Yes. ISO 13485 is an international standard that specifies requirements for regulatory purposes for medical device
manufacturers. It provides a framework for companies to meet their customer and regulatory requirements, and
outlines the things that they need (i.e., quality management system, resources, management requirements, remedial
requirements, etc.) in order to be compliant. ISO 13485: 1996 requires risk analysis and records pertaining to risk
analysis throughout the design process. ISO 13485:2003 requires the establishment of documented requirements for
risk management throughout the product realization process and to maintain risk management records.
A note in ISO 13485:2003 refers to ISO 14971 for guidance related to risk management. The latter deals more with
principles of risk management — a way of thinking — for manufacturers to fulfill the risk management requirement of
ISO 13485.
