How FMEAs Can Be the Cornerstone of ISO 2001:2015 Compliant Risk Based Quality Management System

There are several key differences between ISO/DIS 9001:2015 and its predecessors. One of the differences is the standard incorporates risk-based thinking in requirements for the establishment, implementation, maintenance and continual improvement of the quality management system. The Design Failure Modes and Effects Analysis (Design FMEA) and Process Failure Modes and Effects Analysis (Process FMEA) are two powerful processes for defining and managing risk within any quality management system.

This paper will show that the Design FMEA, Process FMEA and the tools which they are integrated with can be the foundation of a risk-based, fully compliant ISO/DIS 9001:2015 Quality Management System (QMS). For the FMEAs to fulfill their critical role in the QMS, they must be done correctly. The paper will identify common mistakes made when performing the two FMEA types that if made will severely inhibit the effectiveness of the FMEAs as well as the QMS.

Companies who have corrected the mistakes identified in the paper have experienced tremendous financial benefits with one major facility experiencing an average weekly cost savings of $144,000 per week after implementing the required changes in their FMEA processes for only nine months.

Risk has two components. The first component is the severity of harm experienced when an objectionable event when it occurs. The harm can take on many forms including financial loss or in the worst case bodily injury including death. The second component of risk is the probability of exposure to the individual harm types when the objectionable event occurs. Since there can be can be multiple consequences of an objectionable incident, there are often multiple severity of of the event occurring. Consequently, one can reduce the risk of a particular event by taking steps to mitigate the consequences when the event occurs or to reduce the probability of the event.

The ISO 9001:2015 standard provides numerous requirements targeted at the reduction of three sources of risk that companies’ face when attempting to design and manufacture products. These three sources of risk are:

1. Incomplete and/or incorrect definition of design inputs
2. Creation of design outputs that are inadequate to meet the design inputs
3. Manufacture of products that do not meet the design output specifications

Fortunately there are two processes that if used correctly can significantly reduce the risk due to the three sources identified as well as provide the foundation for a compliant ISO/DIS 9001:2015 Quality Management System. The two processes are the Design FMEA process and Process FMEA process.

One common misconception is that the Design FMEA process is a brainstorming activity to identify and prioritize failure modes. The “modern” Design FMEA process is a structured risk assessment of the adequacy of the Design Outputs in defining a product which will meet the Design Inputs. Although failure modes are identified during the process, the fundamental objective is to assess the risk of releasing a product which is manufactured to meet the Design Output requirements.

The most important column of the Design FMEA is the “Design Requirements” column (Figure 1). This column is used to capture the Design Inputs. If a company makes an error in defining the Design Inputs the mistake will not be known until the product is not purchased or the product is failing in the field. ISO 9001:2015 has sixteen requirements that are designed to assist in the proper definition of Design Inputs.

Proper definition of Design Inputs begins with understanding the intended use of the product. When investigating the intended use it is critical to include all requirements and not just those involving function. Some of the requirement types to be considered are:

1. Function
2. Safety
3. Regulatory
4. Environmental
5. Reliability
6. Ergonomic
7. Sensory
8. Manufacturability

In total, there are eighteen types of requirements that should be considered for inclusion while investigating the intended use. The results of the intended use investigation are critical in establishing the acceptance criteria for the Design Validation Plan that will be used in combination with the Design Verification Plan to assess the adequacy of the Design Outputs.

Once the intended use has been defined, a set of Design Inputs that the designer(s) will design to must be defined. When defining the Design Inputs it is important to recognize that some of the requirements defined during the intended use investigation might compete with each other, conflict with each other or are beyond the limits of current technology. There is a high likelihood that it will not be possible to define a set of Design Inputs that will define a product that will meet all the intended use requirements defined. The Design Inputs must be optimized to provide the best Risk/Benefit ratio for the customer. One of the best methods for accomplishing this task is the Requirements Risk Assessment™.

One common mistake made when performing Design FMEAs is to turn the first column of the Design FMEA into a bill of materials and then list the functions of each component in the first column. It is important to remember that the customer is purchasing what they believe the product will do for them and not the components that make up the product. If it were possible to create a product that met all the customers intended use requirements but only consisted of an empty enclosure there is a high likelihood the customer would have no problems with the product.

The second mistake that is becoming more common is the creation of too many DFMEAs for a single product. The DFMEA method that leads to this mistake begins with breaking the product down into structure elements consisting of the system, subsystems and components that make up the product. Individual DFMEAs are then created for each structure element.

Figure 2: Too Many DFMEAs for One Product

Figure 2 shows the fourteen DFMEAs that the methodology requires be created for an office chair “system” and its thirteen elements (four subassemblies and nine components). Each element DFMEA must have requirements defined for its first column.

There are many shortcomings to this approach including a tremendous reduction of efficiency of the DFMEA process by forcing the engineers performing the DFMEA to spend considerable time defining artificial requirements for subsystems and/or components that are already completely described at an adequate level of detail using dimensional and material specifications.

ISO 2001:2015 does not require the definition of design requirements for each of the subassemblies and components that make up a product. The standard requires only that the Design Outputs of the design process define a product which will meet the Design Inputs. For this reason, the number of DFMEAs should be based on the number of design groups involved in the design of the product so that each group can assess the adequacy of their Design Outputs in meeting their Design Inputs. The number of subsystems and components defined by the Design Outputs of each group should have no bearing on the number of DFMEAs required.

Once the Design Inputs are defined, it is important to define how the inputs can fail to be met and the consequences of not meeting them. A numerical value indicative of the level of harm due to the consequences is placed in the Severity (Sev) column (Figure 3).

The Failure Cause column of the Design FMEA describes the condition of the Design Output that if present can lead to the Design Input not being met. The Design Controls column contains the method(s) that will be used to verify the adequacy of the current Design Output in meeting the Design Input. The results of the performance of the Design Control(s) are used to determine the probability of exposure to harm due to the Design Input not being met because of the Design Output condition identified in the Failure Cause column. A rating corresponding to the probability is placed in the Occurrence Rating (Occ) column.

A common mistake made when performing the Design FMEA is to determine the Occurrence Rating based on the probability of the Cause and not the probability of the Failure Mode due to the cause. Unless the Failure Mode always occurs when the Cause is present, this mistake leads to an assignment of a risk level for the DFMEA Failure Mode/Cause combination that is too high.

With the Severity of harm due to the Failure Mode and the probability of the Failure Mode due to the Failure Cause defined, it is now possible to determine the potential risk described by the row of the Design FMEA. A Risk Table (Figure 5) is used to categorize the various levels of risk through the use of symbols. These symbols are placed in the Class column of the Design FMEA to indicate the risk due to the row of the Design FMEA. If a Severity and Occurrence combination has no symbol it means that the risk described by the combination is considered acceptable.

Figure 5: DFMEA Automotive Risk (Class Symbol) Table

The Risk Table is also used to develop a Risk Policy for the design and manufacture of the product. As an example, a company might take the position that they will not release a design for manufacture that has any rows of a Design FMEA with a “YC” (Safety Issue) class symbol which would indicate that an event affecting safety could occur when the product is manufactured to specification.

Risk Tables can take on different forms (i.e. numbers of rows and columns, symbol types). The previous Risk Table is used in the automotive industry.

The Risk Table in Figure 6 was used for determining Class Symbols for Design FMEAs covering both spinal implants and a late stage cancer treatment. Due to the differences between the products, the same Risk Table was used for Class Symbol determination but the Risk Policy on what was acceptable was considerably different since more risk is acceptable for cancer treatments than spinal implants since significantly more harm will occur if no action is taken for the cancer versus the spinal condition.