It appears that you have fallen into the same trap as many. FMEA is NOT risk management, but rather is a tool that can be used to identify the effects of failure which may relate to product safety. It is inadequate to meet the requirements of both ISO 14971 and ISO 13485:2016 by itself. As ISO 13485 points out, the results of risk management are a Design Input and thus must occur before Design Input. FMEA can only be done when you have Design Output, which is later in the process, and thus is a good check tool to make sure you have identified all hazards that result from failures. This points to another limitation of FMEA. ISO 14971 requires the identification of all hazards (and not just single fault failures) resulting in NORMAL and FAULT conditions. FMEA only identifies those from single fault failures, and not the normal condition failures (when everything is operating correctly). Human Factors/Usability usually identifies those hazards.
A Risk Management File contains all documents that result from actions taken in each step (Clauses 3-9) of ISO 14971 as indicated in other responses, such as the Risk Management Plan, the Traceability Summary (required in Clause 3.5), each of the tools used to identify hazards, such as Preliminary Hazard Analysis (extremely valuable tool), Fault Tree Analysis (used to identify hazards resulting from multiple fault conditions), and many others. A Risk Management File should have a number of documents contained and be continuous updated as new information is gathered throughout the product lifecycle. A Risk Management File must be accessible to the complaint team for analysis of complaints, to the team reporting adverse events and recalls, and to those developing new products, to use information gathered previously, to avoid repeating unnecessarily those activities that have already gathered risk information. You should also review ISO TR 24971 to find information on how to use standards to improve your risk management process and reduce work.
Risk Management is not a checkbox activity, but rather a process to improve product safety, reduce costs, save time, and improve product liability. If you are only doing FMEA, you are doing a disservice to your customers, and patients, as well as your company and its shareholders.
ISO 14971 and its companion guidance ISO TR 24971 are both being revised to include more information on the process for release in 2019.
------------------------------
Edwin Bills RAC, MA
Principal Consultant
Edwin Bills Consultant
Overland Park KS
United States
------------------------------
Original Message:
Sent: 18-Dec-2017 19:48
From: Devang Barot
Subject: Risk Management File
Hello all,
What are the contents of the Risk Management File in a medical Device and how FMEAs differs from Risk management File? How is Risk Managed and captured in documentation.