1、Dezember 2014DEUTSCHE NORM DIN-Normenausschuss Luft- und Raumfahrt (NL)Preisgruppe 26DIN Deutsches Institut fr Normung e. V. Jede Art der Vervielfltigung, auch auszugsweise, nur mit Genehmigung des DIN Deutsches Institut fr Normung e. V., Berlin, gestattet.ICS 49.140!% 1E-1 4 Occasional 1E-3 P 1E-1
2、3 Remote 1E-5 P 1E-3 2 Extremely remote P 1E-5 1 i. The quantitative approach shall be used when specific failure rates and probability of occurrence data are available. j. Data sources, approved by the customer, shall be listed. k. The data sources shall be the same as those used for the other depe
3、ndability analyses performed for the programme. EN 16602-30-02:2014 (E) DIN EN 16602-30-02:2014-12 23 l. The failure probabilities shall be ranked as per Table 5-2 and relevant entry (the PN) listed in the FMECA worksheet column. m. The CN for a specific failure mode shall be developed from the seve
4、rity of the failure effects and the probability of the failure mode occurrence. n. The CN shall be calculated as the product of the ranking assigned to each factor: CN = SN x PN. o. Failure modes having a high CN shall be given a higher priority in the implementation of the corrective actions than t
5、hose having a lower CN. 5.3 Identification of critical items a. An item shall be considered a critical item if: 1. a failure mode has failure consequences classified as catastrophic, or 2. a failure mode is classified as CN greater or equal to 6 in conformance with Table 5-3. NOTE The customer can t
6、ailor the criteria for critical item identification defining a failure mode as critical according to programme specific needs. Table 5-3: Criticality matrix Severity category SNs Probability level 10-510-310-11 PNs 1 2 3 4 catastrophic 4 4 8 12 16 critical 3 3 6 9 12 major 2 2 4 6 8 negligible 1 1 2
7、 3 4 5.4 FMECA report a. The results of the FMECA shall be documented in a FMECA report in conformance with the DRD in Annex A. EN 16602-30-02:2014 (E) DIN EN 16602-30-02:2014-12 24 6 FMEA/FMECA implementation requirements 6.1 General requirements a. Formal delivery of the FMEA/FMECA shall be in acc
8、ordance with the SOW. NOTE Generally the report is presented at all design reviews. b. In each phase, the FMEA/FMECA shall be reviewed, updated and changes recorded on a continuous basis to maintain the analysis current with the design evolution. NOTE For the project phase definition refer to ECSS-M
9、-ST-10. c. The means of recording the FMEA/FMECA shall be agreed by the customer. 6.2 Phase 0: Mission analysis or requirements identification In this phase the FMEA/FMECA is, typically, not performed. 6.3 Phase A: Feasibility a. The FMEA/FMECA shall assist the trade-off among the various possible d
10、esign concepts by assessing their impact on the project dependability and safety requirements. NOTE The analysis contributes to the overall risk evaluation of each design concept. The functional approach is generally used. b. The FMEA/FMECA shall make use of, as a minimum, the following inputs: 1. t
11、he mission requirements, in particular the dependability and safety requirements; 2. the design documentation of the different product concepts identified in phase 0; EN 16602-30-02:2014 (E) DIN EN 16602-30-02:2014-12 25 3. the hierarchical decomposition of the product functions. NOTE The function d
12、ecomposition is generally derived from the functional analysis. c. The FMEA/FMECA shall be performed to provide the following results: 1. evaluation of the conformance of each design concept function to the system dependability and safety requirements; 2. identification of critical failure scenarios
13、; 3. identification of needs of focused analyses; NOTE For example: fault tree. 4. identification of the features to be implemented for each analysed function in order to meet the system dependability and safety requirements. NOTE 1 Example of the identified features are: functional redundancies or
14、inhibits, possible alternative implementations. NOTE 2 A report for FMEA/FMECA is, typically, not required for phase A. 6.4 Phase B: Preliminary definition a. The FMEA/FMECA shall be performed either according to the functional approach (functional FMEA/FMECA) or to the hardware approach (hardware F
15、MEA/FMECA). NOTE A list of part failure modes is provided in Annex G. b. Rationale for selection of the approach shall be provided considering the following criteria: 1. available design data; 2. product complexity and level of integration; 3. criticality of the product or function; 4. segregation o
16、f function. c. The FMEA/FMECA shall: 1. support the trade-offs from the dependability and safety point of view; 2. support the definition of the requirements to be implemented in the product as redundancies, inhibits, operations to be followed to avoid hazards or loss of mission, and others, such as
17、 fail-safe, leak before burst, and maximum time allowable before compensation activation. d. The FMEA/FMECA shall make use of, as a minimum, the following inputs: 1. The mission requirements and the mission profile. EN 16602-30-02:2014 (E) DIN EN 16602-30-02:2014-12 26 2. The product specification,
18、considering in particular the dependability and safety requirements. NOTE Examples of product specifications are: system or subsystem specification and performance specification. 3. The current hierarchical decomposition of the product functions. NOTE The function decomposition is generally derived
19、from the functional analysis. 4. The design of the product architecture. NOTE Examples of product architecture are: design description, drawings and interfaces description. 5. Available information from the product safety analyses relevant to hazard causes and controls. 6. When applicable, available
20、 information from maintenance analysis relevant to replaceable unit definition. 7. When available, FMEA/FMECAs performed at lower integration levels. 8. For lower level FMEA/FMECAs, agreed list of parts failure modes 9. For FMECA, item failure rates from data sources agreed by the customer. e. The F
21、MEA/FMECA shall provide the following results: 1. Inputs for dependability and safety requirements to be allocated for implementing the prevention and compensation methods and for minimizing the single point failures and the identified critical failure scenarios. NOTE The dependability and safety re
22、quirements are in priority allocated to the product and lower levels. Recommendation to higher levels can be raised too. 2. Input to safety analyses: identification of hazardous consequences due to failures at lower levels and relevant identified prevention and compensation methods. 3. When applicab
23、le, input to maintainability analyses. NOTE Example of the input is the identification of replaceable units for meeting the dependability and safety requirements. 4. Input to software criticality analysis. NOTE Example of the input is the identification of software functional failure consequences. 5. Input to the critical function list or critical item list. NOTE Example of these inputs is the identification of the critical items as defined in clause 4.3 or 5.3. EN 16602-30-02:2014 (E) DIN EN 16602-30-02:2014-12
