a
.

ISO 14971 - FMEA Alone is not enough

Tools commonly used for risk management

The requirement is for a product lifecycle approach. i.e. from initial concept to end-of-life disposal

The variety, complexity and wide range of applicability of risk management tools can be confusing especially for those new to risk management. Too often those responsible for overseeing the risk management of medical devices limit themselves to using basic FMEA – Failure Modes and Effect Analysis – or even a ‘slimmed-down' version of an FMEA. This is a mistake. And does not adequately implement ISO 14971, which should lead to a non-compliance finding.

The vast majority of medical device manufacturers claim to incorporate ISO 14971 into their QMS. Yet most offer a single FMEA as proof of compliance. This falls far short of what this standard and its companion, ISO/TR 24971, require. A product lifetime approach, which is the requirement, cannot be satisfied by a single FMEA.

In this post, we want to focus on the tools available and where they are most often applied (or where they should be most often applied). For Medical Device Manufacturers and for their component and other suppliers, the best information source here is the Annexes of ISO 14971 and of ISO/TR 24971, Guidance on the application of ISO 14971. We recommend you study …

  • ISO 14971, Annex A: Fundamental Risk Concepts
  • ISO/TR 24971, Annex A: identification of hazards and characteristics related to safety
  • ISO/TR 24971, Annex B: Techniques that support risk analysis
  • ISO/TR 24971, Annex C: Relation between the policy, criteria for risk acceptability, risk control and risk evaluation

 

Popular Tools and where they typically apply

It is not immediately obvious to the reader of ISO 14971 and ISO/TS 24971 as to where in the lifecycle of a product each of the tools should be applied. The table maps each of the tools against the lifecycle stage where typically they are used.

When to Use Specific Assessment Tools

Tools and Techniques

Lifecycle Stage

Comment

Design and Development Production Operation and Use

Preliminary Hazard Analysis (PHA)

X     Most commonly carried out early in the development of a project when there is little information on design details or operating procedures and can often be a precursor to further studies. It can be useful when analysing existing systems or prioritizing hazards where circumstances prevent a more extensive technique from being used.

Hazard and operability studies (HAZOP)

  X  

While the use of HAZOP studies in the chemical industry focuses on deviations from design intent, there are alternative applications for a medical device developer. A HAZOP can be applied to…

-           the operation/function of the medical device (e.g., to the existing methods/processes used for the diagnosis, treatment or alleviation of disease as the “design intent”), or

-           to a process used in the manufacture or maintenance/service of the medical device (e.g., sterilization) that can have a significant impact on the function of the medical device.

Hazard Analysis and Critical Control Points (HACCP)

  X   This is a systematic approach to the identification, evaluation and control of hazards, and is best applied to established processes, particularly manufacturing processes. Applied to medical devices, HACCP is used for the control and monitoring of initiating causes of product hazards originating in the processes themselves.

Design FMEA

X     During all stages of product design and development.

Process FMEA

X X X During the design and development process and continuing throughout the product life cycle.   Production and postproduction feedback is often used to update FMEAs and/or verify them.

Administrative FMEA

  X X

While Design and Process FMEAs are based on individual product components, FMEAs can also be applied to processes. Here, the risks associated with the individual activities that go to make up a process are examined, the associated risks are evaluated, andsteps are taken to reduce unacceptable risks to an acceptable level.

User (or Patient) FMEA

X   X

In this case, the effects of product or component failure during use, or un-intended miss-use, are considered. While most frequently applied to considerations of patient safety, application to consumer, or end-user, satisfaction is also possible. This directly addresses the requirements of Clause 7.1 of ISO 13485.

ISO 14971: Choosing the Right Risk Management Tool

 

 

Reference: deGRANDSON Course 723: Risk Assessment and Risk Management - Foundation

Conclusion

While our focus is on the risks associated with Medical Device manufacture, you can no doubt find analogous opportunities to apply the tools to any organization. And they are not limited in use to manufacturing; they are just as applicable to all business activities, both public and private sector.

The management of risk is fundamental to business improvement. So be sure to give these tools a try.

For Medical Device Manufacturers and their suppliers, you are now expected to offer more than a single FMEA. Notified Body and Certification Body Auditors now expect threats to patient/user safety to be addressed throughout a product’s lifecycle. The result: a single FMEA will result in a noncompliance. Don’t say we didn’t warn you

Select a button for full details. 

 

 

Learn about out ISO 14971 Risk Management - Foundation Course

 

 

Learn about our ISO 14971 Risk Management - Advanced Course

If you have any questions, please contact us.  We're always delighted to help.

 

Related Courses

Related Articles

 


deGRANDSON Global is an ISO Certified Educational Organization

InISO 21001 ISO 29993 ISO 29994  October 2021 we secured certification to three education-related ISO Standards.  We now have a university-grade management system in place conforming to the requirements of  …

  • ISO 21001, Educational Organizational Management System,
  • ISO 29993, Learning Services outside formal Education,  and
  • ISO 29994, Learning Services – additional requirements for Distance Learning.

We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment.  It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.

 

Written by Dr John FitzGerald

Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
Find me on:
 

Subscribe to Email Updates

Recent Posts