Log 211 Supportability Analysis Student Guide
Lesson 6: Failure Mode Effects and Criticality Analysis (FMECA)/Fault Tree Analysis (FTA)
Content
Slide 6-1. Failure Mode Effects and Criticality Analysis (FMECA)/Fault Tree Analysis (FTA)
Welcome to Lesson 6 on Failure Mode Effects and Criticality Analysis (FMECA) and Fault Tree Analysis (FTA).
January 2013Final v1.3
1 of 72
LOG 211 Supportability Analysis Student Guide
Topic 1: Introduction
Content
Slide 6-2. Topic 1: Introduction
2 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-3. Life Cycle Management Framework: Where Are You? What Influence Do You Have?
Failure Mode Effects and Criticality Analysis (FMECA) and Fault Tree Analysis (FTA) are critical for effective system design that meets Reliability, Maintainability, and performance requirements. Both analyses identify system failures and causes and recommended mitigation strategies to reduce the risk of failure.
The FMECA and FTA are fundamental in validating the design. Failures, their consequences, and their mitigation are essential to influencing the design for Supportability. The maximum benefit of completing FMECA and FTA is realized when the investigation of failures is conducted during the Technology Maturation and Risk Reduction (TMRR) and Engineering and Manufacturing Development (EMD) phases of a system’s life cycle rather that after the system’s design is finalized.
Failure modes and their mitigation are validated through the following reviews:
Alternative Systems Review (ASR) System Functional Review (SFR) Preliminary Design Review (PDR) Critical Design Review (CDR) Developmental Test and Evaluation (DT&E) Functional Configuration Audit (FCA) Production Readiness Review (PRR) Physical configuration Audit (PCA) Operational Test and Evaluation (OT&E)
January 2013Final v1.3
3 of 72
Technology Maturation & Risk Reduction
LOG 211 Supportability Analysis Student Guide
Content
Where Are You?
FMECA/FTA analyses occur continuously as a system’s design matures and operational data is gathered from the field.
For competitive prototypes, the initial analysis of system failures, failure mechanisms, and criticality begins in the Technology Development Phase. The earlier these analyses are conducted, the more opportunity to eliminate or mitigate failures through design.
FMECA/FTA are then conducted again during Engineering & Manufacturing Development, as more data become available with system maturity.
Finally, FMECA/FTA are revisited, when required, during Operations & Support, when additional fault data is collected or critical incidents occur which require further investigation into root causes.
What Influence Do You Have?
The Reliability Engineers conduct FMECA and FTA. The Life Cycle Logistician (LCL) plays a prominent role in reviewing the maintenance planning recommendations and modifications that result from these analyses for effectiveness and suitability. The LCL understands each analysis and how they are interrelated, the more impact the LCL will have on achieving an effective and affordable Product Support Strategy.
This role is detailed in Lesson 9: The Maintenance Task Analysis (MTA).
4 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Content
Slide 6-4. FMECA/FTA Lesson Approach
The Set Up, Analyze, and Report Findings approach, as shown on this slide, will frame the discussion on FMECA/FTA. This lesson will provide a detailed description of each of these three process steps.
FMECA Key Questions
How can the system fail? What are the consequences of failure?
FTA Key Questions
Given a single, undesirable event (usually a failure with serious or catastrophic consequences), what is the cause or combination of causes?
What is the probability of that critical event? What design or maintenance changes will increase system Reliability
and prevent the critical failure?
January 2013Final v1.3
5 of 72
LOG 211 Supportability Analysis Student Guide
Content
Content
Slide 6-5. Topics and Objectives
6 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Topic 2: Overview of FMECA and FTA
Content
Slide 6-6. Topic 2: Overview of FMECA and FTA
January 2013Final v1.3
7 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-7. What Are FMECA and FTA?
The Failure Mode and Effects Analysis (FMEA) is a Reliability evaluation and design review technique that examines the potential failure modes within a system to determine the effects of failures on equipment or system performance. Each hardware and software failure mode is classified according to its impact on system operating success and personnel safety. The FMECA’s ‘C’ is for Criticality, which assigns a criticality rating based on severity of impact and frequency. Some level of expert judgment is required to assign criticality rankings.
FMECA analysis is a “bottom up” system analysis. This approach begins looking at the effects of failure at the lowest level of the system hierarchy, and tracing upwards to determine the end effect of each failure on system performance.
Fault Tree Analysis (FTA) is a systematic methodology for defining a single undesirable event and determining all possible reasons (combination of failures) that could cause the event to occur in a “top down” analysis. The FTA focuses on a select subset of failures, specifically those that can cause a catastrophic “top event”, while the FMECA progresses sequentially through all possible system failure modes regardless of severity.
