Automating the Failure Modes and Effects Analysis of Safety Critical Systems

DFMEA出自 MBA智库百科(/)DFMEA(Design Failure Mode and Effects Analysis,设计失效模式及后果分析)目录[隐藏]• 1 什么是DFMEA• 2 DFMEA基本原则• 3 DFMEA与PFMEA的关系• 4 形式和格式(Forms and Formats)• 5 我们应在何时进行设计失效模式及后果分析？• 6 我们应在什么时间进行设计失效模式及后果分析？•7 我们应在什么时间进行设计失效模式及后果分析？•8 我们应在什么时间进行设计失效模式及后果分析？•9 由谁进行设计失效模式及后果分析？•10 怎样进行设计失效模式及后果分析？•11 怎样进行设计失效模式及后果分析？•12 怎样进行设计失效模式及后果分析？•13 怎样进行设计失效模式及后果分析？•14 DFMEA的案例分析[1]o14.1 实施DFMEA存在的困难o14.2 实施DFMEA的准备工作o14.3 实施DFMEA的流程•15 相关条目•16 参考文献[编辑]什么是DFMEADFMEA是指设计阶段的潜在失效模式分析,是从设计阶段把握产品质量预防的一种手段,是如何在设计研发阶段保证产品在正式生产过程中交付客户过程中如何满足产品质量的一种控制工具。

因为同类型产品的相似性的特点，所以的DFMEA阶段经常后借鉴以前量产过或正在生产中的产品相关设计上的优缺点评估后再针对新产品进行的改进与改善。

[编辑]DFMEA基本原则DFMEA是在最初生产阶段之前,确定潜在的或已知的故障模式,并提供进一步纠正措施的一种规范化分析方法;通常是通过部件、子系统/部件、系统/组件等一系列步骤来完成的。

最初生产阶段是明确为用户生产产品或提供服务的阶段,该阶段的定义非常重要,在该阶段开始之前对设计的修改和更正都不会引起严重的后果,而之后对设计的任何变更都可能造成产品成本的大幅提高。

DFMEA应当由一个以设计责任工程师为组长的跨职能小组来进行,这个小组的成员不仅应当包括可能对设计产生影响的各个部门的代表,还要包括外部顾客或内部顾客在内。

Theories of FailureFailure is generally perceived to be fracture or complete separation of a member. However, failure may also occur due to excessive deformation (elastic or inelastic) or a variety of other reasons.Failure Modes 3Excessive elasticdeformationYielding Fracture•stretch, twist, or bending •buckling •vibration •plastic deformation atroom temperature•creep at elevatedtemperatures•yield stress is theimportant design factor•sudden fracture of brittlematerials•fatigue (progressivefracture)•stress rupture at elevatedtemperatures•ultimate stress is theimportant design factorDuring the latter part of the 19th century and continuing up to the present, a number of basic failure theories were proposed and tested on a few materials.1Most of the theories were based on the assumption that failure occurs when some physical variable such as stress, strain, or energy reaches a limiting value.Deformation:•Elastic deformation is temporary (reversible) and involves bond stretching.•Plastic deformation is permanent (irreversible), and involves bond breaking.•Fracture is catastrophic./matse81/Spring%202003/LectureNotes/ Classification System for Mechanical Failure Modes 4Manifestations of Failure elastic deformationplastic deformationrupture or fracturematerial change Failure-Inducing AgentsCommonly Observed Mechanical Failure Modes Force and/or Temperature-Induced Elastic DeformationYieldingBrinnellingDuctile RuptureBrittle FractureFatigueforcetimetemperaturereactive environmentFailure Locationsbody typesurface type CorrosionWearImpactFrettingCreepThermal RelaxationStress RuptureThermal ShockGalling and SeizureSpallingRadiation DamageBucklingCreep BucklingStress CorrosionCorrosion WearCorrosion Fatigue Combined Creep and FatigueStress TheoriesMaximum Principal Stress Theory (Rankine, Lamé)Applied satisfactorily to many brittle materials, the theory is based on a limiting normal stress. Failure occurs when the normal stress reaches a specified upper limit.1Failure is predicted when either ofthe principal stresses, σ1or σ2,equals or exceeds the yield strength,σyp , of the material.3σ1< σypσ2< σypExamplesClick on image for full size.Maximum Shear Stress Theory (Tresca, Guest, Coulomb)Applied satisfactorily to ductile materials, the theory is based on the concept of limiting shearing stress at which failure occurs.1Failure by yielding in a more complicated loading situation is assumed to occur when the maximum shearing stress in the material reaches a value equal to the maximum shearing stress in a tension test at yield.This yield criterion gives good agreement with experimental results for ductile materials; because of its simplicity, it is the most often used yield theory.2The main objection to this theory is that it ignores the possible effect of the intermediate principal stress, σ2. However, only one other theory, the maximum distortional strain energy theory, predicts yielding better than does the Tresca theory, and the differences between the two theories are rarely more than 15%.Failure is predicted when any of the three shear stresses corresponding to the principal stresses, σ1,2, equals or exceeds the shear stresscorresponding to the yield strength, σyp , of the material in uniaxial tension or compression.3Maximum Octahedral Shearing Stress TheoryFailure by yielding in a more complicated loading situation is assumed to occur when the octahedral shearing stress in the material reaches a value equal to the maximum octahedral shearing stress in a tension test at yield.Plane stress caseUniaxial stress caseNote: This theory gives the same results as the maximum distortion energy theory.Strain TheoriesMaximum Principal Strain Theory (Saint-Venant )The theory is based on the assumption that inelastic behavior or failure is governed by a specified maximum normal strain.1 Failure will occur at a particular part in a body subjected to an arbitrary state of strain when the normal strain reaches a limiting level.Failure is predicted when either of the principal strains, resulting from the principal stresses, σ1,2, equals or exceeds the maximum straincorresponding to the yield strength, σyp , of the material in uniaxial tension or compression.3 σ1 - ν(σ2 + σ3) < σypTotal Strain Energy Theory (Beltrami-Haigh)Applicable to many types of materials, the theory predicts failure or inelastic action at a point when the strain energy per unit volume exceeds a specified limit.1Failure is predicted when the total strain energy associated with the principal stresses, σ1,2, equals or exceeds the total strain energy corresponding to thatfor the yield strength, σyp , of the material in uniaxial tension or compression.3 σ12 + σ22 +σ32 -2ν(σ1σ2 + σ2σ3 + σ1σ3) < σyp 2Maximum Distortion Energy Theory (Huber-Henky-von Mises )The theory is based on a limiting energy of distortion, i.e. energy associated with shear strains.1Strain energy can be separated into energy associated with volume change and energy associated with distortion of the body. The maximum distortion energy failure theory assumes failure by yielding in a more complicated loading situation to occur when the distortion energy in the material reaches the same value as in a tension test at yield.This theory provides the best agreement between experiment and theory and, along the Tresca theory, is very widely used today.2Note: This theory gives the same results as the octahedral shear stress theory.Failure is predicted when the distortional energy associated with the principal stresses, σ1,2, equals or exceeds the distortional energy corresponding to thatfor the yield strength, σyp , of the material in uniaxial tension or compression.3 0.5 ( (σ1 - σ2)2 + (σ2 - σ3)2 + (σ3 - σ1)2) < σyp 2SummaryOf the failure criteria, the Tresca is the most conservative for all materials, the von Mises the most representative for ductile materials, and the Rankine the best fit for brittle materials.3Laminated-Composite Failure EnvelopesMore on failure theoriesBelow is a summary of two of most popular theories of failure applied to a simple uniaxial stress state and to a pure shear stress state.Failure CriteriaReferences1. Mechanics of Wood and Wood Composites, by J. Bodig & B.A. Jayne, KriegerPublishing, 1993, pp. 314-5.2. The Science and Technology of Civil Engineering Materials, by J.F. Young, S.Mindess, R.J. Gray, & A. Bentur, Prentice Hall, 1998, pp. 115-7.3. "Failure Prediction and Avoidance," Experimental Stress Analysis Notebook,Issue 22, Dec. 1993, Measurements Group, pp. 6-11.4. Failure of Materials in Mechanical Design - Analysis Prediction Prevention, byJ. A. Collins, John Wiley and Sons, 1981, pp. 6-8.。

