FTA: Fault Tree Analysis
Fault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis.
Risk management is one of the most important regulatory requirements that manufacturers of medical devices must fulfill.
ISO 14971 is the standard for the “application of risk management to medical devices.” It describes a risk management process designed to ensure that the risks associated with medical devices are known, controlled, and acceptable in relation to the benefits.
Content
On this page, you will find articles…
The first step in risk management for a specific device is to prepare a risk management plan. This plan specifies
This risk management plan must be included in the standard operating procedure for risk management.
Manufacturers must first determine the intended purpose of the device.
Then, they must identify the hazards and hazardous situations as part of a hazard or risk analysis. There are several methods for this:
The process FMEA (pFMEA) is recommended for identifying risks arising from faulty processes.
The next step is for manufacturers to assess the risks. To do this, they must determine:
Many manufacturers work with a Risk Priority Number (RPN). However, this concept does not comply with ISO 14971.
At this point, the manufacturers’ task is to determine their risk acceptance criteria. This is usually done in the form of a risk acceptance matrix.
The FDA’s Benefit-Risk Guidance also helps with this.
You should be familiar with these figures when assessing the residual risk. The Kaplan-Meier curve also helps in risk management.
Laws such as the MDR and IVDR oblige manufacturers to minimize or control risks. This means that they must reduce the risks as far as possible and in accordance with their acceptance criteria.
The article on information as risk control measures and the safety assurance cases, which the FDA even requires for some devices, are beneficial in discussions with auditors and authorities.
Manufacturers must document the output of all previous activities in a risk management report. In this assessment, manufacturers should ensure they are avoiding the 7 most common risk management errors.
All these records and documents then form the risk management file.
This is not the end of risk management. Instead, the post-market phase, or post-production phase, as ISO 14971 calls it, follows. Part of this is post-market surveillance and monitoring of the devices on the market.
There is a 2022 version of DIN EN ISO 14971. However, the last significant change was made in 2019. These changes were introduced with third edition of ISO 14971. This makes EN ISO 14971:2012 with Annex ZA obsolete.
You can learn more about the meaning of prefixes such as DIN, EN, and ISO in the article on harmonized standards.
The article on ISO 24971 describes how manufacturers should apply the (new version) of the standard.
Another critical question is whether ISO 14971 is applicable at all. In this context, the terms foreseeable misuse and abnormal use are essential.
In other areas of law, ISO 31000 is used, which can at least serve as a source of inspiration for medical device manufacturers.
For medical devices that contain software or are software, IT security significantly impacts the risks. The following publications are helpful here:
For medical devices that contain software or are standalone software, we recommend these articles:
Risk management for medical device manufacturers differs in some aspects from risk management for other organizations:
Benefit from the support of the Johner Institute:
Contact us right away to discuss the next steps. In this way, you can achieve safety devices quickly, without unnecessary effort, and promptly obtain approval.
Fault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis.
A medical device can cause harm to patients, users, or third parties. The manufacturer must identify this harm to determine the device’s risks and control them. This article provides guidance on how to determine and document harm in accordance with ISO 14971 and how to use the term “harm” correctly.
DetailsWe need your consent before you can continue on our website. If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. You can revoke or adjust your selection at any time under Settings.
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.