Regulatory Open Forum

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation? 

Thank you.

------------------------------
Karen Zhou
------------------------------

Yes, it's standard practice (the way we've always done it) and "quite subjective" is overestimating it, IMO.

Another question is whether you are trying to do a premarket risk analysis or set up a plan to manage risk postmarket.  There seems to be a disconnect between the two.  My experience with is with the former, not the latter.  I am aware that there are those who don't think the FMEA is the best tool for risk management, and I trust some of them will make their case to you. 

For my purposes, I've always looked to the FMEA solely for the identification of potential clinical harms (which I've found it is pretty good at, not to say some other approach might not be as good or better) and completely ignored the numbers.  The notion that a single number can tell you anything at all useful about a clinical harm is just...well...[censored].

This prior discussion may tell you more than you wanted to know:

https://connect.raps.org/communities/community-home/digestviewer/viewthread?GroupId=97&MID=12188&CommunityKey=5af348a7-851e-4594-b467-d4d0983b6d89&tab=digestviewer

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

While Julie and some may use RPN as a standard practice, it is NOT part of risk analysis under ISO 14971.  The definition of risk is combination of probability of occurrence of harm and severity of harm.  It is not probability of occurrence of a fault, detectability of fault, and severity of fault as in FMEA.  Detectability may be useful in determining in a Process FMEA where in the manufacturing process a fault may be detected in order to identify inspection points.  But, as you say it is quite subjective, and the numbers assigned are not quantitative, they simply identify levels of a qualitative measure.  

FMEA can be a useful tool to identify any faults not previously identified in the earlier risk analyses such as PHA.  But FMEA requires definition of the device and as such cannot occur before Design Outputs are identified.  Risk Management is considered to be a Design Input in ISO 13485:2016 and thus other techniques than FMEA are required to meet this requirement.  FMEA exists as a check tool in Design to assure that all hazards have been identified, then hazardous situations are considered in the risk analysis process.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Bill - your above post was published as I was preparing mine below (and therefore, I had missed it). But this is the kind of answers we are looking for and that we should try to collect in one place as an unofficial, yet useful Risk Management "Best Practices", "FAQ", or "Companion Document". I also wonder what recurring questions you (and other "Masters of Risk Management") get from the students in your classes or your customers and that are worth sharing with the RAPS RegEx community (notwithstanding any business interests that you may have a as consultant, which I do understand and respect, of course). With kindest regards,

------------------------------
Ary Saaman
Director, Regulatory Affairs
Lausanne
Switzerland
------------------------------

Original Message:
Sent: 21-Nov-2019 08:25
From: Edwin Bills
Subject: FMEA, RPN?

While Julie and some may use RPN as a standard practice, it is NOT part of risk analysis under ISO 14971.  The definition of risk is combination of probability of occurrence of harm and severity of harm.  It is not probability of occurrence of a fault, detectability of fault, and severity of fault as in FMEA.  Detectability may be useful in determining in a Process FMEA where in the manufacturing process a fault may be detected in order to identify inspection points.  But, as you say it is quite subjective, and the numbers assigned are not quantitative, they simply identify levels of a qualitative measure.

FMEA can be a useful tool to identify any faults not previously identified in the earlier risk analyses such as PHA.  But FMEA requires definition of the device and as such cannot occur before Design Outputs are identified.  Risk Management is considered to be a Design Input in ISO 13485:2016 and thus other techniques than FMEA are required to meet this requirement.  FMEA exists as a check tool in Design to assure that all hazards have been identified, then hazardous situations are considered in the risk analysis process.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Let us see if the upcoming revisions of ISO 14971 and (in particular) ISO/TR 24971 address such issues. Personally, even after being in this business for decades, I continue to be amazed about a number of recurring questions about risk management practices. They are brought up by well informed and motivated persons (like Ms. Karen Zhou or myself) in this forum and in other places. And I also hear them frequently in internal discussions in my company. Sometimes they just relate to the vocabulary (e.g., use of the word "mitigation"). Sometimes to basic issues, e.g., FMECA or FMEA, FMEA with/without RPN, or the preferred tabular format to document such analysis. If the revised ISO publications do not help us further in these matters, then would anyone that regularly contributes to this forum be willing to work with me on a "Best Practices" document (e.g., in an FAQ-format) in an attempt to intelligently nail down these recurring issues "once and for all"? Of course, we would share this document through this forum. I hope I am not too optimistic here … ;) . With kindest regards,

------------------------------
Ary Saaman
Director, Regulatory Affairs
Lausanne
Switzerland
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Ary, I think a lot of the confusion is due to a disconnect between those who write the regulations, guidances, and standards, and the industry itself.  It leaves us talking past each other.  It's hard when someone like Edwin Bills, who knows so much about ISO 14971, could think that an RA professional who deals with premarket risk analysis would use RPN as standard practice.  Or at all.

The medical device industry simply lacks the capacity (expertise and infrastructure) to manage clinical risk.   It's sort of like a someone (industry) with a vitamin deficiency (lack of risk management) who tries to resolve the problem by taking megadoses of supplement (ISO 14971), when the reason they have a deficiency isn't that they haven't been consuming "enough" of the vitamin, but because their system can't absorb it.  Sadly, it's very much like this, including that everyone involved thinks (or at least assures themselves and everyone around them) that the deficiency is being addressed when it isn't, so the damage caused by the deficiency continues unchecked.

It's a truism that, if you want to engage with someone effectively, "you have to meet them where they are."  That's not what happens with most regulations, guidances, and standards.  They are put together in isolation from the industry (although a lot of activity may occur in an effort to give the appearance otherwise) and then thrown over the industry like a blanket without any regard to, and limited understanding of, what lies beneath.  And so the blanket sits there, with superficial contact and no actual engagement with industry, and industry practice goes on underneath, pretty much as it always has.

One irony here is that, the more experienced you are in the industry, the more confusing these things can be, because of this disconnect.  What you find in the regulations, guidances, and standards simply doesn't mesh with what you find in industry.  If you are a newbie, the regulations, guidances, and standards may make wonderful sense as reading material, but then you find yourself swimming in the deep end of a pool that looks nothing like that.

The reason the FMEA and RPNs continue to be standard practice throughout much of the industry is that, for better or for worse, they are consistent with much of the industry's capabilities (and also its objectives, which is another matter entirely).

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 21-Nov-2019 08:58
From: Ary Saaman
Subject: FMEA, RPN?

