An investigation of the current status quo of ISO 14971 risk management challenges in the medical device industry

Purpose This study investigates current challenges in implementing risk management in the medical device industry. It focuses on the application of ISO 14971:2019 as a framework to achieve global regulatory compliance. In the European Union (EU), the harmonized version, EN ISO 14971:2019/A11:2021, is utilized to demonstrate conformity with the EU Medical Devices Regulation (EU MDR, 2017/745). Design/methodology/approach Twelve risk management experts from three geographic regions (Ireland, the US and the UK) were interviewed to gain insights into the key challenges concerning their efforts in implementing the ISO 14971 standard following its update in 2019, and in meeting regulatory requirements, with a focus on European Union MDR 2017/745. Findings The key areas of challenges emerged as: (1) Risk information feedback from production and post-production activities. There is a need to integrate Post Market Surveillance requirements into risk management systems, emphasizing proactive data sources rather than relying solely on reactive mechanisms of feedback, such as complaint vigilance reporting. (2) The process, i.e. qualitative or quantitative, of completing a benefit–risk analysis for all risks, both individual and overall. The elements of ISO 14971 that require clarification and further guidance include benefit–risk analysis, managing cybersecurity risks and the correct interpretation and application of terms and definitions in ISO 14971, such as “harm” and “hazard.” Recommendations include making it a normative reference for other standards such as IT Networks, Cybersecurity, Artificial Intelligence and Machine Learning. Originality/value This study is the first of its kind, to the author's knowledge, to investigate ISO 14971 implementation and practice. It contributes to the theoretical literature on Risk Management within the MedTech (Medical Technology) industry, providing leaders with insights into how to overcome risk management compliance challenges and offering insights on improving the standard under ISO systematic review in the future.