1、RELIABILITY BULLETIN No. 9 * Failure Mode and Effect Analyses NOVEMBER 1971 Prepared by the Ge41 Cmnmftteu on Reliabilitv Engrteerng Department ELECTRONIC INDUSTRIES ASSOCIATION 2001 Eye Street, N.W., Washington, D.C. 20006 Copyright Government Electronics ie basis for grouping the various part falu
2、re modes. e 3 Comparison of Techniques Neither approach stands out as the singular or most appropri- ate technique that should always be the one that is used. Each has certain advantages or strong points which, in con- Junction with the purpose or objective of a particular analysis effort, establish
3、 the basis for selecting on6 in preference O 5- Copyright Government Electronics ;on e f fe ctiveness . The qualitative This is most apropos when an effort-is being put forth Also chen the On the other hand when the analysis Copyright Government Electronics this will influence the level(s) of assemb
4、ly to be analyzed by FMEA. b. Other analyses to be performed, i.e, reliability prediction, safety analysis, thermal analysis, maintainability analysis; it is important that FMEA studles interface effectively with these. As a project evolves and information becomes available, these analyses ought to
5、tend towards a single Integrated effort. 8 Copyright Government Electronics ion V Procedural Elements A specific FMEA form has not been recommended as no one form is applicable to all programs. can be developed using the thirteen elements, defined in this section. 1, Hardware Identification The firs
6、t step in conducting the analysis and documenting the result is to clearly identify the hardware being discussed. Included in the hardware identification are items such as name, drawing number, manufacturer, and identure level (i .e. system, subsystem, equipment, part, material). Hardware identifica
7、tion is of paramount importance in the Part or Bottom-Up Technique where a Piece-Part FMEA is being conducted. This level of analysis is usually performed: A form for a specific program a. At the final stage of design on all hardware when contractually required. b. On hardware deemed critical to sys
8、tem performance or safety. c. On hardware involving new application of design principles where the state-of-the-art is being extended, This form of analysis is mo.re costly and time consuming from both an analytical and a documentation viewpoint than the Top- Down Technique. More levels of effect mu
9、st normally be con- sidered before reaching the htghest or mission level, It does however insure that no critical single failure modes are overlooked A block diagram is useful. in describing hardware interrelations, facilitating the analysis and reducing the documentation re- quired. system or equip
10、ment; In a diagram of an equipmen: each block may represent a component and in the component block diagram each block would typically represent a piece part. The diagram should make clear the relationship of .each block to the others; inputs and outputs should be labeled as to nature and magnitude.
11、If convenient, each block can be labeled and designated by an item number for use in completing a Failure Mode and Effect Analysis form. Examples of Block Diagrams are shown in Figure 3. In a diagram of a system each block represents a sub- 0 li Copyright Government Electronics (amount by which rate
12、 in column 8 exceeds that in column 9). Calculate quotient of itemts estimated failure rate improvement (column 10) and estimated change cost (column 7) to obtain a cost measure of estimated item reliability improvement . Calculate estimated improvement in failure rate for subsystem that incorporate
13、s thfs item. (This calculation will ordinarily require prior synthesis of a subsystem reliability mathematical model that quantitatively relates Subsystem reliability improvement to that of the item, the latter as estimated in column 10.) Calculate quotient of subsystems estimated failure rate impro
14、vement (column 12) and estimated change cost (column 7) to obtaln a cost measure of estimated subsystem reliability improvement. measure would be to compare column 7, Total net savings in operating and maintenance costs over-the planned operational life span of the equipment to ascertain net savfngs
15、 (or net increase in costs) over the operational life span. 9. Failure Detection Frequently, consideration of provisions for detection of specific failure modes is involved in the conduct of %“EA, including reaction time required to institute corrective action, 20 Copyright Government Electronics fa
16、ult trees and logic diagrams are described below. The inclusion of relation- ships such as these should not be overlooked. Frequently a conservative approximation of them in a fault tree plzovides an acceptable solution, a. Conditional dependency between events. The probability of one event occurrin
17、g changes if another event takes place, Copyright Government Electronics & Information Technology Association Reproduced by IHS under license with GEIA Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-b. Individual events time dependent. Probability of an event occu