FMEA管理模式(Failure Mode and Effect Analysis，失效模式及效应分析)什么是FMEA？FMEA(Failure Mode and Effect Analysis，失效模式和效果分析)是一种用来确定潜在失效模式及其原因的分析方法.具体来说，通过实行FMEA，可在产品设计或生产工艺真正实现之前发现产品的弱点，可在原形样机阶段或在大批量生产之前确定产品缺陷。

FMEA最早是由美国国家宇航局（NASA)形成的一套分析模式，FMEA是一种实用的解決问题的方法,可适用于许多工程领域，目前世界许多汽车生产商和电子制造服务商(EMS）都已经采用这种模式进行设计和生产过程的管理和监控。

FMEA的具体内容FMEA有三种类型，分別是系统FMEA、设计FMEA和工艺FMEA，1）确定产品需要涉及的技术、能够出现的问题，包括下述各个方面：需要设计的新系统、产品和工艺；对现有设计和工艺的改进;在新的应用中或新的环境下,对以前的设计和工艺的保留使用；形成FMEA团队。

理想的FMEA团队应包括设计、生产、组装、质量控制、可靠性、服务、采购、测试以及供货方等所有有关方面的代表。

2)记录FMEA的序号、日期和更改内容，保持FMEA始终是一个根据实际情況变化的实时现场记录，需要强调的是,FMEA文件必须包括创建和更新的日期。

3）创建工艺流程图。

工艺流程图应按照事件的顺序和技术流程的要求而制定，实施FMEA需要工艺流程图，一般情況下工艺流程图不要轻易变动。

4)列出所有可能的失效模式、效果和原因、以及对于每一项操作的工艺控制手段：对于工艺流程中的每一项工艺,应确定可能发生的失效模式.如就表面贴装工艺（SMT）而言,涉及的问题可能包括，基于工程经验的焊球控制、焊膏控制、使用的阻焊剂(soldermask)类型、元器件的焊盤图形设计等.对于每一种失效模式,应列出一种或多种可能的失效影响，例如，焊球可能要影响到产品长期的可靠性，因此在可能的影响方面应该注明。

