ABC’sofImplementingRiskBasedThinking
RichardA.Harpster,PE–Harpco®Systems
ASQ World Conference – Session W16 – May 2, 2018 Copyright© 2018 Harpco Systems, Inc. All Rights Reserved. May not be duplicated in any form without written permission.
! WhatIsRiskandHowIsItReduced! DefinitionofRisk-BasedThinking! StandardRequirementsforRisk-basedThinking
! ISO9001:2015! IATF16949:2016! ISO13485:2016
! SevenKeyElementsofRiskManagement! CommonRiskManagementToolsUsedandMistakesMadeWhen
Using! DesignFailureModesEffectsAnalysis(DesignFMEA)! ProcessFailureModesEffectsAnalysis(ProcessFMEA)
! WhatSourcesofRiskMustBeWorkedOn! HowMuchRiskIsAcceptable! Risk-BasedThinkingImplementationExample! Risk-BasedThinkingandPlan-Do-CheckAct
PresentationOverview
! TwoComponentsofRisk! HowRiskIsReduced
WhatIsRiskandHowIsItReduced?
! Risk-basedthinkingenablesanorganizationtodeterminethefactorsthatcouldcauseitsprocessesanditsqualitymanagementsystemtodeviatefromtheplannedresults,toputinplacepreventivecontrolstominimizenegativeeffectsandtomakemaximumuseofopportunitiesastheyarise(ISO9001:201501.d).
! Risk-basedthinkingallowscompaniestooptimizetheuseoftheiravailableresourcesthroughrisk-basedtargeting.
DefinitionofRisk-basedThinking
ISO9001:2015RequirementsforRisk-basedThinking! Thestandardinnon-prescriptiveonwhererisk-basedthinkingmustbeapplied(4.4.1).
! OrganizationmustdetermineprocessesrequiredforQMS(4.4.1).! Organizationshalldetermineinputs,outputs,interactionand
risksofQMSprocesses(4.4.1).! Theorganizationshallplanactionstoaddresstherisksofthe
requiredprocessestoconfirmtheQMScanachieveitsintendedresults,enhancetheprobabilityofdesirableprocessoutputsandprevent/reducetheprobabilityofundesirableoutputs(6.1.1).
! Actionstakentoreducerisksshallbeproportionatetothepotentialimpactontheconformityofproductsandservices(6.1.1).
! Thestandarddoesnotdefinetheelementsthatmustbepresentinsystemusedtomanagerisk(A.4).
ISO9001:2015RequirementsforRiskBasedThinking! Thestandarddoesnotrequireformalmethodsforriskmanagement(A.4).
! Thestandarddoesnotrequireadocumentedriskmanagementprocess(A.4).
! Organizationscandeterminewhetherornottheywanttodevelopamoreextensiveriskmanagementmethodologythanrequiredbythestandard(A.4).
IATF16949:2016RequirementsforRiskBasedThinking! RequirescompliancewithbutnotregistrationtoISO9001:2015(0.3.3).
ISO13485:2016RequirementsforRiskBasedThinking! Whentheterm“risk”isuseditpertainstosafetyorperformancerequirementsofthemedicaldeviceormeetingapplicable
regulatoryrequirements(0.2).! Riskisdefinedascombinationoftheprobabilityofoccurrenceof
harmandtheseverityofthatharm(3.17).! Riskmanagementisthesystematicapplicationofmanagement
policies,proceduresandpracticestothetasksofanalyzing,evaluating,controllingandmonitoringrisk(3.18).
! Theorganizationshallapplyariskbasedapproachtothecontroloftheappropriateprocessesneededforthequalitymanagementsystem(4.1.2).
ISO13485:2016RequirementsforRiskBasedThinking! Thestandardrequiresrisk-basedthinkingbeusedforcontrolofthefollowingspecificprocesses:
! processoutsourcing(4.1.5);! validationofsoftwareusedbyQMSsystem(4.1.6);! definitionofdesignrequirements(8.2.1);! workertraining(6.2);! productrealization(7.1,7.33);! productdesignchanges(7.3.9);! purchasedproduct(7.4.1,7.4.3);! manufacturingprocesses(7.5.6);! controlofmonitoringandmeasurementequipment(7.6);! QMSfeedbacksystems(8.2.1).
