ISO 14971:2019 vs FMEA methodology

Status
Not open for further replies.
#1
Hello,
Following-up on auditor risk analysis evaluation I have a concern on the way risk assessment is evaluated.

Indeed based on ISO 14971, the auditor assess the probabilty and the severity of the damage and do not find the same quotation as we did.
The fact is that applying FMEA methodology, we have assess the probability of the failure and the severity of the damage.

Therefore if we have to quote the probability and the severity of the damage, shall we still use a FMEA methodology?

Thanking you in advance for your thoughts,
 
Elsmar Forum Sponsor

Hi_Its_Matt

Involved In Discussions
#2
Hi mlo. I'm not sure I completely follow the question, but hopefully this help.

ISO 14971 defines Risk as "The combination of the probability of occurrence of harm and the severity of that harm." The idea is that companies should know which Harms their medical device could cause, and be able to describe both the severity of the harm and the probability of the harm. This allows the companies to determine whether the overall risk of that harm is acceptable (based on their pre-defined risk acceptability criteria).

For each Harm, companies are required to document the Hazards that can cause the Harms, and the Hazardous Situations in which those Hazards may be present.

Companies often assign a 1 to 3, 1 to 5, or 1 to 10 numerical value to different Severity rankings and Probability rankings, and multiply the two values to get an overall Risk Rating, which can then be compared against a risk acceptability matrix to evaluate the acceptability of the Risk.

FMEA is quite different in terms of its overall purpose. As the name implies, a Failure Mode & Effects Analysis is a tool for understanding how the device or process may fail (the failure mode), the reason why it failed (failure cause), and the effect of the failure on both the immediate process/device feature, and the overall device performance.

FMEA is similar to a device-level, harms-focused, 14971 risk assessment, in that it oftentimes has a calculation in it that is a combination of severity and probability. But as you alluded to, the probability in an FMEA is oftentimes the probability that a particular failure mode will occur. As with a 14971 risk assessment, the Severity in a FMEA is oftentimes associated with the end-effect of the failure - that is, the impact of the failure on users/patients/the environment.

This calculated value is often called a Risk Priority Number (RPN). It is the combination of the probability of a failure mode occurring and the severity of the end-effect of the failure.

RPN and 14791 "Risks" are common in that they are a combination or probability and severity, but they must not be confused with each other.

If you do not already have it, I highly recommend purchasing ISO TR 24971, the guidance document that accompanies 14971. It is incredibly valuable for understanding these concepts.
 

Enternationalist

Involved In Discussions
#3
FMEA is just one method, and by itself it is not sufficient to address all hazards.

14971 asks you evaluate probability of occurrence and severity of harms.

These are separate ideas. What is the area of confusion?
 
Last edited:
#4
The issue is that apparently Notified bodies that asked us to add a quotation for detection five years age are now asking us to remove upon the definition of the ISO 14971 and despite the ISO/TR 24971 which states that a detection criteria can be apply if detection risk mitigation measures are applied.
 
#5
The issue is that apparently Notified bodies that asked us to add a quotation for detection five years age are now asking us to remove upon the definition of the ISO 14971 and despite the ISO/TR 24971 which states that a detection criteria can be apply if detection risk mitigation measures are applied.
- This is interesting and really helpful to know! I have done this based on review of my Risk Management process, as I feel that RPN described in IEC 60812 is a linear approach. Therefore, have decided to stick with Severity and Probability of occurrence.

From review of ISO 14971 and 24971, my interpretation was that detectability can fall within the risk control process and evaluated here. As well as post market product failure risk reviews. This is where detectability is key from a usability perspective.
 

ThatSinc

Involved In Discussions
#7
FMEA asks you to evaluate probability of occurrence and severity of harms.
Respectfully disagree.

FMEA is used across multiple industries and evaluations and asks you to evaluate the probability and severity of *things* happening.
I use FMEA within medical device risk management to evaluate the probability of failure modes occurring, and the severity of those failure modes with respect to their impact on the device functionality and the creation of hazardous situations.
Whilst the impact on the device functionality is related to the harm that might occur - it's not a direct relationship.
Two different failure modes may cause hazardous situations and get a "4" rating but the harm that could occur as a result of those hazardous situations may be different.

14971 requires you to explicitly evaluate the probability of harms occurring, and the severity of those harms.
 

Bev D

Heretical Statistician
Leader
Super Moderator
#8
I’ve never interpreted it that way at all. FMEA is about severity of effect of a failure mode. And I’ve always interpreted - and taught - that effect means any harm done by the failure modes. My ratings include death, injury, continuing illness, disability, etc. as well as lesser ‘harms’ such as first aid needed, delayed diagnosis of a minor illness such as worms, incorrect drug application such as dewormer…

I think that 14971 simply reinforces that the effects to be particularly assessed are harms as many non medical people misuse FMEA (in many ways) to not include final harm. But FMEA itself doesn’t preclude assessment of harms; it requires it.

I’m all for addressing weaknesses and misuses of quality methods but let’s be honest about them.
 

ThatSinc

Involved In Discussions
#9
But FMEA itself doesn’t preclude assessment of harms; it requires it.
I'm not suggesting that FMEA can't be used in that manner, but it's not it's only purpose and not a requirement of it.

When auditors start expecting RCOA and RBA on every line of an extensive FMEA, performed by design/development teams that don't have a view as to the harm at a device/system level, as it's been conflated with with the broader requirement to assess the harms from a 14971 perspective, you start seeing issues.
 

