1、Best Practices Entry: Best Practice Info:a71 Committee Approval Date: 2000-04-17a71 Center Point of Contact: JPLa71 Submitted by: Wil HarkinsSubject: Failure Modes, Effects and Criticality Analysis (FMECA) Practice: Analyze all systems to identify potential failure modes by using a systematic study
2、starting at the piece part or circuit functional block level and working up through assemblies and subsystems. Require formal project acceptance of any residual system risk identified by this process.Abstract: Preferred Practice for Design & Test. Without a formal FMECA process, the system design in
3、tegrity would be determined by the experience and rigor of a large number of individual design engineers. There would be no means of verifying that design risk has been minimized to a degree which yields a high confidence in achieving the mission goals. Analyze all systems to identify potential fail
4、ure modes by using a systematic study starting at the piece part or circuit functional block level and working up through assemblies and subsystems. Require formal project acceptance of any residual system risk identified by this process.Programs that Certify Usage: This practice has been used on th
5、e Viking, Voyager, Magellan and Galileo programs.Center to Contact for Information: JPLImplementation Method: This Lesson Learned is based on Reliability Practice number PD-AP-1307, from NASA Technical Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
6、Memorandum 4322A, Reliability Preferred Practices for Design and Test.Benefit:The FMECA process identifies mission critical failure modes and thereby precipitates formal acknowledgment of the risk to the project and provides an impetus for design alteration.Implementation Method:Through the use of f
7、ormal spread sheets, each potential failure within an assembly is recorded together with its resultant assembly, subsystem, and system effect. The severity of the system failure effect is assigned from a pre-defined list ranging from “negligible effect“ to “mission catastrophic.“ Design alterations
8、can be made at the circuit level (thereby modifying the assembly level) to eliminate a failure mode or to reduce its severity. The remaining failures are evaluated as potential subsystem failures by accounting for possible redundancy or work-arounds. Again design alterations may be invoked. Those re
9、maining up to the system level are reported as single points of failure (SPFs), and the project makes a conscious decision to either retain them or to initiate corrective action.Technical Rationale:Every technical mission carries with it a degree of risk. A mechanism is needed to identify and quanti
10、fy the risk to permit decisions to be made which will ultimately reduce the risk to the minimum permissible level within the project cost, schedule, and performance constraints. Because most spacecraft systems are extremely complex, a method of risk identification must be used which has total visibi
11、lity into the system. The FMECA has been recognized as such an approach and, if implemented rigorously, will provide the necessary visibility.The process requires the assumption of a failure of each part of each unit. The credible failure modes are identified for each part (e.g., capacitors can shor
12、t or open). If a piece part level FMECA is required by project definition, a line item must be entered for each identified mode of each part, e.g., “C23 shorts“. If a project employs a high degree of redundancy, the complexity of a part level FMECA is unnecessary because a presumably redundant eleme
13、nt will perform the function. Thus a functional level FMECA is adequate, e.g., “the amplifier chain formed by Q14, Q15, and Q16 and their associated parts has very low gain“. This failure may have many root part failure causes but if all possible failure modes of the block are identified, e.g., “low
14、 gain, oscillation, high gain, high harmonic distortion“, there is no value in recording the individual part causes. The most essential analysis in a design which uses redundancy is that of the cross-strapping networks. For this reason, a parts level FMECA is considered mandatory for all cross-strap
15、ped redundant elements, either inside an assembly or at an external interface.Impact of Non-Practice: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Without a formal FMECA process, the system design integrity would be determined by the experience an
16、d rigor of a large number of individual design engineers. There would be no means of verifying that design risk has been minimized to a degree which yields a high confidence in achieving the mission goals.Related Practices: N/AAdditional Info: Approval Info: a71 Approval Date: 2000-04-17a71 Approval Name: Eric Raynora71 Approval Organization: QSa71 Approval Phone Number: 202-358-4738Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1