Iso 22367-2020

INTERNATIONAL ISO
STANDARD 22367
First edition
2020-02
Medical laboratories — Application

of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion des
risques aux laboratoires de biologie médicale
Reference number
ISO 22367:2020(E)
© ISO 2020
ISO 22367:2020(E)
COPYRIGHT PROTECTED DOCUMENT

© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context o f its implementation, no part o f this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country o f the requester.
ISO copyright o ffice
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

ISO 22367:2020(E)
Contents Page
Foreword .......................................................................................................................................................................................................................................... v
Introduction ................................................................................................................................................................................................................................ vi
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 1
4 Risk management ................................................................................................................................................................................................ 8
4. 1 Ris k management p ro ces s ............................................................................................................................................................ 8
4. 2 M anagement res p o ns ib ilities ..................................................................................................................................................... 9
4. 3 Qualificatio n o f ..........................................................................................................................................................
p ers o nnel 10
4. 4 Ris k management p lan .................................................................................................................................................................. 10
4. 4. 1 ...................................................................................................................................................................................
General 10
4. 4. 2 f
S co p e o ...........................................................................................................................................................
the p lan 11
4. 4. 3 f
C o ntents o ...................................................................................................................................................
the p lan 11
4. 4. 4 Revis io ns to the p lan ................................................................................................................................................. 11
4. 4. 5 Ris k management do cumentatio n ................................................................................................................. 12
5 Risk analysis ........................................................................................................................................................................................................... 12

5 .1 ........................................................................................................................................................................................................
General 12
5 .2 Ris k analys is p ro ces s and do cumentatio n ................................................................................................................... 13
5 .3 I ntended medical lab o rato ry us e and reas o nab ly f o res eeab le mis us es ............................................. 13
5 .4 I dentificatio n o f characteris tics related to s a ety f .................................................................................................. 13
5 .5 I dentificatio n o f ..............................................................................................................................................................
hazards 13
5 .6 I dentificatio n o f p o tentially hazardo us s ituatio ns ................................................................................................ 14
5 .7 I dentificatio n o ff o res eeab le p atient harms ................................................................................................................ 14
5 .8 f
E s timatio n o f
the ris k(s ) o r each hazardo us s ituatio n ..................................................................................... 14
6 Risk evaluation .................................................................................................................................................................................................... 15

6.1 Ris k accep tab ility criteria ........................................................................................................................................................... 15
6.2 Ris k evaluatio n p ro ces s ................................................................................................................................................................ 16
7 Risk control ............................................................................................................................................................................................................. 16

7.1 Ris k co ntro l o p tio ns ......................................................................................................................................................................... 16
7.2 Ris k co ntro l verificatio n ............................................................................................................................................................... 17
7.3 f Ro le o s tandards in ris k co ntro l ........................................................................................................................................... 17
7.4 f Ro le o I VD medical devices in ris k co ntro l ................................................................................................................. 17
7.5 Ris ks aris ingf ro m ris k co ntro l meas ures ..................................................................................................................... 17
7.6 Res idual ris k evaluatio n ............................................................................................................................................................... 17
8 Benefit-risk analysis ...................................................................................................................................................................................... 18

9 Risk management review ......................................................................................................................................................................... 18
9.1 C o mp letenes s o f ...................................................................................................................................................
ris k co ntro l 18
9.2 f
Evaluatio n o overall res idual ris k ....................................................................................................................................... 18
9.3 Ris k management rep o rt ............................................................................................................................................................. 19
10 Risk monitoring, analysis and control activities .............................................................................................................. 19

1 0.1 S urveillance p ro cedure ................................................................................................................................................................. 19
1 0.2 I nternal s o urces o f f

ris k in o rmatio n ................................................................................................................................. 20
1 0.3 E xternal s o urces o f f
ris k in o rmatio n ................................................................................................................................ 20
1 0.4 I mmediate actio ns to reduce ris k ........................................................................................................................................ 20
Annex A (in fo rmative) Implementation of risk management within the quality
management system ...................................................................................................................................................................................... 22
Annex B (in fo rmative) Developing a risk management plan ................................................................................................... 32
Annex C (in fo rmative) Risk acceptability considerations ........................................................................................................... 34
© ISO 2020 – All rights reserved iii

ISO 22367:2020(E)
Annex D (informative) I d e n ti fi f
c a ti o n o c h a ra c te r i s ti cf s re .................................................................. 37
l a te d to s a e ty
Annex E (informative) Examples of hazards, foreseeable sequences of events and

hazardous situations ..................................................................................................................................................................................... 44
Annex F (informative) N fo n c o n o r m i ti e s p o te n ti a l l y l e a d i n g to s............................................... 52
i g n i fi c a n t r i s ks
Annex G (informative) Risk analysis tools and techniques ........................................................................................................ 60

Annex H (informative) Risk analysis of foreseeable user actions ....................................................................................... 65
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm ................................................................................................................................................................................................. 69
Annex J (informative) Overall residual risk evaluation and risk management review ................................ 75
Annex K (informative) C o n d u c ti n g a b e n e fi t- r i ......................................................................................................... 77
s k a n a l ys i s
Annex L (informative) Residual risk(s) .......................................................................................................................................................... 80

Bibliography ............................................................................................................................................................................................................................. 81
iv © ISO 2020 – All rights reserved

ISO 22367:2020(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation o f national standards
bodies (ISO member bodies). The work o f preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters o f
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the di fferent approval criteria needed for the
di fferent types o f ISO documents should be noted. This document was dra fted in accordance with the
editorial rules o f the ISO/IEC Directives, Part 2 (see www.iso .org/directives).
Attention is drawn to the possibility that some o f the elements o f this document may be the subject o f
patent rights. ISO shall not be held responsible for identi fying any or all such patent rights. Details o f
any patent rights identified during the development o f the document will be in the Introduction and/or
on the ISO list o f patent declarations received (see www.iso .org/patents).
Any trade name used in this document is in formation given for the convenience o f users and does not
constitute an endorsement.
For an explanation on the voluntary nature o f standards, the meaning o f ISO specific terms and
expressions related to con formity assessment, as well as in formation about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test system s.
This first edition cancels and replaces (ISO/TS 22367:2008) which has been technically revised. [It also
incorporates the Technical corrigendum ISO/TS 22367:2008/Cor.1:2009.]. The main changes compared
to the previous edition are as follows:
— Change in title to indicate this document focusses on the complete risk management cycle for all
processes in the medical laboratory. The part on continual improvement is le ft out;
— The numbering o f the clauses is in accordance with the formal risk management process as indicated
in Figure 1;
— The content is as far as possible in agreement with the approach used in ISO 14971 Medical devices
-Application o f risk management to medical devices;
— The relation with ISO 15189:2012 is indicated in Annex A in which Figure A.1 provides a flow chart
which indicates how to apply risk management in the laboratory;
— Addition o f 10 new annexes, all in formative, providing valuable in formation about the di fferent
processes in the risk management cycle without demanding more than justified for the specific
purpose;
— Annex F. provides an extensive list o f aspects which could be considered as source for risks in the
di fferent types o f medical laboratories.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing o f these bodies can be found at www.iso .org/members .html.
© ISO 2020 – All rights reserved v

ISO 22367:2020(E)
Introduction
This document provides medical laboratories with a framework within which experience, insight
and judgment are applied to manage the risks associated with laboratory examinations. The risk
management process spans the complete range o f medical laboratory services: pre-examination,
examination and post-examination processes, including the design and development o f laboratory
examinations.
ISO 15189 requires that medical laboratories review their work processes, evaluate the impact o f
potential failures on examination results, modi fy the processes to reduce or eliminate the identified
risks, and document the decisions and actions taken. This document describes a process for managing
these sa fety risks, primarily to the patient, but also to the operator, other persons, equipment and other
property, and the environment. It does not address business enterprise risks, which are the subject o f
ISO 31000.
Medical laboratories o ften rely on the use o f in vitro medical devices to achieve their quality objectives.
Thus, risk management has to be a shared responsibility between the IVD manu facturer and the medical
laboratory. Since most IVD manu facturers have already implemented ISO 14971:2007, “Medical devices
-Application o f risk management to medical devices,” this standard has adopted the same concepts,
principles and framework to manage the risks associated with the medical laboratory.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety o f
hazards, which can lead directly or indirectly to varying degrees o f harm. The concept o f risk has two
components:
a) the probability o f occurrence o f harm;
b) the consequence o f that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder may place a di fferent value on the risk o f
harm. Alignment o f this standard with ISO 14971 and the guidance o f the Global Harmonization Task
Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD
manu facturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit o f
patients, laboratories and the public health.
Medical laboratories have traditionally focused on detecting errors, which are o ften the consequence o f
use errors during routine activities. Use errors can result from a poorly designed instrument inter face,
or reliance on inadequate in formation provided by the manu facturer. They can also result from
reasonably foreseeable misuse, such as intentional disregard o f an IVD manu facturer’s instructions
for use, or failure to follow generally accepted medical laboratory practices. These errors can cause
or contribute to hazards, which may mani fest themselves immediately as a single event, or may be
expressed multiple times throughout a system, or may remain latent until other contributory events
occur. The emerging field o f usability engineering addresses all o f these ‘human factors’ as preventable
‘use errors.’ In addition, laboratories also have to contend with occasional failures o f their IVD medical
devices to per form as intended. Regardless o f their cause, risks created by device mal functions and use
errors can be actively managed.
Risk management inter faces with quality management at many points in ISO 15189, in particular
complaint management, internal audit, corrective action, preventive action, sa fety checklist, quality
control, management review and external assessment, both accreditation and proficiency testing.
Management o f risk also coincides with the management o f sa fety in the medical laboratories, as
exemplified by the sa fety audit checklists in ISO 15190.
Risk management is a planned, systematic process that is best implemented through a structured
framework. This standard is intended to assist medical laboratories with the integration o f risk
management into their routine organization, operation and management.
vi © ISO 2020 – All rights reserved

INTERNATIONAL STANDARD ISO 22367:2020(E)
Medical laboratories — Application of risk management to

medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identi fy and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations.
The process includes identi fying, estimating, evaluating, controlling and monitoring the risks.
The requirements o f this document are applicable to all aspects o f the examinations and services o f
a medical laboratory, including the pre-examination and post-examination aspects, examinations,
accurate transmission o f test results into the electronic medical record and other technical and
management processes described in ISO 15189.
This document does not speci fy acceptable levels o f risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document does not apply to the management o f risks a ffecting medical laboratory enterprises that
are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative re ferences in this document.
3 Terms and definitions

For the purposes o f this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso .org/obp
— IEC Electropedia: available at http://www.electropedia .org/
3.1
benefit
impact or desirable outcome o f a process (3.19), procedure (3.17) or the use o f a medical device on the
health o f an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation o f li fe, reduction o f pain, (relie f o f symptoms), improvement in
function, or an increased sense o f well-being.
3.2
event
occurrence or change o f a particular set o f circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist o f something not happening.
Note 3 to entry: An event can sometimes be re ferred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be re ferred to as a “near miss”, “incident”, “near hit” or
“close call”.
© ISO 2020 – All rights reserved 1

ISO 22367:2020(E)
[SOURCE: ISO Guide 73:2009, 3.5.1.3]

3.3
examination
set o f operations having the object o f determining the value or characteristics o f a property
Note 1 to entry: In some disciplines (e.g., microbiology) an examination is the total activity o f a number o f tests,
observations or measurements.
Note 2 to entry: Laboratory examinations that determine a value o f a property are called quantitative
examinations; those that determine the characteristics o f a property are called qualitative examinations.
Note 3 to entry: Laboratory examinations are also o ften called assays or tests.
[SOURCE: ISO 15189:2012, 3.7]
3.4
frequency
number ofevents (3.2 ) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events (3.2 ) or to potential future events (3.2 ), where it can be
used as a measure o f likelihood or probability (3.18 )
[SOURCE: ISO Guide 73:2009, 3.6.1.5]
3.5
harm
injury or damage to the health o f people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.6
hazard
source o f potential harm (3.5 )
[SOURCE: ISO Guide 73:2009, 3.5.1.4, modified – Note 1 to entry has been deleted.]
3.7
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.6)
3.8
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician,
laboratory technologist, biomedical laboratory scientist medical assistant, medical specialist, respiratory care
practitioner.
[SOURCE: ISO 18113-1:2009, 3.23]
3.9
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design, manu facture, packaging, or labelling (3.12 ) of
an IVD medical device (3.10), assembling a system, or adapting an IVD medical device (3.10 )before it is
placed on the market or put into service, regardless o f whether these operations are carried out by that
person or on that person's behal f by a third party
Note 1 to entry: Provisions o f national or regional regulations can apply to the definition o f manu facturer.
2 © ISO 2020 – All rights reserved

ISO 22367:2020(E)
[SOURCE: ISO 14971:2007, 2.8, modified – “manu facturer” has been changed to “in vitro diagnostic
manu facturer”.“A medical device” has been changed to “an IVD medical device ” (3.10). “Attention is
drawn to the fact that” has been deleted in Note 1 to entry. In addition, Note 2 to entry has been deleted.]
3.10
in vitro diagnostic medical device
IVD medical device
device, whether used alone or in combination, intended by the manu facturer for the in vitro examination
(3.3 )
o f specimens derived from the human body solely or principally to provide in formation for
diagnostic, monitoring or compatibility purposes and including reagents, calibrators, control materials,
specimen receptacles, so ftware, and related instruments or apparatus or other articles
[SOURCE: ISO 18113-1:2009, 3.27]
3.11
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manu facturer to be used as an IVD medical device (3.10)
[SOURCE: ISO 18113-1:2009, 3.26]
3.12
information supplied by the manufacturer
labelling
written, printed or graphic matter
— a ffixed to an IVD medical device (3.10) or any o f its containers or wrappers or
— provided for use with an IVD medical device (3.10),
related to identification and use, and giving a technical description, o f the IVD medical device (3.10), but
excluding shipping documents
EXAMPLE Labels, instructions for use (3.13 ).
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important
in formation for the responsible organization or operator, particularly regarding sa fety, are called “accompanying
documents”.
Note 2 to entry: Catalogues and material sa fety data sheets are not considered labelling o f IVD medical devices (3.10).
[SOURCE: ISO 18113-1:2009, 3.29]
3.13
instructions for use
information supplied by the manufacturer (3.12) to enable the sa fe and proper use of an IVD medical
(
device 3.10 )
Note 1 to entry: Includes the directions supplied by the manu facturer for the use, maintenance, troubleshooting
and disposal o f an IVD medical device (3.10), as well as warnings and precautions.
[SOURCE: ISO 18113-1:2009, 3.30]
3.14
intended use
intended purpose
objective intent o f an IVD manufacturer (3.9) regarding the use o f a product, process (3.19) or service (3.37)
as reflected in the specifications, instructions and in formation supplied by the IVD manufacturer (3.9)
Note 1 to entry: Intended use statements for IVD labelling (3.12) can include two components: a description o f
the functionality o f the IVD medical device (3.10) (e.g., an immunochemical measurement procedure (3.17 ) for the
detection o f analyte “x” in serum or plasma), and a statement o f the intended medical use o f the examination (3.3)
results.
ISO 22367:2020(E)
[S O U RC E : I S O 1 811 3 -1 : 2 0 0 9, 3 . 3 1 , mo d i fie d — No te 2 h as b e en dele te d .]
3.15
laboratory management
p ers on(s) who d i re c t a nd manage the ac tivitie s o f a lab orator y
N o te 1 to entr y: T he ter m ‘l ab o rato r y m a n agement’ is s ynonymou s with the ter m ‘to p m a n agement’ in
I S O 9 0 0 0 : 2 0 1 5 , 3 .1 .1 .
[S O U RC E : I S O 1 51 8 9 : 2 01 2 , 3 .10]
3.16
likelihood
chance o f s ome th i ng happ en i ng
N o te 1 to entr y: I n ri s k m a n agement ter m i no lo g y, the word “ l i kel i ho o d” i s u s e d to re fer to the ch a nce o f s o me th i n g
happ en i ng , whe ther de fi ne d, me a s u re d or de ter m i ne d ob j e c tivel y or s ub j e c tivel y, qu a l itati vel y or qu a ntitativel y,
a nd de s c r ib e d u s i n g genera l ter m s or m athem atic a l l y (s uch a s a probability ( 3 .1 8 ) or a frequency ( 3 . 4) over a
given time period).

N o te 2 to entr y: T he E n gl i s h l a ngu age ter m “l i kel i ho o d” do e s no t h ave a d i re c t e qu i va lent i n s o me l a n gu age s;
i n s te ad , the e qu i va lent o f the ter m “ probability ” (3 .1 8 ) i s o ften u s e d . H owever, i n E ngl i s h , “ probability ” (3 .1 8 ) is

o ften n a r rowl y i nter pre te d a s a m athem atic a l ter m . T here fo re , i n r i s k m a n agement ter m i nolo g y, “ l i kel i ho o d”
i s u s e d with the i ntent th at it s hou ld h ave the s a me b ro ad i nter pre tatio n a s the ter m “ probability ” (3 .1 8 ) h a s i n
ma ny l a ng u age s o ther th a n E n gl i s h .
[S O U RC E : I S O Gu ide 7 3 : 2 0 0 9, 3 . 6 .1 .1]
3.17
procedure
s p e c i fie d way to c arr y out an ac tivity or a process ( 3 .19 )
N o te 1 to entr y: P ro ce du re s c a n b e do c u mente d or no t.
[S O U RC E : I S O 9 0 0 0 : 2 01 5 , 3 .4. 5 ]
3.18
probability
me a s ure o f the ch ance o f o cc u rrence e xpre s s e d as a nu mb er b e twe en 0 a nd 1 , where 0 i s i mp o s s ibi l ity
and 1 i s ab s olute cer tai nty
N o te 1 to entr y: S e e de fi n itio n o f likelihood ( 3 .1 6 ) , N o te 2 to entr y.
[S O U RC E : I S O Gu ide 7 3 : 2 0 0 9, 3 . 6 .1 .4]
3.19
process
s e t o f i nterrelate d or i nterac ti ng ac tivitie s th at u s e i nputs to del iver a n i ntende d re s u lt
N o te 1 to entr y: W he ther the “i ntende d re s u lt” o f a pro ce s s i s c a l le d output, pro duc t o r service (3.37) depends on
the conte x t o f the re ference .
[S O U RC E : I S O 9 0 0 0 : 2 01 5 , 3 .4.1 , mo d i fie d — No te 2 to entr y to No te 6 to entr y h ave b e en dele te d .]
3.20
reasonably foreseeable misuse
us e o f a pro duc t, process 3 .19 (
service ) or (3.37 ) i n a way no t i ntende d b y the s uppl ier, but wh ich may
re s u lt from re ad i ly pre d ic tab le hu man b ehaviour
N o te 1 to entr y: Re ad i l y pre d ic tab le hu m a n b eh avio u r i nclude s the b eh aviou r o f a l l typ e s o f i ntende d users ( 3 . 42 ).
N o te 2 to entr y: I n the co nte x t o f con s u mer s a fe ty, the ter m “re a s on ab l y fo re s e e ab le u s e” i s i nc re a s i n gl y u s e d a s a
s yno nym for b o th “ intended use ” (3 .14) a nd “re a s on ab l y fore s e e ab le m i s u s e .”

ISO 22367:2020(E)
Note 3 to entry: Applies to use o f examination (3.3 ) results by a healthcare provider (3.8) contrary to the intended
use ( 3.14), as well as use o f IVD medical devices (3.10) by the laboratory contrary to the instructions for use (3.13 ).
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use o f the device in a way not intended by the
manu facturer.
Note 5 to entry: Adapted from ISO Guide 63:2012, 2.8, to apply to medical laboratories.
Note 6 to entry: Misuse is intended to mean incorrect or improper per formance o f an examination (3.3) procedure
(3.17) or any procedure (3.17) critical for patient sa fety.
[SOURCE: ISO/IEC Guide 51:2014, 3.7, modified — “a product or system” has been changed to “a product,
process (3.19)or service ” (3.37 ), and “can” has been changed to “may”. In addition, “Note 3 to entry to
Note 6 to entry” have been added.]
3.21
record
document stating results achieved or providing evidence o f activities per formed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence o f verification
(3.44), preventive action and corrective action.
Note 2 to entry: Generally records need not be under revision control.
[SOURCE: ISO 9000:2015, 3.8.10]
3.22
residual risk
risk (3.23
) remaining a fter risk (3.23 ) control measures have been taken
3.23
risk
combination of the probability (3.18 ) of occurrence of harm (3.5) and the severity (3.38) of that harm (3.5 )
Note 1 to entry: In standards that focus on management o f risks to a business enterprise, such as ISO 31000, risk
is defined as “the e ffect o f uncertainty on objectives.” ISO 14971 and this document have retained the definition
from ISO/IEC Guide 51:1999 because they are externally focused on risks to the sa fety o f patients and other
persons.
3.24
risk analysis
systematic use o f available in formation to identi fy hazards (3.6 ) and to estimate the risk (3.23)
Note 1 to entry: Risk analysis includes examination (3.3 ) o f di fferent sequences o f events (3.2 ) that can produce
hazardous situations (3.7 ) and harm (3.5 ).
[SOURCE: ISO/IEC Guide 51:2014, 3.10, modified — Note 1 to entry has been added.]
3.25
risk assessment
(
overall process 3.19) comprising a risk analysis (3.24) and a risk evaluation (3.28 )
3.26
risk control
(
process 3.19) in which decisions are made and measures implemented by which risks (3.23 ) are reduced
to, or maintained within, specified levels
ISO 22367:2020(E)
3.27
risk estimation
(
process 3 .19) u s e d to a s s ign va lue s to the probability ( 3 .1 8 ) of occurrence of harm ( 3 . 5 ) and the severity
(3 . 3 8) o f that harm 3 . 5 ( )
[S O U RC E : I S O/I E C Gu ide 6 3 : 2 01 2 , 2 .1 3 ]
3.28
risk evaluation
(
process 3 .19) o f comp ari ng the e s ti mate d risk (3.23 ) agai n s t given ri sk criteri a to de term i ne the
accep tabi l ity o f the risk (3.23)

[S O U RC E : I S O/I E C Gu ide 6 3 : 2 01 2 , 2 .14]
3.29
risk management
s ys tematic appl ic ation o f management p ol icie s , procedures ( 3 .17 ) and prac tice s to the ta s ks o f a na lys i ng ,
eva luati ng , control l i ng a nd monitori ng risk (3.23)

[S O U RC E : I S O/I E C Gu ide 6 3 : 2 01 2 , 2 .1 5 ]
3.30
risk management documentation
set of (
records 3 . 2 1) and o ther do c u ments that a re pro duce d b y risk management ( 3.29 )
[S O U RC E : I S O 149 71 : 2 0 0 7, 2 . 2 3 ]
3.31
risk management plan
s cheme s p e c i fyi ng the appro ach , the management comp onents and re s ou rce s to b e appl ie d to the
ma nagement o f risk (3.23)

[S O U RC E : I S O 3 10 0 0 : 2 0 0 9, 2 . 6 ]
3.32
risk management policy
s tatement o f the overa l l i ntention s and d i re c tion o f a n orga n i z ation rel ate d to risk management ( 3.29 )
[S O U RC E : I S O Gu ide 7 3 : 2 0 0 9, 2 .1 . 2 ]
3.33
risk matrix
to ol for ran ki ng a nd d i s playi ng risks (3.23 ) b y defi n i ng range s for con s e quence and likelihood ( 3 .16 )
[S O U RC E : I S O Gu ide 7 3 : 2 0 0 9, 3 . 6 .1 .7 ]
3.34
risk monitoring
surveillance
conti nua l che cki ng , c ritic a l ly ob s er vi ng or de term i n i ng the s tatu s i n order to identi fy change from the
risk (3.23 ) level re qu i re d or exp e c te d
[S O U RC E : I S O Gu ide 7 3 : 2 0 0 9, 3 . 8 . 2 .1 , mo d i fie d — “M on itori ng” h as b e en cha nge d to “ri sk mon itori ng”.
“Sup er vi s i ng” h as b e en dele te d , and “p er formance” ha s b e en change d to“ risk ” ( 3.23 ) I n add ition, No te 1
to entr y h as b e en dele te d .]
3.35
risk reduction
ac tio n s ta ke n to le s s e n the probability ( 3 .1 8 ) o r ne gati ve c o n s e que nce s o r b o th , a s s o c i ate d w i th a
risk (3.23)
[S O U RC E : I S O 2 2 3 0 0 : 2 01 8 , 3 . 2 10]

ISO 22367:2020(E)
3.36
safety
reedom from unacceptable risk (3.22)
f

3.37
service
<laboratory medicine> activity per formed by a medical laboratory for the benefit (3.1) o f patients and
the healthcare providers (3.8) responsible for the care of those patients
Note 1 to entry: Medical laboratory services include arrangements for examination (3.3 ) requests, patient
preparation, patient identification, collection o f samples, transportation, storage, processing and examination
(3.3 ) o f clinical samples, together with subsequent interpretation, reporting and advice, in addition to the
considerations o f safety (3.36 ) and ethics in medical laboratory work.
Note 2 to entry: Adapted from ISO 15189:2012, Introduction.
3.38
severity
measure o f the possible consequences o f a hazard (3.6)
3.39
stakeholder
person or organization that can a ffect, be a ffected by, or perceive themselves to be a ffected by a decision
or activity
Note 1 to entry: A decision maker can be a stakeholder.
[SOURCE: ISO Guide 73:2009, 3.2.1.1]
3.40
state of the art
developed stage o f technical capability at a given time as regards products, processes (3.19) and services
(3.37 ), based on the relevant consolidated findings of science, technology and experience
Note 1 to entry: The state o f the art embodies what is currently and generally accepted as good practice. The state
o f the art does not necessarily imply the most technologically advanced solution. The state o f the art described
here is sometimes re ferred to as the “generally acknowledged state o f the art”.
3.41
use error
<laboratory medicine> user (3.42) action or lack o f user (3.42) action while per forming a laboratory
examination (3.3 ) or using an IVD medical device (3.10) or per forming any task in any procedure (3.17 )
that leads to a di fferent result than that intended by the laboratory or manu facturer or expected by the
user (3.42 )
Note 1 to entry: Use error includes the inability o f the user (3.42) to complete a task.
Note 2 to entry: Use errors can result from a mismatch between the characteristics o f the user (3.42), user
inter face, task, or use environment.
Note 3 to entry: Users (3.42) might be aware or unaware that the use error has occurred.
Note 4 to entry: An unexpected physiological response o f the patient is not by itsel f considered use error.
Note 5 to entry: A mal function o f an IVD medical device that causes an unexpected result is not considered a
use error.