8 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-8. FMECA/FTA: Process Map
FMECA and FTA promote greater understanding of the system design, from identifying design deficiencies to improving maintenance process effectiveness.
January 2013Final v1.3
9 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-9. What Are FMECA/FTA? Influencing Design
FMECA and FTA provide uniform methods for analyzing failures and their effects before finalizing the design. The goal is to improve the system to achieve Reliability and safety requirements effectively and affordably.
Specifically, FMECA and FTA evaluate the system against:
Design requirements Design criteria Performance requirements
FMECA/FTA Reliability, safety, and design analyses assess the validity of design enhancements to assure Reliability and critical safety issues are appropriately mitigated or eliminated.
FMECA/FTA are conducted continuously as part of the closed loop Systems Engineering process defined in Lesson 5: R&M.
10 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-10. What Are FMECA/FTA? Promoting Supportability & Process Efficiency
In addition to recommending design changes to eliminate or mitigate failure modes, FMECA/FTA map failures to corrective and preventive maintenance strategies that reduce the likelihood and mitigate the impact of system failures.
FMECA/FTA provide data for:
Reliability and Maintainability Analyses (e.g., reliability block diagrams) Reliability Centered Maintenance (RCM) Analysis Maintenance Task Analysis (MTA) Level of Repair Analysis (LORA) Additional FMECA/FTA refinements Root failure analysis (diagnostic routines for fault detection and fault
isolation) Determining useful life of a system Developing built-in test, troubleshooting, and quality assurance
methods Developing maintenance manuals and troubleshooting guides
January 2013Final v1.3
11 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-11. What Are FMECA/FTA? Inputs and Outputs
This diagram provides a high-level view of the inputs, process, and outputs of both FMECA and FTA.
12 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-12. FMECA/FTA and the ASOE Model
FMECA and FTA are the foundation of the Affordable System Operational Effectiveness (ASOE) Model, performing the following functions:
Determining what drives system failures Assessing failure criticality/impact on system Availability and safety Recommending remediating action
These FMECA and FTA attributes contribute to ASOE by exposing and prioritizing design flaws early to assure design optimization and mission effectiveness, while reducing Life Cycle Cost/Total Ownership Cost.
January 2013Final v1.3
13 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-13. ASOE Trade-off: Capability vs. Maintenance
FMECA and FTA serve to balance design effectiveness and process efficiency by mitigating failures early in the design process to achieve an affordable solution:
Does the design meet all requirements in the CDD? Does the design meet the KPPs?
What redesign efforts should be undertaken to mitigate failure modes that prohibit achieving technical performance and mission requirements? Note that reliance on a Maintainability-focused maintenance strategy may not mitigate failure modes.
Trade-off considerations:
The cost of redesign vs. the risk/probability of mission failure The cost of proactive maintenance vs. the probability of system failure
or safety hazard to personnel
14 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Topic 3: Set Up – Preparing for FMECA and FTA
Content
Slide 6-14. Topic 3: Set Up – Preparing for FMECA and FTA
January 2013Final v1.3
15 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-15. Set Up – FMECA & FTA
Set Up is similar for both FMECA and FTA: each requires up-front planning and selection of an appropriate tool to conduct the analyses. Additionally, FMECA and FTA draw from similar data inputs.
16 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-16. Build a Plan: Process and Data Management
Planning for FMECA/FTA should include the phases of Set Up, Analysis, and Report Findings, and should consider initial and iterative analyses based on design updates and field data.
Failure Mode Effects and Criticality Analysis Planning
FMECA planning includes:
Ground rules & assumptionso FMECA approach (hardware, software, functional, combination)o Lowest indenture level for analysis. Guidelines:
Lowest level specified in LSA candidate listLowest level assigned Level I (Catastrophic) and Level II (Critical) severity categorySpecified/intended maintenance and repair level for items assigned Level III (Marginal) or Level IV (Minor) severity
Contractor’s procedures for implementing requirements General statements on what constitutes a failure (performance
parameters and allowable limits) Use of analysis to provide design guidance Contractor’s procedures for updating FMECA with design changes FMECA worksheet formats (organization and documentation of FMECA
methods) Coordination of effort (FMECA results are inputs into other analyses)
January 2013Final v1.3
17 of 72
SAE GEIA-STD-0007
LOG 211 Supportability Analysis Student Guide
Content Failure rate data sources Coding system (identification of system functions/equipment for
tracking failure modes)
Fault Tree Analysis Planning
FTA uses a similar planning methodology to FMECA. However, the FTA is geared toward the most significant or catastrophic failure events. Planning should incorporate provisions of DoD RAM Guide and MIL-STD-882D Standard Practice for System Safety, with particular emphasis on Appendix A (Guidance for Implementation of a System Safety Effort).
