Historically, medical device manufacturers have frequently used Failure Modes and Effects Analysis (FMEA) to identify possible failures in their medical device’s design, manufacturing or assembly process. FMEA is defined in the IEC 60812. However, is FMEA equivalent to the ISO 14971 when establishing a risk management system for medical devices? Furthermore, more importantly, is FMEA sufficient to comply with the risk management requirements set up in the European 2017/745 Medical Device Regulation (MDR) and the 2017/746 In Vitro Diagnostic Medical Device Regulation (IVDR)? Here in this article, we will define and highlight the differences between both standards (IEC 60812 FMEA vs ISO 14971) to support manufacturers in developing a compliant process for managing the risks associated with their medical devices.
Risk Management
Medical devices are powerful tools capable of addressing a plethora of medical needs to benefit patients and support health care providers. Such power comes with a great responsibility: according to the MDR and IVDR manufacturers must ensure that medical devices and IVDs perform as intended while guaranteeing a high level of safety for the users, eliminating or reducing their risks as far as possible (AFAP) through safe design and manufacturing. Risk management is a systematic process throughout the device’s entire lifecycle to identify the hazards associated with a medical device, evaluate and control the associated risks, and monitor the effectiveness of the implemented risk control measures.
Manufacturers must establish, document and maintain a risk management system as a requirement to place medical devices in the market under the EU MDR and IVDR. In this context, we recommend using additional guidance to generate the risk management system.
ISO 14971 is the most common standard to ensure compliance with EU regulations. The process described in ISO 14971 leads to identifying all hazards associated with using a medical device, under both normal and fault conditions, to evaluate associated risks, control them and monitor effective control measures.
Failure Modes and Effects Analysis (FMEA) is a system reliability tool to identify, evaluate and control possible failures associated with the design and manufacture of a product. As mentioned earlier, the FMEA process is defined in IEC 60812.
Some manufacturers may believe that FMEA is sufficient to fulfil all risk management requirements for medical devices under the EU MDR and IVDR. Thus, in the following sections, we will compare the main features of both standards.
ISO 14971 vs FMEA
When comparing ISO 14971 with FMEA, some significant differences may appear apparent to readers:
1. Type of risk identified
Risk management according to ISO 14971 includes risks from normal use, reasonably foreseeable misuse and fault conditions, as required by the MDR or IVDR General Safety and Performance Requirements (GSPRs), whereas the FMEA only includes risks associated with failure.
2. Main components of risk analysis
The main components for developing the risk analysis under the ISO 14971 are a hazard (a potential source of harm), a hazardous situation (circumstance in which people, property or environment is exposed to the hazard), a sequence of events (sequence of events that lead to a hazardous situation) and a harm (injury or damage to people, property or environment. In contrast, the FMEA components are:
- a cause (set of circumstances that leads to failure),
- a failure mode (how failure occurs), and
- an effect (the consequence of a failure).
3. Severity of harm
During the normal process of evaluating risks, these risks are evaluated according to a combination of occurrence (probability of happening) and severity. ISO 14971 bases severity on people’s harm, whereas according to FMEA, the severity depends on whether the failure causes a small loss of function (low risk) or complete breakdown of the product (high risk).
4. When to start the risk analysis
Since ISO 14971 works by identifying hazards, it is possible to evaluate some of the risks during the early stages of the product design. Oppositely, FMEA works better in mature designs as it looks at failures from components or process steps. Hence, the use of ISO 14971 allows manufacturers to have a better overview of risks from the early stages of product design.
Summary
Readers may have noticed that ISO 14971 and FMEA are substantially different approaches. Moreover, the FMEA approach is insufficient to comply with the EU regulations.
FMEA – IEC 60812 | Risk Management – ISO 14971 | Consequence |
Only fault risks. | Every risk including misuse and fault conditions. | ISO 14971 analyses all the risks, and FMEA can be used to improve reliability. |
Input: detailed components or process. | Input: hazards. | ISO 14971 can and should be started in the early phases of design. FMEA requires mature design. |
Severity is based on system performance. | Severity is based on person harm (used, patient, third persons). | ISO 14971 focuses on the safety and health of the persons. |
Despite FMEA’s limitations, this approach is still considered a valuable and intuitive tool for those devices where performance and reliability are essential for the safety of users. Manufacturers, therefore, should consider integrating FMEA as part of their ISO 15971 risk management process.
For those manufacturers ready to align with the ISO 14971, be aware of the existence of a complement guidance document, TR 24971:2020, to support the implementation of the ISO 14971. This guide notes that the FMEA is one of the tools that can be applied to support the risk management system (Annex B of the ISO TR 24971).
AKRN, experts in risk management
The novel regulations for medical devices and in-vitro medical devices (MDR and IVDR, respectively) oblige manufacturers to establish, document, implement and maintain a system for risk management to comply with the EU regulations.
AKRN specializes in EU MDR and IVDR regulatory consulting to assist manufacturers in fulfilling the requirements to place medical devices in the EU market, including risk management preparation and alignment with ISO 14971.
Subject Matter Experts

José Velazquez, M.Sc.
Quality Assurance Manager LinkedIn

Albert Negrete, Ph.D.
Regulatory Affairs Scientist LinkedIn