Analysis techniques for system reliability; Procedure for failure mode and effects analysis(FMEA)
Some standard content:
1 Scope
National Standard of the People's Republic of China
System reliability analysis techniques
Failure mode and effects analysis (FMEA) ProcedureAnalysis techniques for system reliabilityProcedure for failure mode
and effects analysis (FMEA)621.3-192
GB7826—87Www.bzxZ.net
IEC812—1985
This standard describes failure mode and effects analysis (FMEA) and failure mode, effect and criticality analysis (FMECA), and provides the following guidance on how to achieve various purposes: - Provide the necessary procedures to complete the analysis; - Determine the appropriate terms, assumptions, criticality and failure modes; - Determine the basic principles;
- Provide necessary examples in the form of tables. Since FMECA is an extension of FMEA analysis, all general qualitative analysis used for FMEA expression can be applied to FMECA. This standard is equivalent to the international standard IEC812 (1985). 2 General
Failure mode and effects analysis (FMEA) and failure mode, effects and criticality analysis (FMECA) are reliability analysis methods that aim to identify various failures that have a significant impact on system performance in actual use. Generally speaking, the failure of any component or failure mode has an adverse effect on system performance. Qualitative and quantitative analysis are required in the study of system reliability, safety and effectiveness, and the two are complementary. Quantitative analysis methods can be used to calculate or predict system performance indicators during mission execution or long-term operation under specific conditions. Typical indicators include reliability, safety, effectiveness, failure rate, mean time to failure (MTTF), etc. FMEA is based on component level or sub-device level with clear failure criteria (or major failure modes). Starting from the basic unit failure characteristics and system functional structure, FMEA is used to determine the relationship between unit failure and system failure: or the relationship between unit failure and system malfunction, operation inhibition, and performance or integrity degradation. In order to evaluate the failure of secondary or higher-level systems or subsystems, the time sequence of events may also need to be considered. In a narrow sense, FMEA is limited to the qualitative analysis of hardware failure modes and does not include human errors and software errors, although the latter two are often encountered in actual systems. However, in a broad sense, these factors are also included. The severity of the consequences of failure is described by criticality. Criticality is classified or ranked by the degree of system loss of capability and personal injury, and sometimes expressed in terms of the probability of its occurrence. It is best to determine these probabilities separately. A logical extension of FMEA is to consider the criticality of failure modes and the probability of their occurrence. This analysis of the criticality of failure modes is widely known as FMECA. 2.1 Purpose of Analysis
FMEA and FMECA are very important techniques for reliability assurance planning and can be applied to a wide range of problems and technical systems encountered. The depth and manner of completing FMEA and FMECA can vary to suit a certain purpose. In the planning and technical design stage, limited analysis is carried out, and it is further improved in the design and development stage. However, it should be remembered that FMEA is only a part of the various tasks and activities required in reliability and maintainability planning. FMEA is an inductive method used to complete qualitative analysis from low analysis level to high analysis level in terms of system reliability and safety. In order to carry out FMEA, state diagrams and reliability block diagrams made according to the system structure are required. Separate diagrams are required for the following situations: - For different system failure criteria; - Functional degradation or reduced guaranteed function; - Safety; - Alternative work stage. The purposes of FMEA and FMECA can include: a. Evaluation: At each functional level of the system, evaluate the sequence of events and effects caused by the failure mode of each identified product (regardless of the cause or the functional level at which it occurs); b. Determine the importance and criticality of each failure mode according to the correct function or performance of the system and its impact on reliability and (or) safety;
c. Classify the relevant failure modes according to the detectability, diagnosability, measurability, component replaceability, compensation and operation measures (repair, maintenance and logistics, etc.) and other relevant characteristics of the failure mode; d. Estimate the importance and probability of failure based on the availability of data. 2.2 Application
2.2.1 Scope of FMEA
FMEA is mainly a method used to study the failure of components and equipment, and can be applied to various systems based on different technologies (electrical, mechanical, hydraulic transmission devices, etc.) and various technologies. FMEA can also be used to study software and human behavior. 2.2.2 Application of FMEA in an engineering project Users should clearly understand the purpose and how to use FMEA in their own technical projects. FMEA can be used alone or as a supplement and support to other reliability analysis methods. FMEA is required to understand the hardware characteristics and infer the conditions when the system or equipment is running. The need for FMEA in different engineering projects may vary greatly. FMEA is not only a technology to assist design review, but also a guarantee and evaluation method that can be applied in the initial stage of system and subsystem design. FMEA is suitable for system design at all levels. Special training is required for personnel who complete FMEA work, and they must work together with system engineers and designers. FMEA must be revised in a timely manner as the project progresses and when the design is modified. Before the end of the project, FMEA can be used to check the engineering design. FMEA can also be used as a basis for demonstrating