ISO 14971, ISO/TR 24971, IEC 60812 and IEC 61025: how to choose the right risk analysis methods for medical devices
Medical devices regulation
Risk management is a fundamental pillar of medical device development. ISO 14971 has become the international reference standard for structuring this approach, both under the European MDR 2017/745 and FDA requirements. However, when it comes to implementing risk analysis in practice, many manufacturers face questions: which methods should be used? How to structure failure analyses? Which standard applies to FMEA or FTA? This is where ISO/TR 24971 provides valuable guidance, listing several recognized methodological approaches. Among them, three standards are frequently cited and sometimes misunderstood: IEC 60812, IEC 61025 and IEC 62502.
The "regulatory" foundation: ISO 14971 and ISO/TR 24971
ISO 14971:2019 is the global reference for risk management applied to medical devices. Its implementation is explicitly expected under MDR 2017/745 and FDA design requirements. ISO 14971 defines a systematic approach for identifying, evaluating, controlling, and monitoring risks throughout the device lifecycle. It outlines the key steps without prescribing a single analysis method. The companion document ISO/TR 24971:2020 provides practical recommendations. In Annex B, it lists several analysis methods: FMEA (IEC 60812), FTA (IEC 61025), and others depending on the case.
FMEA and IEC 60812: the basic approach
FMEA (Failure Modes and Effects Analysis) follows a bottom-up approach. The reference standard is IEC 60812:2018. This method is systematically used in medical device risk management. Typical applications include: design FMEA, process FMEA, software FMEA. FMEA results directly feed the Risk Management File under ISO 14971.
FTA and IEC 61025: for complex systems
FTA (Fault Tree Analysis) uses a top-down approach. The IEC 61025 standard defines this method for analyzing combined failure scenarios in complex or critical systems. Examples: active implantable devices, ventilators, embedded software with multiple sensors, surgical robotics.
IEC 62502: advanced reliability, rarely used in standard medical devices
IEC 62502:2010 is a complementary standard, rarely required in the medical device field. It may be used occasionally for advanced reliability analyses (power electronics, critical components).
Summary table
| Standard | Analysis method | Applications | Regulatory requirement |
| ISO 14971 | Global risk management | All medical devices | Mandatory |
| ISO/TR 24971 | Guidance document | Support to ISO 14971 | Highly recommended |
| IEC 60812 | FMEA | Design, process, software | Systematic |
| IEC 61025 | FTA | Complex systems | When applicable |
| IEC 62502 | Advanced reliability | Critical electronics | Rarely required |
Common mistakes to avoid
- Stacking methods without justification.
- Using FMEA alone without addressing combined scenarios.
- Overlooking risks introduced by risk control measures (ISO 14971 §7.4).
Best practices for manufacturers
- Justify the selected methods.
- Combine FMEA and FTA when appropriate.
- Document methodological consistency in the Risk Management File.
- Prepare answers for auditors (Notified Bodies, FDA).
Conclusion
The key competency is structuring an approach adapted to the device, not multiplying analyses. ISO 14971 provides the foundation, ISO/TR 24971 guides the methods, and IEC standards offer the right tools. CSDmed supports manufacturers in risk management and Risk Management File structuring compliant with MDR and FDA requirements.
You can also consult our article entitled "Understanding the Imperative of Risk Management Plan (RMP) in Medical Devices": https://www.csdmed.mc/en/news/medical-devices-regulation/understanding-the-imperative-of-risk-management-plan-rmp-in-medical-devices-65
FAQ
What is the difference between FMEA and FTA in medical devices?
FMEA analyzes individual failures (bottom-up). FTA models combined failures (top-down).
Which standard applies to FMEA in medical devices?
IEC 60812:2018 is the reference standard for FMEA.
Is IEC 62502 mandatory for CE marking?
No. It is optional for advanced reliability analysis.
When to use IEC 61025 in a medical device project?
For complex devices with critical system architecture and combined failure risks.
Need assistance?
CSDmed supports medical device manufacturers for:
- Selection and combination of analysis methods (FMEA, FTA, reliability).
- Risk Management File structuring.
- Preparation for Notified Body and FDA audits.
Contact us to discuss your projects.