Stronger risk management with FMEA and risk analysis
Speed meets precision:
Detect and control risks early.
Dr. David Wohlfart
Compliance Specialist / Consultant
Risk Management and Quality Assurance in Medical Technology
In medical technology and related fields such as biotechnology and the pharmaceutical industry, systematic risk management is essential. The consistent application of established risk management tools is critical to reliably meeting safety, quality and compliance requirements.
Risk analyses in accordance with ISO 14971 allow a targeted focus on critical aspects in development and production, with the goal of minimising effort and identifying potential sources of error at an early stage.
Best Practices
We consistently integrate risk management into our development processes to increase efficiency and align production facilities with GMP requirements in the best possible way.
The precise application of risk analysis methods is crucial. Even basic terms such as “hazard”, “sequence of events”, “hazardous situation” and “harm” must be defined correctly and interpreted appropriately in their specific context.
A well designed risk management process reduces documentation workload, increases efficiency and ensures product quality. This is achieved, for example, by the targeted evaluation of concepts such as Critical Quality Attributes and Critical Process Parameters. When relocating qualified GMP facilities we lower validation efforts with a relocation risk analysis and, if desired, take on project management even in time critical transfers. In addition, we derive suitable User Requirement Specifications and process parameters from Component Requirement Specifications. Our consultants combine deep GMP expertise with a risk based approach to systematically optimise development and production processes.
Preliminary Hazard Analysis and the evaluation of post market data allow early identification of potential hazards and harmful events. In client projects we first visualise relevant processes and prepare targeted workshops. The PHA evaluates the probability of occurrence and possible severity of injuries or health impacts and often triggers early improvements in product development. We also use Fault Tree Analysis to capture causes and correlations. With experience and structured facilitation we support teams in comprehensively identifying and safely managing risks.
For technically simple products we recommend moving straight to Design FMEA after the Preliminary Hazard Analysis. For more complex medical technology products or GMP facilities a preceding Functional Risk Analysis is advisable to identify hazardous functions and reduce overall effort. System FMEA also plays a central role in audits as it provides a structured view of safety relevant components. We support with prepared workshops and ensure consistent use of the methods across the team within risk based safety evidence according to MDR Annex I.
With two decades of experience in tailored risk management processes, plans and analyses the GRÜNEWALD team has built proven best practices. Using structured checklists we efficiently compare existing processes with recognised standards and identify targeted improvement opportunities. On request we also review risk files from the point of view of a Notified Body or the FDA and provide concrete guidance on gaps or deviations. We work closely with product management, development and application specialists to ensure effective and audit ready risk management.
Software Classification and Validation
Secure and validated software systems are essential for digitalisation in medical technology. Medical device software and health apps are subject to MDR and IVDR requirements. Digital systems such as ERP or QM software must also be validated if they control quality relevant or product relevant processes.
The regulatory foundations include:
- ISO 13485 and EU GMP, for example Annex 11
- EN 62304 for the software life cycle
- EN 82304 1 for health software
- ISO TR 80002 2 for software validation
- FDA requirements, 21 CFR Part 11 and 820
- Cybersecurity and data protection requirements
Validation of computerised systems is legally required before commissioning and after relevant changes. Planning, implementation and documentation are complex and resource intensive.
GRÜNEWALD supports with practical strategies, risk based validation plans and validation compliant documentation that is efficient, audit ready and aligned with GAMP 5 and international standards.
Computer System Validation
CSV is a focal point for auditors and inspectors and must be integrated into pharmaceutical quality systems and QM systems. Our consultants start with an inventory of systems in use, define validation scope and safety classes and create structured validation master plans that are efficient, transparent and risk based. With our Lean GMP CSV checklist we reduce effort and keep result quality high, including for MES solutions and digital production systems.
Software Safety Classification
The EU regulations MDR 2017 745 and IVDR 2017 746 require precise classification and documentation of software components. GRÜNEWALD helps implement these requirements in a legally compliant and efficient way so that market access in the EU remains secure.
Interoperability and Data Protection
The integration of IT systems into medical devices supports healthcare professionals and raises efficiency. With the Internet of Medical Things and embedded web servers, real value is created and new risks must be addressed.
- User stories and stakeholder requirements
- Lean risk files to cover interface and IT risks
- Use of ISO 14971 for connected systems and data transfers
Data, System and Cybersecurity
Cybersecurity is essential. MDR, IVDR and ISO 14971 in the third edition define clear requirements for data security and system related risks.
- Implementation of GDPR in medical technology contexts
- Systematic risk assessment aligned with ISO and EU requirements
- Support to integrate data protection and IT security into development processes
Your Direct Contact
I am happy to assist you personally.