ISO 14971 applicability in ISO 13485

DarisS

Starting to get Involved
Hello,
I just had a follow up audit of our ISO 13485 certified system and the auditors issued a non conformity because we are not applying correctly the ISO 14971 for medical devices risk assessment.
My argument of not applying the ISO 14971 was that we are not a medical device manufacturing company, we are "only" designing and manufacturing connectors that may then be incorporated into medical devices by our customers. Those connectors are not specificaly developped for medical devices but are "off the shelves" products.
And when I'm reading the intro of ISO 14971 it says " This document was developed specifically for manufacturers of medical devices on the basis of established principles of risk management that have evolved over many years. This document could be used as guidance in developing and maintaining a risk management process for other products that are not necessarily medical devices in some jurisdictions and for suppliers and other parties involved in the medical device life cycle.".
So my interpretation of that statement is that I could use it as a guidance, but I have no obligation of doing so.
But no way, the auditors wants us to apply the ISO 14971 in full.

Other remark, I don't see any clear reference to the ISO 14971 in the ISO 13485. Only a simple note on chapter 7.1 saying that there are additional information on the ISO 14971.

Any experience to share on that topic?
Thanks
Best Regards,
Daris
 

John C. Abnet

Leader
Super Moderator
Good day @DarisS ;
ISO 14971 is, as you stated, a guidance standard. It is NOT a management system standard. It is NOT auditable to.

You may need to escalate this within your CB (Certification Body) or beyone.

Hope this helps.
Be well.
 

DarisS

Starting to get Involved
Thanks John,
I'll escalate the topic to the CB management.

PS: Funny to see that you are located in Geneva - Indiana as I'm working close to Geneva in Switzerland. :)
 

John C. Abnet

Leader
Super Moderator
Geneva - Indiana as I'm working close to Geneva in Switzerland


HA! Yours is a much more beautiful "Geneva" than mine is. Also, just 6 miles away is "Berne". This area was originally settled by Swiss. In my "Berne" there is a replica of the Muensterberger Clock Tower.

If you are willing, please connect with me on LinkedIn ...

https://www.linkedin.com/in/johnabnet-rakumanagementsystems/

or via my website...

Raku Management Systems – Simple and effective management systems

Be well.
 

DarisS

Starting to get Involved
Before doing that, just make sure you're not claiming compliance to 14971 somewhere!
No, I'm not claiming compliance to 14971. That's the reason of my frustration. The auditors are forcing me to comply with that standard but I do not understand why as I can not find anything on the 13485 that calls for it as a mandatory requirement.
 

William55401

Quite Involved in Discussions
Notified Bodies are a fee for service business model.
By potentially expanding QMS scope to include 14971, it generates additional NB man hours. Escalation to the CB is the right move.
 

Morlock

Involved In Discussions
Digging this one up, as I am in a similar situation. I am currently in the middle of our ISO 13485:2016 Recertification audit, and there is a pending Minor non-conformance for not being current to ISO 14971:2019. We list ISO 14971:2007 as a normative reference/guidance document in our higher level internal documents (Risk Management, Control of External Standards, etc.), but I specifically avoided claiming any compliance to it. We do have a Risk Management process that includes Risk Management Files, FMEAs, FMEA review as part of the CAPA process, etc.

I tried arguing that we specifically don't claim compliance to ISO 14971 (any specific revision), and that ISO 13485:2016 specifically references ISO 14971:2007 with no exceptions for future revisions or "state of the art", but so far, no luck.

Any pointers?
 

yodon

Leader
Super Moderator
What's your company's role? Legal manufacturer of finished devices, contract manufacturer of finished devices, component or service provider, ...?

I think if you're referencing 14971, there would be an expectation to maintain compliance with the current revision. You say you have a Risk Management internal document so it would seem that would be dated. I mean, really, you're probably still saying "risk-benefit analysis!" ;-) Seriously, without further information, it's hard to say, but on the surface, I'm leaning towards the finding in this case.
 
Top Bottom