as9100 c-what manufacturer should know

1

AS9100 Rev. C - What Manufacturers Should Know:

Overview of Changes and

Risk Management

1

IMEC (Illinois Manufacturing Extension Center)

• IMEC is a team of experienced continuous improvement experts who work with small and mid-sized Illinois manufacturers to be more productive and globally competitive.

• IMEC's hands-on training and consulting services enable manufacturers to develop profitable growth strategies, improve quality, contain operating costs, increase capacity and on-time delivery, and solve technical operating problems such as product defects or process bottlenecks.

2

PresentersSherri Schulz – IMEC Manufacturing Specialist

Background:

• More than 17 years of experience in the manufacturing sector

• Held positions as Quality Manager, Quality Engineer, Continuous Improvement Manager, Senior Manager of Business Operations, and Senior Project Manager

• Worked with a variety of manufacturers in the metals, plastic, and electronic industries

• Most recently worked for a Northern Illinois manufacturer as Quality Manager of Two Divisions Certified to AS9100

• Holds a Bachelor of Science Degree in Engineering Technology with an emphasis in Electrical Engineering from Northern Illinois University

• Certified Lean Specialist and Six Sigma Green Belt with Lean Six Sigma Black Belt Training

Responsibilities and Skills:

• Specializes in building a culture of continuous improvement through implementing quality management systems, process quality improvements, lean techniques, business strategies, and use of technology to improve business processes

• ISO9001, AS9100 Aerospace Quality Management Systems, Root Cause Analysis, Lean Overview Training with Simulation, 5S, Setup Reduction using Shingo's SMED principles, Value Stream Mapping, Kanban, Building a Lean Culture, Enterprise Resource Planning: Using ERP systems to improve business processes, Business Intelligence: Converting business strategy into meaningful metrics

PresentersDon Shaner– IMEC Manufacturing Specialist

Background:

• More than more than 25 years experience in product engineering and operations management

• Certified DFSS Six Sigma Black Belt and a Certified LEAN/DMAIC Black Belt

• Has worked on a wide variety of products ranging from small consumable products to packaged high pressure steam generators

• Holds patents for cable cutting and material storage equipment

• A Licensed Professional Engineer in Illinois and is familiar with UL standards for hand held electrical tools and the ASME Boiler and Pressure Vessel Code

• Has earned both Bachelor and Master's degrees in Mechanical Engineering from Bradley University

Responsibilities and Skills:

• Managing, coaching and mentoring technical professionals; product realization from concept through design, test and manufacture; operations and product development; Six Sigma and Lean manufacturing

• Helps companies implement actions to improve their productivity and competitiveness

3

Presentation Agenda1. Brief Overview of AS9100C Changes –

presented by Sherri Schulz

2. Challenges to implementing changes-presented by Sherri Schulz

3. Overview of Risk Management and the Requirements related to AS9100C-presented by Don Shaner

4. Overview of FMEA (Failure Mode Effects Analysis) as a tool for Risk Managementpresented by Don Shaner

Brief Overview of AS9100C Changes

What Has Changed?

This document if for training purposes only and does not contain all the details and notes found within the AS9100C Aerospace Standard. Always refer to the Standard when determining specific compliance requirements.

4


1 Scope and Application

Revision:

Scope extended to include defense and space (previously only mentioned “Aerospace Industry”)


3 Terms and Definitions

Addition:

New term: RISK

– An undesirable situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.

5



Addition:

New term: Special Requirements

Requirements which have high risks to being achieved thus, requiring their inclusion in the risk management process.

All requirements are not created equal.


Examples of Special Requirements:

• performance requirements imposed by the customer that are at the limit of the industry’s capability

• requirements determined by the organization to be at the limit of its technical or process capabilities

• may also include issues like long lead time items or reduced availability

6

Brief Overview of AS9100C Changes3 Terms and Definitions

Addition:

New term: Critical ItemsItems (e.g. functions, parts, software, characteristic, processes) having significant effect on the product realization and it’s use.

