Failure Mode Effects and Criticality Analysis (FMECA) Kim R. Fowler KSU ECE February 2013

Failure Mode Effects and Criticality Analysis (FMECA) Kim R. Fowler KSU ECE February 2013 Purpose for FMECA   In the face of potential failures, d...
Author: Calvin Phelps
4 downloads 0 Views 8MB Size
Failure Mode Effects and Criticality Analysis (FMECA) Kim R. Fowler KSU ECE February 2013

Purpose for FMECA  

In the face of potential failures, determine if design must change to improve:      

 

Reliability Safety Operation

Secondary purpose: estimate reliability of system from base component reliabilities

February 2013

Basic Description  

Determines failure effects at various levels      

 

 

Functions or components Modules or assemblies Subsystems

Failures that appear at interfaces – how do failures propagate and affect other subsystems Qualitative and quantitative    

Tabular, bottom-up approach Single point failures

February 2013

Basic Description (continued)  

Part of detailed design hazard analysis type (DD-HAT); this is done once the system design is completed and you have schematics or detailed functional descriptions of components/modules

February 2013

Goals of FMECA  

Assess system safety    

Bottoms-up analysis focused on design Identifies failures      

 

Provides basis for reducing safety risks  

 

Types occurring at/within each component Effect on component behavior Criticality How might system be reconfigured to mitigate

Documentation of safety considerations

February 2013

Goals of FMECA (continued)  

 

What does it tell developer? – help address risks in priority during design What does it tell regulator? – designers used a measure of discipline and rigor

February 2013

History of FMECA      

Developed for U.S. military in late 1940s Embodied in MIL-STD-1629A Used by    

 

NASA in 1960s for moon program Ford Motor Co. in late 1970s after Pinto gas tank problems Automotive Industry Action Group (AIAG) and American Society for Quality Control (ASQC)    

1993 SAE J-1739

February 2013

FMECA Answers these Questions        

 

What components can fail? How can each component fail? What are the effects of each failure? What are the consequences of each failure? (If reliability data are available: )    

How frequently can it fail? How does it affect system reliability?

February 2013

FMECA Inputs – Part 1  

System context    

Mission System design    

 

Operational constraints    

 

Identifies the subsystems Granularity determines extent of analysis Logical dependencies Data flow

Success and failure boundaries    

Defines fault/failure/problem propagation How faults/failures/problems are contained

February 2013

FMECA Inputs – Part 2  

Data on each component  

 

       

Possible failure types, e.g. short together two electrical signal pins Possible operational modes, e.g. expected mechanical actions from control operations Connection to other components Immediate effects of failure Systemic effects of failure (For reliability calculations: probability of failure or occurrence)

February 2013

FMECA Outputs - Lists of Effects    

Effects (failures) Criticality    

One set of characterizations Safety in medical domain            

0 1 2 3 4 5

= = = = = =

February 2013

none, no consequence very low (e.g. minor annoyance) low to moderate (e.g. inconvenience) serious (e.g. minor injury) severe (e.g. harm and significant injury) catastrophic (e.g. death)

FMECA Outputs (continued)  

Criticality (continued)  

Mission criticality in military domain          

 

0 = none, no consequence 1 = very low (e.g. minor annoyance) 2 = low to moderate (e.g. inconvenience) 3 = serious (e.g. disruption to subsystem) 4 = severe (e.g. loss of subsystem affects other subsystems, reduces effectiveness of mission) 5 = catastrophic (e.g. loss of entire mission)

February 2013

FMECA Outputs – Reliability, RPN  

(For reliability calculations: )    

probability of failure or occurrence RPN    

 

Domain expertise required    

   

risk priority number RPN = (prob. of occurrence) x (criticality) / (prob. of detection) Criticality Probability of detection

Needs component failure rates Subtleties in RPN require careful interpretation

February 2013

Step 1  

 

Understand and list potential hazards that lead to failures within the system (see earlier lectures) List components to be analyzed

February 2013

Step 1 – Examples

February 2013

Step 2  

 

Collect and list failure modes for each component Example: (note – line 3 requires domain expertise, in this case, a heater element might experience corrosion in its connectors that increases electrical resistance and lowers heat dissipation)

February 2013

Step 3  

Collect and list effects for each component:  

Immediate effect  

 

Systemic effect  

 

(failure effect as observed by rest of system at component/module boundary) (effect of failure on overall system behavior)

Please note: effects can expand number of lines in analysis to give clarify failure modes

February 2013

Step 3 – Examples

February 2013

Step 4  

Determine criticality for each component:      

Review systemic effects Subjectively gauge how critical Select criticality:            

0 1 2 3 4 5

= = = = = =

February 2013

none, no consequence very low (e.g. minor annoyance) low to moderate (e.g. inconvenience) serious (e.g. minor injury) severe (e.g. harm and significant injury) catastrophic (e.g. death)

Step 4 – Example

February 2013

Step 5 (if calculating reliability)  

 

 

List probability of failure for each component (e.g. from MIL-HDBK-217) Reliability = probability that the system will operate correctly for a specified continuous time duration under specified conditions. Definitions:      

 

 

λ = # failures / unit time for each component System failure rate: λsys = λ1+ λ2+ λ3+…+ λn Critical failure rate: λ’ = f • λ1, f =fraction of failures that make system inoperable Assume single, independent failure, no common cause

Unreliability: Q(T) = 1 – exp(- λ’T) February 2013

Step 5 – Example

February 2013

Step 5 - NOTES    

 

MTTF = mean time to failure MTTF values made up for purposes of illustration 11.4 years = 100,000 hours

February 2013

Step 6 (if calculating RPN)  

Collect for each component:      

Probability of occurrence (from failure rate) Probability of detection (% or between 0 and 1) Calculate RPN  

RPN = (prob. of occurrence) x (criticality) / (prob. of detection)

February 2013

Step 6 – Example

February 2013

Step 6 - NOTES  

Larger RPNs indicate priority to fix or mitigate these particular faults    

Most important in this example = 0.3893 Next in importance = 0.3504

February 2013

Extensions to FMECA  

Ericson suggests additional columns that could be added to enhance understanding of failures and hazards:  

 

Causal factors – between failure mode and effects columns to give more comment to type or location of failure or extenuating circumstances Failure detection after the effects columns, e.g.:      

Inspection Test none

February 2013

Extensions to FMECA – Part 2  

Controls after the failure detection column, e.g.:      

 

Hazard after the controls column, e.g.:        

   

Quality Assurance (QA) Built-in-test None Fire Premature operation Damage None

Final column for “Recommended Action” See reproduced Table 13.4 on pp. 253-254 February 2013

Ericson example FMECA

February 2013

EXAMPLE AND CLASS EXERCIES February 2013

Example – Incubator Isolette

http://www.worldbiomedsource.com/images/products/pimage/Air%20Shield%20C550.jpg

February 2013

Simple Isolette Diagram

February 2013

Ex. – Isolette Heater Element

February 2013

CLASS EXERCISE – FAN, DUCTING, AND DAMPERS February 2013

Steps 3 - 4    

Steps 1 and 2 done for you. Collect and list effects for each component:    

 

Immediate effect Systemic effect

Determine criticality for each component:            

0 1 2 3 4 5

= = = = = =

none, no consequence very low (e.g. minor annoyance) low to moderate (e.g. inconvenience) serious (e.g. minor injury) severe (e.g. harm and significant injury) catastrophic (e.g. death)

February 2013

Exercise – Isolette Airflow Fan

February 2013

Solution – Isolette Airflow Fan

February 2013

CLASS EXERCISE – THERMAL SAFETY INTERLOCK February 2013

Steps 3 - 4    

Steps 1 and 2 done for you. Collect and list effects for each component:    

 

Immediate effect Systemic effect

Determine criticality for each component:            

0 1 2 3 4 5

= = = = = =

none, no consequence inconsequential or very low low to moderate serious severe catastrophic

February 2013

Exercise –Thermal Interlock

February 2013

Solution –Thermal Interlock

February 2013

From Aerospace, Detail of pin in a connector

FINAL EXAMPLE

February 2013

Ex. FMECA from aerospace

February 2013

Ex. 2 FMECA from aerospace

February 2013

(© 2008 by Kim Fowler, used with permission. All rights reserved.)

FINAL THOUGHTS ON FMECA

February 2013

FMECA Advantages          

Easily understood and performed Relatively inexpensive (terms of effort) Gives rigor and focuses analyses Can provide reliability prediction Commercial software available

February 2013

FMECA Disadvantages  

 

 

Single mode failures only, not combinations of failures Does not identify hazards unrelated to failure Very limited examination of:      

 

Human error External influences and interfaces Software or operations – focus is hardware

Requires system/product expertise February 2013

Parting Comments  

 

FMECA should be used in combination with other analytical tools, not as sole tool for hazard analysis FMEDA is an extension (favored by some)    

Failure rates Diagnostics (the “D” replacing the “C”)

February 2013

Reference  

 

Clifton A. Ericson II, “Hazard Analysis Techniques for System Safety,” WileyInterscience, A John Wiley & Sons, Inc., Publication, 2005, pp. 235 – 259. Based on MIL. STD. 882

February 2013

Suggest Documents