Search the Elsmar Cove!
**Search ALL of** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory
Social Distancing - It's not just YOUR life - It's ALL of OUR lives!
Me <——————— 6 Feet ———————-> You

ISO 14971 applied to ISO 13485? Low risk class 1 devices


Involved In Discussions
Hello fellow quality people!

I am currently writing a procedure for risk management for my 13485 system. I have a draft copy of 14971 (I'm assuming nothing significant changed between draft and final release...) and I felt it wold be good practice to incorporate 14971 principles into my procedure where useful. We manufacture low risk class 1 devices.

I assume that certification to 14971 isn't necessary unless manufacturers need to demonstrate more detailed risk management / go through a notified body?

Thoughts appreciated!


Whilst you can certainly become certified to ISO 14971 there isn't any expectation to do so, even for high risk devices. If you have a risk management report it will be likely that it will be reviewed as part of your ISO 13485 audit to simply determine if you have met the risk requirements defined within ISO 13485. I would simply say to make sure your risk management process covers your QMS procedures and devices and that should be sufficient.

Ed Panek

QA RA Small Med Dev Company
Obtain a final copy of 14971:2019 and list it as a reference on your risk documents. There are some definitions regarding risk terminology you should adhere to.

Ronen E

Problem Solver
Staff member
Super Moderator
you can certainly become certified to ISO 14971
Which bodies are accredited to provide such stand-alone certification?

@Jamesv, ISO 13485 doesn't require ISO 14971 compliance, as such. 14971 is only mentioned as a possible source of information. Application of 14971 may be beneficial/effective from several perspective, but from a compliance perspective it's not mandatory. It may be beneficial from a regulatory perspective, but that perspective needs to be clarified first, and if you aren't subject to regulatory audit such full-blown application might be an overkill.

Generally I see this trend as a fine example of regulatory creep.

Where IEC 60601-1 applies ISO 14971 does come in as a requirement, but that's a different story.
Last edited:
Top Bottom