By keeping the safety program in view, the FTA will naturally link to the safety performance requirements, to include:
Quantitative requirements Mishap risk requirements Safety design requirements—interlocks, redundancy, fail safe and fire
suppression Unacceptable condition elimination Reduction of mishap risk to acceptable level
FTA planning should include considerations for:
Functional analysis of highly complex systems Observation of combined effects on the top event Evaluation of safety requirements and specifications Evaluation of system Reliability, human and software interfaces Evaluation of potential corrective actions Simplification of maintenance and troubleshooting Logical elimination of causes for an observed failure
Role of the Integrated Product Team (IPT)
Members of the IPT team include engineering, design, logistics, and maintenance professionals, who contribute their expertise for FMECA/FTA analysis. During Set Up, the IPT:
Identifies roles: Who is doing what? Defines analysis goal Defines schedule/timeline Establishes Working-level Integrated Product Team (WIPT) expectations,
roles and objectives Establishes report processes: FMECA/FTA worksheets, preliminary
updates and final reports. Coordinates SAE GEIA-STD-0007 Logistics Product Database update
process
18 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-17. Determine Data Inputs and Analysis Tools
Analysis Inputs for FMECA and FTA:
1. System configuration and design characteristicso Identify system functions down to lowest indenture identifiedo Identify each item/configuration and its performance requirementso Types of data:
Engineering data, studies, drawings Technical specifications/development plans Design reports, data Functional block diagrams/schematics Commercial off-the-shelf (COTS)/Government Furnished
Equipment (GFE): Vendor information COTS/GFE: Original equipment manufacturer (OEM)
2. Developmental Testing resultso Test result reportso Engineering investigation reportso Failure investigation reportso Modeling and simulation data
January 2013Final v1.3
19 of 72
SAE GEIA-STD-0007
LOG 211 Supportability Analysis Student Guide
Content
Reliability inputs—Reliability Analyseso Reliability characteristics of systemo Mean Time Between Failure (MTBF)o Failure characteristics: PF curve, wear out, randomo Time to Failure (calculated or estimated) for non-reparable itemso Failure mode occurring within service life of equipmento Reliability Block Diagrams (RBDs)o Reliability data
MIL-HDBK-217 prediction Operational data/test data (given similar conditions/ items)
Safety and Hazard Analysis (MIL-STD-882D) (Human Systems Integration)
Troubleshooting guides/charts for existing equipment Subject Matter Experts with knowledge of equipment and operating
contexto Operatoro Maintainero In-service engineering agent – The activity that performs sustaining
engineering requirementso Technical representative – Called a ‘Tech Rep,’ Normally a master
level technician from the OEM or In service engineering organization that troubleshoots complex faults and updates troubleshooting procedures for the entire agency.
o Program Manager COTS/GFE Only: Maintenance history
o Existing/previous maintenance plans/taskso Existing/previous maintainer/operator manualso In-service performance datao Age exploration datao Item repair historieso Failure reporting/corrective action system reportso Computerized Maintenance Management System (CMMS) data
Previous FMECA, FTA, RCM analyses Failure Reporting, Analysis, and Corrective Action System (FRACAS)
o FRACAS is system of reporting and analyzing failures, recommending corrective action
o Developed from Test & Evaluation (T&E) events and field failure/repairs
o Common data captured in FRACAS include field MTTR, MTBF, Reliability growth, failure analysis (incident, type, location, root cause, etc.)
Production inspection records after the system is fielded
20 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
FMEA/FMECA/FTA Tool Sets
Spreadsheet template (FMEA/FMECA) LSAR (SAE GEIA-STD-0007 compliant tools): SLICwave, powerLOG-J,
EAGLE, Omega (FMEA/FMECA)o Data management and reportingo Item analysis and failure criticality calculation
Windchill Quality Solutions—(FMEA/FMECA/FTA)o Data management and reporting
FMECA functionality to identify failures and plan for mitigation RCM++ (FMECA/FMECA/RCM)
o Data management and reporting for RCM Analysiso Full-featured FMEA/FMECA functionalityo Maintenance task selectiono Optimal interval calculation for preventive repairs/replacemento Cost comparisono Supports industry standards for RCM (e.g., ATA, MSG-3, SAE JA1011
and SAE JA1012) MPC: Maintenance Program Creation Software (FMEA/FMECA/RCM)
o MSG-3-compliant maintenance creator tool for aircraft/aerospace industry
o Analyses included for significant items, functions, failure modes, effects, causes, and tasks
January 2013Final v1.3
21 of 72
LOG 211 Supportability Analysis Student Guide
Topic 4: Analysis – FMECA
Content
Slide 6-18. Topic 4: Analysis – FMECA
22 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-19. Analysis – FMECA
FMECA primarily examines hardware failures, both critical and non-critical. Analysis candidates include components (parts), systems/subsystems, processes, and functions.