Let us see if the upcoming revisions of ISO 14971 and (in particular) ISO/TR 24971 address such issues. Personally, even after being in this business for decades, I continue to be amazed about a number of recurring questions about risk management practices. They are brought up by well informed and motivated persons (like Ms. Karen Zhou or myself) in this forum and in other places. And I also hear them frequently in internal discussions in my company. Sometimes they just relate to the vocabulary (e.g., use of the word "mitigation"). Sometimes to basic issues, e.g., FMECA or FMEA, FMEA with/without RPN, or the preferred tabular format to document such analysis. If the revised ISO publications do not help us further in these matters, then would anyone that regularly contributes to this forum be willing to work with me on a "Best Practices" document (e.g., in an FAQ-format) in an attempt to intelligently nail down these recurring issues "once and for all"? Of course, we would share this document through this forum. I hope I am not too optimistic here … ;) . With kindest regards,

------------------------------
Ary Saaman
Director, Regulatory Affairs
Lausanne
Switzerland

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

And FYI : RAPS Switzerland Chapter will host a one day Educational Event entitled "Risk Management Revisited – implementing the MDR/IVDR and the latest ISO 14971 and ISO/TR24971 revisions". It will take place on February 24, 2020, in Bern, Switzerland. The Event program will be published shortly, i.a., on our Chapter website (https://www.raps-switzerland.ch/) . I am sure a number of interesting questions will come up during this Event as well as a number of interesting answers. Provided I find a bit of time, I am willing to post "Event highlights" in this forum. With kindest regards,

------------------------------
Ary Saaman
Director, Regulatory Affairs
Lausanne
Switzerland
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

The original development of FMEA was a reliability tool in WWII, primarily for electronics. It is just what the name says. A component fails in a specific mode, so analyze the effect on the equipment. For example, Resistor R17 fails open circuit. The analysis shows that the equipment no longer performs its intended function.

Later, people added a measure of the criticality of the effect creating the FMECA. One method is the Risk Priority Number, RPN, which is the usually the product of three factors (severity, frequency, and detectability) on a scale of 1 to 10.

An RPN is not a measure of risk, but of priority determining which failures and modes to address first. The higher RPN numbers have the higher priority. Notice in the scale that the smallest RPN is 1 and the largest is 1,000. However, not all numbers can be an RPN. For example, a prime number larger 10, such as 17, cannot be an RPN. There are other gaps as well – the numbers from 901 to 999 cannot be an RPN. There are only about 120 number that can be an RPN.

Also, the same RPN can occur in more than one way. Consider

RPN = S × F × D

RPN = 10 × 9 × 4 = 360

RPN = 4 × 9 × 10 = 360

In one case there is a high severity and in the other a low, but they get the same priority.

For a discussion of this issue see IEC 60812:2018 Failure modes and effects analysis (FMEA and FMECA)

Also, Don Wheeler has a cogent analysis of the problem and a solution at https://www.qualitydigest.com/inside/quality-insider-article/problems-risk-priority-numbers.html

Lastly, FMEA and FMECA are not appropriate for an ISO 14971:2019 analysis. That analysis starts with hazard which can occur in both normal and fault conditions. The FMEA/FMECA analysis is only failures. The ISO 14971:2019 analysis uses a sequence of event to move from the hazard to the hazardous situation. The FMEA/FMECA analysis considers single point failures only.

------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company. 
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

When it comes to the assessment of clinical harms, the use of numbers is a denial of clinical realities.  But if companies insist on using them for postmarket risk analysis, I think I will leave them to it.

For a premarket risk analysis, the numbers are also a waste of time and pixels.  I was delighted and relieved when CDRH published a numbers-free alternative in its guidance on early feasibility studies.  It's a work of art.

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.  

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com
------------------------------

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

I do not believe we are stuck with an either/or choice when it comes to risk analysis and FMEA.  Yes, ISO 14971 states the risk is a combination of the Probability of Harm (POH) and the Severity of Harm. But, it also states the POH is a combination of the Probability of a Hazardous Situation Occurring (P1) and the Probability of a Hazardous Situation Leading to Harm (P2) [sic. Likelihood of Harm]; P1 x P2 = POH.

I estimate P1 by looking sequences of events (i.e., failures) using tools, such as, FMEA to identify them and assign probability of occurrence.  These tools help me consider failure modes in use, design, production, service, software, etc.  A list of events or failure modes and assign probability can also be developed using other methods.  Either way, you need to identify specific events that lead to hazardous situations and assign probability.  I document P1 in the FMEA.

I estimate P2 by estimating the probability users will be harmed once they are exposed to the hazard.  The analysis looks at all potential severities the may occur. For example, an electrical source may result in current leakage and electrical shock.  Electrical shock can result in different harms with different levels of severity.  Users could report a mild shock with minimal health effect (i.e., minor severity); burns requiring medical attention but no long term effects (i.e., moderate), neurological damage with long term health effects (i.e., major), or cardiac arrest or death (Critical).  I look at P2 as the likelihood each of the identified harms will occur if a user is expose to electrical current.  Hypothetically, the effect on 1/100 (1%) users may be Minor; 1/1000 (0.1%) Moderate; 1/10000 (0.01%) Major; and 1/100000 (0.001%) Critical.  I document the P2 in the Hazard Analysis.

When estimating risk, I combine P1 (probability of failure occurring) and P2 (likelihood of harm) to derive POH. Then, combine POH and Severity to estimate risk.  All of this can be tabulated in an FMEA.  For simplicity, we will assume the worst case outcome for risk estimation. While P1, P2, POH, and S are rated on a scale of 1 - 5, I advise against calculating RPN in favor of reducing risk ratings to High, Medium, and Low.  You could use RPN, but only to prioritize risk mitigation activities.  They should not be used to establish boundaries for "acceptable" or "unacceptable" risk.  ISO 14971:2019 has clearly dismissed that practice.

I don't agree that FMEA or other risk tools are only for Design Outputs. They are living documents and should be started early in the design process and updated as new information is acquired. Risk analysis tools are used throughout the industry to assess product designs from a user or design perspective at the input phase or earlier.  FMEAs are one way to assess risk and determine if mitigation is required. The risk controls proposed as part of risk evaluation are key design inputs and requirements and documented as such.  Design outputs verify or validate the effectiveness of the controls. The outputs are the objective evidence used to estimate post-mitigation occurrence for the FMEA and determining if the risk has been reduced as far as possible.

Thank You

------------------------------
Wayne Schrier
Half Moon Bay CA
United States
------------------------------

Original Message:
Sent: 22-Nov-2019 10:59
From: Edwin Bills
Subject: FMEA, RPN?

