Perform a FMEA Risk Assessment

When performing an FMEA, three different document object types are involved. The central document object is the Failure Mode that contains and combines entered causes and effects into Hazards (which is the second document object type involved). Hazards generate a Risk Probability Number which grades how serious the danger of the hazard is. The Risk can be reduced by creating and assigning Mitigations to the Hazard.

Failure mode, Hazards and Mitigations are connected through traces visible in the Trace Explorer.

A Failure Mode is generally an output from a specification i.e. “what risks are involved in the requirement solution being specified in this way”. However, it is also possible to create Failure modes as free standing objects or maybe more common from a Potential Hazard which acts as a placeholder for a Norm-reference.

How to perform an FMEA risk assessment

  • Generate a Failure mode from e.g. a Specification or add a Failure mode like you add a regular Document Object.

  • In the Failure mode Document Object form, describe the Failure mode in the title which is usually a functional family which applies to the specification. E.g. for the specification "Create analyses of serum" you could have the failure mode "No result created".

  • Define one or more effects for the Failure mode and quantify their severity according to your company standards.

  • Define one or more causes for the Failure mode and quantify their probability according to your company standards.

  • As you see, each permutation of the listed causes and effects generates a hazard in the Risk table in the lower part of the form.

  • Define the visibility for the Hazard and quantify it according to your company standards.

  • The risk probability number (RPN) is calculated using a customized formula from the severity (from the effect), probability (from the cause) and visibility (from the combination of cause and effect). An acceptable RPN is displayed in green. However, if the RPN is higher than a pre-defined threshold (depends on your configuration), the number is displayed in red. Optionally you may also configure an intermediate level, ALARP (as low as reasonably possible), in which case the RPN would display itself in yellow.

  • For the generated hazards, you may add Mitigations with the intention to reduce the RPN to an acceptable level.

  • To assign a Mitigation, click on the Add Row button for the applicable hazard and select a Mitigation from the list. The Mitigation is traced from the Hazard which means that the Mitigation can be assigned to other Hazards in this or other Failure Modes.

Mitigations need to be defined prior to assigning them to hazards.

To remove a Mitigation from a Hazard, click the Remove Row button at the end of the row for the applicable Hazard.

To remove a Hazard from the Risk table, remove either the applicable Cause or Effect by clicking on Remove in the applicable row in the Effect or Cause table.