Medical laboratories - Application of risk management to medical laboratories (ISO 22367:2020)

EN-ISO 22367 specifies a process for a medical laboratory to identify and manage the risks to patients, laboratory workers and service providers that are associated with medical laboratory examinations. The process includes identifying, estimating, evaluating, controlling and monitoring the risks.The requirements of this document are applicable to all aspects of the examinations and services of a medical laboratory, including the pre-examination and post-examination aspects, examinations, accurate transmission of test results into the electronic medical record and other technical and management processes described in ISO 15189.This document does not specify acceptable levels of risk.This document does not apply to risks from post-examination clinical decisions made by healthcare providers.This document does not apply to the management of risks affecting medical laboratory enterprises that are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.

Medizinische Laboratorien - Fehlerverringerung durch Risikomanagement und ständige Verbesserung (ISO 22367:2020)

Dieses Dokument legt einen Prozess fest, anhand dessen medizinische Laboratorien mit medizinischen Untersuchungen verbundene Risiken für Patienten, Labormitarbeiter und Dienstleister erkennen und handhaben können. Der Prozess umfasst die Erkennung, Einschätzung, Bewertung, Kontrolle und Überwachung der Risiken.
Die Anforderungen dieses Dokuments gelten für alle Aspekte der Untersuchungen und Dienstleistungen eines medizinischen Laboratoriums, einschließlich der präanalytischen und postanalystischen Phase, der Untersuchungen, der genauen Übertragung der Prüfergebnisse in eine elektronische medizinische Patienten¬akte sowie andere in ISO 15189 beschriebene technische und Verwaltungsprozesse.
In diesem Dokument wird kein annehmbarer Grad des Risikos spezifiziert.
Dieses Dokument gilt nicht für Risiken durch klinische Entscheidungen, die Anbieter medizinischer Versorgungsleistungen nach der Untersuchung treffen.
Dieses Dokument gilt nicht für das Management von medizinische Laborbetriebe betreffenden Risiken, die in ISO 31000 angesprochen werden, wie z. B. geschäftliche, wirtschaftliche, rechtliche und regulatorische Risiken.

Laboratoires de biologie médicale - Application de la gestion des risques aux laboratoires de biologie médicale (ISO 22367:2020)

Le présent document spécifie un processus permettant à un laboratoire de biologie médicale d'identifier et de gérer les risques pour les patients, le personnel de laboratoire et les prestataires de service qui sont associés aux examens de laboratoire de biologie médicale. Le processus inclut l'identification, l'estimation, l'évaluation, la maîtrise et la gestion des risques.
Les exigences du présent document sont applicables à tous les aspects relatifs aux examens et aux services d'un laboratoire de biologie médicale, y compris les aspects préanalytiques et postanalytiques, les examens, la transmission rigoureuse des résultats d'examen dans un dossier médical électronique et les autres processus techniques et managériaux décrits dans l'ISO 15189.
Le présent document ne spécifie pas les niveaux de risque acceptables.
Le présent document ne s'applique pas aux risques liés aux décisions cliniques postanalytiques prises par des prestataires de soins de santé.
Le présent document ne s'applique pas à la gestion des risques afférents aux entreprises de laboratoire de biologie médicale qui sont couverts par l'ISO 31000, tels que les risques commerciaux, économiques, juridiques et réglementaires.

Medicinski laboratoriji - Uporaba obvladovanja tveganja v medicinskih laboratorijih (ISO 22367:2020)

General Information

Status
Published
Public Enquiry End Date
19-Feb-2019
Publication Date
06-Apr-2020
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
31-Mar-2020
Due Date
05-Jun-2020
Completion Date
07-Apr-2020

Relations

Buy Standard

Standard
EN ISO 22367:2020 - BARVE
English language
91 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
EN ISO 22367:2020 - BARVE na PDF-str 35,76,84
English language
91 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Draft
prEN ISO 22367:2019 - BARVE
English language
97 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 22367:2020
01-maj-2020
Nadomešča:
SIST-TS CEN ISO/TS 22367:2010
Medicinski laboratoriji - Uporaba obvladovanja tveganja v medicinskih
laboratorijih (ISO 22367:2020)
Medical laboratories - Application of risk management to medical laboratories (ISO
22367:2020)
Medizinische Laboratorien - Fehlerverringerung durch Risikomanagement und ständige
Verbesserung (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la gestion des risques aux
laboratoires de biologie médicale (ISO 22367:2020)
Ta slovenski standard je istoveten z: EN ISO 22367:2020
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
11.100.01 Laboratorijska medicina na Laboratory medicine in
splošno general
SIST EN ISO 22367:2020 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 22367:2020

---------------------- Page: 2 ----------------------
SIST EN ISO 22367:2020


EN ISO 22367
EUROPEAN STANDARD

NORME EUROPÉENNE

March 2020
EUROPÄISCHE NORM
ICS 11.100.01 Supersedes CEN ISO/TS 22367:2010
English Version

Medical laboratories - Application of risk management to
medical laboratories (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la Medizinische Laboratorien - Fehlerverringerung durch
gestion des risques aux laboratoires de biologie Risikomanagement und ständige Verbesserung (ISO
médicale (ISO 22367:2020) 22367:2020)
This European Standard was approved by CEN on 7 February 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22367:2020 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST EN ISO 22367:2020
EN ISO 22367:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO 22367:2020
EN ISO 22367:2020 (E)
European foreword
This document (EN ISO 22367:2020) has been prepared by Technical Committee ISO/TC 212 "Clinical
laboratory testing and in vitro diagnostic test systems" in collaboration with Technical Committee
CEN/TC 140 “In vitro diagnostic medical devices” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2020, and conflicting national standards
shall be withdrawn at the latest by March 2023.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN ISO/TS 22367:2010.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22367:2020 has been approved by CEN as EN ISO 22367:2020 without any modification.