A person knowledgeable of the application and operation of the system, such as a design or Reliability Engineer, typically conducts the analysis, because experience-based judgment is required to assign effectively the criticality factors.
January 2013Final v1.3
23 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-20. FMECA Analysis: Process Map
FMECA consists of two analyses:
Failure Mode Effects Analysis (FMEA)o Analytical Process
Functions: Defines the intended purpose of the system under analysis
Functional Failure: Defines what constitutes a failure of the system to perform its function
Failure Modes: Identifies potential ways that functional failure may occur (failure modes) and the root causes for the failure modes (failure mechanisms)
Effect: Assesses impact (effects) of each failure mode on equipment and entire system performance (higher-level systems)
o Analysis begins at lowest level of indenture, then works up to successively higher system levels
o Examines single-point failures (versus impact of multiple/simultaneous/combined failures)
Criticality Analysis (CA)o Analyzes severity of effects of the failure modeo Analyzes probability of occurrence of the failure modeo Ranks failure modes by severity and probability
FMECA may approach analysis in two ways:
24 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content Hardware analysis: The FMECA evaluates individual hardware items and
their failure modes. Functional analysis: In this approach, the function and outputs of each
item are evaluated. Often, this approach is used when individual hardware items cannot be uniquely identified.
Note: Complex systems may use both hardware and functional analyses.
January 2013Final v1.3
25 of 72
LOG 211 Supportability Analysis Student Guide
Content
Content
Slide 6-21. Define System to Analyze: FMECA
In order to conduct FMECA, clearly and thoroughly define the system under analysis, including:
Mission functions (tasks and outputs) and operational mode Environment, mission, times, equipment utilization, functions and
outputs of each item System restraints Internal and interface functions for each item Lowest indenture level to be analyzed Performance requirements down to lowest indenture level to be
analyzed Failure definitions (in general vs. specific failures)
System definition also includes constructing functional block diagrams, which illustrate the operation, interrelationships, and interdependencies between functions of a system. In short, they illustrate the functional flow of a system, which is then used to determine failure impact on the various levels of indenture. Diagrams may be functional or reliability block diagrams.
26 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-22. Define Functions: What Should the System Do?
The first step in FMEA portion of FMECA is to define the functions of the system or component under review.
What is the desired capability of the system (task)? How well must the system perform, based on user needs (upper and
lower limits)? Under what circumstances must the system perform?
When describing functions, identify primary and secondary functions:
Primary function: Main reason the item exists Secondary function: Additional functions the item is required to
perform, such as:o Warning or status indicatorso Safety functionso Fluid containmento Comfort and aestheticso Environmental protectionso Controlling features
“Do not combine” functions
When describing functions:
Define operating context/scenarios Use clear, concise language Use verb, direct object, and specific limits
January 2013Final v1.3
27 of 72
LOG 211 Supportability Analysis Student Guide
Content
Description of functions are found in:
Performance specifications Operating and Maintenance manuals Engineering Drawings and Lists Reliability Block diagrams
28 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-23. Define Functional Failures: How Does the System Fail to Perform?
Functional failure is performance that falls outside specified parameters. This failure may be total or partial.
When describing functional failures:
Restate defined function Define all possible functional failures for each system function Give upper and lower limits of failure, if different from functional
criteria Include compensating provisions for failure, which are used to
determine failure effects, severity, and consequences:o Redundant systemso Safety deviceso Operator actions to mitigate failure
Content
January 2013Final v1.3
29 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-24. Define Failure Modes & Causes: Why Does the Failure Occur?
Failure modes are all the causes for a functional failure that may occur. Failure mechanisms identify all possible root causes for each failure mode.
Failure Modes (Failure Conditions)
Typical failure conditions, or modes, include:
Failure to operate at required time Failure to stop operating Operating before or after required time Inconsistent operation Degraded capability
Keep the following in mind when identifying failure modes:
Be descriptive and specific (e.g., failure, part, location, event, timing, mission/operational phase, etc.)
