Thomas is an expert in Supply Chain and Manufacturing Optimization with more than 10 years of experience originating from Medical Device and High-Tech & Electronic Industries. He comes with a background as an Electronics engineer, complimented with a Master in Technology Management. Thomas has held positions in multinational corporations such as Nilfisk, heading the internal optimization program as well as the supply chain organization.
Are you relying too much on your FMEA for risk assessment?
“We have always done it that way”
That expression is the reason behind why many inefficient and old methods are taken for granted, and why they are still being used.
If you have ever tried an FMEA-based approach to risk management, and I guess that is why you are reading this, you will most likely have stumbled upon the many limitations that come with that approach.
E.g., in a risk assessment situation, too many attributes quickly become critical. This defeats the purpose of conducting a risk assessment. FMEA is not at fault. FMEA sessions become productive when participants have gained some experience in the product or process. However, for development projects, detailed knowledge is usually not present.
A good starting point, but...
FMEAs are a good starting point for risk management, but unfortunately, this is not the full picture. FMEAs assesses only failure modes and single failure modes. When you look at ISO 14781 you will find a statement in clause 6.5, that hazardous situations need to be evaluated.
That means the evaluation of single events is not good enough, it needs to be a sequence of events. In addition to that there is a requirement to include the full product lifecycle process, so that production and post-production must be considered from risk management as well. Regulatory authorities like the FDA are looking more and more on this and have the expectation to see that full picture implemented. It is essential for a medical device manufacturer to have this traceability from risk to risk mitigation to the implementation of the risk mitigation to reduce or avoid a risk.
FMEA is not full risk management, it is only a part of it.
Documentation is essential
Risk management is not only an activity during product development. It needs to be considered as part of all stages of the product lifecycle. That means as the third point that is a continuously ongoing activity and as every activity in the medical device, doing is nothing without documenting.
To have risk management traceable as a closed-loop process, records and documentation are essential. FMEA in our understanding is mainly pointing to the technical functions of the device. Everything besides wrong Instruction for Use information or wrong usage is not covered. Therefore the companies should re-evaluate the way they do Risk Management.
Optimize your Risk management process
We still see a lot of manufacturers having paper-based processes and manage their risk management processes manually.
We all know that traceability is so important and we need to have traceability in everything that we do and between all elements that we work with. However, having traceability in a paper-based environment is very difficult.
As an example, in many companies, the content of the Risk Management File is simply a pointer document that references the location of the actual content. But this complicates traceability, and the approach is full of opportunities for making errors. We also often see that the DHF and DMR structures, the Risk Management File is also often managed manually and kept in a binder.