AI/AG>l Automotive lndustry

Action Group & VDA Verband der

Automobilindustrie
aa

Failure Mode and Effects Analysis

FMEA Handbook
Design FMEA
Process FMEA
Supplemental FMEA for Monitoring & System Response

::i

.ayt.

1"t Editio n 2019

,t
ol
ALAG|: I
Automotive lndustry
Action Group & VDA Verband d*r
Aulomcbilindustrie

Failure Mode and Effects Analysis

+

Ffill EA Handbook
Design FMEA
Process FMEA

oo Supplemental FMEA for Monitoring & System Response

Failure Mode and Effects Analysis - FMEA Handbook

First Edition lssued June 2019
Copyright 2019

o
o o AIAG PUBLICATIONS
An AIAG publication reflects a consensus of those substantially concerned with its scope and
provisions. An AIAG publication is intended as a guide to aid the manufacturer, the consumer,
and the general public. The existence of an AIAG publication does not in any respect preclude
anyone from manufacturing, marketing, purchasing, or using products, processes, or
procedures not conforming to the publication.
CAUTIONARY NOTICE
AIAG publications are subject to periodic review and users are cautioned to obtain the latest
editions.
Published by:
Automotive lndustry Action Group
4400 Town Center
Southfield, Michigan 4807 5
Phone: (248) 358-3570 . Fax: (248) 358-3253 {,
APPROVAL STATUS
The AIAG Quality Steering Committee and designated stakeholders approved this document
for publication on April 2, 2019.

INTERNATIONAL COPYRIGHT INFORMATION

This manual is subject to International Copyright as shown herein and unauthorized
reproduction is not permitted. Contact one of the associations below to discuss
reproduction permission. lf translated, this manual has been translated and published for
o o guidance only and is intended to help the understanding of the official English version.
|SBN#: 978 1 60534 367 I

AIAG Copyright and Trademark Notice:

The contents of all published materials are copyrighted by the Automotive lndustry Action Group
unless othenrvise indicated. Copyright is not claimed as to any part of an original work prepared
by a U.S. or state government officer or employee as part of the person's official duties. All
rights are preserved by AIAG, and content may not be altered or disseminated, published, or
transferred in part of such content. The information is not to be sold in part or whole to anyone
within your organization or to another company. Copyright infringement is a violation of federal
law subject to criminal and civil penalties. AIAG and the Automotive lndustry Action Group are
registered service marks of the Automotive lndustry Action Group.
NOTWITHSTANDING ANYTHING IN THIS HANDBOOK TO THE CONTRARY, AIAG
MAKES AND SPECIFICALLY DISCLAIMS ANY AND ALL REPRESENTATIONS OR
WARRANTIES, EXPRESS OR IMPLIED, AzuSING BY LAW OR OTHERWISE, ARISING
UNDER OR RELATING TO THIS HANDBOOK OR THE SUBJECT MATTER HEREOF,
INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, COURSE OF PERFORMANCE,
COURSE OF DEALING, OR USAGE OR TRADE.

O 2019 Automotive Industry Action Group

o o -1-
 VDA QMC Copyright and Trademark Notice:
the strict limits
IO
use
This publication including all its parts is protected by copyright. Any 9yt?id9
to
and is liable
of copyright law, is not permissible withoutthe consent oi Vbn QMC
and the storing or
prosecution. This applies in particular t;;;pying, translation, microfilming
processing in electronic systems.
Anyone applying them is
VDA Volumes are recommendations available for general use'
responsible for ensuring that they are used correctly in each
case'
curre.nt.St tl'" time of issue'
This vDA volume takes into account state of the art technology,
lmplementation of vDA recommendations relieves no one of
iesponsibility for their own actions'
ln this respect, everyone acts at their own risk. The VDA and
those involved in VDA
recommendations shall bear no liability'
possibility of misinterpretation are
lf during the use of VDA recommendations, errors or the c
that any possible errors can be
found, it is requested that the VDA be notifi'ed immediately so
corrected.
@ 2019 VDA QMC

Translations
status can be requested from
This publication will also be issued in other languages. The latest
either AIAG or VDA.

clo

-3-
-2-
 FOREWORD ACKNOWLEDGEMENTS
I-rO The AIAG Quality Steering Committee (OSC) and the VDA QMA would like to recognize and
thank the following companies for the commitment toward the improvement of the FMEA
The AIAG & VDA FMEA Handbook is a reference manual to be used by the automotive methodology and their contributions of resources during the AIAG & VDA FMEA Handbook
industry suppliers as a guide to assist them in the development of Design FMEA, Process project.
FMEA, and Supplemental FMEA for Monitoring and System Response'
The Handbook does not define requirements; it is intended to clarify the steps, activities, AIAG Work Group Member Companies
the AIAG &
and tools related to the technical development of FIMEAs. Efforts were taken to align
VDA FMEA Handbook with the SAE J1739 standard. Daimler Trucks North America

Highlights of the Change Points from the AIAG 4th Edition FMEA Manual and from the FCA US LLC
VDA Volume 4 Manual are provided in Appendix F. Ford Motor Company
This Handbook is a copyright of AIAG and VDA, with all rights reserved.
General Motors
f
Honda of America Mfg., lnc.
Nexteer Automotive
ON Semiconductor
Reliability Risk Reduction, LLC
ZF TRW
AIAG

co

VDA Work Group Member Companies

ContinentalAG
Daimler AG
Schaeffler Technologies AG & Co KG
Robert Bosch GmbH
Knorr-Bremse Systeme fur Nutzfahrzeuge GmbH
VW Group
ZF Friedrichshafen AG
lng-Buro Pfeufer

-5-
-4-
 Validation Testino Participants

AIAG Supportinq Team Member Companies IlO Alpine Electronics (Europe) GmbH

Ford Motor Company Accuride Corporation

GKN Driveline Adient

Lear Corp. Global HQ Axalta Coating Systems

ON Semiconductor BENTELER Automobiltechnik GmbH

AIAG Delphi
Dr. Schneider Holding GmbH
EBK Kruger GmbH & Co. KG
Faurecia Automotive GmbH
f

F&P America Manufacturing

VDA Supportinq Team Member Companies
Gunite
Audi AG
Heinrich Huhn GmbH + Co.KG
ContinentalAG
IMS Gear SE & Co. KGaA
Daimler AG
lroquois lndustries
Ford-Werke GmbH
Litens
GKN Driveline lnternational GmbH
Magna GETRAG B.V. & Co. KG
OpelAutomobile GmbH
Magna lnternational lnc.
Robert Bosch GmbH
Mayco lnternational LLC
VDA
Paul Craemer GmbH
PWO Progress-Werk Oberkirch AG
Wabco GmbH
Wallstabe & Schneider

7
-6-
 2.3.6 Cottaborstion between Engineering Teams (Systems, Safety, ond Components) 47
TABLE OF CONTENIS
[,tO 2.4
2.3.7 Bosis for Fsilure Analysis........
DESIGN FMEA 4TH SrEP: FNILUNT ANALYSIS
48
48
2.4.1 Purpose 48
2.4.2 Foilures...... 48
2.4.3 The Failure Choin............ 50
2.4.4 Foilure Effects.......... 51
2.4.5 Foilure Mode 51
2.4.6 Failure Couse 52
2.4.7 Foilure Analysis 53
L.L Punpose nruo Descntplott .............,15 2.4.8 Foilure Analysis Documentotion .................. 56
1.2 Os.,rcnvrs AND LrMrrs oF FMEA ..............16 2.4.9 Coltoboration between Customer and Supplier (Failure Effects)................. 57
1.3 INTEGRATToN oF FMEA rN THE CoMpANy................... ..............17 2.4.L0 Basis for Risk Anolysis 57
7.3.1 Potentiol Considerations of the FMEA ........... .......17 2.5 DESTcN FMEA 5rH SrEP: RlsKANALYsls............... 57
7.3.2 Senior Management Commitment. .......18 2.5.1 Purpose .... .57
1.j,3 Know-How Protection of the Design FMEA/Process FMEA........... .......18 2.5.2 Design Controls ..... .57
L.3.4 Agreements between Customers ond Suppliers 18 2,5.3 Current Prevention Controls (PC) .............. 58
5 Tra n sitio n Strotegy
7. 3. 19 2. 5.4 Cu rre nt Detectio n Controls ( DC)......,....... 59
7.3.6 Foundotion ond Fomily FMEAs.......... 19 2.5,5 Confirmation of Current Prevention ond Detection Controls. 60
1.4 FMEA roR PRoouctsaruo PRocrssrs. ....20 2. 5.6 Evaluotions.......... 61
1.4.1 Design FMEA.................. .2L 2.5.7 Severity (S) 61
7.4.2 Process FMEA .21 2.5.8 Occurrence (O) 62
1.4.3 Colloboration between FMEAs..... 2.5.9 Detection (D) ............. 66
1.5 PRoJEcT PLANNING 2. 5. 70 Action Priority (AP).......... 67
1.5. 1 FMEA 1nTent........... .23 2.5.11 Collaborotion between Customer and Supplier (Severity) 72
L.5.2 FMEA Timinl.......... .23 73

o
2.5. 72 Bosis for Optimization.............
.25 2.6 DESTGN FMEA 6rH Srep: OprtvlzarloN .............. 73
.28 0t 2.6.1 Purpose 73
.2'8 2.6. 2 Assi g n me nt of Re spo nsi bi I iti es 74
1.6 FMEA METHODOLOGY.... ................28 2.5.3 Status of the Actions ................... 74
2.6.4 Assessment of Action Effectiveness 75
2.6.5 Continuol lmprovement 75
2.1 Drsre ru FMEA 1sr SrEp: PLANNTNG AND PREpARATToN ... ..31 2.6.6 Cottoborotion between the FMEA teom, Monagement, Customers, and Suppliers regording Potential
2.7.7 Purpose ..31 76
2. 1. 2 DF M EA Project ldentificotion ond Bou ndsries................... ..31 2.7 DESTcN FMEA 7'* Srup: ResuLts DocuMENTATIoN.............,..... 76
2.1.3 DFMEA Project Plon ............. ..32 2.7.1 Purpose 76
2.1.4 ldentification of the Baseline DFMEA......... 32
3 EXECUTION OF THE PROCESS FMEA (PFMEA) 79
2. 1.5 DFMEA Heoder......... .33
2.7.6 Basis for Structure Analysis 33 3.1 Pnocess FMEA 1sr Sre p: PLnrunrruc eruo Pne pannttorrt... ...79
2,2 DesIeru FMEA 2ND STEP: STRUCTURE ANALYSIS 34 3.L.1 Purpose ...79
2.2.1 Purpose .34 3.1.2 PFMEA Project ldentificotion and Boundaries ............... ...79
2.2.2 System Structure .34 3.1.3 PFMEA Project P\on.....,.,. ...82
2.2.3 Define the Customer .34 3.1-.4ldentification of the Boseline PFMEA.. ,82
2.2.4 Visuqlize System Structure .. 35 3.1.5 Process FMEA Heoder .................,...,.,. .82
2.2.5 Colloborotion between Customer and Supplier ......... 40 3.2 PRocEss FMEA 2r,ro Sre p: SrRucruRE ANALysts. .83
2.2.6 Basis for Function Anolysis..... 40 3.2.1 Purpose .83
2.3 Desrcru FMEA 3no Srrp: Furucroru ANALysrs ..... .40 3.2.2 Process Flow Diagrom .84
2.3.L Purpose .40 3.2.3 Structure Tree .......... .84
.41 3.2.4 Colloborotion between Customer ond Supptier engineering teams (interface responsibilities) ...,.,......... .87
2.3.3 Requirements ................. .41 3.2.5 Basis for Function Anolysis .87
2.3.4 Parqmeter Diogrom (P-Diogrom).
2.3.5 Function Analysis
,....,,'.'.,..'42
.45
o 3.3 PRocEss FMEA 3no Srup: Fur.rcrroru ANALysts..
3.3.7 Purpose
.88
.88

-9-
-8-
 3.3.2 Function
3. 3. j R e q u i re m e nt ( s ) ( Ch o ra cte r i st i c s

3.3.4 Visuolization of functionol relotionships...........

)..................,........

3,3.5 Colloboration between Engineering Teoms (Systems, Safety, ond Components) ..........
.........88
.....89
91
93
rrf 4.4.7
4.4.2
4.4.3
4.4.4
Purpose
Failure Scenario.........
Failure Couse
Failure Mode
132
132
134
1i5
3.3.5 Bosis for Failure Anolysis.. ........93 4.4.5 Failure Effect ........ 135
3.4 PRocEss FMEA 4TH Sre p: Fntune ANALysts........ 93 4,5 FMEA-MSR 5TH STEP: RISK ANALYSIS ........136
3.4.7 Purpose 93 4.5.1 Purpose 136
3.4.2 Failures 93 4. 5.2 Evoluations........... L37
94 4.5.3 Severity (S) L37
3.4,4 Foilure Effects.......... 94 4.5.4 Rotionale for Frequency Rating. 138
3.4.5 Failure Mode...... 96 4.5.5 Frequency (F). 139
3.4.6 Failure Cause:.,........ 97 4.5.6 Current Monitoring Controls... 141
3.4.7 Foilure Analysis 99 4.5.7 Monitoring (M) L4L
3.4.8 Relationship between PFMEA ond DFMEA 101 4.5.8 Action Priority (AP)for FMEA-MSR ......... 146
3.4.9 Foilure Anolysis Docume ntation ............... 102 4,6 FMEA-MSR 6rH Srep: OplMtzAloN. 149
3.4.10 Colloboration between Customer ond Supplier (Failure Effects).. 103 4.6.1 Purpose .... 149
3.4.77 Bosis for Risk Analysis 103 4.6. 2 Assig nme nt of Re spon si bil ities 150
3.5 PRocEss FMEA 5rs Sre p: Rrsx Arunlysrs..... 104 4.6.3 Stotus of the Actions 150
3.5.1 Purpose 704 4.6.4 Assessment of Action Effectiveness ...... L57
3.5.2 Current Prevention Controls (PC) 104 4. 6. 5 Co nti nuous m prove m ent.
I 15L
3.5.3 Current Detection Controls (DC), ..105 4.7 FMEA-MSR 7'* Step: RssuLrs DocUMENTATIoN ....... 153
3.5.4 Current Prevention and Detection Controls 106 4.7.1 Purpose .......... 153
3.5.5 Evoluotions. 106 4.7.2 FM EA Report .......... L53
3.5.6 Severity (S) . ......107
3.5.7 Occurrence (O) ......110
j. 5.8 Detection (D) ..... 777 A SnvpIT FMEA FoRM SHEETS
3.5.9 Action Priority (AP).
3.5.10 Colloboration between Customer ond Supplier (Severity) 11s
....114
tilto B
c
Fonv Snrers - Sre p ev SrEp HtNTs..........,..
SEVTRITY, OccURRENcE, DETECTION NruO ACTIOru PRIORITY TABLES
3. 5. 1 7 B a si s fo r O pti m i zot i o n ....................... .....1L8 D Aootrrorus......
3.6 Pnocrss FMEA 6rH Srep: OprrvrznroN .............. .....119 E FunruEn Appl-tcATtoN FTELDS

3.6.1 Purpose .....L19 F CHarucr Porrur SuvunRrEs.................

3.6.2 Assig n ment of Responsibilities,....... ..... L20 G RrrenerucEs AND SuGGEsrEo Renolrues
3.6. 3 Status of th e Actions ..............,.... L20 H GLoSSARY.......
3.6.4 Assessment of Action Effectiveness .... .....L2L
3.6.5 Conti nuol I mprovement,................ .............727
3.6.6 Collaborstion between the FMEA teom, Manogement, Customers, ond Suppliers regording Potential Table of Figures
Fail ures............... 121
FTGURE 1..1-1 AspEcrs oF RtsKS......... 16
3,7 PRoCESS FM EA 7rH Srrp: RrsuLrs DocuM ENTAT|oN ......,..,.,....... L22
Ftcune 1.4-1 FM EA CoLLABoRATToN ........... 22
3.7.L Purpose 122
Freune 1.5-1 FMEA TIIvIIITIc ALIGNED wIrH APQP PHASES,.. 24
3.7.2 FM EA Report .................... 122
FIGURE 1.5-2 FMEA TIIvIIITIc ALIGNED To MLA PHASES 24
4 SUPPLEMENTAT FMEA FOR MONITORTNG AND SYSTEM RESPONSE (FMEA-MSR) ......................12s FrcunE 1.6-1 FMEA 7 STEP APPRoACH 29
Freune 2,1-i. ExnvpIT oF CoMPLETED DFMEA HEnoTR PLANNING AND PREPARATIOru STEP 1 33
4.1 FMEA-MSR Lsr Sre p: PLANNTNG AND PREpARAroN....,........... ..726
Fre unr 2.2-1 Exavple or Blocr/Bouruoeny DrncReM ............. 37
4.1.7 Purpose L26 Frcune 2.2-2 ExAMpLE oF STRUCTURE ANALysts SrRucrune TREE ....................... 39
4. 1.2 FM EA-MSR Project lde ntification ond $oundaries................. 127 Freunr 2.2-3 Exnvprr oF STRUcTURE ANALysrs FoRru Surrr 39
4. 1.3 FM EA-MSR Project Plan ............. L28 Freune 2.3-1 lrueur/lnrenrncr/Ourpur Flow............. 4t
4.2 FMEA-MSR 2ruo Sre p: Srnucrune ANALysrs........ .......L29 Frcunr 2.3-2 ExavplE oF sysrEM BEHAVIoR........ 43
4.2.1 Purpose 129 Freune 2.3-3 Exnuple or PnnnvereR DTAGRAM wtrH ELEcTRtcAL MoroR........ 45
4.2.2 Structure Trees 129 Freunr 2.3-4 Exnuplr oF FuNcloN ANALysts SrRuctuRr TRrE.................... 46
4.3 FMEA-MSR 3no Srep: FuNcloN ANALysrs........ .....131 Frcune 2.3-5

o
Exnvplr oF FuNcIoN ANALysrs Fonv Snrrr,....... 47
4.3.1 Purpose .....731 Freune 2.4-1 TYprsor FATLURE MoDES .. 49
4.4 FM EA-MSR 4Tx STep: FAILURE ANALYSIS .....t32

-10- -11 -
 FIGURE 2,4-2 DEFrNrroN or n FnrLune ... .50 Frcunr 4.5-2 FMEA-MSR RELIABLE DIAGNOSTIc MOTITOnIruE ..L42
i FIGURE 4.5-3 FM EA-MSR DtAGNosrc Mowrtonntc pARTIALLY EFFEcrtvE........ ..743
FIGURE 2.4-3 THEoRETIcAL FAILURE CHAIN MoDEL., .50
FIGURE2.4-4 FAILURE SrnucTuRE AT DIFFERENT 1EVE1S,.....,.,... .54 , FIGURE 4.5-4 EXAMPLE oT FMEA-MSR RISK ANALYSIS - EVALUATION OF CURRENT RISK FORM SHEET ..149
FIGURE 2.4-5 EXAMPLE oF FAILURE ANALYSIS STRUcTURE TREE.................,...,, .55 Fre unr 4.6-1 EXAMPLE oF FMEA-MSR OprIv|znr|oru WITH NEW RISK EVALUATION FORM SHEET .... ..L52
Fre unr 2.4-6 Exnvplr or FntLunr ArunLysts Fonv SHrrr .55
FIGURE 2,4-7 VtEW oF PRoDUcr END ITEM-FuNCTIoN-FAILURE FoRM SHEET... .56
Freunr 2.4-8 VrEW oF Focus lre v/ETEMENT-FuNcloN-FAtLURE FoRM SHEET .56 Table of Tables
Freunr 2.4-9 VIEW oF LoWER LEVEL ITEM-FUNCTIoN-FAILURE FoRM SHEET ,.., .55
TneLr D1- DFMEA SEVERTTY (S) ................ .............62
FIGURE 2.5-1 PREVENTIoN AND DETECTIoN IN THE DESIGN FMEA ........... .60
TneLr D2 - DFMEA Occunnerucp (O)................ .......... .. .65
FIGURE 2.5-2 RoADMAP oF DESIGN UNDERSTANDING ...,............... .60
TABLE D3 - DFMEA DETECTTON (D)..........,. ... .............67
Frcunr 2.5-3 Exnvple or DFMEA RtsK ANALysts FoRrrl Sue er... .72
TABLE AP-ACTION PRIORITY FOR DFMEAAND PFMEA. .............71
Frcunr 2.6-1 Exnvplr oF DFMEA Oprrwrznrrolr wtrH NEW RtsK EvALUATtoT Fonv SHrer......... .76 p1 - pFMEA SEVERTTY (S).................
TABLE ...........109
FrcuRE 3.L-L DEMoNSTRATIoN oF THE PRoCESS FoR NARRoWING THE PREPARATIoN ......,.,.,...,...,.. .8L
TABLE p2 - pFMEA OCCURRENCE (O)................ .....111
FIGURE 3.1-2 ExAMpLE oF CoMpLETED PFMEA HEADER PnepnRnlorrr (Srrp 1)............... .83
Tnsrr p3 - PFMEA DETECTTON (D)................ .....113
FIGURE 3.2-1 PRocESS Fr-ow DrncRnv .84
TneLT AP _ ACTION PRIORITY FOR DFMEA AND PFMEA .....L77
FIGURE 3.2-2 Exnuple or SrRucrunr Arunlvsrs STRUCTURE TREr (Ele crnrcnL Moron AssEMBLy Lrrur) .................. .85
TABLE MSRL - SupprrvErurnL FMEA-MSR SEVERITY (S) . ................. .....138
Frcune 3.2-3 PRocEsS ITEM .85
TABLE MSR2 - SUPPLEMENTAL FMEA-MSR FREQUENCY (F)......... ..... .....140
Fre unr 3.2-4 .86
TABLE MSR3 - SUppLEMENTAL FMEA-MSR MONITORING (M) .......... .....145
Fre unr 3.2-5 EXAMPLE or SrRucrune ANALYSIS FoRM SHEET...........,. .87
TnsLe AP - ACTION PRIORITY FOR FMEA-MSR............. .....1.48
FIGURE 3.3-1 ExAMpLE oF PARAMETER DTAGRAM or Pnrss rrrr Strutrnro BEARTNG .91
FIGURE 3.3-2 ExAMpLE oF FuNcloN Arunlysrs Srnucrunr Tne E...................... .92
FIGURE 3.3-3 Exnvplr or Furucrroru ANALysts Fonna SHe er .92
FIGURE 3.4-1 THronertcnl FATLURE cHAtN MoDEL.. ..94
Fteunr 3.4-2 Exnvprr oF FAILURE ANALYSIS SrRucrunr TRrp ..99
Frcunr 3.4-3 ExnvlpTT oF FAILURE ANALYSIS FoRM SHEET 100
Frcunr 3.4-4 RELATIoNSHIP BETWEEN PFM EA nruo DFMEA......... to2
Frcunp 3.4-5
Frcunr 3.4-6
VIEW oF PRocEss ITEM-FUNcTIoN-FAILURE Fonv SHrer...
VIEW oF PRocESS STEP-FUNcTIoN-FAILURE FoRIU SHe TT
102
103
tilila
Fre unr 3.4-7 VtEW oF PRocESS Wonr ELrvrrur-Furucrrorv-FnTLURE FoRM Surer ............ 103
Frcunr 3.5-1 PREVENTIoN AND DETECTIoN IN THE PRoCESS FMEA........,.. 105
FIGURE 3,5-2 RoADMAP oF PRocEsS U NDERSTANDING ..,,..,.,.,..,...,,. 106
Frcuns 3.5-3 ExAMpLE or PFMEA wrrH Rrsr Arulrysrs FoRw SHe er............ 118
FIGURE 3,6-1 Exnuplr or PFMEA OprMrzATroN wrrH NEW RrsK EvALUAIoru Fonv Sne rr...................... 122
FrcuRE 4.1-L GENERtc BLocK DTAGRAM oF AN ELEcrRtcnl / Ele crnorutc / Pnoe nnvvABLE ELEcrRoNtc SysrEM.............. 728
FIGURE 4.2-1 Exauple oF A srRucruRE TREE oF A wtNDow LtFT sysrEM FoR tNVESIGATTNG ERRoNEous srcNALS, MoNtroRtNG,
AND sysrEM RESPoNSE ................129
FIGURE4.2-2 Exnvprr oF A srRucruRE TREE oF A sMART sENsoR wrrH AN TNTERNAL SENSTNG ELEMENT AND ourpur ro AN
INTERFACE....,.., ................130
FIGURE 4.2-3 ExnvplE or SrRucrunc ANALysrs rN THE FMEA-MSR Fonv SHerr............. .....130
FIGURE 4.3-1 Exnvpre or n SrRucrunE TREE wtrH FUNcloNS........ .....732
FIGURE 4.3-2 Exnvple oF FUNCTIoN ANALYSIS IN FMEA-MSR Fonv SHrer.,, .....132
Fte une 4.4-1 THEoRETICAL FAILURE CHAIN MoDEL FMEA-MSR,..
DFMEAnTo ,..,.........,.......133
FIGURE 4.4-2 FATLURE Sce ruanro (1) - Noru-HnzARDous.......... ......................133
Fre unr 4.4-3 FATLURE SCENARTo (2) - Hn2nn0ous................... .....................134
Fre unr 4.4-4 (Errecr)
FATLURE SCENARTo (3) - Mrrrenreo .......134
FIGURE 4.4-5 ExAMpLE oF A srRucruRE wrrH FATLURE cHArN wrrHour A MoNrroRtNG oR wrrH A MoNtroRtNG wHlcH rs oNLy

eARTALLv EFFEcTvE (scerunnro (1)nruo (2)). .............. .............135

Fre unr 4.4-6 ExnvpLT oF A STRUCTURE WITH HYBRID FAILURE CHAIN INCLUDING A MoNIToRING WHICH ALWAYS IS EFFECTIVE AND

swrrcHESTHESysrEMToAMrrGATEDFArLUREErrrcr(scrrunnro(3))........... ........................136
Ftcunr 4.4-7 ExAMpLEoFAFAILURENErwoRK....... ................136
Frcunr 4.4-8
FIGURE 4.5-1
EXAMPLE oF FAILURE ANALYSIS Iru
FMEA.MSR MoNIToRING NoT IMPLEMENTED
FMEA-MSR FoRM SHEET...
OR NoT CoNSIDERED
.....136
.,..............,,t42 o -13-
-12-
 'to 1 INTRODUCTION
This joint publication is the culmination of more than three years of
collaboration between OEM and Tier 1 supplier members of the
Automotive lndustry Action Group (AIAG), and the Verband der
Automobilindustrie (VDA). The text has been completely rewritten,
and the FMEA method has been revised in a few key areas. The
intent is to provide a common foundation for FMEA across the
sectors of the automotive industry which are represented by these
organizations. While every effort was made to achieve consensus,
it may be necessary to refer to individual corporate publications or
Customer-Specific Requirements (CSR).
A new method, Supplemental FMEA for Monitoring and System
Response (FMEA-MSR), has been added. lt provides a means for
the analysis of diagnostic detection and fault mitigatipn during
customer operation for the purpose of maintaining a safe state or
state of regulatory compliance.
This handbook supersedes AIAG 4th Edition FMEA and VDA,
"Product and Process FMEA" Volume 4.

