Risk management is a critical activity across all phases of the medical device lifecycle as it directly affects the safety and well-being of patients. Risks are unavoidable; however, they can be curtailed if companies are aware of impending hazards and follow effective risk management procedures.

Failure Modes and Effects Analysis (FMEA) is a review tool to identify possible failures in a design, a manufacturing or assembly process, or a product or service in a device. “Failure modes” refers to ways in which a device might fail, which may potentially affect the patients. “Effects analysis” refers to examining the consequences of those failures. It is a step-by-step approach to ensure the reliability and quality of a device.

There are two types of FMEAs: Design FMEA (DFMEA) and Process FMEA (PFMEA). In the context of medical devices, device manufacturers use DFMEA to evaluate failures concerning device design and specifications, whereas PFMEA is used to improve the manufacturing process.

Although FMEA involves in the aspect of risk, it is not a risk management system. The requirements of risk management are defined by ISO 14971:2019, which serves as a framework for medical device manufacturers to predict the probability of risks and their consequences throughout the product life cycle. The FMEA methodology of risk evaluation does not align with ISO 14971:2019. FMEA has its own internationally accepted standard, IEC 60812:2018, which explains how failure modes and effects analysis is planned, performed, documented, and maintained. The FMEA and ISO 14971 differ from one another in certain aspects, which are as follows:

Normal Use and Fault Condition

According to ISO 14971, risk management includes both normal and incorrect use of the device, whereas FMEA includes risks associated only with the device's failure. A simple example of this would be risks associated with the Intravenous (IV) line. ISO 14971 considers the potential risk of infection despite the correct administration of an IV. It may be due to various reasons, such as low immunity of the patient and infections present in the hospital/ clinical setting. These risks are not factored in an FMEA evaluation. Although medical device manufacturers cannot entirely avoid these risks, they can make users aware of the residual risks associated with the usage of the device.

Evaluation of Severity

ISO 14971 considers the severity of risk based on harm to people’s lives, whereas FMEA considers the same based on glitches in system performance. The severity of risk may be regarded as low in FMEA if there is a minor loss of function, even though it may lead to loss of lives. The severity will be considered high if the device breaks down.

For example, FDA recalled a guidewire (Class I) meant to fit inside a percutaneous catheter to direct the catheter through a blood vessel. The guidewire in question has the potential for the coating to flake off. FMEA potentially classified this as a low-risk severity post-evaluation but can have severe implications on the patient’s health.

The Procedure of Evaluation of Risk / Failure Modes

FMEA and ISO 14971 differ in the way risk is evaluated. In FMEA, the risk is evaluated by identifying potential failure modes and effects, followed by ranking the severity of failures. Each of the potential causes is identified, and the probability of occurrence is determined. The risk is evaluated based on the Risk Priority Number (RPN).

How is FMEA of Medical Devices Different from ISO 14971?

In the case of mapping risk management according to ISO 14971, a traceability tool known as Hazard Traceability Matrix (HTM) is used. It includes risk analysis, evaluation, control, and residual risk evaluation.

Hazard Traceability Matrix


Risk Analysis



Risk Control



Reasonably Foreseeable Sequence or Combination of Events







Risk Control Options and Rationale

Risk Control






Risk Potential

Risk severity

Residual Risk


Line voltage

The user uses the device

The user/Patient may expose to line voltage while in contact with the device

User / Patient death




Safety by a change in design and protective measures can be positioned in place.

Design as per IEC 61010.

Electrical testing is to be performed as per the IEC 61010





How is FMEA of Medical Devices Different from ISO 14971?

Having discussed the differences between the two, it can be concluded that ISO 14971 follows a comprehensive approach toward risk management, whereas FMEA is more of a reliability tool. However, medical device manufacturers would have to comply with ISO 14971 to meet the expectations of Regulatory authorities on risk management standards.

To know more about ISO 14971:2016 compliance and risk management consulting services, contact Freyr today!


Related Posts by Category