List failure modes separately when they vary by effects, rates, detection methods, possible failure management strategies
When combining similar failure modes, design preventive maintenance around the most severe consequence and combined rates
30 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Failure Mechanisms (Root Causes of Failure Modes)
List all possible causes of failure mode:
Why does the component fail to operate at required time? What causes the component to stop operating? What causes the component to operate before the required time, or
after the required time? Why is operation inconsistent? What may cause degraded capability?
Note: Diagram displayed on slide is an Ishikawa, or fishbone, diagram. Its purpose is to show causes of a specific event.
January 2013Final v1.3
31 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-25. Analyze Failure Effects: What Are Impacts on the System?
Failure effects describe the impact of the effects of a failure mode on the functional capability of the system under analysis. In other words, what happens when a component or system fails to function and how serious are those consequences?
The impact of primary failures, and their secondary effects, are assessed at three levels of indenture:
Localo Effect of failure mode on the item under analysiso This item is the focus of compensating provisions and other
corrective and preventive maintenance actions Next Higher
o Effect on next higher level of indentureo Effect on system/subsystem
End Itemo Effect on the system/asset, or the ‘”System of Systems”
Keep in mind the following when describing failure effects:
Include description of effect severity Include detail to accurately assess the consequences of the failure Describe effects on personnel safety, environment, mission, assets,
economics Describe operating context (e.g., mission usage/profiles)
32 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Contento List different effects based on usage scenarios
Describe operator/maintainer methods to detect failure occurrence, including means (e.g., visual/audible warnings, sensors, Built-In-Test)
Describe operator/maintainer actions to restore function (assuming no existing preventive maintenance tasks)
Describe existing compensating provisions, if applicable
January 2013Final v1.3
33 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-26. Failure Impact: Strike Talon RDB Example
This slide presents indenture levels B and C of the Strike Talon UAV. Using these reliability block diagrams, what is the impact of a failure of one Card Crypto on the UAV systems?
34 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-27. Determine System Effects: powerLOG-J
FMECA results are documented directly in the SAE GEIA-STD-0007 Logistics Product Database, powerLOG-J in the Strike Talon case study.
January 2013Final v1.3
35 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-28. Qualitative Criticality Analysis: How Severe Are the Failure Effects?
Criticality of a failure mode is based on the severity of the effect of that mode on the end item and the probability, or frequency, of that failure’s occurrence (Mean Time between Failure).
The purpose of criticality analysis is twofold:
Measure worst case effect of a failure or design error Determine priority for correcting issues (design changes or
corrective/preventive maintenance to mitigate critical failures)
While criticality is defined by your specific organization’s policy and contract terms, general categories of severity are:
Category I – Catastrophico Death, destruction, significant breach of environmental regulation,
damage over $1 million, downtime > 2 days Category II – Critical
o Severe personal injury, major property/system damage >$100K, inability to perform critical mission (mission loss), downtime 24 hours < 2 days
36 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content Category III – Marginal
o Minor injury, minor property/system damage $1K < $100K, degraded ability to perform a critical mission, downtime 8 < 24 hours
Category IV – Minoro No personal injury, property/system damage <$1K, unscheduled
maintenance/repair, downtime <8 hours
Notes:
Categorize the same failure mode differently, based on operating context/phase/scenario.
Involve Human Systems Integration Safety representative (where applicable) to assist in recognizing/classifying events having harmful consequences to people, to equipment, and to the mission.
Criticality Matrix: Severity vs. Frequency
Frequent
> 1 per 1,000 miles
Probable
> 1 per 20,000 miles
Occasional
> 1 per 50,000 miles
Remote
> 1 per 80,000 miles
Improbable
< 1 per 100,000 miles
Catastrophic High
(red)
High
(red)
High
(red)
Medium
(yellow)
Acceptable
(green)
Critical High
(red)
High
(red)
Medium
(yellow)
Low
(light green)
Acceptable
(green)
Marginal Medium
(yellow)
Medium
(yellow)
Low
(light green)
Acceptable
(green)
Acceptable
(green)
Minor Acceptable
(green)
Acceptable
(green)
Acceptable
(green)
Acceptable
(green)
Acceptable
(green)
January 2013Final v1.3
37 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-29. Quantitative Criticality Analysis: What is the Risk Priority Number?
The Risk Priority Number (RPN) is a quantitative ranking approach used in many FMECA and FTA tool sets. The RPN is useful in determining the most significant failure events that are most appropriate for further modeling in the Fault Tree Analysis.
