Dana Trousil, Mechanical Engineering Team Lead, StarFish Medical09.06.23
As medical device design progresses toward production, the manufacturing process becomes clearer. A valuable tool to create a successful product is the PFMEA, or Process Failure Modes and Effects Analysis. The PFMEA has long been a risk management tool for the automotive industry—among many others—but how does the PFMEA fit into medical device development? Does it meet risk management requirements outlined by ISO 14971? This article will examine those questions and more.
A bit of history is useful to place the PFMEA in context with other industries. The FMEA has been in use since the post-war era, first developed by the U.S. military in the late 1940s. From there, it was used in various forms through the 1960s by NASA, the Society of Automotive Engineers (SAE) and the civil aviation industry. During the 1970s, the FMEA spread outward into other industries like civil engineering, the U.S. Geological Society, U.S. Environmental Protection Agency (EPA), and most of the automotive industry, including Ford after the infamous Ford Pinto gas tank issue of the 1970s. In 1993, the Automotive Industry Action Group (AIAG) published a FMEA standard for the automotive industry. Since then, adoption of the FMEA as an analysis tool has continued to grow.
Notice that detection is not present (i.e., detecting the failure mode or its effect). ISO 14971 doesn’t specify that detection cannot be used—or provide any opinion on it—but detecting the failure does not alter the probability that a harm could exist. By including detection, the overall risk estimation could be artificially lowered.
As a result, the PFMEA can house many risks that are important to the overall viability of producing a medical device but don’t impact the device’s safety. As far as ISO 14971 is concerned, business risks are not related to the safety of the device, and therefore, should not be included in the risk management process. As an example, there can a trade-off between the cost of the failure mode (scrapping of parts in production, for example) and the cost of mitigating it. The PFMEA might be very concerned about these errors, but since these risks are not related to safety, they would not be highlighted during the risk management process.
Previously under ISO 14971:2007, risks could be taken to be As Low As Reasonably Practical (ALARP), which would match lowering risks in a typical PFMEA. ISO 14971 was updated in 2012 and ALARP is no longer the standard. ALARP has been replaced by AFAP – As Far As Possible.
From a strict reading, the PFMEA alone does not satisfy the requirements of ISO 14971, as the PFMEA may not include critical areas like misuse of the device and may include other elements like business risks (more ALARP-like, than AFAP).
There are arguments for both approaches. If the same score is used, wherein a minor injury is ranked a 2 out of 5 (up to death as a 5/5), many of the manufacturing risks would rank as a 1. There may be many negligible risks as a result of analyzing the failure modes in this way. Scoring the severity so low skews the overall risk score lower.
In a PFMEA, there may be low scored risks, which happen often enough that it can cause significant production issues and a mitigation is warranted regardless of the end risk score. Having low scores doesn’t mean mitigations can’t be done but part of the score’s value is highlighting those process steps that need to be examined more closely. By using the severity score from the risk management file, however, there is an easy and direct connection to manufacturing risks related to safety.
Alternatively, the highest rank can be reserved for severities “resulting in an impact to safety or regulations.” This allows more distinction in the PFMEA to better highlight manufacturing risks that may need mitigations and matches the AIAG guidelines for PFMEAs. However, severity rankings will need to be clear that they do not match the risk management file, and the rank 5 risks (on a 5-point scale) will need to be reviewed against the manufacturing risks in the risk management file.
Whether matching severity scores or not, the PFMEA is not a stand-in for overall risk management per ISO 14971, nor with the FDA regulations (21 CFR 820.30 – note that the FDA recognizes ISO 14971).
That’s not to say the PFMEA shouldn’t be done—it’s a critical tool for determining manufacturing risks and creating a robust process. Conducted early on, a good PFMEA can identify design improvements that can reduce potential harms, lower warranty claims, and improve manufacturing. Combined with risk management in ISO 14971, the two analyses complement each other to create a safe and viable product.
Dana Trousil is a StarFish Medical Mechanical Engineering Team manager. He has successfully launched many products, with experience in a variety of processes, including NPI for medical devices.
Elements of the PFMEA
The PFMEA looks at potential failure modes that could occur during a process (the manufacture of a medical device), what effects that failure could have (severity), how often the failure mode could occur (occurrence), and finally, whether the effect of the failure mode or the failure mode itself could be detected or prevented (detection). The PFMEA assigns a value to each of these three categories, then multiplies them together to generate an overall risk score. The higher the score, the more likely a mitigation is required to either detect the occurrence better, reduce the frequency, or preferably, eliminate the failure mode altogether. PFMEAs can take time, but it’s worth the effort. The PFMEA works best in a team environment, so getting the team to work efficiently is important.A bit of history is useful to place the PFMEA in context with other industries. The FMEA has been in use since the post-war era, first developed by the U.S. military in the late 1940s. From there, it was used in various forms through the 1960s by NASA, the Society of Automotive Engineers (SAE) and the civil aviation industry. During the 1970s, the FMEA spread outward into other industries like civil engineering, the U.S. Geological Society, U.S. Environmental Protection Agency (EPA), and most of the automotive industry, including Ford after the infamous Ford Pinto gas tank issue of the 1970s. In 1993, the Automotive Industry Action Group (AIAG) published a FMEA standard for the automotive industry. Since then, adoption of the FMEA as an analysis tool has continued to grow.