3

---------------------- Page: 5 ----------------------
SIST EN ISO 22367:2020

---------------------- Page: 6 ----------------------
SIST EN ISO 22367:2020
INTERNATIONAL ISO
STANDARD 22367
First edition
2020-02
Medical laboratories — Application
of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion des
risques aux laboratoires de biologie médicale
Reference number
ISO 22367:2020(E)
©
ISO 2020

---------------------- Page: 7 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

---------------------- Page: 8 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 8
4.1 Risk management process . 8
4.2 Management responsibilities . 9
4.3 Qualification of personnel .10
4.4 Risk management plan .10
4.4.1 General.10
4.4.2 Scope of the plan .11
4.4.3 Contents of the plan .11
4.4.4 Revisions to the plan .11
4.4.5 Risk management documentation .12
5 Risk analysis .12
5.1 General .12
5.2 Risk analysis process and documentation .13
5.3 Intended medical laboratory use and reasonably foreseeable misuses .13
5.4 Identification of characteristics related to safety .13
5.5 Identification of hazards .13
5.6 Identification of potentially hazardous situations .14
5.7 Identification of foreseeable patient harms .14
5.8 Estimation of the risk(s) for each hazardous situation.14
6 Risk evaluation .15
6.1 Risk acceptability criteria .15
6.2 Risk evaluation process .16
7 Risk control .16
7.1 Risk control options.16
7.2 Risk control verification .17
7.3 Role of standards in risk control.17
7.4 Role of IVD medical devices in risk control .17
7.5 Risks arising from risk control measures .17
7.6 Residual risk evaluation .17
8 Benefit-risk analysis .18
9 Risk management review .18
9.1 Completeness of risk control .18
9.2 Evaluation of overall residual risk .18
9.3 Risk management report .19
10 Risk monitoring, analysis and control activities .19
10.1 Surveillance procedure .19
10.2 Internal sources of risk information .20
10.3 External sources of risk information .20
10.4 Immediate actions to reduce risk .20
Annex A (informative) Implementation of risk management within the quality
management system .22
Annex B (informative) Developing a risk management plan .32
Annex C (informative) Risk acceptability considerations .34
© ISO 2020 – All rights reserved iii

---------------------- Page: 9 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Annex D (informative) Identification of characteristics related to safety .37
Annex E (informative) Examples of hazards, foreseeable sequences of events and
hazardous situations .44
Annex F (informative) Nonconformities potentially leading to significant risks .52
Annex G (informative) Risk analysis tools and techniques .60
Annex H (informative) Risk analysis of foreseeable user actions .65
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm .69
Annex J (informative) Overall residual risk evaluation and risk management review .75
Annex K (informative) Conducting a benefit-risk analysis .77
Annex L (informative) Residual risk(s) .80
Bibliography .81
iv © ISO 2020 – All rights reserved

---------------------- Page: 10 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test systems.
This first edition cancels and replaces (ISO/TS 22367:2008) which has been technically revised. [It also
incorporates the Technical corrigendum ISO/TS 22367:2008/Cor.1:2009.]. The main changes compared
to the previous edition are as follows:
— Change in title to indicate this document focusses on the complete risk management cycle for all
processes in the medical laboratory. The part on continual improvement is left out;
— The numbering of the clauses is in accordance with the formal risk management process as indicated
in Figure 1;
— The content is as far as possible in agreement with the approach used in ISO 14971 Medical devices
-Application of risk management to medical devices;
— The relation with ISO 15189:2012 is indicated in Annex A in which Figure A.1 provides a flow chart
which indicates how to apply risk management in the laboratory;
— Addition of 10 new annexes, all informative, providing valuable information about the different
processes in the risk management cycle without demanding more than justified for the specific
purpose;
— Annex F. provides an extensive list of aspects which could be considered as source for risks in the
different types of medical laboratories.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v

---------------------- Page: 11 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Introduction
This document provides medical laboratories with a framework within which experience, insight
and judgment are applied to manage the risks associated with laboratory examinations. The risk
management process spans the complete range of medical laboratory services: pre-examination,
examination and post-examination processes, including the design and development of laboratory
examinations.
ISO 15189 requires that medical laboratories review their work processes, evaluate the impact of
potential failures on examination results, modify the processes to reduce or eliminate the identified
risks, and document the decisions and actions taken. This document describes a process for managing
these safety risks, primarily to the patient, but also to the operator, other persons, equipment and other
property, and the environment. It does not address business enterprise risks, which are the subject of
ISO 31000.
Medical laboratories often rely on the use of in vitro medical devices to achieve their quality objectives.
Thus, risk management has to be a shared responsibility between the IVD manufacturer and the medical
laboratory. Since most IVD manufacturers have already implemented ISO 14971:2007, “Medical devices
-Application of risk management to medical devices,” this standard has adopted the same concepts,
principles and framework to manage the risks associated with the medical laboratory.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of
hazards, which can lead directly or indirectly to varying degrees of harm. The concept of risk has two
components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder may place a different value on the risk of
harm. Alignment of this standard with ISO 14971 and the guidance of the Global Harmonization Task
Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD
manufacturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit of
patients, laboratories and the public health.
Medical laboratories have traditionally focused on detecting errors, which are often the consequence of
use errors during routine activities. Use errors can result from a poorly designed instrument interface,
or reliance on inadequate information provided by the manufacturer. They can also result from
reasonably foreseeable misuse, such as intentional disregard of an IVD manufacturer’s instructions
for use, or failure to follow generally accepted medical laboratory practices. These errors can cause
or contribute to hazards, which may manifest themselves immediately as a single event, or may be
expressed multiple times throughout a system, or may remain latent until other contributory events
occur. The emerging field of usability engineering addresses all of these ‘human factors’ as preventable
‘use errors.’ In addition, laboratories also have to contend with occasional failures of their IVD medical
devices to perform as intended. Regardless of their cause, risks created by device malfunctions and use
errors can be actively managed.
Risk management interfaces with quality management at many points in ISO 15189, in particular
complaint management, internal audit, corrective action, preventive action, safety checklist, quality
control, management review and external assessment, both accreditation and proficiency testing.
Management of risk also coincides with the management of safety in the medical laboratories, as
exemplified by the safety audit checklists in ISO 15190.
Risk management is a planned, systematic process that is best implemented through a structured
framework. This standard is intended to assist medical laboratories with the integration of risk
management into their routine organization, operation and management.
vi © ISO 2020 – All rights reserved

