On Hazard Analysis & FMEA

Owned by Marion Lepmets [SoftComply]
Last updated: Feb 22, 2024
3 min read

1. How to manage risks in a safety critical domain e.g. medical device development

Each market sector has its own rules and best practices for risk management. The SoftComply Risk Manager is based on the ISO 14971 – risk management standard for Medical Devices.

Regardless of the sector you are in, the approach described in ISO 14971 can be applied to most safety critical domain. In addition, the SoftComply Risk Manager provides many customization possibilities to enable users to modify the risk management table to other safety critical domains and risk assessment approaches.

Typically there are two approaches to risk management: “bottom-up” and “top-down”, generally referred to as “xFMEA”/”xFMECA” and “Hazard Analysis”, respectively. They are intended to be complementary, not exclusive.

Using both approaches increases the probability that you will capture all potential risks associated to your system. It is important to remember that the different approaches need to be aligned and consistent, e.g. the same harm should have the same severity level, etc.

1.1. xFMEA

“FMEA” stands for Failure Mode and Effects Analysis. The “x” is a placeholder that is replaced by a letter that indicates the area of the product the FMEA is applied to, e.g. DFMEA for Design, PFMEA for Process (manufacturing process), HFMEA for Human Factors, etc.

The “bottom-up” approach refers to the fact that typically on the left side of the table, where the analysis starts, you list components and sub-components of your system, what their function is and how they can fail.

Example: your system contains a bolt; its function is to keep two components together. The “failure mode” of this bolt is that it fails to keep these two components together; the two components can become loose or even fall apart. The effect will depend on the actual purpose of your device. The cause could be that the bolt is under designed or that it is not tightened, or other causes. Risk mitigation actions could be to use a safety factor when you design your bolt and/or to define a minimum tightening torque during assembly.

1.2. Hazard Analysis

Hazard Analysis is a “top-down” approach, meaning that you start (on the left side of the table) with high level, system wide hazards that can be posed by your device. ISO 14971 provides a list of example Hazards that you can use as a starting point. You can also perform a functional analysis of your device and determine how it can fail to provide its functions.

Example: pick “Heat”. The Hazard is that some surfaces of your device can overheat (or in case they can get too cold then freezing is the hazard). One Hazardous Situation is that someone can get in contact with these surfaces, resulting in burns (harm) of different severity. Potential causes could be that some internal electrical or mechanical components overheat. Risk mitigation actions will depend on the actual architecture of the system.

2. How to set up a new safety critical product development project in Jira?

We recommend having separate projects for software development and risk management. If necessary there can be a separate project also for verification activities and testing.

The following set up allows your risk management table to be used to group mitigation actions from the development project(s) and verification actions from the verification projects. Different actions that link to risks provide the necessary division and flexibility in the projects and in the reporting that you may need later. If you prefer to group all issues from different projects together, use JIRA Agile boards or queries.