DFMEA出自 MBA智库百科(/)DFMEA(Design Failure Mode and Effects Analysis,设计失效模式及后果分析)目录[隐藏]• 1 什么是DFMEA• 2 DFMEA基本原则• 3 DFMEA与PFMEA的关系• 4 形式和格式(Forms and Formats)• 5 我们应在何时进行设计失效模式及后果分析？• 6 我们应在什么时间进行设计失效模式及后果分析？•7 我们应在什么时间进行设计失效模式及后果分析？•8 我们应在什么时间进行设计失效模式及后果分析？•9 由谁进行设计失效模式及后果分析？•10 怎样进行设计失效模式及后果分析？•11 怎样进行设计失效模式及后果分析？•12 怎样进行设计失效模式及后果分析？•13 怎样进行设计失效模式及后果分析？•14 DFMEA的案例分析[1]o14.1 实施DFMEA存在的困难o14.2 实施DFMEA的准备工作o14.3 实施DFMEA的流程•15 相关条目•16 参考文献[编辑]什么是DFMEADFMEA是指设计阶段的潜在失效模式分析,是从设计阶段把握产品质量预防的一种手段,是如何在设计研发阶段保证产品在正式生产过程中交付客户过程中如何满足产品质量的一种控制工具。

因为同类型产品的相似性的特点，所以的DFMEA阶段经常后借鉴以前量产过或正在生产中的产品相关设计上的优缺点评估后再针对新产品进行的改进与改善。

[编辑]DFMEA基本原则DFMEA是在最初生产阶段之前,确定潜在的或已知的故障模式,并提供进一步纠正措施的一种规范化分析方法;通常是通过部件、子系统/部件、系统/组件等一系列步骤来完成的。

最初生产阶段是明确为用户生产产品或提供服务的阶段,该阶段的定义非常重要,在该阶段开始之前对设计的修改和更正都不会引起严重的后果,而之后对设计的任何变更都可能造成产品成本的大幅提高。

DFMEA应当由一个以设计责任工程师为组长的跨职能小组来进行,这个小组的成员不仅应当包括可能对设计产生影响的各个部门的代表,还要包括外部顾客或内部顾客在内。

缺陷模式和影响分析(Failure modes and Effect analysis)Difference between C&E and FMEA, (no severity and detective, occurrence1五大质量手册生产件批准程序（PPAP） 产品质量先期策划和控制计划（APQP） 潜在失效模式及后果分析（FMEA） 测量系统分析（MSA） 统计过程控制（SPC） 潜在失效模式及后果分析（FMEA）是QS-9000中极其重 要的缺陷预防技术，是实现预防为主的重要手段之一。

2FMEA的定义FMEA是一种系统化的设计评估系统，其目标为: 是一种系统化的设计评估系统，其目标为 是一种系统化的设计评估系统1. 认可和评估潜在的缺陷模式及其原因与设计 认可和评估潜在的缺陷模式及其原因与设计 及制造新产品或升级现有产品的关系。

及制造新产品或升级现有产品的关系。

确定用于消除和降低潜在缺陷发生机会的行 用于消除和降低潜在缺陷发生机会 2. 确定用于消除和降低潜在缺陷发生机会的行 动。

3. 文件化过程。

文件化过程 过程。

3缺陷模式可能是 . .完成一个确定功能时的缺陷 不希望发生的事件 错误的应用4背景开发于1960’s早期，美国宇航 局在APOLLO进行 登月计划时所开发。

1970’s 早期被美国海军采用。

1880’s末, 汽车工业实施 FMEA 并开始要求其供应商也实施 它。

降低成本为主要驱动力.(Honda 召回事件）1980’s开始被推广使用。

5国内的应用情况 随着国内制造业与国际的接轨，故障模 式影响分析技术在各行各业得以广泛应 用并逐步发展成熟。

自20世纪90年代起 FMEA工作一直是很多行业必须开展的 一项重要的可靠性工作，ISO9000, ISO14000, 汽车行业的QS9000和 TS16949标准等也读将FMEA作为重要 的考核内容6NASA 使用 FMEA 在APOLLO登月计划中确定单点缺陷。

Failure Modes and Effects Analysis Failure Modes and Effects Analysis (FMEA) is a structured approach used to identify potential failure modes in a system, process, or product, and to assess the potential impact of those failures. It is a proactive tool that helps organizations anticipate and prevent problems before they occur, ultimately improving overall performance and reliability. FMEA is a critical component of quality management and risk assessment, as it allows organizations to prioritize and address potential risks based on their likelihood and severity. One of thekey benefits of conducting an FMEA is the ability to identify and prioritize potential failure modes. By systematically analyzing each step of a process or component of a system, organizations can identify weak points and vulnerabilities that may lead to failures. This proactive approach allows organizations to address issues before they escalate, saving time and resources in the long run. Additionally, by prioritizing failure modes based on their potential impact, organizations can focus their efforts on addressing the most critical risks first. Another important aspect of FMEA is the ability to assess the potential effects of failures. By considering the potential consequences of a failure, organizationscan develop contingency plans and mitigation strategies to minimize the impact on operations. This proactive approach not only helps organizations respond more effectively to failures when they occur but also helps prevent failures from happening in the first place. By understanding the potential effects of failures, organizations can make informed decisions about how to allocate resources and prioritize risk management efforts. In addition to identifying and assessing potential failure modes, FMEA also helps organizations improve communication and collaboration within teams. By involving cross-functional teams in the FMEA process, organizations can leverage the diverse expertise and perspectives of team members to identify and address potential risks more effectively. Thiscollaborative approach not only improves the quality of the analysis but also fosters a culture of continuous improvement and shared responsibility for risk management. Furthermore, FMEA can help organizations comply with regulatory requirements and industry standards. Many industries, such as healthcare, automotive, and aerospace, have strict regulations and standards that requireorganizations to identify and mitigate potential risks. By conducting FMEA, organizations can demonstrate their commitment to quality and safety, and ensure compliance with regulatory requirements. This proactive approach not only helps organizations avoid costly fines and penalties but also enhances their reputation and credibility in the marketplace. Overall, Failure Modes and Effects Analysis is a powerful tool that can help organizations improve performance, reliability, and safety. By systematically identifying and assessing potential failure modes, organizations can proactively address risks, improve communication and collaboration, and comply with regulatory requirements. Ultimately, FMEA helps organizations build a culture of continuous improvement and risk management, ensuring long-term success and sustainability.。