---------------------- Page: 12 ----------------------
SIST EN ISO 22367:2020
INTERNATIONAL STANDARD ISO 22367:2020(E)
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations.
The process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of
a medical laboratory, including the pre-examination and post-examination aspects, examinations,
accurate transmission of test results into the electronic medical record and other technical and
management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document does not apply to the management of risks affecting medical laboratory enterprises that
are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
benefit
impact or desirable outcome of a process (3.19), procedure (3.17) or the use of a medical device on the
health of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, (relief of symptoms), improvement in
function, or an increased sense of well-being.
3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or
“close call”.
© ISO 2020 – All rights reserved 1

---------------------- Page: 13 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

[SOURCE: ISO Guide 73:2009, 3.5.1.3]
3.3
examination
set of operations having the object of determining the value or characteristics of a property
Note 1 to entry: In some disciplines (e.g., microbiology) an examination is the total activity of a number of tests,
observations or measurements.
Note 2 to entry: Laboratory examinations that determine a value of a property are called quantitative
examinations; those that determine the characteristics of a property are called qualitative examinations.
Note 3 to entry: Laboratory examinations are also often called assays or tests.
[SOURCE: ISO 15189:2012, 3.7]
3.4
frequency
number of events (3.2) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events (3.2) or to potential future events (3.2), where it can be
used as a measure of likelihood or probability (3.18)
[SOURCE: ISO Guide 73:2009, 3.6.1.5]
3.5
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.6
hazard
source of potential harm (3.5)
[SOURCE: ISO Guide 73:2009, 3.5.1.4, modified – Note 1 to entry has been deleted.]
3.7
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.6)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
3.8
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician,
laboratory technologist, biomedical laboratory scientist medical assistant, medical specialist, respiratory care
practitioner.
[SOURCE: ISO 18113-1:2009, 3.23]
3.9
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design, manufacture, packaging, or labelling (3.12) of
an IVD medical device (3.10), assembling a system, or adapting an IVD medical device (3.10)before it is
placed on the market or put into service, regardless of whether these operations are carried out by that
person or on that person's behalf by a third party
Note 1 to entry: Provisions of national or regional regulations can apply to the definition of manufacturer.
2 © ISO 2020 – All rights reserved

---------------------- Page: 14 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

[SOURCE: ISO 14971:2007, 2.8, modified – “manufacturer” has been changed to “in vitro diagnostic
manufacturer”.“A medical device” has been changed to “an IVD medical device” (3.10). “Attention is
drawn to the fact that” h
...

SLOVENSKI STANDARD
SIST EN ISO 22367:2020
01-maj-2020
Nadomešča:
SIST-TS CEN ISO/TS 22367:2010
Medicinski laboratoriji - Uporaba obvladovanja tveganja v medicinskih
laboratorijih (ISO 22367:2020)
Medical laboratories - Application of risk management to medical laboratories (ISO
22367:2020)
Medizinische Laboratorien - Fehlerverringerung durch Risikomanagement und ständige
Verbesserung (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la gestion des risques aux
laboratoires de biologie médicale (ISO 22367:2020)
Ta slovenski standard je istoveten z: EN ISO 22367:2020
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
11.100.01 Laboratorijska medicina na Laboratory medicine in
splošno general
SIST EN ISO 22367:2020 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 22367:2020

---------------------- Page: 2 ----------------------
SIST EN ISO 22367:2020


EN ISO 22367
EUROPEAN STANDARD

NORME EUROPÉENNE

March 2020
EUROPÄISCHE NORM
ICS 11.100.01 Supersedes CEN ISO/TS 22367:2010
English Version

Medical laboratories - Application of risk management to
medical laboratories (ISO 22367:2020)
Laboratoires de biologie médicale - Application de la Medizinische Laboratorien - Fehlerverringerung durch
gestion des risques aux laboratoires de biologie Risikomanagement und ständige Verbesserung (ISO
médicale (ISO 22367:2020) 22367:2020)
This European Standard was approved by CEN on 7 February 2020.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22367:2020 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST EN ISO 22367:2020
EN ISO 22367:2020 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO 22367:2020
EN ISO 22367:2020 (E)
European foreword
This document (EN ISO 22367:2020) has been prepared by Technical Committee ISO/TC 212 "Clinical
laboratory testing and in vitro diagnostic test systems" in collaboration with Technical Committee
CEN/TC 140 “In vitro diagnostic medical devices” the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by September 2020, and conflicting national standards
shall be withdrawn at the latest by September 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN ISO/TS 22367:2010.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22367:2020 has been approved by CEN as EN ISO 22367:2020 without any modification.

