Mandatory to send to the Customers FMEA in a PPAP level 3 - Doubt

[adamsjm]

As stated earlier, the PPAP book specifies DFMEA, if responsible, and PFMEA are submitted as a part of the Level 3 (page 18 4th ed.). I will approach this issue from the prospective of the buying customer (to whom you are delivering the PPAP) and utilizing the entire quality system verses a specific set of unfounded desires such as the D/P-FMEA contains confidential information.

Quality system issues to consider are document control, 2nd party auditing, due-diligence and litigation.

● Document Control: There can only be one original, master document in a controlled system. For purposes between the customer and supplier the original, master document is the official PPAP copy. It is maintained and stored by the customer, and the supplier references the copy supplied via the PPAP.
● In case of litigation, the customer will be under investigation prior to the supplier. The plaintiff will examine the customer’s documentation prior to the supplier’s documentation. The plaintiff will be searching for evidence of due-diligence. During that search, they will examine the customers DFMEA for thoroughness of functions (product specifications) and failure mode analysis. They will then examine the next level down DFMEA’s to ensure requirements were effectively cascaded and the effects of the lower‑level failures modes on the higher-level system are understood. If this lower‑level DFMEA describes the supplier’s component (or sub-system, system, …), I, the customer, will have to show MY DUE-DILIGENCE. Thus, I, the customer must control the original, master DFMEA document.
● Notes on proprietary DFMEA information: The functions listed in a well-performed, proper level DFMEA are the specification requirements (fit, form, function) for the item being analyzed, they CANNOT be proprietary. If the supplier perceives proprietary information is exposed, what information will the supplier not [FONT=&quot]reveal[/FONT]? How it will fit in the application? What all the functions are?
Ridiculous!
However, some of the methods to reduce a cause’s risk may be proprietary (very low priority). But these are contained in a lower-level DFMEA that is NOT submitted in the PPAP. Therefore, if you feel that as a supplier you are revealing proprietary information, you has not defined the scope of your DFMEA’s properly.

● Requirements for the (PPAP) PFMEA come from the special characteristic items identified in the (PPAP) DFMEA whose risk can be mitigated through process control. If the supplier is responsible for the supplied product’s DFMEA, they can use this DFMEA as the document to develop the PFMEA requirements. If the customer is responsible for the supplied product’s DFMEA, they should communicate the special characteristic items identified in their DFMEA via a “Design FMEA Results” document. This eliminates the document control issue identified above.
In either case, these requirements, failure modes, potential effects and causes, therefore, CANNOT be proprietary information. That leaves the control functions as the only points of potential PFMEA proprietary information.
The potentially proprietary control methods (and I have never seen more than four in any PFMEA) can then be identified via process procedures, equipment property tags, or other methods.

One alternative to having the cake and eating it too is to make the PFMEA and Control Plan vague enough where you do not divulge any 'proprietary' information. …
For example I can be very vague about my trademarked & patented electro-plating process: I receive the parts, I clean them, I plate them, I cure them then I package them. in the cleaning process I could have variations in temperature, therefore I use PLC controllers to monitor & adjust the temperature. Did I disclose anything proprietary so far ?!? Can anyone take this info and duplicate my process? I highly doubt it.

● For the same reasons discussed above, this PFMEA is always included in the PPAP.

When I as a customer, 2nd party auditor, audit the supplier, I will use the PPAP FMEA documents to perform the audit. What else can I use? The Supplier’s version which is subject to well meaning, but customer unapproved, changes? These are the questions the 3rd party auditor should ask before using a supplier supplied, proprietary PFMEA.

I have performed several hundred DFMEA’s and PFMEA’s in several industries and sizes of companies, and implemented quality systems in companies whose sizes ranged from $15 million to several $ billion in sales.

Joe Adams
Business and Quality Consultant

 

[Murphys Law]

My head hurts reading this topic. Position my company has evolved:

- We do not give out control plans, MSAs, PFMEAs or Cpks. Instead we give 'certification' per document, their revision and who reviewed /certified and what our corporate position on accepting was. eg/ GR&R value if > x% value with CAs or PFMAE >RPN x etc.

- Where factory is internal, we state that 'documents can be reviewed on a site visit'.

- If factory is subcon, documents are available via a 3 way NDA. (In all cases, we've not had people pursue this as it will require lawyer their side. Besides they are normally buying catalog devices so they don't push too hard).

 

[Jim Wynne]

As stated earlier, the PPAP book specifies DFMEA, if responsible, and PFMEA are submitted as a part of the Level 3 (page 18 4th ed.). I will approach this issue from the prospective of the buying customer (to whom you are delivering the PPAP) and utilizing the entire quality system verses a specific set of unfounded desires such as the D/P-FMEA contains confidential information.