ISO 14971
ISO 14971 is the ISO standard for the application of risk management to medical devices. The standard requires the manufacturer (of record) perform a risk estimation surrounding the safety of the device. The risk estimation applies to things such as:- Hazards related to intended use
- Foreseeable misuse of the device
- Normal and fault condition hazards
- Other aspects such as disposal, service, or manufacturing generated risks (to safety)
Notice that detection is not present (i.e., detecting the failure mode or its effect). ISO 14971 doesn’t specify that detection cannot be used—or provide any opinion on it—but detecting the failure does not alter the probability that a harm could exist. By including detection, the overall risk estimation could be artificially lowered.
ISO 14971 vs. PFMEA
Typically, when performing a PFMEA, the analysis isn’t concerned with the misuse of the device or hazards associated with the use of the device as designed (a Design FMEA or Use FMEA/Use Related Risk Assessment URRA would assess these issues). The PFMEA is concerned with hazards that could arise as a result of a failure of the process in question, some of which could be related to worker safety or even user safety, but could also impact the device’s function or producibility.As a result, the PFMEA can house many risks that are important to the overall viability of producing a medical device but don’t impact the device’s safety. As far as ISO 14971 is concerned, business risks are not related to the safety of the device, and therefore, should not be included in the risk management process. As an example, there can a trade-off between the cost of the failure mode (scrapping of parts in production, for example) and the cost of mitigating it. The PFMEA might be very concerned about these errors, but since these risks are not related to safety, they would not be highlighted during the risk management process.
Previously under ISO 14971:2007, risks could be taken to be As Low As Reasonably Practical (ALARP), which would match lowering risks in a typical PFMEA. ISO 14971 was updated in 2012 and ALARP is no longer the standard. ALARP has been replaced by AFAP – As Far As Possible.
From a strict reading, the PFMEA alone does not satisfy the requirements of ISO 14971, as the PFMEA may not include critical areas like misuse of the device and may include other elements like business risks (more ALARP-like, than AFAP).
Options for Including the PFMEA
One question comes to mind: If there is both a risk management file and a PFMEA present, should their severity scores match?There are arguments for both approaches. If the same score is used, wherein a minor injury is ranked a 2 out of 5 (up to death as a 5/5), many of the manufacturing risks would rank as a 1. There may be many negligible risks as a result of analyzing the failure modes in this way. Scoring the severity so low skews the overall risk score lower.
In a PFMEA, there may be low scored risks, which happen often enough that it can cause significant production issues and a mitigation is warranted regardless of the end risk score. Having low scores doesn’t mean mitigations can’t be done but part of the score’s value is highlighting those process steps that need to be examined more closely. By using the severity score from the risk management file, however, there is an easy and direct connection to manufacturing risks related to safety.
Alternatively, the highest rank can be reserved for severities “resulting in an impact to safety or regulations.” This allows more distinction in the PFMEA to better highlight manufacturing risks that may need mitigations and matches the AIAG guidelines for PFMEAs. However, severity rankings will need to be clear that they do not match the risk management file, and the rank 5 risks (on a 5-point scale) will need to be reviewed against the manufacturing risks in the risk management file.
Final Thoughts
To comply with ISO 14971, manufacturing risks related to safety can’t be ignored and must go through risk estimation like any other risk. Often, the ISO 14971 risk estimation process is done much earlier in development, well before a PFMEA could be. The section for risks associated with manufacturing should be reviewed to ensure that no new risks were identified through a PFMEA analysis.Whether matching severity scores or not, the PFMEA is not a stand-in for overall risk management per ISO 14971, nor with the FDA regulations (21 CFR 820.30 – note that the FDA recognizes ISO 14971).
That’s not to say the PFMEA shouldn’t be done—it’s a critical tool for determining manufacturing risks and creating a robust process. Conducted early on, a good PFMEA can identify design improvements that can reduce potential harms, lower warranty claims, and improve manufacturing. Combined with risk management in ISO 14971, the two analyses complement each other to create a safe and viable product.
Dana Trousil is a StarFish Medical Mechanical Engineering Team manager. He has successfully launched many products, with experience in a variety of processes, including NPI for medical devices.