2006 / Dr. D.

Wegner
Methods and Use of
Reliability and Availability
Analysis
(Use of R&A-Analyses)
I
m
p
a
i
r
m
e
n
t

A
n
a
l
y
s
i
s
Specification Design Implementation Test
R
A
M

p
r
e
d
i
c
t
i
o
n
R
A
M

m
o
n
i
t
o
r
i
n
g
RAM engineering
Verification & Validation
RAM
budgeting I demonstration
Use
Use
Use
2006 / Dr. D.Wegner
U
s
e

o
f

R
&
A
-
A
n
a
l
y
s
e
s
Reason: Sources:
company/
direct 1. guarantees project- 1. market analysis
commercial 2. penalties (targets, milestones) external 2. contracts
3. ... 3. ...
company/
indirect 1. loss of customer satisfaction project 1. business targets
commercial 2. damage of reputation internal 2. technological targets
3. ... 3. ...
WHEN and WHY is a 'RAM Analyses' required or useful?
WHEN => if possible IMPAIRMENT's can rise up in case that
REQUIREMENT's will be not fulfilled completely;
WHY => to know how probable possible IMPAIRMENT's (e.g. penalty-levels) can be
IMPAIRMENT's REQUIREMENT's
2006 / Dr. D.Wegner
M
e
t
h
o
d
s

o
f

R
&
A
-
A
n
a
l
y
s
e
s
1.1 STEP =>
1.2 STEP =>
2. STEP =>
1. functional consequences (FMEA)
technical 2. consequences for interfaces (IA)
(as well project-external)
3. STEP => non- 1. consequences for operation* (CA)
technical 2. consequences for business (CA)
3. contractual consequences (CA)
4. ...
4.1 STEP =>
4.2 STEP =>
* operation = services & maintenance
RAM ANALYSES
(apportionment, analyses of impairments)
EVIDENCE/ UPDATE of requirements
RBD - Reliability Block Diagram (dependability)
FTA - Fault Tree Analyses
Markov-Model
CCD - Cause-Consequence Diagram (FTA+ETA)
Choice of right METHOD's for RAM Analyses
Interface Analyses ( IA, general)
ETA - Event Tree Analyses
e.g.Commercial
Analyses (CA) FMEA - Failure Mode Effective Ana.
PROBABILITY
of impairments
Severity of the
CONSEQUENCES
of impairments
technical non-technical
Specification of REQUIREMENT's
Specification of IMPAIRMENT's
find ...PRECAUTION to minimize the possibility of
impairments ... (EN 50126, 4.5.1.2)
2006 / Dr. D.Wegner
N
e
e
d

f
o
r

t
h
e

D
e
f
i
n
i
t
i
o
n

&

D
e
r
i
v
a
t
i
o
n

o
f

R
A
M

T
a
r
g
e
t
(
s
)
t
o

m
e
e
t

r
e
q
u
i
r
e
m
e
n
t
s
,

a
n

e
x
a
m
p
l
e

responsibility***: (M)xBAn (M)TTRd
Client, e.g.(Mean) Time e.g. (Mean) Time
(Project Management) Between non- To Restore delivey
Available Services of services
responsibility***:
Project management,
(Client) (M)xBSF (M)TTRs
e.g.(Mean) Time e.g.(Mean) Time To
Between Service Restore services
Failure
responsibility***:
Subcontractor
(M)xBF (M)xBM (M)TTRf (M)TTAi,e
e.g. (Mean)Time e.g. (Mean) Time (Mean) Time To (Mean) Time
Between Failure Bet Between Main- Restore (function) Restore Actions
tenance (prev.)
e.g. Failure Modes => FMEA
e.g. (M)TTMc
* Operation = Services & Maintenance e.g. (M)TTMp
** see 'Performance Monitoring' (M)TTMc - (mean) Time To Maintain corrective
*** responsibility has to be detailed based on project-conditions (M)TTMp - (Mean) Time To Maintain preventive
x - period; (calendar, operation, service) Time/ Cycle, Distance
WHAT is the required TARGET for the RAM Analyses ?
Operational* Availability
project-external operational and
technical interfaces
Guaranteed Availability
(monitored** Availability)
service conditions
(schedule, headway,...)
OS&H
Operational Safety & Health
maintenance conditions
(maintenance windows/ access)
Technical Availability
Reliability
technical part organisa. part
Maintainability
REQUIREMENT !
not required !
not required !
2006 / Dr. D.Wegner
R
A
M
S

