Risk Matrix vs FMEAs

contigo123

Involved In Discussions
#1
Hello,

Under ISO 14971 FMEAs are a tool for determining risks, but I'm wondering how this is being linked to an overall risk matrix in practice. We currently have traditional FMEAs (using occurrence, severity, and detection rankings) but are looking to create a more robust process to cover no-fault, use issues, etc. I think we have a couple options, but wanted to see if anyone has feedback based on what they've seen in use:

Option 1: Keep using FMEA type files, so we would have a dFMEA, pFMEA, use FMEA, etc. But modify the FMEA columns and risk ratings to use occurrence x severity and a risk table, as well as other details to meet ISO 14971 requirements. The combined set of files becomes the overall Risk Matrix.

Option 2: Use FMEAs to generate list of risks, but then create a larger Risk Matrix. We would need to make sure we have traceability from the Risk Matrix back to the FMEAs. Also, some info (like mitigations) would be duplicated unless we remove them from the FMEA document.

Any other methods?

I guess I'm just trying to figure out if everyone is using a set of (modified) FMEAs as their risk assessment or if they use FMEAs as an input to a separate risk assessment document.

Thank you!
 
Elsmar Forum Sponsor

indubioush

Quite Involved in Discussions
#2
I have seen it done where there are modified FMEAs that include risks without fault conditions and then the information is copied up to an all-encompassing matrix. I find this strange, however, since FMEAs are specifically for failure modes. It is also normal to have FMEAs and then a separate hazard analysis that lists all hazardous situations in normal and fault conditions and provides reference to FMEA line items for hazardous situations associated with a fault condition. Did a basically repeat what you just said?

If you have a low risk device, one hazard analysis document could work. If you have a high risk device, you could have separate FMEA documents, a fault-tree analysis, and a hazard analysis matrix document that ties everything together. You can also have a separate document for the initial risk assessment, a hazards list, and a harms list. As long as you satisfy all requirements of ISO 14971, you are okay.
 

contigo123

Involved In Discussions
#3
I have seen it done where there are modified FMEAs that include risks without fault conditions and then the information is copied up to an all-encompassing matrix. I find this strange, however, since FMEAs are specifically for failure modes. It is also normal to have FMEAs and then a separate hazard analysis that lists all hazardous situations in normal and fault conditions and provides reference to FMEA line items for hazardous situations associated with a fault condition. Did a basically repeat what you just said?

If you have a low risk device, one hazard analysis document could work. If you have a high risk device, you could have separate FMEA documents, a fault-tree analysis, and a hazard analysis matrix document that ties everything together. You can also have a separate document for the initial risk assessment, a hazards list, and a harms list. As long as you satisfy all requirements of ISO 14971, you are okay.
Thanks for the feedback! It just seems like so much repetitive documentation and tedious traceability that needs to happen. I guess that's how we make sure we capture all the possible hazards!
 

Tidge

Trusted Information Resource
#4
My preference is to stick with a Hazard Analysis as the primary risk analysis tool, and only leverage FMEAs when:
  • you want to specifically drive (down) design choices as risk controls, and choose to analyze them in a DFMEA (and sometimes a PFMEA, such as for sterilization or factory calibration)
  • you want to analyze risks that can come (up) from manufacturing process methods (and some design choices)
  • I'm intentionally sidestepping Use FMEA since a good HA will incorporate the circumstances of use in individual lines of risk analysis, but that doesn't mean to imply that a UFMEA couldn't also be leveraged to support an HA.
A Hazard Analysis will drive you towards identifying & implementing controls and making an overall assessment of risk, but an FMEA will really only provide some information on the prioritization of which areas 'need' controls (based on identified failure modes).

I think a 'risk matrix' is most appropriate in a Hazard Analysis because if well-constructed you can see the risk profile at a glance... and I believe there is a meaningful difference between risks associated with high-occurrence/low-harm, and low-prioritized (potentially hypothetical) failure modes.
 