• including safety, performance, form, fit, function, produce-ability, service life, etc., that require specific actions to ensure they are adequately managed

Brief Overview of AS9100C ChangesExamples of Critical Items:

– Non-aviation critical safety items • personal protective devices such as gas masks,

chemical/biological suits, and parachutes;

• conventional ammunition, bombs, and missiles;

– Mission critical items for Missile Defense; and Naval Sea Systems

– Fracture critical items

7


Reworded:

Key Characteristics- Attribute or feature whose variation has significant effect on product fit, form, function, performance, service life or produce-ability.



4 Quality Management System

Clause 4.1 - General Requirements

Revision:– The organization’s QMS shall also address

customer and applicable statutory and regulatory QMS requirements.

– Moved from 4.2.1 to stress an overall focus versus just documentation.

8


4 Quality Management System

Clause 4.2.2 – Quality Manual

Deletion:

Requirement to show the relationship between AS9100 requirements and the organizations documented procedures has been deleted.


5 Management Responsibility

Clause 5.2 – Customer Focus

Addition:Top management shall ensure that product conformity and on-time delivery performance are measured and that appropriate action is taken if planned results are not, or will not be, achieved. (also includes NC data, CAR’s, results of surveys, complaints, OTD, responsiveness to customer requests (see AS9101D))

9


7 Product Realization (7.1 Planning of Product Realization)

Addition:

Clause 7.1.1 Project Management– As appropriate to the organization and the product, the

organization shall plan and manage product realization in structured and controlled manner to meet requirements at acceptance risk, within resource and schedule constraints.


Project Management

“As appropriate to the organization and the product.”• This means that one size or method does not fit all

processes, products, and organizations.

• The processes demonstrating successful project management may range from a project management office found in larger organizations, to the efforts of a single individual responding to a customer’s needs.

10


7 Product Realization

Addition:

Clause 7.1.2 Risk Management– The organization shall establish, implement and maintain a process for

managing risk• Assignment of responsibilities for risk management

• Definition of risk criteria (e.g. likelihood, consequences, risk acceptance)

• Identification, assessment and communication of risks throughout product realization

• Identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria

• Acceptance of risks remaining after implementation of mitigating actions


Risk Management

• Risk Management was placed in clause 7.1.2 in order to establish and associate the management of risk during the planning of product realization.

• Risk Management is a structured approach to managing risk behavior and uncertainty related to an identified threat.

MORE ON RISK MANAGEMENT LATER

11



Addition:

Clause 7.1.3 Configuration Management– The organization shall establish, implement and maintain a

configuration management process that includes, as appropriate to the organization and the product.

• Configuration management planning

• Configuration identification

• Change control

• Configuration status accounting

• Configuration audit


Configuration Management

• Moved from Clause 4.3 to 7.1.3

• This clause was moved to add a greater focus on configuration management during the product planning process versus only as a part of documentation requirements. This clause also provides a better outline of configuration management requirements.

12



• PLAN– Define configuration management processes appropriate for the organization and

product

• IDENTIFY– Establish a baseline for determining what defines a change to documentation and

processes

• CONTROL– Changes must be reviewed and approved by authorized personnel; which may

include customer and regulatory agencies

– Processes and procedures



• STATUS – Change Log

– Waivers and deviations

• AUDIT– Audit the process

Clauses in AS9100C where change is discussed:– 4.2.3, 7.2.2, 7.3.3, 7.3.7, 7.4.2, 7.5.1.1, 7.5.1.2, 7.5.3

13



Addition:

Clause 7.1.4 Control of Work Transfer– The organization shall establish, implement and maintain a

process to plan and control the temporary or permanent transfer of work and verity the conformity of the work to requirements

• Transfer from one organization facility to another

• Transfer from the organization to a supplier

• Transfer from one supplier to another supplier



Revision:

Clause 7.4.1 Purchasing Process– Added examples of different types of approval

status (e.g. approved, conditional, disapproved) and examples of “scope of approval” (e.g. product type, process family). AS9100 Rev. B only required the scope of approval.

