What it is
Foundational risk management standard. AAMI TIR57 extends it specifically for security risk management.
Why it matters
Universally required. Cybersecurity risks must be integrated into the same ISO 14971 risk file the rest of your safety risks live in, separate files are a red flag in audits.
Adopted or referenced by
FDA EU MDR PMDA Health Canada TGA All MDSAP regulators
Key clauses
Risk-benefit
Security mitigations must not erode clinical benefit.
Residual risk
Communicated via labelling and IFU.
Production & post-production
Risk file is living, not a one-shot exercise.