Where does "as far as possible" stop? FMEA - EN 14971

[DamienL]

I'm sure this has been dealt with a thousand times, but couldn't find so am going to ask anyway. If I have an FMEA risk that I deem acceptable - say an occasional probability that something goes wrong which could annoy the user. So no clinical risk but it would be detectable by the user and so pose a potential commercial risk. But I'm OK with that, so have categorised this type of risk as acceptable.

Obvioulsy, with unlimited resources I could redesign to eliminate the occurrence altogether. But that doesn't make sense - the economic cost of eliminating would outweigh the commercial risk of leaving as is, and critically there is no clinical severity reduction available to me!! So my question is where does the EN 14971 requirement to reduce risk "as far as possible" stop? For the example above, can I make a statement in my FMEA that I have reduced AFAP simply because I've met (my own) criteria for an acceptable risk?

 

[John Predmore]

I think you want to reduce risk as far as possible with proven state-of-the-art solutions. To answer your question, the baseline alternative always available to the customer is to avoid using your device, so the risk of that alternative is your benchmark for risk as low as possible. As you spend more and more money to reduce risk of your device further, you reach an inflection point where the cost or inconvenience exceeds the benefit of your device, and then customers stop using it. As long as your device provides some identifiable positive benefit to mankind, customers are better off with your device than without it.

Over time, the cost/benefit curve shifts as expectations change and technology advances. Solutions which were previously unsupportable will eventually become viable and reliable, and then those solutions become state-of-the-art.

 

[mattador78]

I would apply the principle of as far as is reasonably practicable

 

[Sicco]

I would apply the principle of as far as is reasonably practicable

This method is not allowed anymore if am I right, you should use ALAP method instead of ALARA.

 

[Ed Panek]

What John P said. For example, some therapies are critical to have and the mitigation is to have them done in critical care settings. Given that death is the alternative, almost any cost is bearable. As long as you can demonstrate that your product results in greater patient safety than not having it available.

 

[Tidge]

Welcome to the next infernal circle of Risk Management, as envisioned and enforced by representatives of European NBs. As Low as Reasonably Practicable (ALARP) is (essentially) unacceptable.

My company's Risk Management process involves a RM Plan (and Report) with the primary document analyzing risks (and documenting controls) as a Hazard Analysis, The HA has subordinate FMEA (and software HA). We have explicitly been mandated by our NB that for each line of analysis (in all documents) to explicitly reduce risks (*1) as low as possible and to include a Risk-Benefit Analysis/RBA and Risk Control Option Analysis /RCOA (*2) for each line (of every document).

(*1) Internally, there is an opinion that the requirement to "reduce risks" (to any degree) in documents like FMEA is logically absurd. FMEA explicitly only review failure modes. Generally, the reduction/elimination of failure modes leads to risk reduction, but the risk reduction is only sensible at the Hazard Analysis level, because that is the level at which risks are identified an analyzed.

(*2) Risk Benefit Analyses used to be covered by the following guidance, but based on interaction with our NB things got weaker:

14971:2012 has a very useful guidance in D.6.3:

Those involved in making risk/benefit judgments have a responsibility to understand and take into account the
technical, clinical, regulatory, economic, sociological and political context of their risk management decisions.
This can involve an interpretation of fundamental requirements set out in applicable regulations or standards,
as they apply to the product in question under the anticipated conditions of use. Since this type of analysis is
highly product-specific, further guidance of a general nature is not possible. Instead, the safety requirements
specified by standards addressing specific products or risks can be presumed to be consistent with an
acceptable level of risk, especially where the use of those standards is sanctioned by the prevailing regulatory
system. Note that a clinical investigation, in accordance with a legally recognised procedure, might be required​

We took this to mean that if we subjected system elements (that are subject to industry-accepted consensus standards) to the requirements of their accepted standards, that certain categories of risk would be ACCEPTABLE, without having to worry about RCOA or bother with an RBA (for those specific risk categories). I'm still digesting the totality of 14971:2019, but as far as I know this guidance does not appear in this form, and our NB isn't letting us use this approach any longer. Practically, we are now required to produce line-by-line RCOA that more or less repeat the content of the 2012 guidance D.6.3, which quite frankly is a waste of time and dilute the risk files.

I am concerned that the requirement by our NB audit team may actually drive counter-productive behavior: if it becomes burdensome to do extra "no value added" actions on line items there will be a temptation to reduce the number of lines of analysis. It has been my experience that more lines of analysis are generally good (for reducing risk and improving designs) but only when they actually contain relevant information.

 

[indubioush]

I'm sure this has been dealt with a thousand times, but couldn't find so am going to ask anyway. If I have an FMEA risk that I deem acceptable - say an occasional probability that something goes wrong which could annoy the user. So no clinical risk but it would be detectable by the user and so pose a potential commercial risk. But I'm OK with that, so have categorised this type of risk as acceptable.
...

In your example, are you considering user annoyance as harm? What is the risk to the patient? ISO 14971 is not for analyzing commercial or business risk.

The idea that risks must be reduced as low as possible does not mean that you have to redesign the device to eliminate a minor risk. It means that instead of reducing risks down to a predetermined level and then calling it good, you need to evaluate whether you can do more. If you cannot reasonably do more to reduce the risk, and the benefits of the device outweigh the risk, the risk is acceptable.

 

[DamienL]

In your example, are you considering user annoyance as harm?

Yes I am because if you look at the risk matrix Table D.3 in EN 14971:2012, the lowest severity is defined as "inconvenience". If you've a relatively high occurrence of inconvenience, you've essentially got a business risk - you're not endangering anybody, but people will stop using your device.

What you're saying makes total sense to me, but I just can't reconcile it with 14971 which seems to be telling me to either a) redesign to drive down the occurrence of a minor risk, or b) make a statement in my risk analysis that I have reduced the minor risk to as far as possible (or per John P comment, "as far as possible usiing current state-of-the-art solutions").

My understanding of ISO-14971 is that we can stop trying to reduce risk when the risk is low (ALARP), but for the EN version, we have to keep trying until "as far as possible".

 

[indubioush]

It is up to you to define your severity levels. The matrix in the appendix is just an example. There is no risk unless there is harm to the user or patient. If you want to include inconvenience as a harm, you can. I doubt your Notified Body would ask questions about a risk involving user annoyance. You stated that you could only reduce this risk by doing a device redesign, which is not possible at this time; therefore, this risk is already as low as possible. Leave it at that and then go focus on higher risk items.

 

[Watchcat]

FMEA risk that I deem acceptable

If you are planning to purchase all of your devices yourself, then that works. If you are thinking someone else might purchase them, you probably want to consider whether they deem it acceptable.