Roots of most of today’s Quality Principles can Project...
Transcript of Roots of most of today’s Quality Principles can Project...
1
Steiner Consulting Paul A. Steiner, PhD
1
Project Elements
of Design Control, Design of
Experiment (DOE) and Risk Analysis
(FMECA)
Steiner Consulting Paul A. Steiner, PhD
2
Outline
History of “Quality” and roots of Design Control and
Risk analysis
Failure Mode and Effects Analysis
What is it?
Motivation
FMEA/FEMCA Methods
Example
FMECA in-class exercise
Steiner Consulting Paul A. Steiner, PhD
3
History of Quality
Roots of most of today’s Quality Principles can be traced back to Deming, and others like Taguchi in Post WWII.
Deming was pioneer of quality management processes in post war Japan.
Build quality into the system
Do not test in quality at the end of the process
Japanese auto industry embraced the quality principles for the improvement and development of cars in the 20th century.
Steiner Consulting Paul A. Steiner, PhD
4
Why a Systematic Approach to Quality?
Steiner Consulting Paul A. Steiner, PhD
5
US vs. Japanese Patterns of Design Changes
Japanese automakers focused more time on making
design revisions.
Early on in the prototype stage
“Bugs” worked out by start of the production
US Invested:
Less time exploring alternatives early in the cycle and
Thus major changes just before production,
Continuing making costly engineering changes after the start of production, and
Overall cycle was slower and more costly.
Steiner Consulting Paul A. Steiner, PhD
6
Product Development Process
It has major impact on cost, quality and overall time.
Quality depends on design; it is built into it
Cost and time needed for production depends on
factors related to product design
Is it easy to make?
Is it easy to assemble?
2
Steiner Consulting Paul A. Steiner, PhD
7
Adoption and Spread of Quality Systems
Early adoption By US (Military) Aerospace: MIL STDS
Mil Std-882B: Safety System Program Requirements
(Risk Analysis, 1977)
Mil Std-1629A: Procedures for Performing A Failure
Mode, Effects and Criticality Analysis (FMECA, 1974)
International Organization for Standardization (ISO):
ISO 13485: Medical Devices Quality Management
Systems (Design Control, 1996)
ISO 14971: Medical devices Application of risk
Management (2000)
Steiner Consulting Paul A. Steiner, PhD
8
FDA Quality System Regulations (QSR)
Quality System Regulation
820.30(c): “manufacturer…. shall establish and
maintain procedures to control the design of the
device…”
(g): “….Design validation shall include software
val. and risk analysis, where appropriate.”
Medical Device Directive 93/42/EEC
Essential Requirements – Design so as not to
compromise patient safety
In-Vitro Medical Device Directive 98/79/EEC
Steiner Consulting Paul A. Steiner, PhD
9
Design Control and Design of Experiments
(DOE)
Early application in ancient agricultural sciences
Inputs: Irrigation, fertilization, crop rotation, etc.
A technique was needed to model all inputs, how they interact – DOE was born!
Wanted to get it right 1st time as one experiment took an entire growing season.
Full factorial, all-interaction DOE, tests are performed for all possible combinations of all inputs.
i.e. 3 inputs, each with two possible settings
23 = 8 tests
DOE allows for determination of critical inputs and interactions
Steiner Consulting Paul A. Steiner, PhD
10
Risk Analysis: Why is it Important?
Provides a basis for identifying root failure causes and developing effective corrective actions.
Identifies reliability/safety critical components.
Facilitates investigation of design alternatives at all stages of the design
Provides a foundation for other maintainability, safety, testability, and logistics analyses
Steiner Consulting Paul A. Steiner, PhD
11
What is an FMEA?
Description:
A procedure that examines each item in a system, considers how that item can fail and then determines how that failure will affect (or cascade through) the system
Acronyms
FMEA: Failure Modes and Effects Analysis
FMECA: Failure Modes and Effects and Criticality Analysis
Steiner Consulting Paul A. Steiner, PhD
12
Definitions
FMECA - Failure Mode, Effects, and Criticality
Analysis.
FMEA - Failure Mode and Effects Analysis.
Compensating Provisions - Actions available or that
can be taken to lessen or eliminate the effect of a
failure on a system.
Next Higher Effect - The consequence a failure mode
has upon the operation, function, or status at the
next higher level of assembly.
End Effect - The consequence a failure mode has
upon the operation, function, or status at the highest
level of indenture.
