Hazard Analysis Basics
← Return to FAQWhat is a Hazard Analysis?
A Hazard Analysis (HA) is a systematic identification of foreseeable hazards, hazardous situations, and harms associated with a medical device, with an estimate of risk for each. It is the foundational artifact of an ISO 14971 risk management file and is required by FDA and Notified Bodies.
How does a Hazard Analysis differ from an FMEA?
A Hazard Analysis enumerates hazards starting from the patient or user harm and traces back to the device. A Failure Mode and Effects Analysis (FMEA) starts from component or process failure modes and traces forward to effects. Both are valuable; ISO 14971 requires the HA, not the FMEA. HA is a top-down analysis while FMEA is bottom-up analysis.
What is a hazard versus a hazardous situation versus a harm?
A hazard is a potential source of harm (for example, electrical energy). A hazardous situation is a circumstance in which the user or patient is exposed to the hazard (for example, an exposed conductor during defibrillation). A harm is the physical injury or damage to property (for example, electrical burn or an equipment fire).
What is the difference between a Normal Condition and a Fault Condition?
A Normal Condition is the device operating as designed without component failures. A Fault Condition is a single-component failure or single-fault state that the safety analysis must consider. ISO 14971 requires both to be evaluated. rmForge enforces a strict N versus F separation: every row is one or the other, never both.
What does the rmForge HA Agent actually do?
It reads your inputs, builds a list of enumerated hazards using a controlled vocabulary (energy, biological and chemical, performance, information,), foreseeable sequence of events, hazardous situations, and assigns severity and probability per established categorical scales, looks up Risk Level from a four-band matrix, and traces every row to risk control measures..
How many hazard rows should I expect?
Typical Class II devices produce 30 to 120 hazard rows. Class I devices may produce fewer; Class III implantables can exceed 200. rmForge does not pad rows to hit a quota; the count is driven by what your IFU and design inputs imply.
What is "Po" in rmForge?
Po is the combined probability of occurrence, computed by looking up p1 (probability the hazardous situation arises) and p2 (probability the situation leads to harm) on a combined-probability table. Po is a categorical band, not a numeric score.
What is Risk Level in rmForge?
Risk Level is the categorical output of the Severity by Po lookup. It has four bands: Negligible, Acceptable, Tolerable, and Intolerable. ISO 14971 requires this banding to drive risk-control decisions.
Why doesn't rmForge multiply Severity times Probability to get RPN?
Ordinal multiplication of severity by probability is widely critiqued in the risk literature. A row with high severity and low probability presents a different real-world risk profile than a row with low severity and high probability, even when the numeric product is identical. rmForge follows a table-based categorical lookup approach rather than producing a synthetic numeric RPN.
What is an "intended use" versus "non-intended use" hazard?
Intended use hazards arise during the use described in the IFU. Non-intended use hazards arise from reasonably foreseeable misuse. ISO 14971 requires both. rmForge categorizes every row's use classification accordingly.
What is the four-band Risk Level matrix?
Negligible, Acceptable, Tolerable, Intolerable. Defined as a function of Severity (S1 through S5) and Po (P1 through P5). Intolerable rows require a risk control that demonstrably reduces the residual risk.
Does rmForge consider Essential Performance?
Yes, for medical electrical (ME) equipment per IEC 60601-1. The Essential Performance (EP) agent activates when the wizard identifies the device as ME and performs a structured preparation and assessment sequence aligned with IEC 60601-1.
How does rmForge handle the IFU when it is incomplete?
When the analysis encounters a gap (missing clinical function declaration, missing performance limit, ambiguous Basic Safety boundary), it emits a clarification query, checkpoints the pipeline, you respond in the in-app chat, and the analysis resumes.
Can rmForge create a Hazard List from scratch with no inputs?
No. rmForge needs at least the Wizard questions answered, which are adapted from ISO TR 24971.
What is the sequence of events that leads to a harm?
rmForge models the sequence as up to four steps from initiating cause to a hazardous situation and then a harm. The cause is one of Design, Hardware, Software, Process, Packaging, Labeling, User. The sequence is captured in the HA row.
What hazard categories does rmForge use?
Three top-level categories: energy, biological and chemical, and performance including information and security. Aligned with ISO 14971 Annex C examples.
What is a Risk Control Measure (RCM)?
A requirement (design input), implementation (design output), and verification (design verification and validation including process validation as appropriate) of a design or its processes that reduces the probability of occurrence, the severity, or both. rmForge proposes specific RCMs per row; ISO 14971 requires that the RCM rationale be traceable.
What is a "revised harm" column?
After applying a risk control, the residual risk may correspond to a different harm than the original (for example, a fail-safe reverts the device to a lower-energy mode). The revised harm column captures the harm after the risk control is applied.
Does rmForge generate the entire risk management file?
No. rmForge generates the Hazard Analysis workbook and the customer acknowledgment form.
Where do the rmForge HA rules come from?
rmForge rules are documented internally and traceable to ISO 14971 and the related IEC, ISO consensus standards, and FDA guidance and regulations. The rule set is version-controlled, and the version in effect is recorded with each analysis.