Careers Support Contact Sales
Products

More than a Quality Management System: Tools for the entire MedTech Lifecycle.

Learn More

Featured Capabilities:

Document Management Product Development Design Control Risk Solutions Training Management CAPA Management

Experience the #1 QMS software for medical device companies first-hand. Click through an interactive demo.

View Product Tour

Data collection and management designed for MedTech clinical trials.

Learn More

Featured Capabilities:

Electronic Data Capture (EDC) Electronic Case Report Forms (eCRF) Electronic Patient Reported Outcomes (ePRO) Ad-Hoc Data Collection (Cases) Post-Market Surveys

Get a personalized demo of Greenlight Guru Clinical today.

See the Demo

Learn valuable, career-boosting skills for the Medical Device industry. Get access to hundreds of free resources as well as subscription-based courses and certifications.

Learn More
Solutions
Why Us
Customers
Partners
Company
Resources
ROI Report Cover

Calculate Your ROI
See the Demo
See the Demo
See the Demo

Why FMEA is Not ISO 14971 Risk Management

Written by: Jon Speer
March 10, 2016

Why FMEA is not ISO 14971 risk management

If you are still using FMEA as your methodology to capture medical device risk management activities, then your risk management process is out of date.

And you might be asking why do you need to abandon FMEA as the risk management tool of choice?

Let me tell you why.

Here is the definition of “risk management” as defined in ISO 14971.

Risk Management – systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, controlling, and monitoring risk.

And to be fair, I’ll also share with you a definition / description of FMEA from ASQ.

Failure Modes and Effects Analysis (FMEA) is a step-by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service.

Risk Management needs to be systematic. Risk Management considers use of a medical device–correct and incorrect use.

Bonus Resource: Click here to download your free PDF of Risk Management Plan Template.

The basis of Risk Management is built on identifying hazards (potential source of harm) and hazardous situations (circumstance in which people, property, or the environment are exposed to one or more hazard(s)).

Once identified, severity of potential harms resulting from hazards and hazardous situations are estimated. The probability of occurrence of these harms is also estimated.

And the estimation of severity of harm and probability of occurrence of harm is what defines RISK.

FMEA is slightly different in its scope and purpose. The basis of FMEA is identifying failure modes. Right off the bat, the FMEA tool is only about failure.

Medical device risks are NOT solely a function of failure.

A medical device might never exhibit a failure mode yet still has risks.

Don’t mishear me.

FMEA is a very good tool and can be extremely helpful for design and development teams while evaluating materials, components, and sub-assemblies comprising medical devices.

But FMEA is more of a reliability tool rather than a risk management system.

 

FMEA and Risk Management Confusion

ISO 14971 Risk Management uses terms such as risk, hazards, hazardous situations, harm, severity, probability of occurrence, risk acceptability, and risk controls.

FMEA uses terms such as failure modes, effects of failure, severity, causes of failure, occurrence, process controls, detectability, risk priority number, and recommended actions.

It’s pretty clear just by reviewing the terminology between ISO 14971 and FMEA how this can be confusing.

Hazards and hazardous situations does sound similar to failure modes.

Harm seems similar to effects of failure.

Risk seems similar to risk priority number.

Certainly, the terminology creates a great deal of confusion. The terminology of FMEA seems close enough to Risk Management.

 

What if You're Used To Using FMEA?

Yeah, I get it. Everyone on the product development team is familiar with and somewhat comfortable using FMEAs.

You have been using FMEA long before ISO 14971 became a harmonized standard.

And the intent and terminology is close enough . . .

So why change?

Risk-management-according-to-ISO-14971-vs-FMEA

Doing only FMEA will mean that you will NOT comply with ISO 14971 Risk Management standard.

 

Medical Device Regulatory World Has Embraced ISO 14971 Risk Management

It’s very clear from medical device regulatory bodies throughout the world that sound risk management processes are paramount for medical device companies.

So much so that the previous versions of ISO 14971 were harmonized several years ago by most regulatory agencies, including FDA, Health Canada, and EU Competent Authority. Many of you know that the standard was updated in December 2019 and the the new version has already been recognized as a consensus standard by FDA.  

Regulatory agencies expect medical device companies to document Risk Management activities.

And since ISO 14971 exists and is broadly accepted in the med device regulatory world, I highly recommend using this standard as your framework.

 

Risk Management is a System

As noted, ISO 14971 describes an entire system approach for Risk Management.

 

iso-14971-risk-management-process-gg.png
 

In a nutshell, a Risk Management process shall include:

  • Risk management planning

  • Risk analysis

  • Risk evaluation

  • Risk controls

  • Overall residual risk acceptability

  • Risk management review

  • Risk management file

  • Production / post-production information

As you can see, ISO 14971 describes an entire system. And this system is a process intended to be applied throughout the entire lifecycle of a medical device.

ISO 14971 risk management for medical devices PDF download

 

Risk Management Needs to be Useful

Realize that the whole idea behind Risk Management is this:

Help ensure that medical devices are as safe as possible.

Regulatory bodies aside, please, please, PLEASE make sure that your Risk Management process is established and implemented in such a way so that it is actually useful.

Let me leave you with a few tips from a previous medical device Risk Management post to help you:

  1. Get a copy of ISO 14971:2019 and ISO/PRF TR 24971 – Guidance on the application of ISO 14971 

  2. Establish a Risk Management Policy & Procedure

  3. Keep your severity, probability, and risk levels simple

  4. Use Risk Management as a tool during design & development

  5. Use Risk Management as a tool after design & development

Looking for a design control solution to help you bring safer medical devices to market faster with less risk?  Click here to take a quick tour of Greenlight Guru's Medical Device QMS software →

 

Jon Speer

Jon Speer is a medical device expert with over 20 years of industry experience. Jon knows the best medical device companies in the world use quality as an accelerator. That's why he created Greenlight Guru to help companies move beyond compliance to True Quality.

Related Posts

Product Development

Failure Mode Effects Analysis: What Is It & When Should You Use It?

Ryan Behringer
September 5, 2022
Failure mode effects analysis (FMEA) is one of the best-known risk management tools within engineering. Read More
Establishing a QMS

EN ISO 14971:2012 Risk Assessment Explained in 5 Minutes… Using the Grossest Example Ever?

David Amor
March 27, 2017
This post was originally published by David Amor on LinkedIn and reposted here with the author's permission. Additional commentary has been added by Jon Speer, where noted. ... Read More
Product Development

Why Use ISO 14971 vs. FMEA (Template Included)

Jesseca Lyons
August 1, 2016
This may be stating the obvious, but engineers are generally very analytical. One of the areas where engineers are analytical is in evaluating all the ways things can go... Read More
Risk Management Plan Template
Download Now
risk-management-template
Subscribe See the Demo