Blog
 

EN ISO 14971 or not EN ISO 14971?

The European community recognised EN ISO 14971:2012 in July 2012. EN ISO 14971:2012 supersedes
EN ISO 14971:2009 which was based on ISO 14971:2007 ‘Medical devices - Application of risk management
to medical devices’.

In general, the EC committee felt that the application of ISO14971:2007 did not meet the Essential Requirements
described in the European Medical Device Directive 93/42/EEC. Therefore the EC group reviewed ISO14971 to
identify these areas in the standard that are not compliant with the MDD and formally document these deviations.

EN ISO 14971:2012 applies only to manufacturers with devices intended for the European market; for the rest of
the world, ISO 14971:2007 remains the standard recommended for risk management purposes.

Standard outline

This standard published* in 2012 is somewhat unusual in its layout: it includes three annexes located at the beginning
of the document and then includes a copy of the 2007 corrected version of ISO 14971. So in essence new content is
all contained in the three annexes entitled ZA, ZB and ZC. These annexes apply to Medical Devices (MDD), Active
Implantable Medical Devices (AIMD) and In Vitro Diagnostic Medical Devices (IVDD) respectively. Annex ZA details
seven deviations between the ISO standard and the essential requirements of the MDD.

How has it been received?

The deviations described in these annexes have not been embraced by the community. In fact they triggered debates
on many forums and several safety engineers have expressed consternation and disagreement. For instance see the
following interesting discussion on LinkedIn.

Among the many contentious discussions, one of them appears to take place between the ISO group and the EC. For
instance SoftwareCPR web site reports that “The debate over ISO 14971 continues between industry and the European
Commission. The joint ISO & IEC working group responsible for ISO 14971 met and determined that ISO 14971 still
represents the state of the art for medical device risk management and that no changes were needed despite the
position of the EC that ISO 14971 does not meet the essential requirements of the directives. Several notified bodies
and COCIR/Eucomed have produced guidance for how manufacturers can use ISO 14971 in claiming conformance
to the essential requirements.”

Some thoughts

Several EN14971 statements are strong and powerful statements that may surprise more than one safety engineer.
For instance it says “that all risks, regardless of their dimension, need to be reduced as much as possible”.
Apparently this statement is derived from Annex I Section I and II of the EU Council Directive 93/42/EEC. In my
opinion this is a leap of faith.

One could wonder about the role of risk assessment in this new context. Typically risk assessment is performed
to focus attention during the design & development phase on the most severe hazards or the most critical ones.
Risk assessment also helps determine how much risk mitigation for a particular hazard is required. In the EN14971
context, one would reduce all risks as much as possible and therefore risk assessment would only be used to
confirm that the residual risks are acceptable. This approach could mean spending substantial effort on risk
reduction for risks that may be acceptable from the onset.

Conclusion

Given the multiple debates of opinion and interpretation of EN14971, we recommend that you consult your notified
body to determine their position on this new standard. Some notified bodies have already published their position
versus EN14971. Additionally if your organization is already compliant with ISO 14971, we recommend that you
review the EU MDD and determine whether additional changes to your risk management process are required to
be compliant with the EU MDD. Let us not forget that the intent of EN14971 is to highlight areas where compliance
 with ISO14971 may not always mean compliance with the Essential Requirements of the EU MDD. At the end of
the day, the goal of a medical device manufacturer is compliance with the EU MDD rather than EN14971 and we
should not lose track of this goal.

*The European Committee for Standardization (CEN) does not re-sell standards. As a result EN ISO 14971 can
be obtained from one of the national standards body. You could get the UK version, the Danish version, etc.
All these versions should be identical except for the first few introductory pages.

