PROCEDURE FOR FAILURE MODE, EFFECTS, CRITICALITY ANALYSIS .
.:.:.:APOLLO PROGRAM .gii.e.:fi.PROCEDUREFORFAILURE MODE, EFFECTS, ANDCRITICALITY A N A L Y S I S(FMECA)i--AUGUST 1966.-REPRODUCED BYNATIONAL TEC HNI C A LINFORMAT ION SERVICEUS. DEPARlYENl OF COMMERCESPRINGFIELD, VA. 22161NATIONAL AERONAUTICS AND SPACE ADMINISTRATIONWASHINGTON, D.C. 20546
NOTICET H I S DOCUM.ENT HAS B E E N R E P R O D U C E DFROM T H E B E S T COPY FURNISHED U S B YTEE S P O N S O R I N G A G E N C Y . A L T H O U G B I TI S RECOGNIZED T E A T CERTAIN PORTIONSAR’E I L L E G I B L E , I T IS B E I N G R E L E A S E DI N T H E I N T E R E S T O F MAKING A V A I C A B L EA S MUCH I N F O R M A T I O N A S . P O S S I B L E .’.I
d 7 RAd -0067/77-60 13- 1APROCEDUREFORFAILURE MODE, EFFECTS, AND CRITICALITY ANALYSIS(FMECA)August 1966Prepared byApollo Reliability and Quality Assurance OfficeNational Aeronautics and Space AdministrationWashington, D. C 20 546.
PREFACEThis document is an official release of the Apollo Program Office. Many of theprocedures and methods a r e already being carried out. The extent to which thisguideline should be implemented at the present stage of program matrurity shouldbe evaluated by comparing the benefits to be derived therefrom with the problemsof implementation, including cost.The principal criteria in judging the value of applying all the procedures of thisguideline a r e the need for these procedures to accomplish identification and ranking of potential failures critical to hardware performance and crew safety. Otherconsiderations, such as, design/development testing, noncriticality of the equipment to system operational success, past experience, and reliability analyses,may preclude the need to perform all the procedures of this guideline.nQ94.'s JWilloughbyActing DirectorApollo Reliability and QualityL
TABLEOFCONTENTSParagraphTitlePageSECTION 1-INTRODUCTION1.1 PURPOSE1-11.2SCOPE1-11.3DEFINITION O F FMECA1-11.4OBJECTIVES O F FMECA1-21.5USE O F FMECA1-21.6FMECA RELATION T O THE RELIABILITY PREDICTION,ASSESSMENT, AND CREW SAFETY MODELS1-3PROCEDURE O F FMECA1-31.7SECTION 2-PROCEDURE FOR FAILURE MODE ANDE F F E C T S ANALYSIS2.1SYSTEM DEFINITION2-12.1 ITY LOGIC BLOCK DIAGRAM2-42.3FAILURE MODE AND E F F E C T S ANALYSIS2-6SECTION 3-PROCEDUREFOR CRITICALITY ANALYSIS3.1CRITICALITY PROCEDURE3-13.2CRITICALITY FAILURE MODE IDENTIFICATION3-23.3CRITICALITY NUMBER CALCULATION3-33.3.1Cr CALCULATION EXAMPLE3-53.3.2FORMAT FOR Cr CALCULATION3-5SECTION 4-SUMMARYO F FMEA AND CA4.1PREPARATION O F FMECA SUMMARY4.2CRITICALITY LIST4-14-2--Preceding pageblank-.--V
TABLE OF CONTENTS (Cont.)ParagraphTitle-PageAPPENDIX A-REF ERENCE DOCUMENTSA- 1APPENDIX B-DEFINITIONSB- 1
LIST OF ILLUSTRATIONSFigureTitlePage2-1General Reliability Logic Block Diagram Scheme2-52-2General Format for Failure Mode and Effects Analysis2-73-1General Format for Criticality NEmber Calculation3-74-1General FMECA Summary Format4-3
SECTION 1INTRODUCTION1.1 PURPOSEThis document provides guidelines f o r the accomplishment of Failure Mode, Effects, and Criticality Analysis (FMECA) on the Apollo program. It is a procedurefor analysis of hardware items to determine those items contributing most to system unreliability and crew safety problems.SCOPE1.2This document is applicable to all NASA activities with cognizance over design,development, and test of Apollo flight, ground, and related equipment which havemajor impact on mission success. It may be invoked in equipment contracts inwhole or in part, where design or development is involved, as a portion of the reliability engineering and as the guideline for carrying out the activity, predicatedon budget considerations, equipment criticality, schedules, and other factors.The ground rules for the use of FMECA may call for substitute overstress testson structural parts o r for other design/development tests of the system in placeof the FMECA, o r these rules may not require anFMECAon those parts of thesystem that are established by preliminary FMECA to be noncritical to systemoperational success.DEFINITION OF FMECA1.3Failure Mode, Effects, and Criticality Analysis is a reliability procedure whichdocuments all possible failures in a system design within specified ground rules,determines by failure mode analysis the effect of each failure on system operation, identifies single failure points, i. e. , those failures critical to missionsuccess o r crew safety, and ranks each failure according to criticality categoryof failure effect and probability of occurrence. This procedure is the result oftwo steps: the Failure Mode and Effect Analysis (FMEA), the Criticality Analysis.(CA) In performing the analysis, each failure studied is considered to be theonly failure in the system.1-1
