Preventive Action & FMEA

Welcome
Thank you for downloading our ‘Prevention & FMEA’ white paper which will help you to regard
Preventive Action as a useful tool to help assess business risks and not an exercise to keep the
auditor happy.

There is often debate about where corrective action ends, and where preventive action begins.

For instance, if a problem is detected in one process, are the actions taken to avoid possible
problems in other processes truly considered as being preventive actions, or are they simply
part of the corrective actions taken to fix the initial problem?

Don't be “side-tracked” by such arguments – life’s too short. Instead, focus on whether the
actions were effective.

If you want to know more about problem solving and investigative tools, the UK's National
Health Service Improvement Network has a comprehensive tool box

To your success!

Stephanie Keen

Managing Partner, ISO Navigator Management Systems

info@iso9001help.co.uk

www.iso9001help.co.uk

What is Preventive Action?

We naturally undertake Preventive Action in our private lives but it can be a difficult concept to
understand at work, probably because we tend to put out fires rather than prevent them. Let's
take the fire-fighter analogy a little further:

ƒ Your house is on fire. You dial 999 and the Fire Service duly arrives and puts out the
fire. This is Control of Non-conformance (ISO 9001 Para 8.3).

ƒ Subsequently, you ban smoking in your home, install smoke detectors and fire
extinguishers so that minor fires can be avoided or at least contained. This is Corrective
Action (ISO 9001 Para 8.5.2).

ƒ Fortunately, you had the foresight to buy adequate insurance to cover any losses. This
is Preventive Action (ISO 9001 Para 8.5.3).

ISO 9000:2005 Para 3.6.4 defines Preventive Action as “action to eliminate the cause of a
potential non-conformity or other undesirable potential situation”.

Don't be thrown by the word 'potential'. Physicists tell us that we live in a quantum universe,
every atom is constantly in flux: absolutely anything is possible.

However, because something is possible it does not mean that it is likely. You can only address
the problems (and potential problems) you know about and to try to detect the ones you don't.
 Preventive Action & FMEA

What is FMEA?
FMEA (Failure Mode and Effects Analysis) is a team-based activity to assess actual and
potential problems, assign a risk factor and decide a course of action. This method is used in
many industries such as automotive, medical device manufacturing, aerospace, and chemical
processing.

FMEA is not a specific ISO 9001 requirement, however this approach satisfies ISO 9001 Para
8.5.3 Preventive Action.

Overview
Every product or process is subject to different problems or "failure modes" and these potential
failures all have consequences or "effects". Failure mode and effects analysis (FMEA) is way
to:

ƒ Identify the potential failures and the associated relative risks in a product or process
ƒ Prioritise action plans to reduce those potential failures with the highest relative risk
ƒ Track and evaluate the results of those actions

The process for conducting an FMEA is straightforward. First, describe the product/process and
its function/purpose.

Then identify:

ƒ Failures: The manner in which a part, assembly, or system could potentially fail to meet
its requirements or fail to function. It is also what you may reject the item for.

ƒ Effects: The potential non-conformance stated in the terms of the process or product
performance.

ƒ Causes: The potential reasons behind the failure mode, usually stated as an indication
of a specific design or process weakness.

ƒ Severity: An intuitive assessment of the seriousness of the effect of the potential

failure as viewed from the perspective of the customer, your quality system or
government regulation.

ISO 9001 Procedural Requirements

ISO 9001:2000 Para 8.5.3 requires a documented procedure for preventive action, it must
define:

How you identify potential problems, and their causes

For example:

ƒ Trend analysis for process and product characteristics (see ISO 9001:2000 Para 8.4
data analysis). A worsening trend often prompts preventive action

ƒ Other early warnings of approaching "out-of-control" conditions.

ƒ Monitoring of customer satisfaction, both formally or informally

 Preventive Action & FMEA

ƒ Failure mode and effect analysis for processes and products (this technique is
commonly used by the automotive industry.

