ISO 14971 · Pre-audit

Find every ISO 14971 risk gap before your auditor does.

What Gordios checks, and why it matters.

Book a demo

ISO 14971 in practice: what the standard actually requires.

The standard doesn't just require a risk analysis. It requires a system — iterative, documented, traceable — that runs across the entire device lifecycle.

A process, not a document

ISO 14971 is often treated as a project deliverable. It is in fact a continuous process: every device change, every incident, every field feedback should feed it. The analysis written during design is only a starting point.

End-to-end traceability

Every identified risk must be linked to its control measure, itself tied to a verification proof. Without this complete chain, the risk analysis exists on paper — but won't survive an audit.

The risk management report

Often written under pressure as a closing document, it must demonstrate that the overall residual risk is acceptable. Reduced to a formality, it becomes the first blind spot an experienced auditor will point out.

Links with the rest of the file

Labelling, IFU, verification tests — each of these documents must be traceable back to the risk analysis. A device that evolves without the analysis keeping pace creates silent inconsistencies — hard to detect, costly in audit.

What Gordios examines, point by point.

Every check is located in your documents. Every gap is explained — not a global score, but a traceable, actionable result.

Domain checkedWhat Gordios verifiesCoverage
Risk analysisHazard identification, risk estimation and evaluation, consistency with device characteristics Audited
Control measuresPresence, hierarchy (design / protection / information), traceability to verification proofs Audited
Residual risksPost-mitigation evaluation, disclosure in labelling and IFU, consistency with user information Audited
Risk management reportPresence, completeness, conclusion on overall residual risk acceptability Audited
Lifecycle and revisionsTraceability of updates after device modification or field feedback Audited
Cross-document consistencyLinks between the risk analysis and other technical file deliverables (tests, labelling, IFU) Audited

The chain every auditor follows.

A risk only holds up when it can be traced end to end. Gordios checks that the chain is unbroken.

Identified risk
Control measure
Verification proof
100+

ISO 14971 analysis points

80%

of audit-prep time saved

Minutes

to your first report

They trust us

A true digital auditor that pinpointed the gaps in my technical file in just a few minutes.
Thomas BalverdeThomas BalverdeRegulatory Affairs Manager
Connecting with Gordios early in the project saved me valuable time.
Sarah Souheil GebaiSarah Souheil GebaiCEO, TrembLess

How Gordios audits your QMS.

Three steps, on your real documents. No configuration, no prior training needed.

01
You import your documents

Risk analysis, Quality Manual, test reports, labelling, IFU — you upload what you have. Gordios adapts to your documentation structure.

02
Gordios audits against the 14971 grid

The tool verifies every point of the standard against your documents: presence, consistency, traceability. Automatically, with no manual intervention.

03
You receive a traceable report

Every result is located in your documents. Every gap is explained. You know what holds up and what needs attention — with the exact source to back it up.

The most frequent gaps Gordios detects.

Not poorly-made files — but files built without the auditor's perspective.

Common gap · 01
The analysis and the device no longer match

The device has evolved. The risk analysis still reflects an earlier version. The inconsistencies are seen only during audit time.

Common gap · 02
Control measures without proof

The measure is documented in the analysis. The proof that it was verified is not attached. The link is missing.

Common gap · 03
Residual risks not in the IFU

The analysis identifies residual risks to disclose to the user. The IFU, however, doesn't mention them — or not in a traceable way.

Common gap · 04
The report written at the last minute

Completed right before submission, the risk management report doesn't reflect the real process. The auditor sees it. The manufacturer, rarely.

Common gap · 05
Incidents not propagated

A field feedback or post-market incident should trigger a revision of the analysis. That trigger is often missing.

Common gap · 06
The measure hierarchy ignored

ISO 14971 enforces a hierarchy: design first, then protection, then information. In practice, teams jump straight to information — without documenting why.

ISO 14971 audit — common questions.

It checks your risk analysis, control measures, residual-risk evaluation and risk management report against the requirements of ISO 14971 — verifying presence, consistency and traceability across your documents.

Gordios performs an automated gap analysis to help you prepare. It is not a certification body; it shows you what an auditor is likely to flag before the real audit.

Most runs complete in minutes. You upload your documents and Gordios returns a located, traceable report — no configuration or prior setup required.

Your risk management file, risk analysis, verification and validation reports, labelling and instructions for use. Gordios adapts to your documentation structure.

Yes. Your documents are processed securely and are never used to train models or shared with third parties.

No — it augments them. Gordios removes the manual cross-checking so your experts can focus on judgement, not on hunting for missing links.

Want to learn more?

Schedule a meeting with one of our specialists to best address your needs!

Book a demo