FAILURE KlDE, EFFECT AND CRITICALITY ANALYSIS

D.J. Lawson,

System Effectiveness and Reliability Section,

Marconi Research Centre,
Chelmsford. CM2 8HN. U.K.

ABSTRACT

A Failure Mode, Effect and Criticality Analysis (FMECA) is now an established

technique for assessing the design and reliability of a system but the mechanics of
the method are less well defined. This paper identifies the advantages to be gained
from, and the requirements of, such an analysis. This is followed by a description
of a method which has been developed to help realise the potential of an FMECA and
which has been successfully applied to numerous projects. Finally it is shown how a
computer is used to advantage when this type of analysis is performed.

NATO ASI Series, Vol. F3

Image Sequence Processing and Dynamic Scene Analysis
Edited by J. K. Skwirzinsky
© Springer-Verlag Berlin Heidelberg 1983
 56

1. INTRODUCTION

A Failure Mode, Effect and Criticality Analysis (FMECA) is a systematic method

of assessing the design and reliability of a system by considering the various
failure modes of each individual item and determining their impact upon the
performance of the system.

This is achieved by breaking the system down into a hierarchy of decreasing

levels of assembly and dividing each level into a number of functional units as
shown in Figure 1. The analysis commences by considering the failure modes of a
unit at the lowest level and determining their effects on the output of that unit.
These effects become failure modes of subsequent units at successively higher
levels until the overall system effect is established. The severity of each effect
upon the performance of the system is indicated which, when coupled with a failure
rate, identifies its criticality.

The examples given in this paper contain fictitious system data which is used
solely to demonstrate the method.

1ST LEVEL

2ND LEVEL

LEVEL

4TH LEVEL
INPUT
FAILURE-
MODE

INTERNAL
FAILURE
MODE

FIGURE 1. System Breakdown

 57

1,1. Definitions

UNIT A system. sub-system. line replaceable unit. module or component.

LEVEL A term to identify the relative complexity of a unit.

FAILURE K>DE The manner in which a unit function can fail.

INTERNAL FAILURE A failure mode that has originated from within the unit being
MODE considered.

INPUT FAILURE A failure mode which appears on a unit input as a result of a

MODE failure in a previous unit.

FAILURE EFFECT The consequences of a failure mode on the unit operation.

LOCAL EFFECT The effect of a failure mode on the unit under consideration.

END EFFECT A failure effect that has no further effect at the current
level.

FINAL EFFECT A failure effect at the highest level.

SEVERITY A measure of the consequences of a failure on the performance. or

safety. of a unit.

CRITICALITY A relative measure of the severity of a failure and its frequency

of occurrence.
 58

2. APPLICATION

As described in Section I, an FMECA is a 'bottom up' analysis. That is, it

identifies the failure modes of an item and examines their effects on the system.
This contrasts with Fault Tree Analysis (FTA) which adopts a 'top down' approach by
postulating an effect and working down towards the causes. FTA is usually employed
only during the early conceptual phases of system design since it relies on the
analyst being able to predict the consequences of a failure mode before the failure
mode is established. There is therefore the possibility that some relevant effects
will be overlooked. FTA can be particularly useful in evaluating multiple failures
and in assessing the compliance with safety requirements and has a major application
in the nuclear power and chemical processing industries. An FMECA is a thorough and
disciplined analytical method most suited for use during the later stages of
equipment design.

An FMECA may be carried out to any level of assembly and so the bounds of the
analysis can vary. For example the analysis might consider the failure modes of
individual Line-Replaceable-Units (LRU's) and trace their effects up to complete
system level. On the other hand, the analysis might consider a single LRU (perhaps
shown to be critical by some other criteria) and examine the effects of component
failures on the performance of the LRU. A 'partial' FMECA, where some elements of
the system are ignored, is not recommended since the omitted items may contain
failure modes which produce unenvisaged critical effects. An FMECA is potentially
one of the most beneficial and productive tasks in a well structured reliability
programme. It serves to verify design integrity, assess system safety, identify and
quantify sources of undesirable failure modes and document the reliability risks.
It should be applied with the following objectives in mind:

1) to identify failures which have a hazardous or catastrophic effect,

2) to determine the failure rate (or probability of occurrence) of each effect by

summing the failure rates of all contributory failure modes.

