1. No category

Appendix B – Guidance for an FMEA Effort

1.0
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
1 of 28
Purpose / Scope
The purpose of this Work Instruction (WI) is to describe how to apply Failure Mode and Effects
Analysis (FMEA) to medical devices. This WI is governed by QSP – Risk Management, 812264.
This WI applies to all devices designed and/or manufactured and sold by Terumo CVS – Ann
Arbor throughout all phases of the product life-cycle. "Distributed Product" is not within the scope
of this procedure.
FMEA supports, and is not a substitute for, Hazard Analysis (see WI – Hazard Analysis for
Device Risk Management, 78-8067-5094-5) and does not apply to Software.
2.0
Roles / Responsibilities
The following roles are responsible for performing the tasks in this WI:
3.0
Role
Job Title or
Training
Curriculum
Clinical Services
Representative
Refer to training
curriculum (R)
FMEA Performers
for a list of qualified
Associates
Cross-Functional
FMEA Team
Member
Refer to training
curriculum (R)
FMEA Participants
for a list of qualified
Associates
Following this process and conducting FMEA for the
relevant product or system.
Design Quality
Assurance (DQA)
Representative
Refer to training
curriculum (R)
FMEA Performers
for a list of qualified
Associates
Ensuring this process is properly followed.
Team Leader
Refer to training
curriculum (R)
FMEA Performers
for a list of qualified
Associates
Following this process, scheduling and leading the
Cross-Functional Team, and authoring the DFMEA
and UFMEA Worksheet and Report. An Operations
Engineer is responsible for following this process,
scheduling and leading the Cross-Functional Team,
and authoring the PFMEA.
Responsible for
Providing the expertise to evaluate all potential
Failure Modes for Harms.
Updating LST – Master Harms, 824606 as
necessary.
Definitions
Definitions for terms used within this WI are found in LST – Master Definitions, 824768.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
4.0
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
2 of 28
Referenced Documents
The following documents are referenced within this WI. For each document referenced in this WI,
the relationship to other Quality System Management Documents (QSMDs) is specified in the
QSMD Relationship column.
Document
Number
5.0
Document Class – Document Title
QSMD
Relationship
78-8067-5094-5
WI – Hazard Analysis for Device Risk Management
Output
78-8067-7475-4
LST – Record Retention and Storage
None
812264
QSP – Risk Management
Parent
812680
TMP – FMEA Worksheet and Report
Child
817777
WI – Technical Review
Output
819725
WI – Software Hazard Analysis for Device Risk
Management
None
824606
LST – Master Harms
None
824768
LST – Master Definitions
None
825406
QSP – Usability Engineering Process
None
Safety
There are no safety issues for Associates performing this procedure.
6.0
Records
The records created as a result of performing this WI are listed in the table below. See LST –
Record Retention and Storage, 78-8067-7475-4, for specific information regarding storage
location and retention requirements for the records.
Record Name
FMEA Worksheet and Report
Quality Record Category
Engineering: Risk Management Files
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
7.0
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
3 of 28
Procedure
This section defines the Terumo CVS Failure Mode Effects Analysis (FMEA) process. Reference
FMEA Flowchart for Device Risk Management below.
Refer to QSP – Usability Engineering Process, 825406, for more information about how to
consider use of the device while performing an FMEA.
The main concept of FMEA as applied to medical device risk management is to analyze Failure
Modes (typically "Causes" from an associated Hazard Analysis Worksheet), determining Failure
Mode Causes, and developing Control measures to reduce the likelihood of the Failure Mode
Cause occurring. Failure Mode Effect is used as a parameter to develop the Risk Priority Number
(RPN).
All device FMEA activities shall be documented in TMP – FMEA Worksheet and Report, 812680,
and shall reside in the product Risk Management File. The initial release of an FMEA, and
significant revisions, shall undergo a review using WI – Technical Review, 817777.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
4 of 28
FMEA Flowchart for Device Risk Management
START
1 Define Purpose and
Scope of the FMEA
2 Describe intended use or
process
3 Develop supporting
documentation
4 Identify the Function
DFMEA) or Use step
(UFMEA) or Process Step
and Process Requirement
(PFMEA)
B
5 Identify potential Failure
Modes
6 Fill in occurrence rating of
the Failure Mode
7
Fill in Potential Effects of
the Failure Mode
8 Fill in severity rating
Use WIF – Master
Harms List (if
appropriate)
9 Fill in cause of Failure
Mode
10 Fill in existing Failure
Mode detection means
11 Fill in detection rating
12 Calculate Risk Priority
Number (RPN)
A
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
5 of 28
FMEA Flowchart for Device Risk Management (cont.)
A
13 Document
Risk Level
No
14 Identify
practicable
controls
15
IBD
PMx
Implement risk controls
Verify risk controls
Risk Management
Plan Acceptability
Criteria
16 Evaluate RPN after
implementation of risk controls
17 Is post-control Severity
3, 4 or 5?
No
18 Document
Information for
Safety
19
More Failure Modes?
Refer Failure Mode to
Associated Hazard
Analysis
Yes
Return
IFS
Yes
B
No
20
Create a Failure Modes RPN
Summary
Document in FMEA
Report
Send Failure Modes RPN
Summaries
To Risk Management Report
END
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
6 of 28
There are 3 types of FMEAs:

A Design FMEA (DFMEA) evaluates Failure Modes with respect to the design of the
system, sub-system, sub-assembly, module or component.