3

---------------------- Page: 5 ----------------------
SIST EN ISO 22367:2020

---------------------- Page: 6 ----------------------
SIST EN ISO 22367:2020
INTERNATIONAL ISO
STANDARD 22367
First edition
2020-02
Medical laboratories — Application
of risk management to medical
laboratories
Laboratoires de biologie médicale — Application de la gestion des
risques aux laboratoires de biologie médicale
Reference number
ISO 22367:2020(E)
©
ISO 2020

---------------------- Page: 7 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

---------------------- Page: 8 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Risk management . 8
4.1 Risk management process . 8
4.2 Management responsibilities . 9
4.3 Qualification of personnel .10
4.4 Risk management plan .10
4.4.1 General.10
4.4.2 Scope of the plan .11
4.4.3 Contents of the plan .11
4.4.4 Revisions to the plan .11
4.4.5 Risk management documentation .12
5 Risk analysis .12
5.1 General .12
5.2 Risk analysis process and documentation .13
5.3 Intended medical laboratory use and reasonably foreseeable misuses .13
5.4 Identification of characteristics related to safety .13
5.5 Identification of hazards .13
5.6 Identification of potentially hazardous situations .14
5.7 Identification of foreseeable patient harms .14
5.8 Estimation of the risk(s) for each hazardous situation.14
6 Risk evaluation .15
6.1 Risk acceptability criteria .15
6.2 Risk evaluation process .16
7 Risk control .16
7.1 Risk control options.16
7.2 Risk control verification .17
7.3 Role of standards in risk control.17
7.4 Role of IVD medical devices in risk control .17
7.5 Risks arising from risk control measures .17
7.6 Residual risk evaluation .17
8 Benefit-risk analysis .18
9 Risk management review .18
9.1 Completeness of risk control .18
9.2 Evaluation of overall residual risk .18
9.3 Risk management report .19
10 Risk monitoring, analysis and control activities .19
10.1 Surveillance procedure .19
10.2 Internal sources of risk information .20
10.3 External sources of risk information .20
10.4 Immediate actions to reduce risk .20
Annex A (informative) Implementation of risk management within the quality
management system .22
Annex B (informative) Developing a risk management plan .32
Annex C (informative) Risk acceptability considerations .34
© ISO 2020 – All rights reserved iii

---------------------- Page: 9 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Annex D (informative) Identification of characteristics related to safety .37
Annex E (informative) Examples of hazards, foreseeable sequences of events and
hazardous situations .44
Annex F (informative) Nonconformities potentially leading to significant risks .52
Annex G (informative) Risk analysis tools and techniques .60
Annex H (informative) Risk analysis of foreseeable user actions .65
Annex I (informative) Methods of risk assessment, including estimation of probability and
severity of harm .69
Annex J (informative) Overall residual risk evaluation and risk management review .75
Annex K (informative) Conducting a benefit-risk analysis .77
Annex L (informative) Residual risk(s) .80
Bibliography .81
iv © ISO 2020 – All rights reserved

---------------------- Page: 10 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test systems.
This first edition cancels and replaces (ISO/TS 22367:2008) which has been technically revised. [It also
incorporates the Technical corrigendum ISO/TS 22367:2008/Cor.1:2009.]. The main changes compared
to the previous edition are as follows:
— Change in title to indicate this document focusses on the complete risk management cycle for all
processes in the medical laboratory. The part on continual improvement is left out;
— The numbering of the clauses is in accordance with the formal risk management process as indicated
in Figure 1;
— The content is as far as possible in agreement with the approach used in ISO 14971 Medical devices
-Application of risk management to medical devices;
— The relation with ISO 15189:2012 is indicated in Annex A in which Figure A.1 provides a flow chart
which indicates how to apply risk management in the laboratory;
— Addition of 10 new annexes, all informative, providing valuable information about the different
processes in the risk management cycle without demanding more than justified for the specific
purpose;
— Annex F. provides an extensive list of aspects which could be considered as source for risks in the
different types of medical laboratories.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v

---------------------- Page: 11 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

Introduction
This document provides medical laboratories with a framework within which experience, insight
and judgment are applied to manage the risks associated with laboratory examinations. The risk
management process spans the complete range of medical laboratory services: pre-examination,
examination and post-examination processes, including the design and development of laboratory
examinations.
ISO 15189 requires that medical laboratories review their work processes, evaluate the impact of
potential failures on examination results, modify the processes to reduce or eliminate the identified
risks, and document the decisions and actions taken. This document describes a process for managing
these safety risks, primarily to the patient, but also to the operator, other persons, equipment and other
property, and the environment. It does not address business enterprise risks, which are the subject of
ISO 31000.
Medical laboratories often rely on the use of in vitro medical devices to achieve their quality objectives.
Thus, risk management has to be a shared responsibility between the IVD manufacturer and the medical
laboratory. Since most IVD manufacturers have already implemented ISO 14971:2007, “Medical devices
-Application of risk management to medical devices,” this standard has adopted the same concepts,
principles and framework to manage the risks associated with the medical laboratory.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of
hazards, which can lead directly or indirectly to varying degrees of harm. The concept of risk has two
components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder may place a different value on the risk of
harm. Alignment of this standard with ISO 14971 and the guidance of the Global Harmonization Task
Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD
manufacturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit of
patients, laboratories and the public health.
Medical laboratories have traditionally focused on detecting errors, which are often the consequence of
use errors during routine activities. Use errors can result from a poorly designed instrument interface,
or reliance on inadequate information provided by the manufacturer. They can also result from
reasonably foreseeable misuse, such as intentional disregard of an IVD manufacturer’s instructions
for use, or failure to follow generally accepted medical laboratory practices. These errors can cause
or contribute to hazards, which may manifest themselves immediately as a single event, or may be
expressed multiple times throughout a system, or may remain latent until other contributory events
occur. The emerging field of usability engineering addresses all of these ‘human factors’ as preventable
‘use errors.’ In addition, laboratories also have to contend with occasional failures of their IVD medical
devices to perform as intended. Regardless of their cause, risks created by device malfunctions and use
errors can be actively managed.
Risk management interfaces with quality management at many points in ISO 15189, in particular
complaint management, internal audit, corrective action, preventive action, safety checklist, quality
control, management review and external assessment, both accreditation and proficiency testing.
Management of risk also coincides with the management of safety in the medical laboratories, as
exemplified by the safety audit checklists in ISO 15190.
Risk management is a planned, systematic process that is best implemented through a structured
framework. This standard is intended to assist medical laboratories with the integration of risk
management into their routine organization, operation and management.
vi © ISO 2020 – All rights reserved