FMEA Failure Mode and EffectAnalysis (FMEA)失效模式及后果分析1FMEA Learning Objectives学习目标•Provide familiarization with FMEA principles and techniques.熟练运用FMEA原理与方法2Definition of FMEA FMEA的定义FMEA is a systematic design evaluation procedure whose purpose is to: FMEA是一个系统的设计评估程序，其用途是：1. recognize and evaluate the potential failure modes and causesassociated with the designing and manufacturing of a new product or a change to an existing product，识别与评估潜在失效模式与原因,与新产品的设计与制造或当前产品的变化联系起来，2. identify actions which could eliminate or reduce the chance of thepotential failure occurring，识别可消除或减少潜在失效事件产生的措施，3. document the process.将过程形成文件。

45FMEA is Function-driven FMEA 是功能性的FMEA begins with a definition of the FUNCTIONS an item is supposed toperform. The inputs must come from several sources to be effective:FMEA 是以其应该执行的项目功能的定义为开端。

Chapter 13Failure Mode andEffects Analysis13.1INTRODUCTIONFailure mode and effects analysis (FMEA)is a tool for evaluating the effect(s)of potential failure modes of subsystems,assemblies,components,or functions.It is primarily a reliability tool to identify failure modes that would adversely affect overall system reliability.FMEA has the capability to include failure rates for each failure mode in order to achieve a quantitative probabilistic analysis.Additionally,the FMEA can be extended to evaluate failure modes that may result in an undesired system state,such as a system hazard,and thereby also be used for hazard analysis.A more detailed version of the FMEA is known as failure mode,effects and cri-ticality analysis (FMECA).The FMECA requires that more information be obtained from the analysis,particularly information dealing with the criticality and detection of the potential failure modes.The FMEA method is a disciplined bottom-up evaluation technique that focuses on the design or function of products and processes in order to prioritize actions to reduce the risk of product or process failures.In addition,the FMEA is a tool for documenting the analysis and capturing recommended design changes.Time and resources for a comprehensive FMEA must be allotted during design and process development,when design and process changes can most easily and inexpensively be implemented.235Hazard Analysis Techniques for System Safety ,by Clifton A.Ericson,IICopyright #2005John Wiley &Sons,Inc.236FAILURE MODE AND EFFECTS ANALYSIS13.2BACKGROUNDThe FMEA technique falls under the detailed design hazard analysis type (DD-HAT)because it is a detailed analysis done at the component or functional level.The basic hazard analysis types are described in Chapter3.An alternate name for this technique is FMECA.FMECA is basically the same as FMEA except it adds criticality evaluation to each failure mode,as well as the evaluation of possible failure mode detection methods.The purpose of FMEA is to evaluate the effect of failure modes to determine if design changes are necessary due to unacceptable reliability,safety,or operation resulting from potential failure modes.When component failure rates are attached to the identified potential failure modes,a probability of subsystem or component failure can be derived.FMEA was originally developed to determine the reliability effect of failure modes,but it can also be used to identify mishap hazards resulting from potential failure modes.The FMEA is applicable to any system or equipment,at any desired level of design detail—subsystem,assembly,unit,or component.FMEA is generally per-formed at the assembly or unit level because failure rates are more readily available for the individual embedded components.The FMEA can provide a quantitative reliability prediction for the assembly or unit that can be used in a quantitative safety analysis(e.g.,fault tree).FMEA tends to be more hardware and process oriented but can be used for software analysis when evaluating the failure of soft-ware functions.The technique is thorough for evaluating potential individual failure modes and providing reliability information.However,for safety purposes,an FMEA is limited because it considers only single item failures and not the combination of items fail-ing together;generally,mishaps result from failure combinations.Also an FMEA does not identify hazards arising from events other than failures(e.g.,timing errors, radiation,high voltage,etc.).The technique can be easily performed and mastered;however,a basic under-standing of failures and failure mode theory and hazard analysis theory is necessary as well as knowledge of system safety concepts.Additionally a detailed understand-ing of the system design and operation is required.The methodology is uncomplicated and easily learned.Standard FMEA forms and instructions are included in this chapter.The FMEA technique is a valuable reliability tool for analyzing potential failure modes and calculating subsystem,assembly,or unit failure rates.Severity and prob-ability evaluation of failure modes provides a prioritized list for corrective actions. FMEA can also be extended to identify hazards resulting from potential failure modes and evaluating the resulting mishap risk.Note,however,that an FMEA will likely not identify all system hazards because it is only looking at single com-ponent failure modes,while hazards can be the result of multiple hazards and events other than failure modes.For this reason,FMEA is not recommended as the sole tool for hazard identification.FMEA should only be used for hazard analysis when done in conjunction with other hazard analysis techniques.13.4DEFINITIONS237A modified FMEA for hazard identification is recommended for evaluation of failure modes,when done in support of other hazard analyses.However,the FMEA is not recommended as the sole hazard analysis to be performed,since the FMEA primarily looks at single failure modes only,while a hazard analysis con-siders many additional