Skip to main content
  • Service

ISO 14971 Risk Management Consulting for Medical Device Companies

Medical device regulators in almost all major markets recognize that risk management principles should be used to identify and address safety issues of devices throughout their life cycle.

Dominos standing on a table with a hand in between two of the dominos


  • What does ISO 14971 require?
  • How do I implement ISO 14971?
  • How do I apply the risk management system and concepts to my product?


Medical device regulators in almost all major markets recognize that risk management principles should be used to identify and address safety issues of devices throughout their life cycle. ISO 14971 is formally recognized as the de facto risk management standard by regulatory authorities in the US, Europe, Canada, Australia, and more. ISO 14971 improves your organization's ability to reduce uncertainty, and your ability to achieve the critical objective of ensuring device safety and effectiveness.

What does ISO 14971 require?

ISO 14971 helps your company establish, document, and maintain a systematic process to manage the risks associated with the use of a medical device. This includes ongoing monitoring of field experience, thereby embracing the concepts of continuous improvement and state of the art device performance. To maximize effectiveness of your risk management system, ISO 14971 can and should be an integral part of your quality management system (QMS) as required by ISO 13485.

Specific requirements of ISO 14971 include:

  • Provision of adequate resources
  • Assignment of qualified personnel
  • Establishment of a policy for risk acceptability criteria
  • Management reviews of the Risk Management System

With these elements in place, ISO 14971 adds requirements tailored to provide the risk control needed for a given medical device. These requirements include:

  • Risk management planning
  • Risk analysis of the medical device
  • Evaluation of the identified risks
  • Identification and implementation of controls for the risks
  • Evaluation of overall residual risk
  • Risk management file (documentation)
  • Monitoring production and post-production information to ensure safety

ISO 14971 risk management implementation process

While the quality management and risk management systems can stand alone, it is advantageous to merge them into a single, integrated system. If you are implementing an ISO 13485 QMS or already have one in place, we can assist with integrating ISO 14971 into your existing QMS. Our implementation process consists of two parts:

  • Step One: Gap Analysis
    Our expert consultants perform an on-site or off-site review of your current procedures and risk management documents to analyze your current level of compliance with ISO 14971.
  • Step Two: Establish Risk Management process and Risk Management File
    Based on our gap analysis and requirements for your device type, we design and document a system for managing and evaluating risk that meets the requirements for ISO 14971.

We can apply the two-step process to focus on ISO 14971 if you have separate risk management and quality management systems. Alternatively, we can customize a review and support for individual process elements (e.g., risk analysis, post-market surveillance) as needed.

Once your risk management system is in place, we can assist with making sure all personnel understand how they contribute to effective risk management and quality management. Click here to learn more about Emergo’s training offerings.

Applying risk management through the device life cycle

Your risk management system must function effectively to meet customer and regulatory requirements. However, this can be a daunting task as devices become more sophisticated and regulator expectations become more rigorous. We can support your team’s risk management efforts for the entire product lifecycle, from initial product concept through end of life:

  • Planning – Defining the scope of risk management activities and integrating with your QMS processes is the first step to applying an effective risk management system. We can guide you through the requirements for defining responsibilities and authorities, establishing risk acceptance criteria, and establishing a system for collection and review of production and post-production information, and more.
  • Documentation – We are familiar with a wide range of formats and approaches for documentation that demonstrates traceability for all hazards. We understand how each element integrates with the overall risk management process to identify potential gaps or opportunities for improvement when supporting product documentation efforts.
  • Risk Analysis/Assessment – Our risk management experts have the expertise to support various risk analysis/assessment steps, including facilitating a clear understanding of the Intended Use, Users, and Use Environment, and a detailed understanding of the characteristics related to safety. We can help define potential risks for consideration and facilitate the process of risk estimation and evaluation.
  • Risk Control – Risk Control includes the process of identifying means to reduce specific risks through an iterative process, whether the risk is associated with product design, manufacturing, outsourced processes, staff competence, or other sources. Our risk management experts can facilitate discussions and provide an independent, objective perspective throughout this activity.
  • Production and Post-Production Information – Our risk management experts understand the expectations for post-market surveillance (PMS) under the Medical Devices Regulation (MDR 2017/745) and In Vitro Diagnostic Devices Regulation (IVDR 2017/746); we can provide insight into these requirements to ensure you effectively monitor your device's field performance.

Choose Emergo as your ISO 14971 consultants for medical device risk management

Our experts understand what it takes to connect and manage process interactions to produce the desired outcome: patient safety. Emergo's global team of RA/QA consultants can help you assess your quality system, implement ISO 14971, and comply with risk management requirements in markets around the world in an efficient, cost-effective way. We can help to bridge the gap between the seemingly abstract risk management concepts and product design input and output requirements.

Here's what you get when you choose Emergo:

  • Our consulting team has implemented hundreds of FDA QSR and ISO 13485 quality systems at medical device manufacturers of a wide range of Class I, II, and III devices.
  • Our experienced team of consultants is skilled at facilitating the process of identifying and reducing risk in all types of devices and processes.
  • We have extensive experience integrating ISO 14971 into existing ISO 13485 and FDA GMP QMSs, and team members participate in development of the ISO 14971 risk management standard.
  • Emergo is widely known in the industry for providing high-quality consulting to medical device companies.
  • Our risk management experts have in-depth product knowledge covering a wide range of functional and technical disciplines (e.g., human factors engineering, software engineering). 

Ask us about ISO 14971 implementation and risk management consulting services for medical devices.

Common ISO 14971 risk management questions

How do we maintain compliance with ISO 14971?
Emergo's QA consultants can train your employees and management on the benefits and processes of ISO 14971 compliance. Learn more about our risk management training.

Is ISO 14971:2012 the most recent version of the standard?
The current international standard for risk management of medical devices is ISO 14971:2007. That said, individual regions typically review the International versions of standards before adopting them. For example, the US Food and Drug Administration (FDA) Recognized Consensus Standard is ANSI/AAMI ISO 14971:2007/(R)2010; in the European Union, the harmonized standard is EN ISO 14971:2012. Different regions typically modify or amend the international version of a standard to satisfy local regulatory requirements.

Within the UL family of companies we provide a broad portfolio of offerings to all the Medical Device industries. This includes certification, notified body and consultancy services In order to protect and prevent any conflict of interest, perception of conflict of interest and protection of both our Brand and our customers brands UL is unable to provide consultancy services to Notified Body or MDSAP customers. UL has processes in place to identify and manage any potential conflicts of interest and maintain impartiality.


Request information from our specialists

Thanks for your interest in our products and services. Let's collect some information so we can connect you with the right person.

Please wait…