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

What will you use as the basis for your estimates of the percentages of users who will be harmed upon exposure to each level of shock?

What will you use as the basis for your estimates of the percentages of users who will report a particular level of harm for each level of shock?





------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 22-Nov-2019 20:11
From: Wayne Schrier
Subject: FMEA, RPN?

I do not believe we are stuck with an either/or choice when it comes to risk analysis and FMEA.  Yes, ISO 14971 states the risk is a combination of the Probability of Harm (POH) and the Severity of Harm. But, it also states the POH is a combination of the Probability of a Hazardous Situation Occurring (P1) and the Probability of a Hazardous Situation Leading to Harm (P2) [sic. Likelihood of Harm]; P1 x P2 = POH.

I estimate P1 by looking sequences of events (i.e., failures) using tools, such as, FMEA to identify them and assign probability of occurrence.  These tools help me consider failure modes in use, design, production, service, software, etc.  A list of events or failure modes and assign probability can also be developed using other methods.  Either way, you need to identify specific events that lead to hazardous situations and assign probability.  I document P1 in the FMEA.

I estimate P2 by estimating the probability users will be harmed once they are exposed to the hazard.  The analysis looks at all potential severities the may occur. For example, an electrical source may result in current leakage and electrical shock.  Electrical shock can result in different harms with different levels of severity.  Users could report a mild shock with minimal health effect (i.e., minor severity); burns requiring medical attention but no long term effects (i.e., moderate), neurological damage with long term health effects (i.e., major), or cardiac arrest or death (Critical).  I look at P2 as the likelihood each of the identified harms will occur if a user is expose to electrical current.  Hypothetically, the effect on 1/100 (1%) users may be Minor; 1/1000 (0.1%) Moderate; 1/10000 (0.01%) Major; and 1/100000 (0.001%) Critical.  I document the P2 in the Hazard Analysis.

When estimating risk, I combine P1 (probability of failure occurring) and P2 (likelihood of harm) to derive POH. Then, combine POH and Severity to estimate risk.  All of this can be tabulated in an FMEA.  For simplicity, we will assume the worst case outcome for risk estimation. While P1, P2, POH, and S are rated on a scale of 1 - 5, I advise against calculating RPN in favor of reducing risk ratings to High, Medium, and Low.  You could use RPN, but only to prioritize risk mitigation activities.  They should not be used to establish boundaries for "acceptable" or "unacceptable" risk.  ISO 14971:2019 has clearly dismissed that practice.

I don't agree that FMEA or other risk tools are only for Design Outputs. They are living documents and should be started early in the design process and updated as new information is acquired. Risk analysis tools are used throughout the industry to assess product designs from a user or design perspective at the input phase or earlier.  FMEAs are one way to assess risk and determine if mitigation is required. The risk controls proposed as part of risk evaluation are key design inputs and requirements and documented as such.  Design outputs verify or validate the effectiveness of the controls. The outputs are the objective evidence used to estimate post-mitigation occurrence for the FMEA and determining if the risk has been reduced as far as possible.

Thank You

------------------------------
Wayne Schrier
Half Moon Bay CA
United States

Original Message:
Sent: 22-Nov-2019 10:59
From: Edwin Bills
Subject: FMEA, RPN?

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Julie,

You can find information on probability of hazards resulting in harm from a wide variety of sources, including, peer-review publications, MDR and AE reports, occupational health reports, standards, and popular press.  I found the following with a short Google search in the NCBI National Library of Medicine [Zematis, MR, et al., Electrical Injuries].  The authors state, "There are the approximate 1000 deaths per year, as a result of electrical injury. Of these, approximately 400 are due to high voltage electrical injuries... ...there are at least 30,000 shock incidents that per year which are non-fatal."  

I could simplify my list of harms to either death with a Severity 5 and non-fatal with a Severity of 4 (a conservative approach).  The P2s would be 1.3% (400/30,000) for Death and 98.7% for non-fatal.  The likelihood of harm would be Frequent (5 in a scale of 1-5) for either severity of harm due to electrical shock.  Assuming I found no other verifiable data, I would use these data for my initial estimation and update them as additional data became available.

------------------------------
Wayne Schrier
Principle Consultant and Owner
------------------------------

Original Message:
Sent: 22-Nov-2019 21:03
From: Julie Omohundro
Subject: FMEA, RPN?

What will you use as the basis for your estimates of the percentages of users who will be harmed upon exposure to each level of shock?

What will you use as the basis for your estimates of the percentages of users who will report a particular level of harm for each level of shock?





------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 22-Nov-2019 20:11
From: Wayne Schrier
Subject: FMEA, RPN?

I do not believe we are stuck with an either/or choice when it comes to risk analysis and FMEA.  Yes, ISO 14971 states the risk is a combination of the Probability of Harm (POH) and the Severity of Harm. But, it also states the POH is a combination of the Probability of a Hazardous Situation Occurring (P1) and the Probability of a Hazardous Situation Leading to Harm (P2) [sic. Likelihood of Harm]; P1 x P2 = POH.

I estimate P1 by looking sequences of events (i.e., failures) using tools, such as, FMEA to identify them and assign probability of occurrence.  These tools help me consider failure modes in use, design, production, service, software, etc.  A list of events or failure modes and assign probability can also be developed using other methods.  Either way, you need to identify specific events that lead to hazardous situations and assign probability.  I document P1 in the FMEA.

I estimate P2 by estimating the probability users will be harmed once they are exposed to the hazard.  The analysis looks at all potential severities the may occur. For example, an electrical source may result in current leakage and electrical shock.  Electrical shock can result in different harms with different levels of severity.  Users could report a mild shock with minimal health effect (i.e., minor severity); burns requiring medical attention but no long term effects (i.e., moderate), neurological damage with long term health effects (i.e., major), or cardiac arrest or death (Critical).  I look at P2 as the likelihood each of the identified harms will occur if a user is expose to electrical current.  Hypothetically, the effect on 1/100 (1%) users may be Minor; 1/1000 (0.1%) Moderate; 1/10000 (0.01%) Major; and 1/100000 (0.001%) Critical.  I document the P2 in the Hazard Analysis.

When estimating risk, I combine P1 (probability of failure occurring) and P2 (likelihood of harm) to derive POH. Then, combine POH and Severity to estimate risk.  All of this can be tabulated in an FMEA.  For simplicity, we will assume the worst case outcome for risk estimation. While P1, P2, POH, and S are rated on a scale of 1 - 5, I advise against calculating RPN in favor of reducing risk ratings to High, Medium, and Low.  You could use RPN, but only to prioritize risk mitigation activities.  They should not be used to establish boundaries for "acceptable" or "unacceptable" risk.  ISO 14971:2019 has clearly dismissed that practice.