whether the designed system meets standards, procedures and meets user requirements. The information obtained from FMEA can identify process control and inspection tests during production and installation, as well as the focus of identification, approval, delivery and startup tests. At the same time, it can also provide important information for diagnostic and maintenance procedures. When determining the scope and method of applying FMEA to a product or design, the specific purpose for which the FMEA results are needed and the temporal coordination of FMEA with other engineering activities should be considered. The importance of pre-setting a certain level of warning and control measures for undesirable failure modes and effects should also be considered. This obtains a broad FMEA method at a specific level (system, subsystem, component, etc.), thereby linking the iterative design and development process. To ensure the use of FMEA technology, clear provisions should be made in reliability planning. 2.2.3 Purpose of FMEA
The specific uses and benefits of FMEA are as follows:
a. Find out various failures that, when occurring alone, will lead to unacceptable or serious impacts, and determine the failure modes that may have a serious impact on the expected or required work, which may include dependent failures; b. Determine the requirements for the following:
-Remainder,
GB7826-87
Design to increase the probability of "failure-safety" after a failure occurs;-Further derating and (or) simplifying the design; selecting replacement materials, parts, components or entire parts; c.
Identify the consequences of serious failures, design review and design modification; d.
Provide the required logical model to estimate the probability of abnormalities in the system under working conditions; e. .
Reveal safety hazards and product liability issues or inconsistencies with various regulatory requirements; f.
Ensure that the test outline can discover various potential failure modes; establish a work cycle to prevent and avoid wear and tear failure; propose key links that require key quality control, inspection and manufacturing process control: avoid expensive design changes by discovering various design defects earlier; show
Establish requirements for data recording and monitoring during testing, inspection and use; k.
Provide information for selecting repair and maintenance points, in-machine test equipment and appropriate test points and writing troubleshooting guides; 1.
Promote or help determine test criteria, test plans and diagnostic procedures. For example, performance tests, reliability tests; m.
Find circuits that require worst-case analysis (failure modes of parameter drift often require worst-case analysis); n.
Assist in designing fault isolation sequences, alternative working modes and reorganization structures; o
Facilitate communication between the following personnel: p.
General engineers and specialized engineers; 一一between the equipment contractor and his supplier; 一一between the system user and the designer or manufacturer; q
r. Provide a systematic and rigorous method for the study of system equipment. 2.2.4 Limitations and disadvantages of FMEA
FMEA is very effective when used for the analysis of failure of the entire system caused by a component. However, for complex systems with multiple functions and composed of a large number of components, the implementation of FMEA may be difficult and cumbersome. This is due to the large amount of detailed information that must be considered from the system. These difficulties will also increase with the consideration of the possible working modes of the system and the repair and maintenance policies. Another limitation is that the consequences of human errors are usually not included. The study of human-machine relations is a special issue. Usually, human errors appear in time sequence during the operation of the system, and the study of their influence must be carried out through certain methods, such as cause-and-effect analysis. Nevertheless, FMEA can be used to identify components that are very sensitive to human factors. When the influence of the environment is important, FMEA shows more limitations. When considering these effects, a very comprehensive understanding of the characteristics and performance of the different components of the system is required. It should be noted that human error and environmental influences are the main causes of common mode or common cause failures, and this issue will be covered in Section 3.6.1. 3 Basic principles of FMEA
3.1 Terms
Except where otherwise specified, all terms comply with the provisions of GB3187-82 "Basic Terms and Definitions of Reliability". 3.2 Basic concepts
The basic concepts related to FMEA are:
-Decomposing the system into basic "units"-In order to complete FMEA, the system functional structure diagram and various data are required;-The concept of failure mode;
-The concept of criticality (if criticality analysis is required). Before and at the final stage of elaborating the steps of FMEA implementation, it is important to explain the relationship between FMEA (and FMECA) and other qualitative (and quantitative) analysis methods. 3
3.3 Define the functional structure of the system
GB7826—87
The analysis should start from the lowest level of interest (such as components, circuits or assemblies) with sufficient information. At the lowest analysis level, list the various failure modes that may occur in each unit of this level, as well as the failure effects corresponding to each failure mode, whether separate or sequential. When considering the failure effects at the next higher functional level, the above failure effects are interpreted as a failure mode. Continuous iteration will generate all the functional aspects that need to be analyzed in the relevant aspects. energy level, up to the failure effects at the system or highest functional level. It is important to determine the functional level to be decomposed for analysis, for example, the system can be decomposed into subsystems, replaceable minimum products or parts (components), etc. Non-electrical products must also be considered in this regard. When quantitative results are required, the selectable level must be one that can obtain appropriate (and reliable) failure rate data for each failure mode or error mode, or that can make reasonable assumptions about these failure rates. The selection of the decomposition level requires a reliable and detailed understanding of the failure modes of the basic components. Apart from this, it is impossible to establish strict rules for the selection of the decomposition level. 3.4 Information required to complete FMEA
