Consider yourself a system engineer developing an eVTOL to carry passengers on their business flights. Which implies that you are in charge of creating a technological system capable to send a person to its rendezvous and ensure its safe return home. You would undoubtedly value a method that could reveal and mitigate hidden issues at every stage of the design. Failure Modes and Effects Analysis is what you are looking for or a FMEA / FMECA troubleshooting guide.
By examining potential weak design components and the effects they might have on the system functions, Failure Modes and Effect Analysis (FMEA) is a useful technique for identifying the potential failure modes of a system. It quantifies the level of risk to rank the failure modes and prioritise the re-design activities. FMECA is an FMEA with an added Criticality analysis of the identified failure modes.
FMEA is a crucial instrument for reducing primary risks and the best methods that could shield you from the most frequent errors made during its construction. The main goals of FMEA are to better understand the system risks in order to avert potential failures, hence this methodology comes with a long list of advantages. It is a bottom-up analysis that evaluates the failure modes of the individual parts of the system (i.e., the failure symptoms) and tracks the probable impacts of each failure mode backwards until the overall effect is found.
Applying the FMEA technique to the early design and development of any project provides extremely specific information on the potential Failure Modes of the system, providing the designers the chance to raise the dependability, quality, and safety margins before moving on to the development stage. Additionally, this methodology can be used during the project’s re-design phase as a crucial element to cut down on development time. Of course, any Failure Mode that is identified beforehand can avoid needless future costs.
Because creating an FMEA can take a lot of time, especially for complex and large projects, it is essential to specify its scope, level of detail, and, of course, a thorough understanding of the system being studied.
There are different ways to address an FMEA, whether you are analysing a system, item, function or piece-part and the effects of the next highest level will be detected. Combinations of failures are out of the scope of the FMEA and that is why it is traditionally used as a complement to other analysis of the SSA (System Safety Assessment). It is always advisable to perform an FMEA as a prior step to an FTA development, Dependence Diagram (DD) or Markov Analysis (MA) as it will reduce the effort and time to develop the analysis and the Safety Analysis of the System will be more consistent.
In the case of analysing a system with a lot of components, the functional FMEA or a Piece-Part FMEA are good solutions depending on the desired results. To develop a functional FMEA, the system has to be divided in blocks / assemblies of the aircraft in order to identify Single Points of Failure. A piece-part FMEA, will analyse every single component on the functional blocks of the aircraft and it is useful to determine in detail the potential failure effects.
A functional and piece-part FMEA will be contrasted using an electrical system as an example.
In table 1, the column ‘Name’ identifies the specific function or process that is being analyzed.
Failure Modes column identifies the potential ways in which the function or process could fail.
Potential Effects of Failure column describes the potential effects of the failure mode on the component, system and on aircraft level.
There are two large blocks in the functional FMEA that contain a number of components. For instance, the source block contains batteries and generators, thus the loss of the source implies the loss of electrical power in the aircraft (end effect). The other block in this example is the power distribution, that contains cables, fuses, sensors, etc. There are two main failure modes, the loss of the electrical power distribution and the erroneous surge protection operation. In the first one, there are two possible local effects, the loss of power in the essential and non-essential loads. While the loss of the non-essential loads has no safety effect in aircraft level, the loss of the essential loads implies losing different systems in Aircraft level, so it has more than one end effect.
In the case of the piece-part FMEA, the components contained in the blocks analysed in the functional case are analysed one-by-one providing a deeper level of detail in the failure modes. For example, the fuse is part of the power distribution, and here it can be seen exactly which two modes it can fail; not actuating when necessary or unnecessary actuating. Another detail in the fuse here is that this failure mode is hidden, meaning this type of failure mode cannot be detected; it is typical from a component that cannot be tested to check its correct functionality. The temperature sensor, in charge of monitoring the battery, is part of the source block, but here it can be appreciated that losing this item has no safety effect in aircraft level.
An example of possible failure modes for different items is presented.
1) Mechanical items (valve, hydraulic actuator, etc.)
2) Electrical items (sensor, switch, fuse, etc.)
3) Electronic items (microcontroller, diode, transducer, etc.)
