This document specifies a process for a medical laboratory to identify and manage the risks to patients, laboratory workers and service providers that are associated with medical laboratory examinations. The process includes identifying, estimating, evaluating, controlling and monitoring the risks. The requirements of this document are applicable to all aspects of the examinations and services of a medical laboratory, including the pre-examination and post-examination aspects, examinations, accurate transmission of test results into the electronic medical record and other technical and management processes described in ISO 15189. This document does not specify acceptable levels of risk. This document does not apply to risks from post-examination clinical decisions made by healthcare providers. This document does not apply to the management of risks affecting medical laboratory enterprises that are addressed by ISO 31000, such as business, economic, legal, and regulatory risks.