Page 106 - Safety Risk Management for Medical Devices
P. 106

Risk Analysis Techniques  85


                      10. If a mitigation eliminates a Failure Mode, or makes its likelihood indistin-
                          guishable from zero, you may delete that row, or keep that row in the FMEA
                          as historical information for the benefit of future readers/users of the FMEA.
                          If it is decided to keep the row, clearly mark it as not credible, and for infor-
                          mational purposes only.
                      11. In order to maintain focus of FMEAs, DFMEA will assume that manufactur-
                          ing is correct; PFMEA will assume that design is correct.
                      12. From the risk management perspective, it may be tolerable to have a high-
                          criticality Failure Mode remain in the FMEA, if the Hazard from the End
                          Effect of that Failure Mode is mitigated elsewhere in the System, such that
                          the patient is kept safe from that Failure Mode.
                      13. The FMEAs in the hierarchical multilevel structure will use the same methodology
                          and scales for rankings. This is to enable and facilitate integration of the FMEAs.

                      As stated above, these ground rules are intended to make the FMEA sessions flow-
                   ing and productive. If, e.g., analysis of a Failure Mode reveals a missing requirement,
                   or a design error, it doesn’t mean you have to ignore it. To the contrary! You should
                   communicate that to the product development team. This is how FMEAs add value
                   to product development process.



                   12.4.5 On merits of RPN for criticality ranking
                   The RPN method is a common and historical practice which uses the product of
                   Severity, Occurrence, and Detectability, S 3 O 3 D as a means to prioritize the
                   Failure Modes by criticality. Higher RPN indicates higher criticality. This is an easy
                   to understand and implement technique. But there are many drawbacks with the
                   RPN method. Namely,

                      •  RPN is not continuous. In a scale where S, O, and D are ranked in 5 ordinal
                         grades, the RPN range is 1 125. But many of the numbers in this range never
                         manifest. For example: 28, 31, 49, etc.
                      •  RPN sensitivity to other factors. Consider a Failure Mode whose severity is 5 with
                         one whose severity is 4. If O 5 2, and D 5 1, the RPNs will be 10 versus 8—a
                         difference of 2. But if O 5 4, and D 5 3, the RPN would be 60 versus 48—a
                         difference of 12.
                      •  Consecutive ordinal numbers are not linearly spaced. For example, in Occurrence
                         ratings, the difference between 5 and 4 is usually not the same as the difference
                         between 4 and 3. It may be that a logarithmic scale is used for Occurrence rat-
                         ings, e.g., 10 23 ,10  24 ,10 25  in which case the difference between adjacent
                         ranks is a factor of 10.
   101   102   103   104   105   106   107   108   109   110   111