18、rring is a function of elapsed time. Interaction of two such events involves distribution functions. c. Individual events produce an end event only if they occur in a certain sequence. Usually a FMEA involves an intermix of normal situations with specific fault conditions, Frequently, these fault co
19、nditions do not manifest themselves as such, but give overt indications of apparently normal situations which are not. For example, in the case of a two-position, single-pole relay (a four different contact type faults are possible. 1. a. Moving contact shorte to upper fixed contact, b. Moving conta
20、ct open with respect to upper fixed c. Moving contact shorted to lower fixed contact. contact d. Moving contact open with respect to lower fixed contact Suppose that in normal operation a connection is made between O the-moving contact an the upper fixed contact when the relay is unenergized the mov
21、ing contact $ah the lower fixed contact when the relay is energized (0 ). Contact faults a. and d. above would manifest themselvesonly when the relay was energized. faults b. and c. would show up.only when the relay was unenergized. Under other conditions these faults would appear as normal operatio
22、n p-) and a connection is made between Contact At times when a number of possible factors and events are involved, it becomes unwieldy to encompass them al1 in a single fault tree. One solution is $0 try to break the problem down to several sub trees and end events of which are related.to each other
23、 by the framework of a main tree. In studying the possibility of an undesirable event occurring, there may be severalways in which the event could happen. A separate fault tree generated for each of these ways with a conservative combining of results is one approach to this type of problem. This mai
24、ntains a focus on the undesirable end event and reduces the tendency to become lost ip a maze of interrelationships that might occur in a single overall tree. For example, If the undesirable end event is a missile intact - 25 - Copyright Government Electronics & Information Technology Association Re
25、produced by IHS under license with GEIA Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-EIA RB 71 m 3234b00 OOOb407 5 m 6 or in part leaving a cell, it niight occur by either the first, second, or third stage inadvertently firing. Separate trees might be generated
26、to examine each of these possibilities. When a function is examined with a FMEA, one analysis could be made considering only hardware operation and failure. Another might include human and/or software effects as well. In studying EL complex system, the links between equipment failures and human acti
27、ons frequently are important, Suppose we are interested in the likelihood of the output signal from an equipment exceeding a specified voltage, equipment design concept has been to avoid this by eliminating single failure events that would cause excessive voltage. After confirming that no single fai
28、lure events appear to exist that would produce high output voltage, we want to investigate the possibilities of multiple failures producing this effect. (If the equipment has been inoperative for an extened period of time prior to being energized in the system, the possibilities of multiple part fai
29、lures are real. ) parts failing in specific modes enhence the possibility of high output voltage, while failures of soine parts in other ways reduce the change of high output voltage occurring. A biased, but conservative result is obtained in a FMEA if only those situations contributing to high outp
30、ut voltage are considered. 11. Secondary Failures The Certain Secondary as well as primary failures enter into a FMEA, If a part fails as a result of a fault within itself, it is a primary failure. The fauIt may or may not cause equipment failure. On the other hand, a secondary failure is the result
31、 of the failure of something else, irer, conditional on the 0,ccurrence of a primary fai.lure, Suppose we have an amplifier and a power supply to energize it, the output transistor shorts due to an internal weakness in the part, it is a primary failure. However, if the power supply voltage rises eno
32、ugh to overstress the output transistor of the amplifier causing it to short, then failure of the transistor would be a secondary one. If failure occurs because Secondary failures are at times of equal and even more significance than inltial or primary failures and consequently are an important aspe
33、ct of PMEA. Usually, inclusion of secondary failures in a fault tree requires accompanying notes to explain them. Secondary failures may be shown on diagrams with an appropriate symbol to distinguish them from primary ones. - 26 - Copyright Government Electronics & Information Technology Association Reproduced by IHS under license with GEIA Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-
