Failure Mode and Effects Analysis (FMEA or FMEA analysis) examines the consequences of potential failures on the functionality of a technical system. Various FMEA analyses are used in domains to analyze safety critical systems.
Failure mode and effects analysis is an inductive reasoning (e.g., forward logic) single point of failure analysis for safety critical systems. Failure mode and effects analysis are available in different variations for different applications, such as software or processes. Failure mode and effects analysis may be either qualitative or quantitative. The variations analyze failure modes of elements and the effects of the failure modes on the analyzed system. A generic quantified FMEA is described for a domain independent application of electrical/electronic/programmable electronic systems in “Failure Modes, Effects and Diagnostic Analysis,” available at http://www2.emersonprocess.com/siteadmincenter/PM%20Rosemount%20Documents/8732E_V11_FMEDA.pdf (Mar. 30, 2014). Without the quantifications, the FMEA described therein is also generic for the qualitative variation of the analysis. The variation of FMEA described therein is referred to as a Failure Mode Effects and Diagnostic Analysis, or Failure Mode Effects and Diagnostic Coverage Analysis (FMEDA).
A FMEA (or FMEDA) as described in the above-referenced publication is typically developed using a manually maintained table with the support of a spreadsheet processing computer system. FIGS. 1A and 1B collectively show an example of a table from such a system. In column C1 of the table, the analyzed parts are numerated. Parts may be components or electronic devices. In column C2, the type of the analyzed part is indicated, e.g., a capacitor or resistor. In column C3, the electronic type of the part is indicated, e.g., the capacitor is a 10 nF/120V capacitor. In column C4, the identifier is used to identify the part in the specific system is indicated, such as an identification number of the electric circuit plan, e.g., C101 for the capacitor. In column C5, the function of the part is textually described. In column C6, the failure rate lambda is indicated, e.g., 10FIT (failure in time, 1*10−9 per hour) for the capacitor. Column C7 presents the failure modes of the part, such as two metal connectors of the capacitor may either short circuit or be damaged and in an open circuit state. Column C8 is used to describe a failure effect that corresponds with a failure mode. For example, if the capacitor is in an open circuit state, the failure has no consequences. Column C9 is used to allocate (e.g., split) the failure rate lambda (as indicated in column C6) to the individual failure modes. For example, the failure rate of 10FIT of the capacitor is equally split for the two failure modes of the capacitor. Columns C10 to C12 are used to categorize the failure effect into the categories “safe”, “dangerous”, and “disregard” (or “don't care”). Columns C13 to C15 calculate the residual failure rate for the specific failure effect and category (safe λs, dangerous λd, and disregard λ*). For example, the failure rate λd for the failure mode “short circuit” is 5FIT since10FIT(column C6)*50%(column C9)*1(column C11)=5FIT
The other columns are calculated accordingly. Column C16 is used to describe a possible diagnostic measure capable of detecting or mitigating a dangerous failure effect. For example, the failure effect corresponding to the failure mode “short circuit” of the capacitor is detected by a pulsed test signal. Column C17 indicates the effectiveness of that measure. For example, the pulsed signals that detect the dangerous failure effect of the open circuit failure mode of the capacitor may only detect or mitigate a fraction of 90% of the occurrences of that failure effect. Column C18 is used to calculate the residual failure rate that a dangerous failure effect goes undetected (λd undetected, or λdu). Column C19 is used to calculate the failure rate for the case that the dangerous failure effect is detected by the diagnostic measure (λd detected, or λdd).
The manually maintained table of FIG. 1 may contain automation, such as when implemented in a spreadsheet application. The automation may calculate the values for the different failure rates or completeness of the percentages.
Because modern safety critical systems tend to increase complexity, automations and tool support have a long history in research and industry. Whereas compact embedded systems may be analyzed using FMEA in a manually maintained table, more complex systems may result in an unmanageably long table, such as when larger development teams are involved.