ƒ Evaluating problems that have occurred in similar circumstances, but in other products,
processes, or other parts of the business, or other organisations - see your trade press
for details.

ƒ Planning for both predictable situations (e.g. personnel changes – see also ISO 9001
Para 5.4.2) and for unpredictable situations (e.g. naturally disasters, terrorist threats,
etc.)

How you evaluate the need for preventive action

TOP TIP: Para 8.5.3 says that preventive actions must in proportion with the effect of the failure.

Methods used in the evaluation could include:

ƒ Some form of risk analysis

ƒ FMEA

NOTE: these methods are not requirements of ISO 9001

How you decide what action is required, and how it is implemented

An auditor will require evidence that:

ƒ You have analysed the causes of potential problems (use of cause and effect diagrams
and other quality tools may be appropriate for this). If you want to know more about
these tools, follow this link to the UK's National Health Service quality improvement site

ƒ The necessary actions have been taken, and in a timely manner

ƒ Personnel responsibilities for the above stages are clearly defined

How you record the results of the actions taken

ƒ What records are kept?

ƒ Are they a true reflection of the results?
ƒ Does their control satisfy ISO 9001 Para 4.2.4?

How you review the preventive actions taken

ƒ Were the actions effective?

ƒ Should we continue with the current preventive actions?
ƒ Have circumstances changed?
ƒ Is it necessary to plan new actions?

FMEA Method
Who should do it?

FMEA is typically conducted by small team of people, ideally each whom with a slightly different
view of the product or process under consideration. The variety of perspectives that a team can
bring to FMEA is what makes it so powerful.
 Preventive Action & FMEA

An individual will not be able to develop as comprehensive and valuable FMEA as a team can
produce. One-man FMEAs are typically done to satisfy customer requirements, and generally
contribute nothing to the business.

While the FMEA process is relatively straightforward it is essential that the target product or
process is well-defined so that the team doesn't go off at a tangent.

FMEA Step-by-Step
These steps can be worked through using Post-It notes, a whiteboard or a spreadsheet so you
may add, subtract and modify ideas as you go along.

1 Describe the product's function or the process's purpose

This helps simplify the process of analysis by identifying the product/process uses that
fall within the intended function and which fall outside.

It is important to consider both intentional and unintentional uses of product, as failure

may end in litigation, which is costly and time consuming

2 Develop a diagram/process map of the product/process

This should show the major components or process steps as blocks connected together
by lines that indicate how the components or steps are related. The diagram shows the
logical relationships of components and establishes a structure around which the FMEA
can be developed.

3 What are the potential failures?

This relates to ISO 9001 Para. 8.5.3 a)

A failure mode is defined as the manner in which a component, subsystem, system,

process, etc. could potentially fail. Examples of potential failures include:

ƒ Nuclear reactor melt-down

ƒ Electrical short
ƒ Delays
ƒ Deformation
ƒ Wrong billing address

Remember, a failure in one component can cause a failure in another component.

4 What are the effects of those failures?

This relates to ISO 9001 Para. 8.5.3 b)

For each failure identified, try to estimate what the ultimate effect will be.

A failure effect is defined as the result of a failure mode on the function of the
product/process as perceived by the customer. They should be described in terms of
what the customer might see or experience should the identified failure mode occur.
Keep in mind the internal as well as the external customer. Examples of failure effects
include:

ƒ Death or injury
ƒ Malfunction of the product or process
ƒ Improper appearance of the product or process
 Preventive Action & FMEA

ƒ Reduced performance
ƒ Minor cosmetic problem

5 What is the severity of the effect?

This also relates to ISO 9001 Para. 8.5.3 a)

A commonly used scale: 1 represents low effect; 10 indicates very severe with the
failure affecting system operation and safety without warning.

The intention is to help decide whether a failure would be classified as a minor nuisance
or a catastrophic occurrence to the customer.

