Sofema Aviation Services (SAS) www.sassofia.com looks at key features of the Failure Modes and Effects Analysis (FMEA) Process.
Introduction
The final step before beginning to perform the analysis is to obtain the following information which may be necessary to complete the analysis or may simplify the analysis activity.
- FMEA requirements including safety-related and requested failure effects and specific operating modes of interest
- Specifications
- Current drawings or schematics
- Parts lists for each system or item
- Functional block diagrams
- Explanatory materials including the theory of operation
- An applicable list of failure rates
- The FMEA on the previous generation or similar function
- Any design changes and revisions that have not yet been included in the schematic
- Preliminary list of component failure modes from previous FMEAs, if applicable
(Note: Designs may change frequently and having the most up-to-date material will reduce FMEA updates)
Performing the Analysis:
- The analyst needs to review and understand the information gathered during the preparation stage previously described.
- The analyst will also find it useful to understand the functions that the design being analyzed performs within the next higher level.
o After the analyst has gained sufficient knowledge, failure modes are identified.
o Every feasible hardware failure mode is postulated at the level of the design being analyzed.
o Consideration is given to failure modes of the components or functions that make up the given level.
- Every identified failure mode is analyzed to determine its effect on the given level and usually on higher levels as well.
- Failure effect categories are created for each different type of effect and a code may be assigned to each effect category.
o Defining these codes simplifies the FMEA worksheet by moving the description of each effect from the worksheet to the body of the report.
o The FMEA worksheet provides a list of failure modes, effects and rates.
o Each effect category must have only one higher-level effect, otherwise the effect categories must be defined in more detail.
- For example, if the effect category is originally defined as “causes signal xyz to be out of specification” but an out-of-specification high condition causes a different effect from an out-of-specification low condition, then the effect category should be split to “… out of specification high” and “… out of specification low”.
- Similarly, if the failure mode is found to cause two higher-level effects (e.g., “Loss of signal A” and “Loss of signal B”) then these two should be combined to form a new effect category “Loss of both signal A and B”.
- The means by which the failure is detected is usually determined and documented within the FMEA worksheets.
o Examples of detection methods include detection by hardware or software monitors, flight crew detection, power-up tests, and maintenance checks.
- For a quantitative FMEA, a failure rate is assigned to each failure mode.
o Whenever possible, failure rates should be determined from failure data of similar equipment already in field use.
There are two basic types of FMEAs, functional and piece-part.
- Functional FMEAs are typically performed to support the safety analysis effort with piece-part FMEAs performed as necessary to provide further refinement of the failure rate.
Piece Part FMEA
- Piece-part FMEAs are typically done when the more conservative failure rates from a functional FMEA will not allow the system or item to meet the FTA probability of failure budget.
- A piece-part FMEA may also be useful for systems that rely on redundancy, since a functional FMEA may not reveal single component failures affecting more than one redundant element. Piece-part FMEAs are also useful for the safety analysis of mechanical items and assemblies.
Functional FMEA
- A functional FMEA may be performed at any indenture level.
o The appropriate level of subdivision is determined by the complexity of the system and the objectives of the analysis.
o If the required analysis is on a section of circuitry or mechanical devices larger than a particular function, it should be broken down into functional blocks.
o From an aircraft or system level, this may mean defining each LRU or item as a functional block. From the system or lower levels, it may involve breaking down an item into many blocks.
o The FMEA task is simplified if each block has as few outputs as possible.
o Once the functional blocks have been determined, a functional block diagram should be created and each block labeled with its functional name. For each functional block, internal and interface functions should be analyzed relative to system operation.
The next step is postulating the failure modes for each functional block. Determine the failure modes by thinking about the intent of the functional block and trying to determine how that function might fail regardless of the specific parts used.
- The analyst must know the operation of the functional block well enough to be positive that no significant failure modes have been overlooked, including single component failures that could affect more than one redundant functional block. Often, given a clear description of the block’s function, many of the failure modes will become apparent.
Note: There may be other failure modes based on circuit implementation.
- The effect of each failure mode is determined by considering how the function fits into the overall design.
o Failure effect categories are generally created for each effect type and a failure effect category code is assigned.
o All failure modes that cause this identical effect are assigned to the effect category.
o The effect category code can then be entered into the FMEA worksheet for each failure.
o Software and fault monitoring must be considered when determining failure effects and means of detection.
- As part of this analysis, the analyst must also verify that the monitoring can indeed detect the failure mode.
- In order to properly perform this analysis, the analyst must have detailed knowledge of the system requirements and software design including internal fault management techniques as applicable.
- If a quantitative analysis is being performed, a failure rate is assigned to each failure mode.
o One technique is to perform a failure rate prediction for each block and apportion the failure rate across the various failure modes based on past experience of similar functions or other sources allowing determination of probability of occurrence.
Documentation
The results of the functional FMEA are recorded in a worksheet
Different requirements may result in the addition or deletion of some of the information. The analyst should ensure that the FMEA form and content meet the specific needs of the requester before beginning the analysis.
As the analysis progresses, the following should be informally recorded for future maintenance of the FMEAs and to assist in resolving questions regarding the FMEA.
- Justification of each failure mode
- Rationale for the assigned failure rate
- Rationale assigning a particular failure to a failure effect category
- Documentation of any assumptions made
This documentation is typically not included in the FMEA report but is retained for reference.
Next Steps
Follow this link to our Library to find & download related documents for Free.
Sofema Aviation Services offers training to cover CS 25 System Safety Assessments – please see the following training Type Certification System Safety Assessment – 5 Days
For additional questions or comments – please email team@sassofia.com
Tags:
aviation, EASA, Sofema Aviation Services, EASA regulations, aircraft design, SAS blogs, SAS training, CS 25, EASA Type Certification, failure modes, Safety Assessment, Failure Modes and Effects Analysis (FMEA), Failure Mode and Effect Analysis (FMEA)