A Use FMEA (UFMEA) evaluates the Failure Modes with respect to use and/or misuse of
the device.

A Process FMEA (PFMEA) evaluates Failure Modes with respect to the assembly and
manufacturing process.
For each FMEA, use TMP – FMEA Worksheet and Report, 812680. In the instructions below, the
column to be used in the FMEA Worksheet is indicated in bold as Column [n].
The Project Technical Leader associated with the device under development for the FMEA shall
act as Team Leader and form a Cross-Functional FMEA Team (referred to as "Team"). Team
Members shall minimally consist of Product Development (software, hardware and/or post market
engineering as applicable), Design Quality Assurance, Site Quality, Clinical Services, Operations
Engineering, Supplier Quality Engineering, and Service. The DQA Representative is responsible
for ensuring the FMEA process is properly followed.
The Team Leader, with support from Team Members, shall complete TMP – FMEA Worksheet
and Report, 812680, following the steps described below.
7.1
Step 1
Document the Purpose, Scope, FMEA Type, and Participant Roles and Responsibilities.
Team Members shall have the appropriate knowledge and experience for their role on the
team. Reference Appendix A for guidance on key team members and things to consider for
each type of FMEA.
7.2
Step 2
In Section 3, System Description, of TMP – FMEA Worksheet and Report, 812680, the
Team shall document and describe the system, subsystem or process being analyzed. For
DFMEA or UFMA, describe the intended use. For PFMEA, use the manufacturing process
information. Also document the following information:
7.3

Identification and description of the medical device(s)

Use Case (to be used for UFMEA)

Process Flowcharts (to be used for PFMEA)

Description and listing of all accessories, regardless of their origin (to be used for
DFMEA or UFMEA)

Functional block diagram of the system and all sub-systems (to be used for
DFMEA or UFMEA)
Step 3
In Section 4, Supporting Documentation, of TMP – FMEA Worksheet and Report, 812680,
the Team shall identify and document all the supporting documentation used to perform the
FMEA. The supporting documentation includes (as appropriate):

Risk Control Option Analysis
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
7 of 28
7.4

Rating Scales for FMEA’s

RPN Level and Evaluation Criteria

Schematics

Drawings

Process Flowcharts

Unique symbols, terminology, and conventions

Use Case Scenarios

Architecture Design Documents

Detailed Design Documents

Requirements Design Documents

Technical Review Minutes

Functional specifications

Design input documents

Manufacturing Work Instructions, Procedures, Routers, Flow Diagrams

Existing risk management documents for the project

Fault analyses (e.g., Ishakawa diagrams (fish-bone), Fault Tree Analysis (FTA))

Occurrence data (from similar products or processes)

Prototypes, pictures, diagrams

Any other information that will help to identify Failure Modes, causes and effects
Guidance for filling out TMP – FMEA Worksheet and Report, 812680
For additional assistance understanding or performing an FMEA, reference Appendix B.
For each Failure Mode (see below) in the FMEA Worksheet, create a unique identifier
(UID) in Column [1].
Step 4
Fill in the Column [2] items in the worksheet per the list below.
For a UFMEA, enter a step from an identified Use Case
For a DFMEA, enter the function of the system, sub-system, or components
For a PFMEA, enter the step of the Process flowchart or other manufacturing
process documentation and fill in the Process Requirement in Column [2a]
Step 5
Fill in Potential Failure Modes (Column [3]) for the corresponding Column [2]
item. Write the related Hazard Analysis UID for a Hazardous Situation Cause
(Hazard Analysis Worksheet Column [1]) in the Potential Failure Mode cell, if
applicable.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
8 of 28
Each function or process step may have more than one Potential Failure Mode.
When listing Failure Modes, ask the question, “How can the item fail?” and
consider the following verbiage to describe the failure:

