The FMEA is an extract of the Hazard Log

The DSM uses matrices for hazard analysis. This page shows you how to build a FMEA matrix from a hazard log in the DSM.

Traditional safety management treats the hazard log and the FMEA as separate artefacts. This duplicates information, increases costs and creates errors and inconsistencies. The DSM stores the hazard log as a model within the tool. You build a  FMEA from the model by tracing from causal events. Data about events and hazards, such as severity and likelihood, are stored as extension data and included in the FMEA.

When you start the DSM it loads an initial template model which already contains the FMEA matrix and its associated queries, along with an example bow tie diagram. Download and install the DSM to follow along.

Here is a sample output from the basic FMEA matrix:

Matrix showing Failure Modes and Effects
FMEA Matrix

Building the Bow Tie Diagrams

Adding controls to a threat line in a bow tie diagram.
Using Diagrams to build Relationships (click to enlarge)

The chains of events that lead from component failures to accidents are described using bow tie diagrams. Each bow-tie diagram associates a hazard with a “top event” where control is lost. Events (grey boxes) are linked into possible chains using “threat line” arrows. You can add Controls (green boxes) to threat lines to denote measures that will reduce the likelihood or severity of an accident.

Bow tie diagram showing the hazard of the train door opening while under way.
A completed bow tie diagram (click to enlarge)

Here is a completed bow tie diagram. It contains one of the hazards used to generate the table above.

The FMEA Queries

The FMEA matrix uses queries to find the entities to display. Each query locates entities which will appear in the FMEA, either as rows or as a list in a column. These are the queries it uses:

Hazard Causes

Query to find the causes of all hazards in the model.
Query to find causes of hazards

This finds all the causal events for all hazards. The left hand side of the matrix consists of fields taken from these events.

This query has no “Input” box, so it produces the same list regardless of any input it is given.

Cause Controls

Query to find the controls that reduce or mitigate the hazard created by a causal event.
Query to find controls on a causal event

This query is more complex. It starts from a causal event found by the previous query and looks for all the downstream threat lines.

We need the threat lines rather than the boxes they connect, so this query does not use “Follow forwards”. Instead it steps from the event box to the connected arrows, and then to the event boxs at the arrow heads, accumulating the arrows as it goes. Then it finds the controls that have been pegged to those threat lines.

So the result is every control which might apply to the chain of events starting with the input. This is the list which appears in the “Controls” column of the matrix above.

Causes Hazard

Query to find all the hazards that an event can cause.
Find hazards query

This query does the reverse journey of the “Hazard Causes” query above; it starts from a causal event and finds all the hazards downstream of it.

The FMEA Matrix Definition

Definition of the FMEA matrix in the DSM
FMEA Defintion

In the DSM the FMEA matrix design looks like this.

The design of a matrix consists of a list of queries, each of which has a list of columns. Here we have two queries; the “Hazard Causes” and the “Causes Hazard“, both sorted by the “Name” field.

The matrix displays the items from the first query using the columns specified. The second query produces sub-rows for the results of the first. Compare this with the output of the matrix at the top of the page.

Most of the causes here only lead to single hazards, but “Driver presses Open” and “Electrical Fault” can both lead to two hazards.

Most of the columns in this matrix are just entity fields, but there are two exceptions:

  • The “Cause Controls” query we saw earlier generates the “Controls” column.
  • The “Risk” column on the far right uses a lookup table containing a risk matrix (terminology: in the DSM a risk matrix is defined in a lookup table rather than a matrix). The table maps a severity and likelihood to a risk acceptability. In this case it finds the severity field in the hazard and the likelihood field in the causal event.

Entities & Fields for the FMEA

The DSM starts with an initial template model with some basic fields set up, but you will need more for a real FMEA. This diagram shows a mapping between typical FMEA fields at the top and data in the DSM below. Apart from name and description all the fields shown here are extension fields defined by the user as part of the model, so you can tailor the DSM for your existing process.