1.4OBJECTIVES OF FMECAThe FMECA provides:a.The design engineer with a method of selecting a design with a highprobability of operational success and crew safety.b.Design engineering with a documented method of uniform style forassessing failure modes and their effect on operational success ofthe system.C.Early visibility of system interface problems.d.A list of possible failures which are ranked according t o their categoryof effect and probability of occurrence.e.Identification of single failure points critical to mission success or tocrew safety.f.Early criteria for test planning.g.Quantitative and uniformly formatted data input to the reliability prediction, assessment, and safety models.1.5USE O F FMECAThe FMECA is normally accomplished before a reliability prediction is made toprovide basic information. An FMECA should be initiated as an integral part ofthe early design process of system functional assemblies and should be periodically updated to reflect design changes. This analysis may also be used to provide a model for analyzing already-built systems.An updated FMECA is a major consideration in the design reviews, inspections,and certifications defined in NASA Apollo Program Directive No. 6 , Office ofManned Space Flight, August 12, 1965, subject, "Sequence and Flow of HardwareDevelopment and Key Inspection, Review and Certification Checkpoints.('An FMECA should be performed initially at the highest system level feasible.The purpose of this analysis should be to determine the criticality ranking of themajor system elements so FMECA program effort may be scoped and allocatedfor subsystems and equipments critical to system operational success.1-2ELL
1.6FMECA RELATION TO THE RELIABILITY PREDICTION, ASSESSMENTAND CREW SAFETY MODELS(See ffApolloReliability Estimation Guidelines", RA 006-007-.l. )FMECA is a simplified reliability estimation tool.-It cannot substitute for thereliability prediction and assessment o r for crew safety models and their analysis.FMECA provides quick visibility of the more obvious reliability problems rankedaccording to their importance to system operational success. Changes made inthe system to remove or reduce these more obvious reliability problems willusually restructure major parts of the system. This will make the more detailedanalysis of the reliability models an inefficient process for upgrading system reliability during the early stages of design when changes are being made rapidly;hence, the FMECA is particularly appropriate during this period. The FMECAshould be reviewed by the designer on a timely basis.After a satisfactory systemdesign basedupon estimates has been obtained, a detailed reliability analysis of the system design is made using the reliability mathematical models. This verifies quantitative reliability goals, verifies the adequacyof redundancy or other failure preventive means built into the system, and disclosessubtle reliability problems involving multiple concurrent failures in the system.Where the detailed analysis results in a redesign of portions of the system, arepetition of the FMECA on these redesigned portions and those portions affectedby the redesigned portions is accomplished. The FMECA insures that the designengineers have considered all conceivable failure modes in the new design andtheir effect on system operational success. Also, the FMECA provides designengineering judgment input to the reliability models.1.7PROCEDURE OF FMECAFMECA is performed in two basic steps: (1) Failure Mode and Effects Analysis(FMEA) and (2) Criticality Analysis (CA). The combination of these two stepsprovides:(3) Failure Mode Effects and Criticality Analysis (FMECA)eSection2provides step-by-step procedures for FMEA; Section 3 provides step-by-stepprocedures for CA; and Section 4 combines the FMEA and CA into the FMECA.1-3
SECTION 2PROCEDURE FOR FAILURE MODE AND EFFECTS ANALYSIS2.1SYSTEM DEFINITION2.1.1ACCOMPLISHMENTAccomplishment of an FMEA on a system consists of the following general steps:a.Define the system to be analyzed. Obtain all descriptive information available on the system to be analyzed. This should includesuch documents as functional block diagrams system descriptions ,specific ations drawings system component identification coding,operational profiles environmental profiles , and reports bearingon reliability such as feasibility o r reliability studies of the systembeing analyzed and of past similar systems.b.Construct a reliability logic block diagram of the system to be analyzed, similar to that shown in Figure 2-1, for each equipment configuration involved in the system's use.The diagrams a r e developed starting at the top level of the systemand extending downward to the lowest level of system definition atthe time of analysis. These reliability logic block diagrams a r e notdescriptive block diagrams of the system that show the interconnection of equipments. The reliability logic block diagrams used for anFMEA show the functional interdependencies between the systemcomponents so that the effects of a functional failure may be readilytraced through the system.All redundancies o r other means for preventing failure effects shouldbe shown a s functional blocks or notes.Where certain functions a r e not required in an operational timephase, the information may be shown by a dotted block as in thecase of component 05 in Figure 2-1 or by other suitable means.
