Risk management vs FMEA
Risk management for medical devices is a comprehensive approach, including requirements for planning the development of a device, to the requirements for a device that is no longer on the market. Even though the standard in application of risk management to medical devices has been around for almost 15 years, there is still some confusion on what is risk management and FMEA.
What is risk management according to ISO 14971?
Risk management according to ISO 14971 should include a process that comprises everything from management’s involvement in risk management, to how one should manage risks after a device has been put on the market.
ISO 14971 indicates that the risk analysis is part of the risk management process, which is designed to identify hazards, decide what they can lead to and how much risk is associated with different hazards. Thus, risk analysis is only one part of several in the process as a whole. Often, however, the term risk analysis is used for risk management as a whole. In addition to that, risk analysis is sometimes used synonymously with Hazard traceability matrix.
What is FMEA?
FMEA stands for ”Failure mode and effects analysis”. There is an IEC standard that describes what FMEA is (IEC 60 812). If you turn to the ISO 14971 standard it states:
“Failure Modes and Effect Analysis (FMEA) is a systematic procedure for the analysis of a system to identify the potential failure modes, their causes and effects on system performance (performance of the immediate assembly and the entire system or a process).”
From this perspective of the ISO 14971 standard, FMEA is a reliability tool. The method is based on how failure of components or sub-systems of a product affect the system as a whole, and that is an important difference from risk management according to ISO 14971.
ISO 14971 is based on the hazards that may exist in the product, e.g. virus, gas at high pressure, radiation or a sharp edge. Based on these hazards, a number of events can be identified, which can lead to hazardous situations and harm to people, property or the environment.
Risk management video course
Take the free 30-minute introductory course of risk management for medical devices according to ISO 14971
FMEA according to IEC 60 812 takes the position of how a component may malfunction (local effect), such as break apart, fall out, change shape, and then analyses what kind of system effect it results in. This means that you cannot successfully work with FMEA until relatively late in the process of product development, because you need to have designed most components and sub-systems in order to determine how the components can fail and the consequences of that. As long as they are not designed, it is difficult or principally impossible to do the analysis.
The main difference between risk management according to ISO 14971 and FMEA is that FMEA is tended to only find the risks associated with something broken. In addition, FMEA does not deal with acceptable and unacceptable risks, but only provides a priority order in which to work with risks. The RPN number (Risk Priority Number) is derived from the FMEA method.
In FMECA, an extension in the form of the term ”Criticality” has been added to the abbreviation, i.e. one also studies the severity of harm to a patient/user due to a faulty component. With its addition, the method is more similar to risk management according to ISO 14971 as it identifies the harm. However, the method still emanates from component failures, and not hazards, which ISO 14971 does.
FMEA’s role in medical device risk management
If the product you are working with has essential performance, i. e. it has to function to be safe. If the product needs to function to be safe, the reliability is important, thus the FMEA should be considered. Even so, the FMEA will only be part of the overall risk management process and primarily focus on parts of the system that are essential to the performance.
If you perform only FMEA as defined in IEC 60812, you will not comply with the requirements of ISO 14971.
Would you like to learn more about Risk Management?
Get instant access to our online Risk Management for Medical Devices and ISO 14971:2019 course right here. In 6 hours, you can learn more about how to develop new medical devices and maintain them in organisations where design control requirements apply. This course is taken by quality assurance, project management, design engineering or those involved in R&D and product development teams.
Peter Sebelius (PMP) is a highly esteemed trainer, consultant and entrepreneur in the medical device industry. He is a member of the Joint Working Group that is revising the ISO 13485 and ISO 14971 standards.
He has vast ‘hands on’ experience too, having developed, amongst other things, a mechanical chest compression and an ex vivo perfusion machine for lungs. He has received numerous awards including the Great Design Award and the title “This year’s specialist” by Veckans affärer.