ISO 14971 mentions FMEA for Risk Analysis

[Mangafanga]

ISO 14971 (the application standard for software) suggests to use FMEA or FTA for Risk Analysis. But what I don’t understand is if I use FMEA then I don’t have a way to find hazards, hazardous situations and harm. I can only find potential failure modes, effects, causes, severity, detection, probability and control. My question is: do I need to find both? Shouldn’t risk analysis mean finding severity and occurrence of harm? Why do FMEA at all? And if both are required then how do you link them?

 

[Bev D]

In my experience and practice I use both. FMEA for basic process and product functions. And hazard / harm analysis for hazards and harm. There is some overlap in that the causes of functional failure can be external unintended use “hazardous conditions” and the effects of functional failures can be hazards that result in harm. Bottom line: use both in my experience.

But we often debate (argue) this point as too often a singe word can have specific and unique definitions under different standards adn industries and circumstances….so I will end my contribution in this thread now.

 

[Bev D]

OK I lied a bit: one more thing that is of paramount importance. It can destroy in well executed method of risk assessment: Placing a guess (desire, wish, hope, prayer) at occurence to justify not taking action against severe failures/hazards/harms. Where possible we need to TEST for occurrence (we can do it under worst case conditions to keep sample sizes down). Where not possible to test we cannot ignore or dismiss the first occurrence as a once in a lifetime, never to happen again thing. There are too many examples of this to count…

 

[Tidge]

Why do FMEA at all? And if both are required then how do you link them?

I agree that FMEA do not explore Risks from Hazards: by design they are self-limited to analyzing risks that derive from failure modes. Being unable to specify a failure mode does not mean that the device won't have a certain type of risk... if that is too abstract consider simply failing to recognize a failure mode!
Generally, there are three recognized types of FMEA:

1. Manufacturing (of the device) Process FMEA
2. Use (of the device) FMEA
3. Design (of the device) FMEA

A failure mode can result in either in the manifestation of a hazardous situation, and/or can manifest as an observable change in the likelihood of a hazardous situation resulting in a harm.

I recommend doing both a Hazard Analysis and supporting FMEA because I find it easier to demonstrate in an FMEA what the controls for a failure mode are, in something like a rationale (or at least self-consistent) way, e.g. a change in Occurrence ratings as mentioned by @Bev D. Personally, I find it impossible to believe "risk control option analysis" at an FMEA level, so I prefer that those happen at the HA level. Trying to do RCOA or a benefit-risk analysis at an FMEA level would not (IMO) be logically self-consistent... this also wastes a lot of time, as certain manufacturing processes may have valid failure modes analyzed but those failure modes may trace to risks that are actually controlled by some element of the design.

 

[Parul Chansoria]

@Mangafanga regulatory standards often recommend or require a multi-faceted approach to risk management. For instance, ISO 14971 (Medical devices — Application of risk management to medical devices) emphasizes the importance of a systematic risk management process that may include elements of FMEA, FTA, and hazard analysis. You can either use FMEA or FTA as both are tools to ensure your risk analysis is thorough. FMEA can be for design (DFMEA), process (PFMEA), and use (UFMEA).

Output of FMEA/FTAs can be >>>> Input to Hazard analysis.

The choice between Failure Mode and Effect Analysis (FMEA) and Fault Tree Analysis (FTA) for medical device risk analysis depends on the specific goals and characteristics of the analysis. Both of these tools have their strengths. Here are some more details:

1. FMEA (Failure Mode and Effect Analysis):
   • Strengths:
     • Systematic identification of failure modes, their causes, and effects.
     • Emphasis on assessing the severity, occurrence, and detection of potential failures.
     • Focuses on process steps, making it applicable throughout the product lifecycle.
     • Can be very well used for design, processes, and usability
   • Suitability:
     • Well-suited for analyzing individual failure modes, originating from different areas such as design, packaging process, etc., and their impact on the overall system.
2. FTA (Fault Tree Analysis):
   • Strengths:
     • Provides a visual representation of complex system failures and their root causes. Hence, easier to understand for complex systems.
     • Emphasizes logical relationships between events leading to a specific failure. I have seen this is easier for Engineers to use.
     • Useful for analyzing system-level failures and dependencies, so effective risk controls can be thought of.
   • Suitability:
     • Well suited for more complex products and can be used in combination with FMEA to supplement with the visual analysis.

Choosing the Right Tool:

• For Detailed Component-Level Analysis: FMEA may be preferable when detailed analysis of individual failure modes, their causes, and effects is required. I have recommended this to companies that are in early stages of product development.
• For System-Level Understanding: FTA may be more suitable when analyzing complex interactions and dependencies between various components or subsystems within the medical device. I have recommended this to companies with complex systems.
• Complementary Use: In many cases, a combination of both FMEA and FTA can provide a comprehensive risk analysis. FMEA can be employed for detailed analysis at the component level, while FTA can be used to understand how these individual failures may propagate at the system level.