3
Steiner Consulting Paul A. Steiner, PhD
13
FMECA Facts and Tips
FMECAs should begin as early as possible
This allows the analyst to affect the design before
it is set in stone.
If you start early, expect to have to redo portions
as the design is modified – a continuous loop
FMECAs take a lot of time to complete.
FMECAs require considerable knowledge of system
operation necessitating extensive discussions with
all affected groups: Design, Chemistry, System
Engineering.
Spend time developing ground rules with your
customer up front – another internal group, FDA, etc.
Steiner Consulting Paul A. Steiner, PhD
14
When to Perform FMEA/FMECA?
Risk Analysis is performed throughout the design
process.
Design might change as you learn more about the
inputs.
As design changes so does risk
Repeat Risk Analysis up to point design is “fixed”
(validation)
If done correctly, Risk should decrease
Steiner Consulting Paul A. Steiner, PhD
15
Motivation for Conducting a FMEA
Improves design by discovering unanticipated
failures
Enables robust design
Highlights the impact of the failures (reliability,
patient safety)
Potentially helpful during legal actions
Provides a method to characterize product safety
Often required (e.g. FDA and DOD procurement)
Steiner Consulting Paul A. Steiner, PhD
16
Methods to Conduct a FMEA (taken from ASM Handbook Vol. 11)
Identify all components or systems at given level of
the design hierarchy.
List the function of each identified component or
system.
Identify failure modes for each component/system.
Typically there will be several ways in which a
component can fail.
Determine the effect (both locally and globally) on the
system.
Steiner Consulting Paul A. Steiner, PhD
17
System Structure Analysis
The system is divided into different functional levels
and components
Steiner Consulting Paul A. Steiner, PhD
18
How is it Done?
What are the effects
of part failures on
the board?
What are the effects
of board failures on
the box?
What are the effects
of box failures on
the system?
Note: This is a bottoms up example.
Top down examples are possible.
4
Steiner Consulting Paul A. Steiner, PhD
19
Methods to Conduct a FMEA (taken from ASM Handbook Vol. 11)
Classify the failure by its effects on the system
operation.
How critical is the failure?
Determine the failure’s probability of occurrence.
Identify how the failure mode can be detected
Point out what needs to be inspected on a regular
basis
What needs in-process testing
Identify any compensating provisions or design
changes to mitigate the failure effects.
Steiner Consulting Paul A. Steiner, PhD
20
DESIGN FMEA (DFMEA)
The Design FMEA is used to analyze products before they are released to production.
It focuses on potential failure modes of products caused by design deficiencies.
Design FMEAs are normally done at three levels:
System
Subsystem
Component levels
This type of FMEA is used to analyze hardware, functions or a combination
Steiner Consulting Paul A. Steiner, PhD
21
PROCESS FMEA (PFMEA)
The Process FMEA is normally used to analyze
manufacturing and assembly processes at the
system, subsystem or component levels.
This type of FMEA focuses on potential failure
modes of the process that are caused by
manufacturing or assembly process deficiencies.
Steiner Consulting Paul A. Steiner, PhD
22
ISO 13485 Risk Management Flow Chart
Steiner Consulting Paul A. Steiner, PhD
23
Sample FMEA Table: Mil Std-1629A
Steiner Consulting Paul A. Steiner, PhD
24
Sample FMECA Table: Mil Std-1629A
5
Steiner Consulting Paul A. Steiner, PhD
25
Worksheet Preparation: Sample FMECA
Worksheet
Steiner Consulting Paul A. Steiner, PhD
26
Worksheet Preparation
For each system element or subsystem, the analyst must consider all the functions in all its operational modes, and ask if any failure modes may result in any unacceptable system effect.
No, stop
Yes, further examination
Discuss the various columns in the FEMCA worksheet
A unique reference to an element or subsystem is given in the first column
All the functions of the element are listed in the second column. A checklist may be useful to secure that all functions are covered.
Steiner Consulting Paul A. Steiner, PhD
27
Worksheet Preparation
The various operational modes for the element are listed
in column 3. Example of operational modes are: idle,
standby and running.
For each function and/or operational mode of an
element, the potential failure modes have to be identified
and listed in column 4.
The failure modes identified in column 4 are studied one-
by-one. The failure mechanism (e.g. corrosion, erosion,
fatigue) that may produce a failure mode are identified
and listed.
