ISO 14971 Hazard Identification and Risk Analysis Explained
If hazard identification is weak, your entire risk management system is unreliable.
This is where most ISO 14971 failures begin—not in documentation, but in incomplete thinking.
Why Hazard Identification is Critical
ISO 14971 requires manufacturers to identify hazards associated with a medical device in both normal and fault conditions. :contentReference[oaicite:0]{index=0}
If hazards are missed:
- Risks cannot be assessed
- Controls cannot be implemented
- Patients and users may be exposed to harm
What is a Hazard in ISO 14971?
A hazard is a potential source of harm. :contentReference[oaicite:1]{index=1}
Examples include:
- Electrical energy
- Biological contamination
- Mechanical failure
- Use error
Hazard vs Hazardous Situation vs Harm
| Concept | Definition |
|---|---|
| Hazard | Source of harm |
| Hazardous Situation | Exposure to hazard |
| Harm | Actual injury or damage |
Understanding this relationship is critical for proper risk analysis.
The ISO 14971 Risk Analysis Process
Risk analysis involves:
- Identifying hazards
- Identifying hazardous situations
- Estimating risks
This process must be documented and recorded in the risk management file. :contentReference[oaicite:2]{index=2}
Step 1: Define Intended Use
Start by clearly defining:
- Intended use
- Users (trained vs lay)
- Use environment
- Reasonably foreseeable misuse
This step drives hazard identification.
Step 2: Identify Hazards
Identify hazards under:
- Normal conditions
- Fault conditions
Examples of hazard categories:
- Mechanical
- Electrical
- Thermal
- Biological
- Software-related
- Use error
Step 3: Identify Hazardous Situations
Determine how hazards could lead to harm.
This includes:
- Sequences of events
- Failure modes
- User interactions
Step 4: Estimate Risk
For each hazardous situation, estimate:
- Probability of occurrence
- Severity of harm
Risk is defined as the combination of probability and severity. :contentReference[oaicite:3]{index=3}
Risk Estimation Methods
- Qualitative (low, medium, high)
- Semi-quantitative (risk matrix)
- Quantitative (data-driven)
The method must be defined and consistent.
Hazard Identification Examples
Example 1: Electrical Device
- Hazard: Electrical energy
- Hazardous situation: User exposed to live component
- Harm: Electrical shock
Example 2: Sterile Device
- Hazard: Biological contamination
- Hazardous situation: Loss of sterility
- Harm: Infection
Example 3: Software-Controlled Device
- Hazard: Software error
- Hazardous situation: Incorrect output
- Harm: Misdiagnosis or incorrect treatment
Common Risk Analysis Mistakes
- Missing hazards
- Not considering misuse
- Incomplete event sequences
- Inconsistent risk scoring
What Auditors Look for
Auditors will assess:
- Completeness of hazard identification
- Logic of hazardous situations
- Consistency of risk estimation
- Traceability in risk file
They will test whether your analysis reflects real-world use.
How Hazard Identification Links to CAPA
Hazards are not static—they evolve.
- CAPA findings may identify new hazards
- Complaints may reveal missed risks
- Post-market data updates risk analysis
ISO 14971 requires continuous monitoring and updating of risk information. :contentReference[oaicite:4]{index=4}
How to Strengthen Your Risk Analysis Process
- Use cross-functional teams
- Apply structured methods (FMEA, FTA)
- Review historical data and complaints
- Regularly update risk files
FAQ: Hazard Identification and Risk Analysis
What is hazard identification in ISO 14971?
The process of identifying potential sources of harm associated with a device.
What is risk analysis?
The process of identifying hazards and estimating associated risks.
Is risk analysis required?
Yes. It is a core requirement of ISO 14971.
What is the most common mistake?
Missing hazards or incomplete analysis.
Final Takeaway
Risk management starts with hazard identification.
If you miss the hazard, you miss the risk—and that is where real failures begin.
