Risk Analysis of Software - ISO 14971:2007

J

jscholen

#11
In the "death" case you cited, if the failure which has a death severity, after some control measure, turned out just to cripple :) the subject, the severity would be reduced.
I think I understand where I am mis-communicating. We are talking two different things.

Cripple is a new failure mode. Death is still a viable failure mode that you can only reduce likelihood or occurrence. That's my point.

Due to the nature of the risk analysis of FMEA, you need to maintain a history of what you looked at and evaluated, thus the severity of a failure mode never changes, just it's likelihood or occurrence.

Hazardeous Situations is another form of risk analysis, ie, Fault tree Analysis-looking at top level hazards and hazardeous situations and driving down to failure modes.

If you cannot reduce the likelihood of a high severity failure mode and did your best to control it, then you need to do a Risk-Benefit analysis to determine if continuing to move ahead with your device is justified....all this risk analysis , control, mitigation, justification is summarized in your risk management report which encompasses everything you planned to do in your risk management plan at the beginning of your project which was done according to your risk management procedures.

Did that clear it up? =)
 
Last edited by a moderator:
Elsmar Forum Sponsor
J

jscholen

#13
:confused:

I guess it depends on how you conduct your failure analysis for FMEA? I need to think about this a little more.....:notme:
 

Marcelo

Inactive Registered Visitor
#14
Yes, Roland, death and cripple and the like are outcomes of hazardous situations, meaning, the severity component of risk management as stated in ISO 14971.

Maybe the problem here is a too heavy a reliance in FMEA (this would not be the first case i know).

FMEA is a risk analysis technique, not a risk management process (in fact, basically FMEA is just - failure mode - effect - cause). Risk analysis techniques are used, particularly in ISO 14971, to help in the hazard/hazardous situations analysis. Risk analysis is an important part, but really just a part of the whole risk management process. ISO 14971 does not require any particular risk analysis technique. In fact, you can use none, or, as i´ve been preaching recently, focus on a representation such as Figure E.1 from ISO 14971:2007 which has all the required analysis elements.

Some problems with FMEA:

- there has to be a "component failure" - i.e., failure mode. BUT, there can be risks, particularly regarding medical devices, which do not need a "component" failure (take usability for example).

- people tend to think that FMEA = risk management...or, worse, people keep adding things to FMEAS templates to try to build a "full" risk management process.

"Hazardous Situations is another form of risk analysis, ie, Fault tree Analysis-looking at top level hazards and hazardeous situations and driving down to failure modes. "
I think you´re totally misunderstangind the concepts. Hazardous situation is not "another form of risk analysis". And it´s not equal to FTA (FTA is "another" risk analysis technique - basically, effect - failure mode - cause).

The concept of hazardous situations is that, instead of worrying only about the general risk, you worry about the situations that got into the risk. The kind of tool you use to discover these hazardous situations does not matter, so you can use ANY analysis tool (FMEA, FTA, HAZOP, WHATEVER).

Again, please take a look at Figure E.1 from ISO 14971:2007.
 
Last edited by a moderator:

Marcelo

Inactive Registered Visitor
#15
I guess it depends on how you conduct your failure analysis for FMEA?
You surely can conduct your "faillure analysis" anyway you like...but, if you are doing it this way, the least i can say is that you´re not doing it accordingly to ISO 14971 (just to keep on the thread subject :))
 
Last edited by a moderator:
J

jscholen

#16
I think that I have been misunderstanding the whole point of this thread. i had to go back and re-read the whole thread after a few days of getting away from the discussion. See the forest rather then the trees....

My original statement regarding the change in severity was with respect to a specific effect when addressed by FMEA. I would agree with the notion that you can reduce severity of an outcome by addressing the specific hazard or hazardeous situation which leads to a harm....ie, eliminate 'death by crushing' by reducing the weight of equipment to only 'cripple by crushing'.

