Where does "as far as possible" stop? FMEA - EN 14971

[Enternationalist]

There's a very simple rule of thumb that I use; if further risk controls would add additional risk or interfere with the intended use, the risk has been reduced as far as possible.

Scalpels present a cutting hazard, but you can't make them blunt or they won't perform their function. Add special coverings or mechanisms to them and you introduce new hazards related to extra parts, materials, diminished usability. Even things like extra labelling add visual confusion and distraction.

When a decent effort at risk mitigation has been made, this is often a pretty simple argument.

 

[akp060]

Hi,

When we use the term Risk and Hazard and what has correctly been mentioned by Tidge, FMEA is not the analysis tool, it is rather FTA or PHA. in FMEA whatever is the end effect, you should apply the other tools in that context and define you acceptability criteria in RMP. By doing so I hope you can avoid your own question and the need to justify it with design features or anything else. The threshold RPN is upto you provided you can justify the regulatory agency/NB.

Notwithstanding, whatever information you have provided makes it seem that you can definitely reduce the probability with some protective measure if that is practicable or definitely the labeling works but let's say your probability is like high as you mentioned like 9 or likewise, you can almost reduce it to 2-3 numbers lower as per your scale and effectiveness of that labeling measure, and if it is still not acceptable per your threshold, I am afraid the commercial risk is inevitable

 

[Silvia M]

Dear All
Our auditor, after reviewing the risk analysis, says:
1) Risk analysis used ALARP, but this differs from the concept of EN ISO 14971:2012 - ALARP incorporates an element of economic consideration. Per MDD, All risks must be reduced as far as possible without being room for economic considerations.
2) Overall residual risk acceptability is not documented in depth. (ref. Section 7 and Annex D.7 of EN ISO 14971:2012)
3) Post production information has not been reviewed regularly for the feedback to risk analysis.
It´s the first time that he says that about ours devices and I don´t know how I could correct this not conformity.
Thank you for your help!

 

[yodon]

Those sound like all valid findings. They're also fairly huge topics, probably not suitable for answering in the detail necessary in a post. I'll summarize my thoughts but there's way more detail needed.

I know there have been a lot of discussions here on how far to reduce risk. You can probably do a search here to find good information. Essentially, you're expected to reduce risk to the greatest extent possible. You stop when you cannot further reduce the risk. Admittedly, you frequently get into tap-dancing since some controls may, in fact, be too costly.

On #2, there has been greater emphasis on constructing a rational argument for why the benefits outweigh the risks. There have been good discussions here on this topic also. Do use the search capabilities. Although you may not be subject to US regulations, the FDA put out a guidance on risk-benefit analysis that, while for a slightly different purpose, I found the approach to be useful and auditors have accepted it.

On #3, that's quite clear in the standard and has been since publication. All your complaints, feedback, production data, adverse event info, info on competitor's devices, etc. should be reviewed for impact on your risk file. You may find, for example, that complaints indicate a particular risk is occurring more frequently than you originally estimated. Information may identify new risks that weren't originally considered.

You might want to consider getting a little expert help for a while to get the processes in place and your Risk Management program properly operating.

 

[Achilleas]

Concerning AFAP concept you may consider establishing in your risk management plan or process an end-point-logic which details when additional mitigations are required. Criteria for not reducing further the risk could be: a) if the risk has been mitigated according to harmonized or international standard b) if there are not any other possible mitigations that can reduce the risk c) if there are additional mitigation options, but will increase the overall residual riks (e.g. introduce new risks) or reduce the effectiveness/reliability/usability of the device. It may look "theoretical", but by establishing formally this logic in your process and performing this evaluation per risk record may address the concerns of the auditors.
And of course, do not establish risk acceptability criteria based on the risk score (e.g. Risk level < 4 : Acceptable) because this is by definition not "as far as possible".