1.1 Purpose and Description

The industry is challenged by increasing quality demands of the
customer, the necessary cost optimization of the products and
Olilo processes, and higher complexity, as well as the product liability
of the designer and manufacturer required by legislation.
Therefore, the FMEA method is used to address the technical
aspects of risk reduction.
Failure Mode and Effects Analysis (FMEA) is a team-oriented,
systematic, qualitative, analytical method intended to:
. evaluate the potential technical risks of failure of a product or
process
. analyze the causes and effects of those failures
. document preventive and detection actions
o recommend actions to reduce risk
Manufacturers consider different types of risk including technical
risks, financial risks, time risks, and strategy risks. The FMEA is
used for analyzing the technical risks to reduce failures and
improve safety in the products and processes. Figure 1.1-1 shows
the scope of FMEA and this handbook.

-14- -15-

Technical Risks (FMEA)
Has the product or process
been analyzed for potential
failures?
Financial Risks
Does the product remain
prolitable after counter
measures?
. Complying with regulations in the registration approval of the
Time Risks
Gan the improvements be
Strategy Risks
Are the improvements
rlo components, systems, and vehicles
realized within the lime introduced, although the Limitations of the FMEA include the following:
schedule? product is unprolltable?

Itt, scoPE OUTOFSCOPE OUT OF SCOPE OUT OF SCOPE

Decision for further improvement
of the Product and Process
Process rlsks
Product and Process
with reduced risk
Figure 1.1-1 Aspects of Risks
1.2 Objectives and Limits of FMEA
The objective of FMEA is to identify the functions of a product or
steps of a process and the associated potential failure modes,
effects, and causes. Furthermore, it is used to evaluate whether
prevention and detection controls already planned are enough,
and to recommend additional actions. The FMEA documents and
tracks actions that are taken to reduce risk. The FMEA
methodology helps engineers prioritize and focus on preventing
product and/or process problems from occurring,
Business objectives exist that are supported by the FMEA and
other activities, such as:
r lncreasingthequality, reliability, manufacturability,
serviceability, and safety of automotive products
o Ensuring the hierarchy, linkage, interface, and cascading and
alignment of requirements between components, systems
and vehicles are captured
. Reducing warranty and goodwill costs
o lncreasing customer satisfaction in a highly competitive
market
o Proving product and process risk analysis in the case of
product liability
o Reducing late changes in development
r Maintaining defect-free product launches
o Targeting communication in internal and external customer
and supplier relationships
e Building up a knowledge base in the company, i.e., document
lessons-learned
. lt is qualitative (subjective), not quantitative (measurable)
. lt is a single-point failure analysis, not a multi-point failure
analysis
o lt relies on the tedm's level of knowledge which may, or may
not predict future performance
. lt is a summary of the team's discussions and decisions,
therefore, the quality of the FMEA report is subject to the
recording skills of the team which may reflect the discussion
points in whole, or in part (it is not a transcript of a meeting)
For quantitative analysis and multi-point failure analysis, other
methods such as FTA (Fault Tree Analysis) and FMEDA (Failure
Modes, Effects, and Diagnostic Analysis) are used. These are the
methods which can calculate and analyze the relevant metrics
(e.9., single-point failure analysis, multi-point faults, latent faults)
to reach a quantified analysis result.
1.3 lntegration of FMEA in the Gompany
FMEA is a multi-disciplined activity affecting the entire product
realization process. The implementation of FMEA needs to be well
0]lo planned to be fully effective. The FMEA method is an integral
element of Product Development and Process Development
activities. The FMEA can reduce product redevelopment timing
and cost. lt supports the development of comprehensive
specifications, test plans, and Control Plans.
I
1.3.1 Potential Gonsiderations of the FMEA
The competent performance of the FMEA and the implementation
of its results are among the responsibilities of companies that
design, manufacture, and/or assemble products for the automotive
industry. lt is critical that the analysis take into consideration the
product's operating conditions during its useful life, particularly
with regard to safety risks and foreseeable (but unintentional)
misuse.
When the FMEA is performed, the following norms are observed:
. Clear: potentialfailure modes are described in technically
precise, specific terms, enabling a specialist to assess failure
causes and possible effects. Descriptions are free from
possible misunderstanding. Emotion-laden terms, (e.9.
dangerous, intolerable, irresponsible, etc.) are not
appropriate.

-16- -17 -
 . True: the consequences of potential failures are described
accurately (e.g., potentialfor odor, smoke, fire, etc.).
o Realistic: failure causes are reasonable' Extreme events are
not considered (e.g., falling rock on road, no power to
manufacturing plant, etc.). Failures resulting from misuse
relative to perception, judgement, or action are considered
foreseeable when documented by systematic methods
(including brainstorming, expert judgement, field reports, use
case analysis, etc.). Failures resulting from intentional misuse
(e.9. deliberate manipulation and sabotage)are not
considered.
. Complete: foreseeable potential failures are not concealed.
Concern about revealing too much know-how by creating a
correct and competent FMEA is not a valid reason for an
incomplete FMEA. Completeness refers to the entirety of the
producUprocess under analysis (e.9., system elements and
functions). However, the depth of detail depends on the risks
involved.
Technical risks of failure identified in the FMEA are either
assessed as acceptable, or actions are assigned to further reduce
risk. The closure status of actions to reduce the risk is
documented.
1.3.2 Senior Management Commitment
The FMEA process can take considerable time to complete. A .
commitment of the required resources is vital. Active participation
of the product and process owners and commitment from senior
management are important to successful FMEA development.
Senior management carries the responsibility for the application of
FMEA. Ultimately, senior management is responsible for
acceptance of the risks and risk minimization actions identified in
the FMEA.
1.3.3 Know-How Protection of the Design FMEA/Process
FMEA
The sharing of intellectual property found in the Design FMEA
and/or Process FMEA between suppliers and customers is
governed by contractual agreements between suppliers and
customers and is beyond the scope of this handbook.
1.3.4 Agreements between Customers and Suppliers
The Customer Specific Requirements regarding FMEA should be
coordinated with the parties involved and/or the suppliers. An
agreement made about the execution of FMEAs may include but
is not limited to items such as system boundaries, necessary work
documents, analysis methods, and evaluation tables.
-18-
1.3.5 Transition Strategy
,)t,o Existing FMEAs developed using the previous AIAG 4th Edition
FMEA "Product and Process FMEA" of VDA Edition, may remain
in their original form for subsequent revisions.
The organization should thoughtfully plan the transition from their
current FMEA process(es)and methods to the new AIAG & VDA
FMEA process and tools. When practical, existing FMEAs used as
a starting point for new programs should be converted to reflect
the new rating scales, analytical methods, and format. However, if
the team determines that the new program is considered a minor
change to the existing product, they may decide to leave the
FMEA in the existing format.
New projects should follow the FMEA method presented in this
Handbook unless company leadership and Customer Specific
Requirements (CSRs) mandate a different approach. The
transition date and project milestone after which new projects
follow this method should be defined by the company taking into
consideration Customer Specific Req u rements.
i
1.3.6 Foundation and Family FMEAs
Foundation and family FMEAs are recommended to be created
and used as a basis for new analyses. These optional practices
provide the greatest opportunity to leverage past experience and
(o knowledge and ensure that knowledge is accumulated over
product lifecycles and that prior performance issues are not
repeated (lessons learned). Furthermore, such reuse also reduces
effort and expenditures.
Foundation FMEAs (also known as generic, baseline, template,
core, master, or best practice FMEAs, etc.) are FMEAs that
contain knowledge of the organization from prior developments
which make them useful as a starting point for new FMEAS. The
foundation FMEA is not program specific, therefore the
generalization of requirements, functions, and measures is
allowed.
Family FMEAs are specialized foundation FMEAS. lt is common to
develop products that generally contain common or consistent
product boundaries and related functions (a Product Family) or
processes which contain a series of operations that produce
multiple products or part numbers. ln these cases, it is appropriate
to develop Family FMEAs which cover the commonalities for
these Families.
When using the family or foundation FMEA approach for the new
product or process under development, the team should identify
and focus the analysis on the differences between the existing
and the new product, process or application. The information and
ratings carried over from the family or foundation are to be
-19-
 critically examined with regard to the respective use case and
experiences from the known application.
o 1.4.1 Design FMEA
1.4 FMEA for Products and processes
There are three basic cases for which the FMEA is to be applied,
' each with a different scope or focus.
Gase 1: New designs, new technology, or new process.
The scope of the FMEA is the complete design, technology, or
. process.
Gase 2: New application of existing design or process.
The scope of the FMEA is an existing design or process in a new
environment, location, application, or usage profile (including duty
cycle, regulatory requirements, etc.). The scope of the FMEA
should focus on the impact of the new environment, location, or
application usage on the existing design or process.
Case 3: Engineering changes to an existing design or
process.
New technical developments, new requirements, product recalls,
and reports of failures in the field may drive the need for design
and/or process changes. ln these cases, a review or revision of
the FMEA may be necessary.
fhe FMEA contains a collection of knowledge about a design or
process and may be revised after start of production if at least one
o may be analyzed in System FMEAS.
of the following points applies:
. Changes to designs or processes
. Changes to the operating conditions
. Changed requirements (e.9., law, norms, customer, state of
the art)
. Quality lssues, ( e.9., Plant experience, zero mileage, or field
issues, internal / external complaints).
. Changes to the Hazard Analysis and Risk Assessment
(HARA)
to the Threat Analvsis and Risk Assessment
i#ilfft
monitorins
: :H::: :::i:.l'duct
There are two main approaches to FMEA: the analysis according
to product functions (Design FMEA) or according to process steps
(Process FMEA).
-20 -
A Design FMEA (DFMEA) is an analyticaltechnique utilized
primarily by a design responsible engineer/team as a means to
assure that, to the extent possible, potential Failure Modes and
their associated Causes or mechanisms of failure have been
considered and addressed prior to releasing the part to
production.
The Design FMEA analyzes the functions of a system, subsystem,
or component of interest as defined by the boundary shown on the
BlockiBoundary Diagram, the relationship between its underlying
elements, and to external elements outside the system boundary.
This enables the identification of possible design weaknesses to
minimize potential risks of failure.
A System DFMEA is comprised of various subsysteq.ns and
components which are represented as system elements (items).
System and subsystem analyses are dependent on the viewpoint
or responsibility. Systems provide functions at the vehicle level.
These functions cascade through subsystems and components.
For purpose of analysis, a sub-system is considered the same
way as a system.
lnterfaces and interactions among systems, subsystems, the
environment and the customers (e.9. Tier N, OEM, and end user)
Within a system there may be software, electronic, and
mechanical elements. Examples of systems include: Vehicle,
Transmission System, Steering System, Brake System or
Electronic Stability Control System, etc.
A component DFMEA is a subset of a system or subsystem
DFMEA. For example, an Electrical Motor is a component of the
Window Lifter, which is a subsystem of Window Lifter System. A
Housing for the Electrical Motor may also be a component or part.
For this reason, the terms "system element" or "item" are used
regardless of the level of analysis.
Design FMEA may also be used to assess the risks of failure of
non-automotive products such as machines, and tooling. The
actions resulting from the analysis may be used to recommend
design changes, additional testing, and other actions which
reduce the risk of failure or increase the ability of a test to detect
failures prior to delivery of the design for production.
1.4.2 Process FMEA
ln contrast to the Design FMEA (DFMEA), which analyzes the
failure possibilities that may be created during the design phase of
the product, the Process FMEA (PFMEA) analyzes the potential
failures of manufacturing, assembly and logistical processes to
-21 -
 produce products which conform to design intent. Process-related
failures are different than the failures analyzed in the Design
FMEA.
The Process FMEA analyzes processes by considering the
t A good starting point for a manufacturer is to make sure the
severity in the DFMEA and PFMEA are the same when the failure
effects are the same. lf the "product" failure effects to the end user
(vehicle-level) are not included in the PFMEA then the correlation
between the DFMEA and PFMEA is not possible. A correlation
potential failure modes which may result from process variation, to
needs to be made so that a failure of a feature in design that leads
establish priority of actions for prevention, and as needed,
to a certain failure effect is also captured in the PFMEA for the
improve controls. The overall purpose is to analyze processes and
same feature (product characteristic). Please see the note in
take action prior to production start, to avoid unwanted defects
Section 3.4.8 for non-traditional development flows.
related to manufacturing and assembly and the consequences of
those defects.
1.5 Project Planning
1.4.3 Gollaboration between FMEAs
The Five T's are five topics that should be discussed at the
There are opportunities for collaboration between both Design and beginning of a DFMEA or PFMEA in order to achieve the best
Process FMEAs in the same company and outside of the results on time and avoid FMEA rework. These topics can be used
company. To help communicate effects and severities, a joined as part of a projectkick-off. +

and agreed to severity evaluation can be reviewed between

organizations (different companies in the supply chain starting FMEA lnTent - Why are we doing FMEA?
with Tier 1, Tier 2,Tier 3, etc.) as shown in Figure 1.4-1. FMEA Timing- When is this due?

Goal: Risk to End User reduced FMEA Team - Who needs to be on the team?
FMEA fask - What work needs to be done?
Failure Effects and
FMEA fool - How do we conduct the analysis?
Severity
Severity
(as possible / as needed) 1.5.1 FMEA lnTent
It is recommended that members of the FMEA team are
competent in the method, based on their role on the team. When
team members understand the purpose and intent of FMEA, they
will be more prepared to contribute to the goals and objectives of
the project.
Severity
1.5.2 FMEA Timing
FMEA is meant to be a "before-the-event" action, not an "after-the-
fact" exercise. To achieve the greatest value, the FMEA is
conducted before the implementation of a product or process in
which the failure mode potential exists.
Technical risk analysis and
Severity One of the most important factors for the successful
proposed product or process
implementation of an FMEA program is timeliness. Up-front time
changes
spent properly completing an FMEA, when producUprocess
(as possible / as needed)
changes can be most easily and inexpensively implemented, will
Goal: Collaboration between Customer and Supplier minimize late change crises. The FMEA as a method for system
analysis and failure prevention is best initiated at an early stage of
the product development process. lt is used to evaluate the risks,
Figure 1.4-1 FMEA Gollaboration valid at that time, in order to initiate actions to minimize them. ln
addition, the FMEA can support the compilation of requirements.

-22- -23 -
 The FMEA should be carried out according to the project plan and
evaluated at the project milestones according to the state of the
analysis. o 1.5.3 FMEA feam
It is recommended that a company defines the desired maturity The FMEA team consists of multi-disciplinary (cross-functional)
levels for their FMEAs according to overall company-specific members who encompass the necessary subject matter
development project milestones. knowledge. This should include facilitation expertise and
knowledge of the FMEA process. The success of the FMEA
depends on active participation of the cross-functional team as
Advanced necessary to focus on the topics of discussion.
Product Product Design Process Design Feedback
Quality Plan and Define Product and
and and Assessment 1,5.3.1 The Design FMEA Team
Planning Program Production
Development Development and Corrective
Validation
(APOP) Verification Verification Action The Core Team may consist of the following people:
Phases
Start FMEA planning in
. facilitator
concept phase beforc
product dewlopment
Start DFMEAwhenthe
design ooncept is well
Complete DFMEA
analysis prior to rclease
CompleteDFMEA
actions prior to start ol
. design engineer $

DFMEA begins
lnformation flow from
undersiood
of design specifi oations
for quotation
production tooling
Shrt agein wlth
. system engineer
OFiiEA to PFMEA
The DFMEAand PFMEA
OFTTIEA ind PFUEA
plannlng ifthere are
r corTlPonentengineers
should be oxecutsd
Start PFMEAwh€n CompletePFMEA Complete PFMEA
changer to an
exlstlng deslgn or
. test engineer
duringthe sametimo
PFMEA period to allow production concept is
well understood
analysis prior to final
process decisions
actions prior lo Procett o quality/reliabilityengineer
optimization of both th6 PPAP/PPA
product and process o others responsible for the development of the product
designs
The Core Team members prepare the FMEA System Analysis
(Steps 1 - 3) and participate in the FMEA meetings. The
1.5-l
VDA
Maturity
MLO
Figure

ML1
FMEA Timing Aligned with APQP Phases

ML2 ML3 ML4 ItlL5 ML6 ML7

o Extended Team may participate on demand (coordinated by the
FMEA facilitator or meeting organizer).
lnnova0oD Requlremont Definttlon ofthe Approval ot Producto Serldl tool3, Product and Prcloct End, The Extended Team may consist of the following people:
Level Approvel llanagement Supply Chiin Tachnlcal n Planftlng Spare Part3 snd Pfocerr Rorpon.iblltry
Assurance
for New
ior rerlal
Oevslopment
lor
Procurament
and
Placlng ot
Specincatlon 0ona S€rl8l Machlner
Avallablo
Approval llanrfer to Serhl
Producuon, Start
o technical experts
Parts
Ertenalvo Extenrlve Requallnkatlon
o proc€ss/manufacturingengineer
Start FMEA
planning in
Start DFMEA
when lhe design
Complete
DFMEA
Complet€
DFMEA actions
. service engineer
DFMEA
concepl phase
before product
concopt is well
understood
analysis prior to
release of
prior to start of
produclion looling
. project manager
davolopment
begins
design
speciticalions
Start again wlth
o functional safety engineer
lnformation flow
from DFiilEA to
Start PFMEA
f,or quotation

Compl€t6 Complet6
DFMEA and
PFMEA plannlnq
o purchasing
PFMEA
The DFMEAand
PFMEA should be
when produotion
concopt i3 w€ll
PFMEA
analysis
PFMEA
actions prior
lf tiele are
changes to an
. supplier
executsd during
the samelim€
understood pdor to
tinal
to PPAP/
PPA
exlrtlng dellgn
or proce83
o customerrepresentative
PFMEA period lo allow
oplimization of
prccess
dgcisions
o others that may have specialized knowledge which will help
both the producl the core team analyze specific aspects of the product
and process
designs

1.5.3.2 The Process FMEA Team

Figure 1.5-2 FMEA Timing Aligned to MLA Phases The Core Team may consist of the following people

NOTE: Exceptions to this FMEA timing include nontraditional o facilitator

development flows such as where development of a o proc€ss/manufacturingengineer
"standard" process precedes the development of
products that will be manufactured using the process.
. ergonomic engineer
r process validation engineer

-24 - -25 -
 .
o
quality/reliabilityengineer
others responsible for the development of the process
The Core Team members prepare the FMEA System Analysis
(Steps 1 - 3) and participate in the FMEA meetings. The
t .
.
.
Preparation of the Business Case for technical and/or
financial decisions
Definition of elements, functions, requirements, and interfaces
Focusing on the topics
Extended Team may participate on demand (coordinated by the
FMEA facilitator or meeting organizer).
. Procurement of the necessary documents and information
o lncorporating lessons learned
The Extended Team may consist of the following people:
. design engineer 1.5.3.3.3 FMEA Facilitator
r technical experts o Coordination and organization of the workflows in the FMEA
. service engineer r Mitigation of conflicts
. project manager o Participation in the team formation
o maintenance staff . Participation in the Preparation of the rough schedule
. line worker . Participation in the invitation to the 1st team meeting for the
analysis phase
. purchasing
. supplier
o Participation in the Preparation of the decision
guidelines/criteria
. others (as necessary) o Development of Corporate or Product Line Examples for
Rating Tables (Optional) with support from Design/Process
1.5.3.3 FMEA Team Ro/es and Responsibilities Engineer
Within the organization's product development process, the . Method competence (FMEA) and familiarization of
following roles and responsibilities for FMEA participation should participants in the FMEA method
be assigned. Responsibilities of a given role can be shared
amongst different persons and/or multiple roles may be assigned
to the same person.
o o
.
FMEA Software documentation competence (as necessary)
Social skills, able to work in a team
o Competent moderator, ability to convince, organization and
1.5,3.3.1 Management, (Project Manager) presentation skills
o Authority to make decisions about the acceptability of . Managing execution of the 7 steps of FMEA method
identified risks and the execution of actions . lf necessary, Preparation or wrap-up of FMEA meetings
o Defines the persons responsible for pre-work activities, FMEA . Moderation of the FMEA workgroup
facilitation, and the design/process engineer responsible for I
implementation of actions resulting from the analysis I NOTE: Any team member with the relevant competence and training
r Responsible for selecting and applying resources and I
I
may fulfill the role of facilitator.
ensuring an effective risk management process is
implemented within scheduled project timing
1.5.3.3.4 Core Team Members
o Responsibility and ownership for development and
. Contribute knowledge from relevant product and process
maintenance of the FMEAs. experience
. Management responsibility also includes providing direct
. Contribute necessary information about the product or
process that is the focus of the FMEA
support to the team(s) through on-going reviews and
eliminating roadblocks. o Contribution of existing experiences from previous FMEAs
o Responsible for budget. already known
. Participation in the execution of the 7 steps of FMEA
1.5.3.3.2 Lead Design/Process Engineer (Technicat Lead) o lnvolvement in the Preparation of the Business Case
o Technical responsibility for the FMEA contents o lncorporating lessons learned

-26 - -27 -
 1.5,3.3.5 Extended Team Members / Experts
. Contribution of additional information about special topics
o Contribution of necessary information about the product or
process that is the focus of the FMEA
t The FMEA process is carried out in seven steps.
These seven steps provide a systematic approach to perform a
Failure Mode and Effects Analysis and serve as a record of the
technical risk analysis.
o lnvolvement in the Preparation of the Business Case

1.5.4 FMEA Tasks E

o d
E
6 lo

The 7-Step Overview provides the framework for the tasks and
o
.o
c3 ,WLat
; It
a

s 3
IE sE
Eire
fl
:l
.t

deliverables of the FMEA. ln addition, the FMEA team should be

E 8$ E
tI lfEril FA
t8
E
o fE g I.EE
!!
5I
9 EA 3-.eEIg
prepared to review the results of their analysis with management J
O t4l
;l 99 5:I EEP
t EgBSF
and the customer, upon request. t.a EI
Ei !d
lEf{sE; ,qie$+ Ef

The FMEA may also be audited by an internal auditor, customer I I t! -

:EEg
auditor, or third-party registrar to ensure each task has been cl
E* iig
O
E
*E p$;
fulfilled. 6!t
€!t
.E
tIt :$:€
f;
€! H
€ e;g
T
EE;
a 65,E T ggr
c E6eC
1.5.5 FMEA fools .o E
E
g9=s
$g$E g#$s !; i!
IE
.9 iec-F
There are numerous FMEA Tools, i.e., software packages that
can be used to develop a DFMEA and PFMEA as well as follow
J
.9
tr
o9 9i
3oo
6 r!
t g,Er;
€ H n ! f "F r.F !b
s
*,b gi€
*5s
up on actions. This software ranges from dedicated FMEA ! gEl ,:&
software to standard spreadsheets customized to develop the
FMEA. Companies may develop their own in-house database
c
o 6d
c<l
.a fiil
o
a6 EI
@ !
i
$€$
'q Ei -g
[ 6C
tci
Ee
$ s r er e; F
5
ts Ie E
3€
EEF
.8
!
6
I !!9
solution or purchase commercial software. ln any case, the FMEA (,
c
o
I s{53 d33S HT!TE$:$ $Eri l$Eif 5: .ur,
$

o .:
team needs to have knowledge of how to use the FMEA tool Io. '6
u- E
t
selected for their project as required by the company. ) o. '51
ti3 .!
c
a;l
riiE gi a !

O $ II
e 6 o E3
sEt
There are two views of FMEA examples shown in this manual. o
o ssl F
e
: @E
P
a8
r,F 6o !l $r
4e
A,E
t5 €
The Software View depicts what the user sees when developing a ctu 6l
.o
I €
+.9 !l I gtr E

isiil rli rl
It 8 EE
o 0g TE
FMEA using specialized software that utilizes system element a E3 Hf-
structure, function net, failure net, etc. The Form View depicts
what the user sees when developing a FMEA in a spreadsheet. ! t
qql E ! c
oE
Figures in this handbook include an example of how to develop an 83 €
e
€ s iF ET r
FMEA using either a structure Tree or Form sheet. ln the case of Eg. ,p ol
I
5 $ta tA
EI fir gEe
!i
u e
using structure Trees to develop elements, functions, and failures; €t
at
E
g HSF !t
t.

a software view is also presented to show how the information

may look when placed in documentation. ln either case the 7-Step .9
o t
-c t'
T' i
approach is the same. o od ii:r* !E
I
;g€! EEr€
€ Eg
CD' F r A$r
'E
oE $i' I
I
€
,tts66
,a
1.6 FMEA METHODOLOGY
E Efl
0)
o
u)
.lrl
ot s9
E p.! i=

FE;FE
e3
..c-
E;E
f;l E
sS
.9 6
g!6s
* 5 6ll
E;
P{ tt
ooSta a
The analyses for the Design FMEA, process FMEA and t-
EI 6
Supplemental FMEA for Monitoring and System Response F
l5E E
4i I t
(FMEA-MSR) are each described completely in the following I a

sections. consequently, redundancies are unavoidable. Forthe

rEl
6al
u o.l EJ--D
! lll* g
!
5 ET
!l T aF-
:o
s
: .trr
user this has the advantage that they can refer direcfly to the t 0.e
;rC r.t
Design FMEA and/or Process FMEA and/or FMEA-MSR chapter EJ F dr:9 tiiF s
U
n;
without referring to the content of the other chapters.
Figure 1.6-1 FMEA 7 Step Approach

-28 - -29 -
 2 EXECUTION OF THE DESIGN FMEA

2.1 Design FMEA 1st Step: Planning and Preparation

2.1.1 Purpose
The purpose of the Design FMEA Planning and Preparation Step
is to define which FMEAs will be done for a project, and to define
what is included and excluded in each FMEA based on the type of
analysis being developed, i.e., system, subsystem or component.
The main objectives of Design FMEA Planning and Preparation
are:
e Projectidentification
. Project plan: lnTent, Timing, Team, Tasks, Toolc (5T)
. Analysis boundaries: What is included and excluded from the
analysis
. ldentification of baseline FMEA with lessons learned
o Basis for the Structure Analysis step

2.1.2 DFMEA Project ldentification and Boundaries

DFMEA Project identification includes a clear understanding of
what needs to be evaluated. This involves a decision-making
process to define the DFMEAs that are needed for a customer
program. What to exclude can be just as important as what to
include in the analysis.
Below are some basic questions that help identify DFMEA
projects.
. What is the customer buying from us?
r Are there new requirements?
o Does the customer or company require a DFMEA?
. Do we make the product and have design control?
r Do we buy the product and still have design control?
o Do we buy the product and do not have design control?
o Who is responsible for the interface design?
. Dg we need a system, subsystem, component, or other level
of analysis?
Answers to these questions and others defined by the company
help create the list of DFMEA projects needed. The DFMEA
project list assures consistent direction, commitment and focus.
The following may assist the team in defining DFMEA boundaries,
as applicable:
o Legal requirements

,30 - -31 -
 . Technicalrequirements foundation DFMEA. lf no baseline is available, then the team will
. Customerwants/needs/expectation (externaland internal
customers)
I develop a new DFMEA.