---------------------- Page: 12 ----------------------
SIST EN ISO 22367:2020
INTERNATIONAL STANDARD ISO 22367:2020(E)
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to patients,
laboratory workers and service providers that are associated with medical laboratory examinations.
The process includes identifying, estimating, evaluating, controlling and monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services of
a medical laboratory, including the pre-examination and post-examination aspects, examinations,
accurate transmission of test results into the electronic medical record and other technical and
management processes described in ISO 15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by healthcare
providers.
This document does not apply to the management of risks affecting medical laboratory enterprises that
are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
benefit
impact or desirable outcome of a process (3.19), procedure (3.17) or the use of a medical device on the
health of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, (relief of symptoms), improvement in
function, or an increased sense of well-being.
3.2
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near hit” or
“close call”.
© ISO 2020 – All rights reserved 1

---------------------- Page: 13 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

[SOURCE: ISO Guide 73:2009, 3.5.1.3]
3.3
examination
set of operations having the object of determining the value or characteristics of a property
Note 1 to entry: In some disciplines (e.g., microbiology) an examination is the total activity of a number of tests,
observations or measurements.
Note 2 to entry: Laboratory examinations that determine a value of a property are called quantitative
examinations; those that determine the characteristics of a property are called qualitative examinations.
Note 3 to entry: Laboratory examinations are also often called assays or tests.
[SOURCE: ISO 15189:2012, 3.7]
3.4
frequency
number of events (3.2) or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events (3.2) or to potential future events (3.2), where it can be
used as a measure of likelihood or probability (3.18)
[SOURCE: ISO Guide 73:2009, 3.6.1.5]
3.5
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.6
hazard
source of potential harm (3.5)
[SOURCE: ISO Guide 73:2009, 3.5.1.4, modified – Note 1 to entry has been deleted.]
3.7
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more hazard(s) (3.6)
[SOURCE: ISO/IEC Guide 51:2014, 3.4]
3.8
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLE Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory technician,
laboratory technologist, biomedical laboratory scientist medical assistant, medical specialist, respiratory care
practitioner.
[SOURCE: ISO 18113-1:2009, 3.23]
3.9
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design, manufacture, packaging, or labelling (3.12) of
an IVD medical device (3.10), assembling a system, or adapting an IVD medical device (3.10)before it is
placed on the market or put into service, regardless of whether these operations are carried out by that
person or on that person's behalf by a third party
Note 1 to entry: Provisions of national or regional regulations can apply to the definition of manufacturer.
2 © ISO 2020 – All rights reserved

---------------------- Page: 14 ----------------------
SIST EN ISO 22367:2020
ISO 22367:2020(E)

[SOURCE: ISO 14971:2007, 2.8, modified – “manufacturer” has been changed to “in vitro diagnostic
manufacturer”.“A medical device” has been changed to “an IVD medical device” (3.10). “Attention is
drawn to the fact tha
...

SLOVENSKI STANDARD
oSIST prEN ISO 22367:2019
01-april-2019
Medicinski laboratoriji - Uporaba obvladovanja tveganja pri medicinskih
laboratorijih (ISO/DIS 22367:2019)
Medical laboratories - Application of risk management to medical laboratories (ISO/DIS
22367:2019)
Medizinische Laboratorien - Fehlerverringerung durch Risikomanagement und ständige
Verbesserung (ISO/DIS 22367:2019)
Laboratoires médicaux - Réduction d'erreurs par gestion du risque et amélioration
continue (ISO/DIS 22367:2019)
Ta slovenski standard je istoveten z: prEN ISO 22367
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
11.100.01 Laboratorijska medicina na Laboratory medicine in
splošno general
oSIST prEN ISO 22367:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 22367:2019

---------------------- Page: 2 ----------------------
oSIST prEN ISO 22367:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 22367
ISO/TC 212 Secretariat: ANSI
Voting begins on: Voting terminates on:
2019-02-04 2019-04-29
Medical laboratories — Application of risk management to
medical laboratories
Laboratoires médicaux — Réduction d'erreurs par gestion du risque et amélioration continue
ICS: 11.100.01
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
ISO/CEN PARALLEL PROCESSING
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 22367:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019

---------------------- Page: 3 ----------------------
oSIST prEN ISO 22367:2019
̹ ʹʹ͵͸͹–ŽŽ”‹‰Š–•”‡•‡”˜‡†
ISO/DIS 22367:2019(E)

