FMECA
Encyclopedia
Failure mode, effects and criticality analysis (FMECA) is an extension of failure mode and effects analysis
(FMEA). FMEA is a bottom-up, inductive
analytical method which may be performed at either the functional or piece-part level. FMECA
extends FMEA by including a criticality analysis, which is used to chart the probability
of failure modes against the severity of their consequences. The result highlights failure modes with relatively high probability and severity of consequences, allowing remedial effort to be directed where it will produce the greatest value. FMECA tends to be preferred over FMEA in space
and North Atlantic Treaty Organization (NATO) military
applications, while various forms of FMEA predominate in other industries.
, which published MIL–P–1629 in 1949. By the early 1960s, contractors for the U.S. National Aeronautics and Space Administration (NASA) were using variations of FMECA under a variety of names. In 1966 NASA released its FMECA procedure for use on the Apollo program. FMECA was subsequently used on other NASA programs including Viking
, Voyager
, Magellan
, and Galileo.
Possibly because MIL–P–1629 was replaced by MIL–STD–1629 (SHIPS) in 1974, development of FMECA is sometimes incorrectly attributed to NASA.
At the same time as the space program developments, use of FMEA and FMECA was already
spreading to civil aviation. In 1967 the Society for Automotive
Engineers
released the first civil publication to address FMECA. The civil aviation industry now tends to use a combination of FMEA and Fault Tree Analysis
in accordance with SAE ARP4761
instead of FMECA, though some helicopter manufacturers continue to use FMECA for civil rotorcraft.
Ford Motor Company began using FMEA in the 1970s after problems experienced with its Pinto
model, and by the 1980s FMEA was gaining broad use in the automotive industry. In Europe,
the International Electrotechnical Commission published IEC 812 (now IEC 60812) in 1985, addressing both FMEA and FMECA for general use. The British Standards Institute published BS 5760–5 in 1991 for the same purpose.
In 1980, MIL–STD–1629A replaced both MIL–STD–1629 and the 1977 aeronautical FMECA standard MIL–STD–2070. MIL–STD–1629A was canceled without replacement in 1998, but nonetheless remains in wide use for military and space applications today.
FMECA may be performed at the functional or piece part level. Functional FMECA considers the effects of failure at the functional block level, such as a power supply or an amplifier.
Piece part FMECA considers the effects of individual component failures, such as resistors,
transistors, microcircuits, or valves. A piece part FMECA requires far more effort, but is
sometimes preferred because it relies more on quantitative data and less an engineering
judgment than a functional FMECA.
The criticality analysis may be quantitative or qualitative, depending on the availability
of supporting part failure data.
hierarchy such as systems, subsystems or equipment, units or subassemblies, and piece parts. Functional descriptions are created for the systems and allocated to the subsystems,
covering all operational modes and mission phases.
agreed to. This might include, for example:
block diagrams or fault trees are usually constructed at the same time. These diagrams are
used to trace information flow at different levels of system hierarchy, identify critical
paths and interfaces, and identify the higher level effects of lower level failures.
modes is developed. For functional FMECA, typical failure modes include:
For piece part FMECA, failure mode data may be obtained from databases such as RAC
FMD–91 or RAC FMD–97. These databases provide not only the failure modes, but also the failure mode
ratios. For example:
Each function or piece part is then listed in matrix form with one row for each failure
mode. Because FMECA usually involves very large data sets, a unique identifier must be assigned to each item (function or piece part), and to each failure mode of each item.
criteria identified in the ground rules. Effects are separately described for the local, next higher, and end (system) levels. System level effects may include:
The failure effect categories used at various hierarchical levels are tailored by the
analyist using engineering judgment.
usually having 3 to 10 severity levels, is used. For example, When prepared using MIL–STD–1629A, failure or mishap severity classification normally follows MIL–STD–882.
Current FMECA severity categories for U.S. Federal Aviation Administration
(FAA), NASA and European Space Agency
space applications are derived from MIL–STD–882.
failure in question is analyzed. One of the following will be entered on each row of the FMECA matrix:
assessment, a mishap probability code or number is assigned and entered on the matrix. For
example, MIL–STD–882 uses five probability levels:
The failure mode may then be charted on a criticality matrix using severity code as one axis
and probability level code as the other.