38 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Car Cooling System Risk Priority Number Matrix
Item / Functional Description
Potential Failure Mode Mode %
Potential Local
Effect(s)
Potential End Effect
Severity
(S)
Potential Cause(s) of Failure
Occurrence (O)
Current Controls
Prevention
Current Controls
Prevention
Detection(D)
Risk Priority Number(S*O*D)
Car Cooling System
(Provides Fluid around
Engine, Maintains
Fluid Temperature
within Operating
Parameters)
Water Pump Degraded Operation
15.00Reduced Coolant
Fluid Flow
Engine Over Heats
9Failed Water
Pump Belt5
Check Belts for Proper
Tension
Replace Water Pump
60k Miles8 360
Car Cooling System
Radiator Degraded Operation
15.00
Reduced Coolant Flow;
Hot Coolant
Engine Over Heats
6 Clogged Radiator 5
Clean Radiator Every 5 years
Change Fluid Periodically 9 270
Car Cooling System
Fluid Temperature
Loss of Control
30.00 Hot Coolant
Engine Over Heats
7Stuck
Thermostat
6 7 294
Car Cooling System
Cooling Fan Does not Spin 10.00 Hot
Coolant
Engine Over Heats
7Defective Cooling
Fan4 4 112
Car Cooling System
Leaking Radiator Fluid 30.00 Radiator
Fluid Low
Engine Over Heats
8 Radiator Corrosion 6
Change Radiator
Fluid Periodically
Clean Radiator
Every 5 years1 48
January 2013Final v1.3
39 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-30. Determine Criticality: powerLOG-J
40 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-31. Analyze & Allocate Failure Modes: powerLOG-J
The Analyze and Allocate task links faults to their maintenance strategies.
A failure mode may have several different root causes, each with varying probabilities. The SAE GEIA-STD-0007 tool allocates the likelihood of each failure mechanism. As a result, a single failure mode may have different triggers, corrective actions, and preventive maintenance tasks, depending on the individual cause.
An individual maintenance task, such as remove and replace a tire, may have several failure modes that would trigger that task. These triggers may be corrective (flat tire) or preventive (replace every 50,000 miles).
January 2013Final v1.3
41 of 72
SAE GEIA-STD-0007
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-32. Failure Modes Map to Maintenance Tasks
42 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Topic 5: Analysis - FTA
Content
Slide 6-33. Topic 5: Analysis – FTA
January 2013Final v1.3
43 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-34. Analysis – FTA
Unlike FMECA, which examines an entire system, FTA focuses on a specific part of the design or a single undesirable or catastrophic event in order to determine the lower level contributors.
FTA:
Is useful with complex functional paths Is used with software, hardware, and human interface systems Considers mission profile/operational mode/environment, which impact
hardware configuration, functional paths, application stresses, and critical interfaces
Results may include design change or redundancy to mitigate or prevent failure
44 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-35. FTA Analysis: Process Map
January 2013Final v1.3
45 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-36. Define Undesirable Event
The first step in an FTA is to identify the undesired or catastrophic event to undergo analysis. The undesired event is determined by:
Critical Evento Safety, such as loss of life or aircrafto Operations, such as loss of production or mission
FMECA Resultso FMEA unable to identify all effects of a failure mode and, therefore,
unable to determine criticality.o FMECA determines that a failure mode is serious, but further
analysis is required to determine if the failure is caused by multiple failures, or to determine what combinations of lower level events lead to top event.
Maintenanceo Troubleshooting is complex
46 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Engineers with knowledge of the system, or systems analysts with engineering backgrounds, define the event. Examples are:
Design: Flight safety, munitions handling safety, safety of operating/maintenance personnel
Event: Crash of commercial airliner with no survivors Event: Loss of spacecraft and astronauts on space exploration mission Event: Vehicle does not start when ignition key is turned Event: No spray when demanded from containment spray injection
system in a nuclear reactor
January 2013Final v1.3
47 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-37. Define Undesirable Event: Family Car: Critical Failures
This slide presents the criticality of several failure modes of the family car, identified through FMECA.
48 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-38. Construct Fault Tree
Unlike the tabular approach of FMECA, Fault Tree Analysis is graphical. FTA builds a logic diagram depicting parallel and sequential failure events (causes) and their probabilities that result in the top level event.
The top level event is the single undesired or critical event under analysis. Consider the scope of that event when building the diagram:
If the event is too broad, the tree becomes unmanageable If the event is too narrow, the tree fails to provide managers/engineers
with sufficient data to make cost-effective decisions Describe level of risk or circumstances where event becomes intolerable
Next, identify first level, second level, and third level contributors (causes) to that top event. System analysts/system designers with full knowledge of the system complete a list of causes (faults) to study through the fault tree, numbering and sequencing the faults in order of occurrence.
Faults are the state of the system or component, and can be hardware, human, or other faults. Fault descriptions include what occurs, when, and how.