system aspects.13.3HISTORYThe FMEA was developed for the itary as a formal analysis technique. Military procedure MIL-P-1629(now MIL-STD-1629A)[1],titled“Procedures for Performing a Failure Mode,Effects and Criticality Analysis,”is originally dated November9,1949.It was used as a reliability evaluation technique to deter-mine the effect of system and equipment failures.Failures were classified according to their impact on mission success and personnel/equipment safety.The term per-sonnel/equipment,taken directly from an abstract of military standard MIL-P-1629, is notable because of the significance given to ed for aerospace/rocket development,the FMEA and the more detailed FMECA were helpful in avoiding errors on small sample sizes of costly rocket technology.Use of the FMEA was encouraged in the1960s for space product development and served well on getting a man on the moon.Ford Motor Company reintro-duced FMEA in the late1970s for safety and regulatory consideration after mul-tiple Pinto automobile exploding gas tank accidents.Ford Motor Company has also used FMEAs effectively for production improvement,as well as design improvement.The Automotive Industry Action Group(AIAG)and the American Society for Quality Control(ASQC)copyrighted industrywide FMEA standards,in February of1993,that are the technical equivalent of the Society of Automotive Engineers procedure SAE J-1739[2].The standards are presented in an FMEA manual[3] approved and supported by all three U.S.auto makers,which provides general guidelines for preparing an FMEA.13.4DEFINITIONSIn order to facilitate a better understanding of FMEA,some definitions for specific terms are in order.The following are basic FMEA terms:Failure Departure of an item from its required or intended operation,function,or behavior;problems that users encounter.The inability of a system,subsystem,or component to perform its required function.The inability of an item to perform within previously prescribed limits.Failure mode Manner by which an item fails;the mode or state the item is in after it fails.The way in which the failure of an item occurs.238FAILURE MODE AND EFFECTS ANALYSISFailure cause Process or mechanism responsible for initiating the failure mode.The possible processes that can cause component failure include physical failure, design defects,manufacturing defects,environmental forces,and so forth. Failure effect Consequence(s)a failure mode has on the operation,function,or status of an item and on the system.Fault Undesired anomaly in the functional operation of an equipment or system.The occurrence of an undesired state,which may be the result of a failure. Critical item list(CIL)List of items that are considered critical for reliable and/ or safe operation of the system.The list is generated from the FMEA. Indenture level Levels of system hierarchy that identify or describe the relative complexity of a system.The levels progress from the more complex(system) to the simpler(part/component)divisions level(MIL-STD-1629A[1]on FMEAs).The hierarchy is the organizational structure defining dominant and subordinate relationships between subsystems down to the lowest component/ piece part.Risk priority number(RPN)Risk ranking index for reliability.RPN¼(probability of occurrence)Â(severity ranking)Â(detection ranking).13.5THEORYThe FMEA technique is a qualitative and quantitative analysis method used for the evaluation of potential failure modes.The FMEA is a technique that answers a series of questions:.What can fail?.How does it fail?.How frequently will it fail?.What are the effects of the failure?.What is the reliability/safety consequence of the failure?To conduct an FMEA,it is necessary to know and understand certain system characteristics:.Mission.System design.Operational constraints.Success and failure boundaries.Credible failure modes and a measure of their probability of occurrenceFigure13.1depicts the FMEA concept.The subsystem being analyzed is divided into its relevant indenture levels,such as unit1,unit2,unit3,and so forth.Each unitis then further subdivided into its basic items.Each item is listed down the left-hand column of the FMEA worksheet and individually analyzed.The concept is to break-down the “entity”being analyzed into individual items.In effect,the subsystem is analyzed top-down when it is divided into indenture levels,and then it is analyzed bottom-up when each item is individually evaluated.An item can be a hardware part or component,or it can be a function.Each item is then singularly isolated and all potential failure modes for this item are listed in the first column of the FMEA.Each item is then evaluated in detail.The primary building blocks of a system that an FMEA analyzes are the system hardware and the system functions,referred to as the system structural aspect and the system functional aspect.Figure 13.2depicts the functional vs.structural con-cept of a system,which is relevant for FMEA.The functional aspect defines how the system must operate and the functional tasks that must be performed.The struc-tural aspect defines how the functions will be implemented via the hardware that actually carries out the system operations.System design and implementation progresses from the system functions down to the hardware piece parts.Conceptually,there are three approaches to performing an FMEA:1.Functional Approach The functional FMEA is performed on functions.Thefunctions can be at any functional indenture level for the analysis:system,subsystem,unit,or assembly.This approach focuses on ways in which func-tional objectives of a system go unsatisfied or are erroneous.The functional approach is also applicable to the evaluation of software through the Unit 1Unit 3 Unit 2OUTPUT Figure 13.1FMEA concept.13.5THEORY 239evaluation of required software functions.The functional approach tends