-
ABC’sofImplementingRiskBasedThinking
RichardA.Harpster,PE–Harpco®Systems
ASQ World Conference – Session W16 – May 2, 2018 Copyright© 2018
Harpco Systems, Inc. All Rights Reserved. May not be duplicated in
any form without written permission.
-
! WhatIsRiskandHowIsItReduced!
DefinitionofRisk-BasedThinking!
StandardRequirementsforRisk-basedThinking
! ISO9001:2015! IATF16949:2016! ISO13485:2016
! SevenKeyElementsofRiskManagement!
CommonRiskManagementToolsUsedandMistakesMadeWhen
Using! DesignFailureModesEffectsAnalysis(DesignFMEA)! ProcessFailureModesEffectsAnalysis(ProcessFMEA)
! WhatSourcesofRiskMustBeWorkedOn! HowMuchRiskIsAcceptable!
Risk-BasedThinkingImplementationExample!
Risk-BasedThinkingandPlan-Do-CheckAct
PresentationOverview
-
! TwoComponentsofRisk! HowRiskIsReduced
WhatIsRiskandHowIsItReduced?
-
!
Risk-basedthinkingenablesanorganizationtodeterminethefactorsthatcouldcauseitsprocessesanditsqualitymanagementsystemtodeviatefromtheplannedresults,toputinplacepreventivecontrolstominimizenegativeeffectsandtomakemaximumuseofopportunitiesastheyarise(ISO9001:201501.d).
!
Risk-basedthinkingallowscompaniestooptimizetheuseoftheiravailableresourcesthroughrisk-basedtargeting.
DefinitionofRisk-basedThinking
-
ISO9001:2015RequirementsforRisk-basedThinking!
Thestandardinnon-prescriptiveonwhererisk-basedthinkingmustbeapplied(4.4.1).
! OrganizationmustdetermineprocessesrequiredforQMS(4.4.1).!
Organizationshalldetermineinputs,outputs,interactionand
risksofQMSprocesses(4.4.1).!
Theorganizationshallplanactionstoaddresstherisksofthe
requiredprocessestoconfirmtheQMScanachieveitsintendedresults,enhancetheprobabilityofdesirableprocessoutputsandprevent/reducetheprobabilityofundesirableoutputs(6.1.1).
!
Actionstakentoreducerisksshallbeproportionatetothepotentialimpactontheconformityofproductsandservices(6.1.1).
!
Thestandarddoesnotdefinetheelementsthatmustbepresentinsystemusedtomanagerisk(A.4).
-
ISO9001:2015RequirementsforRiskBasedThinking!
Thestandarddoesnotrequireformalmethodsforriskmanagement(A.4).
!
Thestandarddoesnotrequireadocumentedriskmanagementprocess(A.4).
!
Organizationscandeterminewhetherornottheywanttodevelopamoreextensiveriskmanagementmethodologythanrequiredbythestandard(A.4).
-
IATF16949:2016RequirementsforRiskBasedThinking!
RequirescompliancewithbutnotregistrationtoISO9001:2015(0.3.3).
-
ISO13485:2016RequirementsforRiskBasedThinking!
Whentheterm“risk”isuseditpertainstosafetyorperformancerequirementsofthemedicaldeviceormeetingapplicable
regulatoryrequirements(0.2).!
Riskisdefinedascombinationoftheprobabilityofoccurrenceof
harmandtheseverityofthatharm(3.17).!
Riskmanagementisthesystematicapplicationofmanagement
policies,proceduresandpracticestothetasksofanalyzing,evaluating,controllingandmonitoringrisk(3.18).
!
Theorganizationshallapplyariskbasedapproachtothecontroloftheappropriateprocessesneededforthequalitymanagementsystem(4.1.2).
-
ISO13485:2016RequirementsforRiskBasedThinking!
Thestandardrequiresrisk-basedthinkingbeusedforcontrolofthefollowingspecificprocesses:
! processoutsourcing(4.1.5);!
validationofsoftwareusedbyQMSsystem(4.1.6);!
definitionofdesignrequirements(8.2.1);! workertraining(6.2);!
productrealization(7.1,7.33);! productdesignchanges(7.3.9);!
purchasedproduct(7.4.1,7.4.3);! manufacturingprocesses(7.5.6);!
controlofmonitoringandmeasurementequipment(7.6);!
QMSfeedbacksystems(8.2.1).
-
SevenKeyElementsofRiskManagement!
ObjectionableIncidentDefinition! SeverityofHarmDefinition
! RootCauseDefinition! RiskControlDefinition!