3) to categorise all effects with respect to their severity and compare their
criticality. Critical effects are those with both high severity and high
failure rate.

Objectives (2) and (3) are sometimes omitted and the analysis called a
Failure Mode and Effect Analysis (FMEA).

4) to reveal fault escalation areas,

5) to highlight sensitive areas by detecting those failures which lead to

critical or numerous effects and thereby produce a Critical Items List.

6) to assess the fault coverage of test equipment,

7) to avoid costly modifications by the early identification of design

deficiencies. The usefulness of an FMECA is limited if the results only
become available when the equipment is already in production,

8) to provide a means of in-service fault diagnosis and establish corrective

action priorities,

9) to assist in maintainability analysis and spares provisioning.

The maintainability of a system may be obtained by performing the
following tasks:
 59

i) List all actions needed to locate and correct each failure mode,

ii) Allocate a repair time for each action,

iii) Sum the repair times to obtain the Mean Time To Repair each failure
mode i (MTTRi),

iv) Calculate the Mean Time to Repair the system from:

n
MTTR system - L MTTRiAi
i=1

where n - number of failure modes

and At - failure rate of failure mode i.

FMECA is not well suited to systems containing appreciable redundancy because
clearly, if most items are in a truly redundant configuration, then the final effect
of individual item failures (single point failures) on the performance of the
overall system will be zero. Multiple failures should be considered, for example a
failure causing an overload occurs when an overload protection device has failed,
but this soon becomes unwieldy if extensively applied. Furthermore, it is difficult
to attach a failure rate to failures of this nature as the failure rate becomes a
function of time and is therefore no longer constant.

In general, therefore, an FMECA can most usefully be performed when the system
is in its simplest state (i.e. comprises the minimum number of items necessary to
perform the system function) to determine those areas where redundancy, or some
other reliability improvement technique, should be applied.

However, if a system has redundant items they must be analysed to verify that
their failure modes cannot degrade system performance and so that their failure
mechanisms can be established from the lower level results of the system FMECA.
 60

3. REQUIREMENTS

The technique described in the following sections was initially developed in

1978 after extensive contact with procurement agencies and systems companies and has
since been successively applied to many major projects from under-water weapons to
airborne radar. At that time it was apparent that many contractors were unsure of
what was expected from an FMECA and analyses varied from those where almost all
failure modes resulted in just one effect - total system failure - to those which
were so expansive that manual analysis of the results became almost impossible.

A great deal of effort and information may be wasted if a disciplined approach

is not employed where the effects of each failure mode are traced systematically
throughout the complete system. It is not sufficient to treat each part of the
system as an isolated unit or to attempt to predict the effect of a low level
failure on the performance of the overall system as is the case in a simple tabular
FHEA. This method uses worksheets which are divided into columns. The information
carried in these columns is, basically, the failure mode, the local effect and the
final system effect. This means that the final effect may be established in a
haphazard manner resulting in much duplication of effort and, more importantly,
resulting in some effects being overlooked.

The requirements summarised below will help to ensure that the potential of an
FHECA is realised.

1) Consideration should be given to an FMECA as early in the design stage as

possible. This makes engineers aware of designing for reliability when it is
easy to implement design changes. The full benefit of an FMECA is not always
appreciated since both the design and the FMECA documentation are often
modified as a result of this early analysis.

2) The depth of the analysis should be increased, giving greater attention to

the most sensitive areas of the system, and the analysis updated as the design
progresses.

3) A hierarchical system structure should be decided upon with the help of

system engineers where the system is reduced to various levels of assembly,
each unit at each level having an identification number.