ISO 22367:2020(E)
Note 6 to entry: Use error includes the use o f an examination (3.3 ) result for an unintended target group or for an
unintended diagnostic or patient management purpose.
Note 7 to entry: The term was chosen over “user error”, “human error” or “laboratory error” because not all
causes o f error are partially or solely due to the user (3.42). Use errors are o ften the result o f poorly designed user
(3.42) inter face or processes (3.19), or, inadequate instructions for use (3.13 ).
[SOURCE: ISO/IEC 62366-1:2015, 3.21 modified — “(laboratory medicine)” has been added. “Per forming
a laboratory examination (3.3) or”, “an IVD” and “laboratory or” have also been added. Note 6 to entry
was deleted. A new Note 6 to entry and a Note 7 to entry were added.]
3.42
user
individual responsible for an action that is intended to lead to a desired outcome
Note 1 to entry: Although such individuals are o ften laboratory personnel that are expected to be trained and
competent to per form the action, this term is not limited to such personnel
Note 2 to entry: The use o f this term is not intended to imply that a device is utilized for the action; it is used as a
general term to include any individual that has a role in producing the desired outcome.
3.43
validation
confirmation, through the provision o f objective evidence, that the requirements for a specific intended
use(3.14) or application have been fulfilled
Note 1 to entry: The objective evidence needed for a validation is the result o f a test or other form o f determination
such as per forming alternative calculations or reviewing documents.
Note 2 to entry: The word “validated” is used to designate the corresponding status.
Note 3 to entry: The use conditions for validation can be real or simulated.
[SOURCE: ISO 9000:2015, 3.8.13]
3.44
verification
confirmation, through the provision o f objective evidence, that specified requirements have been
fulfilled
Note 1 to entry: The objective evidence needed for a verification can be the result o f an inspection or o f other
forms o f determination such as per forming alternative calculations or reviewing documents.
Note 2 to entry: The activities carried out for verification are sometimes called a qualification process (3.19 ).
Note 3 to entry: The word “verified” is used to designate the corresponding status.
[SOURCE: ISO 9000:2015, 3.8.12]
4 Risk management
4.1 Risk management process

The medical laboratory shall establish, document, implement and maintain a process for identi fying
hazards associated with its examinations and services, estimating and evaluating the associated risks,
controlling these risks, and monitoring the e ffectiveness o f the controls. This process shall include the
following elements:
— risk management plan;
— risk analysis;

ISO 22367:2020(E)
— risk evaluation;
— risk control;
— risk management review and;
— risk monitoring.
Where a documented quality management system exists, such as that described in ISO 15189, it shall
incorporate risk management into the appropriate parts.
NOTE 1 Annex A provides additional guidance for using a documented quality management system, such
as is required in ISO 15189, to address patient sa fety in a systematic manner, in particular to enable the early
identification o f hazards and hazardous situations in order to implement appropriate risk control measures.
NOTE 2 Annex H o f ISO/TR 24971:2019 [2 ] 1) provides guidance on risk management for in vitro diagnostic
medical devices.
NOTE 3 A schematic representation o f the risk management process is shown in Figure 1 .
4.2 Management responsibilities

The medical laboratory management shall show evidence o f its commitment to the risk management
process by providing adequate resources and qualified personnel for risk management to ensure
con formance to this document (see 4.3 ).
The laboratory management shall:
— define and document the laboratory’s risk management policy, including the policy for determining
risk acceptability (see 6.1);
— approve all risk assessments and risk management reports;
— review the suitability o f the risk management process at planned intervals to ensure its continuing
e ffectiveness, and document any decisions and actions taken during the review. This review may be
part o f the quality management system review.
The laboratory shall retain records for each activity required in this standard. The records shall be
retrievable and available for review as needed.
NOTE The required documentation and records can be incorporated within the documentation produced by
the laboratory’s quality management system.
1) Under preparation. Stage at the time o f publication: ISO/DTR 24971:2019.

ISO 22367:2020(E)
Figure 1 — Schematic representation of the risk management process
4.3 Qualification o f personnel

Pers on s p er form i ng ri s k management tas ks sha l l have the knowle dge a nd e xp erience for the tas ks
as s igne d to them . T h i s knowle dge and e xp erience s ha l l i nclude, where appropri ate, the pro ce s s and
pro ce dure s to b e as s e s s e d i nclud i ng p ar tic u la r me d ic a l lab orator y exa m i nation s; the me d ic a l u s e s o f
the e xam i nation re s u lts; and the te ch n ique s u s e d to a s s e s s the ri sks .
Ri s k management tas ks may b e p er forme d by a te a m o f repre s entative s o f s evera l fu nc tion s o f the
lab orator y, e ach contributi ng thei r s p e ci fic knowle dge and e xp er ti s e .
Re cord s sh a l l b e mai ntai ne d to do c u ment p ers on nel qua l i fic ation s .
4.4 Risk management plan
4.4.1 General
Ri s k management ac tivitie s sha l l b e plan ne d . T he ri sk management pl an(s) s ha l l b e i n accordance
with the ri sk management pro ce s s de s crib e d i n th i s do c u ment. T here fore, the me d ic a l lab orator y
sha l l e s tabl i s h, do c u ment, a nd i mplement one or more ri s k ma nagement plan s for the s er vice s or
exam i nation s p er forme d b y the lab orator y.

ISO 22367:2020(E)
4.4.2 Scope of the plan
The scope o f the plan or plans shall be determined by laboratory management. A risk management
plan may be created, for example, for technical and management processes, for specific pre- and
post-examination aspects, for one or more examinations per formed by a particular IVD system, for a
particular examination developed by the laboratory, or for all o f the examinations per formed by the
laboratory in which risks could be identified and assessed.
The scope o f the plan and the extent o f the risk management activities required shall be proportional
to the risks associated with the examinations. Factors that should be considered include but are not
limited to:
a) relevant quality specifications;
b) medical decision levels and critical values;
c) patient populations;
d) reliability o f the measurement system and measurement uncertainty;
e) per formance characteristics (precision, bias, specificity, etc.);
f ) pre-examination contact with the patient (e.g., phlebotomy); and
g) clinical use o f the examination results (e.g., screening, diagnostic, confirmatory tests).
Unless specified otherwise and justified, the risk management plans for medical laboratory
examinations shall include pre- and post-examination aspects and the processes that are identified as
presenting a risk to patients or other persons.
4.4.3 Contents of the plan
Each risk management plan shall include at least the following:

a) description o f the examinations and services, any IVD medical devices involved, and all relevant
pre- and post-examination aspects within the scope o f the plan;
b) assignment o f responsibilities and authorities;
c) requirements for review o f risk management activities;
d) criteria for individual and overall risk acceptability, based on the laboratory‘s policy for determining
acceptable risk;
e) risk control verification and monitoring activities.
NOTE Refer to Annex C for guidance on risk acceptability considerations, and Annex B for guidance on
establishing risk acceptability criteria.
4.4.4 Revisions to the plan
The plan shall be updated i f significant changes occur that could a ffect the risk assessment. A record o f
changes to the plan shall be maintained.
NOTE Examples o f significant changes that could a ffect the risk assessment include:
a) modification o f laboratory facilities or utilities;
b) introduction o f new policies, procedures or work instructions;
c) acquisition, purchase or introduction o f new equipment, including laboratory in formation systems;
d) introduction o f new examinations or services, or change in service delivery level;

ISO 22367:2020(E)
e) change to a di fferent vendor;

f ) development o f in-house examinations;
g) modification o f existing examination procedures;
h) any other changes that could a ffect characteristics related to user or patient sa fety.
4.4.5 Risk management documentation
For each examination procedure or service, or group o f related examinations or services within scope
o f the plan, the laboratory shall establish and maintain risk management documentation. In addition to
the requirements o f other clauses o f this document, the risk management documentation shall provide
traceability for each identified hazard to:
— the risk analysis;
— the risk evaluation;
— the implementation and verification o f the risk control measures; and
— the assessment o f the acceptability o f any residual risk(s).
The risk management documentation may be in any form or type o f medium.
To enhance the laboratory’s ability to gather all risk management documentation, a virtual risk
management file may be designated. While this risk management file may not physically contain all
the records and other documents, it needs to contain at least re ferences or pointers to all required
documentation (e.g., in a controlled index).
Compliance with the requirements o f this document is assessed by inspection o f the risk management
documentation. All components o f this document should be addressed and recorded in this
documentation.
5 Risk analysis
5.1 General
The scope o f the risk analysis may be broad (e.g., for the development o f a new examination with which
a laboratory has little or no experience), or the scope may be limited (e.g., for analysing the impact
o f a change to an existing examination procedure for which much in formation already exists in the
laboratory, for analysing the risk associated with a specific examination procedural failure or IVD
medical device mal function, or for analysing specific aspects o f a laboratory examination, such as
sample collection and transportation, or reporting examination results).
I f an examination procedure involves an IVD medical device, andi f the IVD manu facturer followed a
risk management process in con formance with ISO 14971, the laboratory’s risk analysis may start, but
should not be limited to, the residual risks disclosed by the IVD manu facturer.
I f a risk analysis, or other relevant in formation, is available for a similar examination procedure or
service, that analysis or in formation may be used as a starting point for the new analysis. The degree o f
relevance depends on the di fferences between the examinations or services. The extent that an existing
risk analysis can be used should be based on a systematic evaluation o f whether these di fferences could:
— significantly a ffect the outputs, characteristics, per formance or results;
— cause the introduction o f new hazards;
— lead to the development o f new hazardous situations.
NOTE 1 Some risks which can occur in medical laboratory examinations are described in Annexes D, E and F.

ISO 22367:2020(E)
NOTE 2 Some risk analysis techniques are described in Annex G and H.
5.2 Risk analysis process and documentation

A risk analysis shall be per formed for each examination procedure or service within the scope as
described in 5.3 to 5.8. The implementation of the planned risk analysis activities and the results of the
risk analysis shall be recorded. (see 4.4.5 )
In addition to the records required in 5.3 to 5.8, the documentation o f the conduct and results o f the
risk analysis shall include at least the following:
a) a description and identification o f the subject(s) o f the risk analysis (e.g., the examinations and
IVD medical devices, including the processes o f delivering samples, per forming quality control and
reporting the results);
b) identification o f the persons who carried out the risk analysis, their expertise and the dates o f the
analysis;
c) scope o f the risk analysis (see 4.4.2);
d) approval.
5.3 Intended medical laboratory use and reasonably foreseeable misuses

For the particular examination or service being considered, the laboratory shall document the intended
medical laboratory uses and any reasonably foreseeable misuses.
NOTE Misuse is intended to mean incorrect or improper per formance o f an examination, procedure or any
procedure critical for patient sa fety.
5 . 4 I d e n ti fi c a ti o n o f c h a ra c te r i s ti c s re l a te d to s a f
e ty
For the particular examination being considered, the laboratory shall identi fy and document those
qualitative and quantitative characteristics that could a ffect the sa fety o f the patient, and where
appropriate, their defined limits.
EXAMPLES diagnostic specificity, diagnostic sensitivity, measurement specificity, measurement
precision, measurement bias, analytical inter ference, reagent stability, analyte stability, sterility (for
phlebotomy services), biological re ference intervals.
NOTE Annex D, contains a series o f questions that can serve as a guide in identi fying the characteristics o f
the examination and any IVD medical devices involved that could have an impact on sa fety.
5 . 5 I d e n ti fi c a ti o n o f h a z a r d s
The laboratory shall identi fy and document known and foreseeable hazards associated with the
examination and other critical processes and their causes (e.g., potential failure modes and use errors).
Hazards in both normal use (i.e., correct use and use errors),reasonably foreseeable misuse and fault
conditions shall be addressed.
For examinations involving the use o f an IVD medical device, the laboratory may obtain in formation
from the IVD manu facturer about potential hazards that were identified but not fully eliminated during
the manu facturer’s risk management process.
NOTE 1 The most common hazards to patients from medical laboratory examinations are incorrect results,
misidentified results and delayed results. The examples o f possible hazards in Annex E can be used as guidance
when identi fying hazards to laboratory workers, service personnel and other persons.
NOTE 2 Annex F can be used to obtain in formation on the di fferent steps where noncon formities can lead
to errors in di fferent steps (pre-examination, examination and post-examination) and for di fferent medical
laboratory disciplines.

ISO 22367:2020(E)
NOTE 3 Sources that can help identi fy the potential causes o f hazards include laboratory investigations
o f complaints, noncon formities, use errors and incidents, as well as the IVD manu facturer involved. IVD
manu facturers that follow ISO 14971 are required to disclose significant residual risks to laboratory users.
5 . 6 I d e n ti fi c a ti o n o f p o te n ti a l l y h a z a rd o u s s i tu a ti o n s
Reasonably foreseeable sequences or combinations o f events that can lead to a hazardous situation
shall be considered and the resulting hazardous situation(s) shall be recorded. The decision regarding
which event in the sequence o f events exposes a patient to the possibility o f harm (i.e., a hazardous
situation) should be made by the laboratory to suit the risk analysis.
NOTE 1 Sources o f in formation about potential hazardous situations associated with medical laboratory
examinations or services include the manu facturer(s) o f any medical device used, the medical and scientific
literature, experience with similar examinations, expert medical or scientific opinion, and consensus positions
o f medical laboratory associations. Re fer to Annexes E and F for guidance for developing the list o f hazardous
situations.
NOTE 2 An incorrect result received by a healthcare provider can be considered the event that creates a
hazardous situation for a patient, since subsequent medical decisions and actions that could harm the patient
are beyond any reasonable means o f risk control by the laboratory. Examples o f other hazardous situations are
provided in Annex E .
NOTE 3 Hazardous situations can arise from use errors in the per formance o f laboratory examinations, either
from a laboratory worker choosing to do something or failing to do something. Re fer to Annex H for guidance on
identi fying and classi fying use errors for risk analysis.
5 . 7 I d e n ti fi c a ti o n o ff o re s e e a b l e p a ti e n t h a r m s
Reasonably foreseeable harms that could result from each hazardous situation shall be identified
and classified along with the severity o f each harm. This process and the identified harms, shall be
documented.
NOTE Sources o f in formation about foreseeable patient harms that could be caused by incorrect or delayed
examination results include medical literature, experience with similar examinations, expert medical opinion
and consensus positions o f pro fessional medical societies. Re fer to Annex E for guidance for developing the list o f
foreseeable patient harms.
5.8 Estimation of the risk(s) for each hazardous situation

For each identified hazardous situation, the associated risk(s) shall be estimated using available
in formation or data. Risk estimation may be quantitative or qualitative and will need to focus on the
whole process rather than individual components o f the situation.
NOTE 1 Methods o f risk estimation, including those resulting from systematic faults, are described in
Annex I, which gives examples o f probability and severity scales based on quantitative, semi-quantitative or
qualitative levels.
I f the likelihood o f the occurrence o f harm cannot be estimated, for example in the case o f so ftware
de fects or other systemic faults, the possible consequences should be listed for use in risk evaluation
and risk control.
NOTE 2 In formation or data for estimating risks can be obtained, for example, from:
a) external quality assessment results;
b) relevant failure investigations;
c) use error and noncon formity reports;
d) complaints received from laboratory customers;
e) usability evaluations involving typical users;

ISO 22367:2020(E)
f ) experience with similar examinations, including publicly available incident data;

g) per formance and reliability specifications for IVD medical devices;
h) product technical literature and disclosure o f residual risks from IVD manu facturers;
i) medical literature and published clinical evidence;
j) published standards and medical practice guidelines;
k) expert scientific, engineering or medical opinion;
l) scientific, technical or clinical per formance evaluations.
6 Risk evaluation
6.1 Risk acceptability criteria

The laboratory shall define, approve and document risk acceptability criteria for individual risks and
the overall residual risk in the appropriate risk management plan.
NOTE 1 Established criteria for risk acceptability are essential for the e ffectiveness o f the risk management
process.
The risk acceptability criteria shall:
— be determined according to the laboratory’s policy for determining risk acceptability criteria;
— be based on applicable national or regional regulations, applicable sa fety standards, and relevant
medical practice standards;
— take into account the generally accepted state o f the art and known stakeholder concerns;
— be approved by the laboratory director.
NOTE 2 It is not necessary to apply the same risk acceptability criteria for all examinations or services
per formed by the laboratory. The criteria can di ffer based on the intended use or other factors.
For individual risks, the acceptability criteria may be documented in a matrix to indicate the
combinations o f probability o f occurrence and severity o f harm that are acceptable or unacceptable.
NOTE 3 See guidance on risk acceptability considerations and examples in Annex C .
Such a matrix may be further subdivided into zones that indicate which risks are considered negligible
and which risks are acceptable i f the risks are minimized (i.e., the risks are first reduced as far as
reasonably possible).
NOTE 4 See guidance and examples in Annexes B.5 and C for determining endpoints for risk reduction.
Considerations in establishing overall residual risk acceptability criteria may include:
— compliance with required regulations such as National Quality Regulations;
— laboratory accreditation to standards o f quality and competence;
— participation in recognized proficiency testing schemes;
— whether in formed consent is required.

ISO 22367:2020(E)
The laboratory shall determine and document acceptability criteria for evaluating the overall
residual risk.
NOTE 5 Annex J describes three criteria that can be the basis for evaluating acceptability o f the overall residual
risk: a) The risk associated with an examination procedure or laboratory service compares favourably to similar
examination procedures or laboratory processes already in use. b) The medical benefits o f the examination
procedure or laboratory service outweigh the overall residual risk. c) The overall residual risk has been reduced
as far as reasonably feasible and verification o f the risk control measures demonstrates that they are e ffective.
6.2 Risk evaluation process

For each identified hazardous situation, the laboratory shall apply the approved risk acceptability
criteria (see 6.1) to decide i f risk reduction is required. Generally, i f the risk is considered negligible,
then the risk is acceptable and no further risk reduction is necessary.
I f risk reduction is required, then risk control activities, such as described in 7.1 to 7.4, shall be
performed.
I f the level o f risk is considered unacceptable, and cannot be reduced to an acceptable level, laboratory
management shall decide whether the examination or service in question may be commenced or
continued based on a documented risk – benefit analysis as described in Clause 8 .
I f risk reduction is not required, then the risk control requirements in 7.1 to 7.4 do not apply for the
particular hazardous situation being evaluated, and the laboratory may proceed to Clause 9 .
7 Risk control
7.1 Risk control options

The laboratory shall identi fy, implement and veri fy risk control measure(s) that reduce the risk(s) to an
acceptable level.
NOTE Risk control measures can reduce the severity o f the harm, reduce the probability o f occurrence o f the
harm, or both.
In selecting risk control measures, priority shall be given to risk control options in the following
preferred order:
a) inherent sa fety by process design (e.g., potential for failure is reduced or eliminated);
b) protective measures in the IVD medical device (e.g., alarms, failure detection, fail-sa fe mechanism)
or in the examination, pre-examination, post-examination and quality assurance procedures (e.g.,
calibration, quality control activities, including new control activities added by the laboratory to
reduce residual risk);
c) in formation for sta ff on sa fety;
d) training.
When implementing option b) or c), the laboratory should select risk control measures that will reduce
the risk as far as reasonably possible be fore determining whether the residual risk is acceptable.
The laboratory may also consider whether use o f an examination for a specific patient population
should be contraindicated based on risk evaluation (Clause 6) or risk-benefit analysis (Clause 8 ).
I f the laboratory determines during risk control option analysis that risk reduction is not feasible, the
laboratory may conduct a risk/benefit analysis o f the residual risk to determine whether to continue to
develop or implement the examination or service (see Clause 8 ).

ISO 22367:2020(E)
7 . 2 Ri s k c o n tro l ve r i fi c a ti o n
The correct implementation o f each risk control measure shall be verified.

The e ffectiveness o f the risk control measure(s) shall be verified. Verification o f e ffectiveness may be
per formed as part o f validation activities.
7.3 Role of standards in risk control

Con formance to relevant standards should be considered as part o f the risk control option analysis.
Application o f relevant standards during the design and development o f an examination or another
procedure might constitute a risk control activity, and may meet the requirements given in 7.1 to 7.5 . It
is up to the laboratory to determine whether application o f the standard meets all o f the requirements.
7.4 Role of IVD medical devices in risk control

I f the examination involves an IVD medical device that was designed, developed, validated and
manu factured in con formance to a recognized risk management standard such as ISO 14971, the
laboratory should follow the manu facturer’s instructions regarding any risk control measures
incorporated in or provided with the device. Exceptions shall be justified.
NOTE This recommendation is intended to enable laboratories to rely on risk management activities
per formed by the IVD manu facturer, thus avoiding unnecessary duplication o f e fforts. This promotes e ffective
risk communication between stakeholders.
Risk control measures incorporated in or provided with an IVD medical device may not require further
verification i f:
— the IVD manu facturer certifies that the device was designed, developed, validated and manu factured
in con formance to ISO 14971, and;
— the in formation provided by the manu facturer in the device labelling shows that the risk control
measures are e ffective.
The laboratory shall review the risk control measures incorporated in or provided with the IVD
medical device and decide whether the e ffectiveness o f the risk control measures requires additional
verification by the laboratory.
Modifications to the IVD medical device that could a ffect the risk control measures may require
revalidation by the laboratory.
7.5 Risks arising from risk control measures

Each risk control measure shall be reviewed with regard to whether:
— any new hazards or hazardous situations have been introduced; or
— the estimated risks for previously identified hazardous situations will be a ffected by introduction
o f the risk control measure.
Any new or increased risks shall be analyzed, evaluated and controlled in accordance with 4.4 to 7.4 .
The results o f this review shall be recorded in the risk management documentation.
7.6 Residual risk evaluation

A fter the risk control measures are applied, each residual risk shall be evaluated using the approved
risk acceptability criteria (see 6.1). The results o f this evaluation shall be recorded.

