ISO 14971 or FMEA: Which Should You Use?

When determining hazards in medical-device design, the ISO standard is better

Published: Tuesday, August 9, 2016 - 13:49

This may be stating the obvious, but engineers are generally very analytical. One of the areas where this trait comes to the fore is in evaluating all the ways things can go wrong. This includes exposure and using tools like failure mode and effects analysis (FMEA).

As an engineer, there’s a good chance you were first introduced to FMEA in college, along with several other tools for looking at and analyzing failures. So it makes sense that when you start working on medical-device product development, and you’re told to address risks, you’ll fall back on what you learned once upon a time.

Out comes your trusty FMEA template spreadsheet. You begin to fill it out... and things can quickly grind to a halt. You start asking yourself a bunch of questions, such as:

Am I creating an application FMEA (AFMEA) or a design FMEA (DFMEA)? And what exactly is the difference between them?

How do I link the AFMEA and DFMEA together? Do I need to link them together?

What do I put for the potential effect of the failure? Is it the effect on the patient, the device, or peripheral devices?

And, Do I need to include detection as part of the failure analysis?

Before long, you’re lost and confused.

Worse, after you make it through design verification and validation, chances are you identified recommended actions to lower and mitigate risks within the AFMEA and DFMEA that you forgot about—actions that were good ideas yet never got implemented. It can be hard enough to make sure you’re adequately handling risk management.

You must think outside the box to make sure you’re identifying all the potential things that might go wrong with your device, or all the potential ways it might be used incorrectly. Given all that, the last thing you need is to make risk management harder by using FMEAs.

Fortunately for all of us, there’s an easier way to address risk, and that’s by using ISO 14971.

I know, now you’re wondering how an ISO standard could ever make risk easier. After all, standards can be hard to understand sometimes. But believe it or not, ISO 14971 makes addressing risk so much easier than an FMEA.

ISO 14971 has four main categories for risk: hazards, foreseeable events, hazardous situations, and harms. These are similar to the column headers in FMEAs.

Here are there rough definitions:
• Hazard: A potential source of harm
• Forseeable event: An event that can easily be imagined or is known about before it happens—and that leads to the hazardous situation
• Hazardous situation: A circumstance in which people, property, or the environment are exposed to one or more hazards
• Harm: Physical injury or damage to the health of people, or damage to property or the environment

These can be loosely connected to the FMEA columns:
• Foreseeable event is similar to potential causes of failure
• Hazardous situation is similar to potential failure mode
• Harm is similar to potential failure effect

In an FMEA, filling in the columns from left to right, you identify potential failure mode, then potential failure effect, and then potential causes. In ISO 14971 terminology these would be hazardous situation, harm, and then foreseeable event, respectively.

No wonder filling out an FMEA is difficult: You’re forced to mentally jump around instead of logically stepping through it. It’s much easier to think about the series of events (i.e., foreseeable events) that lead to circumstances where people, property, or the environment is exposed to a potential source of harm, and then consider what the resulting harm is.

Another key reason why ISO 14971 is easier than FMEAs is that with FMEAs, you typically have multiple spreadsheets, one for application and another for design, during the design and development process. You have to make sure that these two documents relate to each other, and any time you change one, you’re likely going to be making changes to the other.

With ISO 14971, that’s all combined in one place. It doesn’t matter if the foreseeable event is due to using the device or to the design of the device. It’s much easier to manage risk when it’s all in one spot.

We’ve gone through all of the reasons why following ISO 14971 for risk is much easier than FMEAs. It’s a more logical progression, it’s one document instead of multiple, and in general it’s more comprehensive.

But the biggest reason to use ISO 14971 instead of FMEAs? Because FMEA is an unsuitable tool. It’s very focused on analyzing only failures and failure modes. Medical-device risk management, however, is focused on analyzing hazards and hazardous situations.

About The Author

Jesseca Lyons

Jesseca Lyons is a customer success expert at greenlight.guru and a mechanical engineer by trade who loves working with cross-functional teams. Lyons has spent most of her career gathering and defining requirements for new product design and development in the medical-device industry. She believes the best part of being an engineer and working at greenlight.guru is that she can use her skills to help customers and make a positive impact in their lives.