to be more of a system-level analysis.2.Structural Approach The structural FMEA is performed on hardware andfocuses on potential hardware failure modes.The hardware can be at any hardware indenture level for the analysis:subsystem,unit,assembly,or part (component).The structural approach tends to be a detailed analysis at the component level.3.Hybrid Approach The hybrid FMEA is a combination of the structural andthe functional approaches.The hybrid approach begins with the functional analysis of the system and then transitions to a focus on hardware,especially hardware that directly contributes to functional failures identified as safetycritical.FunctionalSystemViewStructuralSystemViewFigure 13.2Functional vs.structural levels.240FAILURE MODE AND EFFECTS ANALYSIS13.5THEORY241The functional approach is performed when the system is being defined by the functions that are to be accomplished.The structural hardware approach is per-formed when hardware items can be uniquely identified from schematics,drawings, and other engineering and design data.The hybrid approach combines both aspects, beginning with identification of important system functional failures and then iden-tifying the specific equipment failure modes that produce those system functional failures.13.5.1Structural and Functional ModelsThe purpose of an FMEA is to evaluate potential design failure modes early in the development program to cost effectively implement safety design corrections.To attain this objective the FMEA must closely track the design as it progresses from conceptual to detailed.Design depth and detail correlates to structural and functional decomposition of the system.A structural model of the system captures the static structure of the system comprised of the hardware components.A functional model of the system captures the functions that must be performed in order for the system to achieve its goals and objectives.These two system views contrast what must be done (function)with how it is to be done(structure).Figure13.3provides a brief example of a structural model and a functional model for a radio system and the failure modes that might be considered.These models also depict indenture levels for each type of model.Functional ModelFigure13.3Functional and structural models.13.5.2Product and Process FMEAThe FMEA is classified as a product FMEA or a process FMEA,depending upon the application.The product FMEA analyzes the design of a product or system by examining the way that the item’s failure modes affect the operation of the product or system.The process FMEA analyzes the processes involved in the manufacture, use,and maintenance of a product.It examines the way that process methods affect the operation of the product or system.Both types of FMEA focus on design—design of the product or design of the process.The FMEA classification types, along with general failure mode areas,are presented in Figure13.4.13.5.3Functional Failure ModesFunctional-type FMEAs evaluate system,subsystem,and unit functions.Functional failure modes are a little more abstract than hardware failure modes.The key is to consider each adverse state that is possible for each function.Example functional failure modes may include,but are not limited to,the following:1.Function fails to perform.2.Function performs incorrectly.3.Function performs prematurely.4.Function provides incorrect or misleading information.5.Function does not fail safe.13.5.4Hardware Failure ModesHardware-type FMEAs consider both component catastrophic and component out-of-tolerance modes of failure.Catastrophic failure means complete component func-tional failure in the required mode of operation.For example,a resistor failing open or shorted means that it no longer functions as intended.Out-of-tolerance failure refers to a failure mode where the component is functional but not within specifiedProduction • Assembly • Chemical • Machining • SoftwareMaintenance• ConfigurationControl• Documentation• TrainingUse• Modes• Human interface• Overstress• Documentation• TrainingHardware • Electrical • Mechanical • InterfacesSoftware• SW functions• HW interfacesFunctions• System• SubsystemFMEA TypesProcess ProductFigure13.4FMEA types—product and process.242FAILURE MODE AND EFFECTS ANALYSISoperating boundaries.Example modes for a resistor might include too low resistance or too high resistance,but it still provides some level of resistance.An intermittent failure is a failure that is not continuous;the failure occurs in a cyclic on /off fashion.The basic failure categories for hardware items include:plete failure2.Partial failure (e.g.,out of tolerance)3.Intermittent failureIn a typical FMEA,these basic failure modes may be expressed by the following examples:13.5.5Software Failure ModesPerforming an FMEA on a mechanical or electrical system is generally more straightforward than performing an FMEA on software.Failure modes of com-ponents such as relays and resistors are generally well understood.Mechanical and electrical components fail due to aging,wear,or stress.For software the situ-ation is different because software modules do not fail per se,they only display incorrect behavior.A software-oriented FMEA can only address incorrect behavior of software (i.e.,the software fails to perform as intended).A software FMEA (SFMEA)normally involves performing an analysis of the software functions.An SFMEA would follow the same basic steps as a hardware FMEA:set up a starting point,understand the design,make a list of typical failure modes,and then perform the analysis.Software failure modes would be seen as types of erroneous behavior and not typos in the code.Distinguishing characteristics between the hardware and software FMEA are shown in Table 13.1.Example software functional failure modes may include,but are not limited to,the following:1.Software