific risks where ALARP may have been applied for economic considerations
      If there is evidence of adverse events for the specific risk, then I would have strong reasons for issuing a nonconformity. Issues with the risk analysis alone would be reason for additional sampling and probably an observation, but not necessarily a nonconformity. Issues with the procedure alone might be cause for a verbal comment suggesting that the client review a specific section of the MDD–without suggesting any specific remediation. This is where the 3rd party auditor dances on the line of consulting. With increased scrutiny of NBs going forward and the issuance of the 2012 Standard, I think the room for verbal comments is now gone. The question is how to grade the finding–observations or minor nonconformity. At BSI, I would have typically consulted the Scheme Manager responsible for reviewing the Technical File, because this person is responsible for issuance of the CE Certificate and they are equally knowledgeable of the risk management requirements–if not more knowledgeable. As you can see by my description, I try not to be black & white on these issues. If an auditor is more conservative, the grading quickly moves to a minor nonconformity. Other auditors are less confident in their knowledge and may not issue the finding. The client wants consistency, so I think my approach is appropriate.

  6. Hi Robert,
    Thanks for all of this great information that you’ve provided!
    What about products already approved for sale and use in the EU…does our company need to perform new analyses to support 14971, or just confirm that the analyses are still valid with the updated standard? It seems like paperwork updates/synchronization more than a re-validation correct?

  7. Pingback: ISO 13485 - need training? - Medical Device Academy Medical Device Academy

  8. Pingback: Benefit-Risk Analysis - Deviation #4 in ISO 14971 Medical Device Academy

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top