I don't agree that FMEA or other risk tools are only for Design Outputs. They are living documents and should be started early in the design process and updated as new information is acquired. Risk analysis tools are used throughout the industry to assess product designs from a user or design perspective at the input phase or earlier.  FMEAs are one way to assess risk and determine if mitigation is required. The risk controls proposed as part of risk evaluation are key design inputs and requirements and documented as such.  Design outputs verify or validate the effectiveness of the controls. The outputs are the objective evidence used to estimate post-mitigation occurrence for the FMEA and determining if the risk has been reduced as far as possible.

Thank You

------------------------------
Wayne Schrier
Half Moon Bay CA
United States

Original Message:
Sent: 22-Nov-2019 10:59
From: Edwin Bills
Subject: FMEA, RPN?

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Wayne, indeed you can.  How much "finding" actually goes on in the hardware and software medical device industries (as opposed to the very different IVD industry) is a topic I will leave for another day, along with the separate topic of how much of it goes on at medical device startups.

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 25-Nov-2019 10:50
From: Wayne Schrier
Subject: FMEA, RPN?

Julie,

You can find information on probability of hazards resulting in harm from a wide variety of sources, including, peer-review publications, MDR and AE reports, occupational health reports, standards, and popular press.  I found the following with a short Google search in the NCBI National Library of Medicine [Zematis, MR, et al., Electrical Injuries].  The authors state, "There are the approximate 1000 deaths per year, as a result of electrical injury. Of these, approximately 400 are due to high voltage electrical injuries... ...there are at least 30,000 shock incidents that per year which are non-fatal."

I could simplify my list of harms to either death with a Severity 5 and non-fatal with a Severity of 4 (a conservative approach).  The P2s would be 1.3% (400/30,000) for Death and 98.7% for non-fatal.  The likelihood of harm would be Frequent (5 in a scale of 1-5) for either severity of harm due to electrical shock.  Assuming I found no other verifiable data, I would use these data for my initial estimation and update them as additional data became available.

------------------------------
Wayne Schrier
Principle Consultant and Owner

Original Message:
Sent: 22-Nov-2019 21:03
From: Julie Omohundro
Subject: FMEA, RPN?

What will you use as the basis for your estimates of the percentages of users who will be harmed upon exposure to each level of shock?

What will you use as the basis for your estimates of the percentages of users who will report a particular level of harm for each level of shock?





------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 22-Nov-2019 20:11
From: Wayne Schrier
Subject: FMEA, RPN?

I do not believe we are stuck with an either/or choice when it comes to risk analysis and FMEA.  Yes, ISO 14971 states the risk is a combination of the Probability of Harm (POH) and the Severity of Harm. But, it also states the POH is a combination of the Probability of a Hazardous Situation Occurring (P1) and the Probability of a Hazardous Situation Leading to Harm (P2) [sic. Likelihood of Harm]; P1 x P2 = POH.

I estimate P1 by looking sequences of events (i.e., failures) using tools, such as, FMEA to identify them and assign probability of occurrence.  These tools help me consider failure modes in use, design, production, service, software, etc.  A list of events or failure modes and assign probability can also be developed using other methods.  Either way, you need to identify specific events that lead to hazardous situations and assign probability.  I document P1 in the FMEA.

I estimate P2 by estimating the probability users will be harmed once they are exposed to the hazard.  The analysis looks at all potential severities the may occur. For example, an electrical source may result in current leakage and electrical shock.  Electrical shock can result in different harms with different levels of severity.  Users could report a mild shock with minimal health effect (i.e., minor severity); burns requiring medical attention but no long term effects (i.e., moderate), neurological damage with long term health effects (i.e., major), or cardiac arrest or death (Critical).  I look at P2 as the likelihood each of the identified harms will occur if a user is expose to electrical current.  Hypothetically, the effect on 1/100 (1%) users may be Minor; 1/1000 (0.1%) Moderate; 1/10000 (0.01%) Major; and 1/100000 (0.001%) Critical.  I document the P2 in the Hazard Analysis.

When estimating risk, I combine P1 (probability of failure occurring) and P2 (likelihood of harm) to derive POH. Then, combine POH and Severity to estimate risk.  All of this can be tabulated in an FMEA.  For simplicity, we will assume the worst case outcome for risk estimation. While P1, P2, POH, and S are rated on a scale of 1 - 5, I advise against calculating RPN in favor of reducing risk ratings to High, Medium, and Low.  You could use RPN, but only to prioritize risk mitigation activities.  They should not be used to establish boundaries for "acceptable" or "unacceptable" risk.  ISO 14971:2019 has clearly dismissed that practice.

I don't agree that FMEA or other risk tools are only for Design Outputs. They are living documents and should be started early in the design process and updated as new information is acquired. Risk analysis tools are used throughout the industry to assess product designs from a user or design perspective at the input phase or earlier.  FMEAs are one way to assess risk and determine if mitigation is required. The risk controls proposed as part of risk evaluation are key design inputs and requirements and documented as such.  Design outputs verify or validate the effectiveness of the controls. The outputs are the objective evidence used to estimate post-mitigation occurrence for the FMEA and determining if the risk has been reduced as far as possible.

Thank You

------------------------------
Wayne Schrier
Half Moon Bay CA
United States

Original Message:
Sent: 22-Nov-2019 10:59
From: Edwin Bills
Subject: FMEA, RPN?

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on. 

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.  

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust. 

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

Original Message:
Sent: 22-Nov-2019 20:11
From: Wayne Schrier
Subject: FMEA, RPN?

I do not believe we are stuck with an either/or choice when it comes to risk analysis and FMEA.  Yes, ISO 14971 states the risk is a combination of the Probability of Harm (POH) and the Severity of Harm. But, it also states the POH is a combination of the Probability of a Hazardous Situation Occurring (P1) and the Probability of a Hazardous Situation Leading to Harm (P2) [sic. Likelihood of Harm]; P1 x P2 = POH.

I estimate P1 by looking sequences of events (i.e., failures) using tools, such as, FMEA to identify them and assign probability of occurrence.  These tools help me consider failure modes in use, design, production, service, software, etc.  A list of events or failure modes and assign probability can also be developed using other methods.  Either way, you need to identify specific events that lead to hazardous situations and assign probability.  I document P1 in the FMEA.

