PLM-Based Approach for Integration of Product Safety in Lean Development

First developed for manufacturing context of the Toyota Production System, the Lean approach has been extended to product development about 20 years ago. Lean Product Development approach emphasizes on a method to implement a flowing development process. However, some tasks require decision milestones that can interrupt this continuous process flow. The paper focuses on safety engineering, an aspect which requires decision milestones due to standardized validation processes. It proposes a specific way to integrate safety constraints into a continuous and flowing process of Lean Product Development. To perform the safety integration in Lean Product Development, the proposed method simultaneously addresses process improvement of both product development and safety control. The proposal is a five-step method addressing the whole product development process from the requirements engineering step to the validation of the product prototype. This method was tested on an industrial case study and implemented into PLM TeamCenter.


Introduction
Design, as defined by [1] is a complex and multifaceted phenomenon involving: collaboration of disciplinary product designers collaboration, a multitude of activities, procedures, related tools and knowledge, a variety of contexts and an organization.
Multi-disciplinary collaboration of product designers means that different point of views must be taken into account to achieve the best compromise for product development [2]. This considering the point of view as the vision and expertise of an expert involved in a design team [3]. Each expert brings his/her own specific knowledge and uses related tools to carry out his/her tasks within the design team (e.g. mechanical engineers use CAD system whereas safety engineers use FMEA tools for example). But they need to exchange information with the rest of the team in the collaboration purposes as enhanced in PLM approach.
Safety is a combination of operational measures and design measures to prevent and mitigate accidents. The paper will focus only on the design aspect and how to integrate safety into product design and in particular into Lean Design, also known as Lean Product Development (LPD). This integration is especially difficult because safety process is made of predefined decision gates that interrupt the development process flow of the product [4], whereas LPD focuses on bringing new products faster and with less effort [5]. In the interest of reducing the timeto-market, safety may sometimes be reduced to its simplest form, leaving little traceability concerning the safety validation process [6]. As a response to the lack of safety traceability and with the interest of reducing lead time for product development, the paper will focus on a method to implement the "safety control" in LPD processes and PDM process management.
In the following section, a literature background is presented on the main concepts of LPD and on the safety integration in the development process. Section 3 details the proposed method for implementing safety in LPD. Section 4 presents the tools implemented and PDM architecture chosen in the case study, the results and barriers met during the implementation. In the last section the drawn conclusions and an overview of the future work are presented.

Lean Product Development
Lean philosophy was first developed for manufacturing management by Shingo in the TPS -"Toyota Production System" [7]. This approach consists of both eliminating the manufacturing process' wastes (or Mudas) to reduce the process time, and improving the process efficiency. In Lean Manufacturing approach seven types of wastes can be identified: Over-production, unnecessary stock, inefficient transportation, unnecessary motion, waiting times, rejects & defects, and inappropriate processing [8].
Since the last century, the Lean philosophy has been enriched to cover new domains. Essentially improved by Womack and Jones, the Lean approach can now be applied to Lean Office, Lean Administration [9], and LPD [10]. The last approach aimed at improving the product development processes of companies by clarifying the added value of the process, identifying the wastes reducing the efficiency of this process and proposing tools to improve it.

The value as an indicator of the flow
LPD consists in getting the most efficient and continuous process. In order to ensure the process efficiency, it is crucial that key indicators to be reached by this process are well identified [11]. The combination of those two aspects is classically called "Value". Once the value identified, the process can be drawn considering the new definition. Therefore, the value of the process flow must be clearly identified for a product development [12].
There exist various definitions of value, according to particular needs. The survey of value definitions does not reveal any definition of value that includes safety perspectives. Authors propose a value definition including safety as an extension of Stanke's definition [13] where the term safety is added to complete the original version: "Value is a system introduced at the right time and right price which delivers the best value in mission effectiveness, performance, affordability, safety and sustainability, and retains these advantages throughout its life". Stanke's definition has been chosen in this context since the whole Lifecycle is considered. Indeed for product development processes the safety has to be managed through the whole lifecycle from BOL to EOL.