Too much

Not enough

Circuit Open / Closed

Inconsistent/intermittent

Won’t fit/assemble

Incorrect test results (passes bad, fails good)
Step 6
Fill in the estimated probability of the occurrence of each Failure Mode in the
Occurrence (“O”) Column [4]. To predict the Occurrence for a new product,
historical data from similar products is a good source, including Complaint and
NCR data. Reliability analyses may also be used (reference Appendix C).
If the Team develops and/or uses a quantitative occurrence rating scale
(reference Appendix E for guidance), the assumptions and rationale for the scale
shall be documented in or attached to TMP – FMEA Worksheet and Report,
812680.
Step 7
When an associated hazard analysis drives the FMEA Failure Mode, the Potential
Effect of the Failure is equivalent to the Hazard Analysis Harm associated with the
Hazard Analysis Cause which defined the FMEA Failure Mode. If multiple Hazard
Analysis lines apply, the line with the highest Severity applies. Summarize the
Hazard Analysis line’s Sequence of Events and Hazardous Situation sufficiently to
describe the situation leading to the Harm. Fill in the Potential Effect of the Failure
in Column [5] for each Failure Mode.
When documenting the Potential Effect of the Failure, two options exist when
determining the Harm and are listed in priority order:
1. If the Potential Failure Mode is (traceable) from the HA, fill in the same
Harm as in the HA and state the Harm/Cause and reference the HA
Harm/Cause line UID (select most severe Harm if more than one Harm is
associated with the HA Cause item).
2. If the Potential Failure Mode is not (traceable) from the HA, consult LST –
Master Harms, 824606, to select the appropriate most severe Harm as
the Potential Failure Mode.
NOTE: If there is not an appropriate Harm in LST – Master Harms, 824606, then
consult with Clinical Services. A Clinical Services Representative shall provide
the expertise to evaluate all potential Failure Modes for Harms. If necessary, the
Clinical Services Representative shall update LST – Master Harms, 824606, per
WI – Hazard Analysis for Device Risk Management, 78-8067-5094-5.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
9 of 28
Refer to Appendix C of WI – Hazard Analysis for Device Risk Management, 788067-5094-5.
Step 8
Fill in the Severity rating for each Failure Mode Effect in Column [6]. Reference
LST – Master Harms, 824606.
Severity ratings shall be taken from the associated Hazard Analysis or LST –
Master Harms, 824606 (if Team determines a new Harm not from the Hazard
Analysis).
Step 9
Fill in the Potential Cause of failure for each Failure Mode (Column [7]), as
determined by the Team analysis. Multiple Causes may be determined for a
Failure Mode.
Step 10
Fill in the existing detection methods into Column [8]. Reference Appendix C.
Important: Detection is the ability to detect the Failure Mode, before the Failure
Mode effect occurs. Once the Failure Mode effect has happened, it is too late for
detection. See QSP – Risk Management, 812264, Appendix C for FMEA typespecific guidance on Detection.
Step 11
Fill in the Detection rating in the “D” column (Column [9]). Reference Appendix
C.
Step 12
Fill in the Risk Priority Number (RPN) value (Column [10]), calculated as: S x O x
D = RPN. Reference Appendix D.
Step 13
Fill in the initial RPN Level column (Column [11]) on the FMEA Worksheet, based
on the RPN levels defined in the Risk Management Plan.
At this point in the FMEA effort, if it is appropriate to approve the document as an
Initial FMEA (refer to QSP – Risk Management, 812264), the following columns of
the worksheet may be left blank and approvals pursued per section 7.6.
Step 14
Identify all practicable Risk Controls, classify them (e.g., IBD, PMD, PMM), and
document and reference them in (Column [12]) as IBD, PMD, or PMM.
Practicable controls are those controls which can be done by the company without
causing disruption to the product design so as to make it unfeasible to provide to
the marketplace (taking into account the technical, clinical, regulatory, sociological
and political context). Document all risk control option analysis discussions in a
Risk Control Option Analysis (RCOA) document with a unique document number,
and reference the RCOA document in the FMEA Report (reference Appendix C).
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
10 of 28
The Risk Control Option Analysis document shall be maintained as a separate
document in the Risk Management File, referenced by or attached to the FMEA.
This document requires update whenever a risk control is added, deleted or
changed in a substantial way.
RCOA shall consider risk controls that will reduce the RPN to the lowest possible
level. Refer to Appendix D of WI – Hazard Analysis for Device Risk Management,
78-8067-5094-5, for further instruction. See section 7.6 for completing the
approvals coversheet. FMEA RCOA shall support the reduction of risks in the
Hazard Analysis.
Acceptable objective evidence of a risk control includes referencing the following
elements by title and with a controlled document number:

Design requirement,

Product specification,

Labeling specification,

Procedures (i.e., Manufacturing Work Instruction).
Step 15
Implement all practicable risk controls.
Document the objective evidence of verification of implementation and the
verification of effectiveness in Column [13] of the worksheet.
Reference Appendix C.
Step 16
Determine if the practicable controls reduce the RPN.
Use similar methodology for re-estimation of severity and occurrence and
detection (see step 6, 8 and 10) after RPN controls. Document the new severity
(Column [14]), new occurrence in (Column [15]) and new detection (Column
[16]).
Compute the new RPN and place the value in Column [17] of the FMEA
Worksheet (reference Appendix D and Appendix F).
Step 17
Evaluate new RPN. Refer any Failure Modes back to the associated Hazard
Analysis if they have a Severity rating of 3, 4 or 5 for further evaluation in the
Hazard Analysis as potentially new risks. Refer Failure Mode controls UIDs to
Hazard Analysis Worksheet (risk controls).
Step 18
Document the Information For Safety (IFS) to be disclosed, as determined by the
Risk Control Option Analysis, on (Column [19]) of the FMEA worksheet. Include
verification of implementation.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
11 of 28
Step 19
Determine whether new Failure Modes have been introduced in the course of
developing and implementing the risk controls.
If new Failure Modes have been identified, go to Step 5, Identification of Failure
Modes.
Check to determine if more Failure Modes remain to be analyzed. If yes, go to
step 5.
If no new Failure Modes have been identified, proceed to Step 19.
7.5
Step 20
Create a summary of all evaluated Failure Modes with their associated RPNs for this
FMEA. Document this summary in TMP – FMEA Worksheet and Report, 812680, Section
5: FMEA Summary. This report shall be reviewed and approved to complete this activity.
The summary shall include, but not be limited to, the following:

Quantity of Items Analyzed,

Quantity of “line items” that had initial RPN of High, Medium or Low.

Quantity of “line items” that had initial RPN of Medium that were reduced to Low.

Quantity of “line items” that had initial RPN of High that were reduced to Medium.

Quantity of “line items” that had initial RPN of High that were reduced to Low.

Quantity of “line items” that had initial RPN of High that remained High.

All risk controls have been verified as being implemented.
Ensure this summary is also included in the Risk Management Report document.
7.6
Approvals
Fill in the cover sheet with the approvers’ names and functions per the Roles and
Responsibilities. If the document is to be approved electronically, fill in the names and
functions and enter “see electronic signature” in the Signature column.
NOTE: When the document is being approved electronically, ensure that the Effective Date
is entered as “DD-MMM-YYYY”; the effective date will be added by the Configuration
Manager during CC/ECO processing. If it is not being approved electronically, ensure that
the Effective Date is “See last approval date”.
8.0
Revision History
The Revision History contains a brief summary of the changes made to this document. Refer to
the ECO for a complete summary of changes.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
12 of 28
Author
Bill Hansen
Revision
K
Summary Description of Change
Converted to new format per 812381, Rev. P.
ECO
Number
Effective
Date
85472
See Effective
Date in
header
83666
21-JAN-2013
83363
12-OCT-2012
Clarified how Risk Control Option Analysis is documented,
including new template.
Removed risk acceptability terms and replace with
High/Medium/Low.
Disallowed the use of IFS controls to reduce risk level; create a
separate column for listing of IFS.
Fixed formatting and create a recurring header in the worksheet
section.
Required risk control consideration for ALL risks, even those
considered Broadly Accepted.
Clarified the need for Technical Reviews.
Bill Hansen
J
Added statement regarding concept and use of FMEA; replaced
flowchart to better represent process flow; re-ordered types of
FMEAs
Added " for Hazardous Situation Cause" after Hazard Analysis UID
to clarify the FMEA Failure Mode is the HA Hazardous Situation
Cause
Added "practicable" to risk controls and defined practicable. Also
added language to require risk control option analyses. Added
reference to Appendix C: Examples of Failure Mode Cause Risk
Controls and Failure Mode Inherent Detection
Appendix C – added new appendix for examples of risk controls
and inherent failure mode detection means
Bill Hansen
H
Added statement indicating use of WI – Technical Review, 817777,
pre-commercialization.
Clarified that Failure Mode Effect is associated to the Hazard
Analysis Cause and the Failure Mode Effect is the associated
Hazard Analysis Harm. If the FMEA line item is not driven from a
Hazard Analysis Cause/Harm, then the Harm must be established
by the cross-functional team and selected from the Master Harms
List.
Delineated Hazard analysis Cause and Failure Mode Cause more
clearly.
Clarified definitions in initial risk evaluation to Broadly Acceptable,
Intolerable or ALARP
Identify RPN acceptability criteria and clarify failure modes UIDs to
Hazard Analysis Worksheet.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
13 of 28
Appendix A – Types of FMEAs
The table below gives some guidelines on these types of FMEA. These are recommendations; each
FMEA effort should be planned to best fulfill its scope and need. While the full cross-functional team
is required for each type of FMEA, the “key team members” listed below may have the greatest
involvement in the creation of the FMEA.
TYPE
Design
(DFMEA)
Use
(UFMEA)
Process
(PFMEA)
KEY TEAM MEMBERS
Quality
PD
Operations Engineering
Supplier Quality
Engineering
Service
Quality
PD
Clinical
DIAGRAM TYPE
Functional block diagram,
functional decomposition,
BOM, component
drawing, or use case
-
Use Case documents
-
Quality
PD
Operations Engineering
Supplier Quality
Engineering
Service
Process flow diagram
THINGS TO CONSIDER
Component “infant mortality”
Tolerance stack-ups
Wear-out and end-of-life
Design control process
issues
Reasonably foreseeable
misuse
Differences in clinical
techniques
Setup and cleanup
Critical situation responses
Service activity
- Incoming inspection
processes
- Storage and handling
processes
- Manufacturing
processes
- Packaging and
labeling processes
- Shipping processes
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
14 of 28
Appendix B – Guidance for an FMEA Effort
Guidance for Use FMEA (UFMEA)
A Use Case document is the starting point for a UFMEA. As there may be multiple Use Cases for
one system, review and analyze each use case to determine the correct one that applies to the
situation under analysis in the UFMEA. A UFMEA shall cover each step of the Use Cases associated
with the application and intended use of the product under analysis. For each heading on the
worksheet (Use Case Element 1.0, Use Case Element 2.0, etc.), use a Use Case heading from a Use
Case document and identify the steps from the Use Case in the worksheet.
Guidance for Design FMEA (DFMEA)
For large, complex designs, the practice of partitioning the DFMEA into a system, subsystem and
component hierarchical structure is encouraged. For efficiency and manageability it is usually best to
partition the FMEA work such that it corresponds to system partitioning decided upon for
requirements definition, design and development and assembly. Use diagrams/drawings that reflect
the organization of the FMEA. Diagrams or drawings may also be included that show the device in its
use environment, a functional block diagram, a component drawing, or other drawings that clarify the