I estimate P2 by estimating the probability users will be harmed once they are exposed to the hazard.  The analysis looks at all potential severities the may occur. For example, an electrical source may result in current leakage and electrical shock.  Electrical shock can result in different harms with different levels of severity.  Users could report a mild shock with minimal health effect (i.e., minor severity); burns requiring medical attention but no long term effects (i.e., moderate), neurological damage with long term health effects (i.e., major), or cardiac arrest or death (Critical).  I look at P2 as the likelihood each of the identified harms will occur if a user is expose to electrical current.  Hypothetically, the effect on 1/100 (1%) users may be Minor; 1/1000 (0.1%) Moderate; 1/10000 (0.01%) Major; and 1/100000 (0.001%) Critical.  I document the P2 in the Hazard Analysis.

When estimating risk, I combine P1 (probability of failure occurring) and P2 (likelihood of harm) to derive POH. Then, combine POH and Severity to estimate risk.  All of this can be tabulated in an FMEA.  For simplicity, we will assume the worst case outcome for risk estimation. While P1, P2, POH, and S are rated on a scale of 1 - 5, I advise against calculating RPN in favor of reducing risk ratings to High, Medium, and Low.  You could use RPN, but only to prioritize risk mitigation activities.  They should not be used to establish boundaries for "acceptable" or "unacceptable" risk.  ISO 14971:2019 has clearly dismissed that practice.

I don't agree that FMEA or other risk tools are only for Design Outputs. They are living documents and should be started early in the design process and updated as new information is acquired. Risk analysis tools are used throughout the industry to assess product designs from a user or design perspective at the input phase or earlier.  FMEAs are one way to assess risk and determine if mitigation is required. The risk controls proposed as part of risk evaluation are key design inputs and requirements and documented as such.  Design outputs verify or validate the effectiveness of the controls. The outputs are the objective evidence used to estimate post-mitigation occurrence for the FMEA and determining if the risk has been reduced as far as possible.

Thank You

------------------------------
Wayne Schrier
Half Moon Bay CA
United States

Original Message:
Sent: 22-Nov-2019 10:59
From: Edwin Bills
Subject: FMEA, RPN?

Be VERY careful with Probability and Severity.  Those terms are much different in FMEA than in ISO 14971.  The definition of Risk in ISO 14971 is combination of probability of harm and severity of harm.  FMEA is about the probability of occurrence of failure and severity of the consequences of the failure (See the first word in the title).    These are not the same things. Additionally, FMEA has been developed as a reliability tool and not a risk management tool, it has limitations that must be recognized. Much confusion has resulted from the blind application of FMEA to risk analysis.  It is further compounded by the use of RPN which includes detectability which is not a part of risk management in ISO 14971 at all.

Of course I have mentioned earlier in these posts about the fact that FMEA can only be done after Design output exists, and risk management is a Design Input, much earlier in the design process.  Compounding this is the fact that FMEA is a single fault tool, and ISO 14971 requires all known an foreseeable hazards to be identified and the risks estimated and evaluated.  So here, FMEA falls short.

If your risk management system only uses FMEA you are not meeting the requirements of ISO 14971 in any edition, 1st, 2nd, or the new 3rd edition.

------------------------------
Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
Principal Consultant
Overland Park KS
United States
elb@edwinbillsconsultant.com

Original Message:
Sent: 22-Nov-2019 08:53
From: Anonymous Member
Subject: FMEA, RPN?

This message was posted by a user wishing to remain anonymous

Your question is specific to FMEA, so I would say YES - it is standard practice to assign an RPN in an FMEA. Every document/lesson/course related to FMEA that I have observed includes an RPN of some type.
That being said, ISO 14971 does not stipulate use of any specific risk management technique. So you are free to use whatever technique works best for your company.
Also, I have seen FMEA templates that include only Severity and Occurrence and do not include detection, so the "RPN" can be defined differently even within FMEA. The important thing is to define severity and probability/occurrence with defined methods (in your SOP), and have a method for identifying the Risk Priority, even if the risk priority is not a number.
Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on. 

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.  

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust. 

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

I'm not sure what deterioration has to do with this?   

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 24-Nov-2019 09:12
From: Siegfried Schmitt
Subject: FMEA, RPN?

Calculating RPNs as part of software risk assessments is wrong (this was also pointed out by FDA)

Software doesn't deteriorate, it is either faulty or it isn't. So the probability is either 100% or zero

Anyway, RPNs are meaningless. They are neither statistically relevant, nor do they reflect anything quantitative

What is the difference between a RPN of 100 and one of 1? Exactly, they are meaningless numbers

At best and only at a push, one could use RPNs to say some risk may be more acceptable than others

Regards

Siegfried

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on.

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust.

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

Original Message------

I'm not sure what deterioration has to do with this?   

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

I will make a case for RPNs.

Software is a special case, as Julie has pointed out. This approach only uses the severity of the harm to quantify risk. The problem with this logic is no amount of mitigation will reduce your risk "Quantity" as the severity will never change. This is also a flat view of software as software doesn't always perform the same. Software can have different states that are invisible to the end user and can behave differently in different states. Functions can be invoked a number of ways and may work properly when invoked one way and fail in another. I will concede that if all states are identified and each event, or series of events, that can invoke a function are identified and evaluated separately, then yes, at this point, software will behave the same 100% of the time.

For software, there is an emerging subcategory of cybersecurity. In this arena, it is not physical harm but privacy that is at stake. The FDA has made it clear they are not concerned with privacy, but only physical harm. But I every customer I have dealt with on the subject is very concerned with privacy. An RPN is very helpful as it does quantify exposure extremely well. In the cybersecurity world, a undetectable flaw is much worse than an easily detectable flaw. By adding detectability to the equation, you can easily demonstrate a cybersecurity risk has been diminished.

It is not perfect, though. There are situations where having a flaw more visible has no affect on reducing risk.

RPNs also give you a more granular quantification than a 3x3 or 5x5 matrix, normally used to identify "Acceptable" risk (which doesn't exist for EN ISO 14971). For companies distributing product in the EEA, we can only quantify risk and reduce it as far as possible. We can't define an acceptable level.

An RPN may not be a good tool in every situation, but you can't discount them completely.

------------------------------
Michael Reents
Bradenton FL
United States
------------------------------

Original Message:
Sent: 24-Nov-2019 13:05
From: Julie Omohundro
Subject: FMEA, RPN?

I'm not sure what deterioration has to do with this?

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 24-Nov-2019 09:12
From: Siegfried Schmitt
Subject: FMEA, RPN?