3.4.1 System structure
The following information is required:||tt| |-- Characteristics, performance, role and function of different components of the system; - The connection between each unit;
- Redundancy level and nature of redundant systems; - The position of the system in the whole equipment (if possible); Data on functions, characteristics and performance are required for all levels of decomposition required up to the highest level. 3.4.2 The startup, operation, control and maintenance of the system should describe the status of the system under different working conditions, as well as the changes in the composition and position of the system and its components at different operating stages. The minimum performance requirements of the system should be defined, and special requirements for effectiveness and safety should be considered in terms of the specified performance and damage level.
The following must be understood:
- The duration of each task; ||t t||- the time interval between periodic tests;
the time the system can take corrective actions before serious consequences occur;- the overall equipment, environment and personnel situation;- the repair activities and the time required, equipment and (or) personnel situation. Further required information is:
- the operating procedures for the system startup time;
- the control of each stage of the working period;
- maintenance and (or) repair;
- the routine test procedures (if used). 3.4.3 System environment
The environmental conditions of the system should be specified, including the ambient environmental conditions and the local environment formed by other systems in the equipment. The relationship between the system and its auxiliary equipment or other systems and human-machine interfaces should be carefully described. All these factors are usually not clear at the design stage of the system, so some assumptions need to be made. As the project progresses, the data will inevitably be improved, and the FMEA should be modified according to new information or changed assumptions. FMEA and any other analysis require a certain system model, that is, to simplify the relevant information of the system. Assumptions may be made about the nature of certain failure modes and the severity of their consequences. For example, sometimes in safety studies, conservative (or fairly generous) assumptions may be made about the effects of certain failures on the system. Performing FMEA on hardware allows decisions to be made about effects, criticality, and various conditional probabilities. This decision includes identifying software units, sequences, and timing. In this case, the facts must be clearly identified because any subsequent changes or improvements to the software may modify the FMEA and the resulting evaluation. Modifications to the FMEA and the associated evaluations may be used as conditions for developing software and approving changes. 3.5 Representation of System Structure The structure and operation of a system can be represented using special graphical symbols. Block diagrams are usually used to show all the basic functions of the system. In the diagram, the boxes are connected by lines representing the outputs and inputs of each function. Usually, the nature of each function and each input must be accurately described. Several diagrams may also be used to cover different stages of the system's operation. In general, graphical methods, including fault trees and cause-effect diagrams, which are closely related to analytical methods, help to more clearly understand the structure and operation of the system. However, this leads to the question of the relationship between FMEA and these methods, which is discussed in Section 3.8. 3.6 Failure Modes
A failure mode is a failure phenomenon that can be observed in a component of a system. As the basic basis for FMEA, it is essential to list all possible or potential failure modes for the system. The manufacturer of components or equipment should participate in the identification of failure modes of the components or equipment sold, in the following ways: 1. If the component is a new product, it can refer to other components and products with similar functions and structures and have completed various tests:
2. If it is a commonly used component, it can refer to laboratory test results, failure reports and performance records; 3. If it is a complex component that can be decomposed into multiple basic parts, it can also be treated as a system and analyzed qualitatively; 4. Potential failure modes can be inferred from the typical physical parameters and functions of the component. Failure modes should be classified. Two commonly used classification methods are: a. Starting from the definition of reliability, the basic failure modes are derived (see Table 1); b. List various failure modes as completely as possible (see Table 2). 3.6.1 Common Mode (or Common Cause) Failure (CMF) In reliability analysis, it is not sufficient to consider only random independent failures. Common Mode (or Common Cause) Failures (denoted as CMF) may also occur. This failure mode is due to the same cause, such as design or human error, and failures occur simultaneously on several systems or components, causing system performance degradation. CMF is a failure caused by the same cause on two or more components due to interdependent events (excluding secondary failures caused by primary failures). FMEA can be used to make a qualitative analysis of CMF. Because of the FMEA procedure, each failure mode and its cause are investigated one by one, and all regular testing and maintenance procedures are identified. The FMEA method can be used to study the potential CMF causes that may be induced. These causes can be divided into five main categories: environmental effects (normal, abnormal and accidental); a.