ApprovedSupplier

14



Clause 7.4.3 Verification of Purchased Product

Deletion:– Where the organization utilizes test reports to verify

purchased product, the data in those reports shall be acceptable per applicable specifications. The organization shall periodically validate test reports for raw material.



Revision:Clause 7.5.1.1 Production Process Verification (was Production Documentation)

– The organization shall use a representative item from the first production run of a new part or assembly to verify…

• Production processes

• Production documentation

• Tooling

Are capable of producing parts and assemblies that meet requirements.

– This process shall be repeated when changes occur that invalidate the original results (e.g., engineering changes, manufacturing process changes, tooling changes).

15


8 Measurement, Analysis and Improvement

Addition:

Clause 8.2.1 Customer Satisfaction– Information to be monitored and used for the evaluation of customer

satisfaction shall include, but is not limited to..• product conformity

• on-time delivery performance

• customer complaints and corrective action request

– Organizations shall develop and implement plans for customer satisfaction improvement that address deficiencies identified by these evaluation, and assess the effectiveness of the results.



Deletion:

Clause 8.2.2 Internal Audit– Detailed tools and techniques shall be

developed such as check sheets, process flowcharts, or any similar method.

16



Addition:

Clause 8.5.2 Corrective Action– Determining if additional nonconforming product

exists based on the causes of the nonconformities and taking further action when required.



Addition:

Clause 8.5.3 Preventive Action– Note: Examples of preventive action opportunities include

risk management, error proofing, failure mode and effect analysis (FMEA), and information on product problems reported by external sources.

17

Challenges to Implementing Changes

• Relatively short term for update/upgrade internal processes

• Failure to act on customer satisfaction data

• Lack of understanding of the concepts of special requirements, critical items, and key characteristics

• Instilling project management within the organization’s culture

Challenges to Implementing Changes• Top Management responsibility and review of Customer Issues

and solutions

• Ineffective internal audit processes

• Ineffective corrective-action process

• Audit techniques used will evaluate effectiveness and is changed to process auditing from element auditing

• Greater focus on evaluation of process effectiveness - Use of the Process Effectiveness Assessment Report (PEAR) form for each audited product realization process.

18

Challenges to Implementing Changes

• Lack of management buy-in and employee foot-dragging

• Limited auditors qualified to perform AS9100 C audits

• Establishment of risk management in order to minimize unnecessary costs and losses

• Failure to incorporate customer requirements: Lack of flow down of requirements throughout the supply chain

Risk Management and the Requirements related to AS9100C

FMEA (Failure Mode Effects Analysis) as a tool for Risk Management

presented by Don Shaner

19

Introduced New Terms:

• 3.1 Risk

• 3.2 Special Requirements

• 3.3 Critical Items

With Key Characteristics (not a new term), all these items may require risk management at various points in planning, development and manufacturing.

How Does This Come Together?

• 7.1.2 Risk ManagementJet engines are running at higher temperatures in flight in order to consume less fuel. These engines rely on high temperature castings which, in turn, rely on alloying elements in order to reach high temperatures. Most all high temperature castings use Rhenium, a very rare and costly material produced during the refinement of molybdenum and copper, to increase the strength of castings at high temperature. Estimates from 2009 place 87.5% of world Rhenium production outside the United States.

What are the risks, special requirements, critical items and key characteristics that require risk management?

20

• Develop comprehensive, cohesive and interactive strategies and methods for identifying and tracking risk at all levels

• Customer

• Internal

• Suppliers

• Training, developing risk mitigation plans

• Performing risk assessments to determine how risks have changed

• Planning/obtaining adequate resources.

Risk Planning

• Appropriate application to the Quality Management System

• 4.1 …outsource any process that affects product conformity …ensure control over such processes.

• 5.6.1 … need for changes to the quality management system

• 6.2.2 …determine the necessary competence for personnel performing work affecting product quality…

• 7.4.1 …select suppliers based on their ability to supply product…

• 8.5.2 Corrective actions shall be appropriate to the effects of the nonconformities encountered…

• “As appropriate” (7.1, 7.1.2, 7.2.2/3, 7.3.1, 7.4.2/3, 7.5.1, 8.2.4)

Impact on AS9100

21

• Need additional focus on Risk Behavior & Risk Management to balance the

• Impact on customer

• Impact on process.