Ultimately, the choice between FMEA and FTA depends on the specific goals and needs, and the depth of understanding required at different levels of the system.

Complexity plays a big role: The more complex your device the more number of tools and analysis approach you shall have to adopt to ensure comprehensive risk analysis. E.g., a robotic surgical system with several instruments, surgical arms for different purposes, accessories (reusable), etc. would need a very detailed analysis vs. a scalpel.

Hope this helps.
Best,
Parul Chansoria

 

[QuinnM]

If you are developing software, then in addition to 14971 look at 62304 Medical Device Software - Software Life-cycle Processes. 62304 is a FDA recognized consensus standard. I'm making this recommendation because 14971 pertains to medical devices.

 

[Vetty007]

FMEA doesn't fullfill the requirements of ISO 14971 and within my clients they often state to do a FMEA, but then try to add some aspects to fullfill the ISO requirements and finally end-up with something more confusing then helpful, but happy to have this topic solved. I recommend to follow the ISO requirements regarding the details given in the risk analysis, ending up with a simple risk analysis according to ISO 14971. Until now, having only such a risk analysis was accepted by the NB, but I think this is also depends on the kind of device.

 

[dangabor]

@Mangafanga regulatory standards often recommend or require a multi-faceted approach to risk management. For instance, ISO 14971 (Medical devices — Application of risk management to medical devices) emphasizes the importance of a systematic risk management process that may include elements of FMEA, FTA, and hazard analysis. You can either use FMEA or FTA as both are tools to ensure your risk analysis is thorough. FMEA can be for design (DFMEA), process (PFMEA), and use (UFMEA).

Output of FMEA/FTAs can be >>>> Input to Hazard analysis.

The choice between Failure Mode and Effect Analysis (FMEA) and Fault Tree Analysis (FTA) for medical device risk analysis depends on the specific goals and characteristics of the analysis. Both of these tools have their strengths. Here are some more details:

1. FMEA (Failure Mode and Effect Analysis):
   • Strengths:
     • Systematic identification of failure modes, their causes, and effects.
     • Emphasis on assessing the severity, occurrence, and detection of potential failures.
     • Focuses on process steps, making it applicable throughout the product lifecycle.
     • Can be very well used for design, processes, and usability
   • Suitability:
     • Well-suited for analyzing individual failure modes, originating from different areas such as design, packaging process, etc., and their impact on the overall system.
2. FTA (Fault Tree Analysis):
   • Strengths:
     • Provides a visual representation of complex system failures and their root causes. Hence, easier to understand for complex systems.
     • Emphasizes logical relationships between events leading to a specific failure. I have seen this is easier for Engineers to use.
     • Useful for analyzing system-level failures and dependencies, so effective risk controls can be thought of.
   • Suitability:
     • Well suited for more complex products and can be used in combination with FMEA to supplement with the visual analysis.

Choosing the Right Tool:

• For Detailed Component-Level Analysis: FMEA may be preferable when detailed analysis of individual failure modes, their causes, and effects is required. I have recommended this to companies that are in early stages of product development.
• For System-Level Understanding: FTA may be more suitable when analyzing complex interactions and dependencies between various components or subsystems within the medical device. I have recommended this to companies with complex systems.
• Complementary Use: In many cases, a combination of both FMEA and FTA can provide a comprehensive risk analysis. FMEA can be employed for detailed analysis at the component level, while FTA can be used to understand how these individual failures may propagate at the system level.

Ultimately, the choice between FMEA and FTA depends on the specific goals and needs, and the depth of understanding required at different levels of the system.

Complexity plays a big role: The more complex your device the more number of tools and analysis approach you shall have to adopt to ensure comprehensive risk analysis. E.g., a robotic surgical system with several instruments, surgical arms for different purposes, accessories (reusable), etc. would need a very detailed analysis vs. a scalpel.

Hope this helps.
Best,
Parul Chansoria

Thank you, Parul.

 

[Enternationalist]

You don't need to use any particular method, but you do need to use comprehensive methods. The reason FMEA and FTA are mentioned is because they are popular, and structurally similar to the way risk is composed in 14971. Theoretically, FMEA by itself is insufficient because it is definitionally about fault conditions - meaning that you omit all the risks related to normal fault-free operation. A similar argument can be made for fault tree analysis.

In practice, people usually use something for the system level that is structurally similar to FMEA or FTA, but expanded in scope to include everything required. Read the standard, shove everything it asks for into a spreadsheet, and you're in good shape. This sort of format is often given by test houses or auditing bodies.

Otherwise, choose an approach that makes sense for the task at hand. FMEA is suitable for component-by-component analysis, often a solid choice for things like circuitboards. FTA is suitable for branching pathways, often a solid choice for things like user workflow errors.