function fails.2.Function provides incorrect results.3.Function occurs prematurely.4.Unsent messages.5.Messages sent too early or too late.1.Open circuit 2.Short circuit 3.Out of tolerance 4.Leak 5.Hot surface 6.Bent 7.Oversize /undersize 8.Cracked 9.Brittle 10.Misaligned 11.Binding 12.Corroded 13.Failure to operate 14.Intermittent operation 15.Degraded operation 16.Loss of output13.5THEORY 2436.Faulty message.7.Software stops or crashes.8.Software hangs.9.Software exceeds internal capacity.10.Software startup failure.11.Software function has slow response.13.5.6Quantitative Data SourcesWhen performing a quantitative FMEA /FMECA,component failure rates are required.Although many models are available for performing reliability prediction analyses,each of these models was originally created with a particular application in mind.Table 13.2describes the most widely used reliability prediction models in terms of their intended applications,noting both their advantages and disadvantages.Note that there is no available failure rate data for software as there are no defined failure modes.13.6METHODOLOGYFigure 13.5shows an overview of the basic FMEA process and summarizes the important relationships involved.Based on reliability theory,all components have inherent failure modes.The FMEA process evaluates the overall impact of each and every component failure mode.The primary FMEA goal is to determine the effect on system reliability from component failures,but the technique can be extended to determine the effect on safety.Input data for the FMEA includes detailed hardware /function design infor-mation.Design data may be in the form of the design concept,the operational TABLE 13.1Hardware /Software FMEA CharacteristicsHardwareSoftware Is performed at a part (component)levelwhere failure rates can be obtained.Is only practical at the functional level.System is considered free of failures at startof operation.System is assumed to contain software faults at start of operation.Postulates failure modes due to aging,wear,or stress.Postulates failure modes according to functional failure.Analyzes failure consequence at the itemlevel and the system level.Analyzes failure consequence at the system level.States the criticality in measures ofconsequence severity and probability.States the criticality in measures of consequence severity,but probability cannot be determined.States hardware measures taken to preventor mitigate failure consequence.States software measures taken to prevent or mitigate failure consequence.Software can cause hardware to fail.Hardware can cause software to fail.244FAILURE MODE AND EFFECTS ANALYSIST A B L E 13.2C o m p a r i s o n o f R e l i a b i l i t y P r e d i c t i o n M o d e l sR e l i a b i l i t y P r e d i c t i o n M o d e lA p p l i c a t i o n a n d O r i g i n a t i n g C o u n t r yA d v a n t a g e s D i s a d v a n t a g e sM I L -H D B K -217,T h e M i l i t a r y H a n d b o o k f o r t h e R e l i a b i l i t y P r e d i c t i o n o f E l e c t r o n i c E q u i p m e n tM i l i t a r y a n d c o m m e r c i a l ,U n i t e d S t a t e sP r o v i d e s f o r b o t h p a r t s s t r e s s a n d p a r t s c o u n t a n a l y s i s o f e l e c t r o n i c p a r t s .C a n e a s i l y m o v e f r o m p r e l i m i n a r y d e s i g n s t a g e t o c o m p l e t e d e s i g n s t a g e b y p r o g r e s s i n g f r o m p a r t s c o u n t t o p a r t s s t r e s s .I n c l u d e s m o d e l s f o r a b r o a d r a n g e o f p a r t t y p e s .P r o v i d e s m a n y c h o i c e s f o r e n v i r o n m e n t t y p e s .W e l l -k n o w n a n d w i d e l y a c c e p t e d .D o e s n o t c o n s i d e r o t h e r f a c t o r s t h a t c a n c o n t r i b u t e t o f a i l u r e r a t e s u c h a s b u r n -i n d a t a ,l a b t e s t i n g d a t a ,fie l d t e s t d a t a ,d e s i g n e r e x p e r i e n c e ,w e a r -o u t ,e t c .C o n s i d e r s o n l y e l e c t r o n i c p a r t s .T e l c o r d i a (B e l l c o r e ),R e l i a b i l i t y P r e d i c t i o n P r o c e d u r e f o r E l e c t r o n i c E q u i p m e n t (T e c h n i c a l R e f e r e n c e #T R -332o r T e l c o r d i a T e c h n o l o g i e s S p e c i a l R e p o r t S R -332),A T &T B e l l L a b s C o m m e r c i a l ,U n i t e d S t a t e sO f f e r s a n a l y s i s r a n g i n g f r o m p a r t s c o u n t t o f u l l p a r t s s t r e s s t h r o u g h t h e u s e o f c a l c u l a t i o n m e t h o d s .C o n s i d e r s b u r n -i n d a t a ,l a b t e s t i n g d a t a ,a n d fie l d t e s t d a t a .W e l l -k n o w n a n d a c c e p t e d .C o n s i d e r s o n l y e l e c t r o n i c p a r t s .S u p p o r t s o n l y a l i m i t e d n u m b e r o f g r o u n d e n v i r o n m e n t s .F e w e r p a r t m o d e l s c o m p a r e d t o M I L -HD B K -217.D o e s n o t a c c o u n t f o r o t h e r f a c t o r s s u c h a s d e s i g n e r e x p e r i e n c e ,w e a r -o u t ,e t c .T h e H a n d b o o k o f R e l i a b i l i t y P r e d i c t i o n P r o c e d u r e s f o r M e c h a n i c a lE q u i p m e n t (N S W C -98/L E 1),N a v y M i l i t a r y a n d c o m m e r c i a l ,U n i t e d S t a t e sP r o v i d e s f o r a n a l y z i n g a b r o a d r a n g e o f m e c h a n i c a l p a r t s (s e a l s ,s p r i n g s ,s o l e n o i d s ,b e a r i n g s ,g e a r s ,e t c .)L i m i t e d t o m e c h a n i c a l p a r t s .H R D 5,T h e H a n d b o o k f o r R e l i a b i l i t y D a t a f o r E l e c t r o n i c C o m p o n e n t s U s e d i n T e l e c o m m u n i c a t i o n S y s t e m sT e l e c o m m u n i c a t i o n s ,U n i t e d K i n g d o m S i m i l a r t o T e l c o r d i a .F a i r l y b r o a d r a n g e o f p a r t t y p e s m o d e l e d .C o n s i d e r s o n l y e l e c t r o n i c p a r t s .N o t w i d e l y u s e d .