device and the scope of the FMEA. The system partitioning/drawings/diagrams used shall be
documented in the device Risk Management Plan.
Consider items which can be used on other systems (e.g., the flow sensor). Consider items which are
clearly separated from other parts of the system (e.g., the Delphin battery) under analysis. These
items should be separated into sub-system DFMEAs for clarity or to enable re-use in another system
which may use this same sub-system. This architectural breakdown into subsystems should be
documented in the Risk Management Plan.
Critical components require consideration in an FMEA as appropriate. Additional consideration of
mechanical interfaces and functions, electrical/electronic interfaces and functions, material
considerations and chemical and biological considerations are also appropriate. Include Supplier
Quality Engineering quality considerations for control of components or subsystems provided by
external suppliers, including the prevention of the receipt of nonconforming components or
subsystems. Component-level FMEA, as well as Fault Tree Analysis (FTA), may be used to support
Design FMEA and identify critical components or characteristics.
Design FMEA is intended to analyze failures of the design process resulting in poor design. Failures
of the device in the field represent a design Failure Mode as related to reliability, maintenance or
other design-related issues, and should be considered as opportunities to improve these aspects.
Software items are considered in the SW HA (refer to WI – Software Hazard Analysis for Device Risk
Management, 819725).
Pre-mitigation information comes from previous designs and their previous FMEA information. When
compliance to standards is defined as a starting condition and a risk control, the risk control option
analysis indicates compliance to the IEC standard is required and therefore shall be verified.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
15 of 28
Guidance for Process FMEA (PFMEA)
For a particular product that involves several production processes, provide a diagram showing the
relationship of these to support all PFMEA activity in the product development or product under
analysis (put the diagram in the associated Risk Management Plan).
Additionally, for each PFMEA, reference the Process Flow Diagram for the process. The flowchart
shows all process steps covered by the PFMEA, and will follow the organization and sequence of the
PFMEA; this will make the document easier to follow, especially for a complex process.
The Sample Process Flowchart below illustrates the sequential steps and the various processes that
may be necessary to build a product. As illustrated, the flowchart uses several sources of
manufacturing process information. This information includes:
 Operation Step # (OP Step)
 Routers
 Procedures
 Manufacturing Instructions
The flow chart shall show the relationships among all the process steps required to manufacture the
assembly or sub-assembly. The flowchart shall show all relationships between PFMEA Process
element # and the process item in the manufacturing process.
The PFMEA Process element number divides the PFMEA Worksheet into sections to analyze each
associated process step in that associated Process element. The process procedure step number is
placed in Column [2] of the Worksheet.
A PFMEA can be conducted on any process that is used to build a device. The scope of process
FMEAs may include, but is not limited to:
 Incoming inspection processes
 Storage and handling procedures
 Manufacturing processes (such as fabrication, sub-assembly, final assembly, painting,
welding/soldering, etc.),
 Packaging and labeling processes
 Shipping processes
 Service and repair processes
Include Supplier Quality Engineering quality considerations for control of components or subsystems
provided by external suppliers.
PFMEAs are not to be performed on manufacturing tests. Manufacturing tests shall be verified and
validated using Test Method Validation processes.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
16 of 28
Sample Process Flowchart
Initiate Process
Flow
P/N
Material A
P/N
Material B
Incoming QA
Incoming QA
Routing OP #1
Procedure #
Component/Asby F
P/N
P/N
Component
E
(fab)
Routing OP #2
Procedure #
Component/Asby F
P/N
Routing OP#
Procedure #
Component/Asby E
P/N
Routing OP #3
Procedure #
Component/Asby F
P/N
QA Step
Inventory
Routing Op #
Procedure#
P/N
Sub-Assembly G
Routing OP #
Procedure #
P/N
Sub-Assembly H
Routing OP #
Procedure #
P/N
Sub-Assembly G
Routing OP #
Procedure #
P/N
Sub-Assembly H
Routing Op #
Procedure #
P/N
Sub-Assembly K
Finish Process
Flow
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
P/N
Material C
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
17 of 28
Appendix C – Failure Mode Inherent Detection and Control
of Failure Mode Causes
Common Inherent Risk Detections
Inherent Risk Detection – A method for detecting a Failure Mode which does not rely on product-specific
inspections or tests, but are rather inherent to the process or Quality System. Inherent Risk Detections
are “built-in”, not “tested-in”.
DFMEA: Given that a Failure Mode is present in the product’s design, the likelihood that the Failure Mode
will be detected during product development prior to product commercialization.
PFMEA: Given that a Failure Mode is present in the product as produced, the likelihood that the Failure
Mode will be detected during production, prior to the device completing the processes under analysis.
UFMEA: Given that a Failure Mode is present during the use of the device, the likelihood that the Failure
Mode will be detected by the user prior to the effects occurring.
Common Inherent Risk Detections
Detection
Design
Detections
Usage / Detail
Usage: Design Detections
followed by Detail.
Detail