• Impact on product

• An important tool in managing risk can be the Preventive Action (8.5.3)

• The FMEA is a preventive action device

AS9100 and Risk Management

Obstacles to Implementation

• What problems may occur in complying with this change?– Understanding all aspects of 7.1.2 throughout

your organization and impacts on your AQMS

– Establishing the right level of risk environment in your organization and communicating this level throughout the organization

– Risk management as part of the decision making process vs. risk management as an event.

22

What is Risk Management?

• Risk is degree of exposure to an event that might happen to detriment intended result

• Risk is not a bad thing. Certain technical risks may provide significant advantages in end. Not managing this risk is a bad thing.

• Risk management is structured, formal and disciplined approach, focused on appropriate steps and planning actions to contain risks within acceptable limits

Risk Management is a Control Activity for Tollgate Process

Risk Management Procedure

Identify Risk Items

Analyze Risk Items

Respond to all Risk Items

Assess Impact of Response Action

Report Risk Control Strategies

Mitigate Avoid Transfer Accept

Risk Control Summary

Severity, SevProbability, Occ

High Moderate Low Slow Downand Address

Proceed with Caution

Go RightAhead

Management

Design

Project Risks

Operation Customer

9 2 3

7 1

5

4

3

1

1 3 5 7 9

Severity - Sev

Pro

bab

ility

-O

cc

Risk Matrix

Low Go Right AheadModerate Proceed With CautionHigh Stop and Address Issue

Low Go Right AheadModerate Proceed With CautionHigh Stop and Address Issue

Accept Transfer Mitigate AvoidLow X X

Moderate X X XHigh X X

34© 2001 Six Sigma Academy© 2001 Six Sigma Academy

<Bifocal Contac Lens>Risk Control Summary

Project Manager: Kelly BasilProject Champion: Terry NordProgram Goal Statement: Within 8 months, design a bifocal contact lens (and their associated maintenance plan and products) to meet the needs of the baby boomer customerCustomers: Bifocal glass wearers (baby boomers)

Current Tollgate: 2Scheduled Tollgate Review Date: 10/31/02Program Budget: $2.5M

Last Updated: Sept 10, 2002

1Wrong customer segmentation

Customer segmentation to date is mostly subjective. May influence project ROI.

Likely 5 Critical 7 Moderate Avoid

Quantify customer segmentation is 20% market share. Technical: ROI recalculated and much more accurate.Cost: $3000 task to do proper market study.Schedule: No schedule impact.

2Poor customer CTS definition

Need more customer input on lens maintenance desires.

Very Likely 7 Crisis 9 Danger Mit igate

Gather VOC and perform QFD. Technical risk highly reduced - have VOC. Cost: Minor cost impact. Schedule: Up-front task added to schedule some delays to initial plan (poor plan).

3 Manufacturing process for bifocal lens is new.

Bifocal lens is new product and requires new manufacturing process technology.

Very Likely 9 Crisis 9 Danger Mit igate

Benchmark competition on common manufacturing process. Plan for development testing and pilot run.Technical: Risk highly reduced but not eliminated with development testing and pilot run.Cost: $150K added cost for mfg process optimization (not in int ial plan)Schedule: 2 month task

4

Advertising and distribution channels not clear with this market segment.

Normal contact lens wearers are younger than this market segment. Need to identify advertising and distributino strategy.

