ISO 9000:2000 -
Preventive Action & FMEA

 

What is Preventive Action ?

We naturally undertake Preventive Action in our private lives but it can be a difficult concept to understand at work - probably because we tend to put out fires rather than prevent them.

Let's take the fire-fighter analogy a little further:

● Your house is on fire. You phone Emergency and the Fire Service duly arrive and put out the fire. This is Control of Non-conformance (ISO 9001 Para 8.3).

● Subsequently, you ban smoking, install smoke detectors and fire extinguishers so that minor fires can be avoided or at least contained. This is Corrective Action (ISO 9001 Para 8.5.2).

● Fortunately, you had the foresight to buy adequate insurance to cover any losses. This is Preventive Action (ISO 9001 Para 8.5.3).

ISO 9000:2000 Para 3.6.4 defines Preventive Action as “action to eliminate the cause of a potential nonconformity or other undesirable potential situation”.

Don't be thrown by the word 'potential'. Physicists tell us that we live in a quantum universe, every atom is constantly in flux: absolutely anything is possible.

However, because something is possible it does not mean that it is likely. You can only address the problems (and potential problems) you know about and try to detect the ones you don't.

What is FMEA ?

FMEA (failure mode and effects analysis) is a team-based activity to assess actual and potential problems, assign a risk factor and decide a course of action. This method is used in many industries such as automotive, medical device manufacturing, aerospace, and chemical processing.

FMEA is not a specific ISO 9001 requirement, however this approach satisfies ISO 9001 Para 8.5.3 Preventive Action.

Overview

Every product or process is subject to different problems or "failure modes" and these potential failures all have consequences or "effects".  A failure mode and effects analysis (FMEA) is way to:

  • Identify the potential failures and the associated relative risks in a product or process
  • Prioritise action plans to reduce those potential failures with the highest relative risk, and
  • Track and evaluate the results of those actions.

The process for conducting an FMEA is straightforward:

First, describe the product/process and its function/purpose

Then identify:

  • Failures - The manner in which a part, assembly, or system could potentially fail to meet its requirements or fail to function. It is also what you may reject the item for.

  • Effects - The potential non-conformance stated in the terms of the process or product performance.

  • Causes - The potential reasons behind a failure mode, usually stated as an indication of a specific design or process weakness.

  • Severity - An intuitive assessment of the seriousness of the effect of the potential failure as viewed from the perspective of the customer, your quality system or government regulation.

    •

    ISO 9001 Procedural Requirements

    ISO 9001:2000 Para 8.5.3 requires a documented procedure for preventive action, it must define:

    a) How you identify potential problems, and their causes.

    For example:

    • Trend analysis for process and product characteristics (see ISO 9001:2000 Para 8.4 data analysis). A worsening trend often prompts preventive action
    • Other early warnings of approaching "out-of-control" conditions.
    • Monitoring of customer satisfaction, both formally or informally
    • Failure mode and effect analysis for processes and products (this technique is commonly used by the automotive industry.
    • Evaluating problems that have occurred in similar circumstances, but in other products, processes, or other parts of the business, or other organisations - see your trade press for details.
    • Planning for both predictable situations (e.g. personnel changes – see also ISO 9001 Para 5.4.2) and for unpredictable situations (e.g. naturally disasters, terrorist threats, etc.)
    • ISO 9004:2000 Para. 8.5.3 Loss Prevention suggests other examples. 

    b) How you evaluate the need for preventive action.

    TOP TIP Para 8.5.3 says that preventive actions must in proportion with the effect of the failure.

    Methods used in the evaluation could include:

    • Some form of risk analysis
    • FMEA

    NOTE: these methods are not requirements of ISO 9001

    c) How you decide what action is required, and how it is implemented.

    An auditor will require evidence that:

    • you have analysed the causes of potential problems (use of cause and effect diagrams and other quality tools may be appropriate for this). If you want to know more about these tools, follow this link to the UK's National Health Service quality improvement site
    • the necessary actions have been taken, and in a timely manner
    • personnel responsibilities for the above stages are clearly defined.

    d) Record the results of the actions taken

    • What records are kept?
    • Are they a true reflection of the results?
    • Does their control satisfy ISO 9001 Para 4.2.4?

    e) You must review the preventive actions taken

    • Were the actions effective?
    • Should we continue with the current preventive actions?
    • Have circumstances changed? 
    • Is it necessary to plan new actions?

