-2-1-1-1-1.jpeg?width=900&height=471&name=Risk%2002%20(1)-2-1-1-1-1.jpeg)
Using FMEA alone is a lazy choice and is no longer acceptable
ISO 14971, Medical Devices - Application of risk management to medical devices, is frequently misapplied, and if your ISO 13485 QMS Manual claims to use ISO 14971, you'd better use it properly.
As the publication of ISO 14971:2019 and the associated Technical Report (a guide) ISO 24971:2020 attests, some bastardized versions of FMEA alone will no longer be accepted. External Auditors will want to see that both standards have been adequately applied to the entire product lifecycle.
Risk Management Courses offer assessment tools and techniques and unique insight into risk management's practical application. However, the variety, complexity, and wide range of applicability of these tools can be confusing, especially for those new to risk management.
Too often, those responsible for overseeing an organization's risk planning, monitoring, and response limit themselves to using basic Failure Modes and Effect Analysis (FMEA) or even a slimmed-down version of FMEA. This is a mistake and is not compliant with ISO 14971. External Auditors expect two or more risk management tools to be used.
How to Avoid Making Common Mistakes When Using ISO 14971
As emphasized in our ISO 14971 courses ...
- DO NOT use FMEA alone: A single FMEA, usually a process FMEA, is typically used. This is unacceptable as the Standard requires risk management throughout the product lifecycle, from initial product concept to end-of-life disposal.
- DO NOT use a pFMEA focused on component failure alone: This is to completely miss the point of Clause 7.1 of ISO 13485, where it is the threat to patient/user safety in regular use and possible misuse of the product that is the primary concern.
- DO NOT neglect to maintain a Risk Management File (RMF). This file is required in addition to the requirements of Clauses 4.2.3 and 7.3.10 of ISO 13485.
- DO NOT forget to make periodic or adverse event-driven updates of Risk Management Tools/Methods: Risk management throughout the lifecycle of the product/device is required.
- DO NOT forget to keep a history of updates in the RMF: The reasons why updates were made to risk management records should be documented or referenced in the RMF.
- DO NOT be complacent about gathering Post-Market Surveillance data, and make sure to update Risk Management records accordingly (in addition to other actions that may be required).
When to Apply Risk Assessment Tools in the Product Lifecycle
It is not immediately apparent to the reader of ISO 14971 where each tool should be applied in a product's lifecycle. The table below maps each of the tools against the lifecycle stage where they are typically used.
Risk Assessment Tools in the Product Life Cycle
| Tools and Techniques | Life Cycle Stage | Comment | ||
|---|---|---|---|---|
| Design and Development | Production | Operation and Use | ||
| Preliminary Hazard Analysis (PHA) | X | It is most commonly carried out early in a project's development when there is little information on design details or operating procedures, and it can often be a precursor to further studies. It can be helpful when analyzing existing systems or prioritizing hazards where circumstances prevent a more extensive technique from being used. |
||
| Hazard and Operability Studies (HAZOP) | X |
While HAZOP studies in the chemical industry focus on deviations from design intent, there are alternative applications for a medical device developer. A HAZOP can be applied to:
|
||
| Hazard Analysis and Critical Control Points (HACCP) | X |
This is a systematic approach to the identification, evaluation, and control of hazards and is best applied to established processes, particularly manufacturing Applied to medical devices, HACCP controls and monitors the initiating causes of product hazards originating in the processes themselves. |
||
| Design FMEA | X |
During all stages of product design and development.
|
||
| Process FMEA | X | X | X | During the design and development process, it continues throughout the product life cycle. Production and post-production feedback is often used to update FMEAs and/or verify them. |
| Administrative FMEA | X | X |
While Design and Process FMEAs are based on individual product components, FMEAs can also be applied to processes. Here, the risks associated with the individual activities that make up a process are examined, and the associated risks are evaluated. Then, steps are taken to reduce unacceptable risks to an acceptable level. |
|
| User or Patient FMEA | X | X |
In this case, product or component failure effects during use or unintended misuse are considered. While most frequently applied to patient safety considerations, application to consumer or end-user satisfaction is also possible. |
|
| Fault Tree Analysis | X |
This is a systematic approach to identifying and evaluating fault conditions based on an analysis of possible causes. It is best applied to established processes, particularly manufacturing processes. A significant history of the process is needed, or much time and effort can be wasted. |
||
| Event Tree Analysis | X | An event tree is an analytical, diagrammatic representation of a chronological series of subsequent events or consequences based on the analysis of an initiating event. Event tree analysis provides a model for examining the possible outcomes of a single event. |
||
Risk management tools do not only apply to medical devices
While we focus on the risk associated with Medical Device manufacturing, you can no doubt find analogous opportunities to apply the tools to your organization. They are not limited to manufacturing; they are applicable to all business activities, both public and private sector.
The management of risk is fundamental to business improvement. So, be sure to give these tools a try.
Training is essential if you are to implement these Risk Management Tools successfully.
To fill this need, we have developed two Courses.
For Internal Auditors:
For Quality Managers and Consultants:
Related Articles
- The Swiss Cheese Model of Risk Management explained
- ISO 45001 requires Risk Management & not just Risk-based Thinking
- ISO 9001 Risk-based Thinking: DO's and DON'Ts
deGRANDSON Global is an ISO Certified Educational Organization
In
October 2021, we secured certification to three education-related ISO Standards. We now have a university-grade management system in place conforming to the requirements of …
We have chosen ISO 21001 certification because it is based on independent third-party assessment, unlike IRCA and Exemplar badges (which we believe are commercially compromised). It is a 'university grade' standard globally by schools, colleges, and universities to demonstrate their competence.
We provide Courses for ISO 9001, ISO 13485, ISO 14001, ISO 17025, ISO 27001, Iso 45001, Data Protection, Risk Management, and more.