Verification of
Implementation
Verification of
Effectiveness
Inspection records
Test records
Design outputs
Review records
 Risk Review Data
per WI 824650
 Verification test
records
 Validation test
records
1. Software Control
2. Design to standards (IEC
60601-x)
3. Design controls (Poka-yoke)
4. Technical design reviews
5. Reliability Program
6. Independent reviewer
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
18 of 28
Common Inherent Risk Detections
Detection
Supplier
Detection
Usage / Detail
Usage: Supplier Detection
followed by Detail.
Detail
1. Supplier Evaluation and
Selection process
2. AQPQ program
Personnel
Detection
Usage: Personnel Detection
followed by Detail.
Verification of
Implementation
 Supplier audit
procedures and
checklists

APQP evidence of
detection are:



Supplier FMEA
Supplier Control Plan
Supplier Validation
 HR personnel testing
requirements
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Supplier
performance data
 Supplier Evaluation
records
 Risk Review Data
per WI 824650
 HR records
Detail
1. Eye site testing
System Level
Detection
Usage: System Level
Detection followed by
Detail
Detail
 Use Validation
protocols
 SDD and/or SAC
(software alarms and
graphical interface)
 HDD (hardware
alarms)
 Risk Review Data
per WI 824650
 Verification test
records
 Validation test
records
1. Alarms
2. BIT (Built in Test)
3. Graphical Interface (T-Link,
APS1, CDI)
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
19 of 28
Common Inherent Risk Detections
Detection
Visual
Detection
Usage / Detail
Usage: Visual Detection
followed by Detail.
Detail:
Verification of
Implementation
 Drawings
 Specifications
 Use Validation
protocols
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Verification test
records
 Validation test
records
1. Clear pump covers to see
when pump stops
2. Clear tubing
3. Clear bags
4. Clear centrifugal pump
housing
5. Clear housings
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
20 of 28
Examples of Failure Mode Risk Controls
HARDWARE RISK CONTROLS
Control
Inherent
Safety By
Design (IBD)
Usage / Detail
Usage: IBD or PMD followed
by Detail
or
Protective
Measures in
the Design
(PMD)
(IBD or PMD
dependent on
how the
control is used
and its effect
on the risk)
Detail for Design measures
Use of specific designs to
eliminate or prevent failure mode
or risk causes. Can involve
partitioning the hardware design
implementation, separation
Detail for preventive
measures
1.
2.
Design to standards
Design controls (including
Poka-yoke techniques)
3. Materials Selections
4. Industry standards for
materials (ASTM)
5. Reliability Program (ref. WI
814482)
6. Standardized Symbols
7. Independent reviewer
8. Best practices (ref. WI
814476)
Verification of
Implementation
Verification of
Effectiveness
 Specific design standard
met (IEE, ASTM, IEC,
AAMI, IPC, ANSI, ISO,
DIN, SAE, JSA, JCAHO,
etc.)
 Verification / Validation
protocols
 Specific Drawing
numbers
 Reliability Program may
include:
o Reliability as
Designed
o Reliability as
Manufactured
o Reliability as
Maintained
 Best Practices may
include:
o Locking connectors
o Thread locker
o Tie downs
o Shock absorbers
o EM shielding /
ferrites
o Strain relief’s
o Insulators
o Hardware selection
o Torque
specifications
 Risk Review Data per
WI 824650
 Verification /
Validation Reports
 Reliability testing
results
 Test reports to
support
Certifications
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
21 of 28
HARDWARE RISK CONTROLS
Control
Usage / Detail
Protective
Measures in
the Design
(PMD)
Usage: HPQ followed by Detail
Hardware
Design
Process
Quality (HPQ)
1.
2.
3.
Detail
EMI / EMC protections
Vibration / Shock resistance
Design Rules (electrical
rules, SPICE, tolerance
stacking)
4. Independent reviewer
5. Technical reviews
6. Literature Reviews
Verification of
Implementation
 Specific design standard
met (IEE, ASTM, IEC,
AAMI, IPC, ANSI, ISO,
DIN, SAE, JSA, JCAHO,
etc.)
 Verification / Validation
protocols
 Specific Drawing
numbers
 Standard used for
symbols
 Design Review meeting
agenda’s
 Literature citations
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Design Review
meeting minutes
 Verification /
Validation Reports
 Reliability testing
results
 Test reports to
support
Certifications
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures in the
Manufacturing
Process
Usage / Detail
Usage: Supplier Controls
followed by Detail.
Detail
Supplier Controls
1.
Supplier Evaluation and
Selection process
2. On-going supplier evaluation
and rating process