 

[sharon1234]

Hi, first i hope im posting in the right place!

so i am curently trying to adress the requirement "assessement of overall residual risk" (ORR).
but im confused about what risks qualify under ORR.
per EN ISO 14971:2019 residual risk is : Risk remaining after risk control measures have been implemented.

but does it mean that when assessing ORR i dont include risks that were not reduced since they were determined acceptable in first place?
i would appreciate hearing your toughts!

 

[DamienL]

Hi Sharon,
I'm the original poster of the question, so by definition probably not the most qualified to give you an answer. But I'll try to sum up what I learned from this thread:

EN14971 requires you to reduce risks "as far as possible", even if you've deemed it "Acceptable". If the risks are acceptable and cannot be reduced further, then I would state this and you're done.

If the risks are acceptable but CAN be reduced even further, then EN14971 requires you to do so. For this one, there will be lots of situations where it makes no sense to reduce the risk any further, but where you can actually go ahead and reduce it - like moving the procedure to a DaVinci robot to reduce that last little risk of something going wrong! Unless you eliminate a risk altogether (even an acceptable one), it can probably always be reduced further and further. I don't think I got a clear answer from anyone on how to handle these types of risk, but there are some solutions implied!

The jist of my OP was about risks I had in my FMEA that are purely annoyances/nuisances - i.e., commercial risks that might stop a customer buying your product again. Personally I think it's good practice to include these in an FMEA, but per the definition of "harm" in the standard, my understanding is that you don't have to. If a "risk" doesn't cause harm, then it's not a risk as defined by the standard and you don't need to include it in your risk analysis. In my opinion, applying the definition of "harm" correctly is a critical first step to complying with the standard.

HARM: injury or damage to the health of people, or damage to property or the environment

So for these purely commercial risks, I explicitly stated in my FMEA that they do not cause harm (and therefore do not require risk reduction). However, for some of them we still went ahead and applied additional control measures. Not because 14971 required us to, but because we wanted happy customers.

To try to address your question, if you have run some risk control measures but they haven't reduced the risk, then it's probably because they were very low to begin with? You may want to ask yourself why you did risk reduction in the first place (refer again to the definition of harm), but for your case I would just record in your risk control document the same ORR pre and post and move on. I'd be intersted to know how others might handle it?
Damien

 

[Enternationalist]

Hi, first i hope im posting in the right place!

so i am curently trying to adress the requirement "assessement of overall residual risk" (ORR).
but im confused about what risks qualify under ORR.
per EN ISO 14971:2019 residual risk is : Risk remaining after risk control measures have been implemented.

but does it mean that when assessing ORR i dont include risks that were not reduced since they were determined acceptable in first place?
i would appreciate hearing your toughts!

In my opinion (and it is really just my opinion) the healthiest way to understand that requirement is that it wants you to consider your risk profile in a holistic sense. Let's do an everyday example.

I open my fridge, and see some leftovers. I'm hungry, but it could be risky to eat this! Let's say I go ahead and do some risk assessment;

Risk 1: The food isn't one that tastes great reheated. But I can mitigate this one by adding a bit of salt, maybe some hot sauce. Let's say that's acceptable by itself.

So far so good!

Risk 2: It's got a lot of rice, which is perfect for bacterial growth. I know that could mean toxic products, even after reheating! But, it got put into refrigeration immediately last night. It might make me a little sick, but probably not after just one night, and I'll cook it thoroughly. Let's say that's an acceptable risk by itself in my breakfast risk/benefit analysis.

Risk 3: Looking closer, somebody's taken a few bites already! Do I know they handled it properly? I'm already going to cook it thoroughly, so there's nothing I can do about this one - but it's unlikely that's going to cause problems; my partner's the only one who could've bitten it, and if their mouth is full of harmful products, it's too late for me anyways. Acceptable!

But just because each of these is acceptable doesn't mean the whole situation is. Maybe I'm okay with something that tastes bad, or something that might make me sick, or something that's had a bite taken out of it already. But am I okay with something that tastes bad, AND might make me sick AND has a bite out of it already? At that point, maybe I'll just go hungry (the benefit isn't worth the risk!)

