Page 108 - Safety Risk Management for Medical Devices
P. 108

Risk Analysis Techniques  87


                   design could reveal that although the design meets the requirements, certain Failure
                   Modes’ criticality ratings are too high. Thereby feedback is given to design engineer-
                   ing to revise the requirements, or even add requirements.
                      In safety risk management, FMEA is used as a tool for identification of Hazards
                   and the sequences of events that could lead into those Hazards. Also, Occurrence rat-
                   ings of the Failure Modes are used in System risk estimation. FMEAs detect many
                   Failure Modes, some of which have no impact on safety. For example, failure of an
                   electronic thermometer to power up is a reliability issue that could be annoying to a
                   nurse, but is not safety critical. Such findings have impact on business, customer satis-
                   faction, etc. but do not create Hazards. It is beneficial to the business to know all
                   Failure Modes of the System—safety-related or not. While safety-related Failure
                   Modes should generally be mitigated as far as possible, the decision on whether, and
                   how much to mitigate nonsafety-related Failure Modes is entirely a business decision.
                      To get the most out of FMEAs, start FMEAs early and iterate. You can start as
                   soon as a concept and block diagrams are available and do high level functional analy-
                   ses. As more details of design becomes available, update the FMEAs and continue to
                   iterate until the end of the design process. This diligence pays off by not only helping
                   the designers with discovery of weaknesses in their design, and rectifying them before
                   the product gets into the field, but also after the product is released, any proposed
                   new changes can be easily evaluated for impact to safety.

                   12.4.7 FMEA weaknesses
                   Despite its power and utility, the FMEA technique has some weaknesses. Some of
                   these weaknesses are as follows:

                      •  The FMEA is unable to detect End Effects that require multiple Failure Modes.
                      •  Because the FMEA fundamentally treats each Failure Mode individually, as an
                         independent failure, CCF analysis is not well suited to the FMEA model.
                      •  The FMEA doesn’t catch hazardous End Effects that are not due to failures,
                         e.g., Hazards due to timing issues, physiological variability, etc.
                      •  Performance of FMEAs is time consuming.
                      •  FMEA is difficult to master.

                      With the knowledge of the strengths and weaknesses of the FMEA as a tool, you
                   can properly benefit from the value that it offers without being blindsided by its
                   shortcomings.


                   12.4.8 Ownership of FMEA
                   It is recommended that design engineering own the DFMEA, SFMEA, and
                   UMFMEA, and manufacturing engineering own the PFMEA. Ownership means
   103   104   105   106   107   108   109   110   111   112   113