Steiner Consulting Paul A. Steiner, PhD
28
Worksheet Preparation
The possibilities for detecting the various failure modes
should be listed.
In some applications an extra column is added to rank
the likelihood that the failure will be detected. The
following detection ranking may be used:
Steiner Consulting Paul A. Steiner, PhD
29
Worksheet Preparation
The effects of each failure mode may have on other components in the same subsystem (local effects) are listed.
The effects each failure mode may have on the whole system (global effects) are listed. The operational status of the system after the failure should also be recorded:
In some applications it may be beneficial to consider each category of effects separately, like: safety effects, environmental effects, production availability effects, economic effects, etc.
In some applications it may be relevant to include separate columns in a worksheet for Effects on safety, Effects on reliability, etc.
Steiner Consulting Paul A. Steiner, PhD
30
Worksheet Preparation
Assesses probability that the failure mode will occur
Over the “design life of the product”
Assesses seriousness of the effects of a failure mode
Deriving effects for failure modes
Severity can be changed by a design change or other
implementations
6
Steiner Consulting Paul A. Steiner, PhD
31
Worksheet Preparation
Actions to correct the failure and restore the function or
prevent serious consequences are listed in column 11.
Actions that are likely to reduce the frequency of the
failure modes should also be recorded in column 11.
The last column may be used to record information not
included in the other columns.
Steiner Consulting Paul A. Steiner, PhD
32
Risk Ranking and Team Review
The risk related to the various failure modes can be
presented either by:
Risk matrix
Risk priority number (RPN)
Steiner Consulting Paul A. Steiner, PhD
33
Risk Ranking: Hazard Matrix
ALARP: Recognizes that most risks cannot be
eliminated
Steiner Consulting Paul A. Steiner, PhD
38
ISO 14971, Risk Analysis for Medical Devices
3-Region Risk Chart
Steiner Consulting Paul A. Steiner, PhD
39
Risk Ranking: Risk Priority Number
Assign values to Severity, Occurrence/probability, and
Detection using the tables on the next 3 pages.
SN = Severity number
Quantifies the severity of the effect, given that the
failure mode occurs in the design process.
PN = Probability Number
Quantifies probability that the failure mode occurs.
DN = Detection Number
Quantifies probability that the failure mode will be
detected by the design process.
Steiner Consulting Paul A. Steiner, PhD
40
Risk Ranking: Risk Priority Number
Determine the Risk Priority Number (RPN): Severity
(SN) x Probability (PN) x Detection (DN)
RPN = SN x PN x DN
The smaller the RPN the better (and the larger the
worse)
Develop an action plan
Implement an action plan
7
Steiner Consulting Paul A. Steiner, PhD
41
Risk Severity Guidelines
Effect Rank Criteria
None 1 No effect
Very Slight 2 Negligible effect on Performance. Some users may
notice.
Slight 3 Slight effect on performance. Non vital faults will be
noticed by many users
Minor 4 Minor effect on performance. User is slightly
dissatisfied.
Moderate 5 Reduced performance with gradual performance
degradation. User dissatisfied.
Severe 6 Degraded performance, but safe and usable. User
dissatisfied.
High Severity 7 Very poor performance. Very dissatisfied user.
Very High Severity 8 Inoperable but safe.
Extreme Severity 9 Probable failure with hazardous effects. Compliance
with regulation is unlikely.