Contents
Foreword . 4
Introduction . 5
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Risk management . 16
5 Risk analysis . 21
6 Risk evaluation . 24
7 Risk control. 25
8 Risk/benefit analysis . 27
9 Risk management review . 28
10 Risk monitoring, analysis and control of unanticipated risks . 29
Annex Aȋ‹ˆ‘”ƒ–‹˜‡Ȍ Implementation of risk management within the quality
management system . 31
Annex Bȋ‹ˆ‘”ƒ–‹˜‡Ȍ Developing a risk management plan . 43
Annex Cȋ‹ˆ‘”ƒ–‹˜‡Ȍ Risk acceptability considerations . 45
Annex Dȋ‹ˆ‘”ƒ–‹˜‡Ȍ Identification of characteristics related to safety . 48
Annex Eȋ‹ˆ‘”ƒ–‹˜‡Ȍ Examples of hazards, foreseeable sequences of events and
hazardous situations . 56
Annex Fȋ‹ˆ‘”ƒ–‹˜‡Ȍ Nonconformities potentially leading to significant risks . 64
Annex Gȋ‹ˆ‘”ƒ–‹˜‡Ȍ Risk analysis tools and techniques . 73
Annex Hȋ‹ˆ‘”ƒ–‹˜‡Ȍ Risk analysis of foreseeable user actions . 79
Annex Iȋ‹ˆ‘”ƒ–‹˜‡Ȍ Methods of risk assessment, including estimation of probability
and severity of harm . 83
Annex Jȋ‹ˆ‘”ƒ–‹˜‡Ȍ Overall residual risk evaluation and risk management review . 89
Annex Kȋ‹ˆ‘”ƒ–‹˜‡Ȍ Conducting a risk/benefit analysis . 92
Annex Lȋ‹ˆ‘”ƒ–‹˜‡Ȍ Residual risk(s) . 95
Bibliography . 96
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
ƒ‰‡͵‘ˆͻ͹
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
© ISO 22367 – All rights reserved
Contents
Foreword . 4
Introduction . 5
1 Scope . 7
2 Normative references . 7
3 Terms and definitions . 7
4 Risk management . 16
5 Risk analysis . 21
6 Risk evaluation . 24
7 Risk control. 25
8 Risk/benefit analysis . 27
9 Risk management review . 28
10 Risk monitoring, analysis and control of unanticipated risks . 29
Annex A (informative) Implementation of risk management within the quality
management system . 31
Annex B (informative) Developing a risk management plan . 43
Annex C (informative) Risk acceptability considerations . 45
Annex D (informative) Identification of characteristics related to safety . 48
Annex E (informative) Examples of hazards, foreseeable sequences of events and
hazardous situations . 56
Annex F (informative) Nonconformities potentially leading to significant risks . 64
Annex G (informative) Risk analysis tools and techniques . 73
Annex H (informative) Risk analysis of foreseeable user actions . 79
Annex I (informative) Methods of risk assessment, including estimation of probability
and severity of harm . 83
Annex J (informative) Overall residual risk evaluation and risk management review . 89
Annex K (informative) Conducting a risk/benefit analysis . 92
Annex L (informative) Residual risk(s) . 95
Bibliography . 96
Page 3 of 97
© ISO 2019 – All rights reserved

---------------------- Page: 5 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
ISO 22367
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national
standards bodies (ISO member bodies). The work of preparing International Standards is normally
carried out through ISO technical committees. Each member body interested in a subject for which a
technical committee has been established has the right to be represented on that committee.
International organizations, governmental and non-governmental, in liaison with ISO, also take part
in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all
matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of ISO documents should be noted. This document was drafted in accordance with
the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details
of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the
following URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, Clinical laboratory testing and in
vitro diagnostic test systems.
This standard cancels and replaces ISO/TS 22367:2008, which has been technically revised.
4 © ISO #### – All rights reserved
© ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
© ISO 22367 – All rights reserved
Introduction
This document provides medical laboratories with a framework within which experience, insight and
judgment are applied to manage the risks associated with laboratory examinations. The risk
management process spans the complete range of medical laboratory services: pre-examination,
examination and post-examination processes, including the design and development of laboratory
examinations.
ISO 15189 requires that medical laboratories review their work processes, evaluate the impact of
potential failures on examination results, modify the processes to reduce or eliminate the identified
risks, and document the decisions and actions taken. This standard describes a process for managing
these safety risks, primarily to the patient, but also to the operator, other persons, equipment and
other property, and the environment. It does not address business enterprise risks, which are the
subject of ISO 31000.
Medical laboratories often rely on the use of in vitro medical devices to achieve their quality
objectives. Thus, risk management has to be a shared responsibility between the IVD manufacturer
and the medical laboratory. Since most IVD manufacturers have already implemented ISO
14971:2007, “Medical devices -Application of risk management to medical devices,” this standard
has adopted the same concepts, principles and framework to manage the risks associated with the
medical laboratory.
Activities in a medical laboratory can expose patients, workers or other stakeholders to a variety of
hazards, which can lead directly or indirectly to varying degrees of harm. The concept of risk has two
components:
a) the probability of occurrence of harm;
b) the consequence of that harm, that is, how severe the harm might be.
Risk management is complex because each stakeholder may place a different value on the risk of
harm. Alignment of this standard with ISO 14971 and the guidance of the Global Harmonization Task
Force (GHTF) is intended to improve risk communication and cooperation among laboratories, IVD
manufacturers, regulatory authorities, accreditation bodies and other stakeholders for the benefit of
patients, laboratories and the public health.
Medical laboratories have traditionally focused on detecting errors, which are often the consequence
of use errors during routine activities. Use errors can result from a poorly designed instrument
interface, or reliance on inadequate information provided by the manufacturer. They can also result
from reasonably foreseeable misuse, such as intentional disregard of an IVD manufacturer’s
instructions for use, or failure to follow generally accepted medical laboratory practices. These errors
can cause or contribute to hazards, which may manifest themselves immediately as a single event, or
may be expressed multiple times throughout a system, or may remain latent until other contributory
events occur. The emerging field of usability engineering addresses all of these ‘human factors’ as
preventable ‘use errors.’ In addition, laboratories also have to contend with occasional failures of
their IVD medical devices to perform as intended. Regardless of their cause, risks created by device
malfunctions and use errors must be actively managed.
Risk management interfaces with quality management at many points in ISO 15189, in particular
complaint management, internal audit, corrective action, preventive action, safety checklist, quality
control, management review and external assessment, both accreditation and proficiency testing.
Page 5 of 97
© ISO 2019 – All rights reserved

