Looking to Integrate 9001+14001+27001+45001+50001? Click here!

Using FMEA to Manage Risk Under ISO 9001:2015

Using Failure Mode Engineering Analysis (FMEA) is a great way to manage risks addressed in ISO 9001. FMEA risk has gained new prominence with the adoption of the latest revision of standards using the Annex L structure. ISO 9001:2015 calls for instituting “risk-based thinking” throughout the standard as part of its quality management requirements. This means first identifying operational risks and then dealing with them.

Jump to Section:

What is FMEA?

FMEA is the abbreviation for Failure Mode Engineering Analysis. FMEA is a type of risk assessment that uses a step-by-step approach to identify potential failures in a design, process or a product or service. This identification allows for analysis to prevent or reduce future failures. “Failure modes” refers to the ways in which something can fail. “Effects analysis” refers to the scrutinizing of the consequences of each of those failures. FMEA for 9001 is a preventative action, meant to be implemented before a process or product is designed, modified or applied in a new way. It’s also wise to use FMEA periodically throughout the life of a product, process or service.

What Does FMEA Accomplish?

FMEA for ISO 9001 helps companies accomplish several things including: identify and prioritize failures according to how serious their consequences are, their frequency, and the ease with which they can be detected. The purpose of conducting FMEA is to take action to reduce or eliminate each potential failure. FMEA documents existing knowledge and actions companies are already using in their continuous improvement process and can be used to prevent potential failures with future processes and products. The results of a risk analysis are documented in an ISO 9001 FMEA worksheet where they are used to help plan preventative measures, resulting in the production of safer, less failure-prone manufacturing, distribution and services systems.

Resources for interpreting and documenting risks:

The implementation of ISO 9001 FMEA could have a dramatic impact on many industries ranging from the prevention of fatalities to more efficient improvement of products, services and processes.

Where FMEA Can be Applied.

FMEA can be applied to other specific areas such as testing/evaluating concepts, improving in-field reliability, software functioning and security, hazard analysis, human factors and service-based analysis, business processes and more.

(See FMEA courses available for only $99 for full 5-hour course)


There are three major types of FMEAs:

System FMEAs look at the more expansive processes and sub-processes that make up any system and their interactions. These can include interactions as well as specific areas and instances of failures. For example, a system FMEA might examine the entire procurement process including those items which are custom vs. generic, how they are specified, how sources are collected and evaluated, how compliance to specifications are ensured and so forth.
Design FMEAs focus on functioning of specific products, with the goal of improvement of the finished good in terms of reliability, safety, functioning, user interface, etc.
Process FMEAs are focused on the creation or assembly actions in producing a good or service with the goal of wringing out more efficiency in the process (i.e. lowering the cost and increasing the level of quality), and often making the process easier to support and proliferate within the organization.

FMEA Examples

As denoted in the name, failure modes and effects are the outputs of this type of analysis. The following chart lists some examples of failure modes using a bicycle as the “system” being analyzed.

Source: Effective FMEAs by Carl Carlson, John Wiley and Sons, publisher.

Similarly, the effects of this type of analysis are used to anticipate the effect of a given failure. Here’s an example using a component of a construction tool, in this case A pile driver which a typically large scale-device used to force support shafts/girders/poles into the ground, often as a foundational support for buildings, highways, bridges or similar structures.


Pile driver main plunger


To provide vertical force to insert the desired object into soil at the desired depth and angle with the desired positional retention over time.

Failure Mode:

Main plunger contact facing with driven element cracks or fractures.

Effect 1

The plunger shaft no longer contacts the driven element correctly causing damage to the element or the plunger shaft

Effect 2

Plunger shaft jams and can no longer provide vertical movement

Effect 3

No elements (poles/girders/support shafts) can be driven into the ground

Effect 4

The driven element is deflected from the desired angle.

Typical FMEA Steps

FMEA is a living document that can be constructed, adapted and modified in a variety of different ways. Below is a summary of the steps included in an FMEA analysis:

  1. Select a process to analyze.
  2. Identify individuals from all departments with specific knowledge of processes, products and client needs to brainstorm potential failure modes.
  3. Describe the process and/or product in detail.
  4. Identify all potential failures. This includes all of the components, systems, processes and functions that could potentially fail to meet the quality or reliability standard and the potential causes.
  5. Identify all the potential consequences of each failure.
  6. Assign a severity rating (S) to each failure according to the significance of the impact it has. Severity is often ranked on a scale from 1 to 10, one being insignificant and 10 being catastrophic.
  7. Identify all possible root causes of each failure. Some companies use cause analysis tools in addition to the knowledge and experience of their staff.
  8. Assign each cause an occurrence rating (O). This is often rated on a scale of 1 to 10, with 1 being rare and 10 being inevitable.
  9. For each cause, identify current process controls that are in place to prevent these failures from impacting customers.
  10. For each control, assign a detection rating (D) to determine how well the controls are able to detect the cause or failure mode once they have occurred, but before a customer is affected. This is typically rated on a scale of 1 to 10, with 1 meaning the problem will be detected with absolute certainty and 10 meaning the control will most likely never detect the problem.
  11. Determine a risk priority number (RPN) based on the rankings (SxOxD) for each potential failure and rank them.
  12. Plan and implement changes to address the failures based on the RPN identifications.
  13. Measure and document the success of each process change.

Continuous improvement is a key element of the FMEA process in recording observed data and results regarding the potential for, and actual, failures. This process can be used as an input for the continuous improvement mandated by ISO 9001.



Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for registration – in one simple to use package.

Buy the Standard

9100 Store Logo ISO 9001:2015

Customer Review:

"I have just passed my ISO-9001 Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

United Plating, Inc