ISO 22367:2020(E)
I f the residual risk is judged not acceptable using these criteria, further options for risk control shall be
considered (see 7.1).
I f further risk reduction is not feasible, the laboratory may conduct a risk/benefit analysis o f the residual
risk to determine whether to continue to develop or implement an examination or service (see 8 ).
For residual risks that are judged acceptable, the laboratory shall determine what in formation is
necessary to communicate to the intended recipients in order to disclose the residual risks. Copies
o f any communications that disclosed the residual risks shall be maintained in the risk management
documentation.
NOTE Guidance on how residual risk(s) can be disclosed is provided in Annex L .
8 B e n e fi t- r i s k a n a l ys i s
The medical laboratory may per form an analysis o f relevant clinical evidence to determine i f the
medical benefits o f the intended use outweigh the residual risk. This analysis may be per formed at the
level o f an individual residual risk or for the overall residual risk.
NOTE Clinical evidence is obtained from sources such as the medical literature, clinical studies, per formance
evaluations, adverse event experience, and expert medical opinion. Re fer to Annex K for further guidance for
per forming a benefit-risk analysis.
I f the residual risk is demonstrated to be outweighed by the benefits, then the risk may be considered
acceptable. The laboratory shall determine which in formation is necessary to disclose the residual risk.
I f the evidence does not support the conclusion that the medical benefits outweigh the residual risk,
then the risk is not acceptable.
The results o f the benefit-risk analysis and the in formation to be disclosed to intended recipients shall
be recorded.
9 Risk management review
9.1 Completeness of risk control

Prior to reporting results from the examinations addressed in the risk management plan, the laboratory
shall carry out a comprehensive review o f the entire risk management process. The responsibility for
review should be assigned in the risk management plan (see 4.4.3 b).
This review shall at least ensure that:
— the risk management plan (see 4.4) has been appropriately implemented;
— the risk(s) from all identified potential hazardous situations have been considered (see 5.6);
— the overall residual risk is acceptable (see 9.2); and
— appropriate methods are in place to obtain the in formation necessary to monitor the risks (see 10).
9.2 Evaluation of overall residual risk

A fter the individual assessment o f every identified hazardous situation associated with an examination
or service, and a fter the identified risk control measures have been implemented and verified, the
laboratory shall consider the combined impact o f the individual residual risks and decide whether the
overall residual risk for each examination or service is acceptable using the criteria defined in the risk
management plan.
NOTE For guidance on overall residual risk evaluation, re fer to Annex J .

ISO 22367:2020(E)
I f the overall residual risk is judged not acceptable using the criteria established in the risk management
plan, the laboratory may conduct a risk-benefit analysis (see Clause 8) to determine i f the medical
benefits o f the intended use outweigh the overall residual risk. I f the clinical evidence supports the
conclusion that the medical benefits outweigh the overall residual risk, then the overall residual risk
may be judged acceptable. Otherwise, the overall residual risk remains not acceptable.
For an overall residual risk that is judged acceptable, the laboratory shall determine what in formation is
necessary to give healthcare providers to disclose the overall residual risk. Copies o f the communications
that disclosed the overall residual risk shall be maintained in the risk management file.
NOTE Guidance on how residual risk(s) can be disclosed is provided in Annex L .
9.3 Risk management report

The results o f this comprehensive risk management review shall be recorded in a risk management
report, which shall summarize the evidence that:
— the risk management plan has been satis factorily fulfilled;
— the results confirm that the residual risks are acceptable; and,
— the risk management report shall be approved by laboratory management.
10 Risk monitoring, analysis and control activities
10.1 Surveillance procedure

The laboratory shall establish, document and maintain a suitable procedure to collect, review
and analyze in formation about risks associated with the pre-examination, examination, and post-
examination processes.
When establishing a surveillance system, the laboratory should consider among other things:
a) the mechanisms by which in formation generated by the laboratory, the healthcare providers, the
IVD medical device manu facturer, or those accountable for the installation and servicing o f the
equipment is collected and processed; and
b) new or revised healthcare regulations and standards.
Risk-based alert and action triggers should be established to ensure timely response to any identified
adverse event or trend.
The in formation collected as part o f risk monitoring shall be evaluated to ensure the risk controls
remain e ffective and the risks remain acceptable. In particular, the laboratory shall determine i f:
— an unanticipated failure mode, use error, hazard, hazardous situation or harm may have occurred;
— the previously unrecognized potential for any o f these events to occur may be present; or
— the estimated risk(s) arising from a hazardous situation is (are) no longer acceptable.
I f any o f the above conditions occur:
a) the need for immediate action to reduce imminent risks to patients or users shall be evaluated, and
i f so, the appropriate actions to be taken by the laboratory to address the risks shall be initiated
(see 10.4);
b) the impact on previously implemented risk management activities shall be evaluated and shall be
fed back as an input to the risk management process;

ISO 22367:2020(E)
c) a review o f the risk management documentation for the examination or service shall be conducted,
and i f there is a potential that the residual risk(s) or its acceptability may have changed, the impact
on previously implemented risk control measures shall be evaluated.
The results o f this evaluation shall be recorded in the risk management documentation.
NOTE Aspects o f monitoring for unanticipated risks are o ften the subject o f national regulations.
10.2 Internal sources of risk information

Sources o f risk in formation and data within the laboratory may include:
a) per formance evaluation studies;
b) statistical quality control data;
c) incident reports;
d) complaints, noncon formities or corrective actions;
e) internal audits and other evaluations.
10.3 External sources of risk information

Sources o f risk in formation and data outside the laboratory may include:
a) EQAS (External Quality Assurance Services) reports;
b) physician complaints;
c) manu facturer advisory notices;
d) regulatory authorities;
e) adverse event databases;
f ) literature reports;
g) accreditation bodies (e.g., audits).
NOTE A product recall, field correction or sa fety notice from an IVD manu facturer can indicate a change in
risk that requires immediate action by the laboratory.
10.4 Immediate actions to reduce risk

I f examination results reported by the laboratory are found to present unacceptable risks to patients,
immediate actions shall be taken in proportion to the risks. Actions to reduce the risks may include, but
are not limited to the following:
a) alert the a ffected healthcare providers to the erroneous results;
b) i f possible, repeat the examinations and revise reports to correct the erroneous results;
c) noti fy healthcare providers o f changes in diagnostic per formance;
d) update and issue revised re ference ranges;
e) suspend further examinations until the cause is corrected;
f ) noti fy the IVD manu facturer o f any clinically significant mal function, use error or deficiency in IVD
device design or labelling;
g) report adverse events or serious incidents to authorities, where appropriate.

ISO 2 2 3 67: 2 02 0(E)
T he i m me d i ate ac tion s may a l s o i nclude an i nve s tigation to de term i ne the ro o t cau s e s a nd re as s e s s ments
o f the ri s ks .

ISO 22367:2020(E)
Annex A
(informative)
Implementation of risk management within the quality
management system
A.1 General guidance

Where a documented quality management system exists, such as that described in 4.2 o f ISO 15189:2012,
4.1 o f ISO 22367 requires that it should incorporate risk management into the appropriate parts.
Risk is inherent in all aspects o f a quality management system. There are risks in all systems, processes
and functions. Risk-based thinking ensures these risks are identified, considered and controlled
throughout the design and use o f the quality management system.
By using risk-based thinking the consideration o f risk is integral. It becomes proactive rather than
reactive in preventing or reducing undesired e ffects through early identification and action. Preventive
action is built-in when a management system is risk-based. Risk-based thinking is something
laboratories do automatically in everyday li fe.
Not all the processes o f a quality management system represent the same level o f risk in terms o f their
potential for harm to users or patients. Some need more care ful and formal planning and controls
than others. By considering risk throughout the system and all processes the user and patient sa fety
is improved, output is more consistent and healthcare providers can be confident that they will receive
the expected product or service (see Figure A.1).

ISO 22367:2020(E)
F i g u r e A . 1 — R i s k a s s e s s m e n t f l o w c h a r t
This Annex provides guidance for medical laboratories that have implemented ISO 15189, which
requires that risk management be incorporated into their quality management system. All re ference to
clauses in ISO 15189 will be so stated (e.g., ISO 15189:2012, 4.6); i f a clause is listed by itsel f (e.g., 4.4.5),
it re fers to the clause in this document.
A.2 Documents and records control

See ISO 15189:2012, 4.3 and 4.13.
The document and records control requirements o f ISO 15189:2012, 4.3 apply to all laboratory policies,
procedures, work instructions and other documents created for the risk management process and
maintained as part o f the risk management documentation (see 4.4.5 ).
A.3 Supplier management

See ISO 15189:2012, 4.6.
A.3.1 General
The degree o f supplier control required varies with the examination or service and the associated
risks to patients or laboratory workers. The extent o f specification detail necessary to ensure that the
purchased product or service, including re ferral laboratory services, meets requirements depends on
the nature o f the product or service purchased and the identified risks (see Clause 5 ).

ISO 22367:2020(E)
Assessment o f risks introduced by vendors should result in clarification o f the roles and responsibilities
o f the laboratory and supplier. For examples, contractual considerations may include:
— ownership o f the specifications and the change control process;
— ensuring that new in formation is communicated when it becomes available;
— speci fying the extent o f risk management to be conducted by the laboratory and by their supplier.
Supplier management and acceptance activities generate in formation and data that should be part o f
the risk monitoring that continues throughout the examination cycle. The output o f risk management
activities may result in risk control measures to be carried out such as purchasing controls and
acceptance activities.
A.3.2 Purchasing
The procedures for the selection and purchasing o f external services, equipment, reagents and
consumable supplies should require identification o f hazards and evaluation o f risks potentially
introduced by suppliers, and should require risk-based decisions regarding the selection and approval
of suppliers.
Where appropriate, prescribed risk control measures derived from the laboratory’s risk management
process (Clause7) should be included in the purchasing requirements as part o f the purchasing
in formation.
Criteria for selection, evaluation and re-evaluation o f suppliers o f purchased products, including
IVD medical devices, and services, such as re ferral and re ference laboratories and external quality
assessment programs, should be established based upon the risk associated with identified hazards
related to the purchased products and services.
A.3.3 Acceptance activities
In developing the acceptance criteria for purchased product and services, results o f risk management
activities should be considered. Specifically, the identified hazards and their related risk control
measures should be taken into account when developing criteria for verification and acceptance
activities.
A.3.4 Servicing
Laboratory equipment and IVD medical devices may require installation, maintenance and repair
activities provided by internal or external suppliers.
When servicing is a specified requirement, in formation from risk management activities should be
considered. Periodic servicing and maintenance as a means to ensure proper functioning o f a device
can be an e ffective method o f risk control.
I f a certain risk control measure is necessary for an examination process, it may also be necessary to
apply the same (or similar) risk control measure to the servicing process.
When there is a hazard to service personnel, clear instructions should be included in servicing manuals
or documentation and appropriate training shall be provided.
A.4 Design and development activities
A.4.1 General
This subclause applies only to medical laboratories that develop examination procedures for their own
use, or modi fy previously validated examination procedures or IVD medical devices.

ISO 22367:2020(E)
Risk management activities (e.g., risk assessment and risk control) should be an integral part o f the
design and development process for laboratory examinations.
NOTE An examination procedure developed for a laboratory’s own use is o ften re ferred to as a “laboratory
developed test”, “LDT”, or “in-house test”.
The following guidance is based on the iterative design and development process described in 7.3 o f
ISO 13485:2016 (8), in which design and development is conducted in the stages listed below. This
approach is followed by most IVD manu facturers, and should be considered by laboratories when
developing examinations for their own use.
— design and development planning;
— design and development inputs;
— design and development outputs;
— design and development review;
— design and development verification;
— design and development validation;
— design and development trans fer;
— control o f design and development changes.
Risk management activities should begin as early as possible in the design and development process,
when it is feasible to incorporate sa fety features in the design. For each identified hazard, the risk in
both normal and fault conditions is estimated (Clause 5). The laboratory decides whether risk reduction
is needed (Clause 6). The results from this risk evaluation, such as the need for risk control measures,
then become part o f the design and development input.
Risk control measures (Clause 7) are part o f the design and development output and their e ffectiveness
is verified during design and development verification. This design and development input/output/
verification cycle iterates and continues throughout the overall design control process until the residual
risks have been reduced to an acceptable level and can be maintained at an acceptable level. The overall
e ffectiveness o f the risk control measures is confirmed during design and development validation.
A.4.2 Design and development planning
Design and development planning ensures that risk management activities are coordinated during
design and development and continue throughout the li fe time. Design and development planning
should identi fy:
— the inter-relationship(s) between appropriate risk management activities and design and
development activities;
— the design and development resources required, including the expertise to address potential sa fety
concerns.
A.4.3 Design and development input
Design and development inputs are documented as the foundation for subsequent design and
development activities. Design and development inputs include adequate consideration o f intended use
and functional, per formance, sa fety and regulatory requirements.
Risk control measures are an output from risk management activities, which become inputs into the
design and development process.
Hazard identification starts with consideration o f the intended use, the characteristics related to sa fety
and the use environment and results in a preliminary list o f known and foreseeable hazards. Each

ISO 22367:2020(E)
identified hazard could lead to several di fferent harms, and several di fferent hazards could lead the
same harm. The probability o f occurrence o f each harm and its severity are determined to estimate
the risks (see Clause 5). Each risk is evaluated against previously established acceptability criteria to
determine whether risk controls are needed.
During development, any proposed changes to the identified design characteristics, specifications, and/
or risk control measures and their associated hazards from the current risk analysis should be care fully
evaluated with respect to continued sa fety and specified per formance o f the examination procedure
be fore approval.
I f the examination procedure is intended to be used in combination with any equipment or IVD medical
device, then hazards and risk control measures should be evaluated for each component individually as
well as for the system or combination.
When establishing design and development inputs, the need for risk control measures should be
considered. When risk control measures are determined to be necessary and are initially defined, these
become an output as part o f the iterative cycle.
A.4.4 Design and development outputs
The risk control measures identified during the input phase are evaluated during design and
development, and i f feasible, will be incorporated into the design in the order o f priority given in 7.1 . If
inherent sa fety or design for protective measures are not reasonably feasible, less e ffective risk control
measures such as labelling or training may be necessary. The design and development output includes
the design specifications for the risk control measures.
Design and development outputs are generally o f three types:
— specification o f the characteristics o f the examination procedure, in particular those essential for
its sa fe and proper use;
— requirements for purchasing, production, handling, distribution and servicing;
— acceptance criteria.
All types may include in formation essential for sa fe and proper use. Risk control measures may fall into
any o f these categories.
A.4.5 Design and development review
Design and development reviews should be conducted at appropriate points to ensure the examination
procedure meets the identified medical needs. The reviews should confirm that any individual residual
risks as well as any overall residual risk are acceptable and adequately disclosed. These reviews should
confirm the validity o f risk/benefit decisions related to the acceptance o f the residual risks. Reviewers
should have the necessary competence to assess design decisions concerning risk acceptability.
Design review procedures should define risk review tasks that should be per formed at appropriate
stages o f design and development. Design and development reviews should assess, for example:
— whether all hazards have been identified, risk has been properly assessed and potential risk control
measures have been identified;
— the e ffectiveness o f risk control measures for individual risks;
— i f design validation activities e ffectively assessed the overall residual risk associated with the
per formance o f the examination procedure by the intended user;
— whether any new risk-related issues identified during the design trans fer process were controlled
and verified.

ISO 22367:2020(E)
A . 4 . 6 D e s i g n a n d d e ve l o p m e n t ve r i fi c a ti o n
Verification generates objective evidence that the design requirements were met, including requirements
that identified risks were addressed, risk control measures were implemented as necessary, and risk
control measures were e ffective so that the end result meets the defined acceptability criteria.
Procedures should define appropriate verification methods and should ensure traceability between
identified hazards, risk control measures, design and development requirements, test plans, and test
results. Annex F contains an example of a risk management summary in a table format, which also
demonstrates traceability.
A.4.7 Design and development validation
Validation confirms that the examination or service meets client needs, intended uses, and that the
overall residual risk meets the approved acceptability criteria. To ensure risk control measures are
adequately addressed, the validation plan should include all intended uses to give confidence that the
overall residual risk determination is consistent with expectations. Any simulated use testing should be
designed to provide similar levels o f confidence. Any un foreseen hazards that emerge from validation
should be assessed (Clauses 5 and 6 ) and, i f necessary, controlled (Clause 7 ).
A.4.8 Design and development transfer
During trans fer o f the examination procedure from research and development to laboratory operations,
the laboratory should ensure that the required risk control measures were implemented and will be
e ffective in the actual use environment. The laboratory should also ensure that any newly identified
risk-related issues are resolved prior to the release o f the examination procedure to laboratory
operations.
A . 5 I d e n ti fi c a ti o n a n d c o n tro l o f n o n c o n f
o r m i ti e s
See ISO 15189:2012, 4.9.

Each noncon formity related to a laboratory examination, including pre- and post-examination aspects,
should be investigated and handled in a controlled manner (i.e., using a documented noncon formity
handling process). The level o f control should be commensurate with the risk associated with the
noncon formity.
Identified noncon formities, including use errors and incidents, should be classified for analysis,
review and reporting. Risk assessments (Clauses 5 and 6 ) should enable the laboratory to classi fy and
prioritize the noncon formity according to its significance, primarily in terms o f patient and user sa fety.
Classification may also include, but is not limited to:
— cycle phase o f event;
— event location;
— event characterization;
— event predictability and prevention.
A.6 Complaint evaluation and investigation

See ISO 15189:2012, 4.8.
The procedures for the management o f complaints or other feedback received from clinicians, patients,
laboratory sta ff or other parties should require that each complaint be evaluated to determine i f it
involves an adverse event, a known hazard, a previously unknown risk, or a change in risk level.

ISO 22367:2020(E)
The prioritization and extent o f complaint investigations should be commensurate with the level o f risk
represented by the event, based on the risk assessments (Clause 5 and 6 ). I f so, review o f the existing
risk analysis may be necessary to determine whether it requires an update.
Complaint evaluation and investigation activities generate in formation and data that should be part o f
the risk monitoring that continues throughout the li fetime o f an examination.
A.7 Corrective action

See ISO 15189:2012, 4.10.
The root cause investigation should include determination o f whether the level o f risk estimated in
Clause 5.8 is still acceptable, and i f the original risk assessment remains valid.
The comprehensiveness and depth o f failure investigations should be commensurate with the
magnitude o f the noncon formity, event or incident being investigated, and the risk it presents to the
patient or user.
Procedures should include or re ference the method to be used to determine the level o f risk associated
with the failure (Clause 5) and the decision process used to determine the depth o f investigation based
upon that level o f risk.
The results o f corrective action activities should be reviewed to identi fy any previously unrecognized
risks and to monitor the e ffectiveness o f risk control measures. This in formation should also be utilized
to determine the e ffectiveness o f the risk management activities and determine required actions to be
taken to correct the identified issues and prevent recurrence.
A.8 Preventive action

See ISO 15189:2012, 4.11.
Relevant in formation from the laboratory’s examination processes should be continually monitored,
analyzed and used in reviewing revising current risk assessments and where appropriate, per forming
new risk assessments.
Additional sources o f in formation to be considered include:
— in formation on laboratory examinations or IVD medical devices from interlaboratory quality
assessment schemes;
— in formation on similar laboratory examinations or IVD medical devices;
— public in formation on recalls, vigilance reports, etc.;
— scientific literature, consensus guidelines and expert medical opinion;
— new or amended standards and regulations.
The analysis o f data should demonstrate that the decisions and risk control measures determined
within the risk management process are appropriate.
I f a situation or condition is identified that could contribute to a noncon formity and increase the level
o f risk, laboratory management should take action to prevent occurrence o f the noncon formity. The
preventive action plan should include:
— the scope o f the plan;
— a description o f the specific failure mode e ffect, noncon formity, error, or incident;
— the identification o f potential hazards associated with the potential error or noncon formity;

ISO 22367:2020(E)
— allocation o f responsibilities to address the changes required;

— requirement for review;
— criteria for acceptable resolution.
A.9 Continual improvement

See ISO 15189:2012, 4.12.
Laboratory management should review in formation gained about the laboratory noncon formities,
errors and incidents. This in formation should be evaluated for possible relevance to patient and
laboratory sa fety, especially with regard to the following:
— whether previously unrecognized hazards are present;
— whether original assessments o f laboratory noncon formities, errors and incidents are invalidated
as a result.
I f either o f the above applies, the results o f the evaluation should be used to assess the adequacy o f the
corrective action process and the corrective action plan should be modified i f appropriate.
In addition, an in-depth investigation into the root cause o f any high-risk laboratory noncon formities,
errors and incidents should be carried out immediately, in order to prevent their recurrence.
NOTE In this context, immediately means without a delay that cannot be justified.
A.10 Evaluation and audits

See ISO 15189:2012, 4.14.
Quality management system audits should include the risk management process described in this
document.
Audit observations o f quality management system deficiencies should be prioritized according to the
risks associated with the noncon formities, and special follow-up audits should be conducted to ensure
higher risk issues are addressed in a timely manner. Lower risk audit observations may be followed-up
during the next routine audit. The laboratory should consider the result o f risk management activities
to assign priorities to high risk processes when per forming audit program.
The frequency o f internal audit o f specific items can be based on the risk management approach to
warrant that the time spent is focused.
A.11 Accommodation and environmental controls

See ISO 15189:2012, 5.2.
Where the work environment, including facilities, could have an adverse impact on the examination
process or the examination results, and has been determined to result in or contribute to risk for the
patients, then risk control measures should be defined, documented and implemented. The e ffectiveness
o f these risk control measures should be periodically assessed.
A.12 Control of laboratory equipment, reagents and consumables

See ISO 15189:2012, 5.3.
The suitability o f equipment and the frequency o f cleaning, maintenance and calibration should be
verified and/or validated with re ference to the risks associated with the examination processes.