ProbabilityofIncidentDuetoCauseDefinition! RootCausePriority!
RiskReductionActivityTracking
-
!
CommonMistakesWhenUsingDesignFMEA! ComponentDesignRequirementsinItem/RequirementsColumn! Non-VerifiableDesignRequirementinItem/RequirementsColumn! ObjectionableIncidentinPotentialCause(s)ofFailure(FC)Column! UseofRPNtoDetermineWhattoWorkOn
DesignFMEAandCommonMistakesWhenUsing
-
!
CommonMistakesWhenUsingProcessFMEA! DefectImpactonProductIncorrectorMissing! Non-RootCauseinFailureCauseColumn! RiskControlsTooGeneral! UseofRPNtoDetermineWhattoWorkOn
ProcessFMEAandCommonMistakesWhenUsing
-
! WhereRiskMustBeManaged! WhatisRiskBasedPLM®!
RiskBasedPLM®IsNotTheOnlyComplianceSolution!
CoreToolsOfRiskBasedPLM®-RRA®,DFMEA,PFMEA,URA™
andPFMEA
Risk-BasedThinkingImplementationExample
-
DefineDesignRqmts
DefineCustomerRqmts
DefineDesign
DefineUsageControls
DefineProcessandControls
DefineCoreProcesses,InputsandOutputs
VoiceofCustomer
-
! ObjectionableIncident!
CustomerRequirementsAreNotOptimized
! PotentialHarm! MarketShare! Redesign! Returns! Safety
! PotentialRootCauseofRisk!
CustomerRequirementNotSpecifiedCorrectly
! RiskManagementTool! RequirementsRiskAssessment®(RRA®)!
CustomerRequirementsDesignReview
“DefineCustomerRequirements”Process
-
DefineDesignRqmts
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DefineUsageControls
DefineProcessandControls
RiskBasedPLM®-RRA®Part1
VoiceofCustomer
-
! ObjectionableIncident! CustomerRequirementNotMet
! PotentialHarm! MarketShare! Redesign! Returns! Safety
! PotentialRootCauseofRisk!
DesignRequirementNotSpecifiedCorrectly
! RiskManagementTool! RequirementsRiskAssessment®(RRA®)!
DesignValidationPlan
“DefineDesignRequirements”Process
-
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DefineUsageControls
DefineProcessandControls
RiskBasedPLMRRA®Part2
VoiceofCustomer
-
! ObjectionableIncident!
ProductFailureToMeetDesignRequirement
! PotentialHarm! MarketShare! Redesign! Returns! Safety!
ManufacturingProcessRedesign! ManufacturingScrapLoss
! PotentialRootCauseofRisk:!
IncorrectHardwareDesignSpecification! IncorrectSoftwareCode
! RiskManagementTool! DesignFMEA! DesignVerificationPlan
“DesignProduct”Process–RiskSources
-
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
DefineProcessandControls
RiskBasedPLM–DesignFMEAandDesignVerificationPlan
VoiceofCustomer
-
! ObjectionableIncident!
ProductFailureToMeetDesignRequirement
! PotentialHarm! ProductDamage! ReducedProductLife!
Returns! Safety
! PotentialRootCauseofRisk:!
IncorrectInstalland/orUsageInstructions
! RiskManagementTool! UsageRiskAssessment(URA™)!
UsageVerificationPlan
“DesignUsageInstruction”Process
-
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
UsageVerificationPlan
RiskOk?
YesNo
ReleaseUsageControlsURA™
DefineProcessandControls
RiskBasedPLM®-UsageRiskAssessment™andUsageVerificationPlan
VoiceofCustomer
-
! ObjectionableIncident! OutofSpecificationProductProduced
! PotentialHarm! ProductDamage! ReducedProductLife!
Scrap/Rework! Returns! Safety
! PotentialRootCauseofRisk:! OutofSpecPurchasedItem!
ProcessSourcesofProducedProductVariation
! RiskManagementTool! ProcessFMEA
“DesignManufacturingProcess”Process(QualityEmphasis)
-
DefineDesignRqmts
DesignValidationPlan
RiskOk?
YesNo
ReleaseDesignRequirementsRRA®(Part2)
DefineCustomerRqmts
CustomerRqmtsReview
RiskOk?
YesNo
ReleaseCustomerRequirementsRRA®(Part1)
DefineDesign
DesignVerificationPlan
RiskOk?
YesNo
ReleaseDesignDesignFMEA
DefineUsageControls
UsageVerificationPlan
RiskOk?
YesNo
ReleaseUsageControlsURA™
DefineProcessandControls
ProcessValidationPlan
RiskOk?
