29 Jun 2017
by Marion Lepmets


Criticality or not? Which one is better? Which one should you use?

The answer is simple: it depends.

You are probably fed up with the “it depends” answers you get in this sector.

But in this case it means “It depends on YOU”.

First the compliance bit: there is no requirement, in ISO 13485, 21 CFR 820, ISO 14971 that prescribes you have to pick one rather than the other.

It’s not even a requirement to have a FME(C)A at all.

The only requirement is to identify the hazards, the related harms and the appropriate causes. A top down analysis.

So which one is better?

It is a case by case decision (which is another way to say “it depends”, I know…)

This is our point of view on the matter:

1) You should have at least one FMECA (usually the one at a system level) that talks directly to the Top-Down analysis. Risk mitigation actions should be reported in the latter, so you will have only 1 document that will dictate the acceptability of each risk.

2) All the other bottom-up analyses should be FMEAs, limiting the effect to the local level (i.e. what happens to the subsystem covered by the FMEA)

3) FMEAs are general tools that you can use for any purpose, not necessarily to determine the acceptability of risks. A typical use (where the concept of RPN comes from – Risk Prioritization Number) is to identify the areas of higher risk to distribute resources and effort more effectively.

It is also good practice to ensure that it is aligned with your top-down analysis, and this is particularly important for a FMECA; in this case it is strongly recommended to have some sort of automated traceability software, otherwise you will soon get lost in the web of links.

We help medical device companies fast-track the development of their Quality Management System and automate their compliant Risk Management with the help of our Atlassian add-ons for Confluence and JIRA.

Try us out on

SoftComply apps are available on Atlassian Marketplace – you can try them all out for free!