Thanks, Mark, your comments are very helpful to me.
I agree that this is a topic that far exceeds the capacity of a forum. I'm still going to work it for as long as anyone else is willing to respond, because it's been such an education so far. I feel the clock is ticking on this education, because of the approaching holiday.
I have just learned that there are those who may use RPNs in an effort to make...something...less subjective. What is particularly interesting to me is that those who do not think this approach is valid do not go so far as to use the antonym of subjective, only "less subjective."
As I understand it, you are equating judgment and interpretation with "subjective." I agree, but I also agree with those who think that calculations are not subjective. It is not the calculation that is subjective, but the assignment of the numbers that are used in the calculation. At least, as these are assigned in the medical device industry as I know it, from the vantage of my little tidepool.
I also agree that the critical piece is that risk management must be done from the beginning, which is to say, premarket. I have said before that it seems to me that there is a disconnect between premarket risk analysis and postmarket risk management I gather you have seen the same thing.
I get the impression that few ISO 14971 experts have experience assessing risk premarket. Instead, they typically inherit a risk assessment that already has all the subjective judgments and interpretations in place, and then apply ISO 14971 to manage risk from there. From there, it seems that all judgments and interpretations are relative to the original assessments, and, further, that the risk assessment is largely limited to whether or not information regarding a single risk should be increased from it original subjective judgment and interpretation? (Given the consequences potentially associated with "yes," if you want to see "subjective judgments and interpretations" in action, watching this process is a front row seat, frequently popcorn worthy.)
Whether risk management can, much less must, be done with the appropriate engineering judgment and knowledge depends on what kind of risks you are managing. If you are trying to manage the risks associated with the device half of a medical device, then I agree. If you are trying to manage the risks associated with the medical half of a medical device, then I do not.
------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com------------------------------
Original Message:
Sent: 25-Nov-2019 07:19
From: Mark Swanson
Subject: FMEA, RPN?
I have started responding on this thread a couple of different times, but realized each time that it is difficult to put these thoughts into a simple response. I think that is why there is so much misunderstanding and misinterpretation of the concepts in risk management.
As Bill and Dan have pointed out, there are many dangers in just applying the FMEA tool. It still takes the appropriate interpretation of what that means. It is too simplistic to just use this as a calculation of risk (or prioritization). This is why ISO 14971 talks about "combination of the probability of occurrence of harm and severity of that harm" and does NOT calculate it. It is an engineering characteristic that we want to use this as a calculation in an attempt to make it less subjective. The reality is that we cannot do this. It MUST have judgement and interpretation in the risk determination. I know that makes people uncomfortable, but that is the truth. Without the appropriate application of engineering judgement and knowledge, the tool breaks down.
A critical piece of this is that risk management must be done from the beginning and never stops until the end of product life. I see way too many organizations treat this as an item to complete on a checklist, this cannot be the case. You need to understand risk as you go into the design phase to know which design inputs to follow. The reality is that the team works to mitigate risks even without any tool. This is what you are doing as you consider the different design elements (you naturally choose a path with the least risk). No one wants to take on more risk than is necessary.
As to the FMEA tool...while it is common (and fairly widely accepted), I would submit that most organizations have changed what the tool in a way that makes it more useful (and really no longer just an FMEA). By adding the mitigation listing and testing, you add the traceability through actions to the verification of effectiveness (this is really documenting the preventive actions you have taken). If you add a determination of acceptability of residual risk, it is also your benefit-risk analysis tool. By adding these items, you have gone beyond the FMEA and into risk analysis, risk acceptance and can continue to use this throughout the lifecycle for risk management.
This could go on to further examples and discussion (especially if you want to continue with risk-based approach discussion), but the bottom line is that risk management must be done with the appropriate engineering judgement and knowledge and cannot solely rely on any numbers to calculate risk.
------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?
Hi all
Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing qualitative estimates rather than quantitative estimation?
Thank you.
------------------------------
Karen Zhou
------------------------------