    FMEA Method

    Who should do it ?

    FMEAs are typically conducted by small team of people, ideally each whom with a slightly different view of the product or process under consideration. 

    The variety of perspectives that a team can bring to an FMEA is what makes them so powerful

    An individual will not be able to develop as comprehensive and valuable FMEA as a team can produce.  One-man FMEAs are typically done to satisfy customer requirements, and generally contribute nothing to the business. 

    While the FMEA process is relatively straightforward it is essential that the target product or process is well-defined so that the team doesn't go off at a tangent.

    Step-by-step

    These steps can be worked through using Post-It notes, a whiteboard or a spreadsheet so you may add, subtract and modify ideas as you go along.

    1 Describe the product's function or the process's purpose

    This helps simplify the process of analysis by identifying the product/process uses that fall within the intended function and which fall outside.

    It is important to consider both intentional and unintentional uses of product, as failure may end in litigation, which is costly and time consuming

    2 Develop a diagram/process map of the product/process

    This should show the major components or process steps as blocks connected together by lines that indicate how the components or steps are related. The diagram shows the logical relationships of components and establishes a structure around which the FMEA can be developed.

    3 What are the potential failures?

    This relates to ISO 9001 Para. 8.5.3 a).

    A failure mode is defined as the manner in which a component, subsystem, system, process, etc. could potentially fail. Examples of potential failures include:

    • Nuclear reactor melt-down
    • Electrical short
    • Delays
    • Deformation
    • Wrong billing address

    Remember, a failure in one component can cause a failure in another component.

    4 What is the effects of those failures?

    This relates to ISO 9001 Para. 8.5.3 b).

    For each failure identified, try to estimate what the ultimate effect will be.

    A failure effect is defined as the result of a failure mode on the function of the product/process as perceived by the customer. They should be described in terms of what the customer might see or experience should the identified failure mode occur. Keep in mind the internal as well as the external customer. Examples of failure effects include:

    • Death or injury
    • Malfunction of the product or process
    • Improper appearance of the product or process
    • Reduced performance
    • Minor cosmetic problem

    5 What is the severity of the effect?

    This also relates to ISO 9001 Para. 8.5.3 a).

    A commonly used scale: 1 represents low effect; 10 indicates very severe with failure affecting system operation and safety without warning.

    The intention is to help decide whether a failure would be a minor nuisance or a catastrophic occurrence to the customer.

    6 What causes each failure?

    This relates to ISO 9001 Para. 8.5.3 a, too).

    A failure cause is defined as a weakness that may result in a failure.

    The potential causes for each failure should be identified and documented. The causes (not the symptoms) should be listed. Examples of potential causes include:

    • Corrosion
    • Contamination
    • Improper alignment
    • Excessive delays
    • Excessive voltage

    7 How likely is it to occur?

     

    This relates to ISO 9001 Para. 8.5.3 b).

     

    A numerical estimate indicates the probability of the cause occurring.

     

    A commonly used scale:  1 represents not likely, 10 indicates inevitable

     

    8 What controls do we currently have in place?

     

    This also relates to ISO 9001 Para. 8.5.3 b).

     

    Current controls are the mechanisms that prevent the cause of the failure mode from occurring or which detect the failure before it reaches the Customer.

     

    Decide what testing, analysis, monitoring, and other techniques that can or have been used on the same or similar products/processes to detect failures.

     

    Each of these controls should be assessed to determine how well it is expected to identify or detect failure modes. After a new product or process has been in use previously undetected or unidentified failure modes may appear.

     

    The FMEA should then be updated and plans made to address those failures to eliminate them from the product/process

     

    9 What is the likelihood of detecting the problem?

     

    This relates to ISO 9001 Para. 8.5.3 b).

     

    Detection is an assessment of the likelihood that the current controls will either

    • detect the cause of the failure

    • or the failure itself

    thus preventing it from reaching the Customer. Based on the current controls, consider the likelihood of Detection.

     

    A commonly used scale: 1 indicates that detection is very likely; 10 to indicates that the problem will almost never be detected.

     

    10 Calculate the Risk Priority Numbers (RPN)

     

    This is the output of ISO 9001 Para. 8.5.3 b).