Calculating RPNs as part of software risk assessments is wrong (this was also pointed out by FDA)

Software doesn't deteriorate, it is either faulty or it isn't. So the probability is either 100% or zero

Anyway, RPNs are meaningless. They are neither statistically relevant, nor do they reflect anything quantitative

What is the difference between a RPN of 100 and one of 1? Exactly, they are meaningless numbers

At best and only at a push, one could use RPNs to say some risk may be more acceptable than others

Regards

Siegfried

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on.

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust.

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

Michael, I'm pleased to have a cybersecurity perspective on this.  (Did you happen to attend the PEAC meeting on cybersecurity this year?)

I'm not opposed to RPNs.  For some uses, I'm neutral.  I'm opposed to rating, ranking, quantifying, etc, clinical harms.

Do you have a link related to FDA's interest (or lack of) in privacy?

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 25-Nov-2019 14:51
From: Michael Reents
Subject: FMEA, RPN?

I will make a case for RPNs.

Software is a special case, as Julie has pointed out. This approach only uses the severity of the harm to quantify risk. The problem with this logic is no amount of mitigation will reduce your risk "Quantity" as the severity will never change. This is also a flat view of software as software doesn't always perform the same. Software can have different states that are invisible to the end user and can behave differently in different states. Functions can be invoked a number of ways and may work properly when invoked one way and fail in another. I will concede that if all states are identified and each event, or series of events, that can invoke a function are identified and evaluated separately, then yes, at this point, software will behave the same 100% of the time.

For software, there is an emerging subcategory of cybersecurity. In this arena, it is not physical harm but privacy that is at stake. The FDA has made it clear they are not concerned with privacy, but only physical harm. But I every customer I have dealt with on the subject is very concerned with privacy. An RPN is very helpful as it does quantify exposure extremely well. In the cybersecurity world, a undetectable flaw is much worse than an easily detectable flaw. By adding detectability to the equation, you can easily demonstrate a cybersecurity risk has been diminished.

It is not perfect, though. There are situations where having a flaw more visible has no affect on reducing risk.

RPNs also give you a more granular quantification than a 3x3 or 5x5 matrix, normally used to identify "Acceptable" risk (which doesn't exist for EN ISO 14971). For companies distributing product in the EEA, we can only quantify risk and reduce it as far as possible. We can't define an acceptable level.

An RPN may not be a good tool in every situation, but you can't discount them completely.

------------------------------
Michael Reents
Bradenton FL
United States

Original Message:
Sent: 24-Nov-2019 13:05
From: Julie Omohundro
Subject: FMEA, RPN?

I'm not sure what deterioration has to do with this?

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 24-Nov-2019 09:12
From: Siegfried Schmitt
Subject: FMEA, RPN?

Calculating RPNs as part of software risk assessments is wrong (this was also pointed out by FDA)

Software doesn't deteriorate, it is either faulty or it isn't. So the probability is either 100% or zero

Anyway, RPNs are meaningless. They are neither statistically relevant, nor do they reflect anything quantitative

What is the difference between a RPN of 100 and one of 1? Exactly, they are meaningless numbers

At best and only at a push, one could use RPNs to say some risk may be more acceptable than others

Regards

Siegfried

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on.

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust.

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

Hi, Julie.

I had to go back a couple years to our cybersecurity project to find the reference. In the FDA's "Postmarket Management of Cybersecurity in Medical Devices" guidance document (December 28, 2016), page 10, the definition of Patient Harm includes this:

Other harms, such as loss of confidential information, including compromise of protected health information (PHI), are not considered "patient harms" for the purpose of this guidance.

This is the most overt instance, but through the premarket and postmarket guidances, patient harm is referred to. The FDA is more concerned where cybersecurity vulnerabilities can physically affect a patient.

The protection of health information is more of a concern to the Office of Civil Rights, the enforcers of HIPAA.

------------------------------
Michael Reents
Bradenton FL
United States
------------------------------

Original Message:
Sent: 25-Nov-2019 15:01
From: Julie Omohundro
Subject: FMEA, RPN?

Michael, I'm pleased to have a cybersecurity perspective on this.  (Did you happen to attend the PEAC meeting on cybersecurity this year?)

I'm not opposed to RPNs.  For some uses, I'm neutral.  I'm opposed to rating, ranking, quantifying, etc, clinical harms.

Do you have a link related to FDA's interest (or lack of) in privacy?

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 25-Nov-2019 14:51
From: Michael Reents
Subject: FMEA, RPN?

I will make a case for RPNs.

Software is a special case, as Julie has pointed out. This approach only uses the severity of the harm to quantify risk. The problem with this logic is no amount of mitigation will reduce your risk "Quantity" as the severity will never change. This is also a flat view of software as software doesn't always perform the same. Software can have different states that are invisible to the end user and can behave differently in different states. Functions can be invoked a number of ways and may work properly when invoked one way and fail in another. I will concede that if all states are identified and each event, or series of events, that can invoke a function are identified and evaluated separately, then yes, at this point, software will behave the same 100% of the time.

For software, there is an emerging subcategory of cybersecurity. In this arena, it is not physical harm but privacy that is at stake. The FDA has made it clear they are not concerned with privacy, but only physical harm. But I every customer I have dealt with on the subject is very concerned with privacy. An RPN is very helpful as it does quantify exposure extremely well. In the cybersecurity world, a undetectable flaw is much worse than an easily detectable flaw. By adding detectability to the equation, you can easily demonstrate a cybersecurity risk has been diminished.

It is not perfect, though. There are situations where having a flaw more visible has no affect on reducing risk.

RPNs also give you a more granular quantification than a 3x3 or 5x5 matrix, normally used to identify "Acceptable" risk (which doesn't exist for EN ISO 14971). For companies distributing product in the EEA, we can only quantify risk and reduce it as far as possible. We can't define an acceptable level.

An RPN may not be a good tool in every situation, but you can't discount them completely.

------------------------------
Michael Reents
Bradenton FL
United States

Original Message:
Sent: 24-Nov-2019 13:05
From: Julie Omohundro
Subject: FMEA, RPN?

I'm not sure what deterioration has to do with this?

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 24-Nov-2019 09:12
From: Siegfried Schmitt
Subject: FMEA, RPN?

Calculating RPNs as part of software risk assessments is wrong (this was also pointed out by FDA)

Software doesn't deteriorate, it is either faulty or it isn't. So the probability is either 100% or zero

Anyway, RPNs are meaningless. They are neither statistically relevant, nor do they reflect anything quantitative

What is the difference between a RPN of 100 and one of 1? Exactly, they are meaningless numbers

At best and only at a push, one could use RPNs to say some risk may be more acceptable than others

Regards

Siegfried

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on.