4) A systematic approach should be employed where the effects of failure modes

are traced from unit to unit throughout the complete system at the lowest
level of assembly. The results are then collated to describe each successive
level until the highest level to be analysed (for example, the complete
system) is reached. The benefits of this are:

i) the analysis is completed at the lowest level where design engineers have
extensive knowledge,

ii) it establishes a discipline which minimises the possibility of

overlooking system effects,

iii) it eliminates the need to trace each effect through the system
individually.
 61

5) A standardised method is required when a project is handled by several

sub-contractors so that the different elements can be combined to describe the
overall system.

6) The severity and failure rate of each failure should be stated so that its
criticality can be determined.

7) An FMECA is a sizeable task that generates a great deal of information. It

is therefore essential that this information can be analysed
easily - ideally with the aid of a computer. Difficult to trace effects in
a voluminous report will severely limit the usefulness of any FMECA.
 4. METHOD

4.1. System Definition

In order to perform an effective FMECA the system to be analysed must

be defined in as much detail as possible and the bounds of the analysis must
be clearly established. The following preparatory steps are essential.

1. Define the function and purpose of the system and establish all
differing modes of operation.

2. Determine the objectives of the analysis and the level to Which it is

to be performed. Analysing a large system down to component level is
generally impracticable.

3. Establish the functional hierarchical system breakdown.

4. Develop a functional block diagram for each unit showing all

interfaces.

5. Identify failure categories so that effect severity (and criticality)

can be classified. For example:

Category A - catastophic system failure

Category B - major reduction of system capability (fails minimum

acceptable performance level)

Category C - minor reduction of system capability (passes minimum

acceptable performance level)

Category D - no effect to system capability

Category S - attached to any other category to indicate a potential

safety hazard

Categories may be assigned to effects at all levels but their meaning

at the lower levels must be understood. For example. a category B failure
effect at sub-system level WDuld indicate a major reduction of sub-system
capability.

Some analyses assign a severity classification to a failure mode but

it is difficult to determine the severity of a failure mode until all its
effects have been established and the effects of any given functional
failure mode may vary from the trivial to the catastrophic.

6. Establish the availability of appropriate reliability data. The

failure mode failure rate is usually calculated using the method defined in
MIL HDBK 217 (see Reference 1).

7. Identify failure detection requirements.

System failures should be detected by external or built-in test equipment

(BITE) or even just by observation. To assess the coverage of fault detection
methods information should be attached to each effect to indicate Whether a
particular effect at a particular unit will be detected. For example:
 63

NO - not detected.

T1 - detected by unit test.

T2 - detected by system test.

OB - immediately detected by observation only.

It should be realised that failure detection methods and requirements

vary considerably from system to system. A suitable method of assessing fault
coverage must be evolved for each system analysis.

4.2. Procedure

Once the system breakdown has been established each unit must be
identified by a unit number as suggested in Figure 2. Levels may be
typically defined as:

MSA - Main System Assembly (overall system)

MS - Main Systems contained in the MSA

SS - Sub-systems of each main system

LRU - Line Replaceable Units contained in each sub-system

MOD - Modules of each LRU

COMP - Components contained in each Module

0 MSA Level
I
I I
2 3 MS Level
I
I I I I I
1.1 1.2 1.3 3.1 3.2 SS Level

I
1.2.1
I
1.2.2 1.2.3 3.2.1
ILRU Level
3.2.2
I
1.2.2.1 1.2.2.2 MOD Level

FIGURE 2. Unit Identification

The analysis is commenced at the lowest level to be considered and the

information recorded on work-sheets as shown in Figure 3. Each unit is
analysed in turn listing both the input and internal failure modes and their
resulting effect(s) on the output of that unit.
 SHEET OF

UNIT NAME: Con t ro1 and Decode T PARTS: 819262, 819259 TOT. FR:
MS 1 55 4 LRU 3 MOD - COMP NEXT LEVEL UP: Synchro Interface Unit