2.1.5 DFMEA Header

. Requirementsspecification
o Diagrams (Block/Boundary) from similar project During the Planning and Preparation Step, the header of the
DFMEA document should be filled out. The header may be
r Schematics, drawings, and/or 3D models
modified to meet the needs of the organization. The header
. Bill of materials (BOM), risk assessment includes some of the basic DFMEA scope information as follows
. Previous FMEA for similar products Company Name: Name of Company Responsible for DFMEA
o Error proofing requirements, Design for Manufacturability and
Engineering Location: Geographical Location
Assembly (DFM/A)
. QFD Quality Function Deployment Customer Name: Name of Customer(s) or Product
The following may be considered in defining the scope of the Model Year / Program(s): Customer Application or Company
DFMEA, as appropriate: Model/Style s
o Novelty of technology/ degree of innovation Subject: Name of DFMEA Project (System, Subsystem and/or
. Quality / reliability history (ln-house, zero mileage, field Component)
failures, warranty and policy claims for similar products) DFMEA Start Date: Start Date
. Complexity of design
DFMEA Revision Date: Latest Revision Date
. Safety of people and systems
Cross-Functional Team: Team Roster needed
. Cyber-physical system (including cyber-security)
. DFMEA lD Number: Determined by Company
Legal compliance
. Catalog & standard parts Design Responsibility: Name of DFMEA owner
) Gonfidentiality Level: Business Use, Proprietary, Confidential
2.1.3 DFMEA Project Plan
A plan for the execution of the DFMEA should be developed once
the DFMEA project is known.
It is recommended that the 5T method (lnTent, Timing, Team, Planning and Preparation (Step 1)
Tasks, Tool) be used as described in section 1.5 of this handbook.
ComPanYName: AcmeAutomotive Subject: PX123 Upper Jacket
The plan for the DFMEA helps the company be proactive in
starting the DFMEA early. The DFMEA activities (7-Step process) Engineering Munich, GermanY DFMEA StaTt 19-Mar-2018
DFMEA ID 123456
Location: Date: Number:
should be incorporated into the overall project plan.
Customer Name: Jackson lndustry
DFMEA Revision 25-Sep-2018 Design S. Gray
Date: Responsibility:
2.1,4 ldentification of the Baseline DFMEA See Team List
Model Year(s) / 2020 PX123 Cross-Functional Confidentiality Confideniial
Part of the preparation for conducting the DFMEA is knowing what Program(s): Team: Level:
information is already available that can help the cross-functional
team, This includes use of a foundation DFMEA (described in Figure 2.1-l Example of Gompleted DFMEA Header Planning and Preparation Step 1
Section 1.3.6), similar product DFMEA, or product family DFMEA.
The family DFMEA is a specialized foundation design FMEA for
products that generally contain common or consistent product
boundaries and related functions. For a new product in the family,
2.1.6 Basis for Structure Analysis
the new project specific components and functions to complete
the new product's DFMEA would be added to the family FMEA. The information gathered during Step 1 Planning and Preparation
The additions for the new product may be in the family DFMEA will be used to develop Step 2 Structure Analysis.
itself, or in a new document with reference to the original family or

-32- 33-
 2.2 Design FMEA 2nd Step: Structure Analysis
2,2.1 purpose
I requirements and specifications more robustly as well as aid in
The purpose of Design Structure Analysis is to identify and
breakdown the FMEA scope into system, subsystem, and
component parts for technical risk analysis.
The main objectives of a Design Structure Analysis are:
2.2.4 Visualize System Structure
r Visualization of the analysis scope
o Structure tree or equivalent: block diagram, boundary
diagram, digital model, physical parts
. ldentification of design interfaces, interactions, close
clearances
r Collaboration between customer and supplier engineering
teams (interface responsibilities)
. Basis for the Function Analysis step
2.2.2 System Structure
A system structure is comprised of system elements. Depending
on the scope of analysis, the system elements of a design
structure can consist of a system, subsystems, assemblies, and
components. Complex structures may be split into several
structures (work packages) or different layers of block diagrams
and analyzed separately for organizational reasons or to ensure
sufficient clarity. A system has a boundary separating it from other
systems and the environment. lts relationship with the
environment is defined by inputs and outputs. A system element is
a distinct component of a functional item, not a function, a
requirement or a feature.
2.2.3 Define the Customer
There are two major customers to be considered in the FMEA
analysis:
o END USER: The individual who uses a product after it has
been fully developed and marketed.
. ASSEMBLY and MANUFACTURING: the locations where
manufacturing operations (e.9., powertrain, stamping and
fabricating) and vehicle/ product assembly and production
material processing takes place. Addressing the interfaces
between the product and its assembly process is critical to an
effective FMEA analysis. This may be any subsequent or
downstream operation or a next Tier manufacturing process.
-34-
Knowledge of these customers can help to define the functions,
determining the effects of related failure modes.
NOTE: Reference the NOTE in section 2.4.4 for cases when the
end user is not known.
A visualization of the system structure helps the DFMEA team
develop the structural analysis. There are various tools which may
be used by the team to accomplish this. Two methods commonly
used are described in the sections below:
. Blocl</BoundaryDiagrams
o Structure Tree
ii
2.2.4.1 Block/Boundary Diagram
Block/Boundary Diagrams are useful tools that depict the system
under consideration and its interfaces with adjacent systems, the
environment and the customer. The diagram is a graphic
representation that provides guidelines for structured
brainstorming and facilitates the analysis of system interfaces as a
foundation for a Design FMEA. The diagram below shows the
physical and logical relationships between the components of the
product. lt indicates the interaction of components and
subsystems within the scope of the design as well as those
interfaces to the product Customer, Manufacturing, Service,
Shipping, etc. The diagram identifies persons and things that the
design interacts with during its useful life. The Boundary Diagram
can be used to identify the Focus Elements to be assessed in the
Structure Analysis and Function Analysis.
The diagram may be in the form of boxes connected by lines, with
each box corresponding to a major component of the product. The
lines correspond with how the product components are related to,
or interface with each other, with arrows at the end point(s) to
indicate the direction of flow. lnterfaces between elements in the
Boundary Diagram can be included as Focus Elements in the
Structure and Function Analysis Structure Tree.
There are different approaches and formats to the construction of
a Blocl</Boundary Diagram, which are determined by the
organization. ln this handbook, the terms "Block Diagram" and
"Boundary Diagram" are used interchangeably. However, the
Boundary Diagram tends to be more comprehensive due to the
inclusion of external influences and system interactions.
ln the context of the DFMEA, Block/Boundary Diagrams define the
analysis scope and responsibility and provides guidelines for
structured brainstorming. The scope of analysis is defined by the
-35-
 boundaries of the system; however, interfaces with external
factors/systems are to be addressed.
o Defines scope of analysis (helps to identify potential team
members)
o ldentifies internal and external interfaces
r Enables application of system, sub-system, and component
hierarchy
When correctly constructed, Block/Boundary Diagrams provide
detailed information to the P-Diagram, and the FMEA. Although
Block/Boundary diagrams can be constructed to any level of
detail, it is important to identify the major elements, understand
how they interact with each other, and how they may interact with
outside systems.
it, require clearance, involve motion, or thermal
exposure.
o The customer/end user
. Arrows indicate direction
e. Define the boundary (What parts are within the span of
control of the team? What is new or modified?)
Only parts designed or controlled by the team are inside
the boundary. The blocks within the boundary diagram are
one level lower than the level being analyzed. Blocks
within the boundary may be marked to indicate items that
are not part of the analysis.
f Add relevant details to identify the diagram.

Block/Boundary Diagrams are steadily refined as the design

. System, program, and team identificatiorr
matures. . Key to any colors or line styles used to identify different
types of interactions
The steps involved in completing a BlockiBoundary Diagram may
be described as follows: o Date and revision level

a. Describe components and features

. Naming the parts and features helps alignment within
the team, particularly when features have "nicknames'
. All system components and interfacing components
Customer
shown Service lllanufacturing
b. Reorganize blocks to show linkages
. Solid line for direct contact Window Lifter System
o Dashed line for indirect interfaces, e.g. clearances or
relative motion Wndow Llfterilotor
o Arrows indicate direction Guiding frame Commutrtlon Ehc'foltEgnettc llagncto{rochanlcal
q
. All energy flows/ signal or force transfers identified. la
Sy.lem Converbr
?r
Convortrr

c. Describe connections Rot r

Poeltlon
Consider all types of interfaces, both desired and
undesired: Lifting mechanism
P --Physically touching (welded, bolted, clamped, etc.) Calbon Bruah card lragnet3 Poh
bru!h baie body (Nooqrnl Armature shrft
hourlng
E --Energy transfer (Torque (Nm), heat, etc.)
l---lnformation transfer (ECU, sensors, signals, etc.)
Electronlc control unlt Oeer bor
M --Material exchange (Cooling fluid, exhaust gases,
etc.)
d. Add interfacing systems and inputs (persons and things)
Figure 2.2-1 Example of Block/Boundary Diagram
The following should be included:
. Adjacent systems - including systems that are not
physically touching your system but may interact with

-36- -37 -
- 2.2.4.2 I nterface Analysis The interactions between System elements may be described
later as functions and represented by function nets (see Step 3
An interface analysis describes the interactions between elements I Function AnalYsis).
of a system.
There are five primary types of interfaces: There is always a system element present, even if it is only
derived from the function and cannot yet be specified more
. Physical connection (e.9., brackets, bolts, clamps and various clearly.
types of connectors)
o Material exchange (e.g., compressed air, hydraulic fluids or
any other fluid or material exchange)
. Energy transfer (e.9., heat transfer, friction or motion transfer
such as chain links or gears)
r Data exchange (e.9., computer inputs or outputs, wiring
harnesses, electrical signals or any other types of information Carbon Brurh

exchange, cyber security items) Electronic Control ttpit '-l

o Human-Machine (e.9., controls, switches, mirrors, displays,
warnings, seating, entry/exit) [[{gnot'{Neodym} z'

Another type of interface may be described as a physical Armstura thaft \

clearance between parts, where there is no physical connection.
Pole Houring
Clearances may be static and/or dynamic.
Window Lifter System Gear hox
consider the interfaces between subsystems and components in
Guiding Frame
addition to the content of the sub-systems and components
themselves.
An interface analysis documents the nature (strong/weak/none,
beneficial/harmful) and type of relationships (physical, Energy, )
lnformation, or Material Exchange) that occur at all internal and
external interfaces graphically displayed in the BlocUBoundary
Diagram. Figure 2.2-2 Example of Structure Analysis Structure Tree
lnformation from an interface analysis provides varuabre input to a The system structure can be created in the Structure Analysis
Design FMEA, such as the primary functions or interface functions section:
to be analyzed with potential causes/mechanisms of fairure due to
effects from neighboring systems and environments. lnterface STRUGTURE ANALYSIS (STEP 2)
analysis also provides input to the P-Diagram on ideal functions
and noise factors.
1. Next Higher Level
2.2.4.3 Structure Trees
The structure tree arranges system elements hierarchically and Window Lifter Moto, lCorrutation System lerrrn Card Base Body
illustrates the dependency via the structural connections.
The clearly structured illustration of the complete system is Figure 2.2-3 Example of Structure Analysis Form Sheet
thereby guaranteed by the fact that each system element exists
only once to prevent redundancy. 1 Next Higher Level:
The structures arranged under each System Element are The highest level of integration within the scope of
independent sub-structures (see figure 2.2-2). analysis.
2 Focus Element:
The element in focus. This is the item that is topic of
consideration of the failure chain.
-38- -39-
 3. Next Lower Level or Characteristic Type: 2.3.2 Function
The element that is the next level down the structure from
the focus element. ) A function describes what the item/system element is intended to
2.2.5 Collaboration between Customer and Supplier
The output of the Structure Analysis (visualization of the design
and its interfaces) provides a tool for collaboration between
customers and suppliers during technical reviews of the design
and/or DFMEA project.
2.2.6 Basis for Function Analysis
The information defined during Step 2 Structure Analysis will be
used to develop Step 3 Function Analysis. lf design elements
(items) are missing from the Structure Analysis they will also be
missing from the Function Analysis.
2.3 Design FMEA 3rd Step: Function Analysis
2.3,1 Purpose
The purpose of the Design Function Analysis is to ensure that the
fu nctions specified by req u irements/specifications are
appropriately allocated to the system elements. Regardless of the
tool used to generate the DFMEA, it is critical that the analysis is
written in functional terms.
)
The main objectives of a Design Function Analysis are:
o Visualization of product or process functions
. Function tree/net or function analysis form sheet and
parameter diagram (P-diagram)
. Cascade of customer (external and internal) functions with
associated requirements
. Association of requirements or characteristics to functions
. Collaboration between engineering teams (systems, safety,
and components)
r Basis for the Failure Analysis step Figure
The structure provides the basis so that each System Element
may be individually analyzed with regard to its functions and 2.3.3 Requirements
requirements.
For this, comprehensive knowledge of the system and the
operating conditions and environmental conditions of the system
are necessary, for example, heat, cold, dust, splash water, salt,
icing, vibrations, electrical failures, etc.
-40-
do.
A function is to be assigned to a system element. Also, a system
element can contain multiple functions.
The description of a function needs to be clear.
The recommended phrase format is to use an "action verb"
followed by a "noun" to describe a measurable function.
A Function should be in the "PRESENT TENSE"; it uses the
verb's base form (e.9., deliver, contain, control, assemble,
transfer).
Examples: deliver power, contain fluid, control speed, transfer
heat, color black. 6
Functions describe the relationship between the input and output
of an item system element with the aim of fulfilling a task.
Note: A component (i.e., a part or item in a part list) may have a
purpose/function where there is no input/output. Examples
such as a seal, grease, clip, bracket, housing, connector, flux,
etc. have functions and requirements including material,
shape, thickness, etc.
ln addition to the primary functions of an item, other functions that
may be evaluated include secondary functions such as interface
functions, diagnostic functions, and serviceability functions. (See
figure 2.3-1)
lnput
Function of
output
Item/System Element
=)
lnterface
2.3-l lnpuUlnterface/Output Flow
ISO 9000 defines a requirement as a need or expectation that a
particular design, product or process aims to satisfy.
Requirements are divided into two groups: functional requirements
and non-functional requirements.
-41 -
 A functional requirement is a criterion by which the intended
performance of the function is judged or measured (e.9., material
stiffness).
A non-functional requirement is a limitation on the freedom for
design decision (e.g., temperature range).
Requirements may be derived from various sources, external and
internal, these could be:
Legal requirements:
The complete functional description forms the basis for
subsequent failure analysis and risk mitigation.
)
A P-Diagram focuses on achievement of function. lt clearly
identifies all influences on that function including what can be
controlled (Control Factors), and what cannot reasonably be
controlled (Noise Factors).
The P-Diagram, completed for specific ldeal Functions, assists in
the identification of:

o Environmentally friendly product design, suitable for recycling,

safe in the event of potential misuse by the operator, non-
flammable, etc.
lndustry Norms and Standards:
. ISO 9001, VDA Volume 6 Part 3, Process audit, SAE J1739,
ISO 26262 Functional Safety.
Customer Requirements:
. Explicit (i.e., in customer specification) and implicit (i.e.
freedom from prohibited materials)- under all specified
conditions
I nternal Requirements:
. Product Specific (i.e., Requirements Specifications,
manufacturabi ity, su ita bility for testi ng, com pati
I bil ity with
other existing products, reusability, cleanliness, generation,
entry and spreading of particles)
Product Characteristics:
o A distinguishing feature (or quantifiable attribute) of a product
such as a journal diameter or surface finish.
o Factors, levels, responses and signals necessary for system
optimization
o Functions which are inputs to the DFMEA
. Control and Noise factors which could affect functional
performance
o Unintended system outputs (Diverted Outputs)
*
lnformation gained through developing a P-Diagram provides
input to the test plan.
Referring to Figure 2.3-2below, the output (grey area) of the ltem/
System Element often deviates/varies from the desired behavior
(straight line). The control factors act on the design to achieve as
close as practical to the desired behavior.
)
ldea l/Actua I vs. DESI D/REQU IRE D Functional Definition
RE
(Linear Response Example)
Customer and/or other systems determine
to level of acceptable {Desired/Required)
Functional performance of a commodity

2.3.4 Parameter Diagram (P-Diagram) Input "X,,

Parameters are considered to be attributes of the behavior of a
Convert
function. A Parameter (P) Diagram is a graphical representation of XtoY
the environment in which an item exists. A P-Diagram includes
factors which influence the transfer function between inputs and E4

outputs, focusing on design decisions necessary to optimize Y= output

output. nn'*

A P-Diagram is used to characterize the behavior of a system or

component in the context of a single function. p-Diagrams are not
required for all functions. Teams should focus on a few key
functions affected by new conditions and those with history of
robustness issues in previous applications. More than one p-
X= input
Diagram may be needed in order to illustrate the function(s) of the
system or component that are of concern to the FMEA Team.
Figure 2.3-2 Example of system behavior

-42- -43-
 A Parameter Diagram consists of dynamic inputs (including Change Over Time
signals), factors that could affect system performance (control and (aging over life time, e.9., mileage, aging, wear)
noise), sources of variation, and outputs (intended outputs and
a Customer Usage
unintended/diverted outputs).
(use out of desired specifications)
The following is an example of a Parameter Diagram which is a External Environment
used to assess the influences on a function of a product including: (conditions during customer usage, e.g., road type, weather)
Input (What you want to put in to get the desired result) is a a System lnteractions
description of the sources required for fulfilling the system (interference from other systems)
functionality.
Function (What you want to happen) is described in a Parameter
Diagram with an active verb followed by a measurable noun in the Noise Factors
present tense and associated with requirements. Noise Noise 2 Noise 3
1 Noise 4 iik:ise 5
Functional Requirements (What you need to make the function Piece to Piece Variation Change Over Time Customer Usage Exlernal
e.9., variation in clearance e.9., holding clamps e.g., excessive user:f Environment System lnteractions
happen) are related to the performance of a function between rotor and holding become permanenlly window lift system by child e.gX e'ect[omagnetic
e.9., humidity,
clamps magnetized, carbon playing
ienlperatur€, dust, external intederence frclm ECU
Gontrol Factors (What you can do to make it happen) which can brushes wear vibration. shock,-..
be adjusted to make the design more insensitive to noise (more
robust) are identified. One type of Control Factor is a Signal lnput Window Lifter Motor lntended Output
Factor. Signal Factors are adjustment factors, set direcfly or Energy: .lr Energy:
i F:J'

@
El.cttical
indirectly by a user of a system, that proportionally change the
@
e.9,, Voltage, Cunent :{i-.J= gnorgy e.9., angle dependent
Ir...c,
system response (e.9., brake pedal movement changes stopping u1... " lr,0r electrical energy on
Enorgy solenoid
distance). Only dynamic systems utilize signal factors. Systems 6

* Unintended
without signal factors are called static systems.
Non-Functional Requirements (What you need beside the
functional requirements) which limit the design option. )
Ir
I

Function Functional
&s
ControlFactors
output

Non Functional
+ -- - -;

Unintended Output
Convert electrical energy Requirements Natural scientific factors energy losses,
Requirements
lntended Output (What you want from the system) are ideal, into mechanicslenergy
Move window glass up which control the function, Requirements which limit e.9., thermal energy,...
acc. to param€terization e.9., magnetic tield
intended functional outputs whose magnitude may (dynamic and down with a defined the design options, NVH, EMC
Requirement velocity strength, permeability,... e.9., geometric interface to
system) or may not (static system) be linearly proportional to a Generate motor customer system,
signal factor (e.9., Iow beam activation for a headlamp, stopping characteristic curve acc. requiremenls regarding
to spec 6790-1923 weight, material, size,...
distance as a function of brake pedal movement).
Unintended Output (What you don't want from the system) are Figure 2.3-3 Example of Parameter Diagram with Electrical Motor
malfunctioning behaviors or unintended system outputs that divert
system performance from the ideal intended function. For
example, energy associated with a brake system is ideally
transformed into friction. Heat, noise and vibration are examples
2.3.5 Function Analysis
of brake energy diverted outputs. Diverted Outputs may be losses
to thermal radiation, vibration, electrical resistance, flow
restriction, etc. The interactions of the functions of several System elements are
Noise Factors (what interferes with achieving the desired output) to be demonstrated, for example as a function tree/network, or
are parameters which represent potentially significant sources of using the DFMEA form sheet. The focus of the analysis cascades
variation for the system response and cannot be controlled or are from OEM to Tier 1 supplier to Tier N supplier.
not practical to control from the perspective of the engineer. The purpose of creating a function tree/network or function
Noises are described in physical units.
analysis on the DFMEA form sheet is to incorporate the technical
Noise factors are categorized as follows: dependency between the functions. Therefore, it subsequently
supports the visualization of the failure dependencies. When there
. Piece to Piece Variation
is a functional relationship between hierarchically linked functions,
(in a component and interference between components)

-44- -45
 then there is a potential relationship between the associated The function structure can be created in the Function Analysis
failures. Otheruyise, if there is no functional relationship between section:
hierarchically linked functions, there will also be no potential )
relationship between the associated failures. FUNCTTON ANALYSTS (STEP 3)
For the preparation of the function tree/network, the functions that
are involved need to be examined. Sub-functions enable the 1. Next Higher Level 2. Focus Element
performance of an overall function. All sub-functions are linked Function and 3. Next Lower Level Function and
Function and
Requirement Requirement or Characteristic
logically with each other in the function structure (Boolean AND- Requirement
relationships).
A function structure becomes more detailed from top down. The Commutation system
Convert electrical Brush card body transports forces
lower level function describes how the higher level function is to transports the electrical
energy into between spring and motor body to hold
be fulfilled. For the logical linking of a function structure, it is current between coil
mechanical energy
pairs of the the brush spring system inx,y,z
helpful to ask: according to position (support commutating contact
electromagnetic
. "How is the higher level function enabled by lower level parameterization
converter
point) {
functions?" (Top-Down) and
. "Why is the lower level function needed?" (Bottom-Up).
Figure 2.3-5 Example of Function Analysis Form Sheet
The column header numbering (1,2,3) and color coding are
included to help show alignment between the Structure Analysis
Brurh Car* Ea6o Body and associated content of the Function Analysis (see figure 2.9-S)
Functlotl: ln this section you work from left to right answering the question:
Bru*h e6rd bae transpoFta fcre€6
besroen tprlng and motor b6dy to hold "How is the higher levelfunction enabled by lower level
th€ bruEh 6prlng syelem ln x, y, I poiltlon functions?"
(6upport eotriillutallng contset polntl
Cofilnutollon sy$t€m
Functlon:
Carbon Brush 1. Next Higher Level Function and Requirement:
Funcilon: The function in scope of the Analysis.
Coffmutatlon sy6tem trinsForl6 the Carbon brurh transp+rte electrical
ela€trlcsl eurf€nt botwcsn eoll pair€ of
the electro m6gnetie conv€rt€r
curr6nt bstwcan carbon xtrandsd wirs
and cmmutnlcr surfacc 2. Focus Element Function and Requirement:
3ruth Card Ea** Body
The function of the associated System Element (item in focus)
Window Lifter Motar
FunctJon: Funcdon: ,,- identified in the Structure Analysis.
Convert elsctric{l energy into
machanical *nergy scc. lo
parameterization Elrctrornagn*tie convarter
Cerbon Brush 3. Next Lower Level Function and Requirement or Characteristic:
Funcfran: ... The function of the associated Component Element identified
F u ncdon al Raqu lrem e nts : Functlon:
h{ove windowglasa up and Eiectro.mag neiic convertsr transformg in the Structure Analysis.
tiown lvith a defined veiocity Bru6h C.rd Br6e Body
Fune''fat : ...

wl*AT agES lr Bc?

2.3.6 Collaboration between Engineering Teams (Systems,
Safety, and Components)
Engineering teams within the company need to collaborate to
Figure 2.3-4 Example of Function Analysis Structure Tree make sure information is consistent for a project or customer
program especially when multiple DFMEA teams are
simultaneously conducting the technical risk analysis. For
example, a systems group might be developing the design
architecture (structure) and this information would be helpful to the
DFMEA to avoid duplication of work. A safety team may be
working with the customer to understand the safety goals and
hazards. This information would be helpful to the DFMEA to
ensure consistent severity ratings for failure effects.

