Use the guidelines in this article to configure Assessments to fit your process needs. These configurations present users with clear views of the necessary information as well as efficient data input and analysis. Refer to the Risk Management article for guidelines on performing a pFMEA risk assessment within Vault.
Note: This article details configuration steps to make an existing QMS Vault capable of Process FMEA (pFMEA) risk assessments. QMS Vaults created after the 20R2 release have many of these recommendations already configured. Other risk assessment type configurations will differ, but the basic configuration principles suggested in this article apply to them as well.
While all of these configuration steps are optional, we recommend performing the following in your QMS Vault to make it ready for pFMEA risk assessments:
- Configure pFMEA objects, including page layouts and field options. Note that careful application of reference constraints and field defaulting can ensure a simple experience for users filling out FMEAs. For example, by inheriting the Risk Matrix selected for the assessment into every Risk Event. This kind of configuration consideration can ensure consistent scoring between events of a pFMEA Risk Assessment.
- Configure pFMEA object lifecycles and workflows to suit your processes.
- Configure the Copy FMEA Risk Assessment record action.
- Create Template Risk records.
- Configure Quality Teams for the Risk Assessment, Assessment Risk, and Mitigation Action Set objects.
Each object involved in pFMEA risk assessments should be configured to more easily gather and display the needed information. See each object section below for configuration recommendations. We recommend that you configure the system-managed object record names option to suit your processes for the following objects: FMEA Process Steps, FMEA Mitigation Action Set, Risk Assessment, and Assessment Risk objects.
This object identifies which process the pFMEA risk assessment assesses. Optionally, you may add a custom tab to the Vault for the Business Process object to allow users easier access.
Add a custom tab to the Vault for the Risk Assessment (pFMEA) object to allow users easier access.
Make the following general adjustments to the Risk Assessment (pFMEA) object type page layout:
- Place the Workflow Timeline section at the top of the page.
- Remove unnecessary fields from the Details section, leaving enough information to identify and begin your assessment for a process, such as: Name, FMEA Risk Assessment Type, Business Process, Process Flow Document, Description, Assessment Scoring Matrix, Original FMEA Risk Assessment, and Lifecycle.
Add FMEA Process Steps as a related object section to the page layout of the Risk Assessment (pFMEA) object type:
- Place as the next section under Details, as this must be completed before beginning any risk event identification.
- Select the Create record in pop-up dialog option.
- Select Show in default lists and hovercards for the Step Order field so that Vault displays the order when selecting a Process Step while creating an Assessment Risk record.
Add the special Assessment Risks application control section to the page layout of Risk Assessment (pFMEA).
- This section displays FMEA Risk Events and field data as set up in the FMEA Risk Event’s list layout.
- The section allows users access to the Risk Builder tool for easy data input.
We recommend the following field configurations:
- Business Process: Check Allow create new reference record for reference fields, so that authorized users may create new Business Process records as needed. In your configuration, per your organization’s policies, this right may be restricted to most users.
- Original FMEA Risk Assessment: This field displays the source assessment upon using the Copy FMEA Risk Assessment action. Set this, and all similar fields on the Risk Assessment (pFMEA), Assessment Risk, and FMEA Mitigation Action Set objects to read-only; they should only be set by Vault as part of the copy operation.
The Assessment Risk object page layout should contain several sections to support your process:
- A standard Details section, including fields such as: Name, Parent Risk Assessment, Original Assessment Risk, Lifecycle State, Scoring Matrix, and Process Step.
- A Details section labeled Risk Identification, including fields such as: FMEA Failure Mode, FMEA Failure Effect, FMEA Failure Cause, and FMEA Failure Controls.
- A related object section for FMEA Risk Category to report or trend on risk events across one or multiple assessments in your organization.
- A Details section labeled Initial RPN, including the following fields: Initial Severity, Initial Occurrence, Initial Detectability, Initial RPN (Qualitative), Initial RPN (Quantitative), and Initial RPN.
- A Details section labeled Risk Response, including fields such as: Risk Response and Mitigation Action Set.