Tidge

Trusted Information Resource
#10
As long as we are all describing different parts of the elephant...

One personal bête noire of Failure Modes Effects & Analysis efforts in medical devices (with respect to harms to patients, users, et al.) is that the typical methodology that links failure modes to harms almost always makes it impossible to know if the line of analysis (in the FME&A) is a control to mitigate the effect of the harm or is a potential cause of some harm that requires its own risk controls to avoid possibly contributing to that/any harm.

There are (well understood) risk management tools to speak directly to this beast, but I rarely see them used to my satisfaction. I only bring this up here because there are dimensions to FME&A (in medical devices) that often get folks talking at cross-purposes.
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
B ISO 14971:2019 amendment A11:2021 questions ISO 14971 - Medical Device Risk Management 5
Y BS EN ISO 14971:2019+A11:2021 released ISO 14971 - Medical Device Risk Management 3
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 11
B Timeframe for updating QMS / transitioning from ISO 14971:2012 to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 10
D ISO 14971:2019 vs MDR Annex 1, Requirement #4 - "Manufacturers shall inform users of any residual risks" ISO 14971 - Medical Device Risk Management 5
K Overall residual risk according to ISO 14971:2019 ISO 14971 - Medical Device Risk Management 5
M Gap analysis on ISO 14971:2019 with previous revision ISO 14971 - Medical Device Risk Management 12
Bill Hansen New ISO 14971:2019 Harm: unreasonable psychological stress, and cybersecurity ISO 14971 - Medical Device Risk Management 13
A EN ISO 14971:2019 does not include the Annex Zs ISO 14971 - Medical Device Risk Management 4
Ronen E Informational What's new in ISO 14971:2019 ISO 14971 - Medical Device Risk Management 2
T ISO 14971-2019 doubt - Evaluate if estimated risks are acceptable ISO 14971 - Medical Device Risk Management 9
Y When will Notified Bodies require MedDev manufacturers to fully implement ISO 14971:2019? ISO 14971 - Medical Device Risk Management 1
B Is 14971 Annex C checklist now in ISO/TR 24971 required to complete prior to 510k filing? ISO 14971 - Medical Device Risk Management 1
K Questions about Table C.1 examples of hazards in Annex C of ISO 14971. EU Medical Device Regulations 1
Q Harmonised Standards (EN ISO 13485 / EN ISO 14971) in MDR (2017/745/EU) ISO 13485:2016 - Medical Device Quality Management Systems 4
L PFMEA for test procedures (ISO 14971) ISO 14971 - Medical Device Risk Management 5
R ISO 14971 not harmonized ISO 14971 - Medical Device Risk Management 5
D ISO 14971 applicability in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 7
M ISO 14971 Determination of Competent Persons ISO 14971 - Medical Device Risk Management 4
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
S Practical Implementation of ISO 14971 ISO 14971 - Medical Device Risk Management 6
R Identify Medical Device characterstics as Annex C of ISO 14971 Risk Management ISO 14971 - Medical Device Risk Management 5
A ISO 14971 PFMEA Manufacturing Risk ISO 14971 - Medical Device Risk Management 2
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
B ISO 14971 Applied to Software ISO 14971 - Medical Device Risk Management 2
D Recent changes to ISO 14971 - SOP required for managing standard revisions ISO 13485:2016 - Medical Device Quality Management Systems 1
J ISO 14971 applied to ISO 13485? Low risk class 1 devices ISO 13485:2016 - Medical Device Quality Management Systems 5
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
P Risk acceptability alignment between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 6
S ISO 14971 Risk Management - Questions for Hazard identification ISO 14971 - Medical Device Risk Management 2
M Informational ISO 14971 / ISO TR 24971 revision update – atualizações sobre a revisão Medical Device and FDA Regulations and Standards News 1
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
D Risk management according to ISO 14971 - When to document risk controls? ISO 14971 - Medical Device Risk Management 10
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
Q Information for safety EN ISO 14971:2012 - Customer Risk Reduction ISO 14971 - Medical Device Risk Management 6
M Informational ISO TC 210 JWG 1 meeting in São Paulo – Revision of ISO 14971 and ISO TR 24971 – Medical Device Risk Management Medical Device and FDA Regulations and Standards News 0
A Our auditor requires us to attend a training on EN ISO 14971:2012 Other ISO and International Standards and European Regulations 3
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F IMDRF opened a Consultation on Annex E & F and the link to ISO 14971 ISO 14971 - Medical Device Risk Management 4
M Updates to EN 62366 & ISO 14971? Other Medical Device Related Standards 3
D IEC 60601-1 and ISO 14971 Assessment IEC 60601 - Medical Electrical Equipment Safety Standards Series 25
M Example ISO 14971 policy and risk criteria ISO 14971 - Medical Device Risk Management 2
P ISO 13485 and ISO 14971 - one mandates the other? ISO 13485:2016 - Medical Device Quality Management Systems 8
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
H Task analysis and ISO 14971 ISO 14971 - Medical Device Risk Management 9
M ISO 14971 and Stand-Alone Diagnostic Software ISO 14971 - Medical Device Risk Management 4
dgrainger Benefit - What is the definition of Benefit in ISO 14971? ISO 14971 - Medical Device Risk Management 7
Y Training as a risk control for ISO 14971 ISO 14971 - Medical Device Risk Management 13
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
thisby_ ISO 14971 - ALARP and P2 - New ISO 14971 does not allow the concept of ALARP? ISO 14971 - Medical Device Risk Management 3

Similar threads

Top Bottom