Quality system issues to consider are document control, 2nd party auditing, due-diligence and litigation.

● Document Control: There can only be one original, master document in a controlled system. For purposes between the customer and supplier the original, master document is the official PPAP copy. It is maintained and stored by the customer, and the supplier references the copy supplied via the PPAP.
● In case of litigation, the customer will be under investigation prior to the supplier. The plaintiff will examine the customer’s documentation prior to the supplier’s documentation. The plaintiff will be searching for evidence of due-diligence. During that search, they will examine the customers DFMEA for thoroughness of functions (product specifications) and failure mode analysis. They will then examine the next level down DFMEA’s to ensure requirements were effectively cascaded and the effects of the lower‑level failures modes on the higher-level system are understood. If this lower‑level DFMEA describes the supplier’s component (or sub-system, system, …), I, the customer, will have to show MY DUE-DILIGENCE. Thus, I, the customer must control the original, master DFMEA document.

I'm confused. You say that the "master" DFMEA document must be maintained and stored by the customer, and the supplier references a PPAP copy, and that "...the customer must control the original, master DFMEA document." What if the supplier is design-responsible?

● Notes on proprietary DFMEA information: The functions listed in a well-performed, proper level DFMEA are the specification requirements (fit, form, function) for the item being analyzed, they CANNOT be proprietary. If the supplier perceives proprietary information is exposed, what information will the supplier not [FONT=&quot]reveal[/FONT]? How it will fit in the application? What all the functions are?
Ridiculous!

Are you suggesting that there are no design details that might be captured in a DFMEA that might be considered proprietary? You have to consider that what qualifies as proprietary is defined by the design-responsible party, and whether or not such information is divulged is a matter of negotiation and agreement between parties, and not one person's narrow view of what "proprietary" means.

However, some of the methods to reduce a cause’s risk may be proprietary (very low priority). But these are contained in a lower-level DFMEA that is NOT submitted in the PPAP. Therefore, if you feel that as a supplier you are revealing proprietary information, you has not defined the scope of your DFMEA’s properly.

Some DFMEAs don't have multiple levels, and what's submitted (or not submitted) in a PPAP is dependent on the agreement between the customer and supplier.

● Requirements for the (PPAP) PFMEA come from the special characteristic items identified in the (PPAP) DFMEA whose risk can be mitigated through process control. If the supplier is responsible for the supplied product’s DFMEA, they can use this DFMEA as the document to develop the PFMEA requirements. If the customer is responsible for the supplied product’s DFMEA, they should communicate the special characteristic items identified in their DFMEA via a “Design FMEA Results” document. This eliminates the document control issue identified above.
In either case, these requirements, failure modes, potential effects and causes, therefore, CANNOT be proprietary information. That leaves the control functions as the only points of potential PFMEA proprietary information.
The potentially proprietary control methods (and I have never seen more than four in any PFMEA) can then be identified via process procedures, equipment property tags, or other methods.

As far as the automotive OEMs (and the large tier-1 companies), sharing of DFMEAs almost never happens, nor have I ever seen a "Design FMEA Results" document. If everything were as it should be, suppliers should be able to use their customers' DFMEAs, but in automotive work there's much that's not as it should be. Again, emphatically stating that a DFMEA (or PFMEA) document "CANNOT" contain proprietary information is wrong, because if I'm either the customer or the suppler I get to decide what's proprietary.

● For the same reasons discussed above, this PFMEA is always included in the PPAP.

The PFMEA is not always included in the PPAP. Whether it's included or not is for the customer and supplier to decide.

When I as a customer, 2nd party auditor, audit the supplier, I will use the PPAP FMEA documents to perform the audit. What else can I use? The Supplier’s version which is subject to well meaning, but customer unapproved, changes? These are the questions the 3rd party auditor should ask before using a supplier supplied, proprietary PFMEA.

I've never heard of doing an audit based on a PFMEA--why not use the control plan?

 

[DrM2u]

● In case of litigation, the customer will be under investigation prior to the supplier. The plaintiff will examine the customer’s documentation prior to the supplier’s documentation. The plaintiff will be searching for evidence of due-diligence. During that search, they will examine the customers DFMEA for thoroughness of functions (product specifications) and failure mode analysis. They will then examine the next level down DFMEA’s to ensure requirements were effectively cascaded and the effects of the lower‑level failures modes on the higher-level system are understood. If this lower‑level DFMEA describes the supplier’s component (or sub-system, system, …), I, the customer, will have to show MY DUE-DILIGENCE. Thus, I, the customer must control the original, master DFMEA document.