In my experience, I have found that severity values are not consciously addressed properly and thus changed without much thought. I was not thinking in a wholistic approach specific to Figure E.1 from ISO 14971:2007.

I was in MMantunes opinion misunderstanding the application, but in truth was not expanding the application.:eek: I understand the the misapplication of FMEA as the "risk management process", because I have experienced this bad habit at my last 2 companies and it was not until really dove into the 2007 version that I really began to understand we had huge gaps in our risk management process.

Hazardous situation is not "another form of risk analysis".
You are right! and ...I mis-applied the standard and now I understand it better, ie, FTA is another form of risk analysis.


Thanks to Roland and MMantunes and others for guiding me in the right direction.
 
R

Roland Cooke

#17
I have experienced this bad habit at my last 2 companies and it was not until really dove into the 2007 version that I really began to understand we had huge gaps in our risk management process.
1 down, only another 9,999 medical device companies to go! :cool:
 
M

mafjensen - 2011

#18
Try to get a copy of the draft:

IEC/TR 80002-1, Medical device software - Guidance on the application of ISO 14971 to medical device software.

It might be usefull. :)
 
M

Micked

#19
Getting back to the original post...
IMHO validation can never be a Risk Control Measure, you have to design some protective measure in there up front.
As a last resort you can always use labeling (ever seen those first pages of warnings in operator manuals?)

As to probability = 1, I think it is a problem how to handle it in the risk management process.
62304 does not allow us to reduce probability even if there are tons of protective software mechanisms implemented. That's feels unfair somehow :frust:

My current approach (for a software only product) is to use a system level FTA, with probabilities. This analysis includes the operators and their medical skills.
Then I use a FMECA for the software, with severities only.
 
I

icare2much

#20
Is it just me or was part 2 of the original post never really answered?

Considering probability = 1... I have TR80002 and I don't see how it answers the reduction in probability. In section 4.4.3 it gives the perfect example but IMHO never answers the problem:

Consider, for example, memory corruption resulting from a software ANOMALY. A checksum of the memory could detect the failure and reduce the probability of a HAZARDOUS SITUATION. The checksum does not guarantee any possible corruption would be detected. Rather, it would detect the vast majority of such corruption and thus lower the RISK to an acceptable level. Although the probability of a HAZARDOUS SITUATION cannot be estimated either before or after the checksum is implemented, it can be asserted that the probability of a HAZARDOUS SITUATION after the checksum is in place is lower than it was before implementing the checksum.
Huh? How do we assert that the probability is lower? The checksum is still software with a failure probability of 1, so now we have the probability of the event as 1x1=1... no change... :nope:

