Page 105 - Safety Risk Management for Medical Devices
P. 105

84    Safety Risk Management for Medical Devices


                   An initiating event starts a sequence of events, which leads into the Failure Mode.
                Once the Failure Mode occurs, the Local Effect (if any) and the End Effect will hap-
                pen. Therefore the concept of Occurrence, which is the probability of occurrence of
                the Failure Mode is applicable from the Initiating Event to the Failure Mode. Occ is
                the probability of occurrence of all the events in the causal chain. Occurrence rating
                is inclusive of the implementation of all pertinent mitigations. The probabilities of
                occurrence of the Failure Mode, Local Effect and End Effect are the same.
                   Severity is the property of the End Effect. Severity is the significance of the worst
                reasonable consequence of the End Effect at the boundary of analysis.
                   Detectability is applicable to the entire chain of events, from the Initiating Event
                to the End Effect. Detection may happen when the initiating event happens; or some-
                where along the chain of events; or even after the End Effect has been manifested. In
                detection, there is an implicit assumption that countermeasures are feasible to reduce
                the Occ or Sev ratings.

                12.4.4 Ground rules
                Ground rules are a set of understandings and agreements that the FMEA team uses to
                ensure smooth and productive work sessions. Ground rules can be expanded, refined,
                or clarified as the process continues.
                   Below are a set of suggested ground rules. You may adapt and adopt them as you
                see fit for your purposes.

                    1. Only one failure is considered at a time.
                    2. The function of each item under analysis must be clearly known and stated.
                       An ambiguous statement of function makes it difficult to tell whether the
                       item has failed.
                    3. Context of operation shall be stipulated.
                    4. Failure shall be defined. In some cases, it may not be clear how much degra-
                       dation in the performance of an item would constitute a failure.
                    5. Only reasonable Causes and Failure Modes are considered.
                    6. If a failure results in multiple End Effects, each End Effect is listed in a sepa-
                       rate row.
                    7. If a Failure Mode can be caused by different causal chains, each causal chain is
                       listed in a separate row.
                    8. Errors in the requirements are excluded from the analysis, i.e., error in the
                       requirements will not be cited as the Cause of a Failure Mode.
                    9. Designer errors are not included in the analysis. It is assumed that the design
                       meets the requirements specification. It is important not to confuse the process of
                       design with the design. Design is the output of the design process. Designer errors
                       are captured by process, e.g., peer reviews, modeling, simulation, and testing.
   100   101   102   103   104   105   106   107   108   109   110