Maximum Severity 10 Unpredictable failure with hazardous effects almost
certain. Non-compliant with regulations. Steiner Consulting Paul A. Steiner, PhD
42
Frequency or Probability/Occurrence Ranking
Probability or
Occurrence
Rank Criteria
Extremely Unlikely 1 Less than 0.01 per thousand
Remote Likelihood 2 0.1 per thousand rate of occurrence
Very Low Likelihood 3 0.5 per thousand rate of occurrence
Low Likelihood 4 1 per thousand rate of occurrence
Moderately Low
Likelihood
5 2 per thousand rate of occurrence
Medium Likelihood 6 5 per thousand rate of occurrence
Moderately High
Likelihood
7 10 per thousand rate of occurrence
Very High Likelihood 8 20 per thousand rate of occurrence
Extreme Likelihood 9 50 per thousand rate of occurrence
Maximum Likelihood 10 100 per thousand rate of occurrence
Steiner Consulting Paul A. Steiner, PhD
43
Detection Ranking
Detection Rank Criteria
Extremely Likely 1 Can be corrected prior to prototype/ Controls will almost
certainly detect
Very High
Likelihood
2 Can be corrected prior to design release/Very High
probability of detection
High Likelihood 3 Likely to be corrected/High probability of detection
Moderately High
Likelihood
4 Design controls are moderately effective
Medium Likelihood 5 Design controls have an even chance of working
Moderately Low
Likelihood
6 Design controls may miss the problem
Low Likelihood 7 Design controls are likely to miss the problem
Very Low Likelihood
8 Design controls have a poor chance of detection
Remote Likelihood 9 Unproven, unreliable design/poor chance for detection
Extremely Unlikely
10 No design technique available/Controls will not detect
Steiner Consulting Paul A. Steiner, PhD
44
Risk Ranking and Team Review
Do some brainstorming
Goal: Get “all” possible failure modes
Ideas should be encouraged
Get all ideas written down
Things that have gone wrong in the past
Concerns of designers
Chemistry process related: purity, reaction parameters, etc.
Do your homework
Get data needed to evaluate and simulate all ideas
Histories, testing, analyses, simulations, etc.
Safety and regulation noncompliance are critical issues
Steiner Consulting Paul A. Steiner, PhD
45
Risk Ranking and Team Review
Evaluate and rank potential failure modes
Use available information
Assign RPN on risk matrix for all failure modes
Develop an action plan
Define actions to correct the problems identified
Design controls: inspections, testing (IPC), etc.
Follow up
Document all corrective actions
Re-evaluate RPN or risk matrix after corrective
action
Steiner Consulting Paul A. Steiner, PhD
46
Corrective Actions
The risk can be reduced by introducing:
Changing designs
Introducing safety features
Warning devices
Procedures/training
8
Steiner Consulting Paul A. Steiner, PhD
47
Summary
Steiner Consulting Paul A. Steiner, PhD
48
To Learn More
A collection of information including links to
examples, guides, standards, etc. http://www.fmeainfocentre.com/index.htm
A training company with good overview material http://www.qualitytrainingportal.com/resources/fmea/index.htm
Another company http://www.fmea-fmeca.com/index.html
Other Variations of FEMA/FEMCA
Mil-STD-1629A, Fig 101.3
http://www.fmea-fmeca.com/milstd1629.pdf
SAE J1739
http://www.fmea-fmeca.com/fmea-examples.html
Steiner Consulting Paul A. Steiner, PhD
49
FMECA Example: Hot Water Heater
Steiner Consulting Paul A. Steiner, PhD
50
Constructing the FMECA Worksheet
List the various components and their function
What are the operational modes of the components
listed?
Let’s focus in on the Stop Valve
List the failure modes?
Is the failure acceptable? Yes – finished, No –
continue
What is the failure cause or mechanism?
What is the possibility of detecting the failure?
How detected?
Steiner Consulting Paul A. Steiner, PhD
51
Constructing the FMECA Worksheet: Stop
Valve
What are the affects on the sub-system (local
affects)?
What are the affects on the System (global effects)?
What is the probability of occurrence (1-10 scale)?
What is the severity?
FEMA Ranking (PN X SN = ?)
RPN? (PN X SN X DN = ?)
How can we reduce risk?
Suggest methods: brainstorm, etc
Redo RPN?
New RPN should be smaller
Steiner Consulting Paul A. Steiner, PhD
52
FMECA Example: Hot Water Heater
9
Steiner Consulting Paul A. Steiner, PhD
53
Diasorin: Process 3. Conjugate Concentration
Sub-steps 1 – 4
1. Prepare Amino Dextran PN 25238
2. Prepare Vitamin D NHS Ester PN25205
3. Prepare ABEI Ester PN25207
4. Preparation of Vitamin D Aminodextran
conjugate concentrate PN25206
Steiner Consulting Paul A. Steiner, PhD
54
What to Do
Potential Causes of failure should be engineering
related such as incorrect material, corrosion, wear
and human related such as inexperience, misuse,
etc.
Current Design Controls are things like inspections,
testing, poke yoke, and other design checks that are
intended to prevent the problem.
Steiner Consulting Paul A. Steiner, PhD
55
What to Do
Assign values to Severity, Occurrence, and
Detection using the tables on the next three pages.