After finishing the first draft of the FMEA, the FMES can be generated. The FMES (Failure Modes and Effects Summary) gives highly synthesised information on the system’s final result, the components that have been examined, and the failure modes. As given in figure 1 a summary of the components and their failure modes with the same end effect from the FMEA.
In a functional FMEA, Single Points of Failure (SPOFs) in the FMES can be detected, so the related blocks need of a special design review detail for example with a Fault Tree Analysis. Following the example of the functional FMEA, the failure modes and items that lead to the end effect can be clearly observed.
As seen in table 3. challenging part of the FMEA development process is to define the detection means of the failure modes. Failure modes that remain hidden in the normal functioning of a system pose a serious safety issue.
In the list below, the different detection types are defined.
1) Evident: it is detectable by the flight crew in a noticeable way (noise, smoke, vibrations, etc.) An engine fire would be evident.
2) CAS: it is a failure mode detectable by the flight crew through a dedicated CAS (Crew Alerting System) message. For example, an over-pressure of a reservoir.
3) Latent: this type of failure mode is characterised because it cannot be detected, it can be differentiated in two more specific types.
4) PBIT, CBIT, IBIT: Different types of (Power-Up, Continuous, Initiated) Built-In-Tests, if this is the way to detect the item failure, it has to be mentioned in the component description. An example of possible item would be an ECU (engine control unit).
The technical requirements in order to look for a supplier are derived from the detectability and the failure rate, so another useful result of the FMECA is to present this information in a summarised and easy-to-understand way. The best way to do this is to generate a Detection Coverage table, as in the example below.
As seen in table 3 detection coverage is an important concept in FMEA and refers to the percentage of failure modes that can be detected or identified by the chosen detection means. It is an assessment of the effectiveness of the detection means in identifying and preventing failure modes from causing harm or damage to the system or product.
In FMEA, detection coverage is determined by evaluating the ability of the chosen detection means to identify potential failure modes and prevent them from occurring. It is usually expressed as a percentage of the total number of failure modes identified. For example, if a system has 100 failure modes, and the chosen detection means can identify and prevent 90 of them, the detection coverage is 90%.
The higher the detection coverage, the more effective the detection means are at preventing harm or damage. Achieving high detection coverage requires careful consideration of the potential failure modes and the selection of appropriate detection means to detect them. It is important to note that achieving 100% detection coverage may not always be feasible, but efforts should be made to achieve the highest possible detection coverage.
The FMEA/FMECA has to be developed carefully to provide the best results, and often it requires several months, as the design can be changing, new item failure modes can be detected while analysing other items, missing parts can be added when developing the Fault Tree Analysis, etc.
This is essential in the early stages of development when the design may change and has to be communicated with and handled. FMEA should be prepared in collaboration with the Systems Engineering department to guarantee that the Failure Modes are effectively addressed.
This analysis yields a recommendation to lessen or even resolve those failures, thus it is advisable to separate the failures according to the gravity of their ramifications so that taking action will be simpler. There are two options to move forward based on the failure mode risk evaluation: alter the design to reduce the likelihood that the failure mode will occur or lessen the impact of the failure mode on the system.
Counting with RAMS experts in order to develop this analysis will always offer the best quality results, conclusions and recommendations, as well as improved level of safety and reliability to the designs in the Systems Engineering department.
Developed by DMD Solutions, Robin is a RAMS assistant tool that has been designed by aerospace engineers to support RAMS analyses. Robin RAMS suite offers an FMECA module that offers several advantages when developing an FMEA/FMECA. It is connected with the RPA module (Reliability Prediction Analysis), so it is very easy and fast to generate all the Failure Modes of the listed items and already include the criticality analysis previously developed in the RPA. Also, it has integrated the MIL-HDBK-338B reliability data, so the failure modes of specific electronic components are generated automatically, with the corresponding failure mode distribution.
Some of the advantages of using specialized FMEA software tools include:
A) Standardized templates
B) Automated calculations
C) Collaboration and sharing
D) Links to useful content provide links to relevant industry standards, regulations, and best practices
Moreover, Robin provides the user with an outstanding flexibility, allowing them to comfortably manage their data by facilitating data import and export.