Determining damage

Determining the damage

 

For each combination of characteristic, process and product requirement, the participants estimate the damage if the quality of a specific characteristic were to be inadequate. Generally speaking the (intended) users of the product are best able to estimate the damage that would result if the product failed in the production situation.

Damage can be expressed in an absolute form in terms of money. In a relative form, organisations often use high, moderate, low to classify the damage.

The ‘Risk factors per quality characteristic’ checklist (www.tmap.net) is one tool to help determine the possible damage per characteristic.

The 'What if?’ technique is suitable to identify the damage and the gravity of the damage. The following questions are asked per combination of characteristic, process and product requirement:

  • What undesirable events may occur for this characteristic of the process if the product requirement is not met?
  • What are the damaging effects of these undesirable events for the process?
  • How often are these processes executed?
  • What is the concrete impact of the damage?

The starting point is that all damage indications start at low; the participants must argue why the damage is more extensive for specific requirements.

Table 5.7: Damage table for the characteristic of functionality.
Characteristic: Functionality
Process

Sub

process

Product requirement Damage Arguments
Sales ---- Compliance with the functional requirements High Loss of revenue if breakdown of the sales process
Sales Advice With an eye to the legal duty of care, the advice given and how the client decides to deviate from the advice must be recorded High High fines and negative press will result for the company if this functionality does not work (correctly).
Sales Offer The offer must contain the correct premium. Moderate  
Table 5.8: Damage table for the characteristic of security.
Characteristic: Security
Processprocess

Sub

process

Product requirement Damage Arguments
Sales -----

Compliance with the security policy

High In the event of non-compliance with the security requirements, confidential customer information may become public and the company will suffer serious loss of reputation.