Design defects;
c. Manufacturing defects;
Assembly errors;
Human errors (operation period or maintenance period).
Rely on these classification comparison tables to carefully identify all possible causes of CMF. Redundancy technology alone cannot completely solve the problem of CMF. When dealing with common mode failures, a combination of several methods is effective. Such as functional diversity, different forms of redundancy, physical separation, testing, etc. The above comparison table can be used to check the relevance and efficiency of each group of methods. Strictly discussing preventive measures to prevent CMF is beyond the scope of FMEA. 3.6.2 Human factors
Some human errors are allowed in some system designs, such as mechanical interlocks provided in railway signal systems, passwords when using computers or modifying data. When there are preventive measures in the system, the effect of preventing facility failure will depend on the type of error. For a system that will not have other failures, the mode of human error should also be considered in order to check the effectiveness of preventive measures. Although the list is not complete, it is also helpful to list some modes.
3.6.3 Software Errors
Functional malfunctions caused by software errors will cause various effects, the severity of which depends on the design of both the hardware and the software. Analysis of such errors or inappropriate assumptions and their effects is only possible to a limited extent and is beyond the scope of FMEA. However, the effects of possible software errors on the associated hardware can be estimated. 3.7 Concept of Criticality
The extent of any failure state should obviously be described in terms of the probability of failure and the severity of its effects. The concept of criticality quantifies the analysis and serves as a supplement to FMEA. Because criticality is basically a concept related to the severity of the consequences of failure and the probability of its occurrence, there is no universal criterion for the criticality of an applicable system. Severity itself depends on the consequences of the failure of the object under consideration, whether it endangers life safety, causes major damage, or affects the effectiveness of service, etc., and can be defined in many different ways.
The concept of criticality is of great benefit to the FMEA process because it requires consideration of the following issues: - more in-depth analysis of the product to eliminate a particular hazard or increase the probability of "fail-safe", reduce the failure rate or reduce the risk and scope of destructive consequences; - products requiring special attention during manufacturing, strict quality control, or control of special operations; - special requirements in the purchase specifications involving design, performance, reliability, safety or quality assurance; - acceptance criteria for subcontracted production, including various parameters that require strict testing; - various special procedures, measures, protective devices, monitoring or alarm systems, etc.; - the maximum cost-effectiveness of investments in preventing accidents. In order to define criticality, a numerical scale is needed to judge the severity of the consequences according to the criteria considered. Appendix B gives an example of a classification of the severity of the consequences into four levels. The actual choice of the number of such levels is quite arbitrary. In this case, the number of levels is determined by the combination of relevant criteria considered, and involves the following factors: - personal safety (injury, death);
- loss of system function;
- environmental impact and equipment damage;
"mutated", "fatal", "serious", "mild" and other terms have been widely used, but the definitions in GB3187-82 may or may not be consistent with the specific situation of FMEA application. These words can be specifically defined in various research fields. 3.8 Relationship between FMEA and other analysis methods It is necessary to discuss how to combine and apply various analysis methods of system reliability and effectiveness in a project. FMEA (or FMECA) can be applied alone. Induction is often used as a supplement to other analysis methods, especially deductive reasoning research. Is induction or reasoning mainly used in the design stage? It is often difficult to make a decision because the two are combined in the thinking and analysis process. When identifying risk levels in industrial equipment and systems, induction is preferred, so FMEA is a basic analysis tool. However, it should be supplemented by other methods when multiple failures and sequential effects must be studied. One method may be developed before the other, according to the project plan. In the initial stages of design, when only the functions, the general structure of the system and the subsystems are determined, the reliability block diagram or fault tree can be used to describe the intact functions or failure paths of the system, respectively. However, before the system is designed, the inductive process of FMEA applied to the subsystems can help describe these diagrams of the system. In this case, the FMEA method cannot be a definite procedure, but a thinking process that is difficult to express in a very strict tabular form. In general, FMEA provides basic but not sufficient analysis for analyzing a complex system containing various functions, a large number of components, and interactions between the components. 4 Analysis Process
The variability and complexity in system design and use require that the development work be consistent with the available information in order to be highly adapted to the specific FMEA analysis procedure. The following are the basic steps used in FMEA studies: Define the system, its functions and minimum operating requirements; a.