     

    The Risk Priority Number is a mathematical product of the numerical Severity, Probability, and Detection ratings:


             RPN = (Severity) x (Probability) x (Detection)


    The RPN is used to prioritise items than require additional action.

     

    11 Address the biggest issues first

     

    This relates to ISO 9001 Para 8.5.3 c).

     

    Address potential failures that have a high RPN. Typically, the top 30% are targeted.

     

    Actions could include:

    • inspection or testing procedures

    • selecting different components, materials or suppliers

    • limiting environmental stresses or operating range

    • redesign

    • preventive maintenance

    • back-up systems

    12 Who is going to complete the action and when will be done?

     

    This also relates to ISO 9001 Para 8.5.3 c & d).

     

    Assign Responsibility and a Target Completion Date for these actions.

     

    This makes responsibility clear-cut and helps tracking

     

    13 Follow-up

     

    This relates to ISO 9001 Para 8.5.3 d & e).

     

    After these actions have been taken, re-assess the severity, probability and detection and review the revised RPN's. Are any further actions required?

     

    14 Update the FMEA

     

    This relates to ISO 9001 Para 8.5.3 d & e).

    • If the design or process changes

    • or the assessment changes

    • or new information becomes known

    FMEA Example Worksheet

     

     Product/ Process  Potential failure Potential effect(s) Severity Potential cause(s) Occurrence Current controls Detection RPN Recommended action(s) Responsibility & completion date
     

     

     

     

     

     

     

     

     

     

     

     

     

     

    		                    

     

    The main reasons FMEAs fail

    • Only one person is assigned to do the FMEA. 

    • Not customising the three rating scales with company specific examples so that they are meaningful to your company. 

    • A design or process expert is either not included on the FMEA team or is allowed to dominate the team. 

    • Team members have not been properly trained in the use of FMEAs and become frustrated with the process. 

    • The team gets bogged down with minute details and losing sight of the overall objective. 

    • Rushing through the generation of potential failure modes, overlooking significant but obscure failure modes. 

    • Listing practically the same effect for every failure mode and not being specific (for example "customer will be unhappy").

    • Stopping once the RPNs are calculated and not acting on the highest risk failures. 

    • Not re-evaluating the RPNs once improvements have been made.

     

    Final Thoughts

    There is often debate about where corrective action ends, and where preventive action begins.

    For instance, if a problem is detected in one process, are the actions taken to avoid possible problems in other processes truly preventive actions?

    Or are they simply part of the corrective actions taken to fix the initial problem?

    Don't be “side-tracked” by such arguments - life is too short. Instead, concentrate on whether the actions were effective.

    Try to regard Preventive Action as a useful tool to help assess business risks - not just an exercise the keep the auditor happy.

    Follow this link to the ISO 9001 Audit Practices Group and learn more about modern audit techniques.

    If you want to know more about problem solving and investigative tools, the UK's National Health Service Improvement Network has a comprehensive tool box

    The leading UK Certification Bodies NQA and Lloyds Register Quality Assurance both provide free, and useful information on 21st Century quality thinking.

    Best Regards, 

    Stephanie Keen

    Stephanie Keen

    Managing Partner
    ISONavigator Management Systems

    E-mail info@iso9001help.co.uk  

    Web http://www.iso9001help.co.uk 

    p.s. click here to Order CD 9000 or QM 9001

    p.p.s. e-mail for our ISO 9000 tips

    Customer satisfaction - how useful was this paper? Please give us some feedback

     


    IMPORTANT NOTICE

    If you wish to opt-out and not receive further e-mails please Reply to this message and change subject line to “Unsubscribe”. This e-mail and any attachments are private and confidential and may also be subject to legal privilege. If you are not the named recipient, please notify the sender and destroy the e-mail and any attachments. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination and other use of this information by persons or entities other than the intended recipient is prohibited. This e-mail has been scanned for malicious content but the internet is inherently insecure and ISONavigator cannot accept any liability for the integrity of this message or its attachments. Although this e-mail and any attachments will have been checked for viruses before transmission, no warranty or guarantee can be given that the e-mail is virus-free. All e-mails sent and received by us are monitored to ensure compliance with the Company's Computer Policy. While every effort is made to ensure the accuracy of the information provided, you are solely responsible for deciding its relevance and applicability given your unique business situation. No liability is accepted if you choose to act upon this information. The use of ISO 9004 is strongly recommended