Likely 5 Significant 5 Moderate Mit igate

Gather VOC and perform QFD. Interview potential users.Technical: Advertising and distribution strategy aligned to target customers.Cost: $10K task estimateSchedule: No signifcant schedule impact

Risk LevelResponse Action and Assessment

(include cost/schedule/technical impact)Risk Item Discussion

Response Strategy

Occ

Occurrence Severity

Sev

9 2 3

7 1

5

4

3

1

1 3 5 7 9 Severity - Sev

Pro

bab

ility

-O

cc

Response Action

23

Risk Analysis ModelOccurrence and Severity Ratings• Risk items from identification phase are given two

parameters: –Occ = probability of occurrence of risk event, and –Sev = severity of consequences to project or design should that

event occur

• Since estimating Occ and Sev are usually qualitative and subjective, there is a danger of inconsistency between different evaluators

• To reduce this error, clear, simple and easy-to-understand definitions for various scales must be established, communicated and agreed upon at outset

• Suggested Operational Definitions for Occurrence and Severity are given next

• Occurrence (Occ) – probability of an event occurring

Operational Definitions – Occurrence

Occurrence Scale Description of CriteriaVery

Unlikely1 Less than 10% probability of occurrence.

Unlikely 3 Between 10%-30% probability of occurrence.

Likely 5 Between 30%-70% probability of occurrence.

Very Likely 7 Between 70%-90% probability of occurrence.

Almost Certain

9 Greater than 90% probability of occurrence

24

• Severity (Sev) – The impact (or consequence) to program or design should event occur

– Technical – related to product/process, development or support processes, or to program as a whole (e.g., impact to project ROI)

– Cost – impact to program budget or to unit cost

– Schedule – impact to program schedule

Operational Definitions - Severity

Impact Of Severity

Scale TechnicalAnd/Or

CostAnd/Or

Schedule

Negligible 1Minimal or no impact on meeting requirements

Minimal impact on budget Minimal impact on schedule

Marginal 3

Minor modification and redesigns required to meet

requirements. No major impact on scope

Budget or unit cost impact < 5%Critical path unaffected. Non

critical path tasks late, additional tasks added.

Significant 5Requirements not being met. Solutions available. Project

scope change.Budget or unit cost impact 5-10%

Critical path in jeopardy. Minor delay in key milestones.

Critical 7Requirements not being met. Significant changes required.

Significant scope change.

Budget or unit cost impact 10%-25%.

High cost escalation.

Critical path affected. Milestones significantly

delayed.

Crisis 9Cannot meet requirements.

No alternatives evident.Budget or Unit cost impact >25%Program affordability in question.

Critical path significantly affected. Milestones

significantly delayed. <80% schedule adherence.

9

7

5

3

1

1 3 5 7 9

Risk Matrix•The Risk Matrix combines Occurrence and Severity scores into levels of risk for each risk item

Severity of Impact, Sev

Pro

bab

ilit

y o

f O

ccu

rren

ce,

Occ

Risk MatrixLow Go Right AheadModerate Proceed With CautionHigh Stop and Address Issue

25

Risk Response Strategies -Descriptions

Risk Avoidance: Completely eliminates the risk Employs redesign, change of scope

etc. to attack risk opportunities It is ideal if no side effects Design tools to resolve conflicts Residual Risk is zero Impacts project metrics and scope

Risk Mitigation

Reduces high Occ and Sev values Uses known methods and controlse.g. action part of FMEA Risks are reduced but not eliminated New lower levels of Occ and/or SevCost and budget implications exist Minimal impact on scope

Risk Transfer: Transfer risk to another project, vendor, or generation for more effective and efficient risk reductionThe residual risk is zero –for nowNon trivial future and transfer risksLow impact on project and scope

Risk Acceptance Used when Risk Level is lowBasically a “no action” strategyResidual risk is same as before Contingency plans can be

developed to handle this risk

No impact on project and scope

Effects of Risk ResponseResponse Risk Project Scope Residual RiskStrategy Level Impact Change Risk Reduction

Avoidance High High Needed None Complete

Mitigation Mod-High Med-Hi Often Some Partial

Transfer Low-High Minimal Minimal Minimal Complete

Accept Low None None Maximum None

For each risk item and corresponding risk response strategy,

– Outline a set of Risk Response Actions with team

– Estimate cost, schedule and technical impacts Risk Response Action

– Evaluate Risk Response Actions for acceptable Residual Risk and reasonable project impact

