Europe updates ISO 14971 and ISO 13485 – So what’s changed?
There’s been lots of consternation and gnashing of teeth about the recent “new” European versions of ISO 14971 and ISO 13485. For example see this discussion in LinkedIn.
So what’s really changed? The answer in one sense is nothing at all. The EN versions simply add Annexes to cross reference to the Essential Requirements in the Directives. But the truth is that there’s a new layer of regulatory interpretation here which needs to be understood to ensure compliant risk management.
First: let’s be clear about the ZA/B/C Annexes – the primary intent is to explain to the user of the standard how compliance with the standard may be used to as a means to demonstrate compliance with a Directive. The Annexes are first and foremost a cross reference between standard clauses and Directive clauses. They do not change the technical requirements of the standard in any way.
However the Annexes may point to limitations and conflicts between standard and Directive. That’s what’s been done with ISO 14971 and where it gets interesting. For example the Annexes include the following conflicts:
- ISO 14971 allows manufacturers to neglect negligible risks, whereas the Directives requires mitigation of all risks
- The Directive makes no allowance for economic considerations when considering reduction of risks to as low as reasonably practical (ALARP), instead requiring risks to be reduced “as far as possible”. That’s right – the strict interpretation of the Directive is that if there’s a ruinously expensive way of making a small reduction in a low risk then you should spend the money…
- ISO 14971 allows some flexibility on whether to conduct an overall risk benefit analysis if the treatment of individual risks results in high leevels of safety. The Directive affords no such luxury and effectively mandates an overall risk/benefit review in addition to the review of individual risks.
So – if you are marketing in Europe (or anywhere else that uses “Essential Principles” as a basis for compliance, you need to be aware of these Annexes and usr them to guide interpretation and applicationj of standards.
Finally – remember that the European system is one which does not mandate any standard – it is always possible to provide a reasoned argument as to why a departure from a standard is acceptable and that compliance with the Directive is achieved by some other means. There are even rare examples such as organisations achieving CE mark without compliance to ISO 13485.