Sponsored By

From Risk Planning to Risk Mitigation

Using standard practices can promote medical device risk reduction and continuous improvement.

Lori Gipp

March 1, 2008

9 Min Read
From Risk Planning to Risk Mitigation



If your risk files look like this, it's time to change your processes. Photo by iStockphoto

Many industries have developed a systematic approach to link risk assessment and planning in engineering with active risk mitigation in manufacturing. These practices move from their origins in automotive to aerospace and other industries. With best-in-class practices available, it's not surprising that many medical device manufacturers are adopting these tools.

A growing number of medical device manufacturers have adapted tools used by automotive and other manufacturers. This is particularly true for risk plans known as failure mode and effects analysis (FMEA) and their operational counterparts, control plans, to systematically reduce risks, issues, and defects in their products. FMEAs and control plans are proven techniques not only for mitigating risk, but also for driving continuous improvement.

FMEA for Failure Prevention

An FMEA is a technique that enables identification and prevention of process or product errors before they occur (see Figure 1). For medical devices, this simply translates into prevention of adverse events that could cause harm. For the most part, there are two different types of FMEA: process or pFMEA and design-product or dFMEA. Both types of FMEA are designed to analyze how the respective process or product design could fail and the likelihood that the proposed process or controls will prevent the problem.

If properly executed, an FMEA can assist in improving overall satisfaction and safety levels, and is far more preferable than a reactive approach. Despite minor differences in the product being manufactured, the core of the FMEA is the same. For each step or input, the following items are assessed:

  • Potential failure mode (what could go wrong).

  • Potential failure effect (influence on output).

  • Severity.

  • Potential causes.

  • Frequency of occurrence.

  • Current controls.

  • Proposed detection methods.

  • Risk probability number.

  • Recommended actions and responsible party.

  • Action results.


Figure 1. (click to enlarge) A document for failure mode and effects analysis (FMEA) should include these topics. The best way to handle data is through a series of questions noted on the right.

Developing FMEA is a team-based activity, generally performed within the engineering group. Subject matter experts in each area of the affected process are essential for realistic evaluation of any FMEA. Depending on the political climate or other issues, facilitators or upper-management support is needed to ensure that identifying risk at this stage is a positive contribution, and not subject to politics. Because of the nature of debate, it is often helpful when organizations first embark on using FMEA to include facilitators who can break logjams and promote decision making.

Control Plans

Aptly named, control plans systematically ensure that steps are in place to control the risks of the failure items identified in the FMEA. Control plans can be developed separately from FMEA. But to leverage the knowledge and expertise of the organization, deriving and linking control plans to FMEA is the recommended way to build control plans.


Understanding Risk Probability

Control plans provide a structured approach to potential chaos. It is a set of well thought-out reactions to process steps and part characteristics that have been identified by FMEA for potential failure. Special attention is given to high-risk-probability failures and characteristics critical to a customer or end-user. (See the sidebar to learn how to calculate risk probability.)

A control plan starts with the same information in the FMEA and adds the important control information regarding each potential failure, as follows:

  • Identification of control factors.

  • Detailed specifications and tolerances.

  • Metrics and measurement standards.

  • Sample size and frequency.

  • Control method.

  • Reaction plan.

Don't Forget Suppliers

FMEA and control plans are not just for use within the four walls of a plant. Supply chains are becoming more extended, and increasing levels of responsibility for component design and validation are being pushed down to suppliers. OEMs and their first- and second-tier suppliers need the ability to control the end product even if they don't have control over the production process within the suppliers. FMEA and control plans provide lynch pins between the supplier and customer.

It is important to remember that supplier-oriented FMEA teams should be both cross organizational and cross functional. Both the supplier and the customer should have representatives from their respective engineering and production staffs. In addition, representatives from the production floor (where the part will be produced and consumed) should be on the team. Evaluations for FMEA should also include packaging, transportation, and inspection people who are a part of the production chain.

