Failure Modes, Effects and Criticality Analysis (FMECA) is a risk analysis method for studying, assessing and controlling all possible failures within a product, system, process or service.
It employs an inductive approach: from the cause to the consequences.
The system is studied by:
- identifying potential design weaknesses, failures in all the phases of its life cycle,
- researching their causes,
- assessing their effects, consequences,
- establishing a hierarchy and classification of risks, their severity and the probability that they will materialise.
When the likelihood of occurrence is not dealt with, we talk about FMEA.
Risks in a system are controlled by implementing actions to reduce these risks, which be they preventive or corrective:
- defining monitoring measures, actions for rendering the risk passive or reconfiguration actions,
- implementing procedures, for use and maintenance,
- improving reliability and availability,
- guaranteeing quality and quality assurance.
Product FMEA/FMECA takes place in working groups at the end of phase A, right up to the end of phase C. It is a design aid.
There are different types of FMEA/FMECA:
- Functional FMEA/FMECA
This type of analysis is performed to identify the technical failures within a system on a functional basis, when the equipment tree has not yet been settled.
- Component Level FMEA/FMECA
This type of analysis is performed on all or part of a component, item of equipment or system (e.g. FMEA limited to interfaces, critical zones, etc.).
- Process Level FMEA/FMECA
This analysis is performed to highlight failures associated with production, manufacturing, assembly and inspection processes. The consequences relate to the manufacturing processes and the product.
These three types of analysis may intersect.
The standard applied by CNES is identical to that of ESA: "ECSS-Q-ST-30-02 - Failure Modes, Effects (and Criticality) Analysis (FMEA/FMECA)"
FMEA/FMECA is implemented in the following stages:
1. Defining the product, its functions and components
FMEA/FMECA requires a good understanding of the functional aspect of the product to be analysed. Data may come from different sources: Functional Analysis, Statement of Requirements, Specification of Requirement, Definition Files, etc. From these sources, one has to extract the performance, constraints (external environment, intrinsic), the product's life cycle phases, the functionalities and feared events.
A second stage consists in breaking the product down into elementary functions and components: functional tree (for functional FMEA/FMECA) or equipment tree/diagrams with referenced components (for component level FMEA/FMECA).
2. Defining the FMEA/FMECA
Before analysis begins, it is necessary to set up a framework with the project or sponsors. The two parties settle the following points with regard to the FMEA/FMECA:
- the choice of standard, the applicable standard for the analysis,
- the definition of the analysis level (functional, component level - complete or limited to interfaces, etc.) and the scope of the study (local, global effects),
- the definition of the failure ranking grids: levels of severity, probability of occurrence, etc.,
- definition of the format of the analysis tables (column contents).
FMEA/FMECA is performed in cooperation with those who possess knowledge of the product under analysis.
3. Researching the failure modes of elementary functions or components
For each function, all failure modes that result in the following are identified:
- loss of the function
- untimely function
- degraded function
For each component, all failure modes are identified.
For instance, in the case of an electronic component: open circuit, short circuit, drift, etc.
4. Studying the effects of failures
The effects of each of the failure modes are studied at all levels within the scope of the study. The objective of the analysis here is to classify the identified effects according to their severity for FMEA, to calculate the probability of their occurrence (for FMECA), and then to establish a hierarchy according to criticality.
Criticality is established via the following formula:
C = S x P C: Criticality S: Severity P: Probability
For FMEA, only the severity is estimated.
ECSS-Q-ST-30-02 includes the table below:
This assessment is used to establish an acceptability level for the failure. In this case, the failures with a level in the yellow zone of the criticality matrix cannot be accepted as they are, and require risk control actions for avoiding or reducing the risk.
When a failure is judged unacceptable, risk control actions are undertaken. Through recommendations, they involve informing the project of the ways to avoid or detect, locate and make each failure passive, and proposing the suitable reconfiguration.
The objective is to bring the level of the failure back into the zone of acceptability. According to this grid, there are two possible types of corrective action:
- Lower the level of severity: protective system, degraded mode, etc.
- Lower the level of probability that the failure will occur: redundancy, component quality, etc.
The recommendations issued are given to the project* (within the scope of the study) and/or to the study's sponsor so that they may be taken into consideration at that level.
* The decision to apply all or part of the recommendations is made at project level. An accepted recommendation becomes an action managed by the project. The finalised FMEA/FMECA document must set out what recommendations are taken into account.
6. Limits of the study
FMEA/FMECA only deals with single failures one by one. For taking multiple failures into account, the Fault Tree Analysis method is more suitable.
C. Typical content
2.1 Applicable documents
These are all the documents which are applicable to the FMEA/FMECA, including ECSS-Q-ST-30-02.
2.2 Reference documents
These are the documents necessary for preparing the FMEA/FMECA (diagrams, block diagrams, drawings, etc.).
This defines the terminology and acronyms used in the document.
3. Failure modes under consideration
In this paragraph specify which failure modes are under consideration in the analysis, in accordance with the types of components.
For example: short circuit, open circuit, drift for resistance, etc.
4. Risk classification grid
This paragraph sets out the scales for classifying the severity of the effects of the risk, the probability that it will occur (FMECA) and its criticality (severity x probability pair - FMECA).
Please refer to "ECSS-Q-ST-30-02C".
5. Summaries and conclusion
List of the risks according to their hierarchy in accordance with their criticality.
The list of recommendations, with their status (taken into account or otherwise) for those that come within the scope of the study.
List of observable symptoms with the associated causes.
6. Appendices: analysis tablesAn example component level FMECA table:
|Risks||Lack of knowledge of effects of failures|
|Recommandations||ANALYSE CONSEQUENCES OF ELEMENTARY FAILURES |
Failure Modes, Effects and Criticality Analysis (FMECA)