Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

ISO 14971 and DCB0129: Alignment over Duplication

  • Published: May 6, 2026
  • Category: Industry Insights

Share this post

Headshot of a bald man wearing a tropical print shirt
Nick Pavard

Share this post

The recent article from NHS England on the relationship between ISO 14971 and DCB0129 is a helpful contribution to an area where we continue to see uncertainty emerge for NHS organisations and medical device manufacturers.

It is encouraging to see recognition that alignment between the two standards is possible. In practice, this reflects what many organisations are already doing or attempting to do, particularly those with mature ISO 14971 risk management systems. However, we still see friction in alignment. 

The article focuses largely on the potential drawbacks of alignment, with less attention given to the consequences of not aligning approaches at all. This friction can create misaligned expectations for suppliers and limit the NHS’s access to high-potential technologies. We believe that there should be equity between the standards where solutions exist to benefit the NHS.

ISO 1497
DCB0129 medical devices ISO 14971 and DCB0129: Alignment over Duplication DCB0129 medical devices

Shared foundations, different context

We have previously discussed the application of DCB0129 for medical device manufacturers with an established a QMS compliant with ISO13485 and ISO14971 in this blog.  Their integration is possible due to them being built on the same core principles:

  • Identification of hazards
  • Assessment of risk
  • Implementation of controls
  • Evaluation of residual risk

DCB0129 introduces additional NHS-specific expectations that medical device manufacturers must be aware of, particularly:

  • Clinical safety governance
  • Accountability through the Clinical Safety Officer role
  • Structured safety case reporting
  • Focus purely on clinical risk

These are important additions, but they do not require a completely different approach to risk management activities, just a slightly different lens. In most cases, they sit as minor additions to an existing ISO 14971-aligned system.

Where theoretical differences don’t translate.

The NHS article discusses how ISO 14971 considers risks to users and the environment, whereas DCB0129 focuses specifically on clinical risk.

While technically correct, this is often (but not always) of limited practical relevance for digital health systems.

Based on our experience, the majority of health IT products typically do not pose physical hazards in the same manner as conventional medical devices. They are unable to directly inflict mechanical harm or release energy/substances that result in environmental risks.

Instead, risk is primarily associated with incorrect, delayed, or missing information, misinterpretation of outputs, workflow disruption, or over-reliance on system behaviour.

In these contexts, ISO 14971 risk assessments for digital devices are already inherently clinical. The practical gap between the two standards is therefore much smaller than it may initially appear. Where non-clinical risks are present, these can be clearly categorised within the Hazard Log, allowing a well-structured view to present only those risks relevant to a DCB0129 audience

A common misunderstanding.

Manufacturers with established ISO 14971 processes often mistakenly believe their existing risk documentation satisfies DCB0129 requirements for NHS use.

While ISO 14971 proves a robust process, DCB0129 demands that risk is:

  • Clinical safety governance
  • Accountability through the Clinical Safety Officer role
  • Structured safety case reporting
  • Focus purely on clinical risk

We believe that organisations should focus on translating and aligning existing evidence to meet NHS expectations, avoiding unnecessary duplication, and this is the approach we take when we work with Medical Device manufacturers to comply with DCB0129.

The real risk: duplication and divergence.

Where alignment is not considered, organisations often default to running parallel processes for ISO 14971 and DCB0129.

This can lead to:

  • Duplicate risk assessments
  • Separate hazard logs describing the same system
  • Divergence in risk ratings, controls, and rationale

This is not just inefficient; it introduces its own form of risk.

We have seen instances where misalignment between documentation raises questions about traceability and the overall robustness of the risk management process. In some cases, this is compounded by organisational separation, where Clinical Safety Officers have limited or no interaction with quality assurance or regulatory teams responsible for ISO 14971 activities. This can result in risk assessments being developed in isolation, increasing the likelihood of inconsistencies across artefacts.

Feedback from Notified Bodies has consistently reinforced that inconsistencies between risk management artefacts are viewed unfavourably in conformity assessments, as they call into question the coherence of the overall system.

Compliance Silos.

Maintaining two overlapping risk management approaches has clear practical implications:

  • Increased resource requirements across clinical and regulatory teams
  • Ongoing maintenance burden as systems evolve
  • Greater likelihood of rework during audits and deployments

There is also a direct cost impact. Additional effort required to maintain parallel processes increases the burden on manufacturers, the cost of which is ultimately passed on to NHS organisations.

In a system where both funding and clinical safety expertise are finite, this becomes a question of proportionality. Effort spent duplicating processes and documentation is effort not spent in other crucial business areas, such as innovation.

Summary

While this discussion focuses on ISO 14971 and DCB0129, the challenge is not unique. Organisations are increasingly required to navigate multiple overlapping standards and regulatory frameworks.

Treating each as a standalone exercise creates duplication and fragmentation. A more effective approach is to develop a coherent system that satisfies multiple requirements simultaneously, improving consistency and reducing unnecessary burden.

The core mission for all involved in health technology risk management is to safely expedite innovative products to clinicians and patients. We believe this can only be achieved by reducing bottlenecks and duplication, no matter which standards are being discussed.

Need help aligning your Risk Management Plans?

Book a risk management consultation with a member of our team to find out how we can integrate your risk management approaches to comply with DCB0129 and ISO 14971.

Get in touch.

Other Articles​

Loading...
HoplonAI

8foldGovernance & HoplonAI Partner to Safeguard the AI Generation of Healthcare Innovation

Read More →

April 2, 2026
Title graphic reading 'Digital Mental Health: Inclusion by Design' with a team meeting photo background

Digital Mental Health: Inclusion by Design

Read More →

December 29, 2025
Speaker presenting on stage at the HLTH conference, title reading 'Navigating the UK's Health Tech Landscape: For Ambient Voice Technologies in the NHS'

Navigating the UK’s Health Tech Landscape: Building Foundations for Global Success

Read More →

July 2, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept