Failure mode and effect analysis, also named FMEA analysis or just FMEA, examines the consequences of potential failures on the functionality of a technical system. FMEA may be varied for different applications, such as for software or processes and may be either qualitative or quantitative. All variations have in common that they analyze failure modes of elements and their effects on the analyzed technical system.
The FMEA or Failure Mode Effects and Diagnostic Analysis (FMEDA) may be developed using a manually maintained table with the support of a spreadsheet processing computer system. FIGS. 1A and 1B depict an example of a table from such a processing computer system.
In column C1 of the illustrated table, the analyzed parts are numerated. The parts of a technical system S may be for instance formed by components or electronic devices. In column C2, the type of the analyzed part is indicated, (e.g., a capacitor or a resistor). In column C3 of the table as illustrated in FIG. 1A, the electronic type of the part is indicated, (e.g., the capacitor is a 10 nF/120V capacitor). In column C4, the identifier is used to identify the part of the specific technical system as indicated, such as an indication number of the electric circuit plan, (e.g., C101 for the capacitor). In column C5 of the illustrated table, the function of the part is textually described. In column C6 of the table, the failure rate lambda λ is indicated, (e.g., 10FIT (failure in time, 1*10−9 per hour) for the exemplary capacitor). Column C7 of the illustrated table represents the failure modes of the respective part, such as two metal connectors of the capacitor may either short circuit or be damaged and in an open circuit state. Column C8 of the table is used to describe a failure effect that corresponds to the failure mode. For example, if the capacitor is in an open circuit state, the failure has no consequences. Column C9 of the illustrated table is used to allocate, (e.g., split), the failure rate lambda λ (as indicated in column C6) to the individual failure modes. For example, the failure rate of 10FIT of the capacitor is equally split for the two failure modes of the capacitor. Columns C10 to C12 of the illustrated table are used to categorize the failure effect into different categories, (e.g., “safe”, “dangerous”, “disregard,” or “don't care”). Columns C13 to C15 of the illustrated table are used to calculate the residual failure rate for the specific failure effect and category (safe λs, dangerous λd and disregard λ*). For example, the failure rate λd for the failure mode “short circuit” is 5FIT since 10FIT (column C6)*50% (columnC9)*1 (columnC11)=5FIT.
The other columns are calculated accordingly. Column C16 is used to describe a diagnostic measure capable of detecting or mitigating a dangerous failure effect. For example, the failure effect corresponding to the failure mode “short circuit” of the capacitor is detected by a pulsed test signal. Column C17 indicates the effectiveness of this measure. For example, the pulsed signals that detect the dangerous failure effect of the open circuit failure mode of the capacitor may only detect or mitigate a fraction of 90% of the occurrences of that failure effect. Column C18 of the illustrated table is used to calculate the residual failure rate that a dangerous failure effect goes undetected (λdu). Column C19 is used to calculate the failure rate for the case that the dangerous failure effect is detected by diagnostic measure (λdd).
The manually maintained table as illustrated in FIGS. 1A and 1B may contain automation of an instant when implemented in a spreadsheet application. The automation may calculate the values for different failure rates.
Because modern safety critical technical systems tend to include an increased complexity, automations and tool support have a long history in research and industry. Whereas compact embedded systems may be analyzed using FMEA in a manually maintained table such as illustrated in FIGS. 1A and 1B more complex systems may result in unmanageably long tables, in particular when larger or different development teams are involved.
Furthermore, each failure mode in such a conventional table corresponds to a single effect in a technical system and its diagnostic measure. For documentary reasons, this fact may be described textually and has a local character referring to the effect on the analyzed subsystem.
With a conventional FMEA analysis using a textually described local effect the following fundamental problems occur.
The local effects prevent a global effect analysis. Since effects are described in a local manner or with a local reference to the failure mode of a subsystem of the technical system, the manual table may not be analyzed for all impacts of global effects within the table. Especially for larger technical systems, effects are described differently for each column of the FMEA table, but may refer to one global effect. FMEA tables may be long and may contain thousands of lines for a complex technical system. Also, the tables are not filled by a single person but by a team of engineers and designers. It is probable that two different failure effects have different local consequences, however, the effect on a global scale may be the same. For example, the effects “amplification factor exceeds limitations” and “output may not be regulated” might result in the same global effect as illustrated in FIGS. 1A and 1B, (e.g., “system causes environmental damage”). To cluster all local effects with a manual maintained textual global effect would be theoretically possible in a manual table, but utilizing manually maintained clusters is a source for mistakes and inconsistencies. Accordingly, a manual FMEA table may not solve the problems of utilizing local effects for a global analysis.
Further, in a conventional FMEA analysis, local measures may not be utilized for global effects. Measures document preventive functions that may be capable to manage a fraction of a failure mode, and thus may omit or prevent an effect. A manual FMEA only aims at the sum of all effects and measures, however, the quantitative or qualitative analysis for every single effect on a global level needs to utilize all measures. It is likely that two measures are described differently, but prevent the same global effect. As a result, they may not be utilized for a global analysis of the system. For example, the aforementioned effects “amplification factor exceeds limitation” (A) and “output cannot be regulated” (B) describe the same global effect C, (e.g., “system causes environmental damage”). The first effect A is based on the failure modes “short circuit” for part number 1 and “open circuit” for part number 2. Those effects are prevented by the measure “pulsed test will detect this failure”. The second effect B “output cannot be regulated” has the same global effect C “system cause environmental damage”, but has no measure preventing the (local and global) effect. Information which fraction of failure modes contribute to the global effect may not be analyzed in a conventional FMEA analysis, because it is unclear how local measures may be identified within the locally maintained table, but correspond to the same global effect.