Failure mode and effects analysis
Failure mode and effects analysis (FMEA) is a method (first developed for systems engineering) that examines potential failures in products or processes. It may be used to evaluate risk management priorities for mitigating known threat-vulnerabilities.
FMEA helps select remedial actions that reduce cumulative impacts of life-cycle consequences (risks) from a systems failure (fault).
By adapting hazard tree analysis to facilitate visual learning, this method illustrates connections between multiple contributing causes and cumulative (life-cycle) consequences.
It is used in many formal quality systems such as QS 9000 or ISO/TS 16949.
The basic process is to take a description of the parts of a system, and list the consequences if each part fails. In most formal systems, the consequences are then evaluated by three criteria and associated risk indices:
* severity (S), * likelihood of occurrence (O), and (Note: This is also often known as probability (P)) * inability of controls to detect it (D)
Each index ranges from 1 (lowest risk) to 10 (highest risk). The overall risk of each failure is called Risk Priority Number (RPN) and the product of Severity (S), Occurrence (O), and Detection (D) rankings: RPN = S × O × D. The RPN (ranging from 1 to 1000) is used to prioritize all potential failures to decide upon actions leading to reduce the risk, usually by reducing likelihood of occurrence and improving controls for detecting the failure.