I
n
f
l
u
e
n
c
e
-
f
a
c
t
o
r
s

a
n
d
a
n
d
q
u
a
n
t
i
f
i
c
a
t
i
o
n

o
f

I
n
t
e
r
n
a
l

D
i
s
t
u
r
b
a
n
c
e
Logistics
Performance Monitoring
contractual/ Preventive Maintenance
Project Budget business Maintenance
Conditions Conditions Corrective Maintenance
Business Targets*** (RAM only)
Human Factors **
Logistics
Maintainability
Human Errors **
Technical characteristic
System Service Procedures
External Disturbance * Conditions Conditions
Mission Profile ***
Internal Disturbance
Environmental Conditions *
operation mode
environment quantification
Random stress degradation via probabilistic
Failure wear out RAM Analyses => see next foils
over stress possible
...
wrong requirement
Systematic inadequacy in design&realisation to avoid by e.g.
Failure manufacturing deficiency Quality Checks,
human/ software errors Tests, Training,
... Reviews,... (based on EN 50126)
general factors
influencing
RAMS
2006 / Dr. D.Wegner
D
i
f
f
e
r
e
n
t
i
a
t
i
o
n

b
e
t
w
e
e
n

F
a
i
l
u
r
e
/
E
v
e
n
t

d
e
f
i
n
i
t
i
o
n

i
n

t
h
e

A
v
a
i
l
a
b
i
l
i
t
y

a
n
d

S
a
f
e
t
y

A
n
a
l
y
s
e
s
(
e
.
g
.

F
a
u
l
t

T
r
e
e

A
n
a
l
y
s
e
s
;

F
T
A
)
Availability Function Event Definition - Safety Function Event Definition -
Availability related Safety related
"Train shall enter Train can not "Train does not enter "Train does not stop
the tunnel with enter the tunnel in flooded Tunnel" in front of signal in case
planned speed" (Availability Top Event - ATE) of flooded tunnel"
(Safety Top Event - STE)
P(m) = 0,01 + P(M) - 0,01 * P(M) P(M) = (insufficiant decrease of water-level)
= (failure signal in control center or
insufficiant decrease of water-level)
P(d) = (failed in any level-status or D S P(D) = (failed in LOW-level-status)
LOW-Level-status)
P(s) = (failed in any status 'GREEN nor RED' P(S) = (failed in enter status 'GREEN')
or in enter status 'GREEN') m, M - Pump
Availability 'Top Event' d, D - Detector Safety 'Top Event'
(ATE) happens if s, S - Signal (STE) happens if
and
P() - Probability
Drainage Function Signal Function of Event/ Failure Drainage Function Signal Function
fails P(m) fails P(sf) fails P(M) fails P(SF)
Detection fails Signaling fails Detection fails Signaling fails
P(S)
= P(d) + P(s) - P(d) * P(s) = P(D) + P(S) - P(D) * P(S)
= + - * = + - *
= =
= P(m) + P(sf) - P(m) * P(sf) = P(M) *
= + - * = *
= =
Availability Analyses
Safety Analyses
Preliminary Hazard Analysis
e.g. Subsystem 0,010
0,020 Drainage train-tunnel
0,020 0,010
0,020 0,010
or
1 2
or or
P(d) P(s) P(1 and 2) = P(1) * P(2) P(D)
P(1or 2) = P(1) + P(2) - P(1 and 2)
P(sf) P(SF)
0,020 0,020 0,020 0,020
The difference in the failure/ event-
definition between Availability and
Safety is reflected in the difference of
its quantitative level
P(ATS-Availability)>P(STE-Safety)
0,039
0,020
0,010 0,010 0,010 0,010
0,020
P(ATS) P(STE) P(SF)
0,020
0,0585 0,0002
0,039 0,020 0,039 0,010
M
2006 / Dr. D.Wegner
D
i
f
f
e
r
e
n
t
i
a
t
i
o
n

b
e
t
w
e
e
n

F
a
i
l
u
r
e
/
E
v
e
n
t

d
e
f
i
n
i
t
i
o
n

i
n

t
h
e

A
v
a
i
l
a
b
i
l
i
t
y

a
n
d

S
a
f
e
t
y

A
n
a
l
y
s
e
s


(
e
.
g
.

