Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

Design FMEA, Process FMEA, Component FMEA --> FDA requirements?

A

andymo13

#1
Hello everyone,

we conducted a design FMEA and a component FMEA but no seperate process FMEA. The component (or equippment FMEA) includes the process risks. Now I wonder ist the FDA requires to conduct both FMEAs separately? If so, where in the CFR ?
Can anything be said against doing both (equipment and process risk analysis) in one FMEA? :confused:

thanks for your answers in advance
 
M

MIREGMGR

#2
The FDA wants you to have an effective and comprehensive risk analysis and management process. They don't yet have detailed rules as to exactly how you must proceed. If your process is rigorous and you can coherently explain its effectiveness to a reviewer or inspector, it should be accepted.
 
#4
Hello everyone,

we conducted a design FMEA and a component FMEA but no seperate process FMEA. The component (or equippment FMEA) includes the process risks. Now I wonder ist the FDA requires to conduct both FMEAs separately? If so, where in the CFR ?
Can anything be said against doing both (equipment and process risk analysis) in one FMEA? :confused:

thanks for your answers in advance
I agree with MIREGMGR; Effectiveness matters the most;

but but would like to emphasize the SOP (Systems-adequacy & completeness)
viz.,Since you are covering the 'process' as part of equipment/component FMEA which most probably occurs at "later-part/before" of operations.; arn't u missing the opportunity in early design/development phases to identification-evaluation of process risks to the product!
 
A

andymo13

#5
Hi v9991,

thanks for your respond.

During developing we do conduct a seperate process and design FMEA but after design transfer into production there is only one FMEA which evaluate both.
I´ve looked into SOP which states that you ´ve to check each process step and each system part for potential risks.
In the FMEAs the boundaries between the process and the design are not clearly defined they rather merge.
At times it can be confusing/ easily to miss something
 

gholland

Involved In Discussions
#6
As part of your risk analysis you should be noting what risk control measures your process or design has. For example if you have a sensor to detect an out-of-tolerance condition then you should track this as a risk control measure. All of your risk control measures should be evaluated for effectiveness.

If you have done a proper job with your effectiveness checks you should easily be able to demonstrate you are properly controlling the process risk. Your Design Verifcations should take the same approach for design risk control measures, i.e. an alarm properly sounds when a failure is detected.


:2cents:
 

Ronen E

Problem Solver
Staff member
Super Moderator
#8
As part of your risk analysis you should be noting what risk control measures your process or design has... All of your risk control measures should be evaluated for effectiveness.
Could you please kindly state the specific regulation(s) that drive these "should"s?

Many thanks.
 
M

MIREGMGR

#9
Can you please kindly point out the regulation that this is based upon?
You might have noted my comment above:

They don't yet have detailed rules as to exactly how you must proceed.
However, it's easy to discern their risk expectation by paying attention to the stream of topical information from the agency and its managers, and by discussing the topic with submission examiners.

As one data point among many, see the strategic white paper at http://www.fda.gov/AboutFDA/ReportsManualsForms/Reports/ucm183673.htm, which discusses how FDA's fulfillment of its communication duty to the public is based on manufacturers' comprehensive awareness and communication of their products' risks.

We first noted that examiners were pushing for inclusion of a risk analysis section in 510(k)s about two years ago. I don't think that requirement appears in any of the how-to-submit-a-510(k) guidances yet, but that doesn't make their expectation any less real for submission preparers.

As I'm sure you're aware, it's hard to get along with the FDA if your stance is that you're only required to comply with legally defined regulations, and not their interpretative guidances and policies.
 
#10
Here is my attempt to address Ronen's queries.

FDA is probably kicking themselves for saying so little about risk management in Part 820 (see excerpt below), but that has not prevented FDA CDRH ODE reviewers and field investigators from expecting manufacturers to apply risk management principles.

820.30(g) Design validation shall include software validation and risk analysis, where appropriate.

When the QSR was released in 1996, ISO 14971:2000 did not exist yet, and EN 1441 (risk analysis) was the current risk standard. Hence, the term "risk analysis" instead of the broader term "risk management".

Although 21 CFR 820 (FDA Quality System Regulation) does not have "risk management" requirements that are as broad as in ISO 13485, FDA has in practice been expecting manufacturers to have a life-cycle risk management process per ISO 14971: 2007, which is an FDA recognized standard.

http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfStandards/detail.cfm?id=19639

As stated at the above link "A declaration of conformity to ISO 14971 may be used to satisfy the risk management needs for a Special 510(k)". This demonstrates FDA's focus on risk management.

The preamble for 21 CFR 820 (written in 1996) says more about risk (called risk analysis at the time) than the regulation itself. The current day risk management concepts per ISO 14971 are broader than just "risk analysis" but the concepts are the same.

http://www.fda.gov/downloads/Medica...dicalDeviceQualitySystemsManual/UCM122806.pdf

Here are some excerpts:

"Risk analysis must be conducted for the majority of devices subject to design controls and is considered to be an essential requirement for medical devices under this regulation, as well as under ISO/CD 13485 and EN 46001."

"FDA agrees that the degree of corrective and preventive action taken to eliminate or minimize actual or potential nonconformities must be appropriate to the magnitude of the problem and commensurate with the risks encountered. FDA cannot dictate in a regulation the degree of action that should be taken because each circumstance will be different, but FDA
does expect the manufacturer to develop procedures for assessing the risk, the actions that need to be taken for different levels of risk, and how to correct or prevent the problem from recurring, depending on that risk assessment."

"FDA has deleted the term ‘‘hazard analysis’’ and replaced it with the term ‘‘risk analysis.’’ FDA’s involvement with the ISO TC 210 made it clear that ‘‘risk analysis’’ is the comprehensive and appropriate term. When conducting a risk analysis, manufacturers are
expected to identify possible hazards associated with the design in both normal and fault conditions. The risks associated with the hazards, including those resulting from user error, should then be calculated in both normal and fault conditions. If any risk is judged unacceptable, it should be reduced to acceptable levels by the appropriate means, for example, by redesign or
warnings. An important part of risk analysis is ensuring that changes made to eliminate or minimize hazards do not introduce new hazards. Tools for conducting such analyses include Failure Mode Effect Analysis and Fault Tree Analysis, among others."
 
Last edited:
Top Bottom