The clause you refer to, G.3 is not a requirement. Only the numbered clauses are requirements (ex. 4.3). The clauses that start with alpha characters (A, B, C...) are informative and provide information on how you can implement the standard. I would like to also point to ISO TR 24971, a guidance that provides other valuable information on implementation, such as how to use product and process safety standards.
The "requirement" you perhaps may be trying to find is in clause 4.3, where it states you must "identify known and foreseeable hazards in both normal and fault conditions". FMEA identifies single-fault conditions, and not all fault conditions, thus the use of FTA. It does also not identify "normal condition" hazards. That is another use of FTA. As for "known hazards" Preliminary Hazard Analysis or PHA is a tool for looking at your own complaints, product and process safety standards, FDA's adverse event files like MAUDE and TPLC databases, and clinical literature to find those hazards already known. One of the big issues with FMEA is covered by a requirement of ISO 13485 which requires risk management be a Design Input. Since FMEA cannot be performed until the design is in the Design Output stage, FMEA fails to provide information early enough in the design process to avoid design changes. FMEA is a good tool to provide a check to make sure all single-fault condition hazards have been identified after the design is closer to completion. Of course, we all know that design is not a serial process, but has a lot of parallel activities, so Design Input does not close before going to Design Output. Design elements may be found that are in different stages at the same time. However, the basic description still applies. So use FMEA where it is appropriate, but you cannot perform Risk Management with only the use of FMEA, several tools are required.
------------------------------
Edwin Bills RAC, MA
Principal Consultant
ELB Consulting
Overland Park KS
United States
------------------------------
Original Message:
Sent: 03-Aug-2017 12:16
From: Anonymous Member
Subject: Risk Top-Down Analysis and ISO 14971
This message was posted by a user wishing to remain anonymous
Hi All,
Most medical device manufacturers use the typical FMEA approach to mitigating risks found in the design of the device. Numerous 3rd party publications mention the need for top-down analysis to determine all risks have been covered, where FMEA can miss certain things. These authors specifically state that this is required by ISO 14971. Other than the section for Fault Tree Analysis (G.3), where else in ISO 14971 does it specifically call out this approach and that it is required in addition to FMEA, HACCP, etc. in order to be fully compliant to the standard?
Thank you!