I agree with the legal implication of the PPAP documentation. Let us not forget the Ford Explorer & Firestone (or was that Bridgestone) experience from a few years back. On the other hand I am not in full agreement about the last sentence. I believe that the customer is responsible to decide if they want to control the master documents. The task is easier said than done but sometimes it is warranted by the risk of the product manufactured.

When I as a customer, 2nd party auditor, audit the supplier, I will use the PPAP FMEA documents to perform the audit. What else can I use? The Supplier’s version which is subject to well meaning, but customer unapproved, changes? These are the questions the 3rd party auditor should ask before using a supplier supplied, proprietary PFMEA.

The PFMEA is one of the documents that could be used in an audit but not THE document. Let's clarify a few things regarding the 'valid' copy of the PFMEA and Control Plan:
- the customer decides how much control and involvement they want to have in the PPAP process based on the severity and the risk level of the component/product
- the PFMEA and the Control Plan are documents generated and owned by the supplier; the customer has the option to review and approve/reject them individually or as part of the PPAP; after all the supplier is supposed to be the expert for their process
- often customers want just a low-documentation PPAP (Level 4?) for low or no risk components; some customers even have self-certifying systems for the suppliers
- some customers require that the PFMEA and the Control Plans are reviewed and accepted by them prior to implementation and for any changes (customer specific requirements)
- the PFMEA is supposed to be a living document and part of the improvement process (Kaizen?); a requirement for customer approvals can hinder the process since often customers are reluctant to approve chages after the PPAP (responsibility?!?)

As a former 3rd party TS auditor I did look at the customer-approved PPAP packages, customer specific requirements and the latest versions of the PFMEA and Control Plans simultaneously to verify that they met all the requirements, had the correct approvals as necessary, and to get the latest version of the PFD, the PFMEA and Control Plan to use in the process audit.

 

[vanputten]

So the PPAP that was sent to Ford 10 years ago that they never read, and never signed for, has the master PFMEA?

I don't get it but we maintain the master of all of our FMEA's.

 

[allenlee]

Our case, we don't share whole documents but only the cover and history pages -- mostly customer can understand as those are experience/ knowledge summary. Also there is "Information Security" ISO requirements we need compliant to.

 

[quality1975]

Hello Vitor,

I think like your engineering manager. The fmea is a document, with your internal know how.

You don´t have to send this to your customer. For OEM´s like VW, BMW, Daimler an Renault it is ok, when you show the FMEA during a visit- thats my experience.

Best regards,
Bernd

 

[vanputten]

This is soooo weird! My copy of the 4th edition of the AIAG PPAP Manual states in table 4.2 that FMEA (design and process) are REQUIRED to be submitted for a level 3 PPAP.

Please explain to us how this is a choice activity for organizations whose customer requests a level 3 PPAP. It is possible that a customer will request a level 3 PPAP but then state they do not want the FMEA but I would think this would be very unlikely.

I must be missing some clarifying note or something in the PPAP manual.

The variation in how organizations understand and operate to the AIAG manuals, ISO standards, etc. really tells the story of the fallacy of standardization in management systems.

Thank you,

Dirk

 

[jasonb067]

From a customer stand point, I will absolutely not approve an original submission PPAP (usually level 3) with any document missing! I have had suppliers try to use this “proprietary information” stuff before. I ask them to show me any document in which we have relieved them of the responsibility of submitting this information. When they do not provide either document, I will stop the entire show. Eventually I have (with one exception) been provided the documents required by PPAP Manual.

During the one exception our Senior Management and Suppliers Senior Management were in meetings about this because the program was in jeopardy of missing an on time launch. The suppliers Senior Management agreed to let me go to their location and take “any notes desired” from a PFMEA they were going to project onto a wall. I made the request that their Plant, Quality and Engineering Manager stay in the room during the note taking session. When I arrived I pulled a blank PFMEA format worksheet from my folder and started copying word for word what was displayed on the wall. After about two hours of watching me take “any note I desired” they grew tired of this exercise and provided a copy to me.

Now, I am not trying to obstinate with this approach. I simply can not be so hypocritical as to espouse how significant these documents are to planning, how important they are to quality and then not give them the appropriate time to review them or even worse to never see them.

To me, regardless of liability or any other motivation, the significance of these documents deserves the upmost attention.

One last thought, it has also been my experience that once you do get your hands on one of these “proprietary” documents it does not take very long to realize that there is nothing exceptional about them.

 

[vanputten]

Another concern I have about part of this thread is that the approach is of conformance to requirements and not the importance of the information included in the required documents.

How does keeping FMEA's and control plans away from the customer relate to Quality Management Principal #8 - Mutually beneficial customer/supplier relationships?

Maybe the content of an FMEA or control plan is actually meaningful and helpful to the customer? That would be crazy! We actually use supplier FMEA's and control plans in problem solving.