YesNo
ReleaseProcessProcessFMEA
RiskBasedPLM®-ProcessFMEAandProcessValidationPlan
VoiceofCustomer
-
10 CC CC CC CC CC CC CC CC CC
9 CC CC CC CC CC CC CC CC CC
8 SC SC SC SC SC SC SC SC
7 SC SC SC SC SC SC SC SC
6 SC SC SC SC SC SC SC SC
5 SC SC SC SC SC SC SC SC
4 SC SC SC SC SC SC SC SC
3
2
1
SEV/OCC 1 2 3 4 5 6 7 8 9 10
SymbolisassignedbasedonSEVandOcc.
SC:Return/NoBuy
CC:Safety/Legal
ClassSymbols RiskMatrix(AutoIndustryDesignProcess)
WhatSourcesofRiskMustBeWorkedOn–AutomotiveDesign
-
SpinalImplantLateStageCancerTreatment
5 D D
4 II II
3 RIMA RIMA
2 RI
1 NI
SEV/OCC 1 2 3
RiskMatrix-MedicalIndustry
WhatSourcesofRiskMustBeWorkedOn–MedicalDevice
RiskSymbol Effect
D Death
II PermanentInjury
RIMA InjuryRequiresMedicalAttention
RI InjuryDoesNotRequireMedicalAttention
NI InconvenienceorTemporaryDiscomfort
SeverityRating
Effect
5 Death
4 PermanentInjury
3 InjuryRequiresMedicalAttention
2 InjuryDoesNotRequireMedicalAttention
1 InconvenienceorTemporaryDiscomfort
OccurrenceRating
Effect
3 Likelytohappen,often,frequent.
2 Canhappenbutnotfrequently.
1 Unlikelytohappen,rare,remote.
-
!
AreasofacceptabilityinRiskTableforreleaseofDesignandManufacturingProcesses(akaRiskPolicy).
!
DifferentproductscanusesameRiskMatrixbuthavedifferentRiskPolicies.
10 YC* YC* YC* YC* YC* YC* YC* YC* YC*
9 YC* YC* YC* YC* YC* YC* YC* YC* YC*
8 YS YS* YS* YS* YS* YS* YS* YS*
7 YS YS* YS* YS* YS* YS* YS* YS*
6 YS YS* YS* YS* YS* YS* YS* YS*
5 YS YS* YS* YS* YS* YS* YS* YS*
4 YS YS* YS* YS* YS* YS* YS* YS*
3
2
1
SEV/OCC 1 2 3 4 5 6 7 8 9 10
*=DoNotRelease
WhatIsAcceptableRisk–AutomotiveDesignRiskPolicy
-
SpinalImplant
5 D* D*
4 II* II*
3 RIMA* RIMA*
2 RI
1 NI
SEV/OCC 1 2 3
LateStageCancerTreatment
5 D D*
4 II II*
3 RIMA RIMA
2 RI
1 NI
SEV/OCC 1 2 3
RiskPolicy(*=DoNotRelease)
WhatIsAcceptableRisk–MedicalDeviceRiskPolicy
RiskSymbol Effect
D Death
II PermanentInjury
RIMA InjuryRequiresMedicalAttention
RI InjuryDoesNotRequireMedicalAttention
NI InconvenienceorTemporaryDiscomfort
SeverityRating
Effect
5 Death
4 PermanentInjury
3 InjuryRequiresMedicalAttention
2 InjuryDoesNotRequireMedicalAttention
1 InconvenienceorTemporaryDiscomfort
OccurrenceRating
Effect
3 Likelytohappen,often,frequent.
2 Canhappenbutnotfrequently.
1 Unlikelytohappen,rare,remote.
-
!
Plan:Definewhattheorganizationwantstoaccomplishandhowtheorganizationisgoingtoaccomplishit.
! Do:ImplementPlan.!
Check:Measureresultsofimplementationtheplan.!
Act:Ifdesiredresultsarenotachieved,modifyplan.
Plan-Do-Check-ActWithoutRisk-Based-Thinking
-
!
Plan:Definewhattheorganizationwantstoaccomplishandhowtheorganizationisgoingtoaccomplishit.Assessriskofplan.
! Do:Ifriskacceptable,implementPlan.!
Check:Measureresultsofimplementationtheplan.!
Act:Ifdesiredresultsarenotachieved,modifyplan.Assessriskofplan
modification.Ifriskacceptable,implementplanmodification.
Plan-Do-Check-ActWithRisk-Based-Thinking
-
Questions?
RichardA.Harpster-Phone:(248)374-1718Email:[email protected]