E
v
e
n
t
T
r
e
e
A
n
a
l
y
s
e
s
;

E
T
A
)
Availability-related definition of failure
P(m1) = (failure signal in control centre)
P(d1) = (failed in any level-status)
D S P(s1) = (failed in any status e.g. 'GREEN nor RED')
Availability & Safety-related definition of failure
m, M - Pump P(M) = (insufficient decrease of water-level)
d, D - Detector P(D) = (failed in LOW-level-status)
s, S - Signal P(S) = (failed in enter status 'GREEN')
Probability
Hw no no no no no no
= 1- P(M) yes 1 0
yes - 1 0
yes no no 1 0
yes 1 0
yes - 1 0
yes - - - 1 0
yes - - - -
yes - no no no no
= P(M) yes
yes - **
yes - -
yes - - -
* failure leads automatically to a train-stop
** e.g. 9,80E-05 = (1- P(M)) * P(D) * P(d1) * (1-P(S)) * ns
1,0000 0,0585 0,0002
1,00E-04
0,01 1,00 1,00 1,00
1,00E-04 1 1 1,00E-04
0 9,90E-05 0,00E+00
0,01 1,00 1,00
0,01 1,00
9,90E-05 1
0,00E+00
0,01
9,80E-05 1 1 9,80E-05 9,80E-05
9,70E-05 1 0 9,70E-05
0,00E+00
0,01 1,00 0,99 0,99 0,99 0,99
9,61E-03 1 0 9,61E-03
0,00E+00
0,01 1,00 1,00 1,00 1,00
9,90E-03 1 0 9,90E-03
9,70E-05 9,70E-05 0,00E+00
9,80E-03 9,80E-03 0,00E+00
9,51E-03 9,51E-03 0,00E+00
0,01 0,99 9,61E-05 9,61E-05 0,00E+00
9,51E-03 0,00E+00
9,61E-03 9,61E-03 0,00E+00
0,99 0,99 0,99
9,51E-03
0,99 0,99 0,99
Ps [1/a]
9,41E-01 0 0 0,00E+00 0,00E+00
P(d1)* P(S) P(s1)* Pa [1/a] Hw [1/a] P(M) P(m1) P(D)
Safety-
relevant
other failure signal
from pump'
failed in any other
status'
in any other status'
(GREEN nor RED)
'failed in LOW-level-
status or
'failed in enter-status
(GREEN) or
Event
Progression
Availability-
relevant
Situation
Frequency Probability Probability Probability
n
o
n
-
a
v
a
i
l
a
b
l
e

(
n
a
n
o
n
-
s
a
f
e

(
n
s
)
Probability
'Water runs
into tunnel'
'insufficient decrease
of water-level or
Initial event Pump Detector Signal
0,010
0,010
0,010
0,010
e.g. Subsystem
Drainage train-tunnel 0,010
0,010
M
2006 / Dr. D.Wegner
A
v
a
i
l
a
b
i
l
i
t
y

A
n
a
l
y
s
e
s


(
e
.
g
.

M
a
r
k
o
v

M
o
d
e
l
;
M
a
r
k
o
v
-
c
h
a
i
n
)
D S
1->1 1->2 1->3 1->4 [ P1(n+1)
m, M - Pump P2(n); 2->1 2->2 2->3 2->4 P2(n+1)
d, D - Detector P3(n); 3->1 3->2 3->3 3->4 P3(n+1)
s, S - Signal 4->1 4->2 4->3 4->4 P4(n+1) ]
Repair Failure => P1 (n+1) = P1(n)*(1->1) + P2(n)*(2->1) + P3(n)*(3->1) + P4(n)*(4->1) ... => P1 (m)
1->1 => P2(n+1) = P1(n)*(1->2) + P2(n)*(2->2) + P3(n)*(3->2) + P4(n)*(4->2) ... => P2(m)
0,9403 => P3(n+1) = P1(n)*(1->3) + P2(n)*(2->3) + P3(n)*(3->3) + P4(n)*(4->3) ... => P3(m)
Z1 => P4(n+1) = P1(n)*(1->4) + P2(n)*(2->4) + P3(n)*(3->4) + P4(n)*(4->4) ... => P4(m)
P(m) =
P(2->1) 2->2 P(1->2) Start-state (n=0) (n+1).Period ... m.Period
1,0000 0,0000 0,0199 Z1 Z2 Z3 Z4 Z1 Z2 Z3 Z4 ... Z1 Z2 Z3 Z4
Z2 0,9403 0,0199 0,0199 0,0199 0,9403 0,0199 0,0199 0,0199 ... 0,9403 0,0199 0,0199 0,0199
P(d) =
P(3->1) 3->3 P(1->3) P1(0) P2(0) P3(0) P4(0)
1,0000 0,0000 0,0199 1,0000 0,0000 0,0000 0,0000
Z3 4->1 =P4(0)*4->1
P(s) = 1,000 0,0199
P(4->1) 4->4 P(1->4) 4->2 =P4(0)*4->2
1,0000 0,0000 0,0199 0,000 0,0000
Z4 4->3 =P4(0)*4->3
0,000 0,000
4->4 =P4(0)*4->4
Pa = 1- P1(n) = 0,05634 0,000 0,0000
3->1 =P3(0)*3->1
2->1 1,000 0,0199
Z1 Pump, Detector and Signal operating (Begin-status) 1->1 3->2 =P3(0)*3->2
Z2 Pump failed; P(1->2) (Failure-status)
Z3 Detector failed; P(1->3) (Failure-status) P1(1) P2(1) P3(1) P4(1)
Z4 Signal failed; P(1->4) (Failure-status) 0,9403 0,0199 0,0199 0,0199
P(2->1) = 1 Repair of pump in each case possible
P(3->1) = 1 Repair of detector in each case possible ... P1(m) P2(m) P3(m) P4(m)
P(4->1) = 1 Repair of in each case signaling possible 0,9437 0,0188 0,0188 0,0188
P4(n) ]
Transition-matrix
[ P1(n);
*
=
e.g. Subsystem ADVANTAGE against FTA & ETA: => modeling can be closer to the reality, e.g. consideration
of maintenance conditions and strategies & time-dependency of availability Drainage train-tunnel
DISADVANTAGE against FTA & ETA: => complicate mathematical solution; suitable only for
systems with limited number of components and states
M
2006 / Dr. D.Wegner
N
e
e
d

