TGFR Consulting LLC After task analysis has identified the failure modes, the next step is the mapping of hazards to these failure modes, identifying the sequence of events, and identifying the hazardous situation(s). The following figure illustrates the overall flow.
Hazards
It is important to establish a common understanding of a hazard prior to mapping hazards, otherwise the risk management file might become inconsistent and probabilities of hazards and harms and thereby risks are inappropriately assessed. In this mapping the following definition is applied
The hazard is the last element in a causal chain previous to the hazardous situation.
From the review of the failure modes, hazards can be identified. Hazards should be broken down into the following categories using Annex C of ISO 14971:2019
| Hazard Types | Examples |
| Energy | Acoustic (loudness) Electric Energy (e.g. leakage current, magnetic fields, voltage) Mechanical Energy Radiation Energy |
| Biologic and Chemicals | Biological Agents (e.g. bacteria, toxins, and viruses) Chemical Agents (e.g. caustic or toxic materials) |
| Performance | Data Errors (e.g. confidentiality and integrity) Delivery Errors Incorrect Therapy |
The key is to identify those hazards that easily map to the failure modes and can lead to harm. A single failure mode may lead to any number of hazards.
While ISO 14971 and other documents may point to process and design failure modes, the process presented here focuses on the failures occurring during use. Design failures are addressed when in response to a device failure. Further, the generalized risk controls associated with a design failure are usually not actionable during the development of the device.
The Sequence of Events
The sequence of events maps the translation of the hazard to a hazardous situation. Task analysis identifies the sequences leading to the failure and hazard, but the sequence of events here identifies the events leading to the hazardous situation. This distinction becomes important when establishing the probability of the hazardous situation. Breaking down the probability of any hazardous situation (P1), this following equation applies
As an example, the probability of a system presenting an incorrect image to a clinician is the probability of the failure mode, λi. The probability of the clinician using the incorrect image, βi, is the probability that the sequence of events that leads to the clinician specify an incorrect therapy. Separating the sequence of events to those actions after the hazard occurs leads to better risk controls where the risk control can focus on the failure mode or the sequence of events.
Hazardous Situations
The hazardous situation is the actual circumstance in which people, property or the environment are exposed to a harm. A good way to understand a hazardous situation is to understand that from the hazardous situation, some harm will happen. While it is not required, standardizing the hazardous situations leads consistent mapping of harms and the probabilities (P2) for the therapy. As an Example, standardizing hazardous situations for the delivery of a drug by a device leads to the following standardized hazardous situations
Standardized Hazardous Situation Example
| Hazard | Hazardous Situation | Harms |
| Over delivery of medication | Over delivery by less than 10% | Negligible severity harm is the usually associated with the small over delivery |
| Over delivery of medication | Over delivery by greater than 10% | Serious severity of harm may be associated with the more significant over delivery |
To properly develop hazardous situations, an extensive review of the possible harms associated with different hazards needs to be undertaken.
To characterize hazardous situations, harms are mapped to the hazards. The mapping must consider that a single hazard may result multiple harms. To begin this mapping, the harm severity levels need to be established. The following table is an example of the harm severity levels
Severity Levels
| Severity of Harm | Description |
| Catastrophic | Results in patient death |
| Critical | Results in permanent impairment or life- threatening injury |
| Serious | Results in injury or impairment requiring professional medical intervention |
| Minor | Results in temporary injury or impairment not requiring professional medical intervention |
| Negligible | Little or no injury |
Next, hazards are mapped to harms and the distribution of the severity established. As an example, over delivery may result in several harms, with each harm will having an associated distribution of severity. The following table shows the linking of harms severity distributions to a specific hazard
Hazard to Harms
In this case the sum of probabilities across all the severities is one, that is, the distribution of probability for a given hazard against the severities must sum to 1.
The harm likelihood in the table identifies how likely each harm is for a given hazard. Again, the probability of all harms must sum to 1
Returning to the definition of hazardous situations, the examination of the harms for a hazard can lead to breaking out into different hazardous situations to segregate harms. If a harm associated with a hazard has a significantly different severity profile, breaking it out to a separate standardized hazardous situation will help when the reviewing and developing the device risk profile.
Completing the Mapping
Following the identification of the mapping of failures to hazards and then to hazardous situations, a complete hazard analysis can be constructed. The following shows this structure
Hazardous Situation Mapping
| Failure Mode | Hazard | Sequence of Events | Hazardous Situations |
| The failure mode from the task analysis | A hazard from the hazard list | The sequence of events from hazard to hazardous situation | The standardized hazardous situation |
Each failure mode may map to multiple hazards, which may map to multiple sequence of events, which in turn maps to multiple hazardous situations.
With this mapping we are ready to move on to identifying risk controls
Further Reading
| Topic | Reference |
| Risk Analysis | BS EN ISO 14971:2019 Medical Devices – Application of risk management to medical devices |