For quantitative assessment, modal criticality number is calculated for each failure mode of each item, and item crticality number is
calculated for each item. The criticality numbers are computed using the following values:
The criticality numbers are computed as and .
The basic failure rate is usually fed into the FMECA from a failure rate prediction based on MIL–HDBK–217, PRISM, RIAC 217Plus, or a similar
model.
The failure mode ratio may be taken from a database source such as RAC FMD–97. For functional level FMECA, engineering judgment may be required to assign failure mode ratio.
The conditional probability number represents the conditional
probability that the failure effect will result in the identified severity classification,
given that the failure mode occurs. It represents the analyst's best judgment as to the
likelihood that the loss will occur.
For graphical analysis, a criticality matrix may be charted using either or on one axis and severity code on the other.
criticality number. This enables the analysis to identify critical items and critical
failure modes for which design mitigation is desired.
the stress level at which a critical item operates, or adding redundancy or monitoring to the system.
recommendations, corrective actions to be tracked, and the attached FMECA matrix which may
be in spreadsheet, worksheet, or database form.
calculation is an alternate method to criticality analysis. The is a result
of a multiplication of detectability x severity x
occurrence . Each on a scale from 1 to 10. The highest is
xx = . This means that this
failure is not detectable by inspection, very severe and the occurrence is almost sure. If
the occurrence is very sparse, this would be and the would
decrease to . So, criticality analysis enables to focus on the highest risks.
According to an FAA research report for commercial space transportation,
Failure mode and effects analysis
A failure modes and effects analysis is a procedure in product development and operations management for analysis of potential failure modes within a system for classification by the severity and likelihood of the failures...
(FMEA). FMEA is a bottom-up, inductive
Inductive reasoning
Inductive reasoning, also known as induction or inductive logic, is a kind of reasoning that constructs or evaluates propositions that are abstractions of observations. It is commonly construed as a form of reasoning that makes generalizations based on individual instances...
analytical method which may be performed at either the functional or piece-part level. FMECA
extends FMEA by including a criticality analysis, which is used to chart the probability
Probability
Probability is ordinarily used to describe an attitude of mind towards some proposition of whose truth we arenot certain. The proposition of interest is usually of the form "Will a specific event occur?" The attitude of mind is of the form "How certain are we that the event will occur?" The...
of failure modes against the severity of their consequences. The result highlights failure modes with relatively high probability and severity of consequences, allowing remedial effort to be directed where it will produce the greatest value. FMECA tends to be preferred over FMEA in space
Outer space
Outer space is the void that exists between celestial bodies, including the Earth. It is not completely empty, but consists of a hard vacuum containing a low density of particles: predominantly a plasma of hydrogen and helium, as well as electromagnetic radiation, magnetic fields, and neutrinos....
and North Atlantic Treaty Organization (NATO) military
Military
A military is an organization authorized by its greater society to use lethal force, usually including use of weapons, in defending its country by combating actual or perceived threats. The military may have additional functions of use to its greater society, such as advancing a political agenda e.g...
applications, while various forms of FMEA predominate in other industries.
History
FMECA was originally developed in the 1940s by the U.S militaryUnited States armed forces
The United States Armed Forces are the military forces of the United States. They consist of the Army, Navy, Marine Corps, Air Force, and Coast Guard.The United States has a strong tradition of civilian control of the military...
, which published MIL–P–1629 in 1949. By the early 1960s, contractors for the U.S. National Aeronautics and Space Administration (NASA) were using variations of FMECA under a variety of names. In 1966 NASA released its FMECA procedure for use on the Apollo program. FMECA was subsequently used on other NASA programs including Viking
Viking program
The Viking program consisted of a pair of American space probes sent to Mars, Viking 1 and Viking 2. Each spacecraft was composed of two main parts, an orbiter designed to photograph the surface of Mars from orbit, and a lander designed to study the planet from the surface...
, Voyager
Voyager program
The Voyager program is a U.S program that launched two unmanned space missions, scientific probes Voyager 1 and Voyager 2. They were launched in 1977 to take advantage of a favorable planetary alignment of the late 1970s...
, Magellan
Magellan probe
The Magellan spacecraft, also referred to as the Venus Radar Mapper, was a 1,035-kilogram robotic space probe launched by NASA on May 4, 1989, to map the surface of Venus using Synthetic Aperture Radar and measure the planetary gravity...
, and Galileo.
Possibly because MIL–P–1629 was replaced by MIL–STD–1629 (SHIPS) in 1974, development of FMECA is sometimes incorrectly attributed to NASA.
At the same time as the space program developments, use of FMEA and FMECA was already
spreading to civil aviation. In 1967 the Society for Automotive
Engineers
SAE International
SAE International is an organization for engineering professionals in the aerospace, automotive, and commercial vehicle industries. The Society is a standards development organization for the engineering of powered vehicles of all kinds, including cars, trucks, boats, aircraft, and others.SAE...
released the first civil publication to address FMECA. The civil aviation industry now tends to use a combination of FMEA and Fault Tree Analysis
Fault tree analysis
Fault tree analysis is a top down, deductive failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events...
in accordance with SAE ARP4761
ARP4761
ARP4761, Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment is a standard from the Society of Automotive Engineers . In conjunction with SAE ARP4754, ARP4761 is used to demonstrate compliance with 14 CFR 25.1309 in the U.S...
instead of FMECA, though some helicopter manufacturers continue to use FMECA for civil rotorcraft.
Ford Motor Company began using FMEA in the 1970s after problems experienced with its Pinto
Ford Pinto
The Ford Pinto is a subcompact car produced by the Ford Motor Company for the model years 1971–1980. The car's name derives from the Pinto horse. Initially offered as a two-door sedan, Ford offered "Runabout" hatchback and wagon models the following year, competing in the U.S. market with the AMC...
model, and by the 1980s FMEA was gaining broad use in the automotive industry. In Europe,
the International Electrotechnical Commission published IEC 812 (now IEC 60812) in 1985, addressing both FMEA and FMECA for general use. The British Standards Institute published BS 5760–5 in 1991 for the same purpose.
In 1980, MIL–STD–1629A replaced both MIL–STD–1629 and the 1977 aeronautical FMECA standard MIL–STD–2070. MIL–STD–1629A was canceled without replacement in 1998, but nonetheless remains in wide use for military and space applications today.
Methodology
Slight differences are found between the various FMECA standards. By RAC CRTA–FMECA, the FMECA analysis procedure typically consists of the following logical steps:- Define the system
- Define ground rules and assumptions in order to help drive the design
- Construct system block diagrams
- Identify failure modes (piece part level or functional)
- Analyze failure effects/causes
- Feed results back into design process
- Classify the failure effects by severity
- Perform criticality calculations
- Rank failure mode criticality
- Determine critical items
- Feed results back into design process
- Identify the means of failure detection, isolation and compensation
- Perform maintainability analysis
- Document the analysis, summarize uncorrectable design areas, identify special controls necessary to reduce failure risk
- Make recommendations
- Follow up on corrective action implementation/effectiveness
FMECA may be performed at the functional or piece part level. Functional FMECA considers the effects of failure at the functional block level, such as a power supply or an amplifier.
Piece part FMECA considers the effects of individual component failures, such as resistors,
transistors, microcircuits, or valves. A piece part FMECA requires far more effort, but is
sometimes preferred because it relies more on quantitative data and less an engineering
judgment than a functional FMECA.
The criticality analysis may be quantitative or qualitative, depending on the availability
of supporting part failure data.
System definition
In this step, the major system to be analyzed is defined and partitioned into an indenturedhierarchy such as systems, subsystems or equipment, units or subassemblies, and piece parts. Functional descriptions are created for the systems and allocated to the subsystems,
covering all operational modes and mission phases.
Ground rules and assumptions
Before detailed analysis takes place, ground rules and assumptions are usually defined andagreed to. This might include, for example:
- Standardized mission profile with specific fixed duration mission phases
- Sources for failure rate and failure mode data
- Fault detection coverage that system built-in test will realize
- Whether the analysis will be functional or piece part
- Criteria to be considered (mission abort, safety, maintenance, etc.)
