Every month in FMEA Corner, join Carl Carlson, a noted expert in the field of FMEAs and facilitation, as he addresses a different FMEA theme (based on his book Effective FMEAs) and also answers your questions.
Questions and answers are a great way to learn about FMEAs, for both experienced and less experienced FMEA practitioners. Please feel free to ask any question about any aspect of FMEAs. Send your questions to Carl.Carlson@EffectiveFMEAs.com, and your contact information will be kept anonymous. All questions will be answered, even if they are not featured in the FMEA Corner.
haz·ard [haz-ərd, noun]
According to the NASA System Safety Guidebook, a hazard is defined as "any real or potential condition that can cause injury or death, or damage to or loss of equipment or property."
What is a hazard analysis?
Be wary then; best safety lies in fear. - William Shakespeare
"Hazard analysis is the process of examining a system throughout its life cycle to identify inherent safety related risks." [FAA System Safety Handbook, Chapter 7: Integrated System Safety Analysis, 2000.]
A hazard is defined by the Department of Defense in Mil Std 882D as "Any real or potential condition that can cause injury, illness, or death to personnel; damage to or loss of a system, equipment or property; or damage to the environment."
Put another way, hazards are "unsafe acts and/or unsafe conditions that can result in an accident. An accident is usually the result of many contributors (or causes) and these contributors are referred to as either initiating or contributory hazards." [FAA, 2000.]
What is an example of hazard analysis?
The following example of a hazard analysis of a fuel control subsystem comes from the book Assurance Technologies: Principles and Practices, by Dev Raheja.
(The "Criticality" scales used in this example come from Mil Std 882D.)
What is the difference between hazard analysis and FMEA?
There are many similarities between a hazard analysis and an FMEA, and the fundamentals of FMEA apply equally to hazard analysis. Both FMEA and hazard analysis examine functions, failures modes, effects and causes. The primary difference with a hazard analysis is that it focuses entirely on safety hazards, whereas the scope of an FMEA covers safety as well as performance, quality and reliability. In addition, there are other procedural and worksheet differences.
Since the scope of a hazard analysis is safety hazards, a project team will need to perform a Design FMEA in addition to the hazard analysis in order to improve the product design, and a Process FMEA in order to improve the manufacturing process.
What references and standards are available for hazard analysis?
- ANSI/GEIA-STD-0010-2009, Standard Best Practices for System Safety Program Development and Execution.
- FAA System Safety Handbook, Chapter 7: "Integrated System Hazard Analysis" and Chapter 8: "Safety Analysis/Hazard Analysis Tasks," December 30, 2010.
- IEEE STD-1228-1994, Standard for Software Safety Plans.
- ISO 14971:2007(E), Medical devices - Application of risk management to medical devices.
- SAE ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment, 1996-12-01.
- Mil-Std 882D, Standard Practice for System Safety, 10 Feb 2000.
- U.S. Food and Drug Administration, Hazard Analysis and Critical Control Point Principles and Application Guidelines, adopted August 14, 1997, National Advisory Committee on Microbiological Criteria for Foods.
Does Effective FMEAs include information on hazard analysis?
Yes. Chapter 15 includes application information about hazard analysis, including sections on Hazard Analysis and FMEA, Hazard Analysis Procedure, Hazard Analysis Tables and Examples, Hazard Analysis Definitions and Hazard Analysis References and Standards.
What design precedence guidelines can be used to address hazards?
Control the identified hazards based on risk priority and in the following precedence order:
- Design the hazard out of the product. If the hazard cannot be eliminated, minimize the residual risk.
- Design for fail-safe default mode by incorporating safety devices or fault-tolerant features.
- Provide early warning through measuring devices, software or other means. The warning should be clear and should attract the attention of the responsible operator.
- Implement special procedures and training when the above means are unable to eliminate the hazard.
How early in the design process should a hazard analysis be done?
As with FMEA, hazard analysis should be conducted early in the product development process. Hazards should be understood and addressed with specific actions to reduce hazard risk to an acceptable level before the product design is frozen.