6 What causes each failure?

This relates to ISO 9001 Para. 8.5.3 a, too)

A failure cause is defined as a weakness that may result in a failure.

The potential causes for each failure should be identified and documented. The causes
(not the symptoms) should be listed. Examples of potential causes include:

ƒ Corrosion
ƒ Contamination
ƒ Improper alignment
ƒ Excessive delays
ƒ Excessive voltage

7 How likely is it to occur?

This relates to ISO 9001 Para. 8.5.3 b)

A numerical estimate indicates the probability of the cause occurring.

A commonly used scale: 1 represents not likely, 10 indicates inevitable

8 What controls do we currently have in place?

This also relates to ISO 9001 Para. 8.5.3 b)

Current controls are the mechanisms that prevent the cause of the failure mode from
occurring or which detect the failure before it reaches the Customer.

Decide what testing, analysis, monitoring, and other techniques that can or have been
used on the same or similar products/processes to detect failures.

Each of these controls should be assessed to determine how well it is expected to

identify or detect failure modes. After a new product or process has been in use
previously undetected or unidentified failure modes may appear.

The FMEA should then be updated and plans made to address those failures to
eliminate them from the product/process

9 What is the likelihood of detecting the problem?

This relates to ISO 9001 Para. 8.5.3 b)

 Preventive Action & FMEA

Detection is an assessment of the likelihood that the current controls will either, detect
the cause of the failure or the failure itself, thus preventing it from reaching the
Customer. Based on the current controls, consider the likelihood of Detection.

A commonly used scale: 1 indicates that detection is very likely; 10 to indicates that the
problem will almost never be detected.

10 Calculate the Risk Priority Numbers (RPN)

This is the output of ISO 9001 Para. 8.5.3 b)

The Risk Priority Number is a mathematical product of the numerical Severity,

Probability, and Detection ratings:

RPN = (Severity) x (Probability) x (Detection)

The RPN is used to prioritise items than require additional action.

11 Address the biggest issues first

This relates to ISO 9001 Para 8.5.3 c).

Address potential failures that have a high RPN. Typically, the top 30% are targeted.

Actions could include:

ƒ Inspection or testing procedures

ƒ Selecting different components, materials or suppliers
ƒ Limiting environmental stresses or operating range
ƒ Redesign
ƒ Preventive maintenance
ƒ Back-up systems

12 Who is going to complete the action and when will be done?

This also relates to ISO 9001 Para 8.5.3 c & d)

Assign responsibility and target completion dates for the actions. This makes
responsibility clear-cut and helps tracking

13 Follow-up

This relates to ISO 9001 Para 8.5.3 d & e)

After these actions have been taken, re-assess the severity, probability and detection
and review the revised RPN's. Are any further actions required?

14 Update the FMEA

This relates to ISO 9001 Para 8.5.3 d & e)

ƒ If the design or process changes

ƒ or the assessment changes
ƒ or new information becomes known
 Preventive Action & FMEA

Example FMEA Worksheet

Responsibility
Product/ Potential Potential Potential Current Recommended
Severity Occurrence Detection RPN & completion
Process failure effect(s) cause(s) controls action(s)
date

The Main Reasons FMEAs Can Fail

ƒ Only one person is assigned to do the FMEA.

ƒ Not customising the three rating scales with company specific examples so that they
are meaningful to your company.

ƒ A design or process expert is either not included on the FMEA team or is allowed to
dominate the team.

ƒ Team members have not been properly trained in the use of FMEAs and become
frustrated with the process.

ƒ The team gets bogged down with minute details and losing sight of the overall
objective.

ƒ Rushing through the generation of potential failure modes, overlooking significant but
obscure failure modes.

ƒ Listing practically the same effect for every failure mode and not being specific (for
example "customer will be unhappy").

ƒ Stopping once the RPNs are calculated and not acting on the highest risk failures.

ƒ Not re-evaluating the RPNs once improvements have been made.