SOURCE/ ~
No. I FAILURE MODE F.R. No. FAILURE EFFECT DEST. « BITE
u

~
I
Loss of 3.4 V reference EXT Loss of attitude rate data 1. 2.5 .6 I A I YES
2 No chip select to RAM 4.6 121 Angular data not updated on 1.2.5.7 A YES
all channels 1.3.1.2

INTERNAL

Latch inoperative FO.3 3 No acknowledge to processor 1.2.5.sI8IYES ~

2 Control failure of multiplexer f'2.1
sample and hold

3 Mechanical failure of contactor f'4.2 Loss of select facility C YES

Inlet tube blocked f'3 .6 Fixed total transducer data 11.4~2'9 A NO
:I
5 A - D converter permanently FO.9 2,5
tri-state
6 Total failure of differential F1.3 2
line drivers

FIGURE. 3. Work Sheet

GMf 203101944
 CONVENTION

INPUT EFFECTS
MODES
RESULTANT EFFECT
OF MODE A
INPUT MODE 1.2 RESULTANT EFFECT
yINTERNAL
MODES
B-----~
I
~---- ..
OF MODE B

LOCAL EFFECT OF ~ GROUP OF UNITS CONTAINED

, IN UNIT 1.2
:- ~'~'~'!':.. ----------.,
I
".'?'!.l
RESULTANT
OF MODF. A EFFECT MODES ~
INPUT OF
t
FFECT ~ I 1.2.1 - - - - - - - - t t l
1.2.2 . SUBSEQUENT
INPUT MODE B--,-- _.______ ~ t _~_. RESULTANT EFFECT UNITS 8l
(EXT)
~PR~~IOUS
UNIT
:~ r·
IL ____
I "I- _______ _ __ _
'" Ij
OF MODE B

- ---'
INTERNAL MODE A

FIGURE 4. Failure Routing/Collation

 66

The close co-operation of the designer is usually required for this

part of the analysis so that a comprehensive understanding of the unit
function is obtained. All types of failure should be considered, for
example, electrical, mechanical and manual.

A consistent description for each type of failure mode, or effect,

should be decided upon. Component failure modes may be described as
short-circuit, open-circuit, out of tolerance etc. However if the analysis
is not taken to component level it becomes more difficult to classify
failures and descriptions such as 'incorrect operation' and 'circuit failure'
must be defined in order to avoid confusion.

Each input mode, internal mode and effect is given an identifying

number.

Each mode is given a source number to facilitate tracing. The source

number consists of two parts, th~ first identifying the previous unit that
generated the mode and the second being the effect number of that mode at the
previous unit. For input modes the previous unit will be at the same level as
the unit under consideration. If the previous unit is not within the same
group as the unit being considered the source may be simply stated as external
(EXT). For internal modes the previous unit will always be at the next lower
level to, and contained within, the unit under consideration. Internal modes
above the lowest level always result from the effects of a unit at the next
lower level which are themselves caused by internal modes. This method of
collating modes, and effects, so that the analysis can be raised to units at
successively higher levels is demonstrated in Figure 4.

Internal modes at the lowest level are given a failure rate instead of
a source number.

If the analysis is to be taken to component level the component failure

rate may be determined directly from a component reliability prediction method
(see Reference 1 and 2). This failure rate (A) should be multiplied by the
probability of occurrence (a) of each failure mode (see Reference 2 and 3) to
determine the mode failure rate (aA).

For example:

FAlL~E MDDE a A aA
Diode D6 short circuit 0.76 10 7.6
Diode D6 intermittent circuit 0.18 10 1.8
Diode D6 open circuit 0.06 10 0.6

However, time, labour and cost usually prohibit a full system analysis
being taken to component level. If this is the case, failure modes at the
lowest level could be restricted to circuit functions, for instance, loss of
power supply regulation. The failure rate of a failure mode at this higher
level of assembly may either be determined by summing the failure rates of all
its contributory components or by the apportionment of the total failure rate
of the unit, which is generally available.