 
Thread starter Similar threads Forum Replies Date
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
T Risk analysis of QMS software - Validating software we use for QMS ISO 13485:2016 - Medical Device Quality Management Systems 5
B Software Class A - Lengthy further risk analysis IEC 62304 - Medical Device Software Life Cycle Processes 9
I Medical Device Software Risk Analysis ISO 14971 - Medical Device Risk Management 4
W Software Tool for Medical Device Risk Analysis - Recommendations please ISO 14971 - Medical Device Risk Management 4
A Software Risk Analysis training - Recommendations wanted Training - Internal, External, Online and Distance Learning 1
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
D Risk Analysis using Monte Carlo Simulation instead of Scoring and Heat Map Risk Management Principles and Generic Guidelines 2
E Normal Condition Hazards in Risk Analysis ISO 14971 - Medical Device Risk Management 3
M Risk Analysis Flow - Confusion between ISO 14971 and IEC 62304 IEC 62304 - Medical Device Software Life Cycle Processes 8
R ECG Risk Analysis Standards ISO 14971 - Medical Device Risk Management 2
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
M IATF 16949 (6.1.1 - Planning and Risk Analysis for a remote site) Process Maps, Process Mapping and Turtle Diagrams 5
D Risk Analysis & Technical File - What detail goes in the Risk Management Report ISO 14971 - Medical Device Risk Management 5
M An example of risk analysis of class I MD ISO 14971 - Medical Device Risk Management 36
B Grouping of Products for Risk Analysis ISO 14971 - Medical Device Risk Management 9
A Risk-benefit Analysis - Hazard Analysis (HA) and FMEAs ISO 14971 - Medical Device Risk Management 18
R The difference b/w FMEA & Risk analysis as per iso 14971 ISO 14971 - Medical Device Risk Management 8
K Risk Analysis Updates due to complaints ISO 14971 - Medical Device Risk Management 10
S The Severity of a Medical Device Hazard - Risk Analysis Clarification ISO 14971 - Medical Device Risk Management 6
Ed Panek Transition to IEC 60601 4th Edition - Risk Analysis and test submissions CE Marking (Conformité Européene) / CB Scheme 2
S In a risk analysis, how can we tie mobile app security breach to ISO 14971? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
Q Risk / benefit Analysis in Risk Management Report CE Marking (Conformité Européene) / CB Scheme 12
R IATF 16949 Clause 6.1.2.1 - Lessons Learned and Risk Analysis IATF 16949 - Automotive Quality Systems Standard 6
S Risk analysis 6.1 and contingency plans 6.1.2.3, are they related? IATF 16949 - Automotive Quality Systems Standard 26
W Biocompatibility Risk Analysis for Clinical Practitioner 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
F Risk Analysis of a Medical Device Accessory ISO 14971 - Medical Device Risk Management 4
S How we can use risk analysis for suppliers IATF 16949 - Automotive Quality Systems Standard 6
Q Risk Analysis - Same Risk Treatment for Context and Interested Parties ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
C Risk Analysis for COTS/OTS Risk Management Principles and Generic Guidelines 4
M IATF 16949 Cl. 8.7.1.4 - Risk analysis for decision making about rework IATF 16949 - Automotive Quality Systems Standard 2
E Risk Analysis - Events which may cause to Data Loss ISO 14971 - Medical Device Risk Management 12
W Risk Benefit Analysis - ISO 14971:2012 Requirements ISO 14971 - Medical Device Risk Management 27
F Medical Device HACCP (Hazard Analysis and Critical Control Point) Risk Management ISO 14971 - Medical Device Risk Management 2
Q Risk Tools in ISO 31010 - Root Cause Analysis vs. Cause-and-effect Analysis ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
S Organizing Risk Analysis and Controls for a New Medical Device (ISO 14971) ISO 14971 - Medical Device Risk Management 4
S Please review my Risk Analysis Table ISO 14971 - Medical Device Risk Management 13
K Risk Analysis and "Information for Safety" / Labeling ISO 14971 - Medical Device Risk Management 10
M Risk analysis - ISO/TS 16949 clause 7.2.2.2 IATF 16949 - Automotive Quality Systems Standard 2
C Help with Risk/Benefit Analysis Self-help Device for Diabetics ISO 14971 - Medical Device Risk Management 3
A FTA-Top/Down approach to Risk Analysis ISO 14971 - Medical Device Risk Management 2
A Industry best practice about Post-Market Surveillance and Risk Analysis ISO 14971 - Medical Device Risk Management 6
T Risk Analysis help for CE Marking Class I Medical Device ISO 14971 - Medical Device Risk Management 10
T Risk Analysis for moving manufacturing equipment ISO 14971 - Medical Device Risk Management 17
D Different kinds of Risk Analysis for various Hazards ISO 14971 - Medical Device Risk Management 3
L GHTF/SG3/N15R8 - Process Validation and Risk Analysis ISO 13485:2016 - Medical Device Quality Management Systems 4
R Risk Analysis of Class IIb Disinfectant ISO 14971 - Medical Device Risk Management 6
J Does anyone have an example of Risk-Benefit Analysis per ISO 14971? Other ISO and International Standards and European Regulations 2
P FMEA Risk Analysis Recommended Action Priority FMEA and Control Plans 2

Similar threads

Top Bottom