1、BSI Standards PublicationBS EN 16602-30-02:2014Space product assurance Failure modes, effects (andcriticality) analysis (FMEA/FMECA)BS EN 16602-30-02:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN16602-30-02:2014.The UK participation in its preparation was
2、 entrusted to TechnicalCommittee ACE/68, Space systems and operations.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplicat
3、ion. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 84240 5ICS 49.140Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authority of theStandards Policy and Strategy Committee on
4、30 September 2014.Amendments issued since publicationDate Text affectedBS EN 16602-30-02:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 16602-30-02 September 2014 ICS 49.140 English version Space product assurance - Failure modes, effects (and criticality) analysis (FMEA/FMECA) Assurance p
5、roduit des projets spatiaux - Analyse des modes de defaillance, de leurs effets (et de leur criticite) (AMDE/AMDEC) Raumfahrtproduktsicherung - Fehlermglichkeits-, Einfluss-(und Kritikalitts-) Analyse (FMEA/FMECA) This European Standard was approved by CEN on 6 April 2014. CEN and CENELEC members ar
6、e bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to
7、the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the C
8、EN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedon
9、ia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN/CE
10、NELEC All rights of exploitation in any form and by any means reserved worldwide for CEN national Members and for CENELEC Members. Ref. No. EN 16602-30-02:2014 EBS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 2 Table of contents Foreword 5 Introduction 6 1 Scope . 8 2 Normative references . 9 3 Terms,
11、 definitions and abbreviated terms 10 3.1 Terms from other standards 10 3.2 Terms specific to the present standard . 10 3.3 Abbreviated terms. 12 4 FMEA requirements 13 4.1 General requirements . 13 4.2 Severity categories . 14 4.3 Identification of critical items . 16 4.4 Level of analysis . 16 4.5
12、 Integration requirements . 16 4.6 Detailed requirements . 19 4.7 FMEA report . 20 5 FMECA requirements . 21 5.1 General requirements . 21 5.2 Criticality ranking 21 5.3 Identification of critical items . 23 5.4 FMECA report . 23 6 FMEA/FMECA implementation requirements . 24 6.1 General requirements
13、 . 24 6.2 Phase 0: Mission analysis or requirements identification 24 6.3 Phase A: Feasibility 24 6.4 Phase B: Preliminary definition . 25 6.5 Phase C: Detailed definition 27 6.6 Phase D: Production or ground qualification testing 30 BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 3 6.7 Phase E: Utili
14、zation . 30 6.8 Phase F: Disposal. 30 7 Hardware-software interaction analysis (HSIA) . 31 7.1 Overview 31 7.2 Technical requirements 31 7.3 Implementation requirements . 32 8 Process FMECA 33 8.1 Purpose and objective 33 8.2 Selection of processes and inputs required 33 8.3 General process FMECA re
15、quirements 34 8.4 Identification of critical process steps 36 8.5 Recommendations for improvement . 36 8.6 Follow-on actions 36 8.6.1 General . 36 8.6.2 In case 1: 37 8.6.3 In case 2: 37 8.6.4 In case 3: 37 Annex A (normative) FMEA/FMECA report DRD 38 Annex B (normative) FMEA worksheet DRD 41 Annex
16、C (normative) FMECA worksheet DRD . 46 Annex D (normative) HSIA form - DRD 50 Annex E (normative) Process FMECA report DRD 54 Annex F (normative) Process FMECA worksheet DRD . 56 Annex G (informative) Parts failure modes (space environment) . 60 Annex H (informative) Product design failure modes che
17、ck list . 71 Annex I (informative) HSIA check list 72 Bibliography . 73 Figures Figure 4-1: Graphical representation of integration requirements . 18 Figure B-1 : Example of FMEA worksheet 45 Figure C-1 : Example 1 of FMECA worksheet 48 Figure C-2 : Example 2 of FMECA worksheet 49 BS EN 16602-30-02:
18、2014EN 16602-30-02:2014 (E) 4 Figure D-1 : Example of HSIA form 52 Figure F-1 : Example of process FMECA . 59 Figure G-1 : Two open contacts (relay stuck in intermediate position) 70 Figure G-2 : Two contacts in opposite positions . 70 Figure G-3 : Short circuit between fix contacts . 70 Figure I-1
19、: Example of HSIA check-list 72 Tables Table 4-1: Severity of consequences 15 Table 5-1: Severity Numbers (SN) applied at the different severity categories with associated severity level 22 Table 5-2: Example of probability levels, limits and numbers 22 Table 5-3: Criticality matrix . 23 Table 8-1:
20、Example of Severity numbers (SN) for severity of failure effects 35 Table 8-2: Probability numbers (PN) for probability of occurrence 35 Table 8-3: Detection numbers (DN) for probability of detection . 35 Table G-1 : Example of parts failure modes 60 Table G-2 : Example of relay failure modes 69 Tab
21、le H-1 : Example of a product design failure modes check-list for electromechanical electrical equipment or assembly or subsystems 71 BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 5 Foreword This document (EN 16602-30-02:2014) has been prepared by Technical Committee CEN/CLC/TC 5 “Space”, the secret
22、ariat of which is held by DIN. This standard (EN 16602-30-02:2014) originates from ECSS-Q-ST-30-02C. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by March 2015, and conflicting national standards
23、shall be withdrawn at the latest by March 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under
24、a mandate given to CEN by the European Commission and the European Free Trade Association. This document has been developed to cover specifically space systems and has therefore precedence over any EN covering the same scope but with a wider domain of applicability (e.g. : aerospace). According to t
25、he CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
26、Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 6 Introduction The Failure Mode and Effects Analysis (F
27、MEA) and Failure Mode, Effects, and Criticality Analysis (FMECA) are performed to systematically identify potential failures in: products (functional and hardware FMEA/FMECA); or processes (process FMECA) and to assess their effects in order to define mitigation actions, starting with the highest-pr
28、iority ones related to failures having the most critical consequences. The failure modes identified through the Failure Mode and Effect Analysis (FMEA) are classified according to the severity of their consequences. The Failure Mode, Effects, and Criticality Analysis (FMECA) is an extension of FMEA,
29、 in which the failure modes are classified according to their criticality, i.e. the combined measure of the severity of a failure mode and its probability of occurrence. The FMEA/FMECA is basically a bottom-up analysis considering each single elementary failure mode and assessing its effects up to t
30、he boundary of the product or process under analysis. The FMEA/FMECA methodology is not adapted to assess combination of failures within a product or a process. The FMEA/FMECA, is an effective tool in the decision making process, provided it is a timely and iterative activity. Late implementation or
31、 restricted application of the FMEA/FMECA dramatically limits its use as an active tool for improving the design or process. Initiation of the FMEA/FMECA is actioned as soon as preliminary information is available at high level and extended to lower levels as more details are available. The integrat
32、ion of analyses performed at different levels is addressed in a specific clause of this Standard. The level of the analysis applies to the level at which the failure effects are assessed. In general a FMEA/FMECA need not be performed below the level necessary to identify critical items and requireme
33、nts for design improvements. Therefore a decision on the most appropriate level is dependent upon the requirements of the individual programme. The FMEA/FMECA of complex systems is usually performed by using the functional approach followed by the hardware approach when design information on major s
34、ystem blocks become available. These preliminary analyses are carried out with no or minor inputs from lower level FMEAs/FMECAs and provide outputs to be passed to lower level analysts. After performing the required lower level FMEAs/FMECAs, their integration leads to the updating and refinement of
35、the system FMEA/FMECA in an iterative manner. BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 7 The Software (S/W) is analysed only using the functional approach (functional FMEA/FMECA) at all levels. The analysis of S/W reactions to Hardware (H/W) failures is the subject of a specific activity, the H