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust.

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

Thanks, Michael.  This is a long-standing and tricky issue.

I agree that the protection of health information is the domain of HIPAA.  HIPAA is not intended to, and does not, protect either patients or their privacy.

OHRP is indirectly responsible for protecting "the rights, welfare, and well-being of human subjects involved in research conducted or supported by the U.S. Department of Health and Human Services (HHS)."

As far as I know, no government entity is legally charged with protecting the rights, welfare, and well-being of patients.

FDA's stated mission changes with the political winds, but its only real duty to patients is to assure that the information that they and their doctors are provided about medical products is as complete and accurate as the current "state of the art" allows. ("At base, the entire FD&C Act is a law about labeling.")

An interesting and long-standing sidebar to this issue is the extent to which emotional and psychological harms fall within the scope of "clinical harms."  Historically, this has been as much of an argument about whether psychiatrists are "real' doctors as it is about patients, but I think the jury has been in on that for some time now.

So I get it that FDA is not interested in patient privacy per se, nor do I think it should be.  The interesting question is whether FDA is, or should be, interested in psychological and emotional harms that may result from PHI being shared with entities other than patients and their doctors.





------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 27-Nov-2019 10:09
From: Michael Reents
Subject: FMEA, RPN?

Hi, Julie.

I had to go back a couple years to our cybersecurity project to find the reference. In the FDA's "Postmarket Management of Cybersecurity in Medical Devices" guidance document (December 28, 2016), page 10, the definition of Patient Harm includes this:

Other harms, such as loss of confidential information, including compromise of protected health information (PHI), are not considered "patient harms" for the purpose of this guidance.

This is the most overt instance, but through the premarket and postmarket guidances, patient harm is referred to. The FDA is more concerned where cybersecurity vulnerabilities can physically affect a patient.

The protection of health information is more of a concern to the Office of Civil Rights, the enforcers of HIPAA.

------------------------------
Michael Reents
Bradenton FL
United States

Original Message:
Sent: 25-Nov-2019 15:01
From: Julie Omohundro
Subject: FMEA, RPN?

Michael, I'm pleased to have a cybersecurity perspective on this.  (Did you happen to attend the PEAC meeting on cybersecurity this year?)

I'm not opposed to RPNs.  For some uses, I'm neutral.  I'm opposed to rating, ranking, quantifying, etc, clinical harms.

Do you have a link related to FDA's interest (or lack of) in privacy?

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 25-Nov-2019 14:51
From: Michael Reents
Subject: FMEA, RPN?

I will make a case for RPNs.

Software is a special case, as Julie has pointed out. This approach only uses the severity of the harm to quantify risk. The problem with this logic is no amount of mitigation will reduce your risk "Quantity" as the severity will never change. This is also a flat view of software as software doesn't always perform the same. Software can have different states that are invisible to the end user and can behave differently in different states. Functions can be invoked a number of ways and may work properly when invoked one way and fail in another. I will concede that if all states are identified and each event, or series of events, that can invoke a function are identified and evaluated separately, then yes, at this point, software will behave the same 100% of the time.

For software, there is an emerging subcategory of cybersecurity. In this arena, it is not physical harm but privacy that is at stake. The FDA has made it clear they are not concerned with privacy, but only physical harm. But I every customer I have dealt with on the subject is very concerned with privacy. An RPN is very helpful as it does quantify exposure extremely well. In the cybersecurity world, a undetectable flaw is much worse than an easily detectable flaw. By adding detectability to the equation, you can easily demonstrate a cybersecurity risk has been diminished.

It is not perfect, though. There are situations where having a flaw more visible has no affect on reducing risk.

RPNs also give you a more granular quantification than a 3x3 or 5x5 matrix, normally used to identify "Acceptable" risk (which doesn't exist for EN ISO 14971). For companies distributing product in the EEA, we can only quantify risk and reduce it as far as possible. We can't define an acceptable level.

An RPN may not be a good tool in every situation, but you can't discount them completely.

------------------------------
Michael Reents
Bradenton FL
United States

Original Message:
Sent: 24-Nov-2019 13:05
From: Julie Omohundro
Subject: FMEA, RPN?

I'm not sure what deterioration has to do with this?

Neither hardware nor software devices need to deteriorate in order to pose risks.  They both pose plenty of risks, from the moment they are put into service.  Different types of deterioration can increase some of those risks, but usually not all of them.  The endpoint is reached when the device has deteriorated to the point of not functioning at all.  This is the point at which all risks set to 0....and then you finally have a product that is "safe" in the layperson's sense of the word.

I'm wondering if you might be referring to this?
".. software failures are systemic in nature and therefore the probability of occurrence cannot be determined using traditional statistical methods. Therefore, we recommend that you based your estimation of risk for your Software Device on the severity of the hazard resulting from failure, assuming failure will occur." --Premarket Submissions for Software Contained in Medical Devices, 2005

------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com

Original Message:
Sent: 24-Nov-2019 09:12
From: Siegfried Schmitt
Subject: FMEA, RPN?

Calculating RPNs as part of software risk assessments is wrong (this was also pointed out by FDA)

Software doesn't deteriorate, it is either faulty or it isn't. So the probability is either 100% or zero

Anyway, RPNs are meaningless. They are neither statistically relevant, nor do they reflect anything quantitative

What is the difference between a RPN of 100 and one of 1? Exactly, they are meaningless numbers

At best and only at a push, one could use RPNs to say some risk may be more acceptable than others

Regards

Siegfried

Original Message------

I find Wayne's discussion interesting but know these are hard to calculate, especially early on.

And software failure probability I always calculate 100% for single fault initially, then score on severity only, initially.  Design of redundancies in.the software can help bring that down of course.

I also do agree FMEA can be done early, and is not restricted to design outputs.  I have had success using FMEA in audits and submissions globally. I have never heard FDA or a NB say a good  FMEA when combined with other tools feeding into it were not enough. A well thought out FMEA can be a great tool and doing it as a team with design, regulatory, quality, medical/clinical and occasionally other post-market functions like service/customer support has helped these become more robust.

The whole of the RMF file is supposed to be a living document, so if something.was discovered post-market, the FMEA would also be reviewed, and design might be changed because of this, so at the very least, it is a part of design input process then, as it facilitates the analysis.



------------------------------
Ginger Cantor, MBA, RAC
Founder/Principal Consultant
Centaur Consulting LLC
River Falls, Wisconsin 54022 USA
715-307-1850
centaurconsultingllc@gmail.com
------------------------------

I have started responding on this thread a couple of different times, but realized each time that it is difficult to put these thoughts into a simple response. I think that is why there is so much misunderstanding and misinterpretation of the concepts in risk management.