- System for uniquely identifying parts or functions
- Severity category definitions
Block diagrams
Next, the systems and subsystems are depicted in functional block diagrams. Reliabilityblock diagrams or fault trees are usually constructed at the same time. These diagrams are
used to trace information flow at different levels of system hierarchy, identify critical
paths and interfaces, and identify the higher level effects of lower level failures.
Failure mode identification
For each piece part or each function covered by the analysis, a complete list of failuremodes is developed. For functional FMECA, typical failure modes include:
- Untimely operation
- Failure to operate when required
- Loss of output
- Intermittent output
- Erroneous output (given the current condition)
- Invalid output (for any condition)
For piece part FMECA, failure mode data may be obtained from databases such as RAC
FMD–91 or RAC FMD–97. These databases provide not only the failure modes, but also the failure mode
ratios. For example:
Device Type | Failure Mode | Ratio (α) |
---|---|---|
Relay | Fails to trip | .55 |
Spurious trip | .26 | |
Short | .19 | |
Resistor, Composition | Parameter change | .66 |
Open | .31 | |
Short | .93 |
Each function or piece part is then listed in matrix form with one row for each failure
mode. Because FMECA usually involves very large data sets, a unique identifier must be assigned to each item (function or piece part), and to each failure mode of each item.
Failure effects analysis
Failure effects are determined and entered for each row of the FMECA matrix, considering thecriteria identified in the ground rules. Effects are separately described for the local, next higher, and end (system) levels. System level effects may include:
- System failure
- Degraded operation
- System status failure
- No immediate effect
The failure effect categories used at various hierarchical levels are tailored by the
analyist using engineering judgment.
Severity classification
Severity classification is assigned for each failure mode of each unique item and entered on the FMECA matrix, based upon system level consequences. A small set of classifications,usually having 3 to 10 severity levels, is used. For example, When prepared using MIL–STD–1629A, failure or mishap severity classification normally follows MIL–STD–882.
Category | Description | Criteria |
---|---|---|
I | Catastrophic | Could result in death, permanent total disability, loss exceeding $1M, or irreversible severe environmental damage that violates law or regulation. |
II | Critical | Could result in permanent partial disability, injuries or occupational illness that may result in hospitalization of at least three personnel, loss exceeding $200K but less than $1M, or reversible environmental damage causing a violation of law or regulation. |
III | Marginal | Could result in injury or occupational illness resulting in one or more lost work days(s), lossexceeding $10K but less than $200K, or mitigatible environmental damage without violation of law or regulation where restoration activities can be accomplished. |
IV | Negligible | Could result in injury or illness not resulting in a lost work day, loss exceeding $2K but less than $10K, or minimal environmental damage not violating law or regulation. |
Current FMECA severity categories for U.S. Federal Aviation Administration
Federal Aviation Administration
The Federal Aviation Administration is the national aviation authority of the United States. An agency of the United States Department of Transportation, it has authority to regulate and oversee all aspects of civil aviation in the U.S...
(FAA), NASA and European Space Agency
European Space Agency
The European Space Agency , established in 1975, is an intergovernmental organisation dedicated to the exploration of space, currently with 18 member states...
space applications are derived from MIL–STD–882.
Failure detection methods
For each component and failure mode, the ability of the system to detect and report thefailure in question is analyzed. One of the following will be entered on each row of the FMECA matrix:
- Normal: the system correctly indicates a safe condition to the crew
- Abnormal: the system correctly indicates a malfunction requiring crew action
- Incorrect: the system erroneously indicates a safe condition in the event of malfunction, or alerts the crew to a malfunction that does not exist (false alarm)
Criticality ranking
Failure mode criticality assessment may be qualitative or quantitative. For qualitativeassessment, a mishap probability code or number is assigned and entered on the matrix. For
example, MIL–STD–882 uses five probability levels:
Description | Level | Individual Item | Fleet |
---|---|---|---|
Frequent | A | Likely to occur in the life of the item | Continuously experienced |
Probable | B | Will occur several times in the life of an item | Will occur frequently |
Occasional | C | Likely to occur some time in the life of an item | Will occur several times |
Remote | D | Unlikely but possible to occur in the life of an item | Unlikely, but can reasonably be expected to occur |
Improbable | E | So unlikely, it can be assumed occurrence may not be experienced | Unlikely to occur, but possible |
The failure mode may then be charted on a criticality matrix using severity code as one axis
and probability level code as the other.
