| ISO 14971:2019 Section | Document Section |
|---|---|
| 5.2 | (all; entries related to reasonably foreseeable misuse) |
| 5.4 | 3 |
| 5.5 | 3, 4 |
| 6 | 3 |
| 7.1 | 4 |
| 7.2 | 4 |
| 7.3 | 4 |
| 7.5 | 4 |
| IEC 62366-1:2015 Section | Title | Document Section |
|---|---|---|
| 4.1.2 | Risk Control as it relates to User Interface design | 4 |
| 5.3 | Identify known or foreseeable Hazards and Hazardous Situations | 1, 3 |
This document outlines the Failure Mode and Effects Analysis ([FMEA][wikipedia-fmea]) for the device. It is divided into the following sections:
- Failure Modes: A list of potential issues that could occur.
- Hazards and Analysis: A record of possible harms that could result, along with analyses of probability and severity.
- Risk Control Measures: A compilation of implemented measures to reduce risk by decreasing probability, severity, or both.
This process became more intricate than anticipated, and I apologize for the complexity. To teach it effectively, it would be easier if everything were in one table. Unfortunately, due to website limitations and column constraints, three separate tables were needed. I’ll explain as we go through it.
1. Preliminary Hazards Analysis (PHA)
A Preliminary Hazards Analysis (PHA) is a collection of potential issues that could arise. Typically, this is developed when considering the product, such as predicting negative outcomes from an incorrect forecast. The table below is for documenting these risks. It includes the description and a “source” column that indicates the origin (e.g., Intended Use, User Test, ISO 14971 checklist, or TR 24971) and “Hazard ID(s)” for where further risk analysis (including probability and severity) was conducted.
| ID | Source | Description | Hazard ID(s) |
|---|---|---|---|
| 1 | General Considerations | Incorrect Covid prediction | 1 |
| 2 | Intended Use | Incorrect Covid prediction | 1 |
| 3 | Usability Test | User misinterprets prediction result | 1 |
2. Failure Modes
This section identifies possible failures in the software, which can be determined during the coding process or through consideration. Common failures include unavailable features, invalid data returns, or security breaches.
For example, in the Covid prediction app discussed in my videos (which you don’t need to view now), potential failure modes include miscalculations on the backend (ID 1) or incorrect displays on the frontend (ID 2). Both failures can lead to the same hazard (ID 1) detailed in the Hazards and Analysis table.
| ID | Software System | Failure Mode | Hazard ID(s) |
|---|---|---|---|
| 1 | Backend | Incorrect Covid prediction | 1 |
| 2 | Frontend | Incorrect display of prediction | 1 |
3. Hazards and Analysis
This section outlines what happens after the software fails. It focuses on real-world consequences rather than software issues. ISO 14971 requires an analysis of Hazards, Hazardous Situations, and Harms, which are presented in the table.
For instance, if there is a hazard like an incorrect Covid prediction, the likelihood of leading to a hazardous situation (e.g., a user believing they are healthy but actually having Covid) is estimated at 1% (0.01). This probability can be determined using medical data, such as the prevalence of Covid in the target population.
The hazardous situation could result in harm, such as disease progression if the user remains at home instead of seeking medical care. If only 10% (0.1, p2) of users trust the app blindly, then multiplying p1 by p2 (0.001) helps assess the risk category (e.g., P4) and severity (e.g., S2). Checking these values against the Risk Acceptance Matrix shows whether the risk is acceptable. In this case, it is not, necessitating a risk control measure, referenced by ID (1), that reduced the probability to P3, making it acceptable with S2.
| ID | Hazard | p1 | Hazardous Situation | p2 | Harm | p1*p2 | P | S | Acceptable? | Comment | Risk Control ID(s) | P | S | Acceptable? |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Incorrect Covid prediction | 0.01 | User believes they are healthy but has Covid | 0.1 | Disease progression | 0.001 | P4 | S2 | No | 1 | P3 | S2 | Yes |
4. Risk Control Measures
This section lists the Risk Control Measures referenced in the Hazards and Analysis table above. The measure with ID 1 involved verifying the prediction algorithm with test data before deployment to mitigate the risk of disease progression. This step reduces the probability of incorrect predictions by 0.01 (10^-2). The severity remains unchanged, meaning the potential harm (disease progression) is still a concern.
ISO 14971 classifies Risk Control Measures into three types:
* Inherent Safety by Design
* Protective Measures
* Information for SafetyNote that “Information for Safety” must be included in the application interface, not just the user manual, to be effective.
| ID | Description | Type | Probability Reduction | Severity Reduction | Negative Influence on Device Safety / Performance Introduced by Mitigation Measure? | Verification Implementation | Verification Effectiveness |
|---|---|---|---|---|---|---|---|
| 1 | Verify prediction algorithm with test data | Protective Measure | 10^-2 | 1 | No | Link Software Test ID | Link Usability Test ID |