ISO 22367:2020(E)
Work i n s truc tion s s hou ld b e reviewe d and up date d to refle c t a ny ri s k control me as u re s identi fie d
accord i ng to C lau s e 7 .
I n formation may b e com mu n ic ate d to d i s tribution, ha nd l i ng , and s torage p ers on nel from the ri sk
ma nagement ac tivity, i f d i s tribution, h and l i ng , or s torage prac tice s or cond ition s cou ld c au s e or
contribute to a ha z ard from the u s e o f any re agent or o ther pro duc t (e . g. , s torage temp eratu re and
hu m id ity, temp eratu re a nd hu m id ity control duri ng sh ippi ng , ne e d for pro te c tive p ackagi ng) .
L ab orator y e qu ipment, re agents , a nd con s u mable s s hou ld be control le d in a ma n ner that is
com men s u rate with thei r ri s k.
When con s ideri ng the fre quenc y o f the qua l ity control, wh ich i nclude i nterna l and e xterna l control s ,
a ri sk b as e d pri ncip le s hou ld be appl ie d with con s ideration o f the me tho d va l idation/veri fic ation
outcome, the s tabi l ity o f the e qu ipment, me tho d and envi ron ment and the cl i n ic a l outcome o f the
results.
A.13 Control of laboratory information systems
S e e I S O 1 51 8 9 : 2 01 2 , 5 .10 .
L ab orator y i n formation s ys tem s shou ld b e va l idate d for u s e to a degre e com men s urate with the ri sks
as s o c iate d with the exam i nation s b ei ng p er forme d and the e xam i nation re s u lts b ei ng rep or te d and
the i ntegrity o f the s ys tem and its data . Typic a l ly, s uch s ys tem s are i ntegra l to the workflow o f the
lab orator y and c an pre s ent p o tenti a l ri s ks pre dom i nantly i n the pre - exa m i nation a nd p o s t- exam i nation
ph as e s o f p atient c a re .
I s s ue s to p o tentia l ri s ks c an i nclude:
— abi l ity to prop erly identi fy a nd trace a p atient and a l l relevant p ers on nel th roughout the exa m i nation
pro ce s s;
— abi l ity to prop erly and corre c tly tran s m it and d i s play i n formation th at is re adable a nd
comprehen s ible, i nclud i ng;
— orderi ng i n s truc tion s from the he a lthc are giver to the s p e c i men col le c tor or l ab orator y
— re s u lts o f e xam i nation s
— i s s ue s with the s a mple or the exam i nation that may i mp ac t i nterpre tation
— abi l ity to tolerate a nd/or re cover from d i s r up tion s o f the lab orator y i n formation s ys tem;
— m idd leware i ntegrity and dep endabi l ity;
— p o tenti a l for h acki ng i nto s ys tem s con ne c te d to i nterne t (d i re c tly or i nd i re c tly) and changi ng or
s te a l i ng p atient data;
— attention for c yb ers e c u rity i n genera l .
A.14 Quality control of examination processes

S e e I S O 1 51 8 9 : 2 01 2 , 5 . 6 .
T he development o f an i nterna l qua l ity control plan c a n b e conduc te d b as e d on ri sk management
pri nciple s a nd shou ld i nclude at le as t the ne xt s tep s:
1. C ol le c tion o f i n formation o f qua l ity s p e ci fic ation s a nd re qu i rements from ma nu fac turers , u s ers ,
lab orator y, acc re d itation agenc ie s , l iteratu re;
2. Per form i ng o f ri s k as s e s s ment;

ISO 22367:2020(E)
3. Identi fying control measurement to reduce risk;

4. Development o f a quality control plan;
5. Monitoring per formance.
To identi fy potential hazards and their causes the laboratory could implement some o f the tools
mentioned in Annex G: process mapping, fishbone diagram, FMEA. It could be useful for the laboratory
to map the entire testing process with a high-level process map, identified the potential causes o f harm
in each process step with a fishbone diagram and conduct a FMEA to evaluate i f risks are acceptable
and i f existing controls are e ffective. In this case the laboratory should implement a quality control
plan which can include statistical techniques, types, levels, frequency and number o f quality control
samples.
A.15 Change management

Changes to laboratory personnel, processes and/or services can introduce new hazards, eliminate
existing hazards, or change the level o f risk associated with a hazard. All changes to laboratory
processes and services should be controlled according to the degree o f risk associated with the process
or service. All changes to an examination or service require a review o f the applicable risk assessment.
I f a change is planned or has occurred inadvertently (i.e., unplanned change), the current risk assessment
should be reviewed and updated as necessary. I f any single characteristic o f a system changes, the entire
system may need to be evaluated. The decision should be based on the risk associated with the system.
Examples o f changes include:
— departure o f bench or supervisory personnel;
— a change o f reagents (even nominally identical material from a di fferent supplier);
— replacement o f laboratory equipment by another;
— the cumulative e ffect o f seemingly minor changes to a process;
— change from one supplier to another;
— change made by suppliers;
— change o f intended use, the intended user or the intended use environment.
Prior to implementing a proposed change, it is important to ensure that any individual residual risk(s),
as well as the overall residual risk, are defined and remain acceptable.
Proposed changes to validated examination procedures or IVD medical devices should be assessed for
risk (Clause 5 and 6 ) early in the change management process in order to determine whether known
risks are controlled satis factorily or whether they could introduce new risks. Unacceptable risks should
be addressed (Clause 7 and 8) prior to the decision to approve the change.

ISO 22367:2020(E)
Annex B
(informative)
Developing a risk management plan
The following guidance is adapted from ISO/TR 24971:2019.
B.1 General
The risk management plan can be a separate document or it can be integrated within other
documentation, e.g., quality management system documentation. It can be sel f-contained or it can
re ference other documents to fulfil the requirements described in 4.4 .
The level o f detail for the plan should be commensurate with the complexity o f the risk associated with
the process, laboratory service or examination and its associated risks. The requirements identified in
4.4 are the minimum requirements for a risk management plan. Laboratories can include other items
such as time-schedule, risk analysis tools, or a rationale for the choice o f specific risk acceptability
criteria.
B.2 Scope of the plan

The scope identifies and describes the process, examination procedure or laboratory service for which
each element o f the plan is applicable.
The elements o f the risk management process should cover all aspects o f the medical laboratory
examinations or service. The plan should include all risks associated with the laboratory’s services,
examinations and operations, including risks identified during the design and development o f
an examination procedure, during selection and acquisition o f equipment and devices, until
discontinuation o f the examination or service and decommissioning o f any equipment involved. A
laboratory’s risk management plan may consist o f a number o f individual plans, which together cover
all o f the laboratory’s services, processes and examinations. A high-level master plan should identi fy all
o f the individual plans and the areas they cover, and each individual plan should have a clear statement
of its scope.
B.3 Assignment of responsibilities and authorities
The risk management plan should identi fy the personnel with responsibility for the execution o f specific
risk management activities, for example reviewers, experts, independent verification specialists,
individuals with approval authority (see 4.2). This assignment can be included in a resource allocation
matrix defined for the project.
B.4 Requirements for review of risk management activities

The risk management plan is part o f the quality management system and should there fore be
subject to internal audits at planned intervals and be included in the management review. (e.g.,
ISO 15189:2012, 4.15).
B.5 Criteria for risk acceptability

Criteria for risk acceptability are derived from the laboratory's policy for determining acceptable risk
(see 4.2 and Annex C). The criteria can be common for similar categories of examination procedures or
laboratory services. Criteria for risk acceptability can be part o f the laboratory’s established quality
ISO 22367:2020(E)
management s ys tem, wh ich c an b e re ference d i n the ri s k ma nagement plan (e . g. , I S O 1 51 8 9 : 2 01 2 ,
4.1 . 2 . 4) .
B . 6 Ve r i fi c a ti o n a c ti vi ti e s
T he ri s k management pl an s hou ld s p e c i fy how the two d i s ti nc t veri fic ation ac tivitie s re qu i re d by th i s
do c u ment wi l l b e c arrie d out. Veri fyi ng the e ffe c tivene s s o f ri s k control me as u re s c an re qu i re the
col le c tion o f lab orator y data, us abi l ity s tud ie s , e tc . T he ri s k ma nagement plan c a n de tai l the veri fic ation
ac ti vitie s e xpl ic itly or by re ference to the pl an for o ther veri fic ation ac tivitie s .
B.7 Method or methods of obtaining relevant information for risk monitoring

T he me tho d or me tho d s o f ob ta i n i ng i n formation for ri sk mon itori ng c a n b e p ar t o f e s tabl i she d qua l ity
management s ys tem pro ce dure s (e . g. , I S O 1 51 8 9 : 2 01 2 , 4. 8 to 4.1 2 ) . T he lab orator y ca n e s tabl i sh generic
pro ce du re s to col le c t i n formation from va riou s s ou rce s , s uch as he a lthc are providers , i n s tr u ment
op erators , s er vice p ers on nel, tra i ni ng p ers on nel , i ncident rep or ts and c u s tomer fe e db ack. Wh i le a
re ference to the qua l ity management s ys tem pro ce du re s i s s u fficient i n mo s t c as e s , a ny exa m i nation-
s p e ci fic re qu i rements (e . g. , pro ac ti ve s ur vei l lance, fol low- up cl i n ic a l s tud ie s) shou ld b e d i re c tly adde d
to the ri s k m anagement plan .
T he ri s k management pla n s hou ld i nclude do c umentation o f de c i s ion s , b a s e d on a ri s k ana lys i s , ab out
what s or t o f s u r vei l l ance is appropri ate for the exa m i nation pro ce dure or lab orator y s er vice, for
exa mple, whe ther re ac tive s u r vei l l ance i s ade quate or whe ther pro ac tive s tud ie s are ne e de d . D e tai l s o f
s uch s tud ie s shou ld b e s p e ci fie d .

ISO 22367:2020(E)
Annex C
(in fo rmative)
Risk acceptability considerations
T he fol lowi ng g uidance i s adap te d from I S O/ T R 2 49 71 : 2 019
C.1 General
According to 4. 2 o f th i s do c u ment, lab orator y management i s re qu i re d to defi ne and do c u ment the
p ol ic y for de term i n i ng the c riteri a for ri s k accep tabi l ity (s e e 6 .1) . T h i s p ol ic y i s i ntende d to en s ure that
criteria:
— are b as e d up on appl ic able nationa l or regiona l re gu l ation s;
— are b as e d up on relevant I nternationa l Standard s;
— ta ke i nto account avai lable i n formation s uch as the genera l ly accep te d s tate o f the a r t a nd known
s ta keholder concern s .
NO TE O ther rele va nt i n fo rm ation c a n a l s o b e i nclude d .
T he p ol ic y cou ld cover the enti re range o f a l ab orator y's exa m i nation s or s er vice s , or it c a n ta ke
d i fferent form s dep end i ng on whe ther the e xam i nation pro ce du re s or lab orator y s er vice s are s i m i la r
to e ach o ther, or whe ther the d i fference s b e twe en group s o f exam i nation pro ce dure s or lab orator y
s er vice s a re s igni fic a nt.
C.2 Methods of determining acceptable risk

T h i s do c u ment do e s no t s p e ci fy accep table ri s k. T hat de c i s ion i s le ft for the l ab orator y to de term i ne .
Me tho d s o f de term i n i ng accep tab le ri s k i nclude, but are no t l i m ite d to:
— us i ng appl icable s tandard s that s p eci fy requi rements wh ich, i f i mplemented, wi l l i ndicate achievement
o f accep tabi lity concerning p ar ticu lar kinds o f exami nation pro ce dures or p ar ticu lar ri sks;
— comp ari ng level s o f ri s k evident from o ther e xam i nation pro ce du re s a l re ady i n u s e;
— eva luati ng cl i n ic a l s tudy data, e s p e c ia l ly for new te ch nolo g y or new i ntende d u s e s;
— ta ki ng i nto accou nt the s tate o f the ar t re gard i ng e xi s ti ng te ch nolo g y and c u rrent me d ic a l lab orator y
prac tice .
“State o f the ar t” i s u s e d here to me a n what i s c u rrently and genera l ly accep te d a s go o d prac tice .
Variou s me tho d s c a n b e u s e d to de term i ne "s tate o f the a r t" for a p ar tic u la r exam i nation pro ce dure .
E xample s a re:
— re co gn i z e d s tandard s for the s ame or s i m i l ar e xam i nation pro ce du re s;
— b e s t prac tice s for o ther e xam i nation pro ce du re s o f the s a me or s i m i lar typ e;
— re s u lts o f p e er-reviewe d s cienti fic re s e arch .
State o f the a r t do e s no t ne ce s s a ri ly me a n the mo s t te ch nolo gic a l ly advance d s olution .

ISO 22367:2020(E)
C.3 Recommendations
T he l ab orator y shou ld e s tabl i s h guidel i ne s for developi ng the ri sk accep tabi l ity criteri a for the
p a r tic u lar e xam i nation pro ce dure s or lab orator y s er vice s b ei ng con s idere d , wh ich wi l l b e i nclude d or
re ference d i n the ri sk management pla n a s re qu i re d b y 4.4 .

When developi ng or mai nta i n i ng the p ol ic y, the fol lowi ng s hou ld b e ta ken i nto con s ideration (s e e 6 .1 ):
— appl ic able regu lator y re qu i rements i n the re gion s where the me d ic a l lab orator y op erate s a nd
provide s s er vice s;
— relevant re co gn i z e d s ta nda rd s ( pre ferably I nternationa l Standa rd s) for the p a r tic u l ar exa m i nation
or s er vice, or for its i ntende d u s e, that c an help identi fy pri nciple s for s e tti ng the criteri a for ri s k
accep tabi l ity;
— i n formation on the s tate o f the ar t c an b e ob tai ne d from review o f the l iteratu re a nd o ther i n formation
on s i m i lar exa m i nation pro ce du re s or l ab orator y s er vice s the lab orator y h as provide d, as wel l a s
tho s e from comp e ti ng l ab oratorie s;
— va l idate d a nd comprehen s ive concern s from the ma i n s ta keholders . S ome p o tentia l s ou rce s o f
i n formation on the p atient and cl i n ic i an p ers p e c tive c an i nclude news me d i a, s o ci a l me d i a, p atient
foru m s , a s wel l a s i nterna l i nput from dep ar tments with e xp er t knowle dge o f s ta keholder concern s .
When de term i n i ng the c riteria for ri sk accep tabi l ity, the lab orator y s hou ld con s ider whe ther de ath or
s eriou s de terioration o f he a lth i s l i kely to o cc u r, either due to a device ma l func tion, de terioration o f
cha rac teri s tic s or p er forma nce, any i nade quac y i n the lab el i ng or i n s truc tion s for u s e, or i n norma l
op eration . I f s eriou s advers e events are l i kely to o cc u r, the lab orator y s hou ld de c ide i f the ri sk i s
accep table . I n any c as e, the ri sk s hou ld b e re duce d . I n doi ng s o , the l ab orator y may cho o s e an end-p oi nt
for ri s k re duc tion, u s i ng a re as onable de ci s ion pro ce s s s uch as the fol lowi ng:
Ri sk accep tabi lity shou ld pre ferably b e b as ed on recogni zed s tandards s p e ci fyi ng s tate o f the ar t ri sk
control me as ures for p ar ticu lar categories o f exami nation pro cedures or lab orator y s er vices . B as i ng the
ri sk reduc tion end-p oi nt on harmoni ze d s tandards ens ures that the ri sk i s reduced to an accep table level .
I f no re co gni z e d s tanda rd s are avai lable, o ther publ i s he d gu idel i ne s or s c ienti fic l iteratu re s hou ld b e
con s idere d . B a s i ng the ri sk re duc tion end-p oi nt on pub l i s he d gu idel i ne s or s cienti fic l iterature help s to
en s ure th at the ri s k i s re duce d to a n accep table level .
Where no i ndep endent publ ic ation s are avai lab le, the lab orator y s hou ld de term i ne and do c u ment the
b e s t ri s k re duc tion me a n s , and s hou ld i nclude i n the do c u mentation the rationa le for thei r s ele c tion .
T he criteri a for ri s k accep tabi l ity s hou ld b e b a s e d on h i s toric a l data, b e s t me d ic a l lab orator y prac tice s
and the genera l ly acknowle dge d s tate o f the ar t, a mong o ther criteri a .
I f a re duc tion to the approve d accep table level c a n no t b e ach ieve d, a ri sk-b enefit ana lys i s ca n b e
conduc te d to demon s trate th at the re s idua l ri sk i s outweighe d b y the me d ic a l b enefit.
C ompl ia nce may b e demon s trate d b y refle c ti ng s uch end-p oi nts i n the criteri a for ri s k accep tabi l ity a nd
do c u menti ng the de ci s ion s i n the ri sk management fi le . Where s a fe ty c a nno t b e demon s trate d as s uch,
cl i n ic a l evidence may b e u s e d to demon s trate that the me d ic a l b enefit outweigh s the ri s k.
T he review o f the s u itabi l ity o f the ri sk management pro ce s s at pl an ne d i nter va l s , a s re qu i re d b y 4.1 5 o f
I S O 1 51 8 9 : 2 01 2 , c an demon s trate the appropri atene s s o f previou sly u s e d c riteri a for ri s k accep tabi l ity
or le ad to change s i n the p ol ic y. Such change s ca n a l s o le ad to reviewi ng the appropri atene s s o f previou s
ri sk accep tabi l ity de ci s ion s .
T he p ercep tion o f ri s k o ften d i ffers from empi rica l ly de term i ne d ri sk e s ti mate s . T here fore, the
p ercep tion o f ri s k from a wide cro s s s e c tion o f s ta keholders s hou ld be ta ken i nto accou nt when
de cid i ng wh at ri sk i s accep table . To me e t the e xp e c tation s o f publ ic opi n ion, it m ight b e ne ce s s ar y to
give add itiona l weighti ng to s ome ri sks over o thers . I n s ome c a s e s , the on ly op tion cou ld b e to con s ider
that identi fie d s ta keholder concern s refle c t the va lue s o f s o c ie ty and that the s e concern s have b e en
ta ken i nto accou nt when the lab orator y ha s u s e d the me tho d s l i s te d ab ove .

ISO 2 2 3 67: 2 02 0(E)
C.4 Risk matrix
A common way o f applying acceptability criteria is by indicating the combinations o f probability o f

harm and severity o f harm that are acceptable or unacceptable using a matrix, such as Table I.4 or
Table I.5. Such charts may be specific to an examination procedure and its particular intended use, or
may apply to a family o f examination procedures that share similar characteristics and intended uses.
Their visual nature makes risk charts an e ffective means o f risk communication.

ISO 22367:2020(E)
Annex D
(informative)
I d e n ti fi c a ti o n o f c h a ra c te r i s ti c s re l a te d to s a f
e ty
This following guidance is adapted from ISO 14971:2019 and ISO/TR 24971:2019, and has been
expanded to address aspects o f medical laboratory examinations and services.
D.1 General
5.4 requires that the laboratory identifies those characteristics o f the laboratory examination or service
that could a ffect sa fety. Consideration o f these characteristics is an essential step in identi fying the
hazards associated with the examination procedure or laboratory service as required in 5.5 .
A use ful way to develop the list o f potential hazards is to ask a series o f questions concerning the intended
uses, users, use environment and any reasonably foreseeable misuses, as well as the development o f the
examination, preparation and use o f patient specimens, reagents, equipment and accessories, and their
ultimate disposal. I f these questions are asked from the point o f view o f all the individuals involved
(e.g., users, maintainers, healthcare providers, patients, etc.), a more complete picture can emerge o f
where the hazards can be found.
Questions starting in D.3 are intended to aid the laboratory in identi fying all the characteristics o f the
examination or laboratory service that could a ffect sa fety. The list is not exhaustive, nor representative
o f all examinations or laboratory services. The medical laboratory is advised to add questions and
points-to-consider that can have applicability to the particular examination or laboratory service, and
to skip questions that are not relevant. The laboratory is also advised to consider each question not
only on its own, but also in relation to others.
D.2 Characteristics related to safety for examination procedures, including IVD

medical devices
D.2.1 General
In addition to the chemical, mechanical, electrical and biological characteristics that create risk
for medical laboratory personnel, IVD medical devices and medical laboratory examinations have
per formance characteristics that determine the accuracy and clinical utility o f the examination results.
Failure to meet the per formance characteristics required for the intended medical use could result in a
hazardous situation that should be evaluated for risk to particular patient populations.
There fore, failure to meet the specifications established by the medical laboratory or the IVD
manu facturer for any o f the per formance characteristics related to sa fety should be evaluated in order
to determine i f a hazardous situation could result. Tools for analysing such hazards, such as Preliminary
Hazard Analysis (PHA), Fault Tree Analysis (FTA) and Failure Mode and E ffects Analysis (FMEA) are
described in Annex G .
D.2.2 Performance characteristics of quantitative examination procedures
Quantitative examination procedures are intended to determine the amount or concentration o f
an analyte in a patient’s specimen. Results are typically reported on an interval scale. Some o f
the analytical per formance characteristics o f quantitative examination procedures are precision
(imprecision), trueness (bias), analytical specificity and quantitation limit. Per formance requirements
depend on the intended medical applications. A falsely high or falsely low result, for example, can lead
to an incorrect diagnosis or delayed treatment, and the consequent harm to the patient could depend

ISO 22367:2020(E)
on the concentration o f the analyte and magnitude o f the bias. For this reason, it is also important to
include the correct biological re ference intervals definition or verification.
D.2.3 Performance characteristics of qualitative examination procedures
Qualitative examination procedures are intended to detect the presence or absence o f an analyte.
Results are reported as positive, negative or inconclusive. Per formance o f qualitative examination
procedures is generally expressed in terms o f diagnostic sensitivity, diagnostic specificity and detection
limit. A positive result when the analyte is absent or a negative result when the analyte is present can
lead to incorrect diagnosis or delayed treatment and to harm to the patient.
D.2.4 Reliability or dependability characteristics
When physicians depend on IVD examination results to help make urgent medical decisions, such as
in an emergency care or intensive care setting, timely results can be as important as accurate results.
Failure to report an examination result to a healthcare provider when it is needed in a critical care
situation could result in a hazardous situation for the patient.
D.2.5 Ancillary patient information
In some cases, examination results can require demographic in formation about the patient, as well
as pertinent in formation about the sample or its examination, for proper interpretation. Patient
identification, sample identification, sample type, sample description, measurement units, re ference
intervals, age, gender, and genetic factors are examples o f such in formation, which might be entered
manually by a laboratory analyst or automatically by a laboratory computer system. I f an examination
procedure is designed to report ancillary in formation with the examination result, failure to associate
the correct in formation with the examination result could a ffect the proper interpretation o f the result
and lead to a hazardous situation.
D.3 Generic questions pertaining to IVD medical devices and medical laboratory
examinations
D.3.1 What is the intended use and how are the examination results used?
Factors that should be considered include:
— What is the examination’s role relative to diagnosis, prevention, monitoring, treatment or alleviation
o f disease?
— What are the indications for use (e.g., intended patient populations)?
— Are the examination results intended for critical medical decisions?
— Are the quality specifications appropriate for the intended use and decision levels?
D.3.2 Is the IVD medical device or examination procedure intended for use at the point
of care?
Factors that should be considered include training o f POCT operators, compliance and monitoring o f
POCT operators, comparison o f results to those obtained in the central laboratory.
D.3.3 What materials or components are utilized to verify, validate or control the
equipment used to perform the examination?
Factors that should be considered include quality assurance o f materials, verification, quality control
and quality assurance.

ISO 22367:2020(E)
D.3.4 Are the reagents stored under special conditions to ensure stability?
Fac tors that s hou ld b e con s idere d i nclude temp erature, hum id ity, and ti me frame for s torage .
D.3.5 Is the equipment or IVD medical device intended to be routinely cleaned and
disinfected by the laboratory?
Fac tors that shou ld b e con s idere d i nclude the typ e s o f cle an i ng or d i s i n fe c ti ng agents to b e u s e d a nd
any l i m itation s on the nu mb er o f cle an i ng c ycle s . C on s ideration shou ld b e given to the e ffe c t o f cle an i ng
and d i s i n fe c ti ng agents on the p er formance or rel iabi l ity o f the e qu ipment or I VD me d ic a l device .
D.3.6 Are measurements correctly performed?

Fac tors th at s hou ld b e con s idere d i nclude the variable s me a s ure d a nd the acc u rac y, trace abi l ity a nd
u ncer tai nty o f the me a s urement re s u lts .
D.3.7 Do the examination results require interpretation by the laboratory or the

healthcare provider?
Fac tors that shou ld b e con s idere d i nclude whe ther conclu s ion s a re pre s ente d b y the I VD me d ica l device
from i nput or acqu i re d data, the a lgorith m s u s e d, and con fidence l i m its . Sp e ci a l attention s hou ld b e
given to un i ntende d appl ic ation s o f the data or a lgorith m .
D.3.8 Is the examination procedure intended for use in conjunction with other
examinations or IVD medical devices?
Fac tors th at shou ld b e con s idere d i nclude identi fyi ng a ny o ther e quipment, I VD me d ic a l device s , or
acce s s orie s that c an b e i nvolve d a nd the p o tentia l problem s as s o c iate d with s uch i nterac tion s .
D.3.9 Are the examination results intended for use by the healthcare provider in
conjunction with other examination results?
Fac tors th at s hou ld b e con s idere d i nclude identi fyi ng a ny o ther exa m i nation re s u lts th at c a n b e i nvolve d
and the p o tenti a l problem s a s s o ci ate d with thei r combi ne d i nter pre tation .
D.3.10 Are there unwanted outputs of energy or substances generated by the

measurement system or the examination procedure?
E nerg y-relate d fac tors th at s hou ld b e con s idere d i nclude noi s e and vibration, he at, rad i ation (i nclud i ng
ion i z i ng , non-ion i z i ng , and u ltraviole t/vi s ib le/i n frare d rad i ation) , contac t temp eratu re s , le a kage
c u rrents , a nd ele c tric or magne tic field s .
Sub s ta nce -relate d fac tors th at s hou ld b e con s idere d i nclude s ub s ta nce s u s e d i n i n s ta l lation, cle an i ng or
te s ti ng havi ng u nwa nte d phys iolo gic a l e ffe c ts i f they rema i n i n the s ys tem .
O ther s ub s ta nce -relate d fac tors th at s hou ld be con s idere d i nclude d i s ch arge o f chem ic a l s , was te
pro duc ts , and b o dy flu id s .
D.3.11 Is the instrumentation or IVD medical device susceptible to environmental

influences?
Fac tors th at shou ld b e con s idere d i nclude the op erationa l, tra n s p or t and s torage envi ron ments . T he s e
i nclude l ight, temp eratu re, hu m id ity, vibration s , s pi l l age, s u s cep tibi l ity to vari ation s i n p ower a nd
co ol i ng s uppl ie s , and ele c tromagne tic i nter ference .

