FMEA (Failure Mode and Effects Analysis) is utilized to identify potential failure modes in the design or manufacturing of a product. But risks associated with medical devices are not created by failures alone. A product may never fail, but there are still potentially many other risks.
Some product teams still believe that FMEA “checks the box” for risk management. However, since the widespread adoption of ISO 14971, most companies treat FMEA correctly as a component of a larger risk management system, but they are often still performed in the same tool/process. The challenge is how to separate these functions to create the most effective risk management system possible.
ISO 14971:2019, FMEA, and Risk Management
The separation of FMEA from the risk management process is important because the goals of each of these activities are fundamentally different. For example:
- FMEA is a reliability tool for identifying, evaluating, and controlling possible failures with the design and manufacture/assembly of a medical device.
- Risk analysis as defined in ISO 14971:2019 is the "systematic use of available information to identify hazards and to estimate the risk" including both correct and reasonably foreseeable incorrect use/misuse.
Ultimately, FMEA should feed into a risk analysis process for failures that have the possibility of resulting in harm. The risks of combining FMEA and risk analysis into one process/tool are:
- Risks associated with a device that are not the result of failure may be missed.
- Failures not associated with a risk may either be missed or result in a 'needless' analysis where a harm is defined as 'No Harm.’
- Insufficient analysis of the likelihood of a Hazardous Situation ultimately leading to a Harm.
While it is becoming more accepted that combining these tools is not the correct approach, how they are split and what the connections are between them are still open for debate.
To begin with, let’s look at the different components of FMEA as defined in IEC 60812:2018 and Risk Analysis as defined in ISO/TR 24971:2020 (guidance on the application of ISO 14971).
In an FMEA, there are three main components:
- a Cause (set of circumstances that leads to failure).
- a Failure Mode (manner in which failure occurs).
- an Effect (consequence of a failure).
In a Risk Analysis, there are four main components:
- a Hazard (potential source of harm).
- a Hazardous Situation (circumstance in which people, property, or the environment is/are exposed to one or more hazards).
- a Sequence of Events (a sequence or combination of independent events that may lead to a Hazardous Situation).
- a Harm (injury or damage to the health of people, or damage to property or the environment).
Two Approaches to Integrating FMEA with Risk Management
1. Equating ‘FMEA’ with a ‘Risk Analysis’
One approach is to equate the components of an FMEA with the components of a risk analysis (i.e., a ‘Local/System Effect’ is the same as a ‘Harm’).
While convenient from a tool perspective, this approach does not align with ISO 14971. Medical devices can only result in Harm if a sequence of events occurs that results in a Hazardous Situation exposing one or more Hazards. The guidance text in ISO/TR 24971:2020 Section 5.4.3 states:
“In cases where a Hazardous Situation only occurs due to a fault, the probability of a fault occurring is not the same as the probability of the occurrence of Harm. A fault can initiate a sequence of events but does not necessarily result in a Hazardous Situation.”
Equating an Effect with a Harm over-simplifies the risk analysis process by making the assumption that all Failures ultimately lead to Harm.
2. Connecting ‘FMEA with ‘Risk Analysis’
Our extensive research, starting from zero, concluded that the connection between FMEA and Risk Analysis is through the ‘Sequence of Events’ component.
FMEA can be conducted and Causes (with associated likelihoods), Failure Modes, and Effects identified. Effects can then be assessed as to whether they have the potential to result in a Hazardous Situation.
- If they do not, the Failure Mode, Cause, and Effect remain as a reliability issue to be assessed and addressed.
- If they do, the Failure Mode, Cause, and Effect are connected to the Risk Analysis through a Sequence of Events.
Doing this allows us to maintain the work done in FMEA—the analysis of likelihood feeds into (but does not define) the likelihood assessment in the Risk Analysis (the P1 term described in Annex C.1 of ISO 14971:2019 and Figure 1 of ISO/TR 24971:2020, “P1 is the probability of a hazardous situation occurring”). Control measures identified in the FMEA can also be reused in the Risk Analysis assessment should they effectively contribute to lowering the risk. This helps to avoid work being done twice or competing risk control strategies being developed.
Risk management is complex with many considerations. Constant, consistent dialogue, and challenging different methods can help us all improve medical device development. We love talking about risk management, so please join the discussion here—which approach do you like?