---------------------- Page: 7 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
ISO 22367
Management of risk also coincides with the management of safety in the medical laboratories, as
exemplified by the safety audit checklists in ISO 15190.
Risk management is a planned, systematic process that is best implemented through a structured
framework. This standard is intended to assist medical laboratories with the integration of risk
management into their routine organization, operation and management
6 © ISO #### – All rights reserved
© ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
© ISO 22367 – All rights reserved
Medical laboratories — Application of risk management to
medical laboratories
1 Scope
This document specifies a process for a medical laboratory to identify and manage the risks to
patients, laboratory workers and service providers that are associated with medical laboratory
examinations. The process includes identifying, estimating, evaluating, controlling and
monitoring the risks.
The requirements of this document are applicable to all aspects of the examinations and services
of a medical laboratory, including the pre-examination and post-examination aspects,
examinations, accurate transmission of test results into the electronic medical record and other
technical and management processes described in ISO15189.
This document does not specify acceptable levels of risk.
This document does not apply to risks from post-examination clinical decisions made by
healthcare providers.
This document does not apply to the management of risks affecting the medical laboratory
enterprise that are addressed by ISO 31000, such as business, economic, legal, and regulatory
risks.
NOTE International, national, or regional regulations or requirements may also apply to specific
topics covered in this international standard
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
benefit
impact or desirable outcome of a process, procedure or the use of a medical device on the health
of an individual or a positive impact on patient management or public health
Note 1 to entry: Benefits include prolongation of life, reduction of pain, (relief of symptoms), improvement
in function, or an increased sense of well-being.
© ISO 2019 – All rights reserved
© ISO 22367 – All rights reserved 7

---------------------- Page: 9 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
ISO 22367
3.2
event
occurrence of change of a particular set of circumstances
Note 1 to entry: An event can be one or more occurrences, and can have several causes.
Note 2 to entry: An event can consist of something not happening.
Note 3 to entry: An event can sometimes be referred to as an “incident” or “accident”.
Note 4 to entry: An event without consequences can also be referred to as a “near miss”, “incident”, “near
hit” or “close call”.
[SOURCE: ISO Guide 73:2009, 3.5.1.3]
3.3
examination
set of operations having the object of determining the value or characteristics of a property
Note 1 to entry: In some disciplines (e.g., microbiology) an examination is the total activity of a number of
tests, observations or measurements.
Note 2 to entry: Laboratory examinations that determine a value of a property are called quantitative
examinations; those that determine the characteristics of a property are called qualitative examinations.
Note 3 to entry: Laboratory examinations are also often called assays or tests.
[SOURCE: ISO 15189:2012, 3.7]
3.4
frequency
number of events or outcomes per defined unit of time
Note 1 to entry: Frequency can be applied to past events or to potential future events, where it can be used
as a measure of likelihood or probability
[SOURCE: ISO Guide 73:2009, 3.6.1.5]
3.5
harm
injury or damage to the health of people, or damage to property or the environment
[SOURCE: ISO/IEC Guide 51:2014, 3.1]
3.6
hazard
source of potential harm
[SOURCE: ISO Guide 73:2009, 3.5.1.4, modified – Note 1 to entry has been deleted.]
3.7
hazardous situation
circumstance in which people, property, or the environment are exposed to one or more
hazard(s)
© ISO 2019 – All rights reserved
8 © ISO 22367 – All rights reserved

---------------------- Page: 10 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
© ISO 22367 – All rights reserved
[SOURCE: ISO/IEC Guide 51:2014, 3.2]
3.8
healthcare provider
individual authorized to deliver health services to a patient
EXAMPLES Physician, nurse, ambulance attendant, dentist, diabetes educator, laboratory
technician, laboratory technologist, biomedical laboratory scientist medical assistant, medical
specialist, respiratory care practitioner.
[SOURCE: ISO 18113-1:2009, 3.23]
3.9
in vitro diagnostic manufacturer
IVD manufacturer
natural or legal person with responsibility for the design, manufacture, packaging, or labelling of
an IVD medical device, assembling a system, or adapting an IVD medical device before it is placed
on the market or put into service, regardless of whether these operations are carried out by that
person or on that person's behalf by a third party
Note 1 to entry: Provisions of national or regional regulations can apply to the definition of manufacturer.
[SOURCE: ISO 14971:2007, definition 2.8, modified – “manufacturer” has been changed to “in
vitro diagnostic manufacturer”.“A medical device” has been changed to “an IVD medical device”.
“Attention is drawn to the fact that” has been deleted in Note 1 to entry. In addition, Note 2 to
entry has been deleted.]
3.10
in vitro diagnostic medical device
IVD medical device
device, whether used alone or in combination, intended by the manufacturer for the in vitro
examination of specimens derived from the human body solely or principally to provide
information for diagnostic, monitoring or compatibility purposes and including reagents,
calibrators, control materials, specimen receptacles, software, and related instruments or
apparatus or other articles
[SOURCE: ISO 18113-1:2009, 3.27]
3.11
in vitro diagnostic instrument
IVD instrument
equipment or apparatus intended by a manufacturer to be used as an IVD medical device
[SOURCE: ISO 18113-1:2009, 3.26]
3.12
in vitro diagnostic reagent
IVD reagent
chemical, biological or immunological components, solutions or preparations intended by the
manufacturer to be used as an IVD medical device
[SOURCE: ISO 18113-1:2009, 3.28]
© ISO 2019 – All rights reserved
© ISO 22367 – All rights reserved 9