Primary fault: fails within qualified environment Secondary fault: fails outside qualified environment Command fault: human operation of component
January 2013Final v1.3
49 of 72
LOG 211 Supportability Analysis Student Guide
Note: Only causes with a probability of 0 or higher of affecting the top event are included in the FTA. Exact probabilities are impossible (due to cost/time); therefore, computer software is often used to conduct analysis.
Logic gates and event symbols represent the relationship between events, linking branches together.
Event Symbolso Illustrate the different types of events (e.g., no fault scenarios)o Symbols include: Rectangle, circle, diamond, triangle, house, oval
Gate symbolso Illustrate the relationship between lower events that lead to the
higher event in the sequenceo AND Gate: Both input events must occur for event to happeno OR Gate: At least one input event must occur for event to happeno Gate inputs are the lower level fault eventso Gate outputs are the higher level fault events
Source of FTA image: www.e drawsoft.com
50 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-39. Constructing Fault Tree: Family Car: Engine Overheats
January 2013Final v1.3
51 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-40. FTA Analysis: Qualitative Analysis
Once the fault tree is complete, identify all possible direct and indirect hazards impacting the system and evaluate for possible system improvement.
Qualitative analysis identifies all credible, single and multiple lower level failure modes (causes) that lead to the top level event.
Analyzes multiple failures/combinations of failures Analyzes events in parallel and in sequence Drills down to lowest required fault levels Describes each fault and when it occurs Identifies Minimal Cut Sets (MCS) – The shortest paths to failure indicate
where system is most vulnerableo Smallest number of basic event combinations that cause the top
evento Includes only those failures which are realistico In an MCS, all failures are needed to create top event (if one event
does not occur, top event does not occur) Ranks failures
o 1st: Single-point failures (one failure causes top level event)o 2nd: Dual-point failures (two failures in combination cause top level
event)o 3rd: Three-point failures, etc. (three or more failures in combination
cause top level event)
52 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-41. FTA Analysis: Quantitative Analysis
Quantitative analysis determines the probability and frequency of all combinations of lower level events that lead to the top level event, for ranking purposes.
Usually represented in terms of unreliability Mathematical model (algorithms, MARCOV) Calculates probability/frequency of top level event, given probability of
lower level failure modes leading to the critical failure (i.e., summing probability of minimal cut sets together)
Requires knowing failure rates, down to the lowest level events that lead up to the top level event
Requires component history and lengthy analysis Result is ranking of failure modes by contribution to top level event
January 2013Final v1.3
53 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-42. Mitigating Fault Risk through Design
Fault Tree Analyses impact design through a risk mitigation process. By identifying the most probable and critical paths to failure, design and maintenance strategies are devised to meet Reliability requirements effectively.
AND Gate Math: Redundant Thermostat in Model 2
Where Q0(t) is the probability that the overall top event occurs at time t.
Q0(t) = Pr((F(t) G(t))
= qF(t) qG(t)
= 0.6 times 0.6
Q0(t) = 0.36
Reliability = 1 minus Q0(t)
R = 1 minus 0.36
R = 0.64 or 64%
54 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
OR Gate Math: Engine Overheats Model 2
Where Q0(t) is the probability that the overall top event occurs at time t.
Q0(t) = Pr(A(t) B(t))
= Pr(A(t) + Pr(B(t) minus Pr(A(t) Pr Pr(B(t))
= qA(t) + qB(t) minus qA(t) times qB(t)
= (0.0676 + 0.005) minus (0.0675 times 0.005)
= 0.0725 minus 0.0003375
Q0(t) = 0.0721625
Reliability = 1 minus Q0(t)
= 1 minus 0.0721625
= 0.9278375 or 92.8% rounded
Note: Changes in design, including changes to Reliability or product structure, must go back through design engineers and applicable RAM-C and RCM Supportability analyses. Updates are then made to the Logistics Product Database. These updates are coordinated through IPTs and are consolidated under the Maintenance Task Analysis to include changes to cage codes, part numbers, MTBF, replacement rates, schedules, tools, and task procedures that result from FMECA/FTA recommendations.
January 2013Final v1.3
55 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-43. Mitigating Fault Risk through Design, Continued
56 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-44. Concord Disaster – Paris: Tuesday, 25 July, 2000
On Tuesday, July 25, 2000, a Concord crashed shortly after take-off from Paris. All one hundred and thirteen people on board perished.
This slide and the following one present the Fault Tree Analysis conducted during the aircraft mishap investigation to determine the chain of events leading to the catastrophic event.
