P
Paul22
Does anyone know if there is any similarity between ISO 31000 and ISO 14971? Are these standards able to co-exist within a medical device industry? Will ISO 31000 be applicable for all MD manufacturers, next to ISO 14971?
FYI Summary:
ISO 31000:2009 provides principles and generic guidelines on risk management.
ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.
Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.
It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.
ISO 31000:2009 is not intended for the purpose of certification.
ISO 14971:2007 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of ISO 14971:2007 are applicable to all stages of the life-cycle of a medical device.
ISO 31000:2009 provides principles and generic guidelines on risk management.
ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.
Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.
It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.
ISO 31000:2009 is not intended for the purpose of certification.
ISO 14971:2007 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls.
The requirements of ISO 14971:2007 are applicable to all stages of the life-cycle of a medical device.
If anyone has anything to share with respect to this post, Please give a hand. My appreciation in advance!
I have some info, sorry for not answering before, just a little busy here 
ISO 31000 is being developed as THE standard on risk management in ISO (following an strategy of ISO on having general management systems standards).
The problem here is that ISO 31000 is for business risk (it details a general enterprise risk management process applicable to all enterprises). ISO 14971, on the contrary, is for product risks. Their similarities, then, are only a few.
Tehy might be able to co-exist because they deal with different things, but the main concern is that, as 31000 is being published to be the general risk management standard on ISO, it will be "forced" into other risk manbagement standards. ISO TC 210, JWG 1, which is the originator of ISO 14971, has been aware of this for some time and is studying possible situations around this scenario.
ISO 31000 is being developed as THE standard on risk management in ISO (following an strategy of ISO on having general management systems standards).
The problem here is that ISO 31000 is for business risk (it details a general enterprise risk management process applicable to all enterprises). ISO 14971, on the contrary, is for product risks. Their similarities, then, are only a few.
Tehy might be able to co-exist because they deal with different things, but the main concern is that, as 31000 is being published to be the general risk management standard on ISO, it will be "forced" into other risk manbagement standards. ISO TC 210, JWG 1, which is the originator of ISO 14971, has been aware of this for some time and is studying possible situations around this scenario.
ISO has just released ISO 31010:2009. Risk management -- Risk assessment techniques
HiI have some info, sorry for not answering before, just a little busy here
ISO 31000 is being developed as THE standard on risk management in ISO (following an strategy of ISO on having general management systems standards).
The problem here is that ISO 31000 is for business risk (it details a general enterprise risk management process applicable to all enterprises). ISO 14971, on the contrary, is for product risks. Their similarities, then, are only a few.
Tehy might be able to co-exist because they deal with different things, but the main concern is that, as 31000 is being published to be the general risk management standard on ISO, it will be "forced" into other risk manbagement standards. ISO TC 210, JWG 1, which is the originator of ISO 14971, has been aware of this for some time and is studying possible situations around this scenario.
We are ISO 13485 certified, and aligned ourselves to the 14971 standard.
Now our CEO wants us to become ISO 27001 and ISO 27799 certified. Both these standards talk about the 31000 risk management standard.
The question is whether we can keep using ISO 14971 to manage the risk of ISO 27001 and ISO 27799 (with adaptations of course).
Would appreiciate any advice.
Thanks
Mandy
ISO 24971 was created to deal with the risk posed by medical devices to the patient/user/etc, so it was not created to any other end. To prevent problems, my suggestion would be to keep ISO 14971 only for that end.
Then you can use ISO 31000 or any other risk management process to deal with other risks.
Similar threads