-46- -47-
 2.3.7 Basis for Failure AnalYsis
Complete definition of functions (in positive words) will lead to a
comprehensive step 4 Failure Analysis because the potential
failuies are ways the functions could fail (in negative words).
Function derive fallur€g

2.4 Design FMEA 4th Step: Failure Analysis

+
2.4.1 Purpose r F F F

The purpose of the Design Failure Analysis is to identify failure t

causes, modes, and effects, and show their relationships to t t t
enable risk assessment. lrilE ,,. +hsrlg"s ov€t ,,, fnaarrfllt{ent fi a* n liqlEr ,,, €x6esl6unlnl*ndsd etuEk Et lev6l .., $roeg
Eudd€nly llmE lsne$tn 6r l$9r€r lercl 'q*ktd*ded fl &a, duJf ttf R" dfrsrtion
The main objectives of a Design Failure Analysis are:
r F=Funetion t-Tirne = required Funsiion :-prrformedFuqction

?
Establishment of the Failure Chain
. Potential Failure Effects, Failure Modes, Failure Causes for -
each product function.
. Collaboration between customer and supplier (Failure Effects)
o Basis for the documentation of failures in the FMEA form
sheet and the Risk AnalYsis steP
Figure 2.4-1 Types of Failure Modes
2.4.2 Failures
Failures of a function are derived from the function descriptions.
There are several types of potentialfailure modes including, but The description of a system and subsystem failure mode is
not limited to: described in terms of functional loss or degradation e.g., steering
turns right when the hand wheel is moved left, as an example of
. Loss of function (e.9. inoperable, fails suddenly) an unintended function. When necessary, the operating condition
o Degradation of function (e.g. performance loss over time) of the vehicle should be included e.g. loss of steering assist during
. lntermittent function (e.9. operation randomly start up or shut down.
starts/stops/starts) A componenVpart failure mode is comprised of a noun and a
o Partialfunction (e.9. performance loss) failure description e.9., seal twisted.
. Unintended function (e.9. operation at the wrong time, It is critical that the description of the failure is clear and
unintended direction, unequal performance) understandable for the person who is intended to read it. A
. Exceeding function (e.9. operation above acceptable statement "not fulfilled," "not OK," "defective," "broken" and so on
threshold) is not sufficient.
e Delayed function (e.9. operation after unintended time More than one failure may be associated with a function.
interval) Therefore, the team should not stop as soon as one failure is
identified. They should ask "how else can this fail?"

-48- -49-
 2.4,4 Failure Effects
a
Z: Environrnental influences, noise factors A Failure Effect is defined as the consequence of a fairure mode.
a Describe effects on the next lever of product integration (internal
or external), the end user who is the vehicle operator (external),
X: lnput
f (X,W,Z)
,/ rrrrrlY:Outputy=f(x)
'*""v Y*: side effects
and government regulations (regulatory) as applicable.
Customer effects should state what the user might notice or
experience including those effects that could impact safety. The
intent is to forecast the failure effects consistent with the team's
W: Controlfactors
level of knowledge. A failure mode can have multiple effects
A flawed input andlor noise factors generate a flawed output and/or the occurrence of
relating to internal and external customers.
intolerable side effects. ln this case, the failure analysis focuses on the system element that
Effects may be shared by oEMs with suppliers and suppliers with
caused the flawed output.
sub-suppliers as part of design collaboration.

y = output The severity of failure effects is evaluated on a ten-point scale

ACIUALsystem behavior according to Table D1.
outside tolerance
+ Examples of failure effects on the end user:

x = input
o No discernible effect
. Poor appearance e.9., unsighfly close-out, color fade,
cosmetic corrosion
Figure 2.4-2 Definition of a Failure
. Noise e.9., misalignment/rub, fluid-borne noise, squeak/ratile,
chirp, and squawk
. Unpleasant odor, rough feel, increased efforts
2.4.3 The Failure Chain r Operation impaired, intermittent, unable to operate, electro-
There are three different aspects of failures analyzed in an FMEA: magnetic incompatibitity (EMC)
. Failure Effect (FE)
. External leak resulting in performance loss, erratic operation,
unstable
o Failure Mode (FM)
. Unable to drive vehicle (walk home)
. Failure Cause (FC)
r Noncompliance with government regulations
o Loss of steering or braking
NOTE ln some cases, the team conducting the analysis may
What happens? not know the end user effect, e.g., catalogue parts, off-
the-shelf products, Tier 3 components. When this
Failure Effect Failure Mode Failure Cause information is not known, the effects should be defined
in terms of the part function and specification. ln these
whv?
cases, the system integrator is responsible for ensuring
the correct part for the application is selected, e.g., auto,
truck, marine, agriculture.
An additional column is shown on the Rating Tables for
: * I "Corporate or Product Line Examples."
I

2.4.5 Failure Mode

Figure 2.4-3 Theoreticalfailure chain model
A Failure Mode is defined as the manner in which an item could
fail to meet or deliver the intended function.
-50- -51 -
 The Failure Modes are derived from the Functions. Failure Modes The Failure Causes can be derived from the Failure modes of the
should be described in technical terms, and not necessarily as next lower level function and requirement and the potential noise
symptoms noticeable by the customer.
) factors (e.9., from a Parameter Diagram).
ln preparing the DFMEA, assume that the design will be Types of potential failure causes could be, but are not limited to:
manufactured and assembled to the design intent' Exceptions can o InadeQuate design for functional performance (e.9., incorrect
be made at the team's discretion where historical data indicates material specified, incorrect geometry, incorrect part selected
deficiencies exist in the manufacturing process. for application, incorrect surface finish specified, inadequate
Examples of component-level failure modes include, but are not travel specification, improper friction material specified,
limited to: insufficient lubrication capability, inadequate design life
assumption, incorrect algorithm, improper maintenance
NOT RECOMMENDED RECOMMENDED
instructions, etc.)
Cracked Component cracked o System interactions (e.9., mechanical interfaces, fluid flow,
Deformed Component deformed heat sources, controller feedback, etc.)

Fractured ComPonent fractured

. Changes over time (e.9., yield, fatigue, material+instability,
creep, wear, corrosion, chemical oxidation, electromigration,
Loose Part loose over-stressing, etc.)
Oxidized Part oxidized . Design inadequate for external environment (e.9., heat, cold,
moisture, vibration, road debris, road salt, etc.)
Sticking Component sticking
. End user error or behavior (e.9., wrong gear used, wrong
Examples of system-level failure modes include, but are not pedal used, excessive speeds, towing, wrong fuel type,
limited to: service damage, etc.)
. Complete fluid loss r Lack of robust design for manufacturing (e.9., part geometry
r Disengages too fast allows part installation backwards or upside down, part lacks
. distinguishing design features, shipping container design
Does not disengage
causes parts to scratch or stick together, part handling
o Does not transmit torque causes damage, etc.)
. Does not hold full torque . Software lssues (e.9., Undefined state, corrupted code/data)
o lnadequate structural support
r Loss of structural support
. No signal / lntermittent signal 2.4.7 Failure Analysis
o Provides too much pressure/signal/voltage Depending on whether the analysis is being done at the system,
. Provides insufficient pressure/signal/voltage sub-system or component level, a failure can be viewed as a
failure effect, failure mode, or failure cause. Failure Modes, Failure
r Unabletowithstand load/temperature/vibration Causes, and Failure Effects should correspond with the respective
column in the FMEA form sheet.
Figure 2.4.-4 shows a cascade of design-related failure modes,
2.4.6 Failure Gause causes, and effects from the vehicle level to the characteristic
A Failure Cause is an indication of why the failure mode could level. The focus element (Failure Mode), Causes, and Effects are
occur. The consequence of a cause is the failure mode. ldentify, different depending on the level of design integration.
to the extent possible, every potential cause for each failure mode. Consequently, a Failure Cause at the OEM becomes a Failure
The consequences of not being robust to noise factors (found on a Mode at a next (Tierl ) level. However, Failure Effects at the
P-Diagram) may also be Failure Causes. The cause should be vehicle level (as perceived by the end user) should be
listed as concisely and completely as possible so that remedial documented when known, but not assumed. Therefore, the
efforts (controls and actions) can be aimed at appropriate causes' communication according to Figure 1.4.-1 should be considered.
Failure Networks may be created by the organization that owns
multiple levels of the design. When multiple organizations are

-52- -53-
 responsible for different levels of the design
they are responsible
to communicate failure effects to the next higher
level as aPProPriate.
or next lower (t Brush Card Base BodY
Function:
Brush card body transports forces between
spring and motor body to hold the brush
spring sYstem in x, Y, z Position
point)
liupport commutatin g contact
Failure:
Brush cald body bends in contact area of
the carbon brush
DfI'TEA Potentlal Failure ileturork and Chain Analttis Window Lifter Motor Commutatlon System
Functlon: Function: Carbon Brush
OFUEA DFilEA DFUEA Convert electrical energY into
DFIrtEA
&raly3is Level ExarnPles Failute ExamPles Commutation system transports the Functian:
at at at at mechanical energy acc. to
Analysis Level electrical current between coil pairs Carbon brush transports electrical current
oEll Level I Level 2 Level 3 parameterization of the electro magnetic converter between carbon stranded wire and
Passenger compartment Comfortclosing Sme too long Fu nctian al Re qu irements :
Itchicle
Failure: commutator surface
Move window gla$s uP and down Angle deviation bY commutation Failure:
with a defined velocity system intermittently connects the Carbon hrush transports too little cutrent
Vlffndow Lifter System lilovlngePeed of wlndowglass Failure: wrong coils (Ll, L3 and L2 instead
Syetem toolow Torque and rolating velocity of the of L{, L2 and L3} Brush Card Base BodY
window lifter motor too low
Function: ...
Slfstem Element

Sub$smElcmeot
FC
Lifter Motor

Commutatioo System
Torque and roteting velocity of
the reindow lifter motor too low

Commutation system
tflhat ? @+ Failure:,.. *

lntetmlttentlY Gonnecb tfi e

FC wrong coils (Ll, LS and l.2 Tree
lnstead oflt, Ul and L3) Figure 2.4-5 Example of Failure Analysis Structure
Focus Element
FC Brush Card Base BodY Brush card body bends ln
Component Element contact area of the carbon brush

Brush Ctrd Ease BodY Too low sttfiie$ in catbon ThefailureStructurecanbecreatedintheFailureAnalysis

(ttedgnl FC brush contectarea
Featrrc characteristk
Charactetlstics section

FATLURE ANALYSIS (STEP 4)

+ d FailureNetwork

Failure Chains
1. Failure Effects (FE)
to the Next Higher Level
Figure 2.4'4 Failure Structure at different levels Element and/or End User
TolinkFailureCause(s)toaFailureMode,thequestionshouldbe Angle deviation bY commutation Brush card body bends in
"Why is the Failure Mode happening?" Torque and rotating velocity
system intermittentlY connects contact area of the carbon
of the window lifter motor too brush
TolinkFailureEffectstoaFailureMode,thequestionshouldbe low the wrong coils (L1, L3 and L2
"What happens in the event of a Failure Mode?" instead of 11, L2 and L3)

Figure 2.4'6 Example of Failure Analysis Form Sheet

Following once again the header numbering

(1' 2' 3) and color
coding, ov in.pr.iing the items in the Function Analysis, begin
building the Failure Chain'
1. Failure Effects (FE):
"Next Higher Level
The effect of failure associated with the
Elementand/orEndUser,'intheFunctionAnalysis,
2. Failure Mode (FM):
"Focus
tne mooe (or iype) of failure associated with the
Element" in the Function Analysis'

-55-
-54-
 2.4.9 Gollaboration between Customer and Supplier (Failure
3. Failure Cause (FC):
The cause of failure associated with the
or Characteristic" in the Function
,.NeXt
Analysis'
Lower Element ffii) l Effects)
The output of the Failure Analysis may be reviewed by customers
and suppliers prior to the Risk Analysis step or after to the Risk
TheStructureAnalysis,FunctionAnalysisandFailureAnalysis Analysis step based on agreements with the customer and need
may Ue documented as in the form sheet below' for sharing with the suPPlier.

2.4.10 Basis for Risk AnalYsis

2.4.8 Failure Analysis Documentation complete definition of potentialfailures will lead to a complete
TheDFMEAFormSheetcanhavemultipleviewsoncethe step 5 Risk Analysis because the rating of severity, occurrence,
StructureAnalysis,FunctionAnalysisandFailureAnalysisare and Detection are based on the failure descriptions. The Risk
complete Analysis may be incomplete if potentialfailures are too vague or
missing.
1. Failure Effects (FE) to the
1. Next Higher Level Function and Next Higher Level Element
1. Next Higher Level Requirement and/or End User

Torque and rotating velocitY

Gonvert electrical energY into
mechanical energY acc. to
Window Lifter Motor
Parameterization
Figure2.4.TViewofProductEndltem.Function.FailureFormSheet
2.5 Design FMEA 5th Step: Risk Analysis
of the window lifter motor too
low
2.5.1 Purpose
The purpose of Design Risk Analysis is to estimate risk by
evaluating Severity, Occurrence and Detection, and prioritize the
need for actions.
The main objectives of the Design Risk Analysis are:
) r Assignment of existing and/or planned controls and rating of
failures

Commutation sYstem transPorts

the electrical current between coil
Commutation SYstem pairs of the electromagnetic
converter
Figure 2.4-8 View of Focus ltem/Element'Function'Failure Form
3. Next Lower Level or 3. Next Lower Level Function and
Characteristic TYPe Requirement or Characteristic
Brush card bodY transPorts forces
between sPring and motor bodY
to hold the brush sPring sYstem in
Brush Card Base BodY x, Y, z Position
(supPort commutating contact
Point)
Form sheet
Figure 2.4-9 View of Lower Level ltem'Function'Failure
-56-
Angle deviation bY . Assignment of Prevention controls to the Failure causes
commutation sYstem
intermittentlY connects the
o Assignment of Detection Controls to the Failure Causes
wrong coils (Ll, L3 and L2
and/or Failure Modes
instead of Ll, L2 and L3) . Rating of severity, occurrence and Detection for each failure
chain
sheet r Evaluation of Action PrioritY
o Collaboration between customer and supplier (Severity)
3. Failure Cause (FC) of the . Basis for the OPtimization steP
Next Lower Element or
Characteristic 2.5.2 Design Controls
Current design controls are proven considerations that have been
established for similar, previous designs' Design control
Brush card bodY bends in documents are a basis for the robustness of the design.
contact area of the carbon Prevention-type controls and detectiontype controls are part of
brush the current library of verification and validation methods.
Prevention controls provide information or guidance that is used
as an input to the design. Detection controls describe established
verification and validation procedures that have been previously
demonstrated to detect the failure, should it occur. Specific
references to design features that act to prevent a failure or line
-57 -
 a credible link
o Shielding or guards which mitigate potential mechanical wear,
items in published test procedures will establish ,(, thermal exposure, or EMC
tn" design control' Those prevention
,ll
between the failure
"nd
and/ordetectionmethodsthatarenecessary'butnotpartofa
. Conformance to best practices
be written as actions
current library of iefineO procedures should After completion of the preventive actions the occurrence is
in the DFMEA. verified by the Detection Control(s).

2.5,3 Gurrent Prevention Controls (PC) 2.5.4 Current Detection Controls (DG)
potential cause which
current Prevention controls describe how a Current Detection Controls detect the existence of a failure cause
and planned
results in the faifure-frloOe is mitigated using.existing or the failure mode before the item is released for production.
activities.Theydescribethebasisfordeterminingtheoccurrence Current Detection Controls that are listed in the FMEA represent
performance
rating. Preveniion Controls relate back to the planned activities (or activities already completed), not potential
requirement. activities which may never actually be conducted.
Foritemswhichhavebeendesignedout-of-contextandare Current Detection controls need to be clearly and
the
purchased as stock or catalog items from a supplier' comprehensively described. Listing a control such ae"Test" or
reference to how
prevention control should document a specific "Lab Test" is not a clear enough indication of a detection control.
to a
the item fulfills G requirement. This may be
a reference References to specific tests, test plans or procedures should be
specification sheet in a catalog' cited as applicable, to indicate that the FMEA team has
and determined that the test will actually detect the failure mode or
Current Prevention controls need to be clearly -
cause, if it occurs (e.9., Test No. 1234 Burst Pressure Test,
comprenensivelydescribed,withreferencescited'lfnecessary' Paragraph 6.1).
thiscanueoonebyreferencetoanadditionaldocument'Listinga
"lessons learned" is not
a
control sucn as;pau"n material" or Examples of Current Detection controls:
clear enough indication' . Function check
TheDFMEAteamshouldalsoconsidermarginofsafetyindesign
as a Prevention control'
Examples of Current Prevention Controls:
l o
o
Burst test
Environmentaltest
. Driving test
rEMCDirectivesadheredto,DirectiveSS/336/EEC o Endurance test
rSystemdesignaccordingtosimulation,tolerancecalculation
establish design
. Range of motion studies
anO proceJu"re - analysiJ of concepts to . Hardware in-the-loop
requirements
o Published design standard for a thread class
. Software inthe-loop

r Heat treat specification on drawing

r Design of experiments

r Sensorperformancespecifications'
. Voltage output lab measurements

o Mechanicalredundancy(fail-safe) All controls that lead to a detection of the failure cause, or the
failure mode are entered into the "Current Detection Controls"
o Design for testabilitY column.
oDesignandMaterialstandards(internalandexternal)
o Documentation (e'g', records of best practices' lessons
learned, etc.) from similar designs
o part geometry prevents
Error-proofing (Poka-Yoke design i'e''
wrong orientation)
oSubstantiallyidenticaltoadesignwhichwasvalidatedfora
pt"uiout rfplication, with documented performance history'
1no*eveilith"r" is a change to the duty cycle or operating
conditions, then the carry-oJer item requires
re-validation in
order for the detection control to be relevant')
-59-
-58-
 Design element
{
ilr" determined
t
2.5.6 Evaluations
Review & reaction
before decision' Each failure mode, cause and effect relationship is assessed to
e.g. CAE. tolsrance study estimate risk. There are rating criteria for the evaluation of risk:

Trial
severity (s): stands for the severity of the failure effect
i: lpc' Ascertain Component' occurrence (o): stands for the occurrence of the failure cause
Theoretical tests and decide product,
e.g. DoE, FEA on design trials
DC:
- Good/Bad insPection Detection (D): stands for the detection of the occurred failure
- lnspection for failures cause and/or failure mode'
- Function test over
service life, Evaluation numbers from 1 to 10 are used for S, O, and D
e.g. trend analysis
respectively, where 10 stands for the highest risk contribution'
Design failure
Time NOTE: lt is not appropriate to compare the ratings of one team's
PC {oreventiv€): Prevention controls
OC iieaotive): Detection controls
FMEA wiin tne ratings of another team's FMEA, even if
the producVprocess appear to be identical, since each
FMEA
Figure 2.5'1 Prevention and Detection in the Design team's environment is unique and thus their respective
individual ratings will be unique (i'e., the ratings are
2.S.SConfirmationofGurrentPreventionandDetection subjective).
Controls
Theeffectivenessofthecurrentprevention'anddetectioncontrols
shouldbeconfirmeo.rnis-cano"oon"duringvalidationteardown 2.5.7 Severity (S)
be documented within the
reviews' Such confirmation can The severity rating (s) is a measure associated with the most
DFMEA,orwithinotherprojectdocuments,lsappropriate,
deveropment procedure. serious failure effect for a given failure mode of the function being
according to the team,s .;;;i froduct are proven not to evaluated. The rating is used to identify priorities relative to the
Additional action may be ;;;"e if the controls { )
scope of an indiviOuit fVER and is determined without regard for
be effective' occurrence or detection.
Theoccurrenceanddetectionevaluationsshouldbereviewed
previous products, due to the severity should be estimated using the criteria in the severity
*n"n'"u"rTng'iMEA entries irom Table tjt. me table may be augmented to include product-
new product'
possibilityof different conditions for the specific examples. The FMEA project team should agree on an
evaluation criteria and rating system, which is consistent even if
Confirm Prevention modified for individual design analysis'

Prevention Detection TheSeverityevaluationsofthefailureeffectsshouldbe

100% transferred by the customer to the supplier, as needed'

Design understanding
SaryPle Time
0i
s------ G alculation New calculation 1 ,
Tests with
:

Simulation New simulation

-i existing samPles
i"
:
:

New experiments *
:

t&-- --'--- DoE

Figure 2.5-2 Roadmap of design understanding

0 -61 -

-60-
 Expertise, data handbooks, warranty databases or other
P rod u ct Ge neral Eva uati on
Gri teri a SeveritY ( s)
Blank until
f 'I experiences in the field of comparable products, for example, can
be consulted for the analysis of the evaluation numbers.
to the criteria below filled in bY user When failure causes are rated for occurrence, it is done taking into
Potenti al Failure Effects rated according account an estimation of the effectiveness of the current
CorPorate or prevention control. The accuracy of this rating depends on how
Product Line wellthe prevention control has been described.
Effect SeveritY criteria
S Exam es
Questions such as the following may be helpfulfor a team when
icle and lo r othe r
Affects safe ope ratio n of the veh trying to determine the appropriate Occurrence rating:
p assenger( S ) o
10 very veh icl ES th e health of d flver or . What is the service history and field experience with similar
road users or NS
High components, subsystems, or systems?
liance with ulations
I Non
necessary for
. ls the item a carryover product or similar to a previous level
Loss of pn ma ry veh icle fu n ctio n item?
d un d servlce life
8 n orm al drivi
High icle fu nction n ecessary
. How significant are changes from a previous lev€l item?
D egradatio n of p ri ma ry VE h
7 for no rmal d NV du cted SE rvi ce life . ls the item completely new?

Loss of second vehi cle function o What is the application or what are the environmental
6 changes?
radation of seconda VE hicle function
5
Moderate sound VI brati on
. Has an engineering analysis (e.9. reliability) been used to
V e ry obj ecti ona ble a ppea rance estimate the expected comparable occurrence rate for the
4 h ars h ne SS o r ha CS
application?
ppeara nC€' sou n d
Mode rate ly ob jecti on abl e a . Have prevention controls been put in place?
3 VI bratio n ha rS h
o r ha
Low nce SO u nd
. Has the robustness of the product been proven during the
S ti ghtly o bje ctio n ab le appeara prod uct development process?
2 vibratio n hars h NCSS or ha

Ve low No discerni ble effect

1

(S)
Table D1 'DFMEA SEVERITY

2.5.8 Occurrence (O)

of the effectiveness of the
The Occurrence rating (O) is a measu.re
rating criteria'
;;;.ti". controt, t'[ing into account the
using the criteria in the
Occurrence ratings should be estimated
Occurrence Table oZ'ir'L t"Ot"
*"y be augmented to include
projeclt"?T tl1{d agree
product-specitic exalrpi"t' in" rMEA
on an evaruation uno rating system, which is consistent,
passenger
Iu* iitoOified for individual design analysis (e'g''
"nt"i,"
car, truck, motorcYcle, etc')'
Theoccurrenceratingnumberisarelativeratingwithinthescope
occurrence'
FMEA and may not reflect the actual
"ith;
Theoccurrenceratingdescribesthepotentialofthefailurecause
to the rating table'
to occur in custome;;p"t;ti"t' accordino controls'
considering r"sutt" oi5rt""JV completedletection

-63-
-62-
 Occurrence Potential (O) for the Product
fo r th e Prod uct
Potenti a F ailu re c a u ses
Occurre nGe Pote ntia
rated accordin g to the criteria bel ow
Gonsider Prod uct
best Occurrence
Blank until
filled in bY
fr I Potential Failure Gauses rated according to the criteria below. Gonsider Product
Experience and Prevention Gontrols when determining the best Occurrence
Blank until
filled in by
Controls when determ ning the user estimate (Qualitative rating). user
Experience and Preve ntion
estimate Corporate or Prediction of Corporate or
Product Line o Failure Cause Occurrence criteria - DFMEA Product Line
Prediction of
Occurrence criteria' DFMEA ExamPles Occurring Examples
o Failure Gause
Occurring Detail changes to previous design, using proven technology and
materials. Similar application, duty cycle or operating conditions.
Previous testing or field experience, or new design with some test
experience related to the failure.
ExtremelY high yet bee n 5
10
Standards do not exist and
best practices have not Design addresses lessons learned from previous designs. Best
not able to pred field
ict Practices re-evaluated for this design but have not yet been
determined Prevention controls
ce or do not exist proven. Prevention controls capable of finding deficiencies in the
product related to the failure cause and provide some indication
Moderate
of performance.
Almost identical design with shortterm field exposure. Similar
9
application, with minor change in duty cycle or operating
to identifY pe rformance to conditions. Previous testing or field experience.
Prevention controls not targeted
ments.
or mate rials on a 4 Predecessor design and changes for new design conform to best
n with technica in novations
First use of des rg
tn d uty cycle practices, standards, and specifications. Prevention controls
or change
Very high new ap pl ication New app ication and/or val id ati o n capable of finding deficiencies in the product related to the failure
p rod uct verification
o perati ng con d ition S No cause and indicate likely design conformance.
experience.
Detail changes to known design (same application, with minor
I
l
applicable change in duty cycle or operating conditions) and testing or field
best practices' not directly
Few existing standards and indicator of field experience under comparable operating conditions, or new
pil,"!"ii"n not a reliable
for this desig
". "onttoit ce. {i 3 Low
design with successfully completed test procedure.

Design expected to conform to Standards and Best Practices,

considering Lessons Learned from previous designs. Prevention
controls capable of finding deficiencies in the product related to
ne the failure cause and predict conformance of production design.
7 desig n ru les apply to the baseli
Stand ard S, best Practices, and prov de Almost identical mature design with long term field exposure.
NS Preve ntion controls
design, but not the innovatio Same application, with comparable duty cycle and operating
limited of
tn g exlsting technologY
a nd conditions. Testing or field experience under comparable
High US
Si mt lar to cycle or operating conditions.
with chang ES tn duty
materi al s. expe rien ce.
testing or field 2 Very low
operating conditions P revious Design expected to conform to standards and best practices,
en sure considering Lessons Learned from previous designs, with
6 exist but a re insufficient to
Stand a rds and design ru les controls provide significant margin of confidence. Prevention controls capable of
occu Prevention
that the fail ure ca use WI il not fai lu re cau se. finding deficiencies in the product related to the failure cause and
some abil to a
indicate confidence in design conformance
Failure eliminated through prevention control and failure cause is
1 Extremely low
not possible bY design
Product Experience: History of product usage within the company (Novelty of design, app lication or use case).
Results of al com eted detection controls nce with the n
Control s: Use of Best Practices for prod uct design Des ig n Rules Co mpa n v Standards, Lessons
Learned, lndustry Standards, Material Specifications, Government Regulations and effectiveness of prevention
oriented analytical tools including ComputerAided Engineering, Math Modeling, Simulation Studies, Tolerance Stacks
and Des n Ma
o1 9 8 Tcand based on uct validation activities.