(c o n t i n u e d )245T A B L E 13.2C o n t i n u e dR e l i a b i l i t y P r e d i c t i o n M o d e lA p p l i c a t i o n a n d O r i g i n a t i n g C o u n t r yA d v a n t a g e s D i s a d v a n t a g e sP R I S M ,S y s t e m R e l i a b i l i t y A s s e s s m e n t M e t h o d o l o g y d e v e l o p e d b y t h e R e l i a b i l i t y A n a l y s i s C e n t e r (R A C )M i l i t a r y a n d c o m m e r c i a l ,U n i t e d S t a t e sI n c o r p o r a t e s N P R D /E P R D d a t a b a s e o f f a i l u r e r a t e s .E n a b l e s t h e u s e o f p r o c e s s g r a d i n g f a c t o r s ,p r e d e c e s s o r d a t a ,a n d t e s t o r fie l d d a t a .S m a l l ,l i m i t e d s e t o f p a r t t y p e s m o d e l e d .N e w e r s t a n d a r d ,s t i l l g a i n i n g a c c e p t a n c e .C o n s i d e r s o n l y e l e c t r o n i c p a r t s .C a n n o t m o d e l h y b r i d s .N o r e f e r e n c e s t a n d a r d a v a i l a b l e .N P R D /E P R D ,N o n e l e c t r o n i c s P a r t s R e l i a b i l i t y (N P R D )a n d E l e c t r o n i c P a r t s R e l i a b i l i t y (E P R D )d a t a b a s e s b y R A CM i l i t a r y a n d c o m m e r c i a l ,U n i t e d S t a t e sB r o a d a r r a y o f e l e c t r o n i c a n d n o n e l e c t r o n i c p a r t s .B a s e d c o m p l e t e l y o n fie l d d a t a .C o n s i s t s e n t i r e l y o f d a t a b a s e s o f f a i l u r e r a t e s ,n o t m a t h e m a t i c a l m o d e l s .24613.7WORKSHEET247Figure13.5FMEA overview.concept,and major components planned for use in the system and major system functions.Sources for this information include design specifications,sketches, drawings,schematics,function lists,functional block diagrams(FBDs),and/or reliability block diagrams(RBDs).Input data also includes known failure modes for components and failure rates for the failure modes.FMEA output information includes identification of failure modes in the system under analysis,evaluation of the failure effects,identification of hazards,and identification of system critical items in the form of a critical items list(CIL).Table13.3lists the basic steps in the FMEA process,which involves performing a detailed analysis of all item failure modes.A worksheet is utilized to document the FMEA as identified in the next section.13.7WORKSHEETThe FMEA is a detailed analysis of potential failure modes.It is desirable to perform the FMEA using a form or worksheet to provide analysis structure,consistency,and documentation.The specific format of the analysis worksheet is not critical.Typi-cally,matrix-,columnar-or text-type forms are utilized to help maintain focus and structure in the analysis.An FMEA that supports system safety and hazard analysis should contain the following information,as a minimum:1.Failure mode2.System effect of failure mode3.System-level hazards resulting from failure4.Mishap effect of hazards5.Failure mode and/or hazard causal factors6.How the failure mode can be detected7.Recommendations(such as safety requirements/guidelines that can beapplied)8.The risk presented by the identified hazardMany different FMEA worksheet formats have been proposed by different programs,projects,and disciplines over the years.Some different examples are shown below.Each form provides a different amount and type of information to be derived from the analysis.The specific form to be used may be determined by the customer,the system safety working group,the safety manager,the reliability group,or the reliability /safety analyst performing the analysis.Typically a program stays with the same FMEA worksheet over the life of the program.Therefore it is important to ensure that relevant safety-related information is included in the FMEA worksheet.Figure 13.6uses a very basic FMEA worksheet format,primarily for use by the reliability organization.TABLE 13.3FMEA Process Step Task Description1Define system.Define,scope,and bound the system.Define the mission,mission phases,and mission environments.Understand the system design and operation.Note that all steps are applicable for an SFMEA.2Plan FMEA.Establish FMEA goals,definitions,worksheets,schedule,and process.Start with functional FMEA then move to FMEA ofhardware that is safety critical (identified from functional FMEA).Divide the system under analysis into the smallest segmentsdesired for the analysis.Identify items to be analyzed and establish indenture levels for items /functions to be analyzed.3Select team.Select all team members to participate in FMEA and establish responsibilities.Utilize team member expertise from several different disciplines (e.g.,design,test,manufacturing,etc.).4Acquire data.Acquire all of the necessary design and process data needed (e.g.,functional diagrams,schematics,and drawings)for the system,subsystems,and functions for FMEA.Refine the item indenture levels for analysis.Identify realistic failure modes of interest for the analysis and obtain component failure rates.5Conduct FMEA.a.Identify and list the items to be evaluated.b.Obtain concurrence on the list and level of detail.c.Transfer the list to the FMEA worksheet.d.Analyze each item on the list by completing the FMEA worksheet questions.e.Have the FMEA worksheets validated by a system designer for correctness.6Recommend corrective action.Recommend corrective action for failure modes with unacceptable risk.Assign responsibility and schedule for implementing corrective action.7Monitor corrective action.Review test results to ensure that safety recommendations and system safety requirements are effective in mitigating hazards as anticipated.8Track hazards.Transfer identified hazards into the hazard tracking system (HTS).9Document FMEA.Document the entire FMEA process on the worksheets.Update for new information and closure of assigned corrective actions.248FAILURE MODE AND EFFECTS ANALYSIS。