Each effect is given a destination number, or numbers, to facilitate

tracing. The destination number consists of the unit number of the recipient
unit followed by the input mode number at that unit. If an effect has no
destination (i.e. it is an end, or final, effect) then no destination is
specified. If a mode results in an effect which has several destinations its
impact on each recipient unit will be treated independently. Therefore care
 67

must be taken not to isolate these simultaneous failures during the analysis.
If they are allowed to become isolated it will be possible to record
impossible partial failure effects.

A category identifier and fault detection information should be

attached to each effect as explained in section 4.1.
 68

5. COMPUTER AIDS

A suite of computer programs has been developed by Marconi Research Centre to

facilitate the analysis, and make full use, of the data obtained from an FMECA of a
complete system or part of a system (Reference 4). The data is taken directly from
the worksheets and transferred to magnetic tape to create the program input file.
This takes little more effort than typing it for presentation in a report and has
the added advantage that any inconsistencies will be immediately detected.

A summary of the capabilities of each of the programs in the suite, together

with examples of output data, is given below:

ANAL IS

This is the initial data sorting and checking program.

EDIT
A flexible editing, and data handling program designed to facilitate the
updating of information as the system design and analysis progresses.

MODE

This program will produce a list of all input and internal failure modes, for
all specified units, together with their source or failure rate.

EFFECT

A program Which produces a list of all failure effects, at all specified

units, together with their category and detectability.

The output from MODE and EFFECT provides a useful index to the output from the
following three programs.

TRACEUP
This traces all internal failure modes to their resulting effects at any
specified level. The route taken by the trace is indicated by listing all units at
intermediate levels Which are affected by the failure. Category and detectability
are also indicated Where applicable. Any sensitive failure modes Which result in
numerous, high category effects will be immediately highlighted. The output data
from TRACEUP is shown in Figure 5.

TRACED

This program will trace down from all effects at any specified unit to their
contributory failure modes at any specified level. The failure rate of each
contributory internal mode is given together with the total failure rate of each
effect. It is therefore simple to determine Where an improvement in reliability
would be most effective should the failure rate of the effect prove unacceptably
high. An example of the output data is shown in Figure 6.

It is also possible to trace all effects of a given category and calculate the
total failure rate for that category. This will not necessarily be the sum of the
failure rates of the individual effects since the program avoids inaccuracies by
enauring that the failure rate of a mode is not summed more than once. This
facility enables the probability of, say, a catastrophic system failure to be
determined by excluding the failure rates of modes not contributing to this category
and thus avoiding a pessimistic result.
 FMEA nF FLIGHT CONTROL SYSTE~ PRO GRAM TRACEUP

CAT BI TE

TRACE UP FROI~ ml IT 1.1.2 TRANSOUCr:R INTERFACE MODULE

ILRU LEVEL Tn MS LEVEll

MODE 2 FAILURE OF HYBRI1 IC SUMMING AMPLIFIER U15

••••••••
1.1.2 LRU TRANSOUCF.R INTERFACE MCDULE
1.1 SS CONTROL
1 MS FLIGHT CONTROL SYSTEM
• 5 FIXED ALTITUOE AND MACH OISPLAY A YE S
• 9 AIR-SPEED WARNING LAMP ILLUMINATED B YES

FMEA OF FLIGHT CONTROL SYSTEM PROGRAM TRACEUP

!B
CAT BITE

TRACE UP FRCM UNIT 1.2.5 PROCESSOR

(lRU LEVEL TO SS LEVELl

'"'ODE FAILURE OF CHANNEL 2 INTERRUPT ENCODER

••••••••
1.2.5 LRU PROCESSOR
1.2 SS GUIDANCE
• 3 AflGULAR DATA NOT UPDATED ON CHANNEL 2 A NO

1.1 SS CONTROL
7 LOSS OF SYNCHRO OUTPUTS ~1 AND Q2 ON CHANNEL 2 A YES
•
1.3 SS MONITOR
• 7 VALIDITY DISCRETES ON CHANNEL 2 FAILED B YE S

