Original Message:
Sent: 10-Jan-2024 12:29
From: Kevin Randall
Subject: Risk Management File overhaul
I'm not a big fan of throwing out the baby with the bath water. Although ISO/TR 24971 acknowledges that disadvantages of FMEA can arise from difficulties in dealing with redundancies (not a deal-breaker in my opinion) and the incorporation of repair or preventive maintenance actions, as well as its restriction to single-fault conditions (not deal-breakers in my opinion), I don't consider those to be sufficient grounds for banning FMEA from the risk management process. For example, we should have no hesitation to rely on FMEA supplemented with PHA.
Proper risk management shall occur throughout the device life-cycle (defined by 14971 as spanning from initial conception to final decommissioning). Thus, the fact that FMEA has a focus on proposed device/manufacturing/use specifications (i.e., initial design outputs) is not appropriate grounds for disqualifying the use of properly deployed FMEA. In fact, once these initial specifications are proposed, there may be no better way to analyze the associated risk profile than via FMEA.
FMEA and its output probabilities for failure modes (i.e., of sequences of events and maybe also hazardous situations) can yield valuable characteristic and probabilistic insights into the ultimate probability of occurrence of harm resulting from those fault conditions. 14971 clearly reminds us of this. And just because FMEA is limited to fault conditions, it doesn't prevent the manufacturer from also meeting the requirement to also consider the device's risk profile under normal operating conditions. Indeed, my risk management trace matrices include an entry identifying whether each risk scenario is for a fault condition or normal operating condition. That has quickly settled inquiring auditors who were looking to assure risk assessment was done under normal and fault conditions. 14971's and 24971's proper allowance for use of FMEA to identify manufacturing failures, design failures, and use failures can play a valuable role in articulating and estimating the sequences of events, hazardous situations, and harms that might ultimately result.
14971 hazards are simply generic categories (i.e., biological, energy, manufacturing, usability, etc.) used to organize and categorize our more detailed assessments of sequences of events, hazardous situations, and harms. As mentioned earlier, I generally link FMEA insights to the sequences of events and hazardous situations more than, or rather than, to 14971's generic hazard categories. 14971 reminds us that relevant hazards associated with the medical device can be deduced from consideration of the intended use and reasonably foreseeable misuse as determined by a clause 5.2 analysis, and by the characteristics related to safety as determined by a clause 5.3 analysis. It doesn't include FMEA as a way to derive hazards; though in practice, there seems to be a synergistic relationship between these analytical exercises (5.2 and 5.3) and the insights that can be gained from FMEA. Thus, while FMEA can have value for identifying relevant hazards, I don't generally use FMEA as my primary way for identifying relevant hazards.
My opinion is that ISO 14971 and ISO/TR 24971 in their current embodiments do a fine job of balancing out these various nuances. As a member of QM/WG04 (the U.S. Working Group providing U.S. input into ISO/TC 210's development of 14971), I don't just lodge such a defense due to pride in ownership/authorship; indeed, the current embodiment came before my involvement and was forged by the preceding hard work of folks like Edwin Bills and many others. Instead, it is from my real-world use of ISO 14971 that I really do believe the current embodiment is on target regarding the integration of FMEA with risk management. Thus, I would be sad to see further disparagement of FMEA make its way into the upcoming ISO 14971 standard review and revisions. 14971 is a faithful evolution of the state of the art when I think back to modern risk management's origins and founding documents like EN 1441 (yes, I'm that old and can remember using EN 1441 back when it was a gold standard). If stakeholders can make a careful reading of the current embodiment, then potential misuse of FMEA can be reduced.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, U.S., Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 09-Jan-2024 16:10
From: Edwin Bills
Subject: Risk Management File overhaul
We have had this discussion on FMEA innumerable times.
Yes, ISO TR 24971:2020 Annex B.5 does list it as a technique that may be used. But it also identifies some disadvantages of use of this reliability analysis technique in risk management. You can use a technique ONLY when used CORRECTLY. FMEA uses different definitions of Severity and Probability than those in ISO 14971, so one must be very careful in this application. Properly used, FMEA identifies SINGLE-FAULT conditions and not those with multiple causes, nor those in NORMAL CONDITION (when the device is working and there is no fault). So it is an incomplete tool and MUST be used with other techniques to cover the limitations of FMEA such as Fault Tree Analysis (FTA) and Preliminary Hazard Analysis (PHA). The FMEA Effects from identified failures should be identified in the Risk Analysis as the Hazard, partially fulfilling only the requirements of Clause 5.4. Then the remaining steps of the Risk Analysis (Clause 5) process (remainder of 5.4 identifying Hazardous Situation [exposure of hazard] and 5.5 risk estimation) are completed after the FMEA.
ISO 13485 7.3.3 c) also places a limitation on the application of FMEA, as it requires the "outputs of risk management" be Design Inputs. FMEA requires Design Outputs to perform so its application is late in the Design Process. One of the problems it introduces is making design changes to fix problems FMEA uncovers late in design. The causes cost and late release issues. But it may uncover issues that were not discovered previously prior to release, that is its value in risk management. FMEA is more suited to its original purpose and that is Reliability Analysis, but it can be, as Kevin indicates, used in Risk Management when applied correctly.
ISO TR 24971 also identifies IEC 60812 as the referenced standard for this technique. The current version is 2018. So other permutations are not covered under Annex B.5.