Prepare functional and reliability block diagrams and other diagrams or mathematical models, and provide textual descriptions; b.
Determine the basic principles of analysis and the corresponding documents used to complete the analysis; c.
GB7826—87
Find out the failure modes, causes and effects, as well as their relative importance and sequence; d.
Find out the detection, isolation measures and methods of failure; e.
Find out the preventive measures in design and work to prevent particularly undesirable events; f
Determine the severity of the event (only applicable to FMECA); h.
Estimate the probability of failure (only applicable to FMECA); i. Investigate the specific combination of multiple failures considered (optional); j. Recommendations.
The FMEA procedure can be completed without criticality analysis. If not, steps g and h can be omitted. 4.1 Define the system and its requirements
4.1.1 Define the system
A complete definition of a system includes its primary and secondary functions, purpose, expected performance, system constraints and conditions that constitute failure. Since any given system has one or more operating modes and may be at different stages of system operation, the definition of the system should also include the functional description of each mode of system operation and its continuous working period. 4.1.2 Define functional requirements
The acceptable functions and performance of the system and its components, as well as unacceptable performance characteristics, must be defined. Functional requirements should include: the specified characteristics in the working and non-working states, all relevant time periods and all environmental conditions. 4.1.3 Define environmental requirements
The expected working environment, exposure environment and storage environment of the system should be clearly defined, and the expected performance requirements in specific environments should be specified. The environment can include a variety of factors, such as temperature, humidity, radiation, vibration, pressure, etc. The system used for control should also consider the impact of psychological, physiological and other environmental factors on personnel's task execution and system operation. 4.1.4 Management requirements
When specifying system requirements, all factors applicable to production management, use, by-products during work and other factors affecting system design should be taken into account.
4.2 Drafting block diagrams
Diagrams representing system functional factors are necessary for understanding technical functions and subsequent analysis. These diagrams should show any series and redundant relationships between various units, as well as the functional correlation between them, so that functional failures can be traced through the system. Several diagrams may be required for different possible working modes of the system, and a logic diagram can be made for each working mode. The block diagram should at least include the following: a. Decompose the system into several major subsystems containing functional relationships; b. Appropriately mark all inputs, outputs and identification codes for each unit, and each subsystem should always use these codes;
All redundancies, replacement signal paths and other engineering features that can provide "fail-safe" measures. c.
4.3 Establish basic principles
4.3.1 Level of Analysis
The basic criteria for selecting the level of analysis of the system depend on the required results and the availability of design data. The guiding principles used are as follows: a. Select the highest system level based on the design concept and the specified output requirements; b. The lowest system level for effective analysis should be the level that has the information necessary to establish the function definition and function description. The selection of the lowest system level is influenced by past experience. For systems with mature designs, good reliability, maintainability and safety records, detailed analysis is not necessary. On the contrary, any newly designed system with unknown reliability history requires detailed analysis, and the lower system level should be the lowest system level;
c. When determining the lower system level, the specified or expected maintenance and repair level may be a valuable basis. First, the lowest system level for completing system maintenance should be found (find the minimum replaceable unit). The analysis work will be carried out at the level above the lowest system for completing maintenance. For the critical units of the system, the analysis work can be done to the lowest replaceable unit. 7
4.3.2FMEA Document
GB7826—87
To complete FMEA, it is helpful to design a specific form for the system under study and its related items. The arrangement of the form refers to the form of Appendix A, and the following contents are usually required: Name of the system unit to be analyzed;
Functions completed by the system unit;
Identification code to confirm the system unit;
Failure mode;
Failure cause;
Failure effect;
Failure detection method;
Qualitative description of failure importance and replacement measures; i. Remarks;
The following contents can be added to the FMECA worksheet: j. Criticality;
k. Failure probability.