ISO 22367:2020(E)
D.3.12 Are there essential consumables or accessories associated with the examination
procedure or IVD medical device?
Fac tors that s hou ld b e con s idere d i nclude s p e ci fic ation s for s uch con s u mable s or acce s s orie s a nd a ny
re s tric tion s pl ace d up on u s ers i n thei r s ele c tion o f the s e .
D.3.13 Is maintenance or calibration necessary?

Fac tors th at shou ld b e con s idere d i nclude:
— whe ther ma i ntenance or ca l ibration are to b e c arrie d out b y the op erator or u s er or by a s p e c ia l i s t;
— are s p e ci a l s ub s ta nce s or e qu ipment ne ce s s ar y for prop er ma i ntenance or c a l ibration?
D.3.14 Does the examination procedure or IVD medical device contain or use software?
Fac tors that shou ld be con s idere d i nclude whe ther s o ftware is i ntende d to be i n s ta l le d, veri fie d ,
mo d i fie d or excha nge d b y the op erator or u s er or b y a s p e ci a l i s t.
D.3.15 Do the components of the examination procedure or IVD medical device have a
restricted shel f-li fe?
Fac tors that s hou ld be con s idere d i nclude l ab el l i ng or i nd ic ators o f the e xpi ration dati ng and the
d i s p o s a l o f s uch me d ic a l device s when the expi ration date i s re ache d .
D.3.16 Are there any delayed or long-term use e ffects?

Fac tors th at shou ld b e con s idere d i nclude ergonom ic and c u mu l ative e ffe c ts . E xample s cou ld i nclude
rep e titive ac tion s , me chan ic a l fatigue, lo o s en i ng o f s trap s and attach ments , vibration e ffe c ts , l ab el s
that we ar or fa l l o ff, long term materi a l degradation .
D.3.17 What determines the lifetime of the examination components or IVD medical
device?
Fac tors th at shou ld b e con s idere d i nclude agei ng , b atter y deple tion, e tc .
D.3.18 What is the intended use and how are the examination results used?
Fac tors that s hou ld b e con s idere d i nclude: i s the re s u lt u s e d i n con fi rmation with its i ntende d u s e . For
i n s ta nce, i s it u s e d for p opu lation s tudy, d iagno s i s i n a p atient o r fol low up .
D.3.19 Is the medical device intended for single use or multiple use
Fac tors that s hou ld b e con s idere d a re: do e s the me d ic a l device s el f- de s truc t a fter u s e? I s it ob viou s that
the device has b e en u s e d? What a re the p o s s ible con s e quence s as s o c iate d with re -u s e?
D.3.20 Is safe disposal of the consumables or any waste materials necessary?

Fac tors that s hou ld be con s idere d i nclude whe ther the wa s te pro duc ts th at a re generate d b y the
exam i nation pro ce s s , mai ntena nce and s er vic i ng contai n toxic or ha z ardou s materi a l or cou ld contai n
biolo gic a l agents .
D.3.21 Is safe decommissioning of the equipment or IVD medical device necessary?

Fac tors th at shou ld b e con s idere d i nclude whe ther it conta i n s toxic or h a z a rdou s materia l or cou ld b e
contam i nate d with bioha z ardou s wa s te? I s the materi a l re c yclable?

ISO 22367:2020(E)
D.3.22 Does installation or use of the equipment or IVD medical device require special
training or special skills?
— the novelty o f the examination procedure or IVD medical device;
— the likely skill and training o f the person installing, using or servicing the equipment;
— commissioning and handing over to the laboratory and whether it is likely/possible that installation
can be carried out by people without the necessary skills.
D.3.23 How will information for safe use be provided?
— whether adequate in formation has been provided to the laboratory by the IVD manu facturer?
— whether provision o f the in formation involves the participation o f third parties such as installers,
care providers, or health care pro fessionals, and whether this will have implications for training;
— based on the expected li fe o f the device, whether re-training or re-certification o f operators or
service personnel would be required.
D.3.24 Will new examination processes need to be established, introduced or modified?
Factors that should be considered include new technology or a new scale o f operation.
D.3.25 Is successful use of the instrumentation or IVD medical device critically
dependent on human factors, such as the user interface?
Factors that should be considered include sta ff training and competence assessment.
D.3.26 Can the user interface design contribute to use error?
Factors that should be considered are user inter face design features that can contribute to use error.
Examples o f inter face design features include: control and indicators, symbols used, ergonomic features,
physical design and layout, hierarchy o f operation, menus for so ftware driven devices, visibility o f
warnings, audibility o f alarms, standardization o f colour coding. Annex F and IEC 62366-1 contain
additional guidance on usability evaluation.
D.3.27 Is the IVD medical device used in an environment where distractions can cause
use error?
— the consequence o f use error;
— whether the distractions are commonplace;
— whether the user can be disturbed by an in frequent distraction.
D.3.28 Does the IVD medical device have connecting parts or accessories?
Factors that should be considered include the possibility o f wrong connections, similarity to other
products’ connections, connection force, feedback on connection integrity, and over- and under-
tightening.

ISO 22367:2020(E)
D.3.29 Does the IVD medical device have a control interface?

Fac tors that s hou ld b e con s idere d i nclude s p ac i ng , co d i ng , groupi ng , mappi ng , mo de s o f fe e db ack,
blu nders , s l ip s , control d i fferenti ation, vi s ibi l ity, d i re c tion o f ac tivation or ch ange, whe ther the control s
are conti nuou s or d i s c re te, a nd the revers ibi l ity o f s e tti ngs or ac tion s .
D.3.30 Does the examination equipment or IVD medical device display information?
Fac tors that s hou ld b e con s idere d i nclude vi s ibi l ity i n va riou s envi ron ments , orientation, the vi s ua l
cap abi l itie s o f the u s er, p opu lation s a nd p ers p e c tive s , cl arity o f the pre s ente d i n formation, un its , colou r
co d i ng , a nd the acce s s ibi l ity o f critic a l i n formation .
D.3.31 Has the IVD medical device been tested in relation with cybersecurity?
Fac tors th at shou ld b e con s idere d are mentione d i n F.9
D.3.32 Is the instrument or IVD medical device controlled by a menu?

Fac tors that s hou ld be con s idere d i nclude complexity and nu mb er o f l ayers , awarene s s o f s tate,
lo c ation o f s e tti ngs , navigation me tho d, nu mb er o f s tep s p er ac tion, s e quence cla rity and memori z ation
problem s , and i mp or ta nce o f control fu nc tion relative to its acce s s ibi l ity a nd the i mp ac t o f devi ati ng
from s p e c i fie d op erati ng pro ce du re s .
D.3.33 Can the user interface be used to initiate user actions?

Fac tors that shou ld b e con s idere d i nclude the p o s s ibi l ity o f i n itiati ng a del ib erate ac tion for the u s er to
enter a control le d op eration mo de, wh ich en large s the ri s ks for the p atient and wh ich c re ate s awarene s s
for the user for this condition.

D.3.34 Does the IVD medical device use an alarm system?
Fac tors th at shou ld b e con s idere d a re the ri sk o f fa l s e a larm s , m i s s i ng a l arm s , d i s con ne c te d a l arm
s ys tem s , un rel i able remo te a larm s ys tem s , and the me d ic a l s ta ff’s p o s s ibi l ity o f u nders ta nd i ng how the
a larm s ys tem works .
D.3.35 In what ways might the IVD medical device be deliberately misused?
Fac tors that shou ld b e con s idere d are i ncorre c t u s e o f con ne c tors , d i s abl i ng s a fe ty fe atu re s or a l arm s ,
ne gle c t o f ma nu fac tu rer's re com mende d ma i ntenance .
D.3.36 Does the IVD medical device or the LIS hold data critical to patient care?
Fac tors th at shou ld be con s idere d i nclude the p o tenti a l for i ntru s ion by ma levolent ac tors and
con s e quence o f the data b ei ng mo d i fie d , corr up te d or dele te d .
D.3.37 Is the IVD medical device intended to be mobile or portable (e.g., for point of care
applications)?
Fac tors that s hou ld b e con s idere d are the ne ce s s a r y grip s , ha nd le s , whe el s , bra ke s , me cha n ic a l s tabi l ity
and du rabi l ity.
D.3.38 Are specimens adequate for the examination procedure?

Fac tors th at shou ld b e con s idere d i nclude typ e, volu me, s torage, tran s p or t, h and l i ng and d i s p o s a l .
D.3.39 Are personnel trained and periodically monitored in the use of equipment?
Fac tors that s hou ld be con s idere d i nclude comp e tence as s e s s ment, trai n i ng and re s p on s ibi l ity
as s ign ments .

ISO 22367:2020(E)
D.3.40 Are turnaround times (TAT) adequate during operational processes?

Fac tors that shou ld b e con s idere d i nclude prop er defi n i ng o f the ti me i nter va l s from ph leb o tomy to
rep or t rele a s e
D.3.41 Are quality control processes adequate to assure quality of examination results?
Fac tors that s hou ld b e con s idere d i nclude prop er pla nn i ng , p er form i ng a nd mon itori ng o f i nterna l
qua l ity control and mon itori ng o f ex terna l qua l ity as s e s s ment.

ISO 22367:2020(E)
Annex E
(informative)
Examples of hazards, foreseeable sequences of events and
hazardous situations
E.1 General
5.3 requires that the laboratory compile a list o f known and foreseeable hazards associated with the
examination in both normal and fault conditions. 5.4 requires the laboratory to consider the foreseeable
sequences o f events that can produce hazardous situations and harm.
According to the definitions, a hazard cannot result in harm until exposure to the hazard occurs, creating
a hazardous situation. Sequences o f events or other circumstances can lead to the creation o f a hazard
from some initiating event, to the development o f a hazardous situation, and/or to the occurrence o f
harm. Each event in the sequence can occurs with a certain probability, and the overall probability o f
harm is the cumulative probability o f all o f the events occurring. The goal o f risk management should
be to prevent the hazardous situation from occurring, i f possible; otherwise, to minimize the overall
probability that the hazardous situation will occur.
Figure E.1 represents the progression from initiating event to harm, and shows how the overall
probability o f harm can be estimated by combining estimates o f the component probabilities, in this
case P1 representing the probability that a hazardous situation would occur (e.g., in the case o f an
instrument mal function or use error), and P2 representing the probability that the hazardous situation
would lead to harm. This approach allows the component probabilities to be estimated by qualified
experts, e.g., laboratory personnel for P1 and medical experts for P2 . The level o f risk is determined as a
function o f both the probability o f harm and the severity o f harm.
In situations where either P1 or P2 can be estimated and the other probability cannot, a conservative
approach can be followed by setting the unknown probability equal to 1. The risk can then be assessed
based on the severity and the conservative estimate o f the probability o f occurrence o f harm.
Although the quantitative probabilities P1 and P2 are di fficult to formally establish by the medical
laboratory, literature or in-laboratory historic data may be used as a source for these values. Annex I
will discuss qualitative approaches to risk assessment. Nonetheless, the progression leading to harm as
given in the figure is valid whether quantitative probabilities can be determined or not.

ISO 22367:2020(E)
Figure E.1 — Pictorial representation of the relationship of hazard, sequence of events,

hazardous situation and harm.
The thin arrows represent elements o f risk analysis and the thick arrows depict how a hazard can lead
to harm.
E . 2 I d e n ti fi c a ti o n o f h a z a rd s
A starting point for the compilation o f a list o f potential hazards is a review o f experience with the same
or similar types o f examinations and IVD medical devices to identi fy the likely causes o f hazards. The
review should take into account the laboratory’s own experience as well as the experience o f other
laboratories as reported in adverse event databases, publications and other available sources. This type
o f review is particularly use ful for the identification and listing o f typical hazardous situations and
the harms that can occur. This listing and aids such as the list o f examples in Table E.1 can be used to
compile an initial list o f hazards.
The laboratory can then begin to identi fy some o f the sequences o f events that can trans form the
hazards into hazardous situations and harm. Hazards that would not result in a hazardous situation
and thus could never result in harm can be eliminated from further consideration.
Although use ful, it should be recognized that this approach is not a thorough analysis. Many sequences
o f events will only be identified by the use o f systematic risk analysis techniques aimed at the causes o f
potentials hazards, such as FMEA, FTA and other methods described in Annex G .
Analysis and identification are further complicated by the many initiating events and circumstances
that have to be taken into consideration such as those listed in Table E.2. Thus, more than one risk
ISO 22367:2020(E)
analysis technique, and sometimes the use o f complementary techniques, may be needed to complete
a comprehensive analysis. Table E.3 provides examples o f the relationship between initiating events
(causes), hazards, sequences o f events, hazardous situations, and harm.
Although compilation o f the lists o f hazards, hazardous situations, and sequences should be completed
as early as possible in the design and development process to facilitate identification o f appropriate
risk control measures, in practice identification and compilation is an ongoing activity that continues
throughout the use o f examination procedures and IVD medical devices. IVD manu facturers rely on
feedback from medical laboratories (e.g., complaints) to help identi fy causes o f IVD device mal functions
and adverse events (actual and potential).
This annex provides non-exhaustive lists o f possible hazards that can be associated with di fferent
types o f examination procedures and IVD medical devices (Table E.1), and o f initiating events and
circumstances (Table E.2) that can result in hazardous situations that can lead to harm. Table E.3 gives
examples o f logical progressions o f hazards trans formed by sequences o f events or circumstances into
hazardous situations and ultimately harm.
Recognizing how a hazard can progress to a hazardous situation and how a hazardous situation can
progress to harm, is critical for estimating the probability o f occurrence and the severity o f the harm
that could result. The objective is to compile a comprehensive set o f hazardous situations for use in risk
analysis. The tables in this annex are intended to aid in the identification o f hazardous situations.
It is important to emphasize that it is up to the laboratory to determine what events in the sequence are
called a hazard and a hazardous situation (i.e., exposure to the hazard) to suit the risk analysis being
per formed, as illustrated in Figure E.1 .
E.3 Hazards to the patient

From the standpoint o f a patient, an examination result is a hazard i f it might lead to (1) inappropriate
medical action that could result in injury or death, or (2) failure to take appropriate medical action that
could prevent injury or death. Incorrect or delayed examination results, as well as incorrect in formation
accompanying the result, are the most common hazards to patients from laboratory examinations.
These hazards can be initiated by a use error, equipment mal function, reagent deterioration or other
mal function, which can cause a sequence o f events to occur leading to delayed or inappropriate medical
care. These are hazardous situations for the patient, although for the purpose o f risk analysis the
laboratory may decide that a hazardous situation existed when the healthcare provider received the
incorrect result from the laboratory, or did not receive the result when it was needed for a medical
decision. The laboratory has no control over the subsequent actions o f the healthcare provider.
For qualitative examination procedures, in which only a positive or negative result is provided, (e.g.,
HIV or pregnancy examinations), results are either correct, incorrect or inconclusive.
For quantitative examination procedures, a result can be considered incorrect i f the di fference from a
correct value exceeds a limit based on clinical utility. The clinical significance o f an incorrect result can
depend on the magnitude o f the di fference between the measured value and a correct value, as well as
the physiological status o f the patient (e.g., hypoglycemic or hyperglycemic).
E.4 Hazards from fault conditions

Failure modes that can result in not meeting the per formance characteristics required for medical use
(e.g., trueness, precision, specificity, etc.) should be considered when identi fying IVD hazards in fault
conditions; e.g.,
— within-batch inhomogeneity;
— batch-to-batch inconsistency;
— non-traceable calibrator value;

ISO 22367:2020(E)
— non-commutable calibrator;
— non-specificity (e.g., inter fering factors);
— sample or reagent carryover;
— measurement imprecision (instrument-related);
— stability failures (storage, transportation, in-use).
Failure modes that can result in delayed results in urgent care situations should be considered when
identi fying IVD hazards in fault conditions; e.g.,
— unstable reagent;
— hardware/so ftware failure;
— packaging failure.
Failure modes that can result in incorrect patient in formation should be considered when identi fying
hazards in fault conditions; e.g.,
— incorrect patient name or identification number;
— incorrect birth date or age;
— incorrect gender.
E.5 Hazards due to use error
Incorrect results can occur in normal use, due to use error.
For examples o f use errors see Annex H .
E.6 Hazards in correct use

Incorrect results can even occur in correct use, when the examination procedure meets its established
per formance characteristics claims and no use errors have occurred. Although the results may be as
expected for the intended patient population, an incorrect result can occur for an individual patient due
to one o f the following causes:
— Measurement uncertainty – The precision o f quantitative examination procedures is limited by the
state o f art in measurement technology. Per formance claims are o ften based a specified limit based
on medical utility that 95 % o f the results meet, which means that up to 5 % o f the individual results
are allowed to fall outside the limit.
— Influence o f inter fering factors in the sample matrix – New drugs, biochemical metabolites,
heterophilic antibodies and sample preparation materials can a ffect the per formance characteristics
o f an IVD examination procedure with certain patient sample. The presence o f these influences is
usually unknown to the laboratory or the healthcare provider.
— Heterogeneity o f the analyte – Antibodies and other proteins in blood samples are mixtures o f
di fferent iso forms. Per formance characteristics o f the examination procedure might not apply to all
patient samples.
— Imper fect discrimination between positive and negative samples – Qualitative examination
procedures typically exhibit inherent false negative and false positive rates, caused by uncertainties
associated with determination o f a suitable cut-o ff value as well as factors discussed above (e.g.,
measurement uncertainty and sample-related influences).

ISO 22367:2020(E)
E.7 Hazardous situations

For medical laboratory examinations, where incorrect and delayed results are considered hazards to
patients (see E.3 ), a hazardous situation occurs when the incorrect result is reported to a clinician or
when a critical result is delayed. The subsequent decisions and actions by the clinician, which can cause
harm to the patient, are outside the control o f the laboratory.
Examples o f hazardous situations created by examination results include:
— a caregiver monitoring a diabetic patient obtains a falsely elevated blood glucose concentration
measurement when the patient is actually hypoglycemic;
— the lab reported a false normal troponin result to the ER for a patient who presented with chest pains;
— a blood analyzer misidentified a sample from the ICU as a sample from a di fferent patient;
— electrolyte results for a patient undergoing invasive heart surgery were not received when needed
during the procedure.
E.8 Examples of known and foreseeable hazards
The list in Table E.1 can be used to aid in the identification of hazards associated with the use of a
particular equipment or IVD medical device, which could ultimately result in harm to the instrument
operator or the patient. This list is not exhaustive.
Table E.1 — Examples of hazards

Hazard category Examples
Use error
— Attentional failure
— Memory failure
— Rule-based failure
Operator — Knowledge-based failure
— Routine violation
— Reagents added incorrectly
— Sample omitted
— Clotted sample not detected
— Incorrect or inappropriate
specimen
— Incorrect measurement
— Erroneous data trans fer
Operational — Incorrect sample presentation

— Incorrect conditions o f transport
o f samples
— Sample volume insu fficient for
retest
— Contaminated sample

ISO 22367:2020(E)
Table E.1 (continued)

Hazard category Examples
Data communication Warnings and precautions
— Inadequate network security — Inadequate in formation about:

In formation — Inadequate malware protection — electrical hazards
— Insu fficient data storage capacity — toxic reagents
— essential training
Results Service and maintenance
— Delay — Inadequate installation

instructions
— Incorrect report
— Inadequate preventive
— Critical values not reported maintenance specifications
— Inadequate troubleshooting and
repair instructions
E.9 Examples of initiating events and circumstances

In order to identi fy foreseeable sequences o f events, it may be use ful to consider the initiating events and
circumstances that can cause them. Table E.2 provides examples o f initiating events and circumstances,
organized into general categories. Although the list is not exhaustive, it is intended to demonstrate
the many di fferent types o f initiating events and circumstances that need to be taken into account to
identi fy the foreseeable sequences o f events for an examination procedure or IVD medical device.
Table E.2 — Examples of initiating events and circumstances

General category Examples
Incomplete requirements Inadequate specification o f:
— Per formance requirements
— Regulatory requirements
Laboratory processes — Inadequate sample: low volume, hemolyzed, inappropriate container
— Internal control fails
— Insu fficient control o f changes to laboratory processes
— Insu fficient control o f materials
Sample Transport, — Inadequate packaging
storage and preparation
— Contamination or deterioration
— Inappropriate environmental conditions
— Inadequate sample preparation
Reagent / instrument — Reagent fail
— Instrument alarm
— Instrument stops
— Instrument mal function
— Lack o f reagents

ISO 22367:2020(E)

General category Examples
Environmental factors Adverse conditions
— Physical (e.g., heat, pressure, time)
— Chemical (e.g., corrosions, degradation, contamination)
— Inadequate supply o f power
— Inadequate temperature control
Human factors — Potential for use errors triggered by design flaws, such as con fusing or
missing instructions for use complex or con fusing control system ambiguous
or unclear instrument state.
— Ambiguous or unclear presentation o f settings, measurements or other
in formation
— Misrepresentation o f results
— Insu fficient visibility, audibility or tactility
— Insu fficient or imprecise checks or process controls for actions or function.
— Use by unskilled/untrained personnel
— Insu fficient warning o f possible method/instrument mal function
— Failure to recognize inconsistent or incorrect results
— Incompatibility with consumables/accessories.
E.10 Examples of relationships between hazards, foreseeable sequences of events,

hazardous situations and the harm that can occur
Table E.3 illustrates the relationship between hazards, foreseeable sequences o f events, hazardous
situations and harm for some simplified examples.
Remember that one hazard can result in more than one harm, and that more than one sequence o f
events can give rise to a hazardous situation.
The decision on what constitutes a hazardous situation needs to be made to suit the particular analysis
being carried out. For example, in some circumstances it can be use ful to describe a cover being le ft o ff
a high voltage terminal as a hazardous situation; in other circumstances the hazardous situation can be
more use fully described as when a person is in contact with the high voltage terminal.
Table E.3 — Relationship between hazards, foreseeable sequences of events, hazardous
situations and the harm that can occur
Foreseeable Possible harms
Hazard sequence of events Hazardous situation
Inadequate sample 1) low volume — Patient receives Incor- — delay in diagnosis and
rect result or treatment
2) Insu fficient sample
to be read in the no result — Erroneous diagnosis
instrument — delay in result
3) New sample required

ISO 22367:2020(E)

Foreseeable Possible harms
Hazard sequence of events Hazardous situation
No action with unaccept- 1) No action to Patient receives Incorrect — Erroneous diagnosis
able quality control results investigate cause o f result
unacceptable control — Death
results and take
actions
2) Patient samples
Processed
3) Patient results
reported
Equipment improperly 1) POCT glucose Hypoglycemic patient Death
functioning analyzer battery receives falsely elevated
reaches the end o f its glucose result, leading
useful life to inappropriate insulin
administration
2) Analyzer measure
incorrect result
Sample misidentified Patient sample is misi -
dentified with another
patient’s ID number

ISO 22367:2020(E)
Annex F
(informative)
N o n c o n f o r m i ti e s p o te n ti a l l y l e a d i n g to s i g n i fi c a n t r i s ks
F.1 General
The investigation o f noncon formities in the medical laboratory includes an evaluation o f the potential
or it to result in a hazard.
f
The examples o f noncon formities can be used as starting points to help identi fy hazards associated with
the main laboratory services. The noncon formities are roughly grouped by the laboratory specialty and
phase (pre-examination, examination and post-examination) where they commonly occur. Added is as
well a list related to in formation sa fety (see F.9). They are not intended to be complete lists.
F.2 Nonconformities associated with the core medical laboratory
F. 2 . 1 P re - e xa m i n a ti o n p h a s e
— incorrect patient identification;

— incorrect or missing diagnostic in formation;
— incorrect interpretation o f medical request;
— incorrect patient preparation;
— incorrect collection container or preservative;
— incorrect collection container labelling;
— incorrect phlebotomy technique;
— incorrect mixing o f sample;
— incorrect collection timing;
— incorrect transport conditions or timing.
F.2.2 Examination phase
— discrepant quality control result;
— procedural non-con formity;
— equipment or reagent error;
— delayed time to completion (turnaround time);
NOTE Time delays can occur throughout the total laboratory cycle.
— invalid quality control o f equipment, reagents, materials;
— personnel (active, cognitive, non-cognitive) errors;
— latent (systemic) errors;

ISO 22367:2020(E)
— the pha s e o f veri fyi ng/va l idati ng the e xa m i nation pro ce du re s:
— i n s u fficient or i ncorre c t do c u mentation o f s c ienti fic evidence for ana lytic va l id ity or cl i n ic a l
va l id ity o f a ny exa m i nation pro ce dure;
— no t veri fyi ng o r va l idati ng the e xam i nation pro ce du re i n appropriate p atient p opu lation;
— s ele c ti ng i nappropri ate exa m i nation me tho d s .
— u s i ng i ncorre c t or i nappropri ate re ference va lue s;
— no t u s i ng s u fficient numb er a nd varie ty o f s ample s i n veri fic ation or va l idation;
— i ncorre c tly de term i ne d acc u rac y, ana lytic s en s itivity and s p e ci fic ity, rep or table range/c ut- o ff
va lue s , e tc . ;
— non- op ti m i z e d exa m i nation pro ce dure s .
F.2.3 Post-examination phase

— i ncorre c t re s u lt;
— i ncorre c t tran s c rip tion o f re s u lt;
— a mbiguou s rep or t;
— re s u lt a s crib e d to i ncorre c t p atient;
— rep or t s ent to i ncorre c t p ers on;
— m i s s i ng i n formation ab out re s tric tion s on i nter pre tation s o f re s u lt.
F.3 Nonconformities associated with the anatomical pathology laboratory
F.3.1 Pre-examination phase

— i ncomple te or i ncorre c t p atient identi fic ation;
— i ncorre c t or i ncomple te s p e ci men identi fic ation (e . g. , ab s ent or errone ou s marki ng o f ma rgi n s or
orientation identi fiers) ;
— m i s match i ng o f s p e c i men, s p e ci men contai ner and re que s t form;
— i ncorre c t s ample col le c tion (e . g. , no pre s er vative or u n s ati s fac tor y sl ide s) ;
— i ncomple te or i ncorre c t cl i n ic a l i n formation provide d on re que s t form;
— i nade quate che cki ng at acce s s ion i ng to en s u re that re que s t form and s p e ci men de tai l s match;
— s p e c i men s with the s a me or s i m i lar s urname s no t s ep arate d at acce s s ion i ng;
— s p e c i men s o f the s a me ti s s ue typ e no t s ep a rate d at acce s s ion i ng;
— s i ngle pie ce workflow acce s s ion i ng no t ad here d to;
— i ncorre c t tran s p or t o f s p e c i men to lab orator y.