#5
But the initial question was to define a relationship between the risk matrix from the risk analysis (calculated with SxO) and the FMEA matrix that shows the result of severity, occurrence and detectability (RPN or AP) - correct?

Shall it be possible to accept a "yellow" design solution from your DFMEA, when the design mitigation is used to reduce the risk in the risk analysis to an acceptable level ("Green")?
 

indubioush

Quite Involved in Discussions
#6
Shall it be possible to accept a "yellow" design solution from your DFMEA, when the design mitigation is used to reduce the risk in the risk analysis to an acceptable level ("Green")?
Can you provide further clarification on your question? What do you mean by "yellow" design solution?
 
#7
Let's assume you are using 2 risk methods: the preliminary risk analysis (PHA) and the D-FMEA.
In your risk analysis you define a design mitigation that shall bring your residual risk into an "acceptable" (green) risk area.
You hand over that design mitigation as a requirement to your design input.

Now you switch your risk method, you are now using the FMEA method.
The purpose of the FMEA now is to ensure that your design works as intended.
You analyse the failure modes, to try to prevent and detect all relevant design failure causes.
That kind of analysis will be typically rated with RPN or AP. High RPN become red (e.g. 10x10x10=1000), some ratings get green (e.g. 1x1x1), some are in the middle (5x5x5=125).

After having selected the most appropriate preventive and detective methods (Before and after), the residual FMEA rating is "yellow" (e.g. 125).

Your risk mitigation from the PHA expects to have after risk mitigation an "Acceptable" risk.
Your design FMEA shows that corresponding failure modes have been adressed but the residual "risk priority" or "Action Priority" is still "yellow".

What are you doing?
Is that acceptable?
 

Tidge

Trusted Information Resource
#8
This is specifically about risk per 14971, not risk per any other interpretation.

Simple answer: Failure Modes Effects and Analysis only explore Failure Modes, not Risks.

Conjugate response to the simple answer: Many failure modes do not require controls; all risks must be minimized.

Slightly more complicated answer: FMEA can be misused, for (at least) two reasons:
  1. The "RPN" of FMEA is used against an arbitrary "action limit"; the action limit sets the level at which you (the designer, manufacturer) are supposed to automatically implement controls for the failure mode. This mode of thinking is completely independent of risk to patients and users (it can overlap, but it is practically coincidental)
  2. FMEA can be filled with "low RPN" failure modes. This can have the effect of appearing to "dilute" the end-effect of "high RPN" lines of analysis. An easy thought-trap to fall into: "Our FMEA only has one yellow line but 200 green lines, so we think we have done enough to control failure modes". <- I'm not saying that everyone falls into that trap, but by trying to use FMEA as your final risk analysis tool you have basically walked up to the trap and stuck your hand inside it.
My advice is that if you are trying to modify FMEA to handle Risk Analysis, you would be better served by adopting a different methodology and not try to force FMEA to serve this role. You won't be using the terminology of FMEA in a standard way, and even if it somehow satisfies the requirements of 14971 you will be wasting the time of third parties (NRTLs, NBs) to try to rationalize your approach... and even then you run a serious risk of missing something that is going to cause you heartache.
 

indubioush

Quite Involved in Discussions
#9
Your risk mitigation from the PHA expects to have after risk mitigation an "Acceptable" risk.
It is not value added to have an "expected" post mitigation risk. All risk reduction needs to be verified to ensure it actually decreases the risk. What does having an expected value do for you?
 