---------------------- Page: 11 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
ISO 22367
3.13
information supplied by the manufacturer
labelling
written, printed or graphic matter
⎯ affixed to an IVD medical device or any of its containers or wrappers or
⎯ provided for use with an IVD medical device,
related to identification and use, and giving a technical description, of the IVD medical device, but
excluding shipping documents
EXAMPLES Labels, instructions for use.
Note 1 to entry: In IEC standards, documents provided with a medical device and containing important
information for the responsible organization or operator, particularly regarding safety, are called
“accompanying documents”.
Note 2 to entry: Catalogues and material safety data sheets are not considered labelling of IVD medical
devices.
[SOURCE: ISO 18113-1:2009, 3.29]
3.14
instructions for use
information supplied by the manufacturer to enable the safe and proper use of an IVD medical
device
Note 1 to entry: Includes the directions supplied by the manufacturer for the use, maintenance,
troubleshooting and disposal of an IVD medical device, as well as warnings and precautions.
[SOURCE: ISO 18113-1:2009, 3.30]
3.15
intended use
intended purpose
objective intent of an IVD manufacturer regarding the use of a product, process or service as
reflected in the specifications, instructions and information supplied by the IVD manufacturer
Note 1 to entry: Intended use statements for IVD labelling can include two components: a description of
the functionality of the IVD medical device (e.g., an immunochemical measurement procedure for the
detection of analyte “x” in serum or plasma), and a statement of the intended medical use of the examination
results.
[SOURCE: ISO 18113-1:2009, 3.31]
3.16
laboratory management
person(s) who direct and manage the activities of a laboratory
Note 1 to entry: The term ‘laboratory management’ is synonymous with the term ‘top management’ in ISO
9000:2015, 3.1.1.
[SOURCE: ISO 15189:2012, 3.10]
© ISO 2019 – All rights reserved
10 © ISO 22367 – All rights reserved

---------------------- Page: 12 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
© ISO 22367 – All rights reserved
3.17
likelihood
chance of something happening
Note 1 to entry: In risk management terminology, the word “likelihood” is used to refer to the chance of
something happening, whether defined, measured or determined objectively or subjectively, qualitatively
or quantitatively, and described using general terms or mathematically (such as a probability or a
frequency over a given time period).
Note 2 to entry: The English language term “likelihood” does not have a direct equivalent in some
languages; instead, the equivalent of the term “probability” is often used. However, in English, “probability”
is often narrowly interpreted as a mathematical term. Therefore, in risk management terminology,
“likelihood” is used with the intent that it should have the same broad interpretation as the term
“probability” has in many languages other than English.
[SOURCE: ISO Guide 73:2009, 3.6.1.1]
3.18
procedure
specified way to carry out an activity or a process
Note 1 to entry: Procedures can be documented or not.
[SOURCE: ISO 9000:2015, 3.4.5]
3.19
probability
measure of the chance of occurrence expressed as a number between 0 and 1, where 0 is
impossibility and 1 is absolute certainty
Note 1 to entry: See definition of likelihood (3.17), Note 2 to entry.
[SOURCE: ISO Guide 73:2009, 3.6.1.4]
3.20
process
set of interrelated or interacting activities that use inputs to deliver an intended result
Note 1 to entry: Whether the “intended result” of a process is called output, product or service depends on
the context of the reference.
[SOURCE: ISO 9000:2015, 3.4.1, modified– Note 2 to entry to Note 6 to entry
have been deleted.]
3.21
reasonably foreseeable misuse
use of a product, process or service in a way not intended by the supplier, but which may result
from readily predictable human behaviour
Note 1 to entry: Readily predictable human behaviour includes the behaviour of all types of intended users.
Note 2 to entry: In the context of consumer safety, the term “reasonably foreseeable use” is increasingly
used as a synonym for both “intended use” and “reasonably foreseeable misuse.”
Note 3 to entry: Applies to use of examination results by a healthcare provider contrary to the intended
use, as well as use of IVD medical devices by the laboratory contrary to the instructions for use.
© ISO 2019 – All rights reserved
© ISO 22367 – All rights reserved 11

---------------------- Page: 13 ----------------------
oSIST prEN ISO 22367:2019
ISO/DIS 22367:2019(E)
ISO 22367
Note 4 to entry: Misuse includes abnormal use, i.e. intentional use of the device in a way not intended by
the manufacturer.
Note 5 to entry: Adapted from ISO Guide 63:2012, 2.8, to apply to medical laboratories. [SOURCE: ISO/IEC
Guide 51:2014, 3.7, modified- “a product or system” has been changed to “a product, process or service”,
and “can” has been changed to “may”. In addition, “Note 3 to entry to Note 5 to entry” have been added. ]
Note 6: Misuse is intended to mean incorrect or improper performance of an examination procedure or any
procedure critical for patient safety
[SOURCE: ISO/IEC Guide 51:2014, 3.14]
3.22
record
document stating results achieved or providing evidence of activities performed
Note 1 to entry: Records can be used, for example, to formalize traceability and to provide evidence of
verification, preventive action and corrective action.
Note 2 to entry: Gen
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.