The wastes in product development process
As explained in the previous section, value qualifies the process; therefore all the tasks not answering to the value requirements are considered as wastes. Hence two tasks categories can be identified: the added value tasks which have to be enhanced, the necessary non-added value and the non-added value tasks which have to be eliminated. Therefore once the value has been defined, it is possible to consider the wastes in order to eradicate them. The wastes in the PDP are different from those in manufacturing processes. Therefore, their relative activities are different thus their related actions with added values are not similar. This is why, in contrast to the seven wastes defined in Lean Manufacturing, [14] has identified six wastes for the PDP: 1.
Wastes of resources 2.
Information and knowledge waste 4.
Missed opportunities and potential wastes 5.
Financial investment waste In order to identify these wastes in the PDP, it will be necessary to clarify it using modelling tools like SIPOC (Supplier -Input -Process -Output -Customer), VSA (Value Stream Analysis), among others.

Tools to maximize the value of PDP
Several tools are available to make Lean processes by eliminating waste. Indeed, those tools help to clarify the process, identify its breakpoints, analyze those breakpoints and find solutions for making the PDP a Lean one. To create a Lean process it is essential to set up the framework and the possible actions and tools that can be deployed or used [5]. The section proposes a literature overview of the existing tools and methods and presents the chosen ones -applied in section 4. Authors organize them along four main concepts: Philosophy, Modeling, Problem resolution method and Standardization.
Philosophy: There exists different kind of methodology to address improvement: Hoshin, X-Matrix, DMAIC… Developed by Motorola's engineers in the 1980's, the Lean Six-Sigma philosophy splits a project/process into five stages: Define, Measure, Analyze, Improve and Control (DMAIC) [15]. By following those stages, the project can be well-managed with a steering committee validating the transition between stages.
Modeling: To model a process, various strategies can be used: VSA, UML, BPMN… Value Stream Analysis regroups the tools for modeling processes as SIPOC/VOC (Voice of Customer) [16,17] and Value Stream Mapping (VSM) [18]. The SIPOC method helps to identify relevant entities taking part in a global process. A meta-level process can be drawn with the SIPOC method. To complete this meta-process, the VOC method helps to identify the needs and thus to have a better knowledge of the concerned people [19]. The VSM allows the detailed modeling stage on the different flow, namely information and physical flows [20]. Once the new process has been designed, a RACI (Responsible -Accountable -Controller -Informed) analysis can help to specify and to verify the stakeholders' actions for each task [21]. This analysis determines the responsible person for each task, who is the one held accountable, who ensures that the task is carried out as expected and who must be informed of the task's performing.
Problem solving method: The problem solving can be realized by the following methods: Kaizen, 5-why questions, PDCA… Here the problem resolution can be done by a classic solving method using five 'why' questions, which helps to find the root cause of a problem. This solving tool can be coupled to the method developed by [22]. That method is based on five stages: problem definition, analysis of the current state, formulation of lean process strategies, creation of the future state and implementation, and continuous improvement. This method can be related to the Kaizen improvement, as the improvement actions are made step by step. In addition to the solving, a PDCA (Plan-Do-Check-Act) method can be used to follow the new implementation. Indeed, the PDCA method corresponds to the four implementation stages of planning the implementation, implementing it on a chosen task, checking the results and then propagating it to all of a company's processes.
Standardization: Knowledge integration is essential to improve the development flow. Using an existing and proven solution obviously helps to save time [23]. In the same way, the Genchi-Gembutsu method makes it possible to produce standard parts using parts which are already used in other company products. Analyzing the existing solutions enable designers to standardize the various technical solutions, thereby reducing the required investment. Collaborative technologies can be used in the same way to implement Lean processes [24]: Collaborative technology and Product Lifecycle Management (PLM) help companies to re-use existing solutions from one product to another by the use of historical information from their databases [25] [26].
In our proposal, the first step in LPD is to define the value. Next, the process must be drawn so that each waste will be clearly identified. Problem solving methods then help to improve the process. Finally, knowledge integration will complete the process by a standardization phase. However, these solutions do not take safety into account. The next section presents a literature review on safety, methods and working rules to define it in product development.

