Medical Device Software Risk Analysis

Hello. Hoping I can get some help here. I currently work for an IVD company that has firmware, software, hardware, and a consumable in its device system. My question is whether I should do a software-only FMEA or if software associated risks can just be incorporated into another FMEA. I previously worked for an implantable device company, and there we did a design fmea, use fmea, and process fmea. Then I am used to a hazard analysis document that ties them all together. What is the norm for a device with software?


Ronen E

Problem Solver
I don’t think that there’s “a norm”; if you meet ISO 14971 you’re on a pretty good track.
Disclaimer: I’m not a software expert.


Trusted Information Resource
If you have separate teams that each want to own respective fmea, then having them separate makes sense. If you combine software into other documents, that's fine too.
It'll depend on your organization and complexity of the product.

Whatever you decide, as long as the software is covered, you're good.
Make sure, however, that both fault and normal use is considered, and that hazards and sequence of events from the different areas are tied together.


Super Moderator
Agree with the previous posts - there's no standard approach. We normally do a software FMEA just because it's easier for us to keep separate. (Note: the firmware should also be addressed!). IEC 62304 provides good guidance for the software-centric risk analysis. And while the standard may not be applicable for your IVD, IEC 60601-1 has a "PEMS" section that has some good hazard considerations for software / firmware.


Starting to get Involved
Many companies do a device hazards analysis that considers the system as a whole and includes software. Then, as design and development progress, they do additional hazards analysis that are more component based, like a software hazards analysis. Tools like FMEA and FTA can be used, but it is important to remember that they are tools that feed into the hazards analysis and do not suffice as the hazards analysis alone. As @mihzago mentioned, you must consider sequences of events arising from both, fault conditions and non-fault conditions.
Top Bottom