Use Of F.M.E.C.A In Safety Analysis

Group Members

FMECA Definition

Failure Modes = Incorrect behavior of a subsystem or component due to a physical or procedural malfunction.

Effects = Incorrect behavior of the system caused by a failure.

Criticality = The combined impact of

The probability that a failure will occur

The severity of its effect

Failure Modes Effects and Criticality Analysis (FMECA) = a step-by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service.

Evolution of FMECA

FMEA was originally developed by NASA to improve and verify the

reliability of space program hardware.

MIL-STD-1629 establishes requirements and procedures for

performing FMECA

Phases Of Process

Identify

Analyze

Act

Purpose of FMECA

Select the most suitable design with high reliability and high safety potential in the design phases.

List potential failures and identify the severity of their effects in the early design phases.

Develop criteria for test planning and requirements.

Provide necessary documentation for future design and consideration of design changes.

Provide a basis for maintenance management.

Provide a basis for reliability and availability analyses.

Basic Questions of FMECA

Why failures will happen (Failure mode)?

What is the consequence when the failure occurs (Failure

effect)?

Is the failure in the safe or danger direction (Failure

Criticality)?

How to remove the failure or reduce its frequency?

Benefits of FMECA

FMECA is one of the most important and most widely used tools of reliability analysis.

The FMECA facilitates identification of potential design reliability problems Identify possible failure modes and their effects

Determine severity of each failure effect

FMECA helps removing causes of failures

developing systems that can mitigate the effects of failures.

to prioritize and focus on high-risk failures

Benefits of FMECA

It provides detailed insight about the systems

interrelationships and potentials of failures.

Information gained by performing FMECA can

be used as a basis for

troubleshooting activities

maintenance manual development

design of effective built-in test techniques.

The results of the FMECA

Rank each failure mode.

Highlight single point failures requiring corrective action

Identify reliability and safety critical components

FMECA Techniques

The FMEA can be implemented using a hardware (bottom-up)

or functional (top-down) approach

Due to system complexity, it isperformed as a combination of

the two methods.

FMECA Techniques

Hardware Approach :

The bottom-up approach is used when a system design has been

decided already.

Each component in the system on the lowest level is studied one-

byone.

Evaluates risks that the component incorrectly implements its

functional specification.

FMECA Techniques

Functional Approach :

Considers the function of each item. Each function can be

classified and described in terms of having any number of

associated output failure modes.

The functional method is used when hardware items cannot

uniquely identified

This method should be applied to when the design process has

developed a functional block diagram of the system, but not yet

identified specific hardware to be used.

FMECA Procedure

FMECA pre-requirements

System structure and failure analysis

Preparation of FMECA worksheets

Team review

Corrective actions to remove failure modes

FMECA Prerequisites

Define the system to be analyzed

System boundaries.

Main system missions and functions.

Operational or/and environmental conditions.

Collect available information that describes the system functions to be analyzed.

Collect necessary information about previous and similar designs.

Functional Block Diagram

Functional block diagram shows how the different parts of the system interact with each other.

It is recommended to break the system down to different levels.

to review schematics of the system to show how different parts interface with one another by their critical support systems to understand the normal functional flow requirements.

to list all functions of the equipment before examining the potential failure modes of each of those functions.

to include operating conditions (such as; temperature, loads, and pressure), and environmental conditions in the components list.

Functional Block Diagram

Rate the Risks Relatively

A systematic methodology is used to rate the risks relative to

each other. The Risk Priority Number is the critical

indicator for each failure mode.

RPN = Severity rating X Occurrence rating X Detection

rating

The RPN can range from 1 to 1,000

Higher RPN = higher priority to be improved.

Severity Classification

A qualitative measure of the worst potential consequences

resulting from a function failure.

It is rated relatively scaled from 1-10.

Severity Classification

1 Failure would cause no effect.

2 Boarderline pass but still shippable.

3 Redundant systems failed but tool still works.

4 Would fail manufacturing testing but tool still functions with degraded performance.

5 Tool / item inoperable with loss of primary function. No damage to other components on

board. Failure can be easily fixed (for example, socketed DIP chips).

6 Tool / item inoperable with loss of primary function. No damage to other components on

board. Failure cannot be easily fixed (true if not field repairable).

7 Tool / item inoperable, with loss of primary function. Probably cause damage to other

components on board or system.

8 Tool / item inoperable with loss of primary function. Probably scraping one or more

PCBAs.

9 Very high severity ranking. A potential failure mode affecting safe tool operation and/or

involves noncompliance with government regulation with warning.

10 Very high severity ranking when a potential failure mode affects safe tool operation

and/or involves noncompliance with government regulation without warning.

Probability of Occurrence

Probability that an identified potential failure mode will

occur over the item operating time.

It is rated relatively scaled from 1-10.

