Regulatory Open Forum

 View Only

  • 1.  Risk Analysis Tools and Training

    Posted 18-Oct-2019 08:35
    Hi everyone, 

    There are a number of risk analysis tools such as FMEA, FTA, etc.   How does a team know which risk methodology is suitable for them?

    A number of tools look at risk analysis in a fault mode.  What are some tools that look at risk analysis  during normal use? 

    Are there online training courses on risk analysis (ISO 14971 and the practical applications) we can take that do not break the bank?


    Thanks.

    ------------------------------
    Karen Zhou
    ------------------------------


  • 2.  RE: Risk Analysis Tools and Training

    Posted 18-Oct-2019 09:49
    Hi Karen.

    As I say quite often this is not an area of my personal expertise but let me try to look at this logically for you for a moment.

    As you noted, tools tend to look at risk in "fault" mode.  There is a reason for this - the tools essentially "assume" that anything that is going to pose a risk is not intended to occur but would occur only in the event something was not functioning as expected.  For example, defibrillators are meant to pulse electricity to shock the human heart back into normal sinus rhythm.  The shock itself as expected would not necessarily be a risk since the risk of death from arrhythmias is far greater than the risk caused by the electric shock in this instance and that is an expected result.  However, the risk of an unnecessary shock or in the case of an external defibrillator use the shocking of a person who is currently in sinus rhythm is a "risk" because that is not an expected use or function of the machine.  So I think you will have a hard time to find tools that do not look at the fault state.  That said, even in normal use, the question always becomes "Is this expected to happen and if it does will it cause a risk/hazard of negative health consequence to the patient/user?"  So even in "normal use" scenarios, there may be some things that occur that are unexpected and cause problems.​

    ------------------------------
    Victor Mencarelli
    Director Regulatory Affairs
    United States
    ------------------------------

    Original Message


  • 3.  RE: Risk Analysis Tools and Training

    Posted 19-Oct-2019 02:22
    Hi, Karen,
    Actually, ASQ has several on-line sessions in both Design Control and in Risk Management, and there are a lot of expert consultants out there who can help you on-site.  I just finished teaching a two-day Risk Management seminar at the Orlando ASQ Audit Division conference last week.  Edwin Bills is another Risk Management SME I trust, and there are others I would be able to recommend.  Finally, the risk Management tools you use are up to you, and normally Hazard Identification, then Hazard Analysis, then FMEA, etc., are what a lot of companies use.  Some folks combine Hazard Analysis with FMEA.  Your call, and if you do "good due diligence", that is often sufficient with good risk controls identified, applied and verified.  Subject is more complicated, but keep your work simple.  I do recommend Fault Tree Analysis, but it takes a "light going on" regarding discovery of potential hazard causes and their mitigations.

    ------------------------------
    Barrett Craner CQE, MBA, RAC, ASQ-CQA
    Consultant
    Manteca CA
    United States
    ------------------------------

    Original Message


  • 4.  RE: Risk Analysis Tools and Training

    Posted 20-Oct-2019 13:27
    Since Barry mentioned the ASQ courses, I will mention the RAPS on-line course on risk management (which I helped author and update, though it now needs updating for the new ISO risk management standard and technical report).  I will also mention the AAMI 3-day course on risk management, which I teach, as an excellent training program.  Barry does a good job at ASQ Biomedical as well.  I know you wanted short targeted training on-line but the two in-person courses mentioned will be very helpful in getting a complete picture of the total risk management process.  The AAMI  course also connects to the risk management requirements in ISO 13485:2016.  Hopefully, you can get some support in attending the in-person courses.

    ------------------------------
    Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
    Principal Consultant
    Overland Park KS
    United States
    elb@edwinbillsconsultant.com
    ------------------------------

    Original Message


  • 5.  RE: Risk Analysis Tools and Training

    Posted 19-Oct-2019 08:57

    As one of the technical committee that authors ISO 14971, I would like to make several points. 


    1. iSO 14971:2019 will be published by year end. There are no changes in the requirement you mention. You must address "normal condition" hazards and any resulting hazardous situations which lead to risks. Normal condition is when the device works as designed. A good approach is your human factors/usability engineering studies, the errors identified here lead to normal condition hazards

    2 Simultaneously with the publication of ISO 14971:2019 will be the publication of ISO TR 24971:2019, the technical report on the application of ISO 14971. You will find many of the informative annexes formerly published in the ISO 14971 along with those in the 2013 edition of 24961.  There are additional topics like Cybersecurity risks covered as well. The guidance in the new 24971 is greatly expanded and will be about 100 pages of information. For instance, the guidance on production and post-production went from one page to ten pages of guidance  


    3.  ISO/IEC 31010 is a guidance that provides information on over 30 risk analysis techniques and when they are appropriate to use. Some are the simple quality tools we all know lik the 5-Whys which a good tool to use with Fault Tree Analysis. 