Table D2 - DFMEA Occurrence (O)

-65-
-64-
 {
I Detection Potential (D) for the Validation of the Product Design
2.5.9 Detection (D)
measure of the Blank until
The Detection rating (D) is an estimated Detection Controls rated according to Detection Method Maturity and
demonstrate the
effectivene$ of tlnJoLtection control to reliably Opportunity for Detection.
filled in by
item is released for
faiture cause ;;f".,lr;; mooe before the user
associated with the
production. rn" J"t""tion rating is the rating
Gorporate or
most effective detection control' Ability to
Detection Method Maturity
Opportunity for
D
Detect Product Line
Detection
Detectionisarelativerating,withinthescopeoftheindividual Examples
FMEAandisdeterminedwithoutregardforseverityor
using the criteria in Test method not
occurrence. o"t""tion should be es[imated 10 Test procedure yet to be developed
with examples of defined
Table D3' Tnis table may be augmented
comp.any The FMEA
common O"t""tion m"tn'oOt used by the Very low Pass-Fail, Test-to-
Test method not designed specifically
projectteamshouldagreeonanevaluationcriteriaandrating
product
for individual
I to detect failure mode or cause.
Fail, Degradation €

system, which is conslstent, even if modified Testing

analYsis'
Pass-Fail, Test-to-
Thedetectionratingisinitiallyapredictionoftheeffectivenessof
verified and
8 New test method; not proven Fail, Degradation
any yet unprou"n Thb effectiveness can be Low Testing
""onirol.
re-evaluateoatterthedetectioncontroliscompleted'However'
7 Proven test method for verification of Pass-Fail Testing
thecompletionorcancellationofadetectioncontrol(suchasa
functionality or validation of
test) may also affect the estimation of occurrence' 6 Test-to-Failure
performance, quality, reliability and
such as the following
ln determining this estimate, questions durability; planned timing is later in the
should be considered: {
t$
Moderate product development cycle such that Degradation
\&
) 5
oWhichtestismosteffectiveindetectingtheFailureCauseor test failures may result in production Testing
delays for re-design and/or re-tooling.
the Failure Mode?
oWhatistheusageProfile/DutyCyclerequireddetectingthe 4 Proven test method for verification of Pass-Fail Testing
failure? functionality or validation of
3
performance, quality, reliability and Test-to-Failure
oWhatsamplesizeisrequiredtodetectthefailure? High
durability; planned timing is sufficient
olsthetestprocedureprovenfordetectingthisCause/Failure Degradation
2 to modify production tools before
Mode? Testing
release for production.
Prior testing confirmed that failure mode or cause cannot
very
1 occur, or detection methods proven to always detect the
high
failure mode or failure cause.

Table D3 - DFMEA DETECTION (D)

2.5.10 Action Priority (AP)

Once the team has completed the initial identification of Failure
Modes, Failure Effects, Failure Causes and controls, including
ratings for severity, occurrence, and detection, they must decide if

I further efforts are needed to reduce the risk. Due to the inherent

-67 -
-66-
 the company, justify and document why
and other factors' they {,
limitations on resources, time' technology' controls are adequate.
must choose how to Oest prioritize
these efforts' )
is introduced in this handbook'
lt Priority Low (L): Low priority for review and action.
The Action Priority (AP) method of S' o' and D' lt was
The team could identify actions to improve
accounts for all 1odft;;;ibie-comoinations first' then occurrence' prevention or detection controls.
on severity
created to give more emphasis
fti;i;lffi the failure-prevention intent of It is recommended that potential Severity 9-10 Failure Effects
then detection' Thi]
high-medium-low priority with Action Priority High and Medium, at a minimum, be
FMEA. The Ap t"b";;?i;a suggested svslem to evaluate action reviewed by management including any recommended
for action. co*punil'";;;" a"Iingte
required from multiple actions that were taken.
priorities instead of muttipte systems
customers. This is not the prioritization of High, Medium, or Low risk, it is
product of S x O x D and range from the prioritization of the actions to reduce risk.
Risk Priority Numbers are the
can provide some information Note:
1 to 1000. The RpN distribution lt may be helpful to include a statement such as "No
about the range ;;t''G, ournpru alone is not an adequate gives further action is needed" in the Remarks field as
"f
method to determin" if'6 n""O
for more actions since RPN appropriate
result in
equalweight to S, d, O' For this reason' RPN could
"O combinations of S' O' and D
similar risk numbe;'f;;;"ty different
how to prioritize' When using
leaving the team un""'t"in lnout
additional method to prioritize
RpN it is ,ecomm";;;;1; ,r" ur,
likeRPNresults,utn"tSxO'TheuseofaRiskPriorityNumber
practice for determining
(RPN) threshold ;;;;'"tott"nd-ed
S x O methods are not
the need tor actions'-fhe npftf and
included in this Publication'
of S and O' S and D'
Risk matrices can represent combinations
provide a visual representation of
and o and D. rn"r"Jr"tiices to )
the results of the and can be used as an input
"t"fytii criteria not
prioritization of aciions based on company-established
included in this Publication'
to work with the Severity'
Since the AP Table was designed
provided in this handbook, if the
occurrence, ano'oetection talbles
organization t" t"Oify the S' O' D' tables for specific
"nool'It oi ptol"tlt' the AP table should also be
products, pro"",'ll,
carefullY reviewed'
rating- tables are the same
for DFMEA
? Note: Action Priority
''"'"' pirt'rEA,'but difterent for FMEA-MSR'
: "ti
Priority Hish (H): ft:ifi':"l
fl,tJtee'j#'ioJxyd;l1:':ili?Y
appropriate a"tion to improve. Prevention
Detection Controls or justify and
"itbloi are
Jocument whY current controls
adequate'

Priority Medium'- (M): Medium priority for review and^action'

'---' Th" team should identify appropriate
and / or
actions to lmprove prevention
of
detection controls, or, at the discretion

-69-
-68-
 Prediction of ACTION
Action PrioritY (AP) for DFMEA and PFMEA
Blank until
f Effect S Failure Cause
Occurrinq
o Ability to Detect D PRIORITY
(AP)
Gomments
Occu rrence and D etection rati ngs
n
PrioritY ts based on com b inations of Severity filled in bY Low - Very low 7-10 H
order to actions for n sk reduction.
ACTION Moderate 5-6 H
Prediction of Gomments Very high 0
o AbilitY to Detect D PRIORITY B-1
Effect S Failure Gause High 2-4 M
Very high 1 M
Low - Very low 7-10 H
Low - Very low 7-10 M
Moderate 5-6 H
Very high 8-1 0 Moderate 5-6 M
High 2-4 H High 6-7
High 2-4 M
Very high 1 H
Very high 1 L
7-10 H Product or
Low - low Low - Very low 7-10 M
Plant Effect 4-6
Moderate 5-6 H Moderate Moderate 5-6 L
High 6-7 2-4 H Moderate 4-5
High High 2-4 L*
Very high 1 H
Very high 1 L
Product or Plant 9-1 0 Low - Very low 7-10 H
Low - Very low 7-10 L
Effect Very high 5-6 H
Moderate Moderate 5-6 L
Moderate 4-5 2-4 H Low 2-3
H h High 2-4 L
Very high I M
Very high 1 L
Low - Very low 7-10 H
Very low 1 Very high - Very low 1-10 L
Moderate 5-6 M
Low - Very low 7-10 M
Low 2-3 2-4 L
High 5-6
Moderate M
Very high 1 L 0 ) Very high B-10
High 2-4 L
Very hig h - Very low 1-10 L
Very low 1
Very high 1 L
Low - Very low 7-10 H
Low - Very low 7-10 L
Moderate 5-6 H
Moderate 5-6 L
Very high 8-10 2-4 H High 6-7
High High 2-4 L
Very high 1 H
Very high 1 L
H Product or
Low - Very low 7-10 7-10
Plant Effect 2-3 Low - Very low L
Moderate 5-6 H Low Moderate 5-6 L
High 6-7 H Moderate 4-5
High 2-4 High 2-4 L
Very high 1 M
Very high 1 L
Product or Plant Low - Very low 7-10 H
7-B Low - Very low 7-10 L
Effect High Moderate 5-6 M
Moderate 5-6 L
Moderate 4-5 2-4 M Low 2-3
High High 2-4 L
Very hi h 1 M
Very high 1 L
Low - Very low 7-10 M
Very low 1 Very high - Very low 1-10 L
Moderate 5-6 M
Low 2-3 No discernible Very low - 1-10 L
h 2-4 L 1 1-10 Very high - Very low
Effect Very high
Very 1 L

Very low 1 Very high - Very low 1-10 L

I Table AP - ACTION PRIORITY FOR DFMEA and PFMEA

-71 -
-70 -
 f design team communicates the associated risk of making
product characteristics out of specification the process
team can build in the appropriate level of prevention and
DFMEA RlsK ANALYSIS (STEP 5) detection controls in manufacturing. Reference PFMEA
FATLURE ANALYSIS (STEP 4) Section 3.4 for more information.
6c
1. Failure o
Effects (FE)
o 2.5.12 Basis for Optimization
o
to the Next o The output of Steps 1,2,3,4, and 5 of the 7-step FMEA process
E
Higher Level o
O is used to determine if additional design or testing action is
Element L
needed. The design reviews, customer reviews, management
o
and/or =
iI reviews, and cross-functional team meetings lead to Step 6
End User Optimization.
Simulation 2 Sample test: 2 L
6 Brush card *
Torque and Angle deviation bY of dynamic measuring the
rotating commutation sYstem body bends in forces on elastics and
contact area brush card plastic
velocity of the intermittentlY
of the carbon body acc. deformation 2.6 Design FMEA 6th Step: Optimization
window lifter connects the wrong
FEM 6370 effects of b
motor too low coils (Ll, L3 and L2 brush
card body acc. 2.6.1 Purpose
instead of L1, L2 test spec.
and L3) The purpose of the Design Optimization is to determine actions to
MRJ82/60
mitigate risk and assess the effectiveness of those actions.
The main objectives of a Design Optimization are:
Figure2.5.3ExampleofDFMEARiskAnalysisFormSheet
r ldentification of the actions necessary to reduce risks
) . Assignment of responsibilities and deadlines for action
2.5.11 Gollaboration between Customer and Supplier implementation
(SeveritY) o lmplementation and documentation of actions taken including
understanding confirmation of the effectiveness of the implemented actions
The output of the Risk Analysis creates the mutual and assessment of risk after actions taken
Irlethods of
of technical risk between customers and suppliers'
collaboration |,"nd irom verbal to formal reports.
The amount of . Collaboration between the FMEA team, management,
project, company customers, and suppliers regarding potential failures
information shareld is based on the needs of a
policy,contractualagreements,andsoon'Theinformationshared . Basis for refinement of the product requirements and
b"p"no, on the plac-ement of the company in the supply chain. prevention and detection controls
Some examPles are listed below' The primary objective of Design Optimization is to develop actions
1'TheoEMmaycomparedesignfunctio-ns,failureeffects, that reduce risk and increase customer satisfaction by improving
andseverityfromavehicle-levelDFMEAwiththeTierl the design. ln this step, the team reviews the results of the risk
suPPlier DFMEA. analysis and assigns actions to lower the likelihood of occurrence
of the Failure Cause or increase the robustness of the Detection
2'TheTierlsuppliermaycomparedesignfunctions,failure
the Control to detect the Failure Cause or Failure Mode. Actions may
with
effects, and severity from a subsystem DFMEA also be assigned which improve the design but do not necessarily
Tier 2 supplier who has design responsibility'
lower the risk assessment rating. Actions represent a commitment
3.TheTierlsuppliercommunicatesnecessaryinformation to take a specific, measurable, and achievable action, not
about producicharacteristics on product drawings
and/or potential actions which may never be implemented. Actions are
specifications,orothermeans,includingdesignationof not intended to be used for activities that are already planned as
standardorspecialcharacteristicsandseverity.This these are documented in the Prevention or Detection Controls and
informationisusedaSaninputtotheTier2supplier are already considered in the initial risk analysis.
pFMEA as well as the Tier i's internal PFMEA. When the

-73 -
-72 -
 Gompleted
are necessary' "No
lf the team decides that no further 9"11oltRemarks field to show firr Completed actions have been implemented and their
in the
further action i, n""l$JiI *iitt"n effectiveness has been demonstrated and documented. A
the rist< analYsis was comPleted' final evaluation has been done.
to
assess technical risks related
The DFMEA should be used to Not lmplemented
design'
continuous improvement of the
in the following order: Not lmplemented status is assigned when a decision is
The optimization is most effective made not to implement an action. This may occur when
or mitigate a Failure Effect
. Design modifications to eliminate risks related to practical and technical limitations are
(FE). beyond current caPabilities.
the Occurrence (O) of the
o Design modifications to reduce The FMEA is not considered "complete" until the team assesses
Failure Cause (FC) each item's Action Priority and either accepts the level of risk or
for the Failure Cause (FC)
e lncrease the Detection (D) abitity documents closure of all actions.
or Failure Mode (FM)' lf "No Action Taken," then Action Priority is not reducpd, and the
all impacted design
o ln the case of design modifications' risk of failure is carried forward into the product design. Actions
elements are evaluated again' are open loops that need to be closed in writing.
all steps of the Flt4EA are
ln the case of concept modifications'
reviewedtortneatrettedsectionr.initisnecessarybecausethe 2.6.4 Assessment of Action Effectiveness
it was based upon a
valid since
original anatysl; ;;'lo;g"r when an action has been completed, occurrence and Detection
different design concePt' values are reassessed, and a new Action Priority may be
determined.
2.6.2 Assignment of Responsibilities The new action receives a preliminary Action Priority rating as a
EachactionshouldhavearesponsibleindividualandaTarget
it' prediction of effectiveness.
with
Compietion Date (TCD) associated
However, the status of the action remains "implementation
Theresponsiblepersone.nsurestheactionstatusis.updated.lf pending" until the effectiveness has been tested. After the tests
person is also responsible for the
the action is coniirmed this are finalized the preliminary rating has to be confirmed or adapted,
action imPlementation' when indicated. The status of the action is then changed from
"implementation pending" to "completed."
TheActualCompletionDateforPreventiveandDetectionActions
isdocumentedincludingthedatetheactionsareimplemented. The reassessment should be based on the effectiveness of the
TargetCompletionDatesshouldberealistic(i'e"inaccordance Preventive and Detection Actions taken and the new values are
plan, prior to process validation' based on the definitions in the Design FMEA Occurrence and
with the proou".i"i"u"roprn"nt
Detection rating tables.
Prior to start of Production)'

2.6.3 Status of the Actions 2.6.5 Gontinual lmProvement

Suggested levels for Status of
Actions: The DFMEA serves as an historical record for the design.
Therefore, the original Severity, Occurrence, and Detection (S, O,
OPen D) numbers need to be visible or at a minimum available and
No action defined' accessible as part of version history. The completed analysis
becomes a repository to capture the progression of design
Decision Pending (oPtional) decisions and design refinements' However, original S, O, D
yet been
The action has been defined but has not
--'o""iO"O ratings may be modified for foundation, family or generic DFMEAS
is being created'
on. A decision paper because the information is used as a starting point for an
application-specific analysis.
lmplementation pending (optional)
but not yet implemented
The action has been decided on

-75 -
-74 -
 DFMEA RISK ANALYSIS (STEP 5) DFMEA OPTlMlzATloN (STEP 6)
o) o
a (u C
E 7o o '6
(L
o)
o o c (E
.E o -q)
t9 o
o.
o
o
(Lo)
-9
o ';b tr
o
oE o
o)
E -o(u
az E
o
o
a ei
-E)
-g
o.
o
o co
o
o
c)
fB E
o
o
o a ct) o
o
=
IL x. (5
F o

Test dd.mm. planned 6 2 1 L

Simulation of 2 Sample test: 2 L None Final
measuring the product Engineer vvyy
dynamic
elastics and test: Mr. Max
forces on
plastic measuring Mueller
brush card
body acc. deformation the current
FEM 6370 effects of brush under
card body acc. worst case
test spec. conditions
MRJ82/60 acc. Test
spec.
MRJ1140

Figure 2.6-l Example of DFMEA Optimization with new Risk Evaluation Form Sheet

2.6.6 Gollaboration between the FMEA team, Management,

Gustomers, and suppliers regarding Potential Failures
Communication between the FMEA team, management,
customers and suppliers during the development of the technical
risk analysis and/orwhen the DFMEA is initially complete brings
people together to improve their understanding of product
iunctions Lnd failures. ln this way, there is a transfer of knowledge
that promotes risk reduction.

2.7 Design FMEA 7th Step: Results Documentation

2.7.1 Purpose
The purpose of the Results Documentation step is to summarize
and communicate the results of the FMEA activity'
The main objectives of Design Results Documentation are:
o communication of results and conclusions of the analysis
r Establishment of the content of the documentation

-76-

I
 3 EXECUTTON OF THE PROCESS FMEA (PFMEA)
)
3.1 Process FMEA 1st Step: Planning and Preparation
3.1.1 Purpose
The purpose of the Process Planning and Preparation Step is to
describe what producUprocesses are to be included or excluded
for review in the PFMEA project.
The process takes into account that all processes within the
facility can be analyzed or reanalyzed using PFMEA. This process
allows an organization to review all processes at a high level and
to make a final determination for which processes will be
analyzed. The overall advantage of Preparation is tofocus
resources on processes with the highest priority.
The main objectives of the Process Planning and Preparation
Step are:
. Projectidentification
. Project plan: lnTent, Timing, Team, Tasks, Tools (5T)
. Analysis boundaries: What is included and excluded from the
analysis
. ldentification of baseline FMEA with lessons learned
) o Basis for the Structure Analysis step

3.1.2 PFMEA Project ldentification and Boundaries

PFMEA Project identification includes a clear understanding of
what needs to be evaluated. This involves a decision-making
process to define the PFMEAs that are needed for a customer
program. What to exclude can be just as important as what to
include in the analysis.
Below are some basic questions that help identify PFMEA
projects.
o What is the customer buying from us?
. Are there new requirements?
o What specific process/elements cause a risk in imparting the
requ remenUcharacteristic?
i

. Does the customer or company require a PFMEA?

. Do we make the product and have design control?
o Do we buy the product and still have design control?
o Do we buy the product and do not have design control?
o Who is responsible for the interface design?
e Do we need a system, subsystem, component, or other level
of analysis?

-79 -
 Answers to these questions and others
help create the list;i#M;A projecls
defined by the company
needed' The PFMEA
commitment and focus'
f )
Planning and Preparation: All piocesses L€vel

& Delivsry
Plannlng and Preparation: Department Levets

project list assures toititt"nt direction'

R@t Ca6t
'Odleol
Eeteriw Osttlos ot Oet@tllr-
Ptodid A@s*tfilarif
defining PFMEA boundaries' Maintenance
The following may assist the team in *1mYa.
Savodty
0/10?No -s 4wd ' Osdtol[.st DefsotlvePrE{tuct 8€vedry Rant grt4? Yca
- OP 4{t Wortlrlabllation (Part R€plgcemeno
as available:
o Legal requirements I
o Technicalrequirements \
Structure Analysis: Process Structure Planning and Freparationt Assembly Line Level
(external and internal {
r Customerwants/needs/expectation - ;fii;fiot-;
L4
I
-i
:* 6.bC
rE!+@ l
Electrical Motot
I I
customers) A68embly Line
[Fq.l rE:]
. RequirementssPecification
r Diagrams (Block/Boundary/System)
t
I
. Schematics, drawings, and/or 3D models
I l*
b:-
!

r Bill of Materials (BOM), Risk Assessment t

. Previous FMEA for similar products lovel

oErrorproofingrequirements,DesignforManufacturabilityand
AssemblY (DFM/A)
Figure 3.1-l Demonstration of the process for narrowing the Preparation
. QFD QualitY Function DePloYment The following may be considered in defining the scope of the
Preparationneedstobeestablishedatthestartoftheprocessto PFMEA, as appropriate:
assure consistent diiection and focus'
e'g'' an entire process line'
o Novelty of technology / degree of innovation
process item / Process element'
progY:1,::ality and . Quality/Reliability History (ln-house, zero mileage, field
Processes within the plant that can impactthe ) failures, warranty and policy claims for similar products)
include: recelvlng
;u;G considered for PFMEA analysisproduct a,n$ . Complexity of Design
processes, part and material storage' laterial
delivery, rnanrtu"iuting,
pabkaging' labeling' completed . Safety of people and systems
"tt"tnoty'
product transportatlon, itot"g", maintenance
processes' detection
. Cyber-Physical System (including cybersecurity)
and rework and repair processes' etc'
Fio""tt"t . Legal Compliance
o Catalog and standard parts
Items that may assist in determining whether an existing PFMEA
should be included in the final scope:
. New development of products and processes.
. Changes to products or processes
. Changes to the operating conditions
. Changed requirements (laws/regulations, standards/norms,
customers, state of the art)
r Manufacturing experience, 0 km issues, or field issues /
Warranty
. Process failures that may result in hazards
o Findings due to internal product monitoring
. Ergonomic issues
. Continuouslmprovement

-81 -
-80-
 Gompany Name: Name of Company Responsible of PFMEA
) Manufacturing Location: Geographical Location
Customer Name: Name of Customer(s) or Product Family
Model Year / Program(s): Customer Application or Company
Model/Style
Subject: Name of PFMEA project
PFMEA Start Date: Start Date
PFMEA Revision Date: Latest Revision Date
Gross-Functional Team: Team: Team Roster needed
PFMEA lD Number: Determined by Company
Process Responsibility: Name of PFMEA owner s

Confidentiality Level: Business Use, Proprietary, Confidential

Exarn,ple,: Procees Failure,Mode and Effects Analysis {Process FMEA}

Planning and Preparation {Step 1}
company lrlame: AcmeAutomolive subject: PX123 Manual
ColumnAssembly
Manufacturing Plant 6, Saginaw, PFilEA Start 19-Mar-20'18
PFTEA ID 654'321
Michigan
Location: Date: Number:
Customer Name: Jackson lndustry PFMEA Revision 2$Sep2018 Procees B. Black

) Date: Responsiblllty:
Model Year{s) / 2020 PX123 Eee Team List Confidential
Cross Functonal Confidentiality
Program(s): Tearn: Level:

Figure 3.1-2 Example of Gompleted PFMEA Header Preparation (Step 1)

3.2 Process FMEA 2nd Step: Structure Analysis

3.2.1 Purpose
fhe purpose of Process Structure Analysis is to identify and
breakdown the manufacturing system into Process items, Process
steps, and Process Work Elements.
fhe main objectives of a Process Structure Analysis are:
o Visualization of the analysis scope
e Structure tree or equivalent: process flow diagram
o ldentification of process steps and sub-steps
. Collaboration between customer and supplier engineering

I
teams (interface responsibilities)
o Basis for the Function Analysis step

-83-
 ProdscUProcess Process Step/Statlon 4ll Elamentg
Tree helps define the
A Process Flow Diagram or a Structure ll*rn- kchine. lld.tiaL Environ&dl

process proto?iil" o"tit for Structure Analysis' Formatstype

symbol
uv.J*plnv inJuoing the use of symbols'
may vary"no
to represent the
[oP 101 Greasing Process (bearing shaft)
op.rator
and their ,""nin5]n'p;;;;; FMEA
is intended Flow
"walking the process"' Greasing Device
process tfow as'it"physically exists.when IOP 201 Greasing Process {geat wheel)
the process. Function Greage
describing tne irovl oi ine pioouct through
I structu re Analysis (step
Anatysis tste p'i"l'sriori J nor o"gi n u nti
EnvironMent {...1

2) is comPlete.
Line
ffi Operalor

Press lllachine
IOP 30i Sintered
gearing Press-in Process
3.2.2 Process Flow Diagram Sintered Eearing

AProcessFlowDiagramisatoolthatcanbeusedaSaninputto
IOP {01 Gear Cover ass€mbly Process
the Structure AnalYsis'
lncoming insPection for
production components loP...l ...
q
Transport comPonents from
warehouse to Production line
Figure 3.2-2 Example of Structure Analysis Structure Tree (Electrical Motor Assembly Line)
IOP 101 Grease bearing shaft
The Process ltem of the PFMEA is the highest level of the
gear wheel structure tree or process flow diagram and PFMEA. This can also
IOP 201 Grease
be considered the end result of all of the successfully completed
Transport Process Steps.

