Top menu

FMEA and Risk management according to ISO 14971

Risk management vs FMEA

Risk management for medical devices is a comprehensive approach, including requirements for planning the development of a device, to the requirements for a device that is no longer on the market. Even though the standard in application of risk management to medical devices has been around for almost 15 years, there is still some confusion on what is risk management and FMEA.

What is risk management according to ISO 14971?

Risk management according to ISO 14971 should include a process that comprises everything from management’s involvement in risk management, to how one should manage risks after a device has been put on the market.

ISO 14971 indicates that the risk analysis is part of the risk management process, which is designed to identify hazards, decide what they can lead to and how much risk is associated with differ¬ent hazards. Thus, risk analysis is only one part of several in the process as a whole. Often however, the term risk analysis is used for risk management as a whole. In addition to that, risk analysis is sometimes used synonymously with Hazard traceability matrix.

What is FMEA?

FMEA stands for ”Failure mode and effects analysis”. There is an IEC standard that describes what FMEA is (IEC 60 812). If you turn to the ISO 14971 standard it states:

“Failure Modes and Effect Analysis (FMEA) is a systematic procedure for the analysis of a system to identify the potential failure modes, their causes and effects on system performance (performance of the immediate assembly and the entire system or a process).”

From this perspective of the ISO 14971 standard, FMEA is an reliability tool. The method is based on how failure of components or sub-systems of a product affect the system as a whole, and that is an important difference from risk management according to ISO 14971.

ISO 14971 is based on the hazards that may exist in the product, e.g. virus, gas at high pressure, radiation or a sharp edge. Based on these hazards, a number of events can be identified, which can lead to hazardous situations and harm to people, property or the environment.


Risk management video course

Take the free 30-minute introductory course of risk management for medical devices according to ISO 14971


SEE ALSO: Full online ISO 14971 training course


FMEA according to IEC 60 812 takes the position of how a com¬ponent may malfunction (local effect), such as break apart, fall out, change shape, and then analyses what kind of system effect it results in. This means that you cannot successfully work with FMEA until relatively late in the process of product development, because you need to have designed most components and sub-systems in order to determine how the components can fail and the consequences of that. As long as they are not designed, it is difficult or principally impossible to do the analysis.

The main difference between risk management according to ISO 14971 and FMEA is that FMEA is tends to only find the risks associated with something broken. In addition, FMEA does not deal with acceptable and unacceptable risks, but only provides a priority order in which to work with risks. The RPN number (Risk Priority Number) is derived from the FMEA method.

A generic process for risk management according to ISO 14971 compared with the steps in Failure Mode Effects Analysis.

A generic process for risk management according to ISO 14971 compared with the steps in Failure Mode Effects Analysis.

In FMECA, an extension in the form of the term ”Criticality” has been added to the abbreviation, i.e. one also studies the severity of harm to a patient/user due to a faulty component. With its ad-dition, the method is more similar to risk management according to ISO 14971 as it identifies the harm. However, the method still emanates from component failures, and not hazards, which ISO 14971 does.

FMEA’s role in medical device risk management

If the product you are working with has essential performance, i. e. it has to function to be safe. If the product needs to function to be safe, the reliability is important, thus the FMEA should be considered. Even so, the FMEA will only be part of the overall risk management process and primarily focus on parts of the system that are essential to the performance.

If you perform only FMEA as defined in IEC 60812, you will not comply with the requirements of ISO 14971.

You can download a free template for risk analysis and risk management for ISO 14971 here.

, ,

No comments yet.

Leave a Reply

Get access to my best product development and quality assurance tips and tricks

You’ll receive practical tips and advice from me, Peter Sebelius, on how best to approach medical device product development, risk management and quality assurance – and probably some hints on improving your running form too!