I'm going to repeat this: per 14971
Safety (or its opposite) is NOT the same as
harm, injury or damage to health. Safety has to be assessed for individual devices within their context of use. Harms can happen totally outside the context of the use of a medical device. We (medical device manufacturers) also don't try to assess safety for circumstances where "somebody doesn't want to use our device."
This is
radically different for other areas of (potential) regulation, including automotive (where someone
not using an automobile can be harmed by one) and bringing discussions about the utility of the
FMEA methodology for medical device risk management isn't helping to explore whatever it was that was the true root cause of the OP's message, further explained here:
The issue is that apparently Notified bodies that asked us to add a quotation for detection five years age are now asking us to remove upon the definition of the ISO 14971 and despite the ISO/TR 24971 which states that a detection criteria can be apply if detection risk mitigation measures are applied.
Now we (forum participants) don't have a lot of visibility to what the set of facts are re: the finding or the state of those files reviewed by the NB. Our initial responses were IMO quite generous to the OP considering that it is generally accepted by practitioners of 'modern' 14971 methods that FMEA are an incomplete method for satisfying 14971.... independent of any technical discussions about RPN and how it derives from 'ratings' such as (D)etection... which is a hot-button issue all by itself.
There are many ways to 'spin' the information provided by the OP in this thread without rehashing our own knowledge and prejudices. Perhaps I'm guilty of it... on my honor I
was waiting for more direct information from the OP before responding... I still have the sense that it is entirely possible that risk files in question are inadequate in other ways, or maybe the entire RMF could be bullet-proof but that the particular focus on (D)etection in some FMEA (design? use? manufacturing?) indicates that there is something about
that file that isn't well-explained or otherwise conflicts with the consensus understanding of the state-of-the-art? In the absence of more information, I do feel comfortable writing (for medical device manufacturers):
- If the key documents of a Risk Management File are FMEA, it is unlikely to be an issue-free experience with a NB.
- If FMEA play a large (subordinate) role in a RMF, the issue of (D)etection ratings/assessments is almost certain to get scrutiny.
On the second point: I've seen related but different (types of) questions come from (different) auditors. I don't want to be unfair to NB auditors, but given how busy the NBs are, I think the individual auditors are much more comfortable with either findings or OFI that steer manufacturers towards something that "even a green auditor could unambiguously observe as something that their bosses would casually recognize as compliant." In many ways it is obvious that the (European) auditors are working off a script, as I've witnessed different ones ask the exact same questions. In past years the RM script questions included "ALARP", one year it was "RCOA", this recent cycle has included Detection... and (D)etection gives an "in" to revisiting RMF that only have FMEA.