IOP 301 Press sintered

bearing
into housing

Transport
)
IOP 401 Gear cover
assemblY i;i:::iii*1;ljfi;i$*i;#
Transport
A $orage

o Operabon

toP...1...
o Test Chsracterisgc

Assembl, lns'ection L_/ TransPort

rlirf; Electrical Motor
store parts to be shipped to customer Assembly Line

Figure 3.2'1 Process Flow Diagram Figure 3.2-3 Process ltem

The Process Step is the focus of the analysis. Process Step is a

manufacturing operation or station.
3.2.3 Structure Tree
hierarchically and
The structure tree arranges system elements
connections. This
illustrates the dependeniy via the structural
an understanding of the relationships
;;6;Gtil.tu16 urio*s fbr Process Work
["t*""n Process ltems, Process Steps andthat will later have
Ei"r""t". Each of th"r" is a building block
functions and failures added'

I -85-
-84-
 STRUGTURE ANALYSIS (STEP 2)
Process StePlStation
) 1. Process ltem
101 Greasing Process (bearing shaft) Systern, $ubsystem,
loP
Part Elernent or
Proceqs Flow Name of Process
+ Operator
Electrical Motor Assy IOP 30] Sintered Bearing
201 Greasing Process {gear
wheel} Line Press-ln Process
loP
'tOP 301 Sintered Bearing Press Machine
Electrical Motor Assy
Line Press-ln Process
I ffi
Press'in Process Example of Structure Analysis Form Sheet ri
loP 30t Sintered Bearing Figure 3.2-5

1 Process ltem:
I The highest level of integration within the scope of
assembly Process analysis.
tOP 401 Gear Gover
I 2 Process Step:
I
* The element in focus. This is the item that is topic of
consideration of the failure chain.
toP...1... 3. Process Work Element:
) The element that is the next level down the structure from
Figure 3'2'4 Process StePs
the focus element.
TheProcessWorkElementisthelowestleveloftheprocessflow
name of a main
or structure tree. fa-cn'wort< etement
is the 3.2,4 Gollaboration between Gustomer and Supplier
impact the process step' eng i neeri g teams (i nterface responsi bi I ities)
;a;il"i fotentiaicauses that could 5M'
n

The number ot categJi"t t"v uury

by company' ( 1Y'
"'9.' A The output of the structure Analysis (visualization of the process
6M, etc. and is .ori''onf' caffeO
the tinifawa Approach')
flow) provides a toolfor collaboration between customers and
rt"p tuy have one or more categories.with^each-
ffi;;; n#ito s"9Ji.1! +:z Failure Cause for
suppliers (including machine suppliers) during technical reviews of
analyzed separatetyl the process design and/or PFMEA project.
approach is used to identify
more information aLouihow the 4M
Failure Causes. 3.2.5 Basis for Function AnalYsis
4M Cateoories: The information defined during step 2 Structure Analysis will be
lvlachine used to develop Step 3 Function Analysis. lf process elements
Man
(operations) are missing from the structure Analysis they will also
M'aterial (lndirect) be missing from the Function Analysis.
EnvironMent (Milieu)

Method
Measurement

-87 -
-86-
 Note: The negative of these will be the Failure Modes

3.3 Process FMEA 3rd Step: Function

Analysis f )
3.3.1 PurPose
Example: Press in sintered bearing to pole housing
Analysis is to ensure that The Function of the Process Work Element reflects the
The purpose of the Process Function
of the producvprocess are contribution to the Process Step to create the process / product
the intendeo tunctions/requirements
features.
aPProPriatelY allocated'
The main objectives of a Process
Function Analysis are: I Note: The negative of these will be the Failure Causes'
I

. process functions
Visualization of product or
. Function tree/net or equivalent
process flow diagram Example: Get sintered bearing from chute manually

.Associationofrequirementsorcharacteristicstofunctions
teams (systems' safety'
. Collaboration between engineering Example: Press force to press sintered bearing into pole
and comPonents) housing *

. Basis for the Failure Analysis

step
For the logical linking of a function and structure, questions are
asked as:
3.3.2 Function "What does it do?"
proces.s item or process step is
A function describes what the
intended to do. fn""*"V-n" i"ott than one function for each How to achieve the product / process requirements - from
right to left
process item or Process steP'
Prior to beginning the Function
Analysis' information to,be - (Process ltem -+ Process Step -+ Process Work Element)
limited to; product and process
oathered could incluJ" nuiir not ri n g "How?"
i;ild;:, ;;;';i;;"'s req u i reme nts' man uractu
occu pationalgl opgrator Why implement the product / process requirements - from
envi ronment cond itioni, cycle'time'
impact' etc' This information is left to right
safety requirement,l
"-nu-''t*tentaifunctions and requirements
important in defining tl;;;po;itive" (Process Work Element -+ Process Step -+ Process ltem)
n"LO"O for the Functional Analysis'
to be clear'
The description of a Function needs
Therecommendedphraseformatistouseanactionverbfollowed 3.3.3 Requirement(s) (Gharacteristics)
function ('DO THIS"
process
by a l to describe the measurable A Characteristic is a distinguishing feature (or quantifiable
..TO THIS").
attribute) of a product. For example, a diameter or surface
TENSE; it uses the verb's finishes. For PFMEA, Requirements are described in terms of
A Function should be in the PRESENT
control' assemble' transfer)' Product Characteristics and Process Characteristics.
base form (e.g., oeiiJet, Lontuin'
pin' weld bracket
Examples: Drill hole, apply glue' insert I t,tote: The negative of these will be the Failure Mode and the
begins at a high level and I Failure Cause.
The Function of the Process ltem I
pro"ces; Io.r in the Siructure Analysis' As a high- A Product Characteristic (Requirement) is related to the
references tne
account functions such as: performance of a process function and can be judged or
level description, it can take into
lnternal function, function' customer related function measured. A product characteristic is shown on a product drawing
"*t"'naf or specification document e.g., Geometry, Material, Surface
and/or end user function'
the Failure Effects' Finish, Coatings, etc. Process functions create product
! Note: The negative of these will be characteristics. The design documents comprehend legal
t
requirements (e.g. lead-free material), industry requirements (e.g'
thread class), customer requirements (e.9., quantity), and internal
ExamPle: Assemble comPonents
requirements (e.g. part cleanliness). Product characteristics can
TheFunctionoftheProcessStepdescribestheresultingproduct
features Produced at the station
I be measured after the product has been made (e'9., gap). Product
-89-
-88-
 requirements"e'g'' Process Flow Process Noise Factors {4M} Core Process
Characteristics can come from performance (Process Parameter)
wipers)' ln these 9"-t?t: 11" { ) - Transport Man Machine Material EnvironMent A delined core
legal (performance
"t"*itOtni"ld shoutd be listed, followed by
measurabte proOuciCnurl"i"iirti.
-
-
Part Supply
Assembly
e.g.:
- Operator
e.t.:
Wear
e.g.:
- Supplied part - Temperature
prqcess require
a specific
Spline Over-pin Diameter proce5S
the perform"n." n"qi,'ir"tlnt, e-g., - Change over behavior Repair quality or
defiritlon.
XYZ)' The specific . TPM variation
(Government Winosn-ierJ Wp"t R6gulation
the PFMEA form sheet'
iu"ntit"tiu" value it optiontf for

? #
lnput lntended output
Product Characteristics :
Components: Process Assembly;

r May be derived from various sources'

external and internal e.g. Sinter gearing, Pole
Er| Press in Sint€red Eearing in Pole Pole Housing with

t
Housing housing until defined position assembled sinter Bearint
\.
Legal requirements:
. Compliance with designated hea,lth & safety and
environmental protection regulations
\..F Unintended
output
Process Function & Requirement to the Product: lmpacted or changed Product Generic Process
lndustry Norms and Standards: Product Characteristics/ (lnterface to Design) Characteristics Requirements
Requirements e.g. e.g. e.g. *'
olSOg00l,VDAVolume6Part3'ProcessAudit'SAEJ1739 - Axial position rintered - lmpact to components due to part - lnner diameter of sinter Bearing - Target Cycle Time
bearing in pole housin6 handllng or press in forces - Surface o{ Bearing seat in housing . OEE
- Force fit of sint€red - distinctness of components - Scalability
Gustomer Requirements :
bearing and pole - Operator safety (sharp edges) - Health & Safety Req.
. According to customer specifications'
e'g' adherence to housing

provision of product(s) in
required qr"riii, tunut"ltut" a.nd
time x and quantity y (output z/hou$ Figure 3.3-l Example of Parameter Diagram of Press in Sintered Bearing
lnternal Requirements:
in process cycle, com.pliance with
. Manufacture of the product,(e.g,.
expected pd;;i# .oiir {acilities availability, limited 3.3.4 Visualization of functional relationships
rejects, no work)' pioduction system principles' )
"otl.tiue The interaction of process item functions, process step functions
pio*tt quality and cleanliness instructions
and process work element functions may be visualized as function
Process Gharacteristics : network, function structure, function tree, and/or function analysis
depending on the software tool used to perform the PFMEA. For
.AProcesscharacteristicistheprocesscontrolthatensures
by the p-roc.ess' lt may example, Function Analysis is contained in the Form Sheet to
the Product Cnui'"t"tittic is achieved perform the PFMEA.
beshownon-manutacturingdrawingsorspecifications jnstructions'
(including op"t"to' *ork inltructions' set-up
n g verif ication proced u res'
etc' )' P rocess
while the product is being
characteristiJr'."n 6" measured
"rror-pro-ofi
value is
quantitative
made t"'g., pi;force)' The specific
oPtionalfor the PFMEA form sheet'

rl
t
-91 -
-90-
 3.3.5 Gollaboration between Engineering Teams (Systems,
oo€r6tof
Pioceee Functlon: -
( tl SafetY, and ComPonents)
;;;;''p,;;;;ths butron or ftbchine tor
I#""i"girtt p'"Es'ir\ Proe when
eEs loadlng Engineering teams within the company need to collaborate to
ir eomPl6ted make sure information is consistent for a project or customer
Op€ratot program especially when multiple PFMEA teams are
pimers Functlon:
ijil'r"ii,' t"i-* trniered bearing f rom shut simultaneously conducting the technical risk analysis. For
prostjn 6hrtt until iho
iffi Jut'n f, t"t" the
example, design information from systems, safety, and/or
uppet *top
component groups helps the PFMEA team understand the
Presr llachlne
Fr@68 Functlon: functions of the product they manufacture. This collaboration may
lo the
B€sring PrsseJn Procssa
iiJ"ttrn".rig"" *lntsred bsarlRg be verbal (program meetings) or written as a summary'
IOP 30i Sintcred bearlng 6set ln Polg houEing
Lina
El€ctrie6l ltlotct A66e$bly
t Frmess Function:
Pr0e€Eg Funetl6n ;llli u""dns r" achiavo axiar Pra66 tiachlRe
Funetion:
-ilfi;;;;;i;;; 3.3.6 Basis for Failure AnalYsis
in potu housing to max gsp P€r -.
ProcoEg
4f 6hafI lnlo Potg ';;i;iJi"J ths 6intcred bsari$s to ths
AsserrtbtY
- po"ition
houslng asse{ri,blr Print b€avinq EcEt 1n Pol6 houslng complete definition of process functions (in positive words) will
Fre36 ll.ehlnq lead to a comprehensive Step 4 Failure Analysis beqpuse the
Pr6e66& Fun€lioR:
ii"lr,r-o-" oi"*""t ln the Elntered bssrldg potential failures are ways the functions could fail (in negative
ffi;il; #;il;at in Porc h6$6rns uhtrl
words).
tho defin€d 6xial Po€llion
nEl{r*r BOES TT Eg?
PleiE Itachine
3.4 Process FMEA 4th Step: Failure Analysis
3.4.1 PurPose
Structure Tree ,The purpose of the Process Failure Analysis is to identify failure
Figure 3.3'2 Example of Function Analysis
causes, modes, and effects, and show their relationships to
enable risk assessment.
) The main objectives of a Process Failure Analysis are:
Function of the Process
1. Function of the Process
ltem
a nd Product Characteristic
o Establishment of the Failure Chain
Function of SYstem, SubsYstem' ntitative value is optional) o Potential Failure Effects, Failure Modes, Failure Causes for
(Qua
Part Element or Process

*#f;f;"r shan into Pole

Press in sintered bearing to
achieve axial Position in Pole
housing to max gap Per Print
Machine presses sintered.
bearing i nto the Pole houslng
seat unti Ithe defined axial
? .
o
each process function.
ldentification of process failure causes using a fishbone
diagram (4M) or failure network
Collaboration between customer and supplier (Failure Effects)
housing assembly position
Ship to Plant: . Basis for the documentation of failures in the FMEA form
iGm--blyof motor to vehicle sheet and the Risk AnalYsis steP
door A failure analysis is performed for each elemenUstep in the
End User: process description (Structure Analysis/Step 2 and Function
Window rai SC s and lowers Analysis/Step 3).
Form Sheet
Figure 3.3'3 Example of Function Analysis
3,4.2 Failures
(1' 2' 3) and color coding are
The column header numberinq Failures of a process step are deduced from product and process
includedtohelpshowalig-n'Jnio"t*""ntheStructureAnalysis this section characteristics. Examples include:
and associated content of
th;F;;ction Analysis. ln"How is the
Vou *o'il'orn feft to rignt tnt*"iing the
question: . non-conformities
h gher r"""ii"tti""
i
eiaoteJny lovver evel f unctions?" I
. inconsistently or partially executed tasks
o unintentionalactivity

I
I o uohec€ssary activity

-93-
-92-
 2 Shipto plant: the effect of the failure mode assuming the
3.4.3 The Failure Ghain {
\
) defect is not detected before shipping to the next plant
aspects to be considered (what action will the next plant take, e.9., sort)
For a specific failure, there are three
o Failure Effect (FE) 3 End user: the effect of the process item effect (what will the
end user notice, feel, hear, smell, etc., e.9., window raises
. Failure Mode (FM) too slow)
r Failure Cause (FC)

The following questions should be asked to help determine the

potential impact of failure effects:
1. Does the failure mode physically impact downstream
processing or cause potential harm to equipment or
What haPPens? operators?

Failure Mode ilure Cause This includes an inability to assemble or joinJo a mating
Failure Effect component at any subsequent customer's facility.
whv? lf so, then identify the manufacturing impact "Your Plant"
and/or "ship-to plant" in the PFMEA. lf not, then go to
question 2.
Examples could include:
. Unable to assemble at operation x
o Unable to attach at customer facility
o Unable to connect at customer facility
( r Cannot bore at operation x
model
Figure 3.4-1 Theoreticalfailure chain . Causes excessive tool wear at operation x

3.4.4 Failure Effects . Damages equipment at operation x

of the process item . Endangers operator at customer facility
Failure Effects are related to functions
of Process)' Failure
(System, SrotGiem, iln Element or Name Note: When parts cannot be assembled there is no impact to the
Effectsaredescribedintermsofwhatthecustomermightnotice End User and question 2 does not apply.
cause
impact safety.o,r
or experience' Failures that could
should be clearly identified in the
noncomplian"" to t"gulations
PFMEA. 2. What is the potential impact on the End User?

Customers could be: lndependent of any controls planned or implemented

including error or mistake-proofing, consider what happens
o lnternal customer(nextoperation/subsequent to the process item that leads to what the End User would
oPeration/oPeration tar-gets) notice or experience. This information may be available
o External customer (Next Tier Level/OEM/dealer) within the DFMEA. lf an effect is carried from the DFMEA,
. Legislative bodies the description of the product effects in the PFMEA should
be consistent with those in the corresponding DFMEA.
. Product or Product end user/operator
rating according to: NOTE: ln some cases, the team conducting the analysis may
Failure Effects are given a Severity not know the end user effect (e.9., catalogue parts, off-
assuming the
1. Your Plant: the effect of the failure mode the-shelf products, Tier 3 components). When this
I
defectisdetectedintheplant(whatactionwilltheplant information is not known, the effects should be defined
take, e'g', scraP) in terms of the part function and/or process specification
I
I

i1

I
I

-95-
-94 -
 Verification of completeness of the failure modes can be made
ExamPles could include: through a review of past things-gone-wrong, reject or scrap
{\ )
r Noise reports, and group brainstorming. Sources for this should also
o High effort .include a comparison of similar processes and a review of
customer (end user and subsequent operation) claims relating to
. Unpleasant odor similar components.
. lntermittentoPeration There are several categories of potential failure modes including:
. Water leak e Loss of process function/operation not performed
. Rough idle r Partialfunction - lncomplete operation
. Unable to adjust . Degradation of process function
o Difficult to control . Overachieving process function - Too much too high.
o Poor appearance o lntermittent process function - operation not consistent
. Regulatory System Function reduced or failed o
. End user lack of vehicle control Unstable operation *
. Unintended process function - wrong operation
o SafetY effect on end user .
was detected prior
Wrong part installed
3 What would happen if a failure effect r Delayed process function - operation too late
to reaching the end user?
locations Typical failure modes could be, but are not limited to:
The failure effect at the current or receiving
also needs to be considered' . Hole too shallow, too deep, missing or off location.
ldentify the manufacturing impact
"Your Plant" and/or . Dirty surface
"shiP-to Plant" in the PFMEA' . Surface finish too smooth
ExamPles could include: ) . Misaligned connector pins
o Line shutdown
. Connector not fully seated
o StoP shiPment
r Pass a bad part, or reject a good part, bypass inspection
operation
. Yard hold
o Label missing
o 100% of Product scraPPed
. Barcode not readable
o Decreased line sPeed
.
line rate ECU flashed with wrong software.
. Added manpower to maintain required
e Rework and rePair 3.4.6 Failure Gause:
A failure cause is an indication of why a failure mode could occur.
3.4.5 Failure Mode The consequence of a cause is the failure mode. ldentify, to the
as the manner in which the
A (Process) Failure Mode is defined extent possible, every potential manufacturing or assembly cause
deliver or provide the
process could caus"-in" ptoOuct not to for each failure mode. The cause should be listed as concisely
intended function' and completely as possible so that efforts (controls and actions)
design of the p.roduct is can be aimed at appropriate causes.
The team should assume that the basic
result in
;;;i h"*ever, if Gre are design issues which Typical failure causes may include the classic lshikawa's 4M, but
be communicated to the
process concerns, thot" issues s[ould are not limited to:
design team for resolution' . Man: set-up worker, machine operator/ associate, material
occur but may not necessarily
Assume that the failure mode could associate, maintenance technician etc.
occur.FailuretoO"ttnoufOn"describedintechnicalterms'not
as a symptom noticeable by the customer'
I
-97 -
-96-
 tank' injection
3.4.6.4 Environfient (Milieu)
a -siiiatrobot' !"19:::"tervoir
Machine/Equipment: { ) ls lighting adequate for task?
conueyor' inspection devices'
1.
molding macnine,
fixtures, etc. 2. Can parts used within the process, be considered foreign
installation grease' washer material?
a Material (lndirect): machining -oil'
etc'
Ioncentration, (aid for operation)' The description of the failure cause needs to be clear. Terms such
such as heat' as "defective, broken," "operator failure," "non-fulfillment or "not
a Environ$ent (Silieu): ambient.conditions
JutC lighting' noise' etc' OK" and so on are insufficient to comprehensively assign the
"on:tumin'Jiion, that the incoming failure cause and mode and to determine actions.
Note: ln preparing the FMEA' assumeexceptions can be made
part(s)/mat"ti"fttl'"t" coriect' 3.4.7 Failure Analysis
data indicate
by the ffr'f fnie'am where historical
in incoming part quality' Based on the process steps, the failures are derived and failure
dlficiencies
chains (i.e., Failure structure/failure trees/failure network) are
created from the function analysis (see figure 3.3-1).
failure causes is to have a
One method to help reveal/uncover The focus element of the failure structure is the Failure Mode, with
i"'*
facilitator ttrat tealJ in" through "Thought P'rovoking
its associated Failure Effects and potential Failure Causes.
queitions can be broad category
Stimulation Ot"tiio"t:'ir'"t" Depending on the focus, a failure can be viewed as a Failure
questions, ;timuiate tne-process experts thought
questions to a manageable Effect, a Failure Mode, or a Failure Cause.
process, wnife"nougiilo
f<Seping tne number of the
specific and broken down into To link failure cause(s) to a Failure Mode, the question should be
level. Questions can be process formed by reviewing
questio_ns can be "Why is the Failure Mode occurring?"
4M categories. rn]ti"riist'of
previous PFMEA's'
tf,e faif .ire Causes in To link failure effects to a Failure Mode, the question should be
"What happens in the event of a Failure Mode?"
ExamPle - AssemblY Process:

3.4.6.1 Man { )
process' can wrong part be
1. From parts available within the
aPPlied?
2. Can no Part be aPPlied?
3. Can the parts be loaded incorrectly? Pr6$ Machine
Proeess characteristic:
pickup to application?
4. Can parts be damaged - From Electrical Motor , Asrembly Lln6
Process Requirement: IOP 301 Sintored Eearing Pro8iln Procoss Machine press in the sint€red bearing into lhe
bearing seat in po16 housing ufitil the defined axial
Product Characteristic
Assemblyof shaft into pole housing position
5. Can wrong material be used? assembly ----'--
Axial po6ition sintered bearing in pole h0using
{max. gap: < 0,3 mm} Failure:
Effecf on Proeess-'
Fallure: Machine stops before reaching final position
elearance too small to assemble
Axial position of sintered bearing is l'iot reached
3,4. 6.2 flachine shaft

1. Can automated process be interrupted? Pro$ Machlne

W,hat
2. Can inputted data be entered incorrectly?
mode' bypassing
3. Can machine be run in manual
automated controls?
prevention and detection
4 ls there a schedule to confirm Figure 3.4-2 Example of Failure Analysis Structure Tree
controls?

3.4.6.3 Iitlater i a I (i n d i rect)

be used?
1. Can too much / too little / no material
2. Can material be applied to a wrong
location?
I
-99
-98-
 3.4.8 Relationship between PFMEA and DFMEA
FAILURE ANALYSIS (STEP 4) {r A design failure of a feature (product characteristic) can cause a
failure for one or more product functions. The corresponding
process failure is the inability of the process to manufacture the
1. Failure Effects (FE) to the Next 3. Failure Cause (FC)
of the Work Element
same feature as designed. The failure to conform to a product
Higher Level Element and/or End characteristic alone leads to the Failure Effect. Only in this case is
User the Failure Effect in the Design FMEA the same as in the Process
Machine stoPs before FMEA. All Failure Effects which are caused by a failure of the
Axial Position of sintered
Your Plant: reaching final Position
bearing is not reached processes and which are not identified in Design FMEA have to
Clerra"ce too small to assemble shaft
without Potential damage be newly defined and assessed in the Process FMEA.
Ship to Pl-ant: The Failure Effects related to the product, system, and/or end user
A"semblt 0f motor to vehicle door and their associated severities should be documented when
r""quit*t'aOOitionat insertion force with
known, but not assumed. The key to the identification of Failure
potential damage
End User:
Effects and associated severities is the communication of the
Comfort closi time too lon involved parties and the understanding of differences and
similarities of the analyzed failures in DFMEA and PFMEA (see
Sheet
Figure 3.4'3 Example of Failure Analysis Form also figure 1.4-1).
t!-e^ifformation in the Figure 3.4-4 shows a potential interrelation of product-related
Begin building the failure chain by us119 form sheet or Failure Effects, Failure Modes and Failure Causes from the "End
Function A;;TG;' wn"n using a custgler lgecific
defined by your customer' User" level to the level of production (PFMEA level).
software, foi['* tf.r. methodolJgyas
Thishandbookrecommendstn"eFunctionAnalysissectionofthe Note: The expectation of the relative time of and the flow of
numbering (1,2,3)
spreadsnlJ i, tiil"o-out foilowing the header information from the DFMEA to the PFMEA is different in
and color coding. non-standard development flows, such as where
development of a "standard" process precedes
1. Failure Effects (FE):
development of the products that will be manufactured
"Next Higher Level
The effect of failure associated with using it. ln such cases, the appropriate timing and flow
Analysis'
Element anOloi End User" in the Function of information between these FMEAs should be defined
Noteforspreadsheetusers:Apotential.failuremodemayhave by the organization.
effects are grouped
more than on" i"iu'" effect' Failure
z
E

excessive
4
in the spreadsheet in order to avoid
modes and causes'
duplicaiion of the same failure
2 Failure Mode (FM):
with the "Focus
The mode (or type) of failure associated
Element" in the Function Analysis'
Noteforspreadsheetusers:ltisrecommendedthatusersstart
related failu.re
with the faiture mode and then identify
Function of the
effects using tt'lt intottution in the #1
process rteft-corumn of the Function Analysis section
because some or all categories may apply'
3 Failure Cause (FC):
"Work Element
The cause of failure associated with the
Analysis'
unJ pro.".s Characteristic" in the Function

0 )
-101 -
- 100 -
 2. Process Step 2. Function of the Process SteP
2. Failure Mode (FM)
(\ Station No. and Name and Product Characteristic
End User
comfort ctosing time too long
analyzrd in the DestgnflrlEA ) of Focus Element (Quantitative value is
of the Process Step
.....JtI.?{!
IOP 301 Sintered Press in sintered bearing to Axial position of sintered
Failure Effect on
Bearing Press-ln achieve axial position in Pole bearing is not reached
Failule Effect on Product Paocess Function'
i DFMEA Torque and
the
Function, analyzed in the analvzeci in the Process housing to max gap per Print
i@l window Frocess FMEA Proc$s FMEA

Window lifter a$emblY Figure 3.4-G View of Process Step'Function'Failure Form Sheet
Commutatlon System Effects
Commutation System line
Shio to Plant Assembly ol
Anole deviatlon bY commutation Your Plant: Clearancetoo
motor to vehicle door
sv;tem intermittently connects to assemble shan

i@I
small
reduires additional insertion
tire wrong coits 1Lt, L3 and L2 without Potential damage
instead of Ll, L2 and L3)
rorie with Potential damage

Modes
lncorrecl

Cause Press Machine Machine presses sintered Machine stops before

Pte6s Machine Addiiional
Operatol sinter€d Machine stops befofe potenlial bearing into the pole housing reaching final position
reaching linal Posiilon PFMEA
bearlng not in xx poeition eauses
seat until the defined axial
position

PFMEA and DFMEA Figure 3.4-Z View of Process Work Element-Function-Failure Form Sheet
Figure 3.4-4 Relationship between

3.4.9 Failure Analysis Documentation

Afier the Structure Analysis,
F.unction Analysis and Failure
a structure tree or spreadsheet
can have
t 3.4.10 Gollaboration between Customer and Supplier (Failure
Effects)
The output of the Failure Analysis may be reviewed by customers
Analysis
"r'" "oi'tpr"ie
muttiPle views and suppliers prior to the Risk Analysis step or after to the Risk
Analysis step based on agreements with the customer and need
Next
ltem 1. Failure Effects (FE) to the for sharing with the suPPlier.
1. Process ltem 1. Function of the Process
Higher Level Element and/or
System, SubsYstem, Part Function of SYstem, SubsYstem'
Part Element or Process End User 3.4.11 Basis for Risk AnalYsis
Element or Name of Process
Complete definition of potential failures will lead to a complete
ElectricalMotor Assy Line too small to asse mble
bly of shaft into Pole Step 5 Risk Analysis because the rating of Severity, Occurrence,
potentialdamage
sing assemblY and Detection are based on the failure descriptions. The Risk
to vehicle door Analysis may be incomplete if potential failures are too vague or
of motor to veh icle door nsertio n force with missing.
qut
damage
raises and lowers
time too

ltem'Function'Failure Form Sheet

Figure 3.4-5 View of Process

-103-
-102-
 Failure Causes are rated for occurrence, taking into account the
3.5 Process FMEA 5th Step: Risk Analysis ( effectiveness of the current prevention control (Chapter Risk
Evaluation).
3.5.1 PurPose Current Prevention Controls describe measures which should be
estimate risk by
The purpose of Process Risk Analysis is to implemented in the design process and verified during prototype,
in order to
evaluating Severity, Occurrence and Detection' machine qualifications (run-off), and process verification prior to
prioritize the need for actions' start of regular production. Prevention Controls may also include
are: standard work instructions, set-up procedures, preventive
The main objectives of the Process Risk Analysis
mai ntenance, cal ibration proced u res, error-proofi ng verification
.Assignmentofexistingand/orplannedcontrolsandratingof procedures, etc.
failures
oAssignmentofPreventionControlstotheFailureCauses 3.5.3 Gurrent Detection Gontrols (DG)
oAssignmentofDetectionControlstotheFailureCauses Definition: Current Detection controls detect the existence of a
and/or Failure Modes failure cause or the failure mode, either by automated or manual
oRatingofSeverity,occurrenceandDetectionforeachfailure methods, before the item leaves the process or is shipped to the
customer.
chain
o Evaluation of Action PrioritY Examples of Current Detection controls:
. Collaboration between customer and supplier
(Severity) . Visual inspection
o Basis for the OPtimization steP . Visual inspection with sample checklist
TherearetwodifferentControlGroups:CurrentPrevention . Optical inspection with camera system
Controls, and Current Detection Controls' . Optical test with limit sample
. Attributive test with mandrel
3.5.2 Current Prevention Controls (PC) r
{ Dimensional check with a caliper gauge
3.5.2.1 Process Planning . Random inspection
Definition: Current Prevention Controls facilitate
optimal process . Torque monitoring
planningtominimizethepossibilityoffailureoccurrence. o Press load monitoring
Prevention of possible layout deficiencies of
the production facility: o End of line function check
e Test runs according to start-up regulation AV
17l3b
jj;
PC:
Review & reaction
3.5.2.2 Production Process before decision,
e.g. Poka-Yoke
Definition:Eliminate(prevent)thefailurecauseorreduceitsrate
Process
of occurrence. parameters

