Where does "as far as possible" stop? FMEA - EN 14971

DamienL

Starting to get Involved
#1
I'm sure this has been dealt with a thousand times, but couldn't find so am going to ask anyway. If I have an FMEA risk that I deem acceptable - say an occasional probability that something goes wrong which could annoy the user. So no clinical risk but it would be detectable by the user and so pose a potential commercial risk. But I'm OK with that, so have categorised this type of risk as acceptable.

Obvioulsy, with unlimited resources I could redesign to eliminate the occurrence altogether. But that doesn't make sense - the economic cost of eliminating would outweigh the commercial risk of leaving as is, and critically there is no clinical severity reduction available to me!! So my question is where does the EN 14971 requirement to reduce risk "as far as possible" stop? For the example above, can I make a statement in my FMEA that I have reduced AFAP simply because I've met (my own) criteria for an acceptable risk?
 
Elsmar Forum Sponsor

John Predmore

Quite Involved in Discussions
#2
I think you want to reduce risk as far as possible with proven state-of-the-art solutions. To answer your question, the baseline alternative always available to the customer is to avoid using your device, so the risk of that alternative is your benchmark for risk as low as possible. As you spend more and more money to reduce risk of your device further, you reach an inflection point where the cost or inconvenience exceeds the benefit of your device, and then customers stop using it. As long as your device provides some identifiable positive benefit to mankind, customers are better off with your device than without it.

Over time, the cost/benefit curve shifts as expectations change and technology advances. Solutions which were previously unsupportable will eventually become viable and reliable, and then those solutions become state-of-the-art.
 

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
#5
What John P said. For example, some therapies are critical to have and the mitigation is to have them done in critical care settings. Given that death is the alternative, almost any cost is bearable. As long as you can demonstrate that your product results in greater patient safety than not having it available.
 

Tidge

Quite Involved in Discussions
#6
Welcome to the next infernal circle of Risk Management, as envisioned and enforced by representatives of European NBs. As Low as Reasonably Practicable (ALARP) is (essentially) unacceptable.

My company's Risk Management process involves a RM Plan (and Report) with the primary document analyzing risks (and documenting controls) as a Hazard Analysis, The HA has subordinate FMEA (and software HA). We have explicitly been mandated by our NB that for each line of analysis (in all documents) to explicitly reduce risks (*1) as low as possible and to include a Risk-Benefit Analysis/RBA and Risk Control Option Analysis /RCOA (*2) for each line (of every document).

(*1) Internally, there is an opinion that the requirement to "reduce risks" (to any degree) in documents like FMEA is logically absurd. FMEA explicitly only review failure modes. Generally, the reduction/elimination of failure modes leads to risk reduction, but the risk reduction is only sensible at the Hazard Analysis level, because that is the level at which risks are identified an analyzed.

(*2) Risk Benefit Analyses used to be covered by the following guidance, but based on interaction with our NB things got weaker:

14971:2012 has a very useful guidance in D.6.3:

Those involved in making risk/benefit judgments have a responsibility to understand and take into account the
technical, clinical, regulatory, economic, sociological and political context of their risk management decisions.
This can involve an interpretation of fundamental requirements set out in applicable regulations or standards,
as they apply to the product in question under the anticipated conditions of use. Since this type of analysis is
highly product-specific, further guidance of a general nature is not possible. Instead, the safety requirements
specified by standards addressing specific products or risks can be presumed to be consistent with an
acceptable level of risk, especially where the use of those standards is sanctioned by the prevailing regulatory
system.
Note that a clinical investigation, in accordance with a legally recognised procedure, might be required​

We took this to mean that if we subjected system elements (that are subject to industry-accepted consensus standards) to the requirements of their accepted standards, that certain categories of risk would be ACCEPTABLE, without having to worry about RCOA or bother with an RBA (for those specific risk categories). I'm still digesting the totality of 14971:2019, but as far as I know this guidance does not appear in this form, and our NB isn't letting us use this approach any longer. Practically, we are now required to produce line-by-line RCOA that more or less repeat the content of the 2012 guidance D.6.3, which quite frankly is a waste of time and dilute the risk files.

I am concerned that the requirement by our NB audit team may actually drive counter-productive behavior: if it becomes burdensome to do extra "no value added" actions on line items there will be a temptation to reduce the number of lines of analysis. It has been my experience that more lines of analysis are generally good (for reducing risk and improving designs) but only when they actually contain relevant information.
 

indubioush

Quite Involved in Discussions
#7
I'm sure this has been dealt with a thousand times, but couldn't find so am going to ask anyway. If I have an FMEA risk that I deem acceptable - say an occasional probability that something goes wrong which could annoy the user. So no clinical risk but it would be detectable by the user and so pose a potential commercial risk. But I'm OK with that, so have categorised this type of risk as acceptable.
...
In your example, are you considering user annoyance as harm? What is the risk to the patient? ISO 14971 is not for analyzing commercial or business risk.

The idea that risks must be reduced as low as possible does not mean that you have to redesign the device to eliminate a minor risk. It means that instead of reducing risks down to a predetermined level and then calling it good, you need to evaluate whether you can do more. If you cannot reasonably do more to reduce the risk, and the benefits of the device outweigh the risk, the risk is acceptable.
 

DamienL

Starting to get Involved
#8
In your example, are you considering user annoyance as harm?
Yes I am because if you look at the risk matrix Table D.3 in EN 14971:2012, the lowest severity is defined as "inconvenience". If you've a relatively high occurrence of inconvenience, you've essentially got a business risk - you're not endangering anybody, but people will stop using your device.

