All terms

    ISO 14971

    International standard for the application of risk management to medical devices.

    Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

    Definition

    ISO 14971:2019 specifies terminology, principles, and a process for risk management of medical devices, including software and in-vitro diagnostics, throughout the device lifecycle.

    What this means in practice

    Risk management per ISO 14971 underpins design controls, cybersecurity risk decisions, post-market surveillance, and benefit-risk determinations expected by FDA, EU notified bodies, and other regulators.

    Use cases

    1 scenario
    1

    Risk file for an AI-enabled radiology triage tool

    Risk Management lead

    The team builds a risk management file: hazard analysis covering false negatives, automation bias, and model drift; risk controls including human-in-the-loop review and performance monitoring; and a benefit-risk conclusion tied to clinical evidence.

    OutcomeThe file supports both FDA and EU MDR submissions and drives the post-market performance monitoring plan.

    Cross-references

    Used by

    Overlaps with

    See also

    Shared paths + category

    Latest in MedTech

    Primary references

    3 sources
    Link health: 3 verified· last checked 2026-06-20
    ISO·2IEC·1
    1. 1
      ISO 14971:2019
      Verified
      ISOiso.org
    2. 2
      ISO Standards Catalogue - Health
      Verified
      ISOiso.org
    3. 3
      IEC Webstore - Medical Equipment
      Verified
      IECwebstore.iec.ch

    Inline markers like [1] jump to the matching reference above.