Before FMEA was implemented, only the engineering people were heavily involved in the design and development of the product. FMEA is an ideal process to pull the operational team into the picture to evaluate potential problems and decide how the team can mitigate them. Teams must be able look at a design with a practical and critical eye to identify and mitigate risks before they occur. A team can split into smaller groups to drill down each risk identified and develop a control plan to manage each specific issue. Often there will be controls put in place both at the supplier site and at the customer site. The control plans and FMEAs can then be used to ensure that complete inspection plans are in place to identify any issues that can be mitigated at the customer inspection point.

With supplied parts being pushed downstream, customers may be tempted to hand the entire FMEA process to their suppliers as well. This is a shortsighted mistake that inevitably creates more product issue, returns, and rework than the initial effort would have involved.

FMEA helps OEMs get involved with their suppliers. Implementing FMEA ensures that all aspects of product development and management are working together to create and maintain efficiency.

Avoiding Dead Document Syndrome and Risk at the Same Time

One downfall of these systems is that control plans and FMEA both suffer from dead document syndrome. That is, when processes and designs are initially built, the necessary focus is brought to bear to anticipate issues. As testing and production phases are rolled out, these documents—built by engineering and carefully vaulted—are often artfully shelved and never looked at again.

By taking the control plans and FMEA information out of the vault and making them readily available to the people in manufacturing who can use it to efficiently run the business, companies can greatly reduce failure risk. Because FMEA and control plans enable communication between engineering and manufacturing, they contain valuable assumptions about risks and failures.

However, actual experience out in the field is always slightly different than expected. Using FMEA and control plans as living documents enables engineering and manufacturing to share collective corporate knowledge so that problems can be solved efficiently.

The question, therefore,­ is why can't companies make this happen. One explanation may be in the inherent differences in how engineering and manufacturing work. Engineering tends to be very document focused, and FMEA in particular can have lengthy, detailed documents. Manufacturing often needs fast, easy access to very small pieces of information. For example, manufacturing contingencies are interested in the following:

  • Inspection people need the specific inspection criteria on a part-by-part basis (by supplier) and down at the characteristic level.

  • Equipment people need detailed work instructions for a given process and product.

  • Skills and training people need up-to-date work instructions and need to know who is affected by a specific document change.

All of this information is in both an FMEA and the control plans. However, even if people in manufacturing have access to the document, they may not be able to efficiently find the information. And, if they could find the data, they would need to be cut and pasted or even retyped for these users' needs.

To make these documents viable and useful beyond their initial draft, they need to be automated in such a way that they are datacentric. Engineers can draft their traditional documents, but then the documents must provide the information to manufacturing as needed. As manufacturing runs into operational differences, or required engineering changes, they can use dynamic, data-driven FMEA and control plans to provide feedback on changes and issues. This way, engineering can be involved in an environment it is familiar with and can provide quick turnaround.

Beyond FMEA and Control Plans

There is no need to invent new risk management techniques. Technology can go a long way to making the knowledge held in FMEA and control plans an asset for the rest of the organization.

Too many organizations are suffering from an inability to string processes together to prevent risk in-house. FMEA and control plans are only the first few dominoes in a long chain that flow through manufacturing. Using these proven techniques can be the catalyst to reducing risk in an organization. Individuals who choose to connect them through their organization generally see reduced defects, leaner processes, and, most importantly, overall reduced costs to the organization.


In short, FMEA and control plans are proven tools for identifying and mitigating risk. Taking them out of the vault and letting them work for your organization involves a few key tactics.

Create FMEA with a data-driven architecture so that the information is useful beyond the engineering vault.

Where possible, ensure that data are integrated to mirror processes. For example, FMEA needs to mirror control plans, which in turn reflect inspection plans. Inspections must meet with nonconformances, leading to corrective actions. In addition, document changes have to mirror skills and equipment updates.

Ensure that people in manufacturing accessing information originating from FMEA and control plans know how to properly use them as a feedback loop to connect back to engineering.

With an FMEA-driven risk management process, organizations can move toward a process that shows reduced defects, scrap, and waste.

Lori Gipp is vice president of IQS Inc. (Cleveland, OH). She can be contacted at [email protected].

Copyright ©2008 Medical Device & Diagnostic Industry

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like