- Why Us
Risk management is a notoriously complex subject—one that many people (including yours truly) have strong feelings about.
And while I’m not going to try tackling the topic as a whole in this article, I want to take a look at the risk management standard we use in MedTech—ISO 14971:2019—and its relationship with design failure mode effects analysis (dFMEA).
There are those who say dFMEA isn’t necessary if you’re following ISO 14971, and there are those who say ISO 14971 isn’t as rigorous as dFMEA.
But, as is usually the case, I think the truth may lie somewhere in the middle.
ISO 14971 is an FDA-recognized consensus standard and medical device manufacturers are expected to follow it. But as we’ll see, that doesn’t necessarily mean you can’t use dFMEA.
The differences between the two come down to their approach to the risks a device could pose and how to mitigate or eliminate them. And because you’ll be the one to defend your approach to risk management, it’s important to understand ISO 14971 and dFMEA both separately and in relation to one another.
You can think of ISO 14971 as a “top-down” approach to medical device risk management. You begin by considering the ways a user will interact with your device—and how it might cause harm—and work backward from there to eliminate or reduce the risk of harm to an acceptable level.
The flow looks like this:
Source: ISO 14971:2019, Annex C.1
You have your hazards, your foreseeable events that lead to hazardous situations, and the harms that could result from those hazardous situations.
ISO 14971 defines risk as the severity of a harm combined with the likelihood of its occurrence. Using a risk matrix, you can determine the risk for a given harm. If the level of risk is unacceptable, ISO 14971 gives you three risk control options to reduce the severity of harm, the probability of occurrence, or both:
Inherently safe design and manufacture (e.g. changing the design to reduce risk)
Protective measures in the device or manufacturing process (e.g. adding a protective measure, e.g., a plastic shield)
Information for safety or training (e.g. adding a warning to the device’s labeling)
Now, this is a very basic explanation of the process, and I highly encourage you to read the standard yourself. But hopefully it’s clear that this process is user-centric. You’re trying to figure out all the ways someone could be harmed by your device and working backward to reduce that risk.
In contrast to ISO 14971, dFMEA has a “bottom-up” approach to risk management. When you use dFMEA, you look at all the individual components of a device and ask, “How could this fail and what would happen if it did?”
So, for every “failure mode” (the manner in which it can fail), you would analyze the effect of that failure and put any necessary mitigations in place to stop it. You do that for every part of the device.
That’s why dFMEA is an excellent tool for building a robust device. And if done correctly, it will actually inform the design of the device—just not in the same way as the ISO 14971 approach.
With dFMEA, you’re not explicitly thinking about a hazardous situation or the harm that might result. But you are reducing risk by working to eliminate as many failure modes as possible.
In a word: no.
The differences I just outlined between ISO 14971’s approach to risk management and that of dFMEA do not mean they’re mutually exclusive. It’s because they address risk in different ways that they’re compatible.
In fact, Annex C of ISO 14971:2019 states:
However, although this approach is useful for the reason described, it should be recognised that it is not a thorough analysis. Many sequences of events will only be identified by the systematic use of risk analysis techniques (such as those described in ISO/TR 24971).
And if we head on over to ISO/TR 24971:2020 Guidance on the Application of 14971. As suggested, we’ll find that Annex B of the technical report covers “Techniques that Support Risk Analysis.” These techniques include FMEA, as well as others like:
Fault Tree Analysis (FTA)
Preliminary Hazard Analysis (PHA)
Hazard and Operability Study (HAZOP)
Hazard Analysis and Critical Control Point (HACCP)
ISO TR 24971 explicitly states, “These techniques are complementary, and it can be necessary to use more than one of them in order to support a thorough and complete risk analysis.”
So this isn’t an “either/or” situation. You may need techniques like dFMEA in addition to ISO 14971 to build the safest, most effective device you can; they just aren’t required by the regulations.
(I should note here that TR 24971 should also be on your list of standards to read, as it has some great info on applying 14971 to subjects such as cybersecurity risk.)
Alright, so let’s say you’re following ISO 14971. Why might you also want to use a tool like dFMEA in your risk analysis if it isn’t explicitly required?
The answer comes down to the different types of requirements every medical device company has when designing their product. You can think of these requirements as the three legged stool that supports a great device:
One leg is the regulatory and legal requirements. Are we following the regulations correctly and doing everything we need to to get this device down our chosen regulatory pathway and to market?
Another leg is the ethical requirements. Are we doing everything we can to ensure this device is as safe as possible for patients and users?
And the final leg is your economic requirements. Are we doing everything we can to ensure we’re building a great device that won’t break and will be better than the competition?
The first two points—regulatory and ethical—are covered by ISO 14971. Remember, this is a user-centric standard. Ethically speaking, it instructs you to look for any possible harms to patients and/or users (as well as their property, and the environment) and then work to eliminate them. It’s also the regulatory standard for risk management of medical devices in the US and the EU.
But it doesn’t necessarily cover that third leg of the stool.
dFMEA, however, does cover the economic leg. By forcing the analysis of every point of failure in your device (which is not required by ISO 14971), you’ll likely end up with a device that rarely fails to work as it should. A trustworthy product that users can come to rely on.
Frankly, you can design a device following ISO 14971 to the letter and still have a poorly designed device that fails too often.
In sum, I encourage you to take a step back and consider whether the techniques you’re using offer all three legs of support to your medical device.
Risk may be a controversial topic, but it’s critical to the design and development of your medical devices.
That’s why at Greenlight Guru, we’ve built a first-of-its-kind tool for risk management—made specifically for MedTech companies. Greenlight Guru’s Risk Solutions provide a smarter way for MedTech teams to manage risk for their device(s) and their businesses. The complete solution pairs AI-generated insights with intuitive, purpose-built risk management workflows for streamlined compliance and reduced risk throughout the entire device lifecycle.
It also happens to align directly with ISO 14971:2019 and the risk-based requirements of ISO 13485:2016.
Ready to see what Risk Solutions can do for your company? Get your free demo of Greenlight Guru’s!
Etienne Nichols is a Medical Device Guru and Mechanical Engineer who loves learning and teaching how systems work together. He has both manufacturing and product development experience, even aiding in the development of combination drug-delivery devices, from startup to Fortune 500 companies and holds a Project...