— no e ffe c tive s ep a ration b e twe en s p e c i men s at d i s s e c tion;
— no con fi rmation that the s p e ci men a nd re que s t form de ta i l s match b e fore p er form i ng d i s s e c tion;

ISO 22367:2020(E)
— more than one specimen pot opened at a time during dissection;

— inadequate checking at cut-up that the request form, specimen and cassette/s details match;
— designated area for cut-up does not provide a suitable environment to minimize distractions and
interruptions;
— pre-labelling cassettes rather than single piece work flow at dissection;
— more than one cassette open at a time for trans fer o f tissue at embedding;
— cases that require isolation/interruption to workflow at microtomy, such as for cooling or decal, not
being e ffectively separated from other cases;
— pre-labelling slides be fore the embedded tissue is microtomed;
— tissue sections not cleared from the water bath between each block at microtomy;
— designated area for microtomy does not provide a suitable environment to minimize distractions
and interruptions;
— using slide labels that do not survive subsequent staining processes and require replacement at the
issuing stage;
— no checks per formed at the issuing stage to ensure that the macro appearance o f the block correlates
to the corresponding slide;
— specimens o f the same tissue type are not e ffectively separated when cases are being assembled for
microscopy;
— specimens o f patients with the same or similar surnames are not separated when cases are being
assembled for microscopy;
— no checks per formed to ensure that patient’s details on the slides and request form match prior to
examination o f the slides.
— details o f any relevant discrepancies identified during the procedures, including pre-laboratory
issues, not included on the final examination report;
— delayed reporting o f examination results;
— no mechanism in place for feedback and follow-up o f discrepant anatomical pathology findings.
F.4 Nonconformities associated with the transfusion medicine laboratory

— failure to reject improperly labelled sample;
— failure to exclude from inventory fresh frozen plasma prepared from a unit collected from a donor
with pregnancy history;
— failure to exclude from inventory apheresis platelet units not screened for HLA antibodies;
— failure to exclude from allogeneic inventory units testing positive for trans fusion transmissible
disease;
— failure to exclude from allogeneic inventory units collected from donors not screened for trans fusion
transmissible disease;

ISO 22367:2020(E)
— failure to exclude from allogeneic inventory units collected from donors not screened for use o f
teratogenic drugs.
— incorrect typing o f blood unit;
— incorrect typing o f patient sample;
— failure to provide clinically indicated, antigen negative blood for a patient with known red blood cell
antibodies;
— failure to per form coombs crossmatch for patient with known red blood cell antibody.
— failure to irradiate a cellular blood unit for an immunodeficient or immunocompromised patient;
— failure to wash blood unit for an IgA deficient patient;
— release o f blood unit for the wrong patient;
— release o f blood unit contaminated with a bacterial pathogen.
F.5 Nonconformities associated with the microbiology laboratory

— failure to reject improperly labelled sample;
— failure to reject specimen o f inadequate quantity, past stability, or transported/stored at
inappropriate temperatures;
— failure to reject inappropriate specimen types or sources for testing;
— failure to provide instructions for sample collection and transport and ensure compliance;
— failure to ensure unidirectional workflow for molecular testing;
— lost sample.
— failure to ensure appropriate turn-around times;
— failure to minimize risk for cross-contamination o f patient samples;
— failure to include controls to identi fy inhibition o f pathogen detection reactions;
— failure to control for appropriate per formance o f microbial staining reactions;
— failure to ensure absence o f microbial targets from culture media and microbial detection reagents
and/or systems;
— failure to quality control new reagent lots and shipments;
— failure to detect loss o f antibiotic disk potency for susceptibility testing.
— release o f antimicrobial susceptibility test results that are not appropriate for a given organism or
specimen type (e.g., CSF);
ISO 22367:2020(E)
— failure to ensure prompt communication o f critical test results (‘critical call’);

— failure to ensure transmission o f correct results;
— failure to minimize risk o f incorrect data entry or transcription errors;
— failure to minimize risk for misinterpretation o f laboratory results;
— failure to promptly correct erroneous results and communicate corrected results.
F.6 Nonconformities associated with the molecular laboratory

As technologies advance and molecular pathogenesis o f diseases clarified, IVD’s based on emerging
technologies such as nucleic acid-based assay have been recently developed and utilized. The more
complex the methods and procedures are, the higher the probability o f inherent risks. For an example,
in testing based on (massive parallel) sequencing, an IVD is an integrated system which comprises o f
a combination o f extracting reagent, sequencer and so ftware (algorithm and database). Traceability o f
version o f each component and mutual compatibility o f the system should be ensured.
F. 6 . 1 P re - e xa m i n a ti o n p h a s e
When per forming molecular testing, background sample in formation including history such as
acquisition, handling and transport is important.
Patient sample mix-up
— insu fficient communication between the laboratory and clinical users causing ordering o f incorrect
examination procedures;
— failure to reject the test request with incomplete in formation concerning in formed consent, genetic
counselling or confidentiality;
— failure to indicate not su fficient in formation was present concerning the sample related to pre-
analytical steps;
— lack o f quality assurance monitors to track appropriate handling and transport o f specimens.
Sample-derived risk
— lack o f in formation regarding material source (FFPE, fresh, blood, urine, stool, others);
— incomplete in formation o f handling and/or transport (temperature and/or mechanical stress);
— possibility o f misidentification o f patient sample (DNA fingerprinting could be per formed).
Lack o f/or incomplete traceability
— traceability o f version o f each component (extraction reagent, reaction reagent, sequencer and
so ftware (algorithm and database) not secured
— lack o f mutual compatibility o f the system (extraction reagent, reaction reagent, sequencer and
so ftware (algorithm and database)
— insu fficient validation o f examination methods (e.g., not including samples representing mutations/
variations or organisms that may be encountered in patient samples, not fully optimized assays
or assay components such as primers, oligo’s, or nucleic acid sequences, insu fficient homology
search, etc.);
— carryover contamination by post-amplification PCR products;

ISO 22367:2020(E)
— ne ar-neighb or i nter ference s on mu ltiplex a s s ays;
— i n s u ffic ient qua l ity control prac tice s s uch as no t i nclud i ng ade quate and appropriate control
s a mple s .

— i nappropri ate re s u lt rep or ti ng , s uch a s i mprop er mutation nomencl atu re , i nappropri ate de s crip tion
o f mutation s or va ria nts that were te s t for a nd identi fie d;
— fai lure to u s e up date d a nd op ti m i z e d s o ftwa re with relevant d atab a s e, or thei r trace abi l ity;
— rep or ti ng “i ncidenta l/s e conda r y fi nd i ngs ” without s u ffic ient va l idation o f te s t re s u lt;
— m i s i nter pre tation o f te s t re s u lts;
— no t i nclud i ng i n formation on p er formance ch arac teri s tics a nd l i m itation s on te s t rep or ts;
— m i s i nter pre tation o f rep or ts by cl i n ici an s due to p o or rep or t clarity;
— rele as e o f i ncorre c t p atient re s u lts;
— del aye d rep or ti ng o f exa m i nation re s u lts .
F.7 Nonconformities associated with chemistry, haematology or

haemostaseology laboratory

— i nade quate flu s h i ng o f i ntravenou s l i ne s b e fore s a mple col le c tion;
— do s i ng and/or col le c t ti me s a re no t acc u rate i n therap eutic d r ug monitori ng;
— i ncorre c tly fi l le d co agu lation tub e s;
— fai lure to de te c t u s e o f expi re d col le c tion tub e s .

— i mprop er c a l ibration;
— u ne xp e c te d sh i ft i n p atient re s u lts no t identi fie d by qua l ity control materi a l;
— u n re co gn i z e d ana lytic a l va riation for me a s urand de term i nation s p er forme d on more tha n one
i n s tr ument;
— s p e c i men c arr yover c aus i ng s pu riou s change s i n s ub s e quent re s u lt;
— me tho d l i ne arity exce e d i ng without evidence o f ana lytic error (i . e . , i m mu no a s s ay h igh do s e ho ok
e ffe c t) ;
— a mbient ai r conta m i nation o f blo o d gas s ample s (no te: th i s may o cc u r i n s a mple col le c tion or du ri ng
a na lys i s) ;
— u n re co gn i z e d s ample problem s in co agu lation ( h igh hemato crit, clo ts , use o f i ncorre c t c itrate
a ntico agu lant concentration, pl atele t level to o h igh i n pl as ma) ;
— i ncorre c t i nternationa l s en s itivity i ndex for convers ion o f pro th rombi n ti me to i nternationa l
norma l i z e d ratio;
— hep ari n therap eutic range mon itori ng b y ac tivate d p ar tia l th romb op las ti n no t corre c te d for lo t
change s;

ISO 22367:2020(E)
— i ncorre c t ge ome tric me an i n co agu lation te s ti ng;
— i ncorre c t re ference ra nge for c u rrent pro th rombi n and ac tivate d p ar ti a l th romb opla s ti n ti me lo ts;
— s u rrep titiou s elevation o f platele t count b y re d cel l fragments .

— c ritic a l va lue no t com mu n ic ate d to c a re giver.
F.8 Noncon formities associated with the pre-analytical phase

F.8.1 Pre-laboratory receipt phase (generally the responsibility o f the healthcare
provider)
— i ncomple te or i ncorre c t p atient identi fic ation;
— i ncomple te or i ncorre c t cl i n ic a l i n formation provide d;
— i ncorre c t s ample col le c tion e . g. , pre s er vative;
— p o orly made c ytolo gic a l s me a rs;
— i ncorre c t or i ncomple te s p e c i men identi fic ation;
— ab s ent or errone ou s marki ng o f margi n s or orientation identi fiers;
— m i s match i ng o f s p e c i men, s p e c i men contai ner a nd re que s t form, i . e . s p e ci men i n wrongly lab ele d
contai ners , th i s cou ld o cc u r when contai ners are pre -lab ele d;
— i ncorre c t tran s p or t o f s p e c i men s to lab orator y.
F.8.2 Post-laboratory receipt phase – specimen accessioning

I n itia l re ceip t and acce s s ion i ng i nto the me d ic a l l ab orator y i s a c ritic a l a re a o f ri s k. S hou ld there b e a
s p e c i men m i x-up or i ncorre c t data entr y at th i s s tage a ny future pro ce s s e s comprom i s e d . To a l leviate
the ri s ks s ome o f the fol lowi ng cou ld b e con s idere d .
— ade quate che cki ng o f s p e ci men a nd re que s t to en s u re no m i s match; two i ndep endent che cks to
en s u re s p e c i men and re que s t form match , i nclud i ng re conci l i ation b e twe en re gi s tration and
acce s s ion nu mb er;
— any lab el i ng d i s c rep anc ie s a re re corde d and fol lowe d th roughout the te s t c ycle with fu l l aud it trai l
and the i s s ue s identi fie d on fi na l rep or t, i nclud i ng s p e c i men i n formation s uch as wrong s ite a s wel l
a s p atient i n formation;
— pro ce du re s for m i n i mu m lab el i ng re qui rements a re do c u mente d and a l l s p e ci men s a re che cke d
aga i n s t the s e m i n i mum re qu i rements;
— s p e ci men s no t me e ti ng m i n i mu m l ab el i ng re qu i rements are re corde d i n L ab orator y i n formation
s ys ts m (LI S ) and rep or te d i n fi na l rep or t;
— i nade quately/u n lab ele d s p e ci men s may b e re -lab ele d i n lab orator y for trace abi l ity but origi na l
lab el i s re tai ne d;
— s p e ci men s on s a me ti s s ue typ e s a re no t s e quentia l ly nu mb ere d wherever p o s s ible;
— one s p e c i men at a ti me i s pro ce s s e d to m i n i m i ze ri s k o f s p e c i men m i x up .

ISO 22367:2020(E)
F.8.3 Post-laboratory receipt phase – data entry

— fai lure i n s c an n i ng o f re que s t form l i n ke d to data entr y pro fi le;
— fai lure i n data entr y ta ken d i re c tly from re que s t form;
— a ny d i s crep ancie s b e twe en re que s t form and s ample re corde d in L ab orator y i n formation a nd
ma nagement s ys tem (LI M S ) ;
— fai lure i n double s tage data entr y o f c ritic a l i n formation wherever p o s s ible;
— fai lure i n regu lar aud it o f data entr y pro ce s s e s;
— fai lure i n l i n ki ng s p e c i men s and re que s t form s to en s u re gro s s c ut-up no te s re corde d corre c tly.
F.9 Nonconformities associated with information technology

— fai lure or corr up tion o f data tra n s fer;
— s e c u rity comprom i s e (i . e . , fa i lu re to lo g o ff a term i na l , p a s s word comprom i s e, datab a s e s e c u rity
bre ach [ma lwa re] , i n s e c u re data tran s fer outs ide a pro te c te d ne twork s uch as b y ema i l) ;
— fai lure o f data ha rdware or s o ftwa re (d i s k d rive fa i lu re, s o ftwa re appl ic ation fa i lu re [c ras h] ,
ran s omware) ;
— fai lure s due to bre ache s i n c yb ers e c urity;
— fai lure s o f d igita l s o ftware appl ic ation i n “s mar t” p oi nt o f c a re device s .

ISO 22367:2020(E)
Annex G
(informative)
Risk analysis tools and techniques
G.1 General
This annex provides an introduction to some techniques for risk analysis. These techniques can be
complementary and it might be necessary to use more than one o f them. The basic principle is that the
sequence o f events is analyzed step by step. In depth sources should be used to guide the application o f
these tools to a specific instance.
Preliminary Hazard Analysis (PHA) is a technique that can be used early in the development process o f
a new examination procedure or laboratory service, implementation o f a new IVD device, or evaluation
o f a significant change in a process to identi fy the hazards, hazardous situations, and events that can
cause harm when few o f the details o f the design o f the examination procedure are known.
Fault Tree Analysis (FTA) is especially use ful early in the development stages for the identification and
prioritization o f hazards and hazardous situations, as well as during the monitoring stage for analysing
adverse events.
Failure Mode and E ffects Analysis (FMEA) is a technique by which e ffects or consequences o f individual
failure modes (e.g., hazards) are systematically identified and addressed. It is more appropriate for a
mature system, process or application, when the failure modes are known.
Process mapping is a technique by which a process is broken down into the individual steps for analysis.
It is used together with FMEA to per form a process FMEA, which can be especially use ful for laboratory
examination processes including the pre-examination and post-examination aspects.
G.2 Preliminary Hazard Analysis (PHA)

PHA is an inductive method o f analysis with the objective o f identi fying the hazards, hazardous
situations and events that can cause harm for a given activity, facility or system. It is most commonly
carried out early in the development o f a project when there is little in formation on design details or
operating procedures and can o ften be a precursor to further studies. It can be use ful when evaluating
existing systems or prioritizing hazards where circumstances prevent a more extensive technique
from being used.
In a PHA, one formulates a list o f hazards and generic hazardous situations by considering characteristics
such as:
— materials used or produced and their reactivity;
— equipment used;
— operating environment;
— layout;
— inter faces among system components.
The method is completed with the identification o f the probabilities that the accident happens, the
qualitative evaluation o f the extent o f possible injury or damage to health that could result, and the
identification o f possible remedial measures. The results obtained can be presented in di fferent ways
such as tables and trees.

ISO 22367:2020(E)
See IEC/ISO 31010:2009 [14] for more in formation on per forming a PHA.
G.3 Fault Tree Analysis (FTA)

FTA is primarily a means o f analysing hazards identified by other techniques and starts from a
postulated undesired consequence, also called a “top event.” In a deductive manner, starting with a top
event (e.g., hazardous situation), the possible causes or fault modes o f the next lower functional system
level causing the undesired consequence are identified. In itsel f, FTA is a failure reduction tool, which
can help reduce the likelihood that a hazardous situation (the top event) will occur. This tool is use ful
for risk control (5.1 ).
Following stepwise identification o f undesirable system operation to successively lower system levels
will lead to the desired system level, which is usually either the component fault mode or the lowest
level at which risk control measures can be applied. This will reveal the combinations most likely to
lead to the postulated consequence.
FTA results are represented pictorially in the form o f a tree o f fault modes. At each level in the tree,
combinations o f fault modes are described with logical operators (AND, OR, etc.). The fault modes
identified in the tree can be events that are associated with hardware faults, human errors, or any other
pertinent event, which leads to the undesired event. They are not limited to the single- fault condition.
FTA allows a systematic approach, which, at the same time, is su fficiently flexible to allow assessment
o f a variety o f factors, including human interactions. FTA is used in risk analysis as a tool to provide
an estimate o f fault probabilities and to identi fy single fault and common mode faults that result in
hazardous situations. The pictorial representation leads to an easy understanding o f the system
behaviour and the factors included, but, as the trees become large, processing o f fault trees can require
specialized computer programs, which are readily available.
See IEC 61025:2006 for more in formation on per forming FTA.
G.4 Failure Mode and Effects Analysis (FMEA)

Failure modes and e ffects analysis (FMEA) is a technique used to identi fy the ways in which
components, systems or processes can fail to fulfil their design intent, and to systematically evaluate
the consequences o f each failure mode. FMEA is a technique that answers the question, “What happens
i f ... fails?”.
The main applications o f FMEA for medical laboratories are: Design FMEA, which can be used during
the development o f new assays (examinations); System FMEA, which is used for analytical systems
comprising multiple components; Process FMEA, which is used for examination processes; and
Application FMEA, which is used to prevent use errors with examination procedures and IVD medical
devices.
The design o f an examination procedure, the steps o f a laboratory process, or the actions o f an operator
can be evaluated in a formal manner, generally looking at a single- fault condition. This is done in a
“bottom-up” mode, i.e., following the procedure to the next higher functional system level. Failure
Mode, E ffects and Criticality Analysis (FMECA) extends an FMEA so that each fault mode identified is
ranked according to its importance or criticality.
FMEA identifies:
— potential failure modes o f the various parts o f a system (a failure mode is what is observed to fail or
to per form incorrectly);
— the e ffects these failures may have on the system;
— the mechanisms o f failure;
— how to avoid the failures, and/or mitigate the e ffects o f the failures on the system.

ISO 22367:2020(E)
In order to use FMEA to support risk management, the examination, system or process should be known
in some detail.
Note that in conventional FMEA, the probability estimate represents the probability that the cause o f
the failure will occur, not the probability o f the failure mode. It is assumed that the immediate and long-
term consequences o f the failure will occur.
Detectability may be considered only i f three conditions are met. The operator or user needs to:
— know what to do and how;
— have enough time to react; and
— be expected to take the correct action.
FMEA can also be a use ful technique to deal with use error. Disadvantages o f this technique can
arise from di fficulties in dealing with redundancies and the incorporation o f repair or preventive
maintenance actions, as well as its restriction on single- fault conditions.
See IEC 60812:2006 for more in formation on the procedures for per forming FMEA.
G.5 Process FMEA

FMEA is particularly use ful when deciding whether to introduce a new process within the laboratory.
While it is not possible to anticipate every failure mode, a team o f laboratory participants can formulate
as extensive a list o f potential failure modes.
The approach begins by creating a diagram or flowchart o f the process, indicating the major process
steps. This diagram shows the logical relationships o f components and establishes a structure around
which the FMEA can be developed.
Then, possible failure modes are evaluated (o ften by brainstorming in a team format). These failure
modes are identified as the manner in which the process could fail, and described in a way that allows
the team to determine what the e ffects o f the failure will be.
The potential e ffects o f each failure mode are then identified and listed. The e ffects can be ‘local e ffects’
(the immediate consequence o f the failure, such as the impact on the process), the ‘end e ffects’ (the
ultimate consequence o f the failure, such as the impact on the patient or laboratory worker), as well as
‘next e ffects’ (consequences in between local and end e ffects).
A severity value is assigned to each failure mode based on an evaluation o f the identified potential
e ffect(s). A severity scale, such as with 1 = minor and 10 = major may be used. In addition, an occurrence
value, rating the likelihood that this failure mode will actually happen, is also assigned.
The potential causes o f each failure mode are then listed, together with the likelihood that this may
happen.
It is important to note that the occurrence rate re fers to the likelihood that the cause o f the failure will
occur, not the likelihood o f the consequences or even the likelihood o f the failure. In conventional FMEA
methodology, unlike in risk analysis, i f the failure cause occurs it is presumed that all downstream
events will occur.
Any action or step that is in place to decrease the likelihood o f a given failure is identified as a current
control. A scale can be used to rate the likelihood that these controls would detect the identified failure
cause in time to prevent the failure from occurring. For example, using a scale o f 1 to 10, a rating o f
1 means the control would be almost certain to prevent the failure, and a rating o f 10 means it is not
likely to detect the cause in time.