FIGURE 5. Example of Output from Program TRACF,UP

 FMEA OF TORPEDO SYSTEM PROGRAM TRACED

SOURCE FR/I0E6HR

CATEGORY A EFFECT

TRACE DOWN FRrl~ UN IT 1 TORPFOO SYSTEM

IMS LEVEL TO MOD LEVEL)

EFFECT 27 NO TAR~E T ACQUI SITtON 228.25

*.* •• * •• **
1 MS TORPEDO SYSTEM
1.1 SS DETECTOR
1.1.2 LRU SENSORS
.. 4 ELECTROMECHANICAL FAILURE OF GYROS 15.69
• 6 FA ILUi{E OF SQ/SINE COWE~SION UNIT 23.37
1.2 SS GUIDANCE
1.2.3 LRU SUPERVISOR
1.2.3.4 MOO DIGITAL INTERFACE
.. 3 ADDRr:SS DECODER INOPERATIVE 5.98
• 8 NO ENVELOPE OETECTICN 1.35
• 13 INTER~4ITTENT JPER4TIml OF INTERR:JPT SYSTEM 4.44
.. 14 DATA UI..S DRIVER A OPEII CIRCUITED 1.21 ~
1.2.6 LI'U PROCESSOR
1 COMPLETE FAILURE OF TVe ATTENUATORS 0.58
•• 2 CORRELATOR AGC SET HIf;H 0.96
• 3 TRACK SEL(CTO~ HlOPERATI VE 1.62
5 LACK OF OUTPUT PULSE O:RO:4 TRIGGER GENERATOR 3.38
•• 7 RESTRICTED OPERATI ON OF INPUT LINE RECEIVERS 2.55
1.5 SS PI'OPULSION
1.5.3 LRU STEERING
3 MALFUNCTION or PUIION FOR HYDRAJLlC PUMP 1.98
6 SCORE IN PISTON BORE CAUSING DOUBLE SEAL FAILURE 3.15
•.
.. 7 PUDnER OR ELEVATO~ ACTUATOR INOPERATIVE 52.32
20 FOREI~N BODY IN PROPULSOR INLET 36.19
.• 23 LonSE TAIL BEARINGS 1.48

FIGURi 6. RXRMple or Output f~om Pro~raM T~ACED

 71

cr.! TI C~UTY MA TR IX FeR UtlIT I TORPEDO SYSTE~

.... .;.>(0", O):**·l")~.**.**""

FAllU~E RUE
re~ Mill! O~ HOURS ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• INCREASING CRITICALITY
I 30J.~0 I
' ~74 .CO I
, 2~~ .CO I
I "
' I
I I
I
I 42
I
,
I
A
I
I
m:~~ : : I I I / I
~r; :~~ \ I I 84 I 62 I / \
m:g
ZIt~.I)O
I' 1'0 II 111// I,'
:4).0) I I J I
:)4.('0 I 59 I /1 I
;g:~g I I I 27 / : :
: 1~. co I I I 3 I I
:10.00 I I ?3 I I I
i~~ :~g I I 29 : /31 I :
:;;:~~ : : H : / " :
1)3.00 I I 94 V 70 I
17' .,,) I I 1 I LINES OF EQUAL
:~~:::g I : 44 : / : 99 : CRITICALITY
I~~ .uO I I I I 68 I
1~ 3.") I I I I 63 I
144 ••'0 I : I.~ I I
g~:~~ ! ~~ I / ~~ :
ig:~~: II 72 I
gj:~~ : 81 II 92 I
I;~:~~ I / I I
:;':~5 I 5ri IOJ H I
~~:~g : n r
:)3: /
I 52
~;: ~~ 70 71