36、ardware-Software Interaction Analysis (HSIA). When any design or process changes are made, the FMEA/FMECA is updated and the effects of new failure modes introduced by the changes are carefully assessed. Although the FMEA/FMECA is primarily a reliability task, it provides information and support to
37、safety, maintainability, logistics, test and maintenance planning, and failure detection, isolation and recovery (FDIR) design. The use of FMEA/FMECA results by several disciplines assures consistency and avoids the proliferation of requirements and the duplication of effort within the same programm
38、e. BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 8 1 Scope This Standard is part of a series of ECSS Standards belonging to the ECSS-Q-ST-30 “Space product assurance - Dependability”. This Standard defines the principles and requirements to be adhered to with regard to failure modes, effects (and cr
39、iticality) analysis (FMEA/FMECA) implementations in all elements of space projects in order to meet the mission performance requirements as well as the dependability and safety objectives, taking into account the environmental conditions. This Standard defines requirements and procedures for perform
40、ing a FMEA/FMECA. This Standard applies to all elements of space projects where FMEA/FMECA is part of the dependability programme. Complex integrated circuits, including Application Specific Integrated Circuits (ASICs) and Field Programmable Gate Arrays (FPGAs), and software are analysed using the f
41、unctional approach. Software reactions to hardware failures are addressed by the Hardware-Software Interaction Analysis (HSIA). Human errors are addressed in the process FMECA. Human errors may also be considered in the performance of a functional FMEA/FMECA. The extent of the effort and the sophist
42、ication of the approach used in the FMEA/FMECA depend upon the requirements of a specific programme and should be tailored on a case by case basis. The approach is determined in accordance with the priorities and ranking afforded to the functions of a design (including operations) by risk analyses p
43、erformed in accordance with ECSS-M-ST-80, beginning during the conceptual phase and repeated throughout the programme. Areas of greater risk, in accordance with the programme risk policy, should be selectively targeted for detailed analysis. This is addressed in the RAMS and risk management plans. T
44、his standard may be tailored for the specific characteristic and constrains of a space project in conformance with ECSS-S-ST-00. BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 9 2 Normative references The following normative documents contain provisions which, through reference in this text, constitu
45、te provisions of this ECSS Standard. For dated references, subsequent amendments to, or revision of any of these publications do not apply, However, parties to agreements based on this ECSS Standard are encouraged to investigate the possibility of applying the more recent editions of the normative d
46、ocuments indicated below. For undated references, the latest edition of the publication referred to applies. EN reference Reference in text Title EN 16601-00-01 ECSS-S-ST-00-01 ECSS system Glossary of terms EN 16603-32-02 ECSS-E-ST-32-02 Space engineering Structural design and verification of pressu
47、rized hardware EN 16602-10-09 ECSS-Q-ST-10-09 Space product assurance Nonconformance control system EN 16602-30 ECSS-Q-ST-30 Space product assurance Dependability BS EN 16602-30-02:2014EN 16602-30-02:2014 (E) 10 3 Terms, definitions and abbreviated terms 3.1 Terms from other standards For the purpos
48、e of this Standard, the terms and definitions from ECSS-S-ST-00-01 apply. For the purpose of this Standard, the following term from ECSS-E-ST-32-02 applies: leak-before-burst 3.2 Terms specific to the present standard 3.2.1 active redundancy redundancy wherein all means for performing a required fun
49、ction are intended to operate simultaneously IEC 60050-191 3.2.2 area analysis study of man-product or man-machine interfaces with respect to the area where the work is performed 3.2.3 criticality combined measure of the severity of a failure mode and its probability of occurrence 3.2.4 end effect consequence of an assumed item failure mode on the operation, function , or status of the product under investigation and its interfaces 3.2.5 failure cause presumed causes associated to a given failure mode 3.2.6 failure effect consequence of an assumed item failure