Select the links:
Concorde Air Crash Investigation - Part 3 (10:00) http://www.youtube.com/watch?v=zHY2PyEwGtg&feature=fvst
Concorde Air Crash Investigation - Part 4 (10:06) http://www.youtube.com/watch?v=Zd0pN0izgF4&feature=fvwrel
January 2013Final v1.3
57 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-45. Concord Disaster: FTA Continued
58 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Topic 6: Report Findings – FMECA and FTA
Content
Slide 6-46. Topic 6: Report Findings: FMECA and FTA
January 2013Final v1.3
59 of 72
LOG 211 Supportability Analysis Student Guide
Content
Slide 6-47. Report Findings: FMECA & FTA
Results are summarized in a formal report and disseminated to the IPTs, per contractual requirements. These reports can be preliminary, updates or final, and are often synchronized with design reviews to determine whether the design has been improved such that it will reduce or eliminate significant or catastrophic events.
60 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-48. Report & Implement Findings
Recall the FMECA/FTA process chart. During the Report Findings phase, analysis results are reviewed and approved by the IPT, and applicable data elements are entered into the Logistics Product Database for use in subsequent Supportability analyses, such as Reliability & Maintainability (R&M), previous FTAs, RCM Analysis, and Maintenance Task Analysis (MTA).
January 2013Final v1.3
61 of 72
LOG 211 Supportability Analysis Student Guide
62 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-49. FMECA Report
The results of FMEA and Criticality Analyses are presented in interim and final reports. Report contents include:
Level of analyses Results summary of Reliability and safety critical components System definition Data sources and analysis techniques Resultant analysis data Worksheets for each failure mode:
o Identification numbero Functiono Failure modes and causeso Mission phase and operational modeo Failure effects and their probabilityo Failure detection method (e.g., audible warning signs, automatic
sensing devices)o Compensating provisions
Actions by operator to mitigate impact of failure Design provisions such as redundant or back-up systems Severity classification
Ground rules, analysis assumptions, and block diagrams Indenture level
January 2013Final v1.3
63 of 72
LOG 211 Supportability Analysis Student Guide
Content
Ranking of failure modes by severity and probability of effects Category I and II failures, highlighted Recommended design changes to eliminate or mitigate consequences
of failure, and a review of the effectiveness of these actions Single point failures
o Failures requiring corrective design/mitigating actiono Failures not mitigated by design
Interim reports guide design maturation by highlighting:
Category I and II failure modes—ranking failures according to severity of failure on equipment operation and personal safety
Unresolved single-point failures—highlighting areas needing corrective action
Visibility of system interface features and problems Location of performance monitoring and fault sensing test equipment
or test points Comparison of alternative designs
64 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-50. FTA Report
The FTA report includes:
Executive summary Scope of analysis (what is and is not analyzed)
o System description (brief)o Description/severity bounding of top level evento Analysis boundaries (e.g., physical, operational, human, interfaces)
The analysiso Method of analysiso Softwareo Fault tree diagramo Data sourceso Common causeso Sensitivity tests, if applicableo Cut setso Path sets, if applicableo Trade studies, if applicable
January 2013Final v1.3
65 of 72
LOG 211 Supportability Analysis Student Guide
Content
Findingso Top level event probabilityo System vulnerabilityo Primary contributorso Possible actions to mitigate risko Troubleshooting guidance
Conclusions and Recommendationso Risk comparisonso Additional analyses required, including methods
66 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-51. Report Coordination: IPT Communication Paths
FMECA/FTA results are routed through the appropriate Integrated Product Team (IPT), which is responsible for approval of actions to resolve any issues identified. The specific IPT team accountable for addressing identified problems depends on the recommendation. For example:
Design Interface impacts are reported to:o Test & Evaluation IPTo Product Support Management IPTo Systems Engineering IPT
Maintenance Planning & Management impacts are reported to:o Product Support Management IPTo Systems Engineering IPT
January 2013Final v1.3
67 of 72
LOG 211 Supportability Analysis Student Guide
Topic 7: Exercise
Content
Slide 6-52. Topic 7: Exercise
68 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Slide 6-53. Exercise Overview
January 2013Final v1.3
69 of 72
LOG 211 Supportability Analysis Student Guide
Topic 8: Summary
Content
Slide 6-54. Topic 8: Summary
70 of 72 January 2013Final v1.3
Log 211 Supportability Analysis Student Guide
Content
Content
Slide 6-55. Takeaways
January 2013Final v1.3
71 of 72
LOG 211 Supportability Analysis Student Guide
Content
Content
Slide 6-56. Summary
Congratulations! You have completed Lesson 6 on Failure Mode Effects and Criticality Analysis (FMECA) and Fault Tree Analysis (FTA).
72 of 72 January 2013Final v1.3