Three standards, one integrated process.
ISO 13485 is the QMS framework. It specifies that certain processes must exist and be controlled.
It does not prescribe what those processes must produce in terms of specific documents or risk analysis outputs.
ISO 14971 is the risk management standard. It operates within the ISO 13485 QMS.
The risk management plan, hazard log, risk management report and post-market surveillance activities that ISO 14971 requires are all produced under ISO 13485 controlled processes. Without the QMS, the risk management outputs are not produced under a controlled system and their evidentiary value is weakened accordingly.
DCB0129 is the NHS clinical safety standard. It embeds the ISO 14971 risk management process and adds NHS-specific requirements: a named certified Clinical Safety Officer, a Clinical Safety Case Report, a Clinical Risk Management Plan, and specific documentation for DTAC C1 submission.
DCB0129 compliance does not require ISO 13485 certification. A product can be DCB0129 compliant and DTAC-ready without an ISO 13485 certified QMS.
However, a product cannot achieve Approved Body conformity assessment for UKCA or CE marking without ISO 13485 certification, regardless of how thorough the DCB0129 documentation is. The two pathways are independent and must both be completed for a product entering NHS procurement via formal contract and pursuing UKCA marking simultaneously.