Skip to main content

Prerequisites

Understanding Post-Mitigation RPN

Post-mitigation RPN measures the residual design risk after corrective and preventive actions are in place. The formula is identical to pre-mitigation: Post-RPN = S x O(new) x D(new) diagram The key difference: Severity does not change. Mitigation can only reduce occurrence (making the failure less likely) or improve detection (catching the failure earlier). Severity is an inherent property of the failure effect.

Step 1: Assign Post-Mitigation Occurrence (O-new)

For each failure mode cause with an assigned mitigation:
  1. Click the Post-Mitigation Occurrence column (postmitigationFMOccurrence)
  2. Select the updated occurrence rating reflecting conditions after mitigation:
O ValueLabelProbability RangeQuestion to Ask
0UnanalyzedHas the mitigation been evaluated?
1Never< 5%Has the design change eliminated the failure mechanism?
2Seldom5-25%Has the mitigation significantly reduced likelihood?
3Sometimes25-75%Has the mitigation moderately reduced likelihood?
4Often75-95%Has the mitigation only marginally reduced likelihood?
5Always> 95%Has the mitigation had no effect on likelihood?
Design changes (inherent safety) typically produce the largest occurrence reduction. Protective measures may also reduce occurrence. Information-for-safety measures rarely change the occurrence rating.

Step 2: Assign Post-Mitigation Detection (D-new)

For each failure mode cause:
  1. Click the Post-Mitigation Detection column (postmitigationDetection)
  2. Select the updated detection rating:
D ValueLabelProbability RangeQuestion to Ask
0UnanalyzedHas detection capability been evaluated?
1Never< 5%Can current verification detect this failure?
2Seldom5-25%Are new inspection steps or tests in place?
3Sometimes25-75%Are monitoring systems partially effective?
4Often75-95%Are automated detection mechanisms in place?
5Always> 95%Is the failure reliably caught before reaching the user?
Adding verification test cases, automated inspections, or built-in self-test (BIST) capabilities typically improves the detection rating. Link these verification measures through the requirements traceability columns.

Step 3: Review the Post-Mitigation RPN

The risksheet automatically computes the post-mitigation RPN using the commonRpnNew formula: Post-RPN = S x O(new) x D(new) The rpnNew column updates with the new value, and the row header color updates to reflect the post-mitigation risk level.

Post-RPN Color Coding

RPN RangeColorRisk LevelInterpretation
1-10Green (rpn1)LowMitigation is effective; risk is acceptably low
11-30Amber (rpn2)MediumMitigation provided some reduction; consider further action
> 30Red (rpn3)HighMitigation is insufficient; additional actions needed
The row header uses rowHeaderRpnNew, which now reflects the post-mitigation RPN. After scoring, the row header colors update to show the effectiveness of your mitigations at a glance.

Step 4: Compare Pre and Post RPN

Review the effectiveness of your mitigations by comparing pre and post values:
ComparisonInterpretationAction
Post-RPN < Pre-RPNMitigation reduced riskDocument and accept
Post-RPN = Pre-RPNMitigation had no measurable effectReassess the mitigation strategy
Post-RPN > Pre-RPNScoring error or unexpected changeReview O and D ratings
Example comparison:
Failure ModeSO (pre)D (pre)Pre-RPNO (post)D (post)Post-RPNReduction
Incorrect dosage53230142033%
Occlusion missed441164464— (detection improved)
Inaccurate display32318151517%
Since higher Detection values indicate better detection capability but also increase the RPN product, evaluate the individual factors alongside the total RPN. A high D-new (good detection) with low O-new (rare occurrence) is a positive outcome even if the raw RPN is moderate.

Step 5: Iterate on High Residual RPN

For failure modes where the post-mitigation RPN remains in the red zone (>30):
  1. Review whether additional mitigation actions are feasible
  2. Consider whether a design change (reducing occurrence) would be more effective than improving detection
  3. Add new mitigation tasks — see Add DFMEA Risk Mitigation Actions
  4. Re-score after implementing additional measures

Step 6: Document Final Assessment

After all post-mitigation scores are complete:
  1. Verify every failure mode has non-zero post-mitigation O and D values
  2. Confirm the row header colors reflect the intended risk levels
  3. Check HARA cross-references to ensure consistent risk assessment across both methodologies
  4. Generate the DFMEA Summary Report for stakeholder review

DFMEA risksheet configuration (DFMEATemplate/risksheet.json), failure mode custom fields (failureMode-custom-fields.xml), occurrence enumeration (fmOccurrence-enum.xml), detection enumeration (detection-enum.xml), DFMEA top panel formulas (DFMEATemplate/risksheetTopPanel.vm), UI walkthrough (risksheet-views.md).