SevenKeyElementsofRiskManagement! ObjectionableIncidentDefinition! SeverityofHarmDefinition
! RootCauseDefinition! RiskControlDefinition! ProbabilityofIncidentDuetoCauseDefinition! RootCausePriority! RiskReductionActivityTracking
! CommonMistakesWhenUsingDesignFMEA! ComponentDesignRequirementsinItem/RequirementsColumn! Non-VerifiableDesignRequirementinItem/RequirementsColumn! ObjectionableIncidentinPotentialCause(s)ofFailure(FC)Column! UseofRPNtoDetermineWhattoWorkOn
DesignFMEAandCommonMistakesWhenUsing
! CommonMistakesWhenUsingProcessFMEA! DefectImpactonProductIncorrectorMissing! Non-RootCauseinFailureCauseColumn! RiskControlsTooGeneral! UseofRPNtoDetermineWhattoWorkOn
ProcessFMEAandCommonMistakesWhenUsing
! WhereRiskMustBeManaged! WhatisRiskBasedPLM®! RiskBasedPLM®IsNotTheOnlyComplianceSolution! CoreToolsOfRiskBasedPLM®-RRA®,DFMEA,PFMEA,URA™
andPFMEA
Risk-BasedThinkingImplementationExample
DefineDesignRqmts
DefineCustomerRqmts
DefineDesign
DefineUsageControls
DefineProcessandControls
DefineCoreProcesses,InputsandOutputs
VoiceofCustomer
! ObjectionableIncident! CustomerRequirementsAreNotOptimized
! PotentialHarm! MarketShare! Redesign! Returns! Safety
! PotentialRootCauseofRisk! CustomerRequirementNotSpecifiedCorrectly
! RiskManagementTool! RequirementsRiskAssessment®(RRA®)! CustomerRequirementsDesignReview
“DefineCustomerRequirements”Process
DefineDesignRqmts
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DefineUsageControls
DefineProcessandControls
RiskBasedPLM®-RRA®Part1
VoiceofCustomer
! ObjectionableIncident! CustomerRequirementNotMet
! PotentialHarm! MarketShare! Redesign! Returns! Safety
! PotentialRootCauseofRisk! DesignRequirementNotSpecifiedCorrectly
! RiskManagementTool! RequirementsRiskAssessment®(RRA®)! DesignValidationPlan
“DefineDesignRequirements”Process
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DefineUsageControls
DefineProcessandControls
RiskBasedPLMRRA®Part2
VoiceofCustomer
! ObjectionableIncident! ProductFailureToMeetDesignRequirement
! PotentialHarm! MarketShare! Redesign! Returns! Safety! ManufacturingProcessRedesign! ManufacturingScrapLoss
! PotentialRootCauseofRisk:! IncorrectHardwareDesignSpecification! IncorrectSoftwareCode
! RiskManagementTool! DesignFMEA! DesignVerificationPlan
“DesignProduct”Process–RiskSources
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
DefineProcessandControls
RiskBasedPLM–DesignFMEAandDesignVerificationPlan
VoiceofCustomer
! ObjectionableIncident! ProductFailureToMeetDesignRequirement
! PotentialHarm! ProductDamage! ReducedProductLife! Returns! Safety
! PotentialRootCauseofRisk:! IncorrectInstalland/orUsageInstructions
! RiskManagementTool! UsageRiskAssessment(URA™)! UsageVerificationPlan
“DesignUsageInstruction”Process
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
UsageVerificationPlan
RiskOk?
YesNo
ReleaseUsageControlsURA™
DefineProcessandControls
RiskBasedPLM®-UsageRiskAssessment™andUsageVerificationPlan
VoiceofCustomer
! ObjectionableIncident! OutofSpecificationProductProduced
! PotentialHarm! ProductDamage! ReducedProductLife! Scrap/Rework! Returns! Safety
! PotentialRootCauseofRisk:! OutofSpecPurchasedItem! ProcessSourcesofProducedProductVariation
! RiskManagementTool! ProcessFMEA
“DesignManufacturingProcess”Process(QualityEmphasis)
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
UsageVerificationPlan
RiskOk?
YesNo
ReleaseUsageControlsURA™
DefineProcessandControls
ProcessValidationPlan
RiskOk?