When ISO 24971:2020 comes up for revision, would you gentlemen (and any others) be sure to submit comments, including suggestions, about this area so more guidance can be provided on application of this and any other technique. This is how we improve standards. ISO TC 210 JWG1 is currently working on an AI/ML guidance, and updates to 14971 and 24971 have not come up on the agenda yet, but 14971 is supposed to be reviewed at 5 years (December 2024) and 24971 is two years past its review time.
------------------------------
Edwin Bills
Edwin Bills Consultant
ASQ Fellow CQE, CQA, CQM/OE, RAPS RAC
elb@edwinbillsconsultant.com
Original Message:
Sent: 09-Jan-2024 14:47
From: Kevin Randall
Subject: Risk Management File overhaul
The risk management systems I've audited and remediated invariably use the term "FMEA" in some capacity; sometimes correctly, sometimes incorrectly as described before. So, it just isn't realistic or possible to properly audit and remediate such systems without tackling and addressing FMEA and the aforesaid FMEA dilemma.
Also noteworthy is that ISO 14971 (see ISO/TR 24971) itself unequivocally and specifically prescribes FMEA as a valid technique for use to support the risk analysis step. For example, process FMEA can give insights into the probability of occurrence of sequences of related/consequent events which contribute to the probability of occurrence of harm. This holds true regarding FMEA related to the device itself, or its manufacturing process, or device use and misuse (called "Use FMEA" by 24971). All three types of FMEAs are specifically given clear place by 24971, and thus 14971.
And if we decide to involve FMEA as permitted by 14971/24971, then its presence in the risk management file will be audited per clause 5.1 stating that "the implementation of the planned risk analysis activities and the results of the risk analysis shall be recorded in the risk management file." Consequently, if we decide to quarantine our proper FMEA work from the risk management effort and file, then I think we really risk significant risk management nonconformities along with alienation from the letter and intent of ISO 14971 which clearly permits the use of FMEA as part of the risk management process.
Remember also that the "Use FMEA" defined by 14971 has its respective intended purpose, while the holistic application of usability engineering to medical devices per EN 62366-1 as amended has its respective purpose. There is no problem that each has its own respective purpose. The use of one shall not invalidate or disqualify the use of the other. Instead, there are many scenarios where both are needed to fully comply with applicable regulatory requirements.
------------------------------
Kevin Randall, ASQ CQA, RAC (Europe, U.S., Canada)
Principal Consultant
Ridgway, CO
United States
© Copyright by ComplianceAcuity, Inc. All rights reserved.
Original Message:
Sent: 05-Jan-2024 20:53
From: Dan O'Leary
Subject: Risk Management File overhaul
Consensus on FMEA or not isn't relevant. You must follow the standard the way it is written. This means that an FMEA is the wrong approach. The standard requires identification of hazards in normal or fault conditions as well as a sequence of events. An FMEA looks at only failure and in a single fault condition.
Design FMEAs are not the right, because they do not meet the requirements in the standard.
Also, there is a problem with a usability FMEA. It doesn't meet the requirements of IEC 62366-1:2015.
By production FMEA I infer you mean process FMEAs. They don't belong in the risk management file because they don't address patient or user harm. They can provide an input to risk management when there is a possibility of an escape of nonconforming product that would result in patient or user harm. Process FMEAs are designed to keep this from happening.
The only viable path forward is to follow the standard, which means converting the incorrect documents you inherited.
If you are planning to go into the EU, then convert to EN ISO 14971:2019/A11:2020. The EU version of the standard is not the same as the international version since it is more restrictive. If you follow the EU version you will be in compliance with the international version.
When picking a consultant, determine that she will follow the standard as written. For some reason many people don't want to follow the standard and, as a result, make it far too complicated.
------------------------------
Dan O'Leary CQA, CQE
Swanzey NH
United States
Original Message:
Sent: 05-Jan-2024 08:12
From: Anonymous Member
Subject: Risk Management File overhaul
This message was posted by a user wishing to remain anonymous
Hello,
The company I'm working for recently took over a medical device. I've become responsible for the Technical file and in particular the Risk Management File. The device is currently only on the US market, 510(k) but the possibility to also enter the EU market is being considered. We are now working on updating the technical file so that the device can be included in the scope of our ISO13485 certificate. Here I see the risk management file as the biggest challenge. Currently the risk management file contains the following risk assessments:
-Design FMEA
-Useability FMEA
-2 production FMEAs (by two separate subcontractors performing different parts of the production process).
These does not fit directly into the risk assessment templates we have in our current risk management SOP, which is based on the ISO 14971:2019 format. I know there has been some debate in the forum around to which extent FMEAs are compliant to the latest ISO14971:2019. Not sure if a consensus has been reached 😊
However, this is also what I'm struggling with when adapting the risk management file to be compliant with our risk management SOP. I have been contemplating some alternatives:
-Update our SOP to include FMEAs in their current form
-Rewrite all risks (>200) to fit our current templates.
Both options will require significant efforts especially since requirement traceability needs to be maintained and this is currently not obvious. Risk management plan and report exists but will require revision depending on the chosen path.
Now I'm looking for suggestions for a pragmatic path to a ISO 14971 compliant file from anyone that has had similar experiences.
Recommendations of consultants that could provide guidance is also appreciated.
Thanks!
/Confused risk manager