FMEA Risk management best practice (ISO 14971)

zoharp April 5th, 2011 Posted by Zohar Peretz( ) ISO 14971, Risk Management, Validation and Verification

The following process is based on QPack FMEA Risk Management Module.

Phase 1: Risk Assessment – Intended use and safety related characteristics

You can build a risk assessment document in QPack and add the safety related questions.

Example: Add risk assessment document and add safety related questions by category

Set the paragraph to be of type “Safety Question”

The paragraph has a short and simple workflow:

Open – new safety question was added

Estimated – the safety related question was responded by risk object

NA – safety question is not applicable for this product.

Click to enlarge

Now start identifying risks to your product. Each risk is linked to the safety question so can verify that every question was addressed by risk.

Example: Safety questions traceability

Click to enlarge

The outcome of this phase is the risk category (failure mode) as shown here:

Example: Risk category list (failure mode)

Click to enlarge

Phase 2: Hazard Identification

Setup risk status to “Identify Hazard

Use QPack to add new risk object.

Setup risk name, and failure mode.

Example: Setup new risk

Risk name: Failure in power supply

Failure mode: Energy Electromagnetic

Cause of failure: Short circuit

Effect of failure: Shock to patient

Click to enlarge

Click to enlarge

Phase 3: Risk estimation

change risk status to “Estimation

Use QPack Risk estimation form in order to calculate the RPN

Set the RPN parameters in order to calculate the risk zone (Acceptable/Alarp/ Unacceptable):

Example: Calculate RPN before mitigation

  • Probability (P1)
  • Detectability (D1)
  • Severity (S1)

Click to enlarge

Phase 4: Identify and setup risk control

Change risk status to “Identify Controls

Identify preventive actions in order to reduce risk severity/probability, or improve detectability.

Example: Risk recommended actions

Risk reduction: Front panel lights will not be off indicating power supply fault.

Click to enlarge

At this phase, or in later phases, we will setup risk estimated cost, assign to the relevant person and setup due date

Example: Risk cost, due date and assignment

Click to enlarge

In case a software requirement is used as a recommended actions – add a software requirement in your SRS

Setup requirement “Risk Mitigation” indication to “Yes

Example: Add software requirement for mitigation

Software requirement: Use the alert mechanism to control warning lights in front panel

Click to enlarge

Link the software requirement to the relevant risk for mitigation traceability. Use the “Risk Mitigation” link type.

Example: Software requirement is linked to the risk

Click to enlarge

Based on the risk mitigation – setup the new RPN value

Example: Revised RPN is automatically calculated

Click to enlarge

Phase 5: Completeness of risk control

Software team will develop the software requirement

Once software requirement is finished, the software requirement status is changed to “Done

Example: software requirement is implemented

Click to enlarge

Show a filter of all software requirements that are used for risk mitigation, in status “Done

Example: report of implemented software requirements used for mitigation

Click to enlarge

Open the related risk of each requirement and change the risk status to “Control Implemented

Example: risk controls are implemented

Click to enlarge

Phase 6: Risk verification

Add a software test case to the STD and link it to the software requirement in the SRS

Example: traceability of test case to software requirement used for mitigation

Click to enlarge

SQA team execute the tests, and when test passes its status is set to “Pass

Example: Get all requirements that are used for risk mitigation and trace their verification status (derived from test execution status)

Click to enlarge

When all tests were passed for the software requirement – open the related risk and change the risk status to “Verified

Example: risk is set to “Verified”

Click to enlarge

Phase 7: Risk management report

Create a filter that retrieves all risk items

Example: risks report

Click to enlarge

Build the risk management document in QPack based on your template and embed the risk report filter in the relevant chapter.

Example: risk management document in QPack

Click to enlarge

Generate the risk management document and save it as attachment

Example: Generated risk and hazards document

Click to enlarge

About the author, Zohar Peretz

Zohar has 18 years of experience in leading software development products, at leading software companies and startups. Using his vast experience in software development, Zohar has identified the need for a holistic solution for R&D departments, and together with Rami and a small development team, they established Orcanos ALM in 2005.

Since then, Orcanos software has evolved to other domains such as quality control and specific industries, such as medical device.

Zohar holds a BA degree in Industrial Engineering.



8 Tozeret Ha'aretz Street
Tel Aviv, Israel

Copyright © Orcanos, All rights reserved. | Privacy policy | Terms of use