Design Failure Modes Effects Analysis (DFMEA)

When a system is designed, risk must be calculated and accounted for. As Table 1 illustrates, the closed loop motor control project also includes risk to be managed. As the system was developed, design choices were made to ensure that a more secure product was built. Our team began a simple design for our system and moved forward to implementation. To carry signals from the Tohoku DC Motor to the Quansar Q4 Encoder Port 0, the initial design called for a standard telephone cable with 4 wires encapsulated in one insulator and terminated at each end with an RJ12 connection. The RJ12 terminators were stripped, leaving 4 22 AWG stranded wires. It was assumed that these wires were of a sufficient gauge to carry the signal and to handle the fatigue induced at the terminals. However, testing soon showed that the cable did not offer adequate resistance to fatigue and upon failure, the motor spun at a very high speed without user interaction since the control system had lost its feedback mechanism. As the block diagram in Figure 1 shows, the system was redesigned to account for this failure mode and a thicker cable was used to reduce the probability of this failure mode in the future. As additional safety issues were discovered, their risk quantified, and if necessary, steps were taken to reduce the probability of the event. In this fashion, risks were quantified in the DFMEA matrix in Table 1 and addressed as needed. After the discussed safety analysis, the team concluded that the solution for project managed risk to an acceptable level for the project. Figure 1: DFMEA Block Diagram and Actions Taken

System designed to meet specifications

Enumerate risk using DFMEA table i.e. Discover encoder risk of encoder cable failure

Discuss accident scenarios i.e. motor spinning uncontrollably

Determine probability of failure event i.e. initial cabling give high probability of failure due to fatigue

Determine consequences of accident i.e. Operator could injure hand or clock hand could be damaged

Quantify risk with DFMEA Table Implement design modified for safety (Done) Yes Is the risk for all hazards acceptable? No Modify design i.e. use lower gauge wire

Table 1: DFMEA Table for Project 5: Closed Loop Motor Control Description of Component or Subsystem Encoder connection Failure Mode (Hazard) Symptom Effect Probability of Failure Severity of Effect Risk Index

Cable Broken

Feedback does not work

Cable Frayed

Feedback works intermittently Feedback works intermittently or not at all Motor power fluctuates randomly

Board Connection Broken

Amplifier Connection

Connection to motor fatigued/broken

Disconnected Cable Clock Hand Connection Clock hand loosely connected or joint fatigued Motor loosely connected or joint fatigued

No power to motor Clock hand wobbles or is loose Motor wobbles or oscillates during operation

Motor to Board Connection

Without feedback, motor could spin at high speed Motor could spin at high speed without any user input Motor could spin at high speed and fail to respond to user commands Possible exposed energized cable, damage to user if proper safety protocols not followed Possible exposed live wire Hand could fly off and damage operator or system Motor could disengage from table and damage operator or system

II

II-C

II

II-D

III

III-D

IV

IV-C

IV

IV-C

IV

IV-D

II

II-D