MedTech Terms
    The authoritative reference
    All terms

    ISO 14971

    International standard for the application of risk management to medical devices.

    Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

    Definition

    ISO 14971:2019 specifies terminology, principles, and a process for risk management of medical devices, including software and in-vitro diagnostics, throughout the device lifecycle.

    What this means in practice

    Risk management per ISO 14971 underpins design controls, cybersecurity risk decisions, post-market surveillance, and benefit-risk determinations expected by FDA, EU notified bodies, and other regulators.

    Use cases

    1 scenario
    1

    Risk file for an AI-enabled radiology triage tool

    Risk Management lead

    The team builds a risk management file: hazard analysis covering false negatives, automation bias, and model drift; risk controls including human-in-the-loop review and performance monitoring; and a benefit-risk conclusion tied to clinical evidence.

    OutcomeThe file supports both FDA and EU MDR submissions and drives the post-market performance monitoring plan.

    Cross-references

    Used by

    Things that build on this term.

    Overlaps with

    Covers some of the same ground; not interchangeable.

    See also

    Closely related context worth reading.

    Primary references

    3 sources
    Link health: 3 verified· last checked 2026-05-09
    ISO·2IEC·1
    1. 1
      ISO 14971:2019
      Verified
      ISOiso.org
    2. 2
      ISO Standards Catalogue - Health
      Verified
      ISOiso.org
    3. 3
      IEC Webstore - Medical Equipment
      Verified
      IECwebstore.iec.ch

    Inline markers like [1] jump to the matching reference above.