This is the overall residual risk analysis. Risk is greater than the sum of its parts - just because individual aspects are acceptable doesn't mean the whole is acceptable. For this reason, nothing should really be excluded from your overall risk analysis - a whole lot of minor inconveniences that are negligible by themselves could add up to a device that is a nightmare to use and prone to user error.

So, I'd go by that general idea when evaluating overall residual risk- "Do all of these little things still add up to an acceptable situation?" - and operate in a logical and reasonable manner from that perspective, using the framework of 14971.

 

[mattador78]

In my opinion (and it is really just my opinion) the healthiest way to understand that requirement is that it wants you to consider your risk profile in a holistic sense. Let's do an everyday example.

I open my fridge, and see some leftovers. I'm hungry, but it could be risky to eat this! Let's say I go ahead and do some risk assessment;

Risk 1: The food isn't one that tastes great reheated. But I can mitigate this one by adding a bit of salt, maybe some hot sauce. Let's say that's acceptable by itself.

So far so good!

Risk 2: It's got a lot of rice, which is perfect for bacterial growth. I know that could mean toxic products, even after reheating! But, it got put into refrigeration immediately last night. It might make me a little sick, but probably not after just one night, and I'll cook it thoroughly. Let's say that's an acceptable risk by itself in my breakfast risk/benefit analysis.

Risk 3: Looking closer, somebody's taken a few bites already! Do I know they handled it properly? I'm already going to cook it thoroughly, so there's nothing I can do about this one - but it's unlikely that's going to cause problems; my partner's the only one who could've bitten it, and if their mouth is full of harmful products, it's too late for me anyways. Acceptable!

But just because each of these is acceptable doesn't mean the whole situation is. Maybe I'm okay with something that tastes bad, or something that might make me sick, or something that's had a bite taken out of it already. But am I okay with something that tastes bad, AND might make me sick AND has a bite out of it already? At that point, maybe I'll just go hungry (the benefit isn't worth the risk!)

This is the overall residual risk analysis. Risk is greater than the sum of its parts - just because individual aspects are acceptable doesn't mean the whole is acceptable. For this reason, nothing should really be excluded from your overall risk analysis - a whole lot of minor inconveniences that are negligible by themselves could add up to a device that is a nightmare to use and prone to user error.

So, I'd go by that general idea when evaluating overall residual risk- "Do all of these little things still add up to an acceptable situation?" - and operate in a logical and reasonable manner from that perspective, using the framework of 14971.

Its a bit like hoe I taught FMEA here I used the example of a sandwich order and the results if it was wrong and how did it happen to be wrong. Until then nobody really had got their heads around it even it the context of their jobs which they had been doing for decades. Now its a simple exercise, sometimes its context which is the greater learning tool more than content.

 

[cbartlett]

This is where doing the individual and overall benefit-risk analyses is especially useful. In my opinion, you cannot provide enough context for this in a table (like FMEA). Based on the new regs in Europe, this is my risk policy (it should be defined in your procedure to comply with ISO 14971:2019):

• The risk policy for all devices within the scope of this procedure is to reduce all known and foreseeable residual risks as low as possible without adversely affecting the Benefit-Risk Ratio.
• Regardless of whether the initial risk assessment is considered acceptable, risk control measures will be applied cumulatively until additional risk control options do not improve safety or adversely impact the intended use or benefit of the device. Risk acceptability will be determined by the Benefit-Risk Analysis.

The classic example which has been stated in this thread is dulling the edge of the scalpel is the only way to reduce the risk of accidental cuts as far as possible. The obvious response is that the benefit has been totally eliminated. This risk control measure has adversely affected the benefit-risk ratio of the scalpel. However, this is not the situation that most people struggle with when discussing AFAP.

I always keep in mind when determining when to stop is the mindset that the absence of benefit is a risk. Consider adding an RCM because it's possible, and it doesn't practically reduce the risk further, but it doesn't negatively impact the benefit either: should you implement it? Probably not, because you've just increased the complexity of the device without any benefit, so you've actually increased the risk (the opportunity for the device to malfunction, break, fail, fault, etc).