YesNo
ReleaseProcessProcessFMEA
RiskBasedPLM®-ProcessFMEAandProcessValidationPlan
VoiceofCustomer
10 CC CC CC CC CC CC CC CC CC
9 CC CC CC CC CC CC CC CC CC
8 SC SC SC SC SC SC SC SC
7 SC SC SC SC SC SC SC SC
6 SC SC SC SC SC SC SC SC
5 SC SC SC SC SC SC SC SC
4 SC SC SC SC SC SC SC SC
3
2
1
SEV/OCC 1 2 3 4 5 6 7 8 9 10
SymbolisassignedbasedonSEVandOcc.
SC:Return/NoBuy
CC:Safety/Legal
ClassSymbols RiskMatrix(AutoIndustryDesignProcess)
WhatSourcesofRiskMustBeWorkedOn–AutomotiveDesign
SpinalImplantLateStageCancerTreatment
5 D D
4 II II
3 RIMA RIMA
2 RI
1 NI
SEV/OCC 1 2 3
RiskMatrix-MedicalIndustry
WhatSourcesofRiskMustBeWorkedOn–MedicalDevice
RiskSymbol Effect
D Death
II PermanentInjury
RIMA InjuryRequiresMedicalAttention
RI InjuryDoesNotRequireMedicalAttention
NI InconvenienceorTemporaryDiscomfort
SeverityRating
Effect
5 Death
4 PermanentInjury
3 InjuryRequiresMedicalAttention
2 InjuryDoesNotRequireMedicalAttention
1 InconvenienceorTemporaryDiscomfort
OccurrenceRating
Effect
3 Likelytohappen,often,frequent.
2 Canhappenbutnotfrequently.
1 Unlikelytohappen,rare,remote.
! AreasofacceptabilityinRiskTableforreleaseofDesignandManufacturingProcesses(akaRiskPolicy).
! DifferentproductscanusesameRiskMatrixbuthavedifferentRiskPolicies.
10 YC* YC* YC* YC* YC* YC* YC* YC* YC*
9 YC* YC* YC* YC* YC* YC* YC* YC* YC*
8 YS YS* YS* YS* YS* YS* YS* YS*
7 YS YS* YS* YS* YS* YS* YS* YS*
6 YS YS* YS* YS* YS* YS* YS* YS*
5 YS YS* YS* YS* YS* YS* YS* YS*
4 YS YS* YS* YS* YS* YS* YS* YS*
3
2
1
SEV/OCC 1 2 3 4 5 6 7 8 9 10
*=DoNotRelease
WhatIsAcceptableRisk–AutomotiveDesignRiskPolicy
SpinalImplant
5 D* D*
4 II* II*
3 RIMA* RIMA*
2 RI
1 NI
SEV/OCC 1 2 3
LateStageCancerTreatment
5 D D*
4 II II*
3 RIMA RIMA
2 RI
1 NI
SEV/OCC 1 2 3
RiskPolicy(*=DoNotRelease)
WhatIsAcceptableRisk–MedicalDeviceRiskPolicy
RiskSymbol Effect
D Death
II PermanentInjury
RIMA InjuryRequiresMedicalAttention
RI InjuryDoesNotRequireMedicalAttention
NI InconvenienceorTemporaryDiscomfort
SeverityRating
Effect
5 Death
4 PermanentInjury
3 InjuryRequiresMedicalAttention
2 InjuryDoesNotRequireMedicalAttention
1 InconvenienceorTemporaryDiscomfort
OccurrenceRating
Effect
3 Likelytohappen,often,frequent.
2 Canhappenbutnotfrequently.
1 Unlikelytohappen,rare,remote.
! Plan:Definewhattheorganizationwantstoaccomplishandhowtheorganizationisgoingtoaccomplishit.
! Do:ImplementPlan.! Check:Measureresultsofimplementationtheplan.! Act:Ifdesiredresultsarenotachieved,modifyplan.
Plan-Do-Check-ActWithoutRisk-Based-Thinking
! Plan:Definewhattheorganizationwantstoaccomplishandhowtheorganizationisgoingtoaccomplishit.Assessriskofplan.
! Do:Ifriskacceptable,implementPlan.! Check:Measureresultsofimplementationtheplan.! Act:Ifdesiredresultsarenotachieved,modifyplan.Assessriskofplan
modification.Ifriskacceptable,implementplanmodification.
Plan-Do-Check-ActWithRisk-Based-Thinking
Questions?
RichardA.Harpster-Phone:(248)374-1718Email:[email protected]