– These steps are iterative and might change original strategy

– Document all above

26

Risk Monitoring

• Purpose of risk monitoring to make sure risk management actions are done as planned throughout project life cycle

• Monitoring is critical when there are new risks or risk handling tactics and strategies change

• Risk monitoring includes tracking of– Project accomplishments pertaining to risk management

– Cost and schedule data - Projected, actual, expected etc

– Agreements between stakeholders around risk management

– Background material for risk management

– Meeting minutes, risk action items, deliverables, responsibilities

– Periodic status reports

– Tollgate review and design review action items

– Project performance metrics

Failure Modes and Effects Analysis:

WHAT IS IT?

• A systematic approach to prioritize risks associated with specific causes, identify ways of eliminating or reducing the specific causes, and document a plan to prevent the possible failures of a product or service.

WHY USED?

KEY PRINCIPLE:

Risk Management

• Enhance probability of success in realizing product and service goals

• Avoid costly rework, defects and failure by proactively focusing on potential risky areas early in the project

27

History

• Failure modes and effects analysis traces its roots back to US military procedures published in 1949

• In the 1960’s it was used to avoid problems in costly products with small sample sizes like rockets and airplanes.

• In the late 1970’s Ford adopted FMEA’s for safety and regulatory issues

Types Of FMEA

• Types of FMEA– Project/Program: Identifies what can go wrong with a

major project

– Design: Identifies what can go wrong with the design of a product or service. Consideration for System, Subsystem, Component.

– Process: Identifies what can go wrong with a process

– Service: Identifies what can go wrong with a service function

– Application: Identifies what can go wrong with customers using your product or service

28

FMEA Steps

Forms

Process Step/Input

Potential Failure Mode Potential Failure EffectsSEV

Potential CausesOCC

Current ControlsDET

RPN

Actions Recommended

0 0 0 0

0 0 0 0

0 0 0 0

0 0 0 0

0 0 0 0

What is the Input

What can go wrong

with the Input?

What can be done?

What is the Effect

on the Outputs?

What are the

Causes?

How can these be found or

prevented?

How Bad?

How Often?

How well?

Establish a form to use for FMEA, work across the form to complete your analysis.

29

Risk Priority Numbers, RPN

• The risk priority number (RPN) is the product of the rankings for:– Severity (SEV)

– Probability of Occurrence (OCC)

– Difficulty to Detect (DET)

• High RPN’s are flags to take effort to reduce the calculated risk

• High severity ratings should be given special attention(regardless of RPN)

RPN = SEV x OCC x DET

Effects Causes Controls

Rating Definitions - Generic

High 10

Low 1

Rating

Severity Occurrence Detection

Hazardous without warning

Very high and almost inevitable

Cannot detect or detection with very

low probability

Loss of primary function

High repeated failures

Remote or low chance of detection

Loss of secondary function

Moderate failures Low detection probability

Minor defect Occasional failures

Moderate detection probability

No effect Failure unlikely Almost certain detection

30

Design and Process FMEA

• Both are living documents that are continually updated as changes/improvements are made up until production ends.

• The Potential Failure Modes/Causes which can occur during manufacturing or assembly processes are covered by the Process FMEA but some information (severity rankings, identification of some effects) come from the Design FMEA.

• The Process FMEA assumes that the product design meets the design intent.

• The DFMEA should not rely on process controls to make up for design weaknesses.

• Throwing a poor/weak design “over the wall” is not acceptable.

• The Process FMEA does not rely on product design changes/improvements to make up for weaknesses in the process.

Do FMEA's Have Failure Modes?

• The team developing the FMEA turns out to be one person, usually the Quality Engineer.

• The FMEA is created to satisfy a customer or requirement, NOT to improve the design or process.

• The FMEA is developed after the design is frozen and/or production has begun.

• The FMEA is never reviewed and revised during the life of the product. – It is not treated as a living document that is part of the engineering

system.

• The FMEA is perceived either as too complicated or as taking too much time.

31

THANK YOU!

as9100 c-what manufacturer should know

Documents