Thread starter Similar threads Forum Replies Date
A 5 x 5 Risk Matrix - Looking for a good example Manufacturing and Related Processes 2
D Risk Matrix used by my company ISO 14971 - Medical Device Risk Management 3
D Rationale for Risk Acceptability Matrix - ISO 14971 ISO 14971 - Medical Device Risk Management 9
A Risk Evaluation Matrix-Product Portfolio ISO 14971 - Medical Device Risk Management 13
V Risk Assessment Precedence - FMEA > Risk Matrix (Modified PHA) > Ishikawa? FMEA and Control Plans 11
D Developing a Supplier Risk Matrix Supplier Quality Assurance and other Supplier Issues 4
N Risk Acceptance - Consequence Matrix ISO 14971 - Medical Device Risk Management 12
R Risk Assessment Matrix Question - Inputs from the DFMEA, etc. FMEA and Control Plans 9
A 5X5 Risk Analysis Matrix for Suppliers Supplier Quality Assurance and other Supplier Issues 3
I Estimation of overall residual risk. How to? EU Medical Device Regulations 11
Sidney Vianna ISO Practical Guide on ISO 31000:2018 - Risk Management Other ISO and International Standards and European Regulations 0
T IEC 62304 : Risk control for SaMD IEC 62304 - Medical Device Software Life Cycle Processes 8
T Risk Assessment and Management Misc. Quality Assurance and Business Systems Related Topics 0
P Scenario based risk assessment IEC 27001 - Information Security Management Systems (ISMS) 1
Q KPI risk assessment - Criteria for the given score IATF 16949 - Automotive Quality Systems Standard 3
S Foreign Risk Notification Canada Medical Device Regulations 2
J HELP NEEDED ! Risk Management Exercise ISO 14971 - Medical Device Risk Management 12
O Should a Covid vaccine and testing policy be included as part of ISO9001 or AS9100 risk management? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Does 4.5 - Alternative RISK CONTROL apply to the Particular Standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
Q Measurement Equipment Revocation - Looking for a Disposal Form with Risk Assessment IATF 16949 - Automotive Quality Systems Standard 10
B ISO13485 Risk managment implementation for suppliers ISO 14971 - Medical Device Risk Management 2
Moncia Chemical risk assessment / COSHH Manufacturing and Related Processes 5
E Supply chain main policies ,scope, risk assessments & relavant KPI Supply Chain Security Management Systems 2
D Use Error Risk Controls and Control Verification ISO 14971 - Medical Device Risk Management 6
J Risk Assessment of Lithium Ion Batteries FMEA and Control Plans 3
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Does Risk Management apply to re-labeler (MDR) EU Medical Device Regulations 1
H Risk Management Plan in agile process ISO 14971 - Medical Device Risk Management 14
H Risk Analysis and Probability of Occurrence ISO 14971 - Medical Device Risk Management 3
B Risk analysis for defective measuring or measuring equipment out of calibration General Measurement Device and Calibration Topics 2
P Benefit risk analysis on pFMEA ISO 14971 - Medical Device Risk Management 9
B AS9102 - 3D printing a special tool required for assembly (counterfeit risk?) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
K Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 14
U Supply risk management Manufacturing and Related Processes 4
T Biological Evaluation (10993) & Risk Management ISO 14971 - Medical Device Risk Management 9
D Cybersecurity and Risk Management: Loss of confidentiality IEC 62304 - Medical Device Software Life Cycle Processes 5
Q FMEA and Risk assessment in Microsoft Access FMEA and Control Plans 6
I Realization processes input into overall risk ISO 14971 - Medical Device Risk Management 2
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
thisby_ Post Market/Production Risk Assessment ISO 14971 - Medical Device Risk Management 0
S Risk Management Review ISO 14971 - Medical Device Risk Management 4
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
S Risk Management and other Files ISO 14971 - Medical Device Risk Management 8
silentmonkey Overall Benefit/Risk Analysis - Risk Management VS Clinical Evaluation ISO 14971 - Medical Device Risk Management 3
N ISO 27001 for Jumb Burger - Risk Assessment sheet IEC 27001 - Information Security Management Systems (ISMS) 11
C Risk Assessment Tools ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
G Risk of stopping your customer's line IATF 16949 - Automotive Quality Systems Standard 4
S IVD risk class II devices for Brazil and MDSAP Other Medical Device Regulations World-Wide 0
M ISO 14971:2019: Criteria for overall residual risk ISO 14971 - Medical Device Risk Management 11

Similar threads

Top Bottom