Safety definition
The section studies safety as one of the main added values for the development process. There exist a clear difference between security and safety: security is related to risks originating from malicious intent, independently of the nature of the related consequence, whereas safety addresses accidental dangers, i.e. without malicious intent, but with potential impacts on the system environment [27].
A dictionary defines "safety" as: "The condition of being safe, freedom from danger/risk/injury". For product development, safety could be defined as a contrivance or device designed to protect from risks or other events which are considered to be non-desirable. The definition relates the definition of safety given by the design department. In fact, designing a new product without any danger or risk is impossible. So why, safety product development can be defined as "the control of recognized hazards to achieve an acceptable level of risk". This can take the form of being protected from an event or from exposure to something that causes health risks.

Safety process management
There are many ways to ensure safety in product development. The first is normative safety. This kind of safety is fixed by standards, regulations or directives from national council or international communities. The CE marking [28] which gives directives for product safety is one example. It could be seen as a form of safetycertification milestones for decision meetings defined in the PDP. A gatekeeper makes a formal decision whether to continue or not the process. There exist specified requirement for documenting requirements of the decision at each decision milestone and an independent team carries out a review of this documentation to assess the proposed solution. The process progress will not be granted unless the project demonstrates a sufficient level of maturity as required for passing the specific decision milestone. A PDP based on these regulations must be kept up to date on the standards' evolution. Once the design of the product has been achieved, the regulation evolution is fixed. Therefore, a regulation watch is still necessary, until a design has been achieved.
A second way to ensure product safety requires all the reliability engineering studies. Reliability engineering is a sub-discipline within product development engineering which uses reliability rate to theoretically define the probability of failure. Therefore, in product safety it is imperative to have the best reliability on safety in devices or safety barriers. To determine this rate, some tools can be used: Fault Tree Diagrams and Failure Mode and Effect Analysis (FMEA). They both focus on a system approach as a set of sub-systems which are in interaction. The goal is to find the root causes of safety lack in order to determine a hypothesis on the failure risks. These hypotheses are ranked according to certain aspects: severity, probability of appearance and probability of detection, given the global hypotheses' risk level. The decision to create new safety barriers or to reinforce the consistency between safety barriers can then be made [29].

Safety engineering
Product safety is mainly fixed during the design stage [30]. A well-designed product will have consistency considering safety aspects, whereas a lack of consistency will engage new studies once the product definition has been achieved and evolution will become hazardous. Therefore, it is crucial to clearly specify, at the early design stage, which safety aspects are required for a final product. Another objective for product safety is to have consistency between the safety choices made during the development stage. The more details are given in the requirements, the better the system will be in terms of safety, due to the consistency between the subsystems [31]. Consequently, the final product safety must be considered as a global system and not to each sub-system.
The following section proposes a method to address safety in the product development process while promoting the best-flowing development process. Indeed, consistency for the safety purpose could take extra time and create bottlenecks, which are unacceptable in LPD.

Proposed approach for LPD and safe product
A number of methods for Lean efficiency have been put forward [32]. The proposal is to consider the safety and the PDP as two value streams: one on LPD aspects and the other in mean to enhance safety aspects. The proposal is based on a DMAIC approach. This method introduces a mean to achieve both objectives (Lean and safe) at the same time in the same study. To achieve those two aims with a DMAIC approach, the study must be divided into two parts to then determine the best match between a very safe product and the best lean process for product development. As shown in figure 1, the proposal sometimes split the stages into two tasks, whereas other stages allow treating both aspects in the same task. The product development process goes from the first specification of the product to its validation with the first good product, including the prototyping and validation.

