Why Two Methods?
HARA and DFMEA answer different questions about the same product:
- HARA asks: “What hazards can harm the patient, and how do we control them?” It is patient-safety-focused and regulatory-required by ISO 14971.
- DFMEA asks: “How can each function fail, and what is the priority for addressing failures?” It is engineering-focused and helps teams prioritize design improvements.
Neither method replaces the other. A hazard that scores as Acceptable in the HARA risk matrix might still have a high RPN in DFMEA if the failure is frequent and hard to detect. Conversely, a low-RPN failure mode might link to a catastrophic harm in HARA. Using both methods ensures comprehensive risk coverage.
Side-by-Side Comparison
| Aspect | HARA (ISO 14971) | DFMEA (AIAG VDA) |
|---|
| Central entity | Risk Record (riskRecord) | Failure Mode (failureMode) |
| Starting point | Use Steps (operational scenarios) | Functions (what the component does) |
| Risk model | P1 (hazard probability) x P2 (harm probability) bucketed, then combined with Severity in a 5x5 matrix | Severity x Occurrence x Detection = RPN (integer) |
| Risk classification | 3 levels: Acceptable, Investigation, Unacceptable | Color-coded RPN: green (1-10), amber (11-30), red (>30) |
| Severity scale | 5-level harm severity (Negligible to Catastrophic) | 5-level failure mode severity (Negligible to Critical) with distinct color coding |
| Hierarchy levels | 4: Use Step > Hazard > Hazardous Situation > Harm | 3: Function > Failure Mode > Cause |
| Benefit-risk | Yes — ISO 14971 Clause 7.2 decision tree | No |
| Document scope | Single HARA document (55 risk records) | 1 system-level + 6 subsystem-level DFMEA documents (114 failure modes total) |
How They Cross-Reference
The analyzedIn link role bridges the two methods:
Failure Mode (DFMEA) --[analyzedIn]--> Risk Record (HARA)
- Risk engineers can see which specific failure modes contribute to each harm scenario
- Design engineers can see the patient-safety impact of each failure mode
- Auditors can trace from either direction to verify completeness
Shared and Distinct Elements
Shared
- Harm catalog: Both HARA and DFMEA reference the same Standard Harms catalog (25 entries). The severity assigned to a harm in the catalog applies across both methods.
- Risk controls: The
mitigates link role connects risk controls to both risk records and failure modes. The Risk Control Plan serves both methods.
- System elements: Both methods are scoped by subsystem. DFMEA documents follow the SYS-001 / SUB-001..006 decomposition pattern.
Distinct
- Probability models: HARA uses P1 x P2 with bucketing (5 levels); DFMEA uses Occurrence and Detection as separate integer ratings (0-5 each).
- Human factors: DFMEA includes
perceptionError and cognitionError fields for usability-related failure analysis (aligned with IEC 62366). HARA does not have equivalent fields.
- Pre/post mitigation tracking: Both methods track pre and post-mitigation values, but HARA produces a risk classification while DFMEA produces an RPN integer.
When to Use Each Method
ISO 14971 requires HARA. DFMEA is supplementary but valuable for engineering teams. Begin your risk management process with HARA to satisfy regulatory requirements, then extend to DFMEA for deeper design analysis.
- HARA alone: Sufficient for ISO 14971 compliance. Required for all medical devices.
- HARA + system-level DFMEA: Adds engineering depth for the overall system. Recommended for complex devices.
- HARA + system + subsystem DFMEA: Full coverage. Each subsystem has its own DFMEA document scoped to its functions and components. Used in the reference Smart Infusion Pump configuration.
- HARA + DFMEA + PFMEA: Adds process failure analysis for manufacturing risk. The solution provides the PFMEA template (using
processStep work items) for this extension.