What you're saying makes total sense to me, but I just can't reconcile it with 14971 which seems to be telling me to either a) redesign to drive down the occurrence of a minor risk, or b) make a statement in my risk analysis that I have reduced the minor risk to as far as possible (or per John P comment, "as far as possible usiing current state-of-the-art solutions").

My understanding of ISO-14971 is that we can stop trying to reduce risk when the risk is low (ALARP), but for the EN version, we have to keep trying until "as far as possible".
 

indubioush

Quite Involved in Discussions
#9
It is up to you to define your severity levels. The matrix in the appendix is just an example. There is no risk unless there is harm to the user or patient. If you want to include inconvenience as a harm, you can. I doubt your Notified Body would ask questions about a risk involving user annoyance. You stated that you could only reduce this risk by doing a device redesign, which is not possible at this time; therefore, this risk is already as low as possible. Leave it at that and then go focus on higher risk items.
 
Last edited:
Thread starter Similar threads Forum Replies Date
R Where does IATF 16949 address Process mapping? IATF 16949 - Automotive Quality Systems Standard 3
BeaBea Interesting Discussion Where Does Marketing/ Advertisement of Products fit in to ISO 9001? Process Maps, Process Mapping and Turtle Diagrams 38
A What if Contract Manufacturers does not have an ISO 13485 certificate? Where will the NB audit take place, at legal mfg. site or contract mfg. site? Other Medical Device Regulations World-Wide 3
D Where does FMEA fit in your ISO 14971 Risk Management process? ISO 14971 - Medical Device Risk Management 13
P Warning Letter 1999 - Where does the FDA make older warning letters available? US Food and Drug Administration (FDA) 4
M Where does our regulatory responsibility end? ISO 13485:2016 - Medical Device Quality Management Systems 11
K Where does the FDA post its various compliance dates? US Food and Drug Administration (FDA) 2
C Where does Quality Authority come from? Career and Occupation Discussions 4
J Where does process validation fit within design & development? Design and Development of Products and Processes 7
Q When does the FDA deem something "where appropriate"? 21CFR820.30(g) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 11
M Where does Document Revision Control Start? Rev 0 or Rev 1 Document Control Systems, Procedures, Forms and Templates 19
D Where does the QMS (Quality Management System) fit in your organization? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q Where does 5S technique fit into ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Mikael Where does OEE (Overall Equipment Effectiveness) belong? Quality Tools, Improvement and Analysis 11
F Where does Contact begin for Biocompatability? EU Medical Device Regulations 5
somashekar Where does RoHS stuff get audited by CB's? Quality Manager and Management Related Issues 3
S IEC 60601-1 3rd Gap analysis template TO BUY - Does anyone know where? IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
R Where does 20% Lot Qualification Rule Come from? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 4
G Customer Property Cl. 7.5.4 - Where does ISO 9001 stop and ISO 27001 start? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 33
R Where does the definition of ME (Medical Electrical) Equipment originate? IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
J Quality Organization - Does it matter where it reports to? Other US Medical Device Regulations 13
I Where does it state Supplier Corrective Action is required? Supplier Quality Assurance and other Supplier Issues 5
J Where does Lean Six Sigma Originate? Six Sigma 5
G 12 or 13 Men - Where does the extra man come from? Brain Teasers and Puzzles 5
S Where does least significant digit come into play? Measurement Uncertainty (MU) 8
T Organizational Charts - Where does the Quality Assurance Manager fit in Quality Manager and Management Related Issues 30
T Does anyone know where I can view Bac5300 Various Other Specifications, Standards, and related Requirements 2
A Where does the Lean Manufacturing philosophy / tool set come from? Lean in Manufacturing and Service Industries 32
H Where does the 16949 number in TS16949 come from? ISO Numbering System IATF 16949 - Automotive Quality Systems Standard 1
Wes Bucey Where does your hospital rank on quality? Hospitals, Clinics & other Health Care Providers 20
J GMP CFR 21 Part 210 or 211 - Where does GMP address Document Control Document Control Systems, Procedures, Forms and Templates 6
A Where does one find the complete list of ISO standards? Book, Video, Blog and Web Site Reviews and Recommendations 1
D Does anyone know where to buy an instant read dosimeter? ISO 13485:2016 - Medical Device Quality Management Systems 10
C What is Money for? Where does Barter come into play? Coffee Break and Water Cooler Discussions 19
E Where Does One Get Customer Specific Requirements? Customer and Company Specific Requirements 26
CarolX Where does Quality begin? Philosophy, Gurus, Innovation and Evolution 36
M Research and Development Process - Where does research end and development begin? Misc. Quality Assurance and Business Systems Related Topics 15
M Attribute Charting - Where does Cp and Cpk come into the equation? Capability, Accuracy and Stability - Processes, Machines, etc. 5
K Where and How Does Marketing Fit In? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
L Does anyone know where I can get documentation for the PUMA method. General Measurement Device and Calibration Topics 1
E SOP or system Work Instruction? Controlled Document - Where does one draw the line? Document Control Systems, Procedures, Forms and Templates 5
D Number of Distinct Data Categories:nDC: Where does the constant 1.41 come from? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 1
S Does anyone know where Guide 25/Palcan Training is available? Training - Internal, External, Online and Distance Learning 1
R Internal audit schedules - Where does it say that I need an annual schedule? Internal Auditing 13
Q Records where apply and stop recording everything? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Gage R&R - Where am I going wrong? Part of a FAIR submission (Aerospace) Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
C Where to place CE/label in Sterile IVD EU Medical Device Regulations 1
G New to ISO 9001 - Where to begin? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
K No IFU, where the requirements would go? EU Medical Device Regulations 5
T Assessing Hazard-Related Use Scenarios where control measures exist through standards IEC 62366 - Medical Device Usability Engineering 19
Similar threads


















































Top Bottom