Figure 1 DMAIC method for product development and safety value stream
For the "Define" stage (D), the method proposes to first draw up a macro process linking the different entities (SIPOC) in order to capture and to classify the roles of the process stakeholders. At this stage, the process is considered at a meta-level, and both product development and safety engineering aspects are included in this meta-process. In the same way, the VOC method collects all the stakeholders' requests for the future process. The stakeholders' requests may contain ideas for improving the process efficiency and also the safety engineering process. Once the stakeholders interviews have been performed, all the requests can be processed in accordance with the thirteen principles of the Toyota Product Development process (Liker & Morgan 2011). In fact, the proposed classification of the thirteen principles in three categories helps the project leaders to identify if problems concern the skilled people (1), the tools & technology (2) or the process (3). The results of this study can be then compared to the new process in order to verify that all identified problems are treated.
In the "Measure" stage (M), the proposed method uses the VSM for mapping the process flow. This stage marks the first split between the respective value stream of product development and the safety engineering. The value stream of product development (M.1) focuses on the information flow between the different process tasks and between entities, and the material/physical flow between the entities (sub-assemblies, assemblies…). In parallel, the safety proof documents flow (M.2) has to be set on the VSM in order to maintain a focus on the safety flow breakpoints as well. These two value streams must be clearly identified on the VSM to introduce the analysis stage.
During the "Analyze" stage (A), the goal is to identify waste and breakpoints in the VSM. This stage is again split into two tasks. The first one (A.1) deals with the classic Mudas search in product development as seen in the literature survey in section 2.1.2, identifying waste as resource wastes, waiting times, information and knowledge wastes, missed opportunities and potential wastes, motivation wastes, and financial investment wastes. Once the wastes have been identified, the next step is to find the root causes with a classic five-why method. This method helps to locate the root cause, reducing a problem to its simplest version. A solution can thus be found to each problem thanks to the break down, using Kaizen or other problem solving methods. Occurring in parallel to A.1, the other task (A.2) is the identification of safety problems. Literature does not propose wastes for safety engineering processes. The method proposal is to find wastes based on non-added value activities considering safety as the value for those aspects. Mostly, the safety wastes are similar to the wastes of PDP. According to the previous statement, seven safety Mudas are identified:  Rework: consisting of all the tasks which need to be done again because the specifications have changed;  Waiting time: consisting of the wait required for safety validation before beginning a new task;  Unnecessary transfers: consisting of all the data exchanges for safety validation which are not addressed to the right person;  Over-requirements: consisting of all the requirements which are not necessary for the final product safety;  Uncompleted work: consisting of all the safety validation tasks which are in progress or that have been cancelled;  Unsuitable information systems: consisting of dealing with knowledge problems and any lost information;  Over-process: consisting of the actions which are not required by the process. This identification aims at defining all the safety breakpoints and safety rework in the process, considering safety flow as the existence of safety proof documents. Similarly to the waste evaluation, a five-why method can be used to find the root causes of each breakpoint or rework on safety documents.
In the next stage, "Improve" (I), the goal is to specify the new process and to make an action plan to implement it. The specification of the new process (To-Be VSM) is again divided into several tasks. After finding a solution to each simple problem as a result of the "analyze stage", the new process has to take these solutions into account (I.1). In parallel to the new development process, the method proposes to create a dedicated process for safety engineering (I.2). While drawing these two processes, all the tasks have to be clearly defined: the inputs, the outputs and the role of the stakeholders. For this last point, the RACI tool can be used to specify who is Responsible and Accountable, who Controls and who is Informed. Once the two processes' tasks have been defined, the next step is to unify both action plans to implement the processes (I.3). Most of the actions are closely linked because the safety engineering process could be imposed on the new PDP. For the action plan a classic PDCA method able the leaders to follow the implementation.
Finally, the "Control" stage (C) addresses the process documentation with the company standards. Once the process has been implemented and the action plan performed, the process has to be controlled. This must be done to ensure that the results are conforming to the expectations and needs. Once the process has been implemented, a summary of the experience should be carried out, along with a promotion of the results within the company. This summary has two goals. The first is to promote this improved method throughout the company. This will allow the project/method to be deployed to the other PDP of the company. The second is to verify the process to ensure that it fulfilled the design objectives.
The purpose of this work is to develop a general method which will have to be customized to be in accordance with a company's standards and practices. A case study and the results of the method implementation are presented in the following section.

Case study context
This section introduces a case study that specifies the context, the implementation with the five stages as proposed in section 3, and an analysis of the obtained results. The case study came from the sector of aeronautics -space -defence. The R&D department concerned by study involves more than 150 peoples distributed on 3 locations and composed systems engineers, design engineers, simulation engineers, manufacturing engineers and quality engineers, technical and support staff. The duration of the study was of 6 months for the preliminary phase. The leading team of the study was composed of 10 peoples associating 2 project managers and the operational team for lean study.
Only the key information is revealed in this case study, due to the confidentiality agreement with the company where this method was applied. Therefore, the results and the schemas will have generic names.
The goal of this case study was to increase the safety level during the PDP while improving the PDP itself. It covers a PDP which counts eight different entities: requirements, designers, tests, final customer, manufacturing, quality, reliability engineering and the Health, Safety and Environment (HSE) group. The studied product is of a military nature and represents high safety risks for humans and for the company's infrastructure. This case study was to respond the standardization of the process into a PDM structure to make it Lean and safe.