4.4 Failure Modes, Causes and Effects
The successful operation of a system is conditional on the performance of certain key units of the system. The key point of system performance evaluation is to identify key units. In order to effectively speed up the process of identifying failure modes, causes and effects, a list of failure modes prepared in advance can be used according to the following aspects:
——the purpose of the system;
——the special units included in the system;
——the working mode;
——the relevant operating specifications;
——time constraints;
——the environment.
In FMEA, the definition of failure modes, failure causes and failure effects depends on the level of analysis. In the process of analysis, the failure effects found at a lower level can become failure causes at a higher level, and so on. 4.4.1 Failure Modes
Table 1 gives a general classification of failure modes. In fact, each failure mode can be classified into one or several classifications in Table 1, but for specific analysis work, the classification method of Table 1 seems too rough, so Table 1 is expanded to Table 2. The failure modes listed in Table 2 are sufficient to summarize the failure of any unit of the system. When combined with the input and output characteristics of the reliability block diagram, all potential failure modes can be identified and described. 4.4.2 Causes of Failure
The possible causes associated with each postulated failure mode should be identified and described. The cause of each failure mode should be found in order to estimate the probability of occurrence, reveal secondary effects and propose corrective actions. Since a failure mode may have more than one cause, all independent potential causes of each failure mode must be found and described. Failure causes at adjacent levels should also be considered. Table 2 has another utility, which is to effectively identify certain failure modes and failure causes. For example, a power supply may have a general failure mode called "failure in operation", the specific failure mode is "no output" (29) and the failure cause is "open circuit (electrical)" (31).
..comSerial number
4.4.3 Failure effect
GB7826—87
- General failure mode classification examples
Premature operation
Cannot start operation at the specified time
Cannot stop operation at the specified time
Failure during operation
Table 2 List of various failure modes
Failure mode
Structural failure (damage)
Binding or jamming
Cannot maintain normal position
Cannot open
Cannot close
Internal leakage
External leakage
Exceeding the tolerance (upper limit)
Exceeding the tolerance (lower limit)
Unexpected operation
Intermittent operation
Drifting operation
Error indication
Poor flow
Failure mode
Error action
Cannot shut down
Cannot start
Cannot switch
Advance operation
Lag operation
Error input (too large)
Error input (too small)
Error output (too large)
Error output (too small)
No input
No output
Short circuit (electrical)
Open circuit (electrical)
Leakage (electrical)
Other unique failure conditions for system characteristics, requirements and operating limitations
The consequences of each assumed failure mode on the operation, function and status of the system unit should be identified, evaluated and recorded. Maintenance, personnel conditions and the purpose of the system should also be considered. The failure effects should be concentrated on the block diagram being analyzed and on the specific units affected by the failure under consideration.
A failure effect may also affect the next level up to the highest level of analysis. Therefore, the failure effects of each higher level should be evaluated.