f
o
r

a

c
l
e
a
r

d
e
f
i
n
i
t
i
o
n

o
f

I
n
p
u
t
-
d
a
t
a

f
o
r

R
A
M

A
n
a
l
y
s
i
s

t
o

s
h
a
r
e

c
l
e
a
r

t
h
e

r
e
s
p
o
n
s
i
b
i
l
i
t
y
,

a
n

e
x
a
m
p
l
e
responsibility*: (Mean) Time
Project Management To Restore
(Client) Services
responsibility*:
Project (Mean) Time
Management To Restore
Function
(Mean) Time (Mean) Time (Mean) Time
internal Restore responsibility*: corrective external Restore
Actions Subcontractor Maintenance Actions
waiting 1. diagnose waiting waiting times
times 2. localization times (e.g. revenue optimization)
3. spare part
4. drive, march logistic 5. give over
6. corrective operator->maintainer
7. safeguarding maintenance 8. setting/ resetting of
9. give back operational restrictions
maintainer->operator
* responsibility has to be detailed under the special project conditions
+
MTTAi/ TTAi MTTMc/ TTMc MTTAe/ TTAe
Clear definition of input-data for failure/ event definition
e.g. MTTRs/ TTRs
+
MTTRf/ TTRf
2006 / Dr. D.Wegner
R
e
s
u
l
t

o
f

a
n

i
m
p
a
i
r
m
e
n
t
-
o
r
i
e
n
t
e
d

R
A
M

A
n
a
l
y
s
e
s
,

a
n

e
x
a
m
p
l
e

-
M
a
i
n

C
o
n
t
r
i
b
u
t
o
r

s

(
M
C
)

a
n
d

p
o
r
t
i
o
n

o
f

s
y
s
t
e
m
s

(
s
y
s
)

a
t

t
h
e

n
o
n
-
A
v
a
i
l
a
b
i
l
i
t
y
/

C
o
s
t
s

(
P
e
n
a
l
t
i
e
s
)

a
n
d

i
t
s

p
o
s
s
i
b
l
e

r
e
a
l
i
s
a
t
i
o
n

r
a
n
g
e
s
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
S
y
s
1
_
n
o
n
-
A
C
o
s
t
S
y
s
2
_
n
o
n
-
A
C
o
s
t
S
y
s
3
_
n
o
n
-
A
C
o
s
t
S
y
s
4
_
n
o
n
-
A
C
o
s
t
S
y
s
5
_
n
o
n
-
A
C
o
s
t
S
y
s
6
_
n
o
n
-
A
C
o
s
t
Max % of non-A(non-Availability), Costs(penalties) Min
Sys1_non-A_MC1
Sys2_non-A_MC2
Sys3_non-A_MC3
Sys1_Cost_MC1
Sys2_Cost_MC2
Sys3_Cost_MC3
realisation of non-Availability/Cost
(How probable are certain non-A/
penalties?)
non-Availability/Cost-ranges (C-An)
to commercial
Risk-Analysis