Determine the Risk Priority Number (Severity*
Occurrence * Detection)
Develop an action plan
Implement an action plan
Steiner Consulting Paul A. Steiner, PhD
56
FMECA Example: Hot Water Heater
Possible failure modes?
Steiner Consulting Paul A. Steiner, PhD
57
In-Class Problem 1
Most cars have a fuel filter between the fuel tank and
the engine.
Consider the consequences of:
Anti-function (opposite of filtering)
Partial function
Intermittent function
Excess function
Steiner Consulting Paul A. Steiner, PhD
58
In-Class Problem 2
You were the designer of cars before air bags and
seat belts.
Suppose your function is “Protect occupants during
head-on collision at less than 40 mph.”
Estimate numbers for Severity, Occurrence, and
Detection for the “before airbag/seatbelts” and
after “airbags/seatbelts” cases
10
Steiner Consulting Paul A. Steiner, PhD
59
In-Class Problem 3
For a cordless a screwdriver generate a partial
FEMCA
List the three most significant functions of the
case.
For most potentially troublesome function,
name Potential Failure Modes
For each Potential Failure Mode, name Potential
Effects.
For each Potential Failure Mode, name Potential
Causes.
For each Potential Failure Mode, assign
Severity, Occurrence, and Detection values
Steiner Consulting Paul A. Steiner, PhD
60
Application of FMEA to a Medication
Reconciliation Process Upon Hospital
Admission
Steiner Consulting Paul A. Steiner, PhD
61
Failure Modes Identified
Inaccurate , incomplete and/or missing information on
patients’ admission medication histories
No formalized approach for obtaining and documenting
medication histories within patients’ medical records
Inconsistencies between histories obtained by various
disciplines and documented throughout patients’ medical
records
Steiner Consulting Paul A. Steiner, PhD
62
Examples of Rating Failure Modes
Failure Mode: Independent medication histories throughout medical record with conflicting information about patient’s medication history
10 (SN) x 10 (PN) x 7 (DN) = 700 RPN
Failure Mode: Inaccurate medication history obtained
10 (SN) x 8 (PN) x 7 (DN) = 560 RPN
Failure Mode: Incomplete and/or incorrect medication orders upon admission
10 (SN) x 9 (PN) x 8 (DN) = 720 RPN
Steiner Consulting Paul A. Steiner, PhD
63
Medication Reconciliation Upon Admission:
Recommendations made by FMEA team:
Create single, shared medication list accessible to all authorized health care providers
Obtain an accurate and complete medication list upon admission
Consider use of pharmacy resources for obtaining medication histories in appropriate cases (pharmacy consult)
Develop a formalized process for medication reconciliation
Incorporate medication reconciliation into an advanced clinical information system
Steiner Consulting Paul A. Steiner, PhD
64
Simple Example: Flashlight
This flashlight is for use by special operations forces involved in
close combat missions (especially hostage rescue) during low
visibility conditions in urban areas. The light is to mounted coaxially
with the individual's personal weapon to momentarily illuminate
and positively identify targets before they are engaged. The exterior
casing including the transparent light aperture are from an existing
ruggidized design and can be considered immune to failure.
11
Steiner Consulting Paul A. Steiner, PhD
65
Simple Example: Flashlight (cont.) How can it fail?
What is the effect? Note
that Next Higher Effect =
End Effect in this case.
Part
Steiner Consulting Paul A. Steiner, PhD
66
Simple Example: Flashlight (cont.)
Severity
Severity I Light stuck in the “on” condition
Severity II Light will not turn on
Severity III Degraded operation
Severity IV No effect
Steiner Consulting Paul A. Steiner, PhD
67
Simple Example: Flashlight (cont.)
Item Failure Mode End Effect Severity bulb dim light flashlight output dim III no light no flashlight output II switch stuck closed constant flashlight output I stuck open no flashlight output II intermittent flashlight sometimes will not turn on III contact poor contact flashlight output dim III no contact no flashlight output II intermittent flashlight sometimes will not turn on III battery low power flashlight output dim III
no power no flashlight output II
Steiner Consulting Paul A. Steiner, PhD
68
Criticality
CRITICALITY is a measure of the frequency of
occurrence of an effect.
May be based on qualitative judgement or
May be based on failure rate data
Steiner Consulting Paul A. Steiner, PhD
69
Simple Example: Flashlight (cont.)
Can circled items be designed out or mitigated?
(There may be others that need to addressed also.)