~~:~~ t 95 " 91
4Z.(," : 87 / : .-
~~:g / II '-0 H
~~:~g A3 : 00 I
1 l;:~~ I ~ 1: 1 : 66 I I I
!...~:~..! .......... !.L •••••••• !.....=....!..........!..........!........_.!
u C ~ S CATEClRY
INCR:AS1t:G S;VtRITY .. )

FIGURE 1. Criticality Matrix

EFFECT 42 NO ECHO FROM SHORT ~ANGE TARGETS P.R.- 9'1.50
•• ** •• *** •• **********.*******.** •••• 9 • • • • • •

UNIT: SPECTRUM ANALYSER - CABINET 88 OR~WER 14

6
BOARD NA~E ORA.INC NUMBER LOCATION F.R.1I10 HRS.I OTHER POSSIBLE EFFECTS
-------- ------------- ----------------------
BUFFER STORE BOARD IC062C/IIOI 12 32.60 19. 41

PROCESS CONTROL BOARD lC0500/5001 4 20.20 H. 72

FROCESS CONTROL BOARD le05CO/5001 4 15.00 36

CRIVE BOARD 124490/4222 7 3.20 230 28. 39

UNIT: TARGET EXTRACTOR - CABINET 10 ORAnER 8

6
BOARD NAME ORA 'INC NUMBER LOCATION F.R. [/10 HRS.' OTHER POSSIBLE EFFECTS ~

TARGET FILE ~OARD le0020/1210 2 14.60 8

CUTPUT INTERFACE lC0030/2900 7 8.30 12. 18

SCAN CHANGE BOARD 112201/3602 10 5.60

FIGURE 8. Example of Output from Program DIAGNOSR

 73

A further facility enables a number of specified effects to be traced down to

their common contributory mode(s). This increases the diagnostic capabilities of
the program and may prove useful when the system is in service.

Whenever this program is run a criticality matrix (Reference 5) is produced as

shown in Figure 7. It is formed by inserting the failure effect identification
numbers in matrix locations representing the severity classification category and
failure rate of each effect. The prefix 'E' is used where more than one number
occupies a given location. The resulting matrix display shows, at a glance, the
distribution of effect criticalities and provides a means of establishing
reliability improvement and corrective action priorities. The analyst may, by using
his own judgement and experience, insert lines of equal criticality to indicate that
a low category effect with a high failure rate is considered to be as critical as a
high category effect with a lower failure rate.

An alternative to a matrix would be a list of all effects in order of

criticality but it is usually impractical, and invalid, to assign direct failure
rate multipliers to each category.

DIAGNOSE

A further program has been developed to produce a diagnostic manual from the
FMECA data as an aid to maintenance engineers. Here failure mode descriptions are
replaced by the board (or unit) identifiers, and locations, of each board that might
be responsible for the effect in question. The effect number of any additional
effect that may be observed if a given board failed is inserted against that board
identifier together with the board failure rate.

METHOD OF USE

Once a failure effect has been observed an index is searched for the
corresponding effect description. The associated effect number is read off and the
relevant page located in the diagnostic manual. (See Figure 8.) This states the
board, or boards, whose failure would result in the observed effect. If more than
one board is given, the effects listed in the OTHER POSSIBLE EFFECTS column can be
checked to help reduce the number of possible boards responsible. When it is
impossible to reduce the list to a single board the remaining boards should be
replaced in decreasing order of failure rate until the fault is rectified.
 74

REFERENCES

1. Reliability Prediction of Electronic Equipment.

MIL-HDBK-217D. US Department of Defense

2. Nonelectronic Parts Reliability Data.

NPRD-2. Reliability Analysis Center. Griffiss AFB.

3. Engineering Design Handbook Development

Guide for Reliability. !KCP 706-196. US Army Material Command

4. A Suite of Programs for Failure Mode. Effect and Criticality Analysis.

MSS 82/25. Marconi Research Centre.

5. Procedures for Performing a Failure Mode. Effects and

Criticality Analysis.
MIL-STD-1629A. US Department of Defense.