CE Marking auditors may ask if you assessed the difference between the ISO version of a standard and the EN standard. Is there a difference?
What is an EN standard?
European Standards are technical standards ratified by one of the three European standards organizations: CEN, CENELEC, or ETSI. European Standards are referred to as an “EN standard.” The “EN” is derived from the German name Europäische Norm (i.e., translated as “European Norm”). Each of the member states have their own standards organizations that is responsible for adopting ISO standards that have been ratified, translation of the standard into the language of the member state, and and issue of translated EN standard. For example: German standards are preceded by “DIN,” Irish standards are preceded by “I.S. EN,” and Swedish standards are preceded by “SS-EN.”
How is an EN version different from the ISO version of a standard?
Historically, EN medical device standards include three Annexes related to harmonization with the standard with the three EU Directives (i.e., MDD, AIMD, and IVDD). Now that the EU Device Regulations have been released (i.e., MDR = 2017/745) and (IVDR = 2017/746), the EN standards now have harmonization Annexes for the two regulations (i.e., ZA and ZB). The content of the ISO Standard is usually not changed in an EN standard unless there is a correction, amendment, or deviation.
Where can you purchase EN versions?
EN standards are translated from the adopted ISO standard by the standards organization for each member state. Below are a few examples:
- Swedish – Swedish Institute for Standards
- Irish – National Standards Association of Ireland
- German – German Institute for Standardization
- Estonian – Estonian Center for Standards and Accreditation
If you already own the ISO version, do you need to buy the EN standard too?
In a Technical File for CE Marking, you are required to demonstrate how you comply with Annex I of the MDR or IVDR. The recommended method of demonstrating compliance is creating a General Safety and Performance Requirements (GSPRs) checklist. In that checklist, you need to identify which applicable standards were used. If an EN standard is available, the GSPR checklist should reference that standard instead of the ISO version. Unfortunately, in order to claim compliance with the EN version, someone needs access to that standard. This could be within your organization or a consultant that assisted in preparing the GSPR checklist to ensure that you are compliant with the EN standard. Generally, we purchase English versions of EN standards from the Estonian Center for Standards and Accreditation, because it is usually the least expensive source. However, if you ask a consultant to do this comparison for you, the best way to perform that comparison is using the comparison function of Adobe Acrobat Pro.
Can you identify EN requirements without the EN version?
Most of the quality system requirements for the MDR and IVDR regulations are found in Article 10 of the regulation. However, there are quality system requirements found in other articles and in the annexes. Therefore, you may be able to find EU requirements in the regulations by doing a keyword search. For example, searching for the word “risk” may help you find risk management requirements throughout the regulations. You may also find European-specific requirements in Common Specifications and MDCG guidance documents.
How to respond to a certification body auditor?
Final Answer: I’m not sure, because every auditor is a little different in their approach. However, as an instructor, I would teach an auditor to ask open-ended questions, such as: “How did you determine if there is an impact upon your procedures and design documentation with regard to the EN standard?” (i.e., – impact analysis). If the company provides an impact analysis and explains why the existing documentation and procedure should not change, I believe this meets the EU requirements. If the certification body auditor is still not satisfied, then you might try asking them, “What differences are you aware of between the EN and ISO versions of the standard?”
Pingback: ISO 14971 – Buy the new 2012 version?…comment please « QC is Dead
Thank you very much for this posting!
Thanks !
Hello Rob,
You seem very well-versed in all things standards. At my company, I administer the standards and have become sort of the resident guru. I do have a question for you regarding EN ISO 14971:2012(e) versus EN ISO 14971:2012(i). What are these alpha versions all about? Do they indicate important changes to the EN adoption? It seems very strange to me that different countries would sell different versions of the same EN adoption. Any clarification that you could provide would be extremely helpful.
Thank you!
Terese
Hi Terese,
The description at the beginning of the Standard should explain it or you can email the Standards bodies that publish the two versions. I think the letter identifies typos being corrected. Each one publishes their own issue so they may have different typos or dates of issue. For 14971 you only need annexes ZA, but ZB, and ZC. There are others more addicted to Standards than I am that can answer this question more precisely. Marcelo Antunes on the Elsmar Cove website is such a person.
Enjoy Reading!
Terese sent the following reply to my email response:
“I was able to figure out finally (following some digging and deduction) what that letter implies EN ISO 14971:2012(E) =English, DIN EN 14971:2012(D) = German, etc.”
See we learn something every day. Thank you Terese.
Dear Robert, I’m working for an IVD manufacturer and I’m of course very much interested in Annex ZC. I didn’t buy the standard, but got the Annex ZC for free through the Dutch normalization institute, how’s that!
Regarding ALARP: in the standard it says: […] “manufacturers and Notified Bodies may not apply the ALARP concept with regard to economic considerations”. In my opinion this means that it is not forbidden to use the ALARP concept as long as you leave out the economic considerations (like we already do). Is this correct?
Having said this, when reading Annex ZC it clearly states ‘Informative’. In my opinion this makes it not mandatory. Is this correct???
Hi Adriaan,
Thank you for your great comment. The new ZA, ZB and ZC annexes to the 14971:2012 Standard were additions mandated by EU Commission, and these interpretations of the risk management requirements for CE Marked products are not new. The difference lies in the enforcement. When I was auditing for BSI, I was trained that the concept of ALARP could not be applied for economic reasons. In practice, each NB enforces this requirement a little differently and each auditor’s competence is slightly different. I was responsible for issuing 14971 certificates to clients and I was an instructor for BSI. Therefore, I made this observation whenever I saw that the procedure allowed ALARP for economic reasons. Sometimes the procedure is not clear, sometimes it is wrong, sometimes the procedure doesn’t match the objective evidence. Before I would issue a nonconformity, I would sample three different things:
1. the procedure
2. objective evidence of risk analysis
3. PMS related to the specific risks where ALARP may have been applied for economic considerations
If there is evidence of adverse events for the specific risk, then I would have strong reasons for issuing a nonconformity. Issues with the risk analysis alone would be reason for additional sampling and probably an observation, but not necessarily a nonconformity. Issues with the procedure alone might be cause for a verbal comment suggesting that the client review a specific section of the MDD–without suggesting any specific remediation. This is where the 3rd party auditor dances on the line of consulting. With increased scrutiny of NBs going forward and the issuance of the 2012 Standard, I think the room for verbal comments is now gone. The question is how to grade the finding–observations or minor nonconformity. At BSI, I would have typically consulted the Scheme Manager responsible for reviewing the Technical File, because this person is responsible for issuance of the CE Certificate and they are equally knowledgeable of the risk management requirements–if not more knowledgeable. As you can see by my description, I try not to be black & white on these issues. If an auditor is more conservative, the grading quickly moves to a minor nonconformity. Other auditors are less confident in their knowledge and may not issue the finding. The client wants consistency, so I think my approach is appropriate.
Thanks for the great comments.
Hi Robert,
Thanks for all of this great information that you’ve provided!
What about products already approved for sale and use in the EU…does our company need to perform new analyses to support 14971, or just confirm that the analyses are still valid with the updated standard? It seems like paperwork updates/synchronization more than a re-validation correct?
Thanks,
David
Thanks for the information provided!
Pingback: ISO 13485 - need training? - Medical Device Academy Medical Device Academy
Pingback: Benefit-Risk Analysis - Deviation #4 in ISO 14971 Medical Device Academy