Implementation
The proposed method, as detailed in section 3, was structured in five stages. The first stage (D.1) helps to verify that all the entities involved in the PDP have been invited to join the project. To check each entity's role, each stakeholder was requested to draw their own macro process. Then a SIPOC and a VOC were carried out to launch the "measure" stage.
In the second stage, the stakeholders were asked to draw their specific processes with all their detailed tasks in order to define the value stream of the PDP and the safety engineering flow.

Figure 2 VSM of the To-Be PDP after process improvements
The third stage consists in identifying the Mudas as well as the PDP and the safety wastes, as mentioned in section 3. These identifications helped to find solutions to the Mudas and to draw the new PDP. The identified Mudas were: resource wastes, waiting time, and information and knowledge waste. In the safety engineering process, five Mudas were identified: rework, waiting, over-specification, over-process, and unsuitable information systems.
In the "improve" stage, a new process was specified (figure 2). To define the new PDP and the new safety procedure, some tasks were modified and reorganized. To ensure the consistency of the new process, a RACI analysis was conducted for each task. The specification of new PDP was coupled to the action plan. Numerous proposed actions modified the way of thinking about the PDP. To implement the most efficient development process while integrating a safety view, decision milestones were introduced. These decision milestones verify the match between product specifications and the developed solutions. The new process development is described in figure 3. The new decision milestones are symbolized by the diamonds and represent a "go" or "no go" stage for management of safety aspects in the PDP.
To pass through these decision milestones, the safety specification is reviewed based on elements compiled by the safety procedures. The safety concept is introduced into the PDP through the safety folder. The safety folder first specifies the elements required to consider the product as safe at the end of the design. It is then enriched by the data collected during the PDP. The safety folder is divided into stages which are directly linked to the decision milestones of the PDP to secure the safety aspects. Hence, a tailored safety process can be drawn based on the safety folder evolution with the validation meetings. The safety folder is over time enriched and several changes are addressed. This makes the folder management complicated. In order to manage this change, it was proposed use the data model and principles of a Product Data Management (PDM) system [34]. The company used the Teamcenter PLM system from Siemens. The architecture proposed by the authors is shown in figure 3. This architecture helps to locate all of the derived products, allowing re-using solutions and to manage the process change through the normative watch. The data model contains a document (standards) which summarizes all the normative versions used for the entire product. This will help the control of product change according the standardized view evolves. Moreover, the use of this data model enables the value stream for the PDP by duplicating safety folders whenever needed and adding the safety design in the safety folder.
As seen above, the safety process is led by standardized rules, so standardized view is necessary, mandating its creation. To coordinate all this new elements, it was decided to introduce a new role as responsible for safety development in the company. This team member acts as the referent actor for all the safety questions. However, even though this person is the referent actor for all the safety aspects, the development process and safety folders are managed by the project leader.

Conclusion
This paper has detailed how to make a PDP more Lean and to simultaneously address safety aspects. To set the context, first, a review on classic LPD methods and implementation has been presented. Second, a survey on safety engineering and dependability studies has been drawn up.
Then a method integrating both antagonism aspects which are safety and Lean was proposed. Safety engineering increases process time and create bottlenecks if it is processed as a less important point. In splitting both aspects in two different tasks according to the DMAIC stages; the proposed method allows having safety integration in LPD. The superimposed safety process makes the safety value stream continuous.
In section 4, the implementation results are presented. The obtained improvements on the PDP are described. Details on the new organizations with a safety referent are given. The proposed safety folder ensures safety to the final customer compiling all the safety data and documents through the product lifecycle. To enhance the safety traceability, new collaborative platform architecture has been proposed. So that it provides a way to improve the access to safety proof documents for the whole product lifecycle from the early concepts to product retailing. At least, the safety is integrated in the LPD process since its first stages of the project.
To summarize, the paper presents a way to integrate safety in Lean Process Development through PLM. By defininf a new safety process independent of the development process, most of the bottlenecks have disappeared which allowed reading a Lean and safety based development process. This ensures a safe product for the final customer including all the safety procedures for the whole lifecycle.