Do medical device companies have their own standard for hazard analysis?
ISO 14971:2007(E) Medical devices — Application of risk management to medical devices includes information on evaluation of hazards, risk evaluation of hazards and control of hazards for medical devices.
The ISO standard refers to risk in terms of severity and probability of harm, while FMEA refers to risk in terms of severity, likelihood of failure mode/cause and detection. These differences need to be understood when using both hazard analysis and FMEA.
How can Xfmea support hazard analysis?
Xfmea can support a wide variety of FMEA standards and worksheet profiles, including hazard analysis. Since there is no universally agreed upon worksheet for hazard analysis, users can set up a hazard analysis worksheet profile based on one of the published standards or their company guidelines. The user would need to identify the worksheet columns and scales, and use the Xfmea Help feature to set up a profile, interface styles and scales in the library.
FMEA Tip of the Month
Hazard analysis uses its own unique scales. It is a good idea to study the various standards in the list of references given above, and ensure the scales used in the hazard analysis are correct for your specific application.
I’ve always wanted to know about FMEAs
The important thing is not to stop questioning. - Albert Einstein
A HotWire reader submitted the following question to Carl Carlson. To submit your own question about any aspect of FMEA theory or application, e-mail Carl at Carl.Carlson@EffectiveFMEAs.com.
We have initially rated the detection as 5, it's a pass/fail test before the design freeze. During the analysis we discovered that we need to implement a more effective kind of testing and it can detect all the anticipated failures; however, the implementation of the test is only after the design freeze. Looking on the table any implemented testing on the post design freeze should be between rank 6 and 7, so it doesn't improve the risk at all analytically, or the RPN. Please advise.
Carl: You have correctly pointed out an inherent problem with the current detection scale (AIGA 4, SAE J1739 2009). I talk about this in chapter 6 of my book and I'll quote from it here.
If you have a copy of my book, you can refer to chapter 6, page 149, Figure 6.31, where there is a modified detection scale that illustrates the three types of detection risk.
I would also like to comment that I did not see the likelihood of detection in your example. Likelihood of detection is an important element in assessing the detection risk.
As covered in Figure 6.31 of my book, one way to resolve the inadequacy of the detection scale, and integrate the three types of detection risk, is to ask the FMEA team to assess risk based on likelihood of detection by the Design Control (1st column), the timing opportunity for the Design Control (2nd column) and the test type of the Design Control (3rd column). The worst case becomes the Detection ranking.
About the Author
Carl S. Carlson is a consultant and instructor in the areas of FMEA, reliability program planning and other reliability engineering disciplines. He has 35 years of experience in reliability testing, engineering and management positions, and is currently supporting clients from a wide variety of industries, including clients of HBM Prenscia. Previously, he worked at General Motors, most recently senior manager for the Advanced Reliability Group. His responsibilities included FMEAs for North American operations, developing and implementing advanced reliability methods and managing teams of reliability engineers. Previous to General Motors, he worked as a Research and Development Engineer for Litton Systems, Inertial Navigation Division. Mr. Carlson co-chaired the cross-industry team that developed the commercial FMEA standard (SAE J1739, 2002 version), participated in the development of SAE JA 1000/1 Reliability Program Standard Implementation Guide, served for five years as Vice Chair for the SAE's G-11 Reliability Division and was a four-year member of the Reliability and Maintainability Symposium (RAMS) Advisory Board. He holds a B.S. in Mechanical Engineering from the University of Michigan and completed the 2-course Reliability Engineering sequence from the University of Maryland's Masters in Reliability Engineering program. He is a Senior Member of ASQ and a Certified Reliability Engineer.
Selected material for FMEA Corner articles is excerpted from the book Effective FMEAs, published by John Wiley & Sons, ©2012. Information about the book Effective FMEAs, along with useful FMEA aids, links and checklists can be found on www.effectivefmeas.com. Carl Carlson can be reached at email@example.com.