Prevention of defectively produced parts in

the production facility: i, rPC:
Execution of Execution of
Process operation operation
o Two-handed operation of machines Planning
Process B IDC: i Process C DC:
o Subsequent part cannot be attached (Poka-Yoke) I " Check for
I failures in B t
I
Check for
failures in C
. Form-dePendentPosition Station n I t; i Station n+1
. Equipmentmaintenance -l
o Operator maintenance
PC (preventive): Prevention controls Prccess failure Time
I

I
. Work instructions / Visual aids DC (reactive): Detection controls
ti
o Machine controls
3.5-l
I
t1
tr
o First Part release Figure Prevention and Detection in the Process FMEA

-105-
-104-
 { )
Detection 3.5.6 Severity (S)
Prevention
Severity is a rating number associated with the most serious effect
rca% for a given failure mode for the process step being evaluated. lt is
a relative rating within the scope of the individual FMEA and is
Process qualitY determined without regard for Occurrence or Detection.
For process-specific effects, the Severity rating should be
Time determined using the criteria in evaluation Table P1. The table
0 Product characteristic
may be augmented to include corporate or product line specific
-Visual lnsPection" examples.
-Operator instruetisn*
:

+
*-- The evaluations of the Failure Effects should be mutually agreed
: Sensory lnsPection" -
? -Machine CaPabilitY-- to by the customer and the organization.
t
* - -."... lnsPection - NOTE: lf the customer impacted by a Failure Modb is the next
* i
- -' *rocess monitorlng manufacturing or assembly plant or the product user,
assessing the severity may lie outside the immediate
Figure 3.5'2 Roadmap of process understanding process engineer's/team's field of experience or
knowledge. ln these cases, the Design FMEA, design
3.5.4 Gurrent Prevention and Detection Gontrols engineer, and/or subsequent manufacturing or assembly
plant process engineer, should be consulted in order to
CurrentPreventionandDetectionControlsshouldbeconfirmedto comprehend the propagation of effects.
beimplementeOanOeffective'Thiscanbedoneduringanin-
station |."ui"* G.g- Line Side Review, Line
walks and Regular
additional action may be
audits). rt tne conirol is not effective,
needed' {, )
TheoccurrenceandDetectionratingsshouldbereviewedwhen
possibility of
using data from previous processes' due to the
different conditions for the new process'

3.5.5 Evaluations
(failure chain or
Each Failure Mode, Cause and Effect relationship
."tj i" assesseo for its independent risk. There three rating
are
criteria for the evaluation of risk:
Severity(S):standsfortheSeverityoftheFailureEffect
occurrence(o):standsfortheoccurrenceoftheFailureCause
Detection(D):standsfortheDetectionoftheoccurredFailure
Cause and/or Failure Mode
Evaluation numbers from 1 to 10 are used for
S' O' and D
l."rp""iiu"ry, in which 10 stands for the highest risk contribution.
NOTE: lt is not appropriate to compare the ratings
olgne team's
even if
FMEA witn the ratings of another team's FMEA'
theproducUprocess-appeartobeidentical,sinceeach
team'senvironmentisuniqueandthustheirrespective
are
individual ratings will be unique (i'e', the ratings
subjective).
)
-107 -
-106-

Process General Evaluation Criteria Seve
Potential Failure Effects rated according to the criteria below
lmpact to ShiP'to Plant
s Effect lmpact to Your Plant
Failure may result in an Failure maY result in an
acute health and/or
10 safety risk for the
manufacturing or
High
assemblY worker
Failure may result in in-
plant regulatory
9 regulations.
noncom iance
than full production shift;
100% of production run
affected maY have to be
scrapped.
Failure maY result in in-
plant regulatory
I noncompliance or may
have a chronic health
and/or safetY risk for the
Moderately manufacturing or
high assemblY worker
Product may have to be
sorted and a Portion
(less than 100%)
7 scrapped ; deviation from
primary process;
decreased line sPeed or
added manpower
- 108 -
Process General Evaluation Griteria Severity (S)
Blank
filled in by
) Potential Failure Effects rated according to the criteria below
Blank until
filled in by
user USET
Corporate or lmpact to Ship-to Plant Corporate or
lmpact to End User s lmpact to End User
Product Line Effect lmpact to Your Plant
(when known) Product Line
(when known) (when known)
(when known) Examples
Affects safe 100% of production run
operation of the may have to be Line shutdown up to one Loss of secondary
6
vehicle and/or other reworked off line and hour vehicle function.
acute health and/or vehicles, the health accepted
safety risk for the of driver or Less than 100% of
manufacturing or passenger(s) or
A portion of the product affected; strong
assembly worker road users or production run may have possibility for additional Degradation of
5 Moderately secondary vehicle
low to be reworked off line defective product; sort
function.
Failure may result in in- Noncompliance with
and accepted required; no line
plant regulatory shutdown *
noncom rance Defective product Very objectionable
100o/o of production run
Line shutdown greater may have to be
triggers significant appearance, sound,
4 reaction plan; additional vibration,
reworked in station
stop shipment Possible; defective products not harshness, or
before it is processed
field rePair or likely; sort not required haptics.
replacement required
Loss of primary Moderately
(Assembly to End User) vehicle function Defective product
A portion of the objectionable
other than for regulatory necessary for production run may have
triggers minor reaction
appearance, sound,
noncompliance. 3 plan; additional defective
normaldriving to be reworked in-station vibration,
Failure may result in in- during expected
products not likely; sort
before it is processed harshness, or
plant regulatory not required
noncompliance or may
service life. ( ) haptics.
Low
have a chronic health
Defective product Slightly
and/or safetY risk for the
triggers no reaction plan; objectionable
manufacturing or Slight inconvenience to
worker additional defective appearance, sound,
2 process, operation, or
products not likely; sort vibration,
Line shutdown from 1 operator
Degradation of not required; requires harshness, or
hour up to full Production
primary vehicle feedback to supplier haptics.
shift; stop shiPment
possible; field rePair or function necessary
replacement required for normal driving 1 Very low No discernible effect
No discernible effect or No discernible
(Assembly to End User) during exPected no effect effect.
other than for regulatory service life.
noncom iance Table Pl - PFMEA SEVERITY (S)
0 )
- 109 -
 Occurrence Potential (O) for the Process
3.5.7 Occurrence (O) (
occurrence of Failure
)
The Occurrence rating (O) describes the Potential Failure Causes rated according to the criteria below. Consider Prevention
the associated current '
Cause in the pro""rr]dking into account Controls when determining the best Occurrence estimate. Occurrence is a predictive
prevention controls. qualitative rating made at the time of evaluation and may not reflect the actual Blank untilfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
Theoccurrenceratingnumberisarelativeratingwithinthescope FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
occurrence'
of the FMEA and may not reflect the actual Ratings, use the rating that best reflects the robustness of the control.
Theoccurrenceratingdescribesthepotentialofthefailurecause Prediction of Corporate or
regard to the Type of
to o".ur, according to-the rating table' without o Failure Gause
Control
Prevention Controls Product Line
detection controls' Occurrinq Examoles
p-rocess.es' for 10 Extremely high None No prevention controls.
Expertise or other experiences with comparable I
&itpfe, can be considered in the assessment the rating
of
8
Very high Behavioral
Prevention controls will have little
effect in preventing failure cause.
numbers.
7 Prevention controls somewhat *
lndeterminingthisrating,questionssuchasthefollowingshould High
6 Behavioral effective in preventing failure cause.
be considered: or Technical
5 Prevention controls are effective in
processes and
o What is the equipment history with similar 4
Moderate
preventing failure cause.
process stePs? 3 Low Best
e What is the field experience with similar
processes? Practices: Prevention controls are highly
previous process? Behavioral effective in preventing failure cause.
o ls the process a carryover or similar to a
2 Very low
or Technical
production
o How significant are changes from a current Prevention controls are extremely
process? effective in preventing failure cause
. ls the Process comPletelY new? from occurring due to design (e.9.
o What are the environmental changes?
6 1 Extremely low Technical
part geometry) or process (e.9.
fixture or tooling design). lntent of
o Are best practices already implemented? prevention controls - Failure Mode
. instructions, set-up
Do standard instructions exist? (e.g', work cannot be physically produced due
error- to the Failure Cause.
and calibration procedures, preventive maintenance'
prooting verification procedures' and process monitoring Prevention Control Effectiveness: Consider if prevention controls are technical (rely on machines, tool
verification checklists) life, tool matedal, etc.), or use best practices (fixtures, tool design, calibration procedures, error-
(e'g''
o Are technical error-proofing solutions implemented?
tool design'
proofing verification, preventive maintenance, work instructions, statistical process control charting,
process monitoring, product design, etc.) or behavioral (rely on certified or non-certified operators,
product or process design, fixture and
control skilled trades, team leaders, etc.) when determining how effective the prevention controls will be.
established process sequence, production
tracking/traceability,machinecapability'andSPCcharting)
Table P2 - PFMEA OCCURRENCE (O)

3.5.8 Detection (D)

Detection is the rating associated with a prediction of the most
effective process control from the listed detectiontype process
controls. Detection is a relative rating, within the scope of the
individual FMEA and is determined without regard for Severity or
Occurrence. Detection should be estimated using the criteria in
Table P3. This table may be augmented with examples of
common detection methods used by the company.
The intent of the term "control discrepant product" used in Table
P3 Ranks 3 and 4 is to have controls/systems/procedures in place
a )
-111-
-110-
 that the
that controls the discrepant product in such a manner' Detection Potential (D) for the Validation of the Process Des ign
probability of the product escaping the facility is very low'
( Detection Controls rated according to the Detection Method Maturity and Opportunity for Blank until
filled in by
Detection.
Thecontrolsstartfromwhentheproductisidentifiedas user
controls usually
discrepant to the poini of final disposition. These Ability to Detection Method
Corporate
discrepant products with higher or Product
exceed controls that are used for D
Detect Maturity Opportunity for Detection
Line
Detection Ranks. Examples
Afterimplementationofanyunprovencontrol,theeffectiveness Human inspection (visual, tactile, audible),
or use of manual gauging (attribute or
can be verified and re-evaluated' 6 Test or inspection method variable) that will detect the failure mode or
lndeterminingthisestimate,questionssuchasthefollowing has been proven to be failure cause (including product sample
effective and reliable (e.9.
should be considered: checks).
plant has experience with
or
which test is most effective in detecting the Failure cause
Moderate
o method;gauge R&R Machine-based detection (semi-automated
with notification by light, buzzer, etc.), or use
the Failure Mode? results are acceptable on
the comparable process or of inspection equipment such as a
r what is the usage Profile / Duty cycle required detecting 5
this application, etc.). coordinate measuring machine that Will
failure? detect failure mode or failure cause
.Whatsamplesizeisrequiredtodetectthefailure? (including product sample checks).

rlsthetestprocedureprovenfordetectingthisCause/Failure Machine-based automated detection

Mode?
Detection Potential for the Va idation of the P rocess Desi
Detection Controls rated according to the Detection Method
Detection.
Detection Method
Ability to
D
Detect MaturitY
No testing or inspection
method has been
10
establ ished or is known
It is unlikelY that the
Very low
testing or insPection
I method will detect the
failure mode
Test or insPection method
8 has not been Proven to
be effective and reliable
(e.g. plant has little or no
Low experience with method,
gauge R&R results
marginalon comParable
7 such as a coordinate measuring machine
process or this aPPlication'
etc.)'
Blank until
Maturity and OpportunitY for
filled in by
Corporate
or Product
OpportunitY for Detection
The failure mode will not or cannot be
detected.
The failure mode is not easily detected
through random or sporadic audits'
Hum a n nspection (visu a tacti le, audible )
or u SE of m nual g a ugrng attri bute
variable that should d etect th e fail ure mode
or failure cause.
Machine-based detection (automated or
semi-automated with notification by light'
buzzer, etc.), or use of inspection equipment
that should detect failure mode or failure
cause.
method that will detect the failure mode
downstream, prevent further processing or
system will identify the product as
4 discrepant and allow it to automatically
move forurard in the process until the
designated reject unload area. Discrepant
user System has been proven product will be controlled by a robust system
to be effective and reliable
) (e.9. plant has experience
that will prevent outflow of the product from
Line the facility.
with method on identical
process or this Machine-based automated detection
application), gauge R&R method that will detect the failure mode in-
High results are acceptable, etc. station, prevent further processing or
system will identify the product as
3
discrepant and allow it to automatically
move fonvard in the process until the
designated reject unload area. Discrepant
product will be controlled by a robust system
that will prevent outflow of the product from
the facility.
Detection method has
been proven to be Machine-based detection method that will
effective and reliable (e.g detect the cause and prevent the failure
2
plant has experience with mode (discrepant part) from being
method, error-proofing produced.
verifications, etc.).
Failure mode cannot be physically produced as-designed or processed,
1 Very high or detection methods proven to always detect the failure mode or failure
cause.

Table P3 - PFMEA DETECTION (D)

J
- 113.
-112-
 Priority Medium (M): Medium priority for review and action.
3.5.9 Action PrioritY (AP)
oncetheteamhascompletedtheinitialidentificationoffailure
fi The team should identify appropriate actions
to improve prevention and / or detection
ratil-S-s f9r
modes and effects, ;;;t;; and controls, including
must decide if further
controls, or, at the discretion of the company,
severity, o".urr"n."l ,nJ O"t"ttion' they
justify and document why controls are
Due to the inherent
efforts are needed to reduce the risk' adequate.
and other factors' they
limitations on r.""ori""t, iit", technology' Priority Low (L): Low priority for review and action.
efforts'
must choose how to best prioritize these The team could identify actions to improve
TheActionPriority(AP)methodisintroducedinthishandbook.lt prevention or detection controls.
for all 1000 possible combinations of S'
O' and D' lt was
accounts It is recommended that potential Severity 9-10 failure effects
createdtogivemoreemphasisonseverityfirst'thenoccurrence' intent of with Action Priority High and Medium, at a minimum, be
then detection. ThiJ rogif tollo*s the failure-prevention. priority reviewed by management including any recommended
high-medium-low
FMEA. The Ap taoie oiiers a suggested action actions that were taken.
for action. companies l'n a-Iingte system to evaluate
""
il";itL; i.t1""d of multiple systems required from multiple This is not the prioritization of High, Medium, orlow risk, it is
customers. the prioritization of the need for actions to reduce risk.
S x O x D and range from Note: lt may be helpful to include a statement such as "No
Risk Priority Numbers are the product of
i-to f ooO. in" Rpn distribution can provide some information further action is needed" in the Remarks field as
adequate
range of ratings, but RPN alone is not an appropriate.
"ooutln" more actions since RPN gives
method to determine th6 need for
to S, O, O f9t this reason' RPN could result inD
"qu"i*"ight "nO of S, o, and
similar risk numbeo iol" u"ry different combinations using
prioritize. when
leaving the team un""rt"in lnout how to prioritize
method to
RpN it is recommeno"Jto use an additional
S x O' The use of a Risk Priority Number
like RPN results ,u"h { )
"' practice
IRFNjthreshold isnot a recommendedx O methods are not
for determining
the need for actions. The RPN and S
included in this Publication'
of S and O' S and D'
Risk matrices can represent combinations
visual representation of
and o and D. rnesJmatrices provide a
as an input to
the results of the analysis and can be used
criteria not
piLrit,r"tion of actioni based on company-established
included in this Publication'
SincetheAPTablewasdesignedtoworkwiththeSeverity,
occurrence,andDetectiontablesprovidedinthishandbook,ifthe
org@nization t'o modify the S' O' D' tables for specific
"hootet should also be
products, pro""rr"i' or projecis, the AP table
carefullY reviewed.
are the same for DFMEA and
- Action Priority rating tables
! Note:
E PFMEA, but different for FMEA-MSR'
t

Priority High (H): Highest priority. for review and action'

Thl team needs to either identify an
appropriate action to improve prevention
detection controls or justify and
"ilbloi
document whY current controls are
adequate. 0 )
-115-
-114-

't
 Pred iction of
Action Priority (AP) for DFMEA and PFMEA ACTION
filled
{ ) Effect s Failure
o Ability to Detect D PRIORITY Gomments
Priority is based on combinations of Severity, Occurrence, and Detection ratings in Blank until Cause
in by user Occurrinq (AP)
order to rioritize actions for risk reduction
Prediction of ACTION Low - Very low 7-10 H
Effect S Failure Cause o Ability to Detect D PRIORITY Gomments
Moderate 5-6 H
Occurrin Very high 8-1 0
High 2-4 M
Low - Very low 7-10 H
Very high 1 M
Moderate 5-6 H
Very high 8-1 0 Low - Very low 7-10 M
High 2-4 H
Moderate 5-6 M
Very high 1 H High 6-7
High 2-4 M
Low - Very low 7-10 H
Product or Very high 1 L
Moderate 5-6 H
High 6-7 Plant Effect 4-6 Low - Very low 7-10 M
High 2-4 H Moderate
H Moderate 4-5
Moderate 5-6 L{
Product or Very high 1
High 2-4 L
Plant Effect 9-1 0 Low - Very low 7-10 H
Very high Very high 1 L
Moderate 5-6 H
Moderate 4-5 Low - Very low 7-10 L
High 2-4 H
Moderate 5-6 L
Very high 1 M Low 2-3
High 2-4 L
Low - Very low 7-10 H
Very high 1 L
Moderate 5-6 M
Low 2-3 Very low 1 Very high - Very low 1-10 L
High 2-4 L
( Low - Very low 7-10 M
Very high 1 L ) Moderate 5-6 M
Very low 1 Very high - Very low 1-10 L Very high B-1 0
High 2-4 L
Low - Very low 7-10 H
Very high 1 L
Moderate 5-6 H
Very high B-1 0 Low - Very low 7-10 L
High 2-4 H
Moderate 5-6 L
Very high 1 H High 6-7
High 2-4 L
Low - Very low 7-10 H
Product or Very high 1 L
Moderate 5-6 H
Plant Effect
High 6-7 2-3 Low - Very low 7-10 L
High 2-4 H Low
Moderate 5-6 L
Very h 1 M Moderate 4-5
Product or High 2-4 L
Plant Effect 7-8 Low - Very low 7-10 H
Very high 1 L
High Moderate 5-6 M
Moderate 4-5 Low - Very low 7-10 L
High 2-4 M
Moderate 5-6 L
Very high 1 M Low 2-3
High 2-4 L
Low - Very low 7-10 M
Very high 1 L
Moderate 5-6 M
Low 2-3 Very low 1 Very high - Very low 1-10 L
High 2-4 L No
Very low -
Very high 1 L discernible 1 1-10 Very high - Very low 1-10 L
Very high
Effect
Very low 1 Very high - Very low 1-10 L

J ) Table AP - ACTION PRIORITY FOR DFMEA and pFMEA

-116- -117-

\

FATLURE ANALYSIS (STEP 4)
r. Fdur8 Efi8cts{FE)
ill3fiext lggher
!o
tw€l Eltm€fltandot
End tlscr
8 Axial position of
Clearance t0(} smallto
assenrble shaft without
potential damage
of motor to
door requires
additional insedion
force with Potential
Comfort closirrg time
too
Figure3.5.3ExampleofPFMEAwithRiskAnalysisFormSheet
-118-
reviews, and cross-functional team meetings lead to Step 6
PFMEA RlsK ANALYSIS (STEP 5)
tc
f ) Optimization.
"9
o
o 3.6 Process FMEA 6th Step: Optimization
lto
oo 3.6.1 Purpose
c
tr
The purpose of the Process Optimization Step is to determine
M
Machine stoPs Force 5 1007o check of 2
actions to mitigate risk and assess the effectiveness of those
adiusted acc-
sintered bearing reachin{t
data sheet
actions. The end result is a process which minimizes the risk of
is not reached final positisn
curve acc. spec. producing and delivering products that do not meet the customer
MRKJ5039
and stakeholder expectations.
The main objectives of a Process Optimization are:
o ldentification of the actions necessary to reduce risks
. Assignment of responsibilities and deadlines foi action
implementation
. lmplementation and documentation of actions taken including
confirmation of the effectiveness of the implemented actions
and assessment of risk after actions taken
3.5.l0collaborationbetweencustomerandSupplier . Collaboration between the FMEA team, management,
(SeveritY) customers, and suppliers regarding potential failures
TheoutputoftheRiskAnalysiscreatesthemutualunderstanding . Basis for refinement of the product and/or process
oftechnicalriskbetweencustomersandSuppliers.I/ethodsof- requirements and prevention and detection controls
collaborationrangefromverbaltoformalreports.Theamountof
of a project, company
{ ) The primary objective of optimization is to develop actions that
intormation sharJd is based on the needs reduce risk by improving the process. ln this step, the team
policy,contractualagreements'andsoon'Theinformationshared reviews the results of the risk analysis and assigns actions to
the supply chain.
oeplnos on the plac-ement of the company in lower the occurrence of the failure cause or increase the ability to
Some examples are listed below' detect the failure cause or failure mode. Actions may also be
1'TheoEMmaycomparedesignfunctions,failureeffects, assigned which improve the process but do not necessarily lower
andSeveritytroma,vehicle-le-velDFMEAwiththeTierl the risk assessment rating. Actions represent a commitment to
suPPlier PFMEA. take a specific, measurable, and achievable action, not potential
actions which may never be implemented. Actions are not
2'TheTierlsuppliercommunicatesnecessaryinformation
drawings and/or intended to be used for activities that are already planned as
about product characteristics on product these are documented in the Prevention or Detection Controls,
designation of
specifications, or other means, including and are already considered in the initial risk analysis. All actions
This
standard or special characteristics and severity' should have a responsible individual and a target completion time
informationisusedaSaninputtotheTier2supplier associated with the action.
PFMEA *"it the Tier i's internal PFMEA' When the
", "t
designteamcommunicatestheassociatedriskofmaking lf the team decides that no further actions are necessary, "No
process
prod-uct characteristics out of specification the further action is needed" is written in the Remarks field to show
prevention and
team can build in the appropriate level of the risk analysis was completed.
detection controls in manufacturing' The PFMEA can be used as the basis for continuous improvement
of the process.
3.5.11 Basis for OPtimization
7-Step FMEA process The optimization is most effective in the following order:
The output of Steps 1,2' 3' 4' and 5 of the
i, ,rlo io determine ii adoitional design or testing action
is o Process modifications to eliminate or mitigate a Failure Effect
needed'Theprocessreviews,customerreviews,management (FE)
0 )
-119-
 Not lmplemented status is assigned when a decision is
.Processmodificationstoreducetheoccurrence(o)ofthe made not to implement an action. This may occur when
Failure Cause (FC). risks related to practical and technical limitations are
olncreasetheDetection(D)abilityfortheFailureCause(FC) beyond current caPabilities.
or Failure Mode (FM)'
olnthecaseofprocessmodifications,allimpactedprocess
stePs are evaluated again' The FMEA is not considered "complete" until the team assesses
each item's Action Priority and either accepts the level of risk or
documents closure of all actions.
lnthecaseofconceptmodifications,allstepsoftheFMEAare
reviewedfortheaffectedsections.Thisisnecessarybecausethe lf "No Action Taken," then Action Priority is not reduced, and the
original analysis is no longer valid since it was
based upon
a risk of failure is carried forward into the product. Actions are open
loops that need to be closed in writing.
d iflerent man ufacturi ng concept'

ThePFMEAcanbeusedasthebasisforcontinuousimprovement 3.6.4 Assessment of Action Effectiveness

of the Process.
When an action has been completed, Occurrence, dnd Detection
values are reassessed, and a new Action Priority may be
3.6.2 Assignment of Responsibilities
determined.
and a Target
Each action should have a responsible individual
Completion Date (TCD) associated with it'
The new action receives a preliminary Action Priority rating as a
prediction of effectiveness.
Theresponsiblepersonensurestheactionstatusisupdated'lf
for the However, the status of the action remains "implementation
the action is coniirmed this person is also responsible
pending" until the effectiveness has been tested. After the tests
action imPlementation.
are finalized the preliminary rating has to be confirmed or adapted,
Detection Actions
The Actual completion Date for Preventive and when indicated. The status of the action is then changed from
implemented.
is documenteJ inctuding the date the actions are "implementation pending" to "completed."
( )
TargetCompletionDatesshouldberealistic(i.e',inaccordance The reassessment should be based on the effectiveness of the
witittre proOuct development plan, prior to process validation' Preventive and Detection Actions taken and the new values are
prior to start of Production)' based on the definitions in the Process FMEA Occurrence and
Detection rating tables.
3.6.3 Status of the Actions
Suggested levels for Status of Actions: 3.6.5 Continual lmprovement
OPen The PFMEA serves as a historical record for the process.
Therefore, the original Severity, Occurrence, and Detection (S, O,
No action defined' D) numbers need to be visible or at a minimum available and
Decision Pending (oPtional) accessible as part of version history. The completed analysis
becomes a repository to capture the progression of process
Theactionhasbeendefinedbuthasnotyetdecidedon.A decisions and design refinements. However, original S, O, D
decision Paper is being created' ratings may be modified for foundation, family or generic PFMEAS
lmplementation pending (optional) because the information is used as a starting point for an -
process specific analysis.
The action has been decided on but not yet implemented'
ComPleted 3.6.6 Gollaboration between the FMEA team, Management,
Completed actions have been implemented.and
their Customers, and Suppliers regarding Potential Failures
ettectivenesshasbeendemonstratedanddocumented'A Communication between the FMEA team, management,
final evaluation has been done' customers and suppliers during the development of the technical
risk analysis and/or when the PFMEA is initially complete brings
Not lmPlemented people together to improve their understanding of product and
(' I
-121-
-120-
 process functions and failures' ln this way'
there is a transfer of a company, or between companies. The report is not meant to
replace reviews of the PFMEA details when requested by
i<nowledge that promotes risk reduction' f' , ) management, customers, or suppliers. lt is meant to be a
summary for the PFMEA team and others to confirm completion of
each of the tasks and review the results of the analysis.
PFMEA OPTIMIZATION It is important that the content of the documentation fulfills the
PFMEA RISK ANALYSIS requirements of the organization, the intended reader, and
(srEP 5)
(srEP 6)
relevant stakeholders. Details may be agreed upon between the
parties. ln this way, it is also ensured that all details of the analysis
-a
6) 5g o)
and the intellectual property remain at the developing company.
o
a
o
(E
o ;b
-E
oo
(L o c a The layout of the document may be company specific. However,
a)tr
q)
o) 'F (E
-ei o
the report should indicate the technical risk of failure as a part of
_o(E o 0) a rgB o
ut, z- F the development plan and project milestones. The content may
E
c)
o b9 E
o o o o include the following:
C) o
0)
O tS C)
*
o t A. A statement of final status compared to original goals established in 1.5
=
8 3 2 L Project Plan
Process dd. open
Force 5 100% check 2 M Selected
press
Selected
press with Engineer mm a. FMEA lntent - Purpose of this FMEA?
adjusted of motor
with force Mr. Paul vvvv b. FMEA Timing - FMEA due date?
ata acc position monitoring Duncan c. FMEA Team - List of participants?
sheet spec. control d. FMEA Task - Scope of this FMEA?
sensor e. FMEA Tool - How do we conduct the analysis Method used?
new Risk Evaluation Form sheet
Figure 3.6,1 Example of PFMEA Optimization with B. A summary of the scope of the analysis and identify what is new.
C. A summary of how the functions were developed.
Step: Results Documentation ( D. A summary of at least the high-risk failures as determined by the team and
3.7 Process FMEA 7th
provide a copy of the specific S/O/D rating tables and method of action
prioritization (i.e., Action Priority table).
3.7.1 PurPose E. A summary of the actions taken and/or planned to address the high-risk
Thepurposeoftheresultsdocumentationstepistosummarize failures including status of those actions.
Mode and Effects
and communi.ui"ln" results of the Failure F. A plan and commitment of timing for ongoing FMEA improvement actions.
AnalYsis activitY. a. Commitment and timing to close open actions.
The main objectives of Process Results Documentation
are: b. Commitment to review and revise the PFMEA during mass production
to ensure the accuracy and completeness of the analysis as
.Communicationofresultsandconclusionsoftheanalysis compared with the production design (e.9. revisions triggered from
design changes, corrective actions, etc., based on company
r Establishment of the content of the documentation
procedures). (Refer to section 1.4 Case 3 FMEA revisions)
o confirmation of
Documentation of actions taken including c. Commitment to capture "things gone wrong" in foundation PFMEAS
and
tfre etfectiveness of the implemented actions for the benefit of future analysis reuse, when applicable. (Refer to
assessment of risk after actions taken section '1.3.6 Foundation and Family FMEAs)
oCommunicationofactionstakentoreducerisks,including
and/or
within the organization, and with customers
suPPliers as aPProPriate
oRecordofriskanalysisandriskreductiontoacceptable
levels

