Failure Mode, Effects, and Criticality Analysis
The following is an excerpt from The Reliability Engineering Handbook by Bryan Dodson and Dennis Nolan, © QA Publishing, LLC.
Part one of a series.
Failure Mode, Effects, and Criticality Analysis (FMECA) is a powerful design analysis tool that is used to increase system reliability. It can be applied during the initial design phase or to existing equipment. To be more effective, the FMECA should relate to the nature of the design process itself. In either case, it considers overall design, operating, and service problems, while at the same time addressing process and safety problems.
If used as a design tool, the benefit of FMECA depends upon the timeliness in which information is communicated in the early design phase. Timeliness is probably the most important factor in differentiating between effective and ineffective implementation of the FMECA. The efforts and sophistication of the approach used depend greatly on the requirements of each individual program. In any case, the FMECA should contribute to the overall program decision.
7.2 Environmental requirements and influence
When the FMECA team members are properly selected, the FMECA process will address all problems concerning design, manufacturing, process, safety, and environment. The consequences of these problems are addressed during the study of the Failure Mode during the FMECA. Preventive measures for failures where individual well-being in the workplace is concerned should always be given top priority. According to John Moubray (1991), "A failure mode has safety consequences if it causes a loss of function or other damage which could hurt or kill someone."
The overall design must consider how the environment influences the system during testing, storage, installing, and operating. When considering the failure mode effects, think about the impact on society in general if the failure happened. Society may, in some cases, be considered as a customer because if the product is not accepted due to environmental effects, it may not be successful. "A failure mode has environmental consequences if it causes a loss of function or other damage which could lead to the breach of any known environmental standard or regulation," (Moubray, 1991).
7.3 Differences between part function, part failure mechanism, failure effect, failure detection, and failure mode
The definitions which follow form the fundamentals of FMECAs. These definitions will enable the reader to understand the differences between Part Function, Part Failure Mechanism, Failure Effect, Failure Detection, and Failure Modes. These definitions were taken from MIL-STD-1629.
1. Failure Mode and Effects Analysis (FMEA)—A procedure by which each potential failure mode in a system is analyzed to determine the results, or effects thereof, on the system and to classify each potential failure mode according to its severity.
2. Failure mode—The manner by which a failure is observed. Generally describes the way the failure occurs and its impact on equipment operation.
3. Failure effect—The consequence(s) a failure mode has on the operation, function, or status of an item. Failure effects are usually classified according to how the entire system is impacted.
4. Failure cause—The physical or chemical process, design defects, part misapplication, quality defects, or other processes that are the basic reason for failure or which initiate the physical process by which deterioration proceeds to failure.
5. Environments—The conditions, circumstances, influences, stresses and combinations thereof, surrounding and affecting systems or equipment during storage, handling, transportation, testing, installation, and use in standby status and operations.
6. Detection mechanism—The means or methods by which a failure can be discovered by an operator under normal system operation or can be discovered by the maintenance crew by some diagnostic action.
7. Severity—The consequences of a failure as a result of a particular failure mode. Severity considers the worst potential consequence of a failure, determined by the degree of injury, property damage, or system damage that could ultimately occur.
8. Criticality —A relative measure of the consequences of a failure mode and its frequency of occurrence.
9. Criticality analysis (CA)—A procedure by which each potential failure mode is ranked according to the combined influence of severity and probability of occurrence.
10. FMECA-Maintainability information—A procedure by which each potential failure is analyzed to determine how the failure is detected and the actions to be taken to repair the failure.
11. Single failure point—The failure of an item that would result in failure of the system and is not compensated for by redundancy or alternative operational procedure.
12. Undetectable failure—A postulated failure mode in the FMEA for which there is no failure detection method by which the operator is made aware of the failure.
13. FMECA planning—Planning the FMECA work involves the contractor procedures for implementing their specified requirements. Planning should include updating to reflect design changes and analysis results. Worksheet formats, ground rules, assumptions, identification of the level of analysis, failure definitions, and identification of coincident use of the FMECA by the contractor and other organizational elements should also be considered.
14. Ground rules and assumptions—The ground rules identify the FMECA approach (e.g., hardware, functional or combination), the lowest level to be analyzed, and include statements of what might constitute a failure in terms of performance criteria. Every effort should be made to identify and record all ground rules and analysis assumptions prior to initiation of the analysis; however, ground rules and analysis assumptions may be adjusted as requirements change.
15. Analysis approach—Variations in design complexity and available data will generally dictate the analysis approach to be used. There are two primary approaches for the FMECA. One is the hardware approach that lists individual hardware items and analyzes their possible failure modes. The other is the functional approach that recognizes that every item is designed to perform a number of outputs. The outputs are listed and their failures analyzed. For more complex systems, a combination of the functional and hardware approaches may be considered.
16. Hardware approach—The hardware approach is normally used when hardware items can be uniquely identified from schematics, drawings, and other engineering and design data. This approach is recommended for use in a part level up approach often referred to as the bottom-up approach.
17. Functional approach—The functional approach is normally used when hardware items cannot be uniquely identified or when system complexity requires analysis from the top down.
18. Level of analysis—The level of analysis applies to the system hardware or functional level at which failures are postulated. In other words, how the system being analyzed is segregated (e.g., a section of the system, component, sub-component, etc.).
19. Failure definition—This is a general statement of what constitutes a failure of the item in terms of performance parameters and allowable limits for each specified output.
20. Trade-off study reports—These reports should identify areas of marginal and state-of-the-art design and explain any design compromises and operating restraints agreed upon. This information will aid in determining the possible and most probable failure modes and causes in the system.
21. Design data and drawings—Design data and drawings identify each item and the item configuration that perform each of the system functions. System design data and drawings will usually describe the internal and interface functions beginning at system level and progressing to the lowest indenture level of the system. Design data will usually include either functional block diagrams or schematics that will facilitate construction of reliability block diagrams.
22. Block diagrams—Block diagrams that illustrate the operation, interrelationships, and interdependencies of the functions of a system are required to show the sequence and the series dependence or independence of functions and operations. Block diagrams may be constructed in conjunction with, or after defining the system and shall present the system breakdown of its major functions. More than one block diagram is sometimes required to represent alternative modes of operation, depending upon the definition established for the system.
23. Functional block diagrams—Functional block diagrams illustrate the operation and interrelationships between functional entities of a system as defined in engineering data and schematics. An example of a functional block diagram, taken from MIL-STD-1629, is shown in Figure 7.9.
24. Reliability block diagrams—Reliability block diagrams define the series dependence, or independence, of all functions of a system or functional group for each life-cycle event. An example of a reliability block diagram, taken from MIL-STD-1629, is shown in Figure 7.10.
Figure 7.9. Functional block diagram.
Figure 7.10. Reliability block diagram.
25. Severity classification—This classification is assigned to provide a qualitative measure of the worst potential consequences resulting from design error or item failure. Classifications should be assigned to each identified failure mode and each item analyzed in accordance with the loss statements below. It may not be possible to identify an item or a failure mode according to the loss statements in the four categories below, but similar loss statements based on various inputs and outputs can be developed and included in the ground rules for the FMECA activity. Severity classification categories that are consistent with MIL-STD-882 are defined as follows:
· Category I–Catastrophic—A failure that may cause injury or death.
· Category II–Critical—A failure which may cause severe injury, major property damage, or major system damage that will result in major downtime or production loss.
· Category III–Marginal—A failure which may cause minor injury, minor property damage, or minor system damage which will result in delay or loss of system availability or degradation.
· Category IV–Minor—A failure not serious enough to cause injury, property damage or system damage, but will result in unscheduled maintenance or repair.
These categories can be attached to a cost or any other factor, but when used in the established criteria, should be consistent throughout the analysis.
26. FMECA report—The results of the FMECA and other related analyses should be included in a report that identifies the level of the analysis, documents the data sources and techniques used in performing the analysis, and gives the system definition.