Page 116 - Safety Risk Management for Medical Devices
P. 116

Risk Analysis Techniques  95


                      Now, let’s assume we are performing a DFMEA of only element B. Element B
                   requires the fluid for its function, else it fails. Lack of fluid could be due to the failure
                   of element A to provide the fluid; a break in pipe C; or failure of the connectors. If
                   we are using the hierarchical multilevel FMEA, B should be agnostic of the world
                   outside of it. All B cares about, is that fluid is delivered to it. To B, lack of fluid is an
                   external influence and would be cited as a Cause of failure. But B has no means of
                   mitigating or controlling the supply of fluid.
                      There is one subtlety to consider. In whose scope of analysis should connector-2
                   reside? DFMEA of Pipe C, or DFMEA of element B? The decision is up to the
                   analyst. A reasonable choice would be to include the part of the connection that is
                   integral to B in the DFMEA of B, and the balance in the DFMEA of Pipe C.

                       Tip   There are certain components whose probability of failure is exceedingly small. For exam-
                       ple, a properly designed wire that conveys a digital signal is not likely to fail while operating in its
                       design environment. Therefore the contribution of failure of such a wire to safety risks would be
                       negligible. In such cases, you can choose to exclude that element from the DFMEA.

                   12.6.1.2 Identify primary and secondary functions
                   The subject of analysis has a number of functions. Segregate the item’s functions into
                   primary and secondary subgroups. Primary functions are those that achieve the main
                   mission of the subject of analysis. All other functions are secondary.
                      The reason for this action is that Severity ratings for the End Effect are influenced
                   by the impact of the Failure Mode on the functionality of the subject of analysis.


                   12.6.1.3 Analyze
                   For each item in the scope of analysis identify its Failure Modes—answer the ques-
                   tion: in what ways can this item fail to meet its design requirements? The Failure
                   Modes could be functional or nonfunctional.
                      Example Failure Modes:
                         • Functional—doesn’t perform its function, performs intermittently, late,
                            early, too much, too little, etc.
                         • Nonfunctional—item swells, smokes, etc.

                      Consider the Failure Modes under normal use conditions, as well as reasonably fore-
                   seeable misuse conditions. For example, if a component is designed to operate in tem-

                   perature range of 10 40 C, and it has been known that some users have operated it in
                   temperatures of up to 50 C, then Failure Modes in the 10 50 C should be considered.


                      Each mode of failure of the item should go on a separate line in the template.
                      Identify the Causes/Mechanisms of Failure including the contributing initial
                   Cause, and the chain of events that could lead to the Failure Mode. Include both
   111   112   113   114   115   116   117   118   119   120   121