For quantitative assessment, modal criticality number is calculated for each failure mode of each item, and item crticality number is
calculated for each item. The criticality numbers are computed using the following values:
- Basic failure rate
- Failure mode ratio
- Conditional probability
- Mission phase duration
The criticality numbers are computed as and .
The basic failure rate is usually fed into the FMECA from a failure rate prediction based on MIL–HDBK–217, PRISM, RIAC 217Plus, or a similar
model.
The failure mode ratio may be taken from a database source such as RAC FMD–97. For functional level FMECA, engineering judgment may be required to assign failure mode ratio.
The conditional probability number represents the conditional
probability that the failure effect will result in the identified severity classification,
given that the failure mode occurs. It represents the analyst's best judgment as to the
likelihood that the loss will occur.
For graphical analysis, a criticality matrix may be charted using either or on one axis and severity code on the other.
Critical item/failure mode list
Once the criticality assessment is completed for each failure mode of each item, the FMECA matrix may be sorted by severity and qualitative probability level or quantiativecriticality number. This enables the analysis to identify critical items and critical
failure modes for which design mitigation is desired.
Recommendations
After performing FMECA, recommendations are made to design to reduce the consequences of critical failures. This may include selecting components with higher reliability, reducingthe stress level at which a critical item operates, or adding redundancy or monitoring to the system.
Maintainability analysis
FMECA usually feeds into both Maintainability Analysis and Logistics Support Analysis, which both require data from the FMECA.FMECA report
A FMECA report consists of system description, ground rules and assumptions, conclusions andrecommendations, corrective actions to be tracked, and the attached FMECA matrix which may
be in spreadsheet, worksheet, or database form.
Risk priority calculation
RAC CRTA–FMECA and MIL–HDBK–338 both identify Risk Priorty Number (RPN)calculation is an alternate method to criticality analysis. The is a result
of a multiplication of detectability x severity x
occurrence . Each on a scale from 1 to 10. The highest is
xx = . This means that this
failure is not detectable by inspection, very severe and the occurrence is almost sure. If
the occurrence is very sparse, this would be and the would
decrease to . So, criticality analysis enables to focus on the highest risks.
Advantages and disadvantages
Strengths of FMECA include its comprehensiveness, the systematic establishment of relationships between failure causes and effects, and its ability to point out individual failure modes for corrective action in design. Weaknesses include the extensive labor required, the large number of trivial cases considered, and inability to deal with multiple-failure scenarios or unplanned cross-system effects such as sneak circuits.According to an FAA research report for commercial space transportation,
- Failure Modes, effects, and Criticality Analysis is an excellent hazard analysis and risk assessment tool, but it suffers from other limitations. This alternative does not consider combined failures or typically include software and human interaction considerations. It also usually provides an optimistic estimate of reliability. Therefore, FMECA should be used in conjunction with other analytical tools when developing reliability estimates.
See also
- Integrated Logistics SupportIntegrated Logistics SupportIntegrated logistics support is an integrated approach to the management of logistic disciplines in the military, similar to commercial product support or customer service organisations...
- Risk assessmentRisk assessmentRisk assessment is a step in a risk management procedure. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat...
- Safety EngineeringSafety engineeringSafety engineering is an applied science strongly related to systems engineering / industrial engineering and the subset System Safety Engineering...
- System SafetySystem safetyThe system safety concept calls for a risk management strategy based on identification, analysis of hazards and application of remedial controls using a systems-based approach...
Further reading
- "FMEA and FMECA: An Overview of Basic Concepts"
- "FMEA Info Centre"
- "FMEA and FMECA / RCM : Integration to SAP EAM"