The requirement is for a product lifecycle approach. i.e. from initial concept to end-of-life disposal
The variety, complexity and wide range of applicability of risk management tools can be confusing, especially for those new to risk management. Too often, those responsible for overseeing the risk management of medical devices limit themselves to using basic FMEA – Failure Modes and Effect Analysis – or even a ‘slimmed-down' version of an FMEA. This is a mistake. And does not adequately implement ISO 14971, which should lead to a non-compliance finding.
The vast majority of medical device manufacturers claim to incorporate ISO 14971 into their QMS. Yet most offer a single FMEA as proof of compliance. This falls far short of what this standard and its companion, ISO/TR 24971, require. A product lifetime approach, which is the requirement, cannot be satisfied by a single FMEA.
In this post, we want to focus on the tools available and where they are most often applied (or where they should be most often applied). For Medical Device Manufacturers and for their component and other suppliers, the best information source here is the Annexes of ISO 14971 and of ISO/TR 24971, Guidance on the application of ISO 14971. We recommend you study …
- ISO 14971, Annex A: Fundamental Risk Concepts
- ISO/TR 24971, Annex A: identification of hazards and characteristics related to safety
- ISO/TR 24971, Annex B: Techniques that support risk analysis
- ISO/TR 24971, Annex C: Relation between the policy, criteria for risk acceptability, risk control and risk evaluation
Popular Tools and where they typically apply
It is not immediately obvious to the reader of ISO 14971 and ISO/TS 24971 as to where in the lifecycle of a product each of the tools should be applied. The table maps each of the tools against the lifecycle stage where typically they are used.
When to Use Specific Assessment Tools |
||||
|
Tools and Techniques |
Lifecycle Stage |
Comment |
||
| Design and Development | Production |
Operation and Use |
||
|
Preliminary Hazard Analysis (PHA) |
X | Most commonly carried out early in the development of a project when there is little information on design details or operating procedures and can often be a precursor to further studies. It can be useful when analysing existing systems or prioritizing hazards where circumstances prevent a more extensive technique from being used. | ||
|
Hazard and operability studies (HAZOP) |
X |
While the use of HAZOP studies in the chemical industry focuses on deviations from design intent, there are alternative applications for a medical device developer. A HAZOP can be applied to… - the operation/function of the medical device (e.g., to the existing methods/processes used for the diagnosis, treatment or alleviation of disease as the “design intent”), or - to a process used in the manufacture or maintenance/service of the medical device (e.g., sterilization) that can have a significant impact on the function of the medical device. |
||
|
Hazard Analysis and Critical Control Points (HACCP) |
X | This is a systematic approach to the identification, evaluation and control of hazards, and is best applied to established processes, particularly manufacturing processes. Applied to medical devices, HACCP is used for the control and monitoring of initiating causes of product hazards originating in the processes themselves. | ||
|
Design FMEA |
X | During all stages of product design and development. | ||
|
Process FMEA |
X | X | X | During the design and development process and continuing throughout the product life cycle. Production and postproduction feedback is often used to update FMEAs and/or verify them. |
|
Administrative FMEA |
X | X |
While Design and Process FMEAs are based on individual product components, FMEAs can also be applied to processes. Here, the risks associated with the individual activities that go to make up a process are examined, the associated risks are evaluated, and steps are taken to reduce unacceptable risks to an acceptable level. |
|
|
User (or Patient) FMEA |
X | X |
In this case, the effects of product or component failure during use, or unintended misuse, are considered. While most frequently applied to considerations of patient safety, application to the consumer, or end-user, satisfaction is also possible. This directly addresses the requirements of Clause 7.1 of ISO 13485. |
|
ISO 14971: Choosing the Right Risk Management Tool
Reference: deGRANDSON Course 723: Risk Assessment and Risk Management - Foundation
If you have any questions, please contact us. We're always delighted to help.
Related Courses
- ISO 13485 Lead Auditor
- ISO 13485 Lead Implementer
- ISO 13485 Lead Auditor Extension
- ISO 13485 Lead Auditor Refresher
Related Articles
- ISO 14971 Risk Management: 12 FAQs answered
- ISO 14971: Choosing the Right Risk Management Tool
- ISO 9001 and Risk-based Thinking - Some Practical Advice
- ISO 45001 requires Risk Management & not just Risk-based Thinking
- ISO 13485 Requires Risk Management & Risk-based Thinking
deGRANDSON Global is an ISO Certified Educational Organization
In
October 2021 we secured certification to three education-related ISO Standards. We now have a university-grade management system in place conforming to the requirements of …
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.