 

Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance CSL has been an active member of the international committee, RTCA SC 216, charged with the responsibility of developing guidance material that will help ensure safe, secure and efficient operations amid the growing use of highly integrated electronic systems and network technologies used on-board aircraft, for CNS/ATM systems and air carrier operations and maintenance. Recent efforts of the committee have resulted in a revision of RTCA DO 326 “Airworthiness Security Process Specification” that was released on the RTCA web site in August 2014. The guidance of DO-326A is intended to augment current guidance for aircraft certification to handle the information security (i.e., cybersecurity) threat to aircraft safety. In a nutshell, this new document describes a security engineering process that includes generic activities with corresponding compliance objectives. The scope of DO-326A not only covers the...
EN ISO 14971 or not EN ISO 14971?
Friday, 06 September 2013
EN ISO 14971 or not EN ISO 14971?The European community recognised EN ISO 14971:2012 in July 2012. EN ISO 14971:2012 supersedes EN ISO 14971:2009 which was based on ISO 14971:2007 ‘Medical devices - Application of risk management to medical devices’.In general, the EC committee felt that the application of ISO14971:2007 did not meet the Essential Requirements described in the European Medical Device Directive 93/42/EEC. Therefore the EC group reviewed ISO14971 to identify these areas in the standard that are not compliant with the MDD and formally document these deviations.EN ISO 14971:2012 applies only to manufacturers with devices intended for the European market; for the rest of the world, ISO 14971:2007 remains the standard recommended for risk management purposes.Standard outlineThis standard published* in 2012 is somewhat unusual in its layout: it includes three annexes located at the beginning of the document and then includes a copy of the 2007 corrected version of ISO...
FAA Recognizes RTCA DO 178C
Friday, 26 July 2013
FAA recognizes RTCA DO-178C and associated technical supplements (July 2013)The FAA published AC20-115C on July 19, 2013. In this AC, the FAA recognizes RTCA DO-178C, three associated technical supplements and the 'Software Tool Qualification Considerations' document.The actual documents that are the subject of this AC are the following RTCA documents:- DO-178C, Software Considerations in Airborne Systems and Equipment Certification- DO-330, Software Tool Qualification Considerations, dated December 13, 2011.- DO-331, Model-Based Development and Verification Supplement to DO178C and DO-278A,- DO-332, Object-Oriented Technology and Related Techniques Supplement to DO-178C and DO-278A- DO-333, Formal Methods Supplement to DO-178C and DO-278AIt has been a long awaited recognition since the release of RTCA DO-178C in December 2011. (In terms of comparison, RTCA DO-178B was endorsed by the FAA only one month after its publication).Similarly to the previous AC that it replaces, this new AC...
Correctness vs Safety
Tuesday, 16 July 2013
Correctness vs. SafetyOne of the examples that we regularly use in our training material is the catastrophic loss of Lufthansa Flight 2904 on September 14, 1993 when it ran off the end of the runway in Warsaw Poland.  It is an interesting and very useful teaching example because it illustrates some of the main themes of the training that we regularly provide to clients on system/software safety. This accident is particularly effective as an introduction to the training material because students quickly realize that we are not simply talking about defect prevention or quality assurance.When an Airbus 320 lands, the crew relies on the combination of brakes, ground spoilers and reverse thrusters to slow the aircraft.  However in the case of Flight 2904 the activation of all three of these critical systems was delayed such that the aircraft reached the end of the runway at a speed of 72 knots and hit an embankment resulting in 2 fatalities.The official investigation concluded that the...
Alarm Management
Wednesday, 22 May 2013
Alarm Management  Our clients appreciate the fact that we are involved in projects across a wide spectrum of industries becausewe bring insights from common challenges experienced by other industries that lead to innovative solutionsto their problems.  A good example is alarm management which is a consideration in the design of almostevery kind of critical system.  Although the details of alarm management may vary considerably betweentechnical domains, our approach to helping clients with alarm management is based on the same fundamentalconcepts and principles.Thanks to Hollywood and movies such as The China Syndrome (1979), most of us have a sense of theadrenaline fueled drama of a control room during an emergency with alarm bells ringing and lights flashing.  But helping a client develop a sound approach to alarm management goes well beyond thinking about therare moments of high drama.For example, an operator could eventually become desensitized to a spurious alarm that is repeatedly...