ISO 2 2 3 67: 2 02 0(E)
The Severity, Occurrence and Detection scores are summarized in column 9 from Table G.1 as a “Risk
Priority Number” (RPN), which is calculated by multiplying the three individual values. The FMEA
methodology uses the RPN as a numerical index to prioritize the significance o f the failures, based on
— the frequency o f occurrence o f the failure (actually the failure cause),
— the severity o f the potential consequences, and
— the ability to detect the failures in time to prevent those consequences.
The use o f RPN illustrates two other di fferences between FMEA and risk analysis. In FMEA, detection
o f the failure is identified a separate factor, whereas in risk analysis detectability o f the hazard is
included in the probability estimate. FMEA also multiplies the rankings from the severity, occurrence
and detection scales, which is not mathematically valid because the ranks are ordinal numbers.
Nevertheless, FMEA methodology can be a use ful reliability tool to drive reduction o f failure rates.
As a general rule, preventive action should be considered for any RPN >100 when severity, frequency o f
occurrence and controls are evaluated using a 1-10 scale for each.
A fter implementation o f the proposed new process, unanticipated failure modes might appear. The
FMEA should be updated to include these new failure modes and using the RPN as a guide, the team may
need to identi fy new actions to reduce the severity, occurrence and/or detection to an acceptable level.
An example is shown in Table G.1 for specimen mislabeling, as stated in Column 1, Two potential failure
modes are identified in Column 2: Failure to check armband and missing armband. The potential
e ffects for both failure modes are the same, that being incorrect patient identification on the specimen.
There fore, the severity o f both modes is the same, and is felt to be severe.
However, the likelihood o f occurrence o f each mode is di fferent: Investigation shows that forgetting
to check the armband as a cause o f this failure mode rarely i f ever occurs, so its occurrence is rated
as 1 (unlikely). On the other hand, computer issues result in the admission o f some patients without
armbands, with an assessed occurrence o f 3.
There is no control for not checking the armband, so it cannot be detected i f it occurs (rating o f 10),
whereas a patient without an armband could still be asked for a name. As a control for a missing
armband, this is felt to be relatively inadequate, since 80% o f patients without armbands are trauma
patients who cannot give their names, giving a detection rating o f 8.
The risk priority number for not checking the armband is 100 (10 × 1 × 10), which is under the threshold
for action. The situation with a missing armband has a risk priority number o f 240 (10 × 3 × 8), so three
recommended actions are listed. Each action is also rated for severity, occurrence and control, with
resultant risk priority numbers; all three actions now are evaluated as having risk priority numbers
below the threshold for action and the analysis stops at this point.

ISO 22367:2020(E)
Table G.1 — FMEA Table

Action results
Risk Se- Oc- De- Risk
Potential Se- Potential De- pri-
Occur- Current tec- ver- cur- tec- pri-
Process func- Potential failure effects of ver- causes o f ority
rence controls tion num- Recommended ity rence tion ority
tion (1) mode (2) ailure (3) ity failure (5) (6) (7) (8) ber action (10) (11) (12) (13) num-
f
(4) ber
(9) (14)
Specimen Phlebotomist Sample 10 Forgets 1 None 10 100 None
labelling does not check labelled with
armband incorrect
name
Patient armband Sample 10 Computer 3 Ask 8 240 Resolve admitting 10 1 8 80
missing labelled with
issues in patient issue
incorrect admitting
their New policy: no 10 3 1 30
name name
armband, no
phlebotomy
Resolve admitting 10 1 1 10
issue AND new
armband policy

ISO 22367:2020(E)
Annex H
(informative)
Risk analysis of foreseeable user actions
H.1 Categories of user action

Adapted from IEC 62366-1:2015
For the purposes o f this standard, user actions or inactions can be broadly categorized into actions that
are foreseeable and those that are not foreseeable. Clearly, those user actions or inactions that are not
foreseeable cannot be dealt with by this or any other standard. This document describes a process that
deals with those user actions or inactions that can be foreseen. These foreseeable events can be further
subdivided between intended and unintended user actions or inactions (see Figure H.1).
In Figure H.1, intended user actions or inactions that fall within normal use can be a response that is
intended by established processes and expected by the user, i.e. “correct use.” Alternately, the intended
action or inaction could result in a mistake or could result from conduct that deviates from established
processes, i.e., “abnormal use.” This does not necessarily mean that abnormal use results in a poor
outcome for the patient. O ften the clinical judgement o f the user indicates that such use is in the best
interest o f the patient.
For the purposes o f this standard, unintended actions or inactions are always classified as slips or
lapses, which are all considered forms o f use error. In the usability/human factors engineering process,
it is help ful to di fferentiate between these categories while determining the root-cause o f a particular
use error to help ascertain which errors can be mitigated by design.
Slips and lapses are errors that result from some failure in the execution and/or storage stage o f an
action sequence, regardless o f whether or not the plan that guided them was adequate to achieve its
objective. Whereas slips are potentially observable as externalized actions not as planned (slips o f the
tongue, slips o f the pen, slips o f action), the term lapse is generally reserved for more covert error forms,
largely involving failures o f memory, that do not necessarily mani fest themselves in actual behaviour
and can only be apparent to the person who experiences them.
Mistakes can be defined as deficiencies or failures in the judgmental and/or in ferential processes
involved in the selection o f an objective, whether or not the actions directed by this decision-scheme
are according to plan (adapted from Re ference [28]).

ISO 22367:2020(E)
Figure H.1 — Categories of foreseeable user action
NO TE 1 I n th i s fig u re , a n ac tio n c a n re s u lt from a u s er:
— cho o s i n g to do s ome th i ng; o r
— fa i l i ng to do s ome th i ng.
NO T E 2 Nes cient i s u s ed i n the context o f a lack o f awarene s s o f the advers e con s e quences o f a ski l l-b as e d ac tion .
H.2 Examples of use errors, abnormal use and possible causes

T he fol lowi ng u s e errors and abnorma l u s e example s are b a s e d on advers e event rep or ts col le c te d b y
. T he s e e xample s a re ab breviate d de s crip tion s o f the ac tua l events

[2 4]
s evera l re gu l ator y authoritie s
and have b e en mo d i fie d to h igh l ight the d i s ti nc tion b e twe en abnorma l u s e and u s e error. T he advers e
events were clas s i fie d as i nd ic ate d fol lowi ng eva luation o f the error agai n s t the i ntende d ac tion .

ISO 22367:2020(E)
It is recognized that di fferentiating use error from abnormal use is not always an easy task and so
o ften requires care ful investigation, analysis, and documentation. A care ful investigation might include
trending and root cause analysis as techniques to classi fy events.
H.2.1 Examples of use errors
The following are brie f descriptions based on actual events that were determined at the time to be
examples o f use errors.
— User con fuses two buttons and presses the wrong button;
— User misinterprets the icon and selects the wrong function;
— User enters incorrect sequence and fails to initiate operation o f a device;
— User fails to detect a dangerous increase in pressure because the alarm limit is mistakenly set too
high and user is over-reliant on alarm system;
— User partially disconnects a plug when walking over an unprotected cable;
— User cleans a centri fugal pump with alcohol, although it is made from material that is incompatible
with alcohol. It is reasonably foreseeable that alcohol might be used to clean the pump, since alcohol
is readily available in the laboratory and no clear and prominent warning is provided;
— Unintentional use o f pipette out o f its calibration range;
— Analyzer placed in direct sunlight causing higher reaction temperature than specified;
— User uses a well-intentioned shortcut on procedure or pre-use checklist, etc., thereby omitting
important steps. It is not obvious that the shortcut is hazardous;
— User unintentionally omits an important step in an excessively lengthy or complicated procedure or
pre-use checklist.
H.2.2 Examples of abnormal use
The laboratory is responsible for applying all reasonable means o f risk control. These can include
in formation for sa fety, which is one element in a hierarchal approach to risk control. Following the
process in ISO 14971, the laboratory uses one or more o f the following in the priority listed:
a) Inherent sa fety by design;
b) Protective measures in the examination procedure or the IVD medical device;
c) In formation for sa fety, e.g., warnings in the instructions for use, display o f a monitored variable,
training and materials for training, maintenance details.
I f, despite having been provided with validated in formation for sa fety, the user acts contrary to such
in formation for sa fety, the incorrect use can be classified as abnormal use.
The following are brie f descriptions o f complaint reports taken from a Global Harmonization Task
Force (GHTF) paper on reporting o f use errors. [24] These examples are based on actual events that were
determined at the time to be examples o f abnormal use. In each case, it was determined that the relevant
risks had been addressed using reasonable means o f risk control. These included proper design, proper
training, in formation for sa fety, and descriptions o f correct use as established by the laboratory. For IVD
medical devices, in formation supplied by the manu facturer will typically speci fy intended correct use.
— Deliberate violation o f a validated, simple pre-use sa fety checklist as specified in the accompanying
in formation supplied by the manu facturer.
— Use o f a method or an IVD medical device prior to completing installation, validation or verification.

ISO 2 2 3 67: 2 02 0(E)
— Continued use o f an IVD medical device beyond the prescribed maintenance interval as clearly
defined in the instructions for use because o f the laboratory’s failure to arrange for maintenance.
— The laboratory allowed an untrained user to use an IVD medical device leading to patient harm. The
device is working in accordance with its specifications.
— The use o f damaged equipment or supplies in spite o f clear evidence o f damage, causing an incorrect
result that led to a patient injury.
— Use o f an IVD instrument in violation o f manu facturer’s warnings; i.e.; de feating a sa fety interlock
or ignoring a calibration expiration message.
NOTE There is a di fference between well-intentioned and malevolent abnormal use. As the examples show,
abnormal use is o ften well-intentioned (i.e., the user accepts a certain risk for the expected benefit o f the patient).
This is distinct from the situation where the user did not appreciate the risk involved in their action/inaction
because the risk was not clearly indicated, where the event can be considered a use error.

ISO 22367:2020(E)
Annex I
(informative)
Methods of risk assessment, including estimation of probability
and severity of harm
I.1 General guidance

Various methods can be used to estimate risk. While this document does not require that a particular
method be used, it does require that risk estimation be carried out. Quantitative risk estimation is
pre ferable when suitable data are available; however, without suitable data, qualitative methods o f risk
estimation can su ffice.
The concept o f risk is the combination o f the following two components:
— the probability o f occurrence o f harm;
— the consequences o f that harm, i.e., how severe it might be.
Risk estimation should examine, for example:
— the initiating event or circumstance (see E.8);
— the sequence o f events that could lead to a hazardous situation occurring;
— the likelihood o f such a situation arising; the sequence o f events that could lead to harm;
— the likelihood that the hazardous situation leads to harm;
— the nature o f the harm that could result.
In some cases, only certain elements o f the risk estimation process need be considered. For example,
i f the harm is minimal or i f the probability cannot be estimated (see I.3 ), it will not be necessary to go
beyond an initial hazard and consequence analysis.
Risk should be expressed in terms that facilitate risk control decision making, for example, using harms
and probability scales and units that will mirror actual use. In order to analyze risks, their components,
i.e. probability and severity, should be analyzed separately.
Risk matrices based on the probability and severity o f harm will be used for ranking risks in examples
throughout this annex. I f a risk matrix is used, the particular risk matrix and the interpretation used
should be justified for that application.
I.2 Estimating the probability of harm

In situations where su fficient data are available, a quantitative categorization o f probability levels
should be used. However, a good qualitative description is pre ferable to an inaccurate quantitative
description. For a qualitative categorization o f probability levels, the laboratory can use descriptors
appropriate for the examination.
Although probability is in reality a continuum, in practice a discrete number o f levels can be used. The
laboratory decides how many probability levels are needed, based upon the expected confidence in
the estimates. At least three levels should be used to facilitate decision making. As confidence in the
estimated probabilities increases, a greater number o f probability levels can be considered. The levels
can be descriptive (e.g., not expected to occur, likely to occur a few times, likely to occur frequently,

ISO 22367:2020(E)
e tc .) . L ab oratorie s s hou ld defi ne the c ategorie s expl icitly s o that there wi l l b e no con fu s ion over what
i s me a nt. O ne appro ach i s to a s s ign a range o f non- overlappi ng nu meric a l va lue s to e ach o f the d i s c re te
level s (e . g. , Table I . 2 ) . I t i s j u s t an exa mple b e c au s e the i nd ic ate d fre quenc y wi l l b e s trongly i n fluence d
by the nu mb er o f e xam i nation s p er forme d .
For pro s p e c tive ri sk ana lys i s , prob abi l ity o f ha rm e s ti mate s shou ld encomp as s the ci rc u m s tance s and
enti re s e quence o f events from the o cc urrence o f the i n iti ati ng c au s e th rough to the o cc u rrence o f h arm .
I mpl icit i n the con s ideration o f the prob abi l ity o f ha rm i s the concep t o f e xp o s u re . T here fore, the
prob abi l ity o f harm s hou ld ta ke i nto con s ideration the level and/or ex tent o f exp o s u re . For exa mp le,
i f there i s no exp o s u re to a ha z ard, there c a n b e no ha z ardou s s ituation and no h arm c an re s u lt. I f
there i s gre ater exp o s u re to a ha z ard, the prob abi l ity o f a ha z ardou s s ituation wi l l i nc re a s e . T here fore,
the nu mb er o f e xam i nation p er forme d b y a l ab orator y wi l l i n fluence the l i kel i ho o d th at a h a z a rd (e . g. ,
i ncorre c t or delaye d re s u lt) wi l l o cc u r.
T he l i kel i ho o d th at a ha z ardou s s ituation wi l l le ad to harm i s i n fluence d by the e s ti mate d nu mb er o f
exam i nation s th at wi l l b e p er forme d b y the lab orator y.
C om mon appro ache s to e s ti mate prob abi l itie s i nclude:
— proj e c tion from relevant h i s toric a l data;
— pre d ic tion o f prob abi l itie s u s i ng a na lytic a l o r s i mu lation te ch n ique s;
— generation o f exp eri menta l data;
— rel iabi l ity e s ti mate s;
— lab orator y d ata;
— s u r vei l la nce i n formation;
— e xp er t j udgment.
T he s e appro ache s c an b e u s e d i nd ividua l ly or j oi ntly. Mu ltip le appro ache s c an b e u s e d to s er ve as
i ndep endent che cks on e ach o ther, a nd i ncre as e con fidence i n the re s u lts . C on fidence i s en h ance d
when a quantitative e s ti mate o f the prob abi l ity o f o cc urrence i s b as e d on acc urate and rel i able data .
O ther wi s e a re as onable qua l itative e s ti mate s hou ld b e made . I n s ome c a s e s , when s u ffic ient data a re
no t avai lab le, it m ight b e ne ce s s ar y to rely s olely on e xp er t j udgment.
E xample s of qua l itative a nd s em i- qua ntitative defi n ition s of prob abi l ity level s are given in
Tab le s I .1 and I.2 . T he de s c rip tion s a re i l lu s trative and the lab orator y shou ld ma ke the s e defi nition s
s p e c i fic a nd e xpl ic it to en s u re the level s are appropri ate and repro ducible for a given ri sk a s s e s s ment.
E xample s:
Table I.1 — Overall Probability of Harm Scale (Qualitative)

Level Term Description
L i kel y to o cc u r re gu l a rl y with the e xa m i n ation pro ce du re; e xp e c te d to b e
5 Fre quent
e xp er ience d co nti nuo u s l y i n the l ab o rato r y
L i kel y to o cc u r mu ltip le ti me s with the e xa m i n ation pro ce du re; e xp e c te d to

4 Re a s on ab l y L i kel y
b e e xp er ience d fre quentl y i n the l ab orator y
3 O cc a s ion a l
L i kel y to o cc u r s ome ti me s with the e xa m i n ation pro ce du re; e x p e c te d to b e
e xp er ience d s e vera l ti me s i n the l ab o rato r y
2 Remote Un l i kel y to o cc u r b ut p o s s ib le with the e xa m i n ation pro ce du re; e xp e c te d to
b e e xp er ience d on l y a few ti me s i n the l ab o rato r y
E x tremel y u n l i kel y to o cc u r with the e xa m i n ation p ro ce du re; e xp e c te d to b e

1 Un l i kel y
e xp er ience d on l y o nce or twice i n the l ab orator y

ISO 22367:2020(E)
T a b l e I . 2 — O ve r a l l P r o b a b i l i t y o f H a r m S c a l e ( S e m i - Q u a n t i t a t i ve)
Level Term Description

5 Fre quent E ach day
4 Re a s on ab l y L i kel y E ach we ek
3 O cc a s ion a l E ach mo nth
2 Remote E ach ye a r
1 Un l i kel y L e s s th a n once a ye a r
I.3 Estimating risks when the probability cannot be estimated

T he prob abi l itie s o f s ys tematic fau lts are d i ffic u lt to e s ti mate . When the acc urac y o f the prob abi l ity
e s ti mate i s i n doub t, it i s o ften ne ce s s ar y to e s tab l i s h a bro ad range for the prob abi l ity, or de term i ne
that it i s no wors e tha n s ome p ar tic u lar va lue . E xample s where prob abi l itie s are ver y d i ffic u lt to
e s ti mate i nclude:
— s o ftwa re fa i lu re;
— s ituation s i nvolvi ng s ab o tage or ta mp eri ng;
— novel, p o orly unders to o d ha z ard s , s uch a s the pre s ence o f a n u nexp e c te d i n fe c tiou s agent i n a
s p e c i men as the c au s ative agent o f B ovi ne Sp ongi form;
— cer tai n toxicolo gic a l ha z ard s , s uch as geno toxic c a rc i no gen s and s en s iti z i ng agents , where it m ight
no t b e p o s s ible to de term i ne a th re s hold o f exp o s u re b elow wh ich toxic e ffe c ts do no t o cc u r.
I n the ab s ence o f a ny data on the prob abi l ity o f o cc u rrence o f harm, it i s no t p o s s ible to e s ti mate the
ri sk, and it may b e ne ce s s ar y to eva luate the ri sk on the b a s i s o f the natu re a nd s everity o f the harm
a lone . I f it c an b e conclude d that the ha z ard i s o f l ittle prac tic a l con s e quence, the ri sk c an b e j udge d
to b e accep table and no ri s k control me a s u re s a re ne ce s s a r y. For s ign i fic ant h a z a rd s , however, wh ich
cou ld i n fl ic t h arm o f h igh s everity s uch as tho s e no te d ab ove, no level o f exp o s u re c an b e identi fie d that
wou ld corre s p ond to a ri sk s o low that it ca n b e ignore d . I n s uch c as e s , the ri s k e s ti mate s hou ld b e made
on the b a s i s o f a re as onable wors t- c a s e e s ti mate o f prob abi l ity. I n s ome i n s tance s , it i s convenient to s e t
th i s de fau lt va lue o f the prob abi l ity to one a nd to b as e ri s k control me as u re s on preventi ng the ha z ard
enti rely, re duci ng the prob abi l ity o f harm to an accep table level or i n re duc i ng the s everity o f the ha rm .
I.4 Estimating the severity of harm

To c ategori ze the s everity o f the p o tentia l h arm, the lab orator y shou ld u s e de s c rip tors appropriate for
the exam i nation or l ab orator y s er vice . S everity i s , i n re a l ity, a conti nuu m; however, i n prac tice, the u s e
o f a d i s cre te nu mb er o f s everity level s s i mpl i fie s the ana lys i s . I n s uch c a s e s , the lab orator y de cide s how
many c ate gorie s a re ne e de d and how they a re to b e defi ne d . T he level s c a n b e de s crip tive, a s i n the
exa mple s i n Table I . 3 . I n a ny c as e, s everity level s s hou ld no t i nclude any element o f prob abi l ity.
S everity level s s hou ld b e cho s en a nd j u s ti fie d b y the lab orator y for a p ar tic u lar e xam i nation under
cle arly defi ne d cond ition s o f u s e . L ab oratorie s s hou ld ma ke the s e defi n ition s are s p e c i fic and expl icit to
ensure their use will be reproducible.

ISO 22367:2020(E)
Example:
Table I.3 — Severity of Harm Scale (Qualitative)
Score Category Description
5 Critical Li fe-threatening injury/death
4 Serious Permanent (irreversible) bodily damage or impairment
3 Significant Non-permanent bodily damage or impairment; reversible with medical interven-
tion
2 Marginal Temporary bodily damage or impairment; reversible with no medical intervention
1 Negligible Temporary discom fort or inconsequential injury
I.5 Estimating the risk of harm

A typical approach to estimating risk is to create an N-by-M matrix to classi fy the probabilities and
severities o f the potential harm associated with each hazardous situation. The matrix represents a full
set o f the possible risks.
In this approach, the N levels o f probability and M levels o f severity are clearly defined, as in the
preceding examples in Tables I.1, I.2 and I.3 . Thus, each cell o f the matrix will represent a defined subset
o f the full set o f possible risks.
A simple example is the following 5 × 5 matrix based upon the definitions in Tables I.1 and I.2 and I.3.
Laboratories should make these definitions as specific and explicit as needed to ensure their use will
be reproducible. The actual zones will be established based on the risk acceptability criteria defined
according to 6.1 .
Table I.4 — Risk matrix with two zones
Overall probability of harm
Unlikely Remote Occasional (3) Likely Frequent
(1) (2) (4) (5)
Critical (5)
Serious (4)
Severity o f Significant (3)
harm
Marginal (2)
Negligible (1)
Key
Green = broadly acceptable risk
Red = unacceptable risk

ISO 22367:2020(E)
Table I.5 — Risk matrix with three zones

Overall probability of harm
Unlikely Remote Occasional (3) Likely Frequent
(1) (2) (4) (5)
Critical (5)
Serious (4)
Severity o f Significant (3)
harm
Marginal (2)
Negligible (1)
Key
Green = broadly acceptable risk
Yellow = acceptable risk i f risk is reduced as far as reasonably possible
Red = unacceptable risk
I.6 Examples
I.6.1 Risk assessment example
The following table summarizes the results o f a risk assessment o f noncon formities associated with
delayed or errant patient reporting. The decisions are based on the risk acceptability criteria shown in
the Risk Chart in Table I.5 .
Table I.6 — Risk assessment of nonconformities associated with delayed or errant patient
reporting
Nonconformity Probability Severity Risk
Wrong patient identification Occasional (3) Critical (5) Unacceptable
Wrong test result Occasional (3) Critical (5) Unacceptable
Report delayed (stat) Likely (4) Marginal (2) Acceptable with risk reduction
Report delayed (24 hours) Likely (4) Marginal (2) Acceptable with risk reduction
Report lost Occasional (3) Marginal (2) Acceptable with risk reduction
Sent to wrong primary clinician Remote (2) Marginal (2) Acceptable
Sent to wrong clinician (copy) Remote (2) Negligible (1) Acceptable
I.6.2 Corrective or preventive action decisions

The following table summarizes the corrective or preventive action decisions based on risk acceptability
criteria shown in the Risk Chart in Table I.5 .
Table I.7 — Risk reduction decisions
Sample collected Sample collected Sample transport Sample transport
Nonconformity from wrong patient with incorrect incorrect method delayed or late
technique
Preventive or cor - Implement double Implement compe- Implement compe- Transport tracking
rective action identification check tency assessment tency assessment
check check
Severity Critical Critical Marginal Marginal
Occurrence
Frequent Prevent Prevent Prevent Prevent
Likely Prevent Prevent Prevent Prevent

ISO 22367:2020(E)
Table I.7 (continued)

Sample collected Sample collected Sample transport Sample transport
Nonconformity from wrong patient with incorrect incorrect method delayed or late
technique
O cca s ion a l P revent P re vent M e d iu m P re vent
Remote P revent M e d iu m M e d iu m M o n itor
Un l i kel y M e d iu m M e d iu m Low Low

ISO 22367:2020(E)
Annex J
(informative)
Overall residual risk evaluation and risk management review
The following guidance is adapted from ISO 14971:2019, and ISO/TR 24971:2019.
J.1 Overview
Overall residual risk evaluation is the point where residual risk is viewed from a broad perspective.
A fter the assessment o f every identified hazardous situation, the laboratory then considers the
combined impact o f the individual residual risks, and decides whether the overall residual risk meets or
exceeds the criteria for residual risk acceptability.
This step is particularly important for complex examination procedures or laboratory services or
those with a large number o f individual risks. The evaluation can be used to determine whether the
examination procedure or laboratory service is sa fe.
The determination o f overall residual risk can be a di fficult and challenging task that cannot be achieved
simply by the numerical addition o f all individual risks, because the risks are based on di fferent
probabilities and severities o f harm. This di fficulty also arises for the following reasons:
— Confidence in the probability estimates can vary considerably. Some probabilities are known
precisely either from history with similar examinations or services, or from testing. Probabilities
are generally imprecise estimates, and may not be known at all, such as the probability o f harm
resulting from a so ftware failure. Further, it is usually not possible to combine the severities o f
individual harms within the broad categories typically encountered in risk analysis.
— The acceptability criteria for individual risks need to be the same as the criteria for overall risk
acceptability. The criteria used to evaluate individual risks are usually based on the probability o f
occurrence o f particular severities o f harm.
The laboratory needs to decide how to evaluate the remaining residual risk with respect to the
acceptability criteria. There is no pre ferred method for evaluating overall residual risk and the
laboratory is responsible for determining an appropriate method. Some general approaches for
evaluating overall residual risk, along with considerations a ffecting their selection, are given
below. Both the criteria and the methods associated with applying them should be stated in the risk
management plan. This guidance is intended to help in establishing such criteria and methods.
Overall residual risk evaluation needs to be per formed by persons with the knowledge, experience,
and authority to per form such tasks. It is o ften desirable to involve specialists with knowledge o f and
experience with the particular examination procedure or laboratory service (see 4.3 ).
Ultimately, the evaluation o f overall residual risk has to be based on clinical judgment. The results o f the
overall residual risk evaluation and the rationale for the acceptance o f the overall residual risk should
be documented in the risk management file.
J.2 Overall residual risk evaluation

The overall residual risk can only be assessed a fter all risk control measures have been implemented
and verified. This means that all identified hazardous situations have been evaluated and that all risks
have been reduced to an acceptable level or have been accepted based upon a risk/benefit analysis.
Examples o f inputs, acceptability criteria and methods for per forming the overall residual risk
evaluation are presented below.