3.7.2 FMEA RePort

be summarized in a
The scope and results of an FMEA should
report.Thereportcanbeusedforcommunicationpurposeswithin
-123-
-122-
 4 SUPPLEMENTAL FMEA FOR MONITORING AND
) SYSTEM RESPONSE (FMEA.MSR)
ln a Supplemental FMEA for Monitoring and System Response,
potential Failure Causes which might occur under customer
operating conditions are analyzed with respect to their technical
effects on the system, vehicle, people, and regulatory compliance.
The method considers whether or not Failure Causes or Failure
Modes are detected by the system, or Failure Effects are detected
by the driver. Customer operation is to be understood as end-user
operation or in-service operation and maintenance operations.
FMEA-MSR includes the following elements of risk:
a) Severity of harm, regulatory noncompliance, loss or
degraded functionality, and unacceptable quality;
represented by (S)
b) Estimated frequency of a Failure Cause in the context of
an operational situation; represented by (F)
c) Technical possibilities to avoid or limit the Failure Effect via
diagnostic detection and automated response, combined
with human possibilities to avoid or limit the Failure Effect
via sensory perception and physical reaction; represented
bv (M)
The combination of F and M is an estimate of the probability of
)
ff :'[:ffi i,;,*?ff:ili;.=x?"J''ix".1iff 5#ff [:3 jurecause)
p ruOfe: The overall probability of a Failure Effect to occur may be
E higher, because different Failure Causes may lead to the
i
5
same Failure Effect.
FMEA-MSR adds value by assessing risk reduction as a result of
monitoring and response. FMEA-MSR evaluates the current state
of risk of failure and derives the necessity for additional monitoring
by comparison with the conditions for acceptable residual risk.
The analysis can be part of a Design FMEA in which the aspects
of Development are supplemented by aspects of Customer
Operation. However, it is usually only applied when diagnostic
detection is necessary to maintain safety or compliance.
Detection in DFMEA is not the same as Monitoring in
Supplemental FMEA-MSR. ln DFMEA, Detection controls
document the ability of testing to demonstrate the fulfillment of
requirements in development and validation. For monitoring that is

flih11r;i'it"fillii'1:3f e"'Tl:;l[t{i;;mafrtr'"
assesses the effectiveness of fault detection performance in
customer operation, assuming that specifications are fulfilled. The

-125-
 Monitoring rating also comprehends the safe performanc" 119
reliability of systet reactions to monitored faults' lt contributes
^^
to,
and may be used
the assessment of the fulfillment of Safety Goals
for deriving the SafetY ConcePt.
SupplementalFMEA-MSRaddressesrisksthatinDFMEAwould
otherwise be assessed as High, by considering more factors
which accurately reflect lower assessed risk according to the
diagnostic functions of the vehicle operating system' fF:9
of
additionalfactors contribute to an improved depiction of risk
i"itur" (including risk of harm, risk of noncompliance, and risk of
not fulfilling sPecifications).
FMEA-MSR contributes to the provision of evidence of the
ability
of the diagnostic, logical, and actuation mechanisms to achieve
and mainiain a safe-or compliant state (in particular, appropriate
i"irrr" mitigation ability within the maximum fault handling time
interval and within the fault tolerant time interval)'
end
FMEA-MSR evaluates the current state of risk of failure under
of
user conditions (not just risk of harm to persons). Th9 detection
faults/failures during'customer operation can be used to avoid
the
oiitinaf failure effecl by switching t9 a degraded operational state
(inEruoing disabling the vehicle), informing the driver and/or writing
I oi"gnoitic troublL code (DTC) into the control unit for service
purpJr".. ln terms of FMEA, the result of RELIABLE diagnostic
detection and response is to eliminate (prevent) the original effect,
and replace it with a new, less severe effect'
fulfills
FMEA-MSR is useful in deciding whether the system design
the performance requirements with respect to safety and
compliance. The results may include items such as:
o additional sensor(s) may be needed for monitoring purposes
o redundancy in processing may be needed
o plausibility checks may reveal sensor malfunctions
4.1 FMEA-MSR 1st step: Planning and Preparation
4.1.1 Purpose
The main objectives of Planning and Preparation in FMEA-MSR
are:
o Projectidentification
. Project plan (lnTent, Timing, Team, Tasks, Tools (5T))
o Analysis boundaries: what is included and excluded from the
analYsis
. ldentification of baseline FMEA
. Basis for the Structure Analysis step
-126-
4.1.2 FMEA-MSR Project ldentification and Boundaries
(J FMEA-MSR project identification includes a clear understanding of
what needs to be evaluated. This involves a decision-making
process to define the FMEA-MSRs that are needed for a customer
program. What to exclude can be just as important as what to
include in the analysis.
The following may assist the team in defining FMEA-MSR
projects, as applicable:
o Hazard Analysis and Risk Assessment
. Legal Requirements
o TechnicalRequirements
o Customerwants/needs/expectation (externaland internal
customers) *
. Requirementsspecification
. Diagrams (Block/Boundary/System)
.
Schematics, Drawings, and/or 3D Models
. Bill of Materials (BOM), Risk Assessment
o Previous FMEA for similar products
Answers to these questions and others defined by the company
help create the list of FMEA-MSR projects needed. The FMEA-
MSR project list assures consistent direction, commitment and
( focus.
Below are some basic questions that help identify FMEA-MSR
boundaries:
(1) After completing a DFMEA on an
Electrical/Electronic/Prog ram mable Electronic System, are
there effects that may be harmful to persons or involve
regulatory noncompliance?
(2) Did the DFMEA indicate that all of the causes which lead
to harm or noncompliance can be detected by direct
sensing, and/or plausibility algorithms?
(3) Did the DFMEA indicate that the intended system
response to any and all of the detected causes is to switch
to a degraded operational state (including disabling the
vehicle), inform the driver and/or write a Diagnostic Trouble
Code (DTC) into the control unit for service purposes?
FMEA for Monitoring and System Response may be used to
examine systems which have integrated fault monitoring and
response mechanisms during operation. Typically, these are more
complex systems composed of sensors, actuators and logical
J I processing units. The diagnosis and monitoring in such systems
may be achieved through hardware and/or software.
-127-
 for 4-2 FMEA-MSR 2nd Step: Structure Analysis
Systems that may be considered in a Supplemental.FMEA
Monitoring and System Response consist
in general
subset of
of at
them
least
and
a
are
f 4.2.1 Purpose
sensor, a control unit, ,nJ an actuator or a
may also consist
called mechatroni. tytl"*t' Systems in-scope
The main objectives of Structure Analysis in FMEA-MSR are:
of mechanicat rrarow'ar" (e'g., pneumatics and
hydraulics),
"otpon"nts . Visualization of the analysis scope
o Structure tree or equivalent: block diagram, boundary
diagram, digital model, physical parts
Data
Data
e ldentification of design interfaces, interactions
Voltage
Voltage o Collaboration between customer and supplier engineering
Current teams (interface responsibilities)
Current
Sensor Electronic Control Unit
Actuator o Basis for the Function Analysis step
Depending on the scope of analysis, the structure may consist of
hardware elements and software elements. Complet structures
may be split into several structures (work packages) or different
layers of block diagrams and analyzed separately for
Figure 4.1'1 GenericblockdiagramofanElectrical/Electronic/Programmable organizational reasons or to ensure sufficient clarity.
Electronic SYstem
The scope of the FMEA-MSR is limited to the elements of the
system for which the baseline DFMEA showed that there are
and System causes of failure which can result in hazardous or noncompliant
The scope of a SupplementalFMEA for Monitoring effects. The scope may be expanded to include signals received
Responsemaybe.establishedinconsultationbetweencustomer by the control unit.
but are not
anJ'supptier. nfpticaole scoping criteria may include,
limited to: ln order to visualize a system structure, two methods are
{ ) commonly used:
1. SYstem SafetY relevance
. Block (Boundary) Diagrams
2.lSOStandards,i'e',SafetyGoalsaccordingtolSO26262 o Structure Trees
3.Documentationrequirementsfromlegislativebodies,e'9.
and On
UN/ECi n"gufutiohs, FMVSS/CMVSS' NHTSA' For more details, refer to Section 2.2 Design FMEA
Board Diagn-ostic Requ rements (OB D) Compliance'
i

4.2.2 Structure Trees

4.1.3 FMEA-MSR Proiect Plan ln a Supplemental FMEA for Monitoring and System Response,
the root element of a structure tree can be at vehicle level, i.e. for
AplanfortheexecutionoftheFMEA-MSRshouldbedeveloped
OEMs which analyze the overall system (see Figure 4.2-1) or at
once the FMEA-MSR project is known'
the system level, i.e. for suppliers which analyze a subsystem or
It is recommended that the 5T method
(lntent,.Timing, Team,
component (see Figure 4.2-2).
Tasks,Tool)beusedasdescribedinsectionl.5ofthishandbook'
be proactive in
The plan toi tnl Fft'f fn-ft'f Sn helps the company
activities (7-step
starting tne FMLn-MSR earty. The FMEA-MSR Root element at vehicle level
process) snoutJOe incorporited into the overall design project
Connector ECU Window Lifter
plan. Electronic Control Unit
Window Lift $ystem
Window Lifter lnterface within the FCU Window
Lifter

Figure 4.2-1 Example of a structure tree of a window lift system for investigating
erroneous signals, monitoring, and system response
0 )
-129-
-128-
 4.3 FMEA-MSR 3rd Step: Function Analysis
The sensor element and the control unit may
also be part of one f )
4.3.1 Purpose
and monitoring in such
component (smart senso r). Diaqnostics
software elements
systems may be rcalized Oy naiOware and/or fhe main objectives of Function Analysis in FMEA-MSR are
. Visualization of functions and relationships between functions
Root element at system level

Unit
Elemerrts of Smart Sensor
I
r Function tree/ function net, or equivalent parameter diagram
Data
Connector (OutPut) Sensor o EM,
I
(P-diagram)
of
Connector (lnPut)
L
Suppliers o Cascade of customer (external and internal) functions with
Manufacturerl associated req u rements
i

o Association of requirements or characteristics to functions

F
Root olement at vehicle level
. Collaboration between engineering teams (systems, safety,
Elements of Actuator and components) q

Vehicle
Data
of Actuator
U
. Basis for the Failure Analysis step
Connector (lnPut)
ln a Supplemental FMEA for Monitoring and System Response,
Manufacturer 2
L monitoring for failure detection and failure responses are
considered as functions. Hardware and software functions may
Figure 4.2-2 Example Of a Structure.tree of a
smart sensor with an internal sensing
include monitoring of system states.
element and output to an interface
Functions for monitoring and detection of faults/failures may
an
ln case there is no sensor within the scope of analysis, consist of, for example: out of range detections, cyclic redundancy
lnterface Element is used to describe the data/currenuvoltage checks, plausibility checks and sequence counter checks.
is to receive
received by the ECU' One function of any ECU Functions for failure reactions may consist of, for example,
signals can be missing or
signals viaa connector' These provision of default values, switching to a limp home mode,
With no monitoring, you get erroneous output' {,
"r-roneour. switching off the corresponding function and/or display of a
analysis, an
ln case there is no actuator within the scope of warning.
the data/currenwoltage sent
lnterface Element is used to describe Such functions are modeled for those structural elements that are
bytheECU.AnotherfunctionofanyECUistosendsignals,i.e. carriers of these functions, i,e., control units or components with
Viaaconnector.Thesesignalscanalsobemissingorerroneous. computational abilities like smart sensors.
It can also be "no output" or "failure information'"
Additionally, sensor signals can be considered which are received
Thecausesoferroneoussignalsmaybewithinacomponent by control units. Therefore, functions of signals may be described
whichisoutsidethescopeofresponsibilityoftheengineeror the as well.
These erroneous signals m9y hgve an effect on
organization.
performanceofacomponentwhichiswithinthescopeof Finally, functions of actuators can be added, which describe the
lesponsibility of the engineer or organizalgLl-t is.therefore way the actuator or vehicle reacts on demand.
necessarytoincludesuchcausesintheFMEA-MSRanalysis. Performance requirements are assumed to be the maintenance of
NoTE:EnsurethatthestructureisconsistentwiththeSafety a safe or compliant state. Fulfillment of requirements is assessed
ConcePt (as aPPlicable)' through the risk assessment.
ln case sensors and/or actuators are not within the scope of
analysis, functions are assigned to the corresponding interface
STRUCTURE ANALYSIS (srEP 2) elements (consistent with the Safety Concept-as applicable).

1. Next Higher Level

ECU Window Lifter Connector ECU Window Lifter

Window Lift

Figure 4.2-3 Example of structure Analysis in the FMEA'MSR Form

sheet a I
-131-
-130-
 Connector ECU Window Lifter
Function:
Transmitsignal from Hall efiect sensor
to ECU
f x ) E,
vl
control unitwindowLifter Transmit silnal from electric motor to ECU Mitigated System
system TransmitPower suPPlY I Monitoring
window Lift Fr"rt:trl#l Failure Effect Response
FUnCtion: -*'- Provide signal to stop and reverse tlJ
Provide anti-pinch protection window liftir motor in case of pinch lnterface within the ECU Window Lifter II
Can the
for comfort closing mode situation Functlon: failure be
Transmit status signals of ECU components
detected in
customer
Figure 4.3'1 Example of a Structure Tree with functions operation?
What happens?
lJ.t

FUNCTION ANALYSIS (STEP 3) Failure Effect Failure Mode Cause

LJ-
o whv?
1. Next Higher Level Function I
and Requirement

Provide signalto stoP and Transmit signal from Hall Facus Eleme,nt
Provide anti-pinch protection for reverse window lifter motor in effect sensor to ECU
comfort closing mode case of Pinch situation

Figure4.3.2ExampleofFunctionAnalysisinFMEA.MSRFormSheet Figure 4.4-1 Theoreticalfailure chain model DFMEA and FMEA-MSR

The focus of the analysis is a component with diagnostic

4.4 FMEA'MSR 4th Step: Failure Analysis
0 capabilities, €.9., an ECU.
4.4.1 PurPose lf the component is not capable of detecting the faulUfailure, the
Failure Mode will occur which leads to the end effect with a
ThepurposeofFailureAnalysisinFMEA-MsRistodescribethe
effect, in the context of a

t
corresponding degree of Severity.
chain of event; *r,i.n lead up to the end
relevant scenario' However, if the component can detect the failure, this leads to a
FMEA-MSR are: system response with a Failure Effect with a lower Severity
The main objectives of Failure Analysis in
compared to the original Failure Effect. Details are described in
o Establishment of the failure chain the following scenarios (1) to (3).
o Potential Failure Cause, Monitoring' System
Response'
Reduced Failure Effect
oldentificationofproductFailureCausesusingaparameter Fault occurs Failure [ffect occurs No hazardous event
(S = 1...9)
diagram or failure network
Malfunctioning Behavior {Failure Mode)
rCollaborationbetweencustomerandsupplier(FailureEffects) t
oBasisforthedocumentationoffailuresintheFMEAform
sheet and the Risk AnalYsis steP Figure 4.4-2 Failure Scenario (1) - Non-Hazardous

4.4.2 Failure Scenario Failure Scenario (1) describes the malfunctioning behavior from
the occurrence of the fault to the Failure Effect, which in this
AFailureScenarioiscomprisedofadescriptionofrelevant example is not hazardous but may reach a non-compliant end
operating in which a fault results in malfunctioning
"oniiiiont system state.
behaviorandpossiblesequencesofevents(systemstates)that
lead to staie (Failure Effect). lt starts from defined
"nir'.tem
and leads to irre Failure Effects. (see Figure
4'4-
Failure "n
causes
1)
-133-
-132-
 be derived from the DFMEA, catalogues for failures of E/E
Failr:re Effect leads to
( ) components, and network communication data descriptions
Failure Effect occurs a hazardous event (S = 10)
Fault occurs
NOTE: ln FMEA-MSR, diagnostic monitoring is assumed to
Malfunctioning Behavior {Failure Mode} 4 t function as intended. (However, it may not be effective.)
Therefore, Failure Causes of diagnostics are not part of
Fault Handling Time lnterval
FMEA-MSR but can be added to the DFMEA section of
the form sheet. These include:

Failure Scenario (21' Hazardous

,/ Failed to detect fault
Figure 4.4-3 ,/ Falsely detected fault (nuisance)
FailureScenario(2)describesthemalfunctioningbehavior.from
./ Unreliable fault response (variation in response
Effect' which in this capability)
the occurrence of tfre iault to the Failure
example leads to a hazardous event' Teams may decide not to include failures of diagnostic monitoring
it is necessary to estimate in DFMEA because Occurrence ratings are most often very low
As an aspect of the Failure Scenario' (time between
,ctrde of the Fauft Handting Time Interval (including "latentfaults" Ref. ISO 26262). Thereforeuthis analysis
ir-,"
of the may be of limited value. However, the correct implementation of
ir'" o""iitt"nce of the fault, and the occurrence
hazardlnoncompliant Failure Effec$' diagnostic monitoring should be part of the test protocol.

The Fault Handling Time lnterval is the

maximuml'l:.:l:n ot Prevention Controls of diagnostics in a DFMEA describe how
event occurs' if the reliable a mechanism is estimated to detect the Failure Cause and
malfunctioning behavior before a hazardous
iafety mechanisms are not activated' reacts on time with respect to the performance requirements.

Fault occurs
Maif unctioning Bellavior
I
I Time for Detection
Mitigated Failure No hazardous event but loss or Detection Controls of diagnostics in a DFMEA would relate back
Effect occurs degradation of a function' to development tests which verify the correct implementation and
the effectiveness of the monitoring mechanism.
Transition t
( 4.4.4 Failure Mode
Tinre for

A Failure Mode is the consequence of the fault (Failure Cause). ln

M*1 FMEA-MSR two possibilities are considered:

Fault Handling Time lnterval a. ln case of failure scenarios (1) and (2) the fault is not
detected or the system reaction is too late. Therefore, the
Failure Mode in FMEA-MSR is the same as in DFMEA.
Figure 4.4'4 Failure Scenario (3) - Mitigated (Effect) (see Figure 4.4-5).

FailureScenario(3)describesthemalfunctioningbehaviorfrom b. Different is failure scenario (3), where the fault is detected

Failure Effect, which in
the occurren."Liin" fault to the mitigated of
and the system response leads to a mitigated Failure
this exampfefeJs to a loss or degraiation of a function instead Effect. ln this case a description for the diagnostic
the hazardous event' monitoring and system response is added to the analysis.
Because the failure chain in this specific possibility
4.4.3 Failure Gause consists of a faulUfailure and a description of an intended
behavior, this is called a hybrid failure chain or hybrid
ThedescriptionoftheFailureCauseisthestartingpointofthe
and failure network (see Figure 4.4-6).
for Monitoring
Failure nnarysis in a supptemental FMEA
is assumed to have
System n"tponu"' The Failure Cause Typical
Window Lift System
Failure Effect:
i, not the true Failure cause (root c_ause) Electronic Control Unit Window Lifter
Connector ECU Window Lifter
occurred Clamping force too higlr and no Falrrre Cause:
"no
Failurecausesareelectrical/electronicfaults(E/Efaults)(Referto reopening function
Failure Mode:
Erroneous frequency transrniited within
Polarity of motor not reversed
HanrJ rnay be p,nched between valid range fronr Hall effect sensor
npp"noxczl.nootcausesmaybeinsufficientrobustnesswhen glass and frame
external environment,
exposed to uuriou, tactors ru"h ur the
cycling' data bus
vehicle dynamics, wear, service' stress
overloading,anderroneoussignalstates'etc'FailureCausescan
I Figure 4.4-5 Example of a structure with failure chain without a monitoring or with a
monitoring which is only partially effective (scenario (1) and (2)).
- 135 -
-134-
i

Window Lift SYstem

Intended Bahavior (Effect):
Loss of convenience function "Comfort closing"
Electronic Control Unit Window Lifter
lntended Behavior (Mode):
Loss of signal detected
Connector ECU Window Lifter
Failure Cause:
Signal of Hall effeci sensor is not
transmitted to ECU due to Poor
f @)
The main objectives of the FMEA-MSR Risk Analysis are:
o Assignment of existing and/or planned controls and rating of
failures
connection of Hall efiect sensor'
The window only moves in manual mode'
o Assignment of Prevention Controls to the Failure Causes

Figure 4.4.6 Example of a-structure with hybrid

which arways is effeciive and switchei fire sy;tem
failure chain including a monitoring
to a mitigated Fairure Effect (scenario
(3)).
w .
.
Assignment of Detection Controls to the Failure Causes
and/or Failure Modes
Rating of Severity, Frequency and Monitoring for each failure
chain.
4.4.5 Failure Effect o Evaluation of Action Priority
AFailureEffectisdefinedaStheconsequenceofa.FailureMode.
. Collaboration between customer and supplier (Severity)
Failure Effects in FMEA-MSR are either a malfunctioning
behavior . Basis for the Optimization step
oftheSystemoranintendedbehaviorafterdetectionofaFailure
Cause. rne end may be a',hazald,,or,,noncompliant State'' 4.5.2 Evaluations r
"r".t ani timely system resp-onse, a "safe state"
or, in case of oetection
Each Failure Mode, Cause and Effect relationship (failure chain or
or"compliantstate"withlossordegradationofafunction' hybrid network) is assessed by the following three criteria:
TheseverityofFailureEffectsisevaluatedonaten-pointscale Severity(S): represents the Severity of the Failure Effect
accordingtotaOteMsRlandTableDl'respectively'
Frequency (F): represents the Frequency of Occurrence of
Window Lift SYstem Connector ECU Window Lifter
Electronic Control Unit Window Lifter
the Cause in a given operational situation,
Failure Effect: Failure Cause:
Signal of Hall effect sensor is not during the intended service life of the
No anti-pinch protection in comfort.- Failure Mode:
closing mode No signal to stop and reverse window - transmitted to ECU due to Poor vehicle
lifter motor in case of a pinch situation connection of Hall effect sensor
(Hand or neck maY be Pinched
between window glass and frame)
Monitoring (M): represents the Detection potential of the
0 ) Diagnostic Monitoring functions (detection
of Failure Cause, Failure Mode and/or
Figure 4.4-7 Example of a failure network
Failure Effect)

FAILURE ANALYSIS (STEP 4) Evaluation numbers from 1 to 10 are used for S, F, and M
respectively, where 10 stands for the highest risk contribution.

l.Faiture Effectg {FE}to the By examining these ratings individually and in combinations of the
Next Higher Level Element three factors the need for risk-reducing actions may be prioritized.
and/or End User
4.5.3 Severity (S)
to stoP and reverse Signal of Hall effect sensor ls
No anti-pinch protection in comfort No signal The Severity rating (S) is a measure associated with the most
lifter motor in case of a not transmifted to ECU due to
clqs tng mode poor connection of Hali effect
pinched pinch situation serious Failure Effect for a given Failure Mode of the function
{Hand or neck may be
and being evaluated and is identical for DFMEA and FMEA-MSR.
Severity should be estimated using the criteria in the Severity
Figure4,4.SExampleofFailureAnalysisinFMEA.MSRFormSheet Table MSR1. The table may be augmented to include producl
specific examples. The FMEA project team should agree on an
evaluation criteria and rating system, which is consistent even if
4.5 FMEA-MSR sth SteP: Risk AnalYsis modified for individual design analysis.

4.5-1 PurPose The Severity evaluations of the Failure Effects should be

transferred by the customer to the supplier, as needed.
ThepurposeofRiskAnalysisinFMEA.MsRistoestimateriskof
t ifri" nV evaluating Severity, Frequency, and Monitoring' and
prioritize the need for actions to reduce risk'

-137-
-136-
 . Customer complaints
Product General Evaluation Griteria Severity (S) f ) . Warranty databases

Potential Failure Effects rated according to the criteria below

Blank untilfilled in . Data handbooks
by user
Corporate or The rationale is documented in the column "Rationale for
Product Line Frequency Rating" of the FMEA-MSR form sheet.
s Effect Severity criteria

Affects safe op ration of the vehicl e an d/o other

10 vehicl 9S, the h ealth of d river or passeng r(s or road
Very High users or ans