Using FMEA to Manage Risk Under ISO 13485

While the newest revision of ISO 13485 does not embrace the same high-level structure (Annex L) as many of the other recent ISO quality management standards, it is very oriented toward the “application of risk management to medical devices.” This is accomplished both within the ISO 13485:2016 clause structure and through an older, but still relevant standard known as ISO 14971, which delves deeper into commitments, policies, criteria and assessments for medical device risk management.  FMEA has emerged as a valuable tool for meeting both of these standards’ active risk anticipation and response requirements.

Jump to Section:

What is FMEA?

FMEA stands for Failure Mode Engineering Analysis. FMEA is a type of risk assessment that uses a step-by-step approach to identify potential failures in a design, process or a product or service. This identification allows for analysis to prevent or reduce future failures. “Failure modes” refers to the ways in which something can fail. “Effects analysis” refers to the scrutinizing of the consequences of each of those failures. FMEA is a preventative action, meant to be implemented before a process or product is designed, modified or applied in a new way. It’s also wise to use FMEA periodically throughout the life of a product, process or service.

What Does FMEA Accomplish?

FMEA helps companies identify and prioritize failures according to how serious their consequences are, their frequency, and the ease with which they can be detected. The purpose of conducting FMEA is to take action to reduce or eliminate each potential failure. FMEA documents existing knowledge and actions companies are already using in their continuous improvement process and can be used to prevent potential failures with future processes and products. The results of a risk analysis are documented in an FMEA worksheet where they are used to help plan preventative measures, resulting in the production of safer medical devices.

Resources for interpreting and documenting risks:

The implementation of FMEA could have a dramatic impact on the medical device industry with the prevention of patient morbidity and mortality, and more efficient continuous development of products and processes.

Where FMEA Can be Applied…

FMEA can be applied to other specific areas such as testing/evaluating concepts, improving in-field reliability, software functioning and security, hazard analysis, human factors and service-based analysis, business processes and more.

(See FMEA courses available for only $99 for a full 5-hour course)


There are three major types of FMEAs:

System FMEAs look at the more expansive processes and sub-processes that make up any system and their interactions. These can include interactions as well as specific areas and instances of failures. For example, a system FMEA might examine the entire procurement process including those items which are custom vs. generic, how they are specified, how sources are collected and evaluated, how compliance to specifications are ensured and so forth.
Design FMEAs focus on functioning of specific products, with the goal of improvement of the finished good in terms of reliability, safety, functioning, user interface, etc.
Process FMEAs are focused on the creation or assembly actions in producing a good or service with the goal of wringing out more efficiency in the process (i.e. lowering the cost and increasing the level of quality), and often making the process easier to support and proliferate within the organization.

FMEA Examples

As denoted in the name, failure modes and effects are the outputs of this type of analysis. The following chart lists some examples of failure modes using a bicycle as the “system” being analyzed.

Source: Effective FMEAs by Carl Carlson, John Wiley and Sons, publisher.

Similarly, the effects of this type of analysis are used to anticipate the effect of a given failure. Here’s an example of analyzing one failure mode for a medical device component – in this case a catheter used in an angioplasty procedure to expand a narrow or blocked blood vessel.


Angioplasty catheter


Balloon-tipped catheter is inserted into narrowing or blocked vascular element such as a vein, artery or capillary, to expand the vascular structure to increase flow, often prior to application of a stent.

Failure Mode:

Balloon fails to inflate

Effect 1 (Clinical Harm)

The procedure cannot be performed causing delays, unnecessary patient preparation and provider costs.

Effect 2 (Clinical Harm)

Non-functioning device needs replacement with functional device

Effect 3 (Clinical Harm)

Potential spasm in the blood vessel leading to constriction and difficulty removing device

Effect 4 (Clinical Harm)

 Increased soreness at catheter insertion site, or increased chance of infection due to multiple shaft tube/balloon assembly insertions

Typical FMEA Steps

FMEA is a living document that can be constructed, adapted and modified in a variety of different ways. Below is a summary of the steps included in an FMEA analysis:

  1. Select a process to analyze.
  2. Identify individuals from all departments with specific knowledge of processes, products and client needs to brainstorm potential failure modes.
  3. Describe the process and/or product in detail.
  4. Identify all potential failures. This includes all of the components, systems, processes and functions that could potentially fail to meet the quality or reliability standard and the potential causes.
  5. Identify all the potential consequences of each failure.
  6. Assign a severity rating (S) to each failure according to the significance of the impact it has. Severity is often ranked on a scale from 1 to 10, one being insignificant and 10 being catastrophic.
  7. Identify all possible root causes of each failure. Some companies use cause analysis tools in addition to the knowledge and experience of their staff.
  8. Assign each cause an occurrence rating (O). This is often rated on a scale of 1 to 10, with 1 being rare and 10 being inevitable.
  9. For each cause, identify current process controls that are in place to prevent these failures from impacting customers.
  10. For each control, assign a detection rating (D) to determine how well the controls are able to detect the cause or failure mode once they have occurred, but before a customer is affected. This is typically rated on a scale of 1 to 10, with 1 meaning the problem will be detected with absolute certainty and 10 meaning the control will most likely never detect the problem.
  11. Determine a risk priority number (RPN) based on the rankings (SxOxD) for each potential failure and rank them.
  12. Plan and implement changes to address the failures based on the RPN identifications.
  13. Measure and document the success of each process change.

Continuous improvement is a key element of the FMEA process in recording observed data and results regarding the potential for, and actual, failures. This process can be used as an input for the continuous improvement mandated by ISO 13485.


FMEA Resources

FMEA SBS Software

FMEA database software can help companies easily manage the FMEA process. Sunday Business Systems’ FMEA software makes it easy to develop an efficient Quality Management System (QMS) and implement risk-based thinking required by ISO 13485. This collaborative, intuitive program helps companies identify and address failure modes and visualize data from each FMEA analysis.


Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for registration – in one simple to use package.

Customer Review:

"I have just passed my ISO Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

Buy the Standard

13485 Store Logo ISO 13485