As Bill and Dan have pointed out, there are many dangers in just applying the FMEA tool. It still takes the appropriate interpretation of what that means. It is too simplistic to just use this as a calculation of risk (or prioritization). This is why ISO 14971 talks about "combination of the probability of occurrence of harm and severity of that harm" and does NOT calculate it. It is an engineering characteristic that we want to use this as a calculation in an attempt to make it less subjective. The reality is that we cannot do this. It MUST have judgement and interpretation in the risk determination. I know that makes people uncomfortable, but that is the truth. Without the appropriate application of engineering judgement and knowledge, the tool breaks down.

A critical piece of this is that risk management must be done from the beginning and never stops until the end of product life. I see way too many organizations treat this as an item to complete on a checklist, this cannot be the case. You need to understand risk as you go into the design phase to know which design inputs to follow. The reality is that the team works to mitigate risks even without any tool. This is what you are doing as you consider the different design elements (you naturally choose a path with the least risk). No one wants to take on more risk than is necessary.

As to the FMEA tool...while it is common (and fairly widely accepted), I would submit that most organizations have changed what the tool in a way that makes it more useful (and really no longer just an FMEA). By adding the mitigation listing and testing, you add the traceability through actions to the verification of effectiveness (this is really documenting the preventive actions you have taken). If you add a determination of acceptability of residual risk, it is also your benefit-risk analysis tool. By adding these items, you have gone beyond the FMEA and into risk analysis, risk acceptance and can continue to use this throughout the lifecycle for risk management.

This could go on to further examples and discussion (especially if you want to continue with risk-based approach discussion), but the bottom line is that risk management must be done with the appropriate engineering judgement and knowledge and cannot solely rely on any numbers to calculate risk.

------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Thanks, Mark, your comments are very helpful to me.

I agree that this is a topic that far exceeds the capacity of a forum.  I'm still going to work it for as long as anyone else is willing to respond, because it's been such an education so far.  I feel the clock is ticking on this education, because of the approaching holiday.

I have just learned that there are those who may use RPNs in an effort to make...something...less subjective. What is particularly interesting to me is that those who do not think this approach is valid do not go so far as to use the antonym of subjective, only "less subjective."

As I understand it, you are equating judgment and interpretation with "subjective."  I agree, but I also agree with those who think that calculations are not subjective.  It is not the calculation that is subjective, but the assignment of the numbers that are used in the calculation.  At least, as these are assigned in the medical device industry as I know it, from the vantage of my little tidepool.

I also agree that the critical piece is that risk management must be done from the beginning, which is to say, premarket.  I have said before that it seems to me that there is a disconnect between premarket risk analysis and postmarket risk management   I gather you have seen the same thing.

I get the impression that few ISO 14971 experts have experience assessing risk premarket.  Instead, they typically inherit a risk assessment that already has all the subjective judgments and interpretations in place, and then apply ISO 14971 to manage risk from there.  From there, it seems that all judgments and interpretations are relative to the original assessments, and, further, that the risk assessment is largely limited to whether or not information regarding a single risk should be increased from it original subjective judgment and interpretation?  (Given the consequences potentially associated with "yes," if you want to see "subjective judgments and interpretations" in action, watching this process is a front row seat, frequently popcorn worthy.)

Whether risk management can, much less must, be done with the appropriate engineering judgment and knowledge depends on what kind of risks you are managing.  If you are trying to manage the risks associated with the device half of a medical device, then I agree.  If you are trying to manage the risks associated with the medical half of a medical device, then I do not.


------------------------------
Julie Omohundro, ex-RAC (US, GS), still an MBA
Principal Consultant
Class Three, LLC
Mebane, North Carolina, USA
919-544-3366 (T)
434-964-1614 (C)
julie@class3devices.com
------------------------------

Original Message:
Sent: 25-Nov-2019 07:19
From: Mark Swanson
Subject: FMEA, RPN?

I have started responding on this thread a couple of different times, but realized each time that it is difficult to put these thoughts into a simple response. I think that is why there is so much misunderstanding and misinterpretation of the concepts in risk management.

As Bill and Dan have pointed out, there are many dangers in just applying the FMEA tool. It still takes the appropriate interpretation of what that means. It is too simplistic to just use this as a calculation of risk (or prioritization). This is why ISO 14971 talks about "combination of the probability of occurrence of harm and severity of that harm" and does NOT calculate it. It is an engineering characteristic that we want to use this as a calculation in an attempt to make it less subjective. The reality is that we cannot do this. It MUST have judgement and interpretation in the risk determination. I know that makes people uncomfortable, but that is the truth. Without the appropriate application of engineering judgement and knowledge, the tool breaks down.

A critical piece of this is that risk management must be done from the beginning and never stops until the end of product life. I see way too many organizations treat this as an item to complete on a checklist, this cannot be the case. You need to understand risk as you go into the design phase to know which design inputs to follow. The reality is that the team works to mitigate risks even without any tool. This is what you are doing as you consider the different design elements (you naturally choose a path with the least risk). No one wants to take on more risk than is necessary.

As to the FMEA tool...while it is common (and fairly widely accepted), I would submit that most organizations have changed what the tool in a way that makes it more useful (and really no longer just an FMEA). By adding the mitigation listing and testing, you add the traceability through actions to the verification of effectiveness (this is really documenting the preventive actions you have taken). If you add a determination of acceptability of residual risk, it is also your benefit-risk analysis tool. By adding these items, you have gone beyond the FMEA and into risk analysis, risk acceptance and can continue to use this throughout the lifecycle for risk management.

This could go on to further examples and discussion (especially if you want to continue with risk-based approach discussion), but the bottom line is that risk management must be done with the appropriate engineering judgement and knowledge and cannot solely rely on any numbers to calculate risk.

------------------------------
Regards,
Mark Swanson, ASQ CBA, CMQ/OE, CQE ASQ, MBA
Becker MN
United States

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------

Karen : since you initiated this thread : did you get the answer you were looking for? With kindest regards, 

------------------------------
Ary Saaman
Director, Regulatory Affairs
Lausanne
Switzerland
------------------------------

Original Message:
Sent: 20-Nov-2019 11:30
From: Karen Zhou
Subject: FMEA, RPN?

Hi all

Is it a standard practice to assign an RPN in an FMEA analysis? Isn't this number quite subjective? What if we are doing  qualitative estimates rather than quantitative estimation?

Thank you.

------------------------------
Karen Zhou
------------------------------