c.At the lowest level of system definition, as developed from the topdown, analyze each failure mode of the system component and itseffect on the system. Where system functional definition has notreached the level of identification of the system functions with thespecific type of hardware that will perform these functions , theFMEA should be based upon failure of the system functions givingthe general type of hardware envisioned as the basis for systemdesign.Four basic conditions of component o r functional failure should beconsidered:Premature operation.Failure to operate at a prescribed time.Failure to cease operation a t a prescribed time.0Failure during operation.The FMEA assumes that only the failure under consideration hasoccurred. When redundancy o r other means have been provided inthe system to prevent undesired effects of a particular failure, theredundant element is considered operational and the failure effectsterminate at this point in the system. When the effects of a failurepropagate to the top level of a system and cause the system to fail,the failure is defined a s a critical failure in the system.When an FMEA is being performed on an already-built system, theanalyst may find cases where redundancies o r other means of preventing failure effects do little to improve the failure situation o rwhere the redundancies may actually worsen it. These cases shouldbe reported for the next higher level. Where the scope of the FMEAprogram permits, the redundancy o r other failure effects preventivemeans should not halt the continuation of the failure effects analy-sis toward the top level of the system.d.Document each potential failure mode of each system component andthe effects of each failure mode on the system by completing anFMEA format similar to that shown in Figure 2-2. Instructions forfilling out the FMEA format a r e given on pages 2-6 through 2-10.2-2L e
2.1.2DOCUMENTATIONThe following documentation is representative of the information required forsystem definition and analysis :2.1.2.1System Technical Development PlansTo define what constitutes and contributes to the various types of system failure,the technical development plans for the system should be studied. The plans willnormally state the system objectives and specify design requirements for operations, maintenance, test, and activation. Detailed information in the plans willnormally provide a mission o r operational profile and a functional flow block diagram showing the gross functions that the system must perform. Time diagramsand charts used to describe system functional sequence will aid the analyst to determine the time feasibility of various means of failure detection and correctionin the operating system. Also required is a definition of the operational and environmental stresses that the system is expected to undergo and a list of the acceptable conditions of functional failure under these stresses.2.1.2.2Trade-off Study ReportsTo determine the possible and more probable failure modes and causes in thesystem, trade-off study reports should identify the areas of marginal design andshould explain the design compromises and operating conditions agreed upon.2.1.2.3System Description and SpecificationsThe descriptions and specifications of the system's internal and interface functions, starting at the highest system level and progressing to the lowest level ofsystem development to be analyzed, a r e required for construction of the FMEAreliability logic block diagrams. A reliability logic block diagram as used in theFMEA and as described in paragraph 2.1.1.6 shows the functional interdependencies within the system and permits the effects of a failure to be traced. Systemdescriptions and specifications usually include either o r both functional and equipment block diagrams that facilitate the construction of the reliability logic blockdiagrams required for the FMEA. In addition, the system descriptions and specifications give the limits of acceptable performance under specified operatingand environmental conditions.2-3
2.1.2.4Equipment Design Data and DrawingsEquipment design data and drawings identify the equipment configuration performing each of the system functions.Where functions shown on a reliability functional block diagram depend on a replaceable module in the system, a separate FMEA may be performed on the internal functions of the module. The effects of possible component failure modesin the module on module inputs and outputs then describe the failure modes of themodule when it is viewed a s a system cow-ponent.2.1.2.5Coding SystemsFor consistent identification of system functions and equipment, an approved coding system should be adhered to during the analysis. Use of coding systems common to the overall program a r e preferable.2.1.2.6Test ResultsTests run on the specific equipment under the identical conditions of use a r e desired. When such test data are not available, the analyst should collect and analyzethe data obtained from studies and tests performed during current and past programs on equipment similar to those in the system andunder similar use conditions.2.2RELIABILITY LOGIC BLOCK DIAGRAMThe next step of the FMEA procedure is the construction of a reliability logicblock diagram of the system to be analyzed. The general reliability logic blockdiagram scheme for a system is shown in Figure 2-1.This example system isfor a space vehicle stage, and the notes given explain the functional dependenciesof the stage components.A system component at any level in the stage system may be treated as a systemand may be diagrammed in like manner for failure mode and effects analysis.The results of the component's FMEA would define the failure modes critical tothe component's operation, i. e. , those that cause loss of component inputs o routputs. These failure modes will then be used to accomplish the FMEA at the2-4