4.4.3.1 Local Effects
Local effects are the effects of the failure mode on the unit under consideration. The consequences of each assumed failure are described together with secondary effects at the output. The purpose of determining local effects is to provide a basis for decision when evaluating existing replacement measures or proposing recommended corrective measures. In some cases, there may be no local effects other than the failure mode itself. 4.4.3.2 Final Effects
When determining the final effect, the impact of the assumed failure on the highest functional level is evaluated and defined through the analysis of all intermediate functional levels. 9
GB7826—87
The final effects described may be the consequence of multiple failures (e.g., catastrophic failure due to safety device failure, which is caused by two reasons, namely, the failure of the safety device and the main performance protected by the safety device exceeds the allowable limit). These final effects caused by multiple failures should be indicated in the worksheet. 4.5 Failure detection method
The detection method of the failure mode should be stated. Other failure modes with the same performance as the failure mode under consideration should be listed and analyzed. It should also be considered whether the remaining units need separate failure detection during operation. 4.6 Qualitative description of the importance of failures and the relative importance of replacement measures failures should be recorded in the worksheet. At a given system level, the identification and evaluation of design features for other preventive measures to prevent or mitigate the effects of failure modes should also be recorded in the worksheet. In this way, the worksheet can clearly reflect the true state of the internal functional malfunction of the equipment. Other improvement measures include: - spare units that can continue to work if one or more units fail; - alternative working methods;
- monitoring or alarm devices;
- any other means that allow effective operation or limit the degree of hazard. During the design process, the functional units (hardware and software) of the equipment can be recombined or rearranged to change its capabilities. In this case, the relevant failure modes should be re-examined before redoing the FMEA. 4.7 Remarks column of the worksheet
If no criticality analysis is performed, the notes of the worksheet should include the contents related to the descriptions in each column. Suggestions for improving the design should also be recorded in this column and further elaborated in the summary. The following contents may also be recorded: - Any abnormal conditions;
- The effect of failure of other units;
- Particularly important design features;
- Any explanation for expanding the items recorded in this row; - Other items related to the sequential failure analysis. 5 Criticality analysis
It is hoped that the probability of occurrence of relevant failure modes and the criticality of a failure effect can be estimated and described quantitatively. Quantifying both the probability of occurrence of failure modes and the criticality of failure effects will help to take correct corrective measures, determine the focus of corrective work, and establish a clear boundary between acceptable and unacceptable risks. According to the various requirements, self-standards and constraints of the system, each failure effect considered should be classified according to its criticality to the performance of the entire system. A list of fatal failures should be determined for each item of equipment. Although there are usually acceptable and appropriate classifications for most equipment, they are qualitatively classified according to their severity based on the following results: a. Causing death or injury to personnel or the public; b.
Causing damage to other equipment or the equipment itself; c.
Economic loss due to loss of output or loss of function d.
Mission failure due to the inability of the equipment to perform its primary function. Appendix B is an example of a criticality level based on the examples of death or injury, equipment damage and functional degradation. The selection of criticality classification requires careful and prudent decision making. Because factors such as performance, cost, schedule, safety and risk are related to the evaluation of the system, all relevant factors must be clearly considered. 5.1 Probability of Failure Mode
The probability of occurrence of each assumed failure mode is derived by using analytical methods. Estimating the probability of occurrence of a specific failure mode under specific operating conditions requires a statistically significant reliability database. Using data directly from the above sources, prediction work can be completed at the same time as the FMEA. 5.2 Estimation of Criticality
Criticality estimation can be performed using a criticality grid. When using a criticality grid, the criticality level of the failure mode is usually used as the ordinate, and the probability (or frequency) of the failure mode is used as the abscissa, as shown in Figure 1. The frequency or probability is appropriately divided into four categories: very low, low, medium and high. In many cases, the probability or frequency is not divided into equal intervals. Lu Province
Failure mode occurrence rate
Figure 1 Criticality grid diagram
When the failure mode has been classified and a probability or frequency is given, their values can be found using an appropriate grid diagram. Draw a straight line from the origin of the grid diagram to the diagonal direction. The longer the line, the greater the criticality and the more corrective measures need to be taken. For each criticality analysis, a probability or frequency range should be determined according to its classification. 6 Analysis Report
FMEA (or FMECA) reports can be included in a more extensive study document or exist separately. In either case, the report should include a detailed analysis record and a summary. The summary should include a brief description of the analysis method and level of analysis, assumptions and basic provisions. In addition, the following should be included: - Recommendations for designers, maintenance personnel, planners and users; - Failures that initially occurred alone but caused serious effects; Design changes that have been adopted as a result of FMEA (or FMECA). 11
GB7826-87
Failure mode, effect and criticality analysis worksheet Appendix A
Reference)
Failure effect
Name of design engineer
Name of analyst
Tip: This standard content only shows part of the intercepted content of the complete standard. If you need the complete standard, please go to the top to download the complete standard document for free.