ISO 2 2 3 67: 2 02 0(E)
The laboratory can compare the examination procedure or laboratory service under review to similar
examination procedures or laboratory services already in use. The collated individual residual risks
can be compared against the risks for similar examination procedures or laboratory services, e.g., risk
by risk taking account o f di fferent contexts o f use. Care should be taken in such comparisons to use
up-to-date in formation on adverse events for the examination procedures or laboratory services. In
order for the laboratory to make well considered conclusions about the overall residual risk in relation
to the medical benefits, up-to-date in formation on intended use and associated adverse events o f
similar examination procedures or laboratory services should be reviewed, as well as in formation
from scientific literature, including in formation about clinical experience. The key question is whether
the examination procedure or laboratory service under review o ffers the same or better sa fety as an
examination procedure or laboratory service that can be considered to have an acceptable overall
residual risk.
a) The laboratory can also use outside experts to provide input on overall residual risk in relation
to the medical benefits o f the examination procedure or laboratory service under review. These
experts can come from a variety o f disciplines, including those with clinical experience and those
who have experience with similar examination procedures or laboratory services. They can
help the laboratory to take into account stakeholder concerns. An assessment o f the benefits to
the patient associated with the use o f the examination procedures or laboratory services can be
per formed in order to demonstrate acceptability o f the overall residual risk. One approach could
be to get a fresh view o f the overall residual risk by using laboratory specialists that were not
directly involved in the development o f the examination procedure or laboratory service under
review. The laboratory specialists would evaluate the acceptability o f the overall residual risk,
considering aspects such as usability in a representative medical laboratory environment. Then,
the laboratory specialists would evaluate the examination procedure or laboratory service in the
medical laboratory environment to confirm the acceptability.
b) Even though all individual risks should have been identified and accepted prior to evaluation o f
the overall residual risk, some risks could need further analysis. For example, there could be many
risks that are close to being not acceptable. Hence, the overall residual risk acceptability could be
suspect and a further investigation can be appropriate for the examination procedure or laboratory
service and the associated risk management file. Another example can be that there are risks that
are interdependent with respect to either their causes or the risk control measures applied. Risk
control measures should be verified for e fficiency, not only individually but also in combination
with other risk control measures. This can also be true for risk control measures that are designed
to counter multiple risks simultaneously. A Fault Tree or Event Tree Analysis can be a use ful tool to
demonstrate such connections between the risks and risk control measures used.
c) Other considerations for overall residual risk evaluation include the following:
— The results o f usability evaluation or clinical experience during design validation testing can
provide use ful in formation.
— Visual representations o f the residual risks can be use ful. Each individual residual risk can be
shown in a risk matrix, giving a graphic view o f the distribution o f the risks. I f many o f the risks
are in the higher severity regions or in the higher probability regions o f the risk matrix, or it
clusters o f risks are borderline, then the distribution o f the risks can indicate that the overall
residual risk may not be acceptable, even i f each individual risk has been judged acceptable.
— During overall residual risk evaluation, all individual risk/benefit analyzes should be taken into
account.
— When there have been trade-o ffs between risks in the risk analysis, this might be indicative
that the overall residual risk should be analyzed more care fully. These are instances where one
risk might have been allowed to increase somewhat in order that another risk could be reduced.
For example, the risk to one person (the user) is allowed to increase so that the risk to another
(the patient) can be reduced. This is called risk parallax. The evaluation can take the form o f
reviewing related major risks, describing why the trade-o ff balance is practical, and explaining
why the combined risk level o f the risks in the trade-o ff decision is acceptable.

ISO 22367:2020(E)
Annex K
(informative)
C o n d u c ti n g a b e n e fi t- r i s k a n a l ys i s
The following guidance is adapted from ISO 14971:2019, ISO/TR 24971:2019 and MEDDEV 2.7/1.
K.1 General
A benefit-risk analysis is used to justi fy a risk once all reasonably feasible measures to reduce the risk
have been applied. I f, a fter applying these measures, the risk is still not judged acceptable, a benefit-
risk analysis is needed to establish whether the examination results or laboratory service is likely to
provide more benefit than harm.
Generally, i f the risk control measures are insu fficient to satis fy the risk acceptability criteria, the
service, IVD device or examination should be abandoned. In some instances, however, greater risks
can be justified, i f they are outweighed by the expected benefits o f examination results or laboratory
service. This document allows laboratories an opportunity to per form a risk/benefit analysis to
determine whether the residual risk can be accepted because o f the benefits.
The decision as to whether risks are outweighed by benefits is essentially a matter o f judgment by
experienced and knowledgeable individuals. An important consideration in the acceptability o f a
residual risk is whether an anticipated clinical benefit can be achieved through the use o f alternative
options that avoid a particular risk or reduce the overall risk. The feasibility o f further risk reduction
should be taken into account be fore considering the benefits. This document explains how risks can
be characterized so that a risk estimate can be determined with confidence. There is no standardized
approach for estimating benefits.
K. 2 B e n e fi t e s ti m a ti o n
The benefit arising from laboratory examination results or services is related to the likelihood and
extent o f improvement o f health expected from their clinical use. Benefits can be estimated from
knowledge o f such things as:
— Use o f the examination results (including point o f care) by clinicians;
— The patient outcome expected from use o f the examination results;
— Factors relevant to the risks and benefits o f other diagnostic options.
Confidence in the benefit estimate is strongly dependent on the reliability o f evidence addressing these
factors. This includes recognition that there is likely to be a range o f possible outcomes and factors such
as the following that need to be taken into account.
— It will be di fficult to compare di fferent outcomes, e.g., which is worse, pain or loss o f mobility?
Di fferent outcomes can result from the side e ffects being very di fferent from the initial problem.
— It is di fficult to take account o f non-stable outcomes. These can arise both from the recovery time
and long-term e ffects.
Because o f the di fficulties in a rigorous approach, it is generally necessary to make simpli fying
assumptions. There fore, it will usually prove expedient to focus on the most likely outcomes for each
option and those that are the most favorable or un favorable.

ISO 2 2 3 67: 2 02 0(E)
An estimate o f patient benefit can vary markedly be fore and a fter development o f a new examination,
inauguration o f a new laboratory service, or acquisition i f a new IVD device. I f reliable clinical data
demonstrating the consistent per formance and e ffectiveness o f the examination are available, the
clinical benefit can be estimated confidently. In cases where clinical data are limited in quantity or
quality, benefit is estimated with greater uncertainty from whatever relevant in formation is available.
However, in the absence o f relevant clinical data, the likelihood o f achieving the intended per formance
and the desired clinical e ffect will have to be predicted by re ference to quality assurance measures and
per formance characteristics.
Where significant risks are present, and there is a high degree o f uncertainty in the benefit estimate, it
will be necessary to veri fy the anticipated per formance or e fficacy as soon as possible through a clinical
evaluation or a clinical per formance study. This is essential to confirm that the risk/benefit balance
is as expected and to prevent unwarranted exposure o f patients to a large residual risk. ISO 20916
specifies good study practices for the conduct o f clinical per formance studies o f IVD medical devices.
K.3 Criteria forbenefit-risk judgments

Those involved in making benefit-risk judgments have a responsibility to understand and take into
account the clinical, technical and regulatory context o f their risk management decisions. This can
involve an interpretation o f fundamental requirements set out in applicable regulations or standards,
as they apply to the product in question under the anticipated conditions o f use. Since this type o f
analysis is highly specific, further guidance o f a general nature is not possible. Instead, the sa fety
requirements specified by standards addressing specific laboratory examinations, IVD medical devices
or risks can be presumed to be consistent with an acceptable level o f risk, especially where the use o f
those standards is sanctioned by the prevailing regulatory system. Note that a clinical per formance
study, in accordance with a legally recognized standard or procedure, might be required to veri fy that
the balance between medical benefit and residual risk is acceptable.
K.4 Benefit-Risk comparison

A direct comparison o f risks and benefits is valid only i f a common scale is used. When a common scale is
used, the risk to benefit comparison can be evaluated quantitatively. Indirect risk/benefit comparisons
do not use a common scale and are evaluated qualitatively. Whether quantitative or qualitative, risk/
benefit comparisons should take the following into account.
— Initially, a literature search for the hazards and medical applications in question can provide
significant insight into the ratio o f benefit to risk.
— High-benefit/high-risk examinations or IVD medical devices usually represent the best available
technology that provides a medical benefit but does not completely eliminate risk o f injury or
illness. There fore, an understanding o f current technology as it relates to medical practice is
required for accurate benefit-risk analysis. The benefit-risk comparison can be expressed in terms
o f a comparison to other available examination procedures or IVD medical devices.
— To validate that an examination or IVD medical device meets acceptable risk/benefit criteria, a
clinical evaluation or clinical per formance study may be required to estimate benefits and risks.
Also, acceptability to society could be addressed in a clinical evaluation involving medical laboratory
users, medical practitioners, and patients.
— For high-benefit/high-risk examinations or IVD medical devices, labelling should convey adequate
in formation to the medical laboratory so that medical laboratory users, medical practitioners, and
patients can be in formed to ensure appropriate benefit-risk decisions are made by appropriate
individuals prior to use.
— High-benefit/highrisk IVD medical devices typically have additional regulatory requirements that
the manu facturer has to meet prior to commercial distribution. These should be taken into account
Prior to launching a new or modified examination procedures or using new or modified IVD medical
device based on a benefit-risk analysis, the laboratory should summarize the available in formation
ISO 2 2 3 67: 2 02 0(E)
relate d to the ri s k/ b enefit de term i nation and do c u ment the b enefit-ri s k conclu s ion s with rationa le s a s
app l ic able . Gu ida nce on conduc ti ng a l iteratu re s e a rch o f cl i n ic a l data for I VD me d ica l device s c an b e
fou nd i n i n GH T F S G5/N2 R8 (2 2 ) .

ISO 22367:2020(E)
Annex L
(in fo rmative)
Residual risk(s)
T h i s gu id ance i s adap te d from I S O 149 71 : 2 019 and I S O/ T R 2 49 71 : 2 019.
L.1 General
Re s idua l ri s k i s the ri sk remai n i ng a fter a l l ri s k control me a s ure s (wh ich c a n i nclude i n formation for
s a fe ty) have b e en ta ken .
T he de c i s ion of the lab orator y rega rd i ng d i s clo s u re of re s idua l ri s k shou ld be re corde d in the
appropriate ri s k management do c u mentation .
D i s clo s u re o f re s idua l ri sk i s genera l ly de s crip tive and c a n provide b ackgrou nd on the re s idua l ri sks
i nvolve d i n u s i ng the exa m i nation pro ce du re or I VD me d ic a l device . T he a i m i s to d i s clo s e releva nt
i n formation to enable the u s er, the he a lthc a re provider, a nd even p o tenti a l ly the p atient, to ma ke
an i n forme d de c i s ion that weigh s the re s idua l ri sks aga i n s t the b enefits o f u s i ng the exam i nation
pro ce dure, the I VD me d ic a l device or the exa m i nation re s u lts .
L.2 Disclosure of residual risk

When de cid i ng how to d i s clo s e the re s idua l ri s k, it i s i mp or tant to identi fy what i s to b e com mu n ic ate d
and to whom it i s d i re c te d i n order to i n form, mo tivate and enable u s ers to fol low the exam i nation
pro ce dure a nd u s e e qu ipment s a fely and to i n form cl i n ici an s o f any l i m itation s that cou ld a ffe c t p atient
s a fe ty. T he lab orator y s hou ld e xam i ne the re s idua l ri s ks identi fie d i n 7.6 and 9. 2 to de term i ne what
should be disclosed.
T he lab orator y shou ld con s ider:
— the level or de tai l ne e de d;
— the word i ng to b e u s e d to en s u re clarity a nd unders ta ndabi l ity;
— the i ntende d re c ipients (e . g. , i n s tru ment op erators , s er vice p ers on nel, cl i n ici an s , p atients) ;
— the me an s/me d i a to b e u s e d .
T he lab orator y shou ld de term i ne the appropriate me a n s and me d ia to d i s clo s e the re s idua l ri sk.
T h i s i n formation c a n b e s ign i fic ant i n the pro ce s s o f cl i n ic a l de ci s ion ma ki ng. With i n the fra mework of
the i ntende d u s e, the lab orator y d i re c tor i n com mu n ic ation with the cl i n ici an s de cide i n wh ich cl i nic a l
s e tti ngs the exam i nation re s u lts or I VD me d ic a l device (e . g. , p oi nt o f c are) c an b e u s e d to ach ieve
cer tai n b enefits for the p atients .
For exa mple, p er form i ng a p oi nt o f c are gluco s e me as u rement i n the ne onata l s e tti ng h as the ri sk
o f re s u lts b ei ng le s s pre ci s e b e c au s e o f the i n fluence o f h igh hemato crit va lue . H owever, havi ng
an i m me d iate but le s s acc urate gluco s e re s u lt c an b e i mp or tant to a ler t the cl i n ici an to p o tenti a l
hyp o glycem i a, but e s p e c ia l ly with low va lue s the do c tor shou ld b e aware .

ISO 2 2 3 67: 2 02 0(E)
Bibliography
[1] ISO 14971:2019, Medical devices — Application of risk management to medical devices
[2] ISO/TR 24971:2019, Medical devices — Guidance on the application of ISO 14971
[3] ISO 15189:2012, Medical laboratories — Requirements for quality and competence
[4] ISO 15190:2003, Medical laboratories — Requirements for safety
[5] ISO 18113:2009, In vitro diagnostic medical devices — Information supplied by the manufacturer
(labeling)
[6] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary

[7] ISO 31000:2009, Risk management — Principles and guidelines
[8] ISO 13485:2016, Medical devices — Quality management systems — Requirements for regulatory
purposes
[9] ISO 20916:2019, Clinical performance studies for in vitro diagnostic devices (IVDs) using specimens
from human subjects — Good study practice (in development by ISO/TC 21 2/WG 3)
[10] ISO/TS 22367:2008, Medical laboratories — Reduction of error through risk management and
continual improvement
[11] ISO Guide 73:2009, Risk management — Vocabulary

[12] ISO/IEC Guide 51:1999, Safety aspects — Guidelines for their inclusion in standards
[13] ISO/IEC Guide 99:2007, International vocabulary of metrology — Basic and general concepts and
associated terms (VIM)
[14] IEC/ISO 31010:2009, Risk management — Risk assessment techniques

[15] IEC 60601-1:2005, Medical electrical equipment - Part 1: General requirements for basic safety and
essential performance
[16] IEC 60812:2006, Analysis techniques for system reliability — Procedure for failure mode and effects
analysis (FMEA)
[17] IEC 61025:2006, Fault tree analysis (FTA)

[18] IEC 62366-1:2015, Medical devices — Part 1: Application ofusability engineering to medical devices
[19] CLSI C24-A3 2006, Statistical Quality Control For Quantitative Measurements Procedures:
Principles And Definitions; Approved Guideline, 3rd Ed
[20] CLSI EP23-A 2011, Laboratory Quality Control Based on Risk Management; Approved Guideline
[21] G lobal H armoniz ation Task Force , Implementation o f risk management principles and
activities within a Quality Management System (GHTF/SG3/N15R8; May 20, 2005) Available at
http://www.imdrf.org/docs/ghtf/final/sg3/technical -docs/ghtf-sg3 -n15r8 -risk-management
-principles -qms -050520 .pdf
[22] Global Harmonization Task Force, Design Control Guidance for Medical Device Manu facturers.
(GHTF/SG3/N99-9; June 29, 1999) Available at http://www.imdrf.org/docs/ghtf/final/sg3/
technical-docs/ghtf-sg3 -n99 - 9 -design-control-990629 .pdf

ISO 2 2 3 67: 2 02 0(E)
[23] Glob al H armoniz ation Task Force , Clinical Evaluation – Final Guidance (GHTF SG5/N2R8;
May 2007). Available at http://www.imdrf.org/docs/ghtf/final/sg5/technical-docs/ghtf-sg5
-n2r8 -2007-clinical-evaluation-070501 .pdf
[24] Global Harmonization Task Force, Medical Devices: Post Market Surveillance: Proposal
for Reporting o f Use Errors with Medical Devices by their Manu facturer or Authorized
Representative (GHTF SG2N31R8: 2003). Available at http://www.imdrf.org/docs/ghtf/final/
sg2/technical-docs/ghtf-sg2 -fd-99 -7-reporting-guidance -990629.pdf
[25] MEDDEV 2.12.1 Rev. 6, Guidelines on a Medical Devices Vigilance System (December 2009).
Available at http://ec .europa .eu/ DocsRoom/documents/15506/attachments/1/translations/
en/renditions/native
[26] MEDDEV2, 7/1 Clinical Evaluation: A Guide for Manu facturers and Notified Bodies under
Directives 93/42/EEC and 90/385/EEC (June 2016), available online at https://www.bsigroup
.com/meddev/LocalFiles/en-GB/Documents/Dev-2 .7.1-Rev-4.pdf
[27] European Association o f Notified Bodies for Medical devices. (October 13, 2014). Consensus
Paper for the Interpretation and Application o f Annexes Z in EN ISO 14971:2012. Version 1.1
(Interim NBMed consensus version). Available at http://www. team-nb .org//wp -content/
uploads/ 2015/ 05/documents2014/ NBRG _WG %20RM _Interim _NBmed _Consensus _Version
_140812 _1 _1 .pdf
[28] C heng Michael Medical device regulations - Global overview and guiding principles" World Health
Organization, Geneva (2003)
[29] R e ason J. Human Error. Cambridge, England: Cambridge University Press, 1990.
[30] S chmidt Mike W The Use and Misuse of FMEA in Risk Analysis. MDDI 2004
[31] S tam atis DH, Failure Mode and E ffect Analysis: FMEA from Theory to Execution
[32] ISO/IEC Guide 63:2012, Guide to the development and inclusion of safety aspects in International
Standards for medical devices
[33] CLSI EP18-A2, 2009, Risk Management Techniques to Identi fy and Control Laboratory Error
Sources; Approved Guideline,2nd Ed
[34] CDC, CMS, US Department o f Health and Human Services. IQCP – Individualized Quality Control
Plan: Developing an IQCP – A Step-by-Step Guide. https://www.cms .gov/ Regulations -and
-Guidance/ Legislation/CLIA/ Downloads/ IQCP-Workbook.pdf

ISO 2 2 3 67: 2 02 0(E)
ICS 1 1 .1 00.01
Price based on 82 pages
© ISO 2020 – All rights reserved

Iso 22367-2020

Uploaded by

Copyright:

Available Formats

Iso 22367-2020

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iso 22367-2020

Uploaded by

Copyright:

Available Formats

What is the scope of this document?

What is the scope of this document?

What are the normative references mentioned in this document?

What are the normative references mentioned in this document?

INTERNATIONAL ISO

Medical laboratories — Application

COPYRIGHT PROTECTED DOCUMENT

ii © ISO 2020 – All rights reserved

4. 2 M anagement res p o ns ib ilities ..................................................................................................................................................... 9

4. 4 Ris k management p lan .................................................................................................................................................................. 10

4. 4. 4 Revis io ns to the p lan ................................................................................................................................................. 11

4. 4. 5 Ris k management do cumentatio n ................................................................................................................. 12

5 Risk analysis ........................................................................................................................................................................................................... 12

5 .2 Ris k analys is p ro ces s and do cumentatio n ................................................................................................................... 13

5 .4 I dentificatio n o f characteris tics related to s a ety f .................................................................................................. 13

5 .6 I dentificatio n o f p o tentially hazardo us s ituatio ns ................................................................................................ 14

5 .7 I dentificatio n o ff o res eeab le p atient harms ................................................................................................................ 14

6 Risk evaluation .................................................................................................................................................................................................... 15

6.2 Ris k evaluatio n p ro ces s ................................................................................................................................................................ 16

7 Risk control ............................................................................................................................................................................................................. 16

7.2 Ris k co ntro l verificatio n ............................................................................................................................................................... 17

7.3 f Ro le o s tandards in ris k co ntro l ........................................................................................................................................... 17

7.4 f Ro le o I VD medical devices in ris k co ntro l ................................................................................................................. 17

7.5 Ris ks aris ingf ro m ris k co ntro l meas ures ..................................................................................................................... 17

7.6 Res idual ris k evaluatio n ............................................................................................................................................................... 17

8 Benefit-risk analysis ...................................................................................................................................................................................... 18

9.3 Ris k management rep o rt ............................................................................................................................................................. 19

10 Risk monitoring, analysis and control activities .............................................................................................................. 19

1 0.2 I nternal s o urces o f f

© ISO 2020 – All rights reserved iii

Annex E (informative) Examples of hazards, foreseeable sequences of events and

Annex G (informative) Risk analysis tools and techniques ........................................................................................................ 60

Annex L (informative) Residual risk(s) .......................................................................................................................................................... 80

iv © ISO 2020 – All rights reserved

© ISO 2020 – All rights reserved v

vi © ISO 2020 – All rights reserved

Medical laboratories — Application of risk management to

3 Terms and definitions

© ISO 2020 – All rights reserved 1

[SOURCE: ISO Guide 73:2009, 3.5.1.3]

2 © ISO 2020 – All rights reserved

[S O U RC E : I S O 1 811 3 -1 : 2 0 0 9, 3 . 3 1 , mo d i fie d — No te 2 h as b e en dele te d .]

N o te 1 to entr y: I n ri s k m a n agement ter m i no lo g y, the word “ l i kel i ho o d” i s u s e d to re fer to the ch a nce o f s o me th i n g

happ en i ng , whe ther de fi ne d, me a s u re d or de ter m i ne d ob j e c tivel y or s ub j e c tivel y, qu a l itati vel y or qu a ntitativel y,

a nd de s c r ib e d u s i n g genera l ter m s or m athem atic a l l y (s uch a s a probability ( 3 .1 8 ) or a frequency ( 3 . 4) over a

given time period).

i n s te ad , the e qu i va lent o f the ter m “ probability ” (3 .1 8 ) i s o ften u s e d . H owever, i n E ngl i s h , “ probability ” (3 .1 8 ) is

and 1 i s ab s olute cer tai nty

N o te 1 to entr y: S e e de fi n itio n o f likelihood ( 3 .1 6 ) , N o te 2 to entr y.

[S O U RC E : I S O 9 0 0 0 : 2 01 5 , 3 .4.1 , mo d i fie d — No te 2 to entr y to No te 6 to entr y h ave b e en dele te d .]

re s u lt from re ad i ly pre d ic tab le hu man b ehaviour

s yno nym for b o th “ intended use ” (3 .14) a nd “re a s on ab l y fore s e e ab le m i s u s e .”

4 © ISO 2020 – All rights reserved

accep tabi l ity o f the risk (3.23)

eva luati ng , control l i ng a nd monitori ng risk (3.23)

ma nagement o f risk (3.23)

risk (3.23 ) level re qu i re d or exp e c te d

6 © ISO 2020 – All rights reserved

[SOURCE: ISO/IEC Guide 63:2012, 2.16]