Occurrence Classification

10 >= 50% (1 in two)

9 >= 25% (1 in four)

8 >= 10% (1 in ten)

7 >= 5% (1 in 20)

6 >= 2% (1 in 50)

5 >= 1% (1 in 100)

4 >= 0.1% (1 in 1,000)

3 >= 0.01% (1 in 10,000)

2 >= 0.001% (1 in 100,000)

1 Almost Never

Detection rating

A numerical ranking based on an assessment of the

probability that the failure mode will be detected given the

controls that are in place.

It is rated relatively scaled from 1-10.

Detection Rating

1 Detected by self test.

2 Easily detected by standard visual inspection.

3 Symptom can be detected. The technician would know exactly what the source of the

failure is.

4 Symptom can be detected at test bench. There are more than 2-4 possible candidates for

the technician to find out the sources of failure mode.

5 Symptom can be detected at test bench. There are more than 5-10 possible candidates for

the technician to find out the sources of failure mode.

6 Symptom can be detected at test bench. There are more than 10 possible candidates for

the technician to find out the sources of failure mode.

7 The symptom can be detected, and it required considerable engineering

knowledge/resource to determine the source / cause.

8 The symptom can be detected by the design control, but no way to determine the source /

cause of failure mode.

9 Very Remote. Very remote chance the Design Control will detect a potential

cause/mechanism and subsequent failure mode. Theoretically the defect can be detected,

but high chance would be ignored by the operators.

10 Absolute uncertainty. Design Control will not and /or cannot detect a potential

cause/mechanism and subsequent failure mode; or there is no Design Control.

FMECA CASE STUDY

Component = D1

Function = restricting the direction of current

Failure = short

Cause = Physical Damage

Effect = Reverse current

FMECA CASE STUDY

Severity = 7

Occurrence = 5

Detection = 9

RPN = 7*5*9 = 315

FMECA Worksheet

Co

mp

on

en

t

Fu

nctio

n

Severity

Occu

rren

ce

dete

ctio

n

RP

N

Failu

re

Cau

se

Effe

ct

Reco

mm

en

datio

n

D1

restricts the

direction of

current

7 5 9 315 short Physical

Damage

Reverse

current

Change test

procedure

Corrective Actions

RPN reduction: the risk reduction related to a corrective

action.

FMECA Checklist

System description/specification

Ground rules

Functional Block Diagram

Identify failure modes

Failure effect analysis

Worksheet (RPN ranking)

Recommendations (Corrective action)

Reporting

Simple Example: Flashlight

This flashlight is for use by special operations forces involved in close combat missions (especially hostage rescue) during low visibility conditions in urban areas. The light is to mounted coaxially with the individual's personal weapon to momentarily illuminate and positively identify targets before they are engaged. The exterior casing including the transparent light aperture are from an existing ruggidized design and can be considered immune to failure.

Simple Example: Flashlight (cont.)

How can it fail?

What is the effect? Note that Next Higher Effect = End Effect in this case.

Part

Severity

SEVERITY classifies the degree of injury, property damage,

system damage, and mission loss that could occur as the

worst possible consequence of a failure. For a FMECA these

are typically graded from I to IV in decreasing severity.

The standard severities defined in MIL-STD1682 may be

used or equipment specific severities may be defined with

customer concurrence (recommended).

Simple Example: Flashlight (cont.)

Severity

Severity I Light stuck in the “on” condition

Severity II Light will not turn on

Severity III Degraded operation

Severity IV No effect

Simple Example: Flashlight (cont.)

Item Failure Mode End Effect Severity bulb dim light flashlight output dim III no light no flashlight output II switch stuck closed constant flashlight output I stuck open no flashlight output II intermittent flashlight sometimes will not turn on III contact poor contact flashlight output dim III no contact no flashlight output II intermittent flashlight sometimes will not turn on III battery low power flashlight output dim III

no power no flashlight output II

Criticality

CRITICALITY is a measure of the frequency of occurrence

of an effect.

May be based on qualitative judgement or

May be based on failure rate data

Simple Example: Flashlight (cont.)

Simple Example: Flashlight (cont.)

Can circled items be designed out or mitigated? (There may be others that need to addressed also.)

Integrated FMECA

FMECAs are often used by other functions such as

Maintainability, Safety, Testability, and Logistics.

Coordinate your effort with other functions up front

Integrate as many other tasks into the FMECA as possible and as

make sense (Testability, Safety, Maintainability, etc.)

Integrating in this way can save considerable cost over doing the

efforts separately and will usually produce a better product.

If possible, use the same analyst to accomplish these tasks for the

same piece of hardware. This can be a huge cost saver.

FMECA Facts and Tips

FMECAs should begin as early as possible

This allows the analyst to affect the design before it is set in stone.

If you start early (as you should) expect to have to redo portions as

the design is modified.

FMECAs take a lot of time to complete.

FMECAs require considerable knowledge of system

operation necessitating extensive discussions with

software/hardware Design Engineering and System

Engineering.

Spend time developing ground rules with your customer up

front.