    Risk Management is a complex topic and while small parts of this topic may be covered on-line, you need more training. #Expect multi-day courses on-site are needed to more comprehensively cover the nuances of the topic. I have been on the committee 19 years and a risk manager before that. I am still learning. 



    ------------------------------
    Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
    Principal Consultant
    Overland Park KS
    United States
    elb@edwinbillsconsultant.com
    ------------------------------

    Original Message


  • 6.  RE: Risk Analysis Tools and Training

    Posted 19-Oct-2019 09:59

    The tools have a variety of applications, so selecting the right tool for a particular situation can be a problem. In product safety risk management, as in ISO 14971:2007 or ISO 14971:2019, the problem two parts. The first half finds the ways your device can harm the patient, while the second half keeps it from happening. The first half is the hazard, sequence of events, hazardous situation, harm categorization. The second half is risk reduction.

    The hazards include both normal and fault conditions. Some people try to apply FMECA, but that only deals with failures. Hazard analysis is more comprehensive.

    One powerful application of an FMECA is in a production process. By analyzing the probability and detectability of production process failures, the analysis can determine if a nonconforming product escapes. If it can, evaluate the effect on the patient or use. Nonconforming products do not always result in patient or user harm, e.g. the color of the case is the wrong shade of blue.

    Another FMECA application is reliability. The tool helps determine the probability that the device fails "during the mission". However, not all failures result in patient harm.


    FMECA, by nature, deals with single point failures. It does not provide information in a normal condition or include a sequence of events.

    However, hazard analysis uses a sequence of events, which is not a single point failure. The appropriate tool here is, in my opinion, FTA. It starts with a top event and breaks it down into all the ways the top event can occur. In reliability, the top event is a failure. However, in hazard analysis the top event can be the patient or user harm. It can be in a normal condition or a fault condition. The FTA analysis provides all the paths by which the top event can happen – the sequences of events. If you were able to assign frequency of occurrence to the basic events you could calculate the frequency of occurrence of the top event.

    There is a new tool that shows up sometimes call the bow tie model. It combines aspect of the FTA and the FMECA to provide a more comprehensive picture.

    My recommendation is to use FMECA as an input to hazard analysis, not in place of hazard analysis. FTA, in which the top event is a patient or user harm, is a powerful hazard analysis input. Bow tie analysis is a very close match to the 14971 methodology and can handle both normal and fault conditions.



    ------------------------------
    Dan O'Leary CQA, CQE
    Swanzey NH
    United States
    ------------------------------

    Original Message


  • 7.  RE: Risk Analysis Tools and Training

    Posted 19-Oct-2019 10:52

    One small point, Dan. We do not use the term "hazard analysis" as we are not analyzing the hazard in ISO 14971. This is explained in the Preamble to 21 CFR 820 from 1996. The proper term is risk analysis as we are analyzing the risk in ISO 14971. 


    Fault Tree is a powerful tool that can give lots of help in identifying such points as the probability of harm occurring. A slightly different permutation of Fault Tree is Event Tree Analysis. These also make up for one of the major limitations of FME(C)A, that if single fault. ISO 14971 does not limit itself to single fault, but requires all known and foreseeable hazards to be identified in both normal and fault conditions. 


    As you mention, some companies attempt to use FME(C)A as their only risk analysis tool. This does not meet the requirements of risk management. The reference I made to ISO/IEC 31010 lists many useful risk analysis tools, and if I remember correctly, bow tie analysis is one of them. It is a useful tool. But like all tools we must take into account their strengths and weaknesses and use them correctly. 


    in a product liability case I am presently involved in, the company only used FMEA and did not look at normal condition hazards. Probably the result will be,  "How big is the check?" And in the 8 figure area based on some of the lawsuits these days. A well done risk management process can keep a company out of these problems. After all, we are supposed to prevent or reduce harm and provide a benefit to the patient and the user. 

    As I start my training for risk management for the practitioners, "You are going to be the first patient using this device. Do the risk management accordingly!"  Wakes up my classes when they ponder that statement. 



    ------------------------------
    Edwin Bills MEd, CQA, RAC, BSc, CQE, ASQ
    Principal Consultant
    Overland Park KS
    United States
    elb@edwinbillsconsultant.com
    ------------------------------

    Original Message


  • 8.  RE: Risk Analysis Tools and Training

    Posted 20-Oct-2019 06:46
      |   view attached
    The use of any tool, in practice, depends on the information you already have and what is missing. The attached document is an explanation on the use of risk analysis techniques I suggested for the revision of ISO TR 24971 (but it ended up not being incorporated into the text, and the last page includes a flowchart to help in the decision to use any tool.

    ------------------------------
    Marcelo Antunes
    Regulatory Strategy Consultant
    São Paulo
    Brazil
    ------------------------------

    Original Message


Related Content