32- 5
next higher system level. This procedure ultimately leads to an FMEA for thestage, the space vehicle, and space system.All system redundancies o r other means for preventing failure effects are shownin the reliability logic block diagram. This is because in single failure analysis,when a means exists to prevent the effects of a failure, the failure cannot be critical above the system level where the preventive means is effective.2.3FAILURE MODE AND EFFECTS ANALYSISThe FMEA and its documentation a r e the next steps of the procedure. These a r eaccomplished by completing the columns of an FMEA format similar to that givenin Figure 2-2 as follows :ColumnNumber(1)Explanation o r Description of EntriesName of system function o r component under analysisfor failure modes and effects. Breakdown of a systemfor analysis should normally be down to the lowest practicable level at the time of the FMEA. In special casessuch as electronic systems using integral modular unitsa s system building blocks, &e modules may be listedrather than listing its parts.Drawing number by which the contractor identifies anddescribes each component o r module. These drawingsshould include configuration, mechanical, and electricalcharacteristics.(3)(4)Reference designation used by manufacturer to identifythe component o r module on the schematic. Applicableschematic and wiring drawing numbers should also belisted.Identification number of FMEA reliability logic blockdiagram and of the function.Concise statement of the function performed.Give the specific failure mode after considering thefour basic failure conditions :Premature operation.0Failure to operate at a prescribed time.Failure to cease operation at a prescribed time.0Failure during operation.
I.Preceding page blank
ColumnNumber( 6 ) (Cont.)Explanation o r Description of EntriesFor each applicable failure mode, describe the causeincluding operational and environmental stress factors ,if known.Phase of mission in which critical failure occurs, e. g. ,Prelaunch: checkout, countdown; Flight: boost phase ,earth orbit, translunar , lunar landing, etc. Where thesubphase, event, o r time can be defined from approvedoperational o r flight profiles, the most definitive timinginformation should also be entered for the assumed timeof critical failure occurrence. The most definitive timeinformation that can be determined should also be givenfor the failure effects under the columns titled "FailureEffects On.A brief statement describing the ultimate effect of thefailure on the function o r component being analyzed.Examples of such statements a r e component rendereduseless , component's usefulness marginal, or structurally weakened to unacceptable reliability level. Timing information as described under (7) should be given.A brief description of the effect of the failure on the nexthigher assembly. Timing information as described under (7) should be given as to time of failure effect.A description of the effect of the component failure onthe system. For the major systems of the overallspace system, these effects a r e divided into failuresaffecting mission success and failures affectin,0' crewsafety. Examples of failures affecting mission successa r e abort, limited mission, degrade mission objectives ,and vehicle loss, scrub, o r hold, etc. Examples offailures affecting crew safety a r e total loss of crew,partial loss of crew, and loss of redundancy. Forlowerlevel systems where effects on the overall space systemare unknown, the effects of a failure on the system under analysis may be described a s loss of system inputso r outputs. Examples of such effects a r e loss of signaloutput, loss of output pcessure, and shortedpower input.Timing information as described under (7) should begiven.A description of the methods by which,the fai
Failure Mode, Effects, and Criticality Analysis is a reliability procedure which documents all possible failures in a system design within specified ground rules, determines by failure mode analysis the effect of each failure on system opera-
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
in the failure mode. For Process FMEAs, the cause is the manufacturing or assembly deficiency that results in the failure mode. at the component level, cause should be taken to the level of failure mechanism. if a cause occurs, the corresponding failure mode occurs. There can be many causes for each failure mode. Example: Cable breaks
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid
LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .
Applying Failure Mode, Effects and Criticality Analysis (FMECA) for Ensuring Mission Reliability of Equipment 6 — Probability level (P i) This is the failure probability of the failure mode and is calculated by taking the ratio of the number of failures attributed to a failure mode to the total number of failures in the system under scrutiny.
ASME 2019 Updates 2.27.1.1.1 A communications means between the car and a location staffed by authorized personnel who can take appropriate action shall be provided. 2.27.1.1.3 The communications means within the car shall comply with the following requirements: a) In jurisdictions enforcing NBCC, Appendix E of ASME A17.l/CSA B44, or in jurisdictions not enforcing NBCC, ICC/ ANSI A117.1, ADAAG .