- A Details section labeled Final/Post-Mitigation Action RPN, including fields such as: Final Severity, Final Occurrence, Final Detectability, Final RPN (Qualitative), Final RPN (Quantitative), and Final RPN.
In addition, we recommend using the following options for the Assessment Risk object:
- Select the Allow create new reference record on the Mitigation Action Set object reference field.
- Configure Layout Rules where section visibility is based on lifecycle state. For example, the Final/Post-Mitigation Action RPN section should not be visible until after the user has performed the associated mitigation action. You may similarly wish to hide the Initial RPN and Final RPN fields until the related Severity, Occurrence, and Detectability fields are populated to help guide users.
- Configure the system-managed object record names option to suit your processes for the Assessment Risk object.
- Ensure that the Final RPN field calculation formula includes an appropriate calculation for Severity, Occurrence, and Detectability.
- Configure the List Layout field column orderList Layout field column order to best fit your organization’s processes. Vault displays the columns in this order in the Risk Builder tool.
Remove non-pertinent fields from the page layout Details section for the FMEA Mitigation Action Set object, and add a related object section for Derived FMEA Mitigation Action Sets.
While lifecycle and workflow setup for process FMEA risk assessments will vary widely from organization to organization, we recommend including the below configuration steps for ease of use, as well as configuring lifecycle stages for these lifecycles to help users more easily track the progress of the pFMEA risk assessment.
The FMEA Risk Assessment Lifecycle comes with standard lifecycle states pre-configured. It is up to your organization to choose to leverage these states or define your own. A pFMEA risk assessment using these pre-configured states may use the Draft state for any activities prior to the start of the assessment, change to the In Progress state while adding Assessment Risks, responses, and analyses, and finally moving into the In Approval and Approved states as the assessment is reviewed and signed.
Configure workflows according to your process to move Risk Assessment records through the FMEA Risk Assessment Lifecycle. Configure the FMEA Risk Assessment Lifecycle and workflow steps that first prompt for FMEA Process Steps, and then only in a subsequent lifecycle state allows for the identification/addition of Assessment Risks.
Add the Create Risks from Template user action to the Risk Assessment object lifecycle to allow users to automate creation of Assessment Risks based on data in a pre-configured template.
Add the Push Risks to Register user action to the Risk Assessment object lifecycle to allow users to automate population of a Risk Register record with Risks derived from the data in the Risk Assessment. Vault will automatically transfer data in fields which have identical names and field types from the Assessment Risks to the newly created Risk records.
The Assessment Risk Lifecycle comes pre-configured with several states used in a typical pFMEA process, to guide your configuration. It is up to your organization to choose to leverage these states or define your own. The intent of each state is:
- Risk Identification: Used to capture key information about the risk prior to initial scoring.
- Risk Analysis: Used to perform actions needed to arrive at a root cause for the risk.
- Risk Evaluation: Used to capture the Initial RPN scoring for the risk.
- Risk Treatment: Used to capture the disposition and treatment plan for the risk based on initial scoring. Mitigation Action Set operations may take place in this state.
- Residual Risk: Used to capture the Final RPN scoring for the risk.
- Approved: Might be considered as ‘accepted’, this is the final state of the risk, indicating that the risk is acknowledged, scored, and mitigated to your organization’s satisfaction.
Configure the Copy FMEA Risk Assessment record action to the Risk Assessment (pFMEA) object and to the appropriate terminal FMEA Risk Assessment Lifecycle states.
A Template Risk is an object record which can be used as the source of data for automating Assessment Risk record creation with the Create Risks from Template action. By default, a template stores the following fields for transfer to the new risk:
- FMEA Failure Cause (
- FMEA Failure Controls (
- FMEA Failure Effect (
- FMEA Failure Mode (
- Process Step (
- Risk Matrix (
Your processes may require additional fields. Vault will automatically transfer data in fields which have identical names and field types from the Template Risk to the new Assessment Risk. Create Template Risk records as needed to support your processes.