3. AQPQ program (ref. WI819750)
4. Mold Validation
5. Purchase to standards (IPC
600, 610, 620)
6. C of C for purchased product
Verification of
Implementation
 Supplier Evaluation
documents
 Supplier Corrective
Action Requests
 Mold Validation
protocols
 Supplier agreement
(SSAF)
 Copy of C of C
APQP evidence of controls
are:
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Supplier FMEA,
Test, and Validation
results
 Supplier
performance
results
 Mold Validation
results
 Supplier Corrective
Action results
 Supplier FMEA
 Supplier Control Plan
 Supplier Validation
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
22 of 28
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures in the
Manufacturing
Process
Usage / Detail
Usage: Receiving Inspection
followed by Detail.
Detail
1. Receiving inspection
2. First Article Inspection
Verification of
Implementation
 Receiving inspection
record
 PIP / QIP document
number
 FA inspection
information
 NCR Process
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Inspection results
 NCR Results
Receiving
Inspection
Process
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
23 of 28
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures in the
Manufacturing
Process
Production
Controls
Usage / Detail
Usage: Production Controls
followed by Detail.
Detail
1. Laminar flow hoods
2. ESD Tables / wrist straps
3. Deionizers
4. Inspection magnification
5. 5S program
6. Tool control
7. Lighting specifications
8. Controlled Area
Requirements
9. Controlled Area Personnel
Controls (gowning, beard /
hair nets, booties, etc.)
10. Sterility Controls
11. Pest Control
12. Test Method Validation
13. ESD Controls
14. Inventory controls
15. Production area access
controls
16. Process Validation
17. White paint mark used after
torque verification
18. NCR system
19. Acceptance tags
20. Segregation on floor (tested
passed vs. not tested vs.
failed)
21. Graphical work instructions
22. Standardized DHR
23. Controlled BOM’s
24. Equipment IQ, OQ, PQ
25. Poka-Yoke assembly
methods
Verification of
Implementation
 Receiving inspection
record
 PIP / QIP document
number
 FA inspection
information
 Calibration / PM
procedures
 ESD control
procedures
 Controlled area test
procedures
 Sterility test
procedures
 Pest Control contract
 TMV Protocols
 NCM Procedure
 DHR Procedure
 IQ, OQ, PQ
Procedures
 NCR System
Verification of
Effectiveness
 Risk Review Data
per WI 824650
 Production metrics
 Calibration records
 ESD Test records
 Controlled area
test records
 Inspection records
 Sterility test
reports
 Pest Control
records
 TMV Reports
 Validation reports
 NCR’s
 DHR’s
 IQ, OQ, PQ Reports
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
24 of 28
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures in the
Manufacturing
Process
Production
Inspection and
Testing (PIT)
Processes
Protective
Measures in the
Manufacturing
Process
Usage / Detail
Usage: PIT followed by Detail.
Detail
1. Production Testing
(receiving, in-process, final)
2. In-process inspection
3. Hipot
4. Milk test for X coating
5. CDI fiber bundle testing
6. Pouch pull
7. Leak testing
8. Color chip testing
9. Vibration testing
10. Shock testing
11. Drop testing
12. Internal test to IPC 610, 620
13. Burn-in testing
14. HASS testing
15. Bio-burden testing
16. Shelf life testing
17. Cable testing
Usage: Personnel Controls
followed by Detail.
Verification of
Implementation
 Inspection work
instructions
 Testing work
instructions
 TMV protocols
 Risk Review Data
per WI 824650
 Inspection Records
 Test Records
 TMV records
 HR procedures
 Risk Review Data
per WI 824650
 HR Records
 Internal Audit
results
Detail
Personnel
Controls
Protective
Measures in the
Manufacturing
Process
1.
2.
3.
4.
Verification of
Effectiveness
Eye sight testing
Employee selection process
Job descriptions
Training
Usage: Calibration
Detail
1. Calibration
 Calibration protocols
 Risk Review Data
per WI 824650
 Calibration records
 Internal Audit
results
Calibration
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
25 of 28
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures
(General)
Field service
replaceable
components
Usage / Detail
Usage: Field service replaceable
components
Usage: Use by medically
trained personnel, expertise in
OR personnel
Use by medically
trained
personnel,
expertise in OR
personnel
Detail
Protective
Measures
(General)
Usage: User facility standards
1. Use by medically trained
personnel, expertise in OR
personnel
Detail
1. User facility standards




Protective
Measures
(General)
Usage: Expiration dating
Detail
Expiration dating
Verification of
Effectiveness
 Field service item list
 Risk Review Data
per WI 824650
 IFU references to
minimum personnel
requirements
 Industry standards for
personnel to operate
equipment
 National certifications
of personnel
 Organizational
certifications of
personnel
IFU references to
minimum user facility
requirements /
standards.
Industry standards for
user facilities to operate
equipment
National certifications
for user facilities
Organizational
certifications of user
facilities
Approved documents
requiring expiration
dating on products
 Risk Review Data
per WI 824650
 Organizational
certifications
 Personnel
certifications
Detail
1. Field service replaceable
components
Protective
Measures
(General)
User Facility
standards
Verification of
Implementation

 Risk Review Data
per WI 824650
 Organizational
certifications
 Personnel
certifications
 Risk Review Data
per WI 824650
 DHR indicating
expiration dating
1. Expiration dating
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
26 of 28
QUALITY SYSTEM RISK CONTROLS
Control
Protective
Measures
(General)
Usage / Detail
Usage: Shelf life testing
Verification of
Implementation
Verification of
Effectiveness
 Shelf life testing
protocols
 Risk Review Data
per WI 824650
 Test results
 Approved documents
requiring product
installation by Terumo
Field Service
 Risk Review Data
per WI 824650
Detail
Shelf life testing
1. Shelf life testing
Protective
Measures
(General)
Usage: Product Installation by
Terumo Field Service (e.g. T-Link,
APS1)
Product
Installation by
Terumo Field
Service (e.g. TLink, APS1)
Detail
1. Product Installation by
Terumo Field Service (e.g. TLink, APS1)
Protective
Measures
(General)
Usage: Field Service Required
Field Service
Protective
Measures
(General)
In-House Service
/ PM Required
Detail
1. Field Service
Usage: In-House Service / PM
Required
 Field Service
procedures
 Field Service
personnel training
requirements
 Risk Review Data
per WI 824650
 Field Service
personnel
training records
 IFS or other
 Risk Review Data
documents directing
service by only inhouse personnel.
Detail
1. In-House Service / PM
Required
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
per WI 824650
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
27 of 28
Appendix D – FMEA Rating Scales
Use the Severity, Occurrence and Detection scales as contained in Appendix C of QSP – Risk
Management, 812264. Risk Priority Number (RPN) is the product of Severity (S), Occurrence (O)
and Detection (D). The scales for Occurrence and Detection are different for FMEA vs. Hazard
Analysis (the detection tables are specific for DFMEA, UFMEA or PFMEA). Be careful to select the
proper table from Appendix C of QSP – Risk Management, 812264.
Appendix E – Field Failure Occurrence Data
When developing quantitative occurrence ratings, it is especially important to document all
assumptions regarding analysis time frames, production rates, length of production, number of units
in the field, and customer usage rates of fielded product.
EM products:
Probability failure mode = Ocomplaints / ((cases/unit/year) * (x yrs.) * (units in field))
SP products:
Probability failure mode = Ocomplaints / units in field
For both EM and SP products, the following definitions apply:
 Ocomplaints – Number of occurrences of a Failure Mode as derived from completed complaints
taken from the EtQ Database for the period of analysis.

Cases/unit/year - 121

x yrs. – interval from which the complaints would be taken. Determine if other numbers
would be valid.

Units in field – For EM, total number of units in the field back 10 years. For SP, total number
of units in the field back 2 years
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed
QS Category
Doc. Class
Document No.
Revision
Risk Management
WI
78-8067-8973-7
K
Title
Effective Date
Page
FMEA for Device Risk Management
29-OCT-2014
28 of 28
Appendix F – RPN Evaluation and Acceptability
Each Failure Mode of the FMEA represents a possible risk to the patient or user. These Failure
Modes shall be evaluated, to determine the RPN level.
RPN (Risk Priority Number, S x O x D) is composed of 3 components: Severity (S), Occurrence (O)
and Detection (D).
After all of the Failure Modes in the FMEA have been evaluated, sort them by RPN value. If two (2)
or more items have the same RPN, then sort those RPNs in the following priority:
1) Severity
2) Detection
3) Occurrence.
RPN levels as established in the associated Risk Management Plan shall be used in the evaluation.
Each RPN falls into one of these ranges:
High
Medium
Low
All risks shall be further evaluated by using Risk Control Option Analysis as defined in QSP – Risk
Management, 812264. Redesigns, controls, or other mitigations shall be considered and if an RPN
cannot be reduced to a lower level, then the item shall be investigated and an explanation written to
explain why it is not further reducible. All rationale shall be documented in the Risk Control Option
Analysis and/or the Technical Review minutes.
Failure Modes shall be evaluated in the associated Hazard Analysis if the Severity rating of the
Failure Effect is rated as 3, 4 or 5.
When an item is modified, due to redesign or addition of controls or mitigations, the changes shall be
examined to make sure that no new Failure Modes have been created. If new Failure Modes have
been created, they shall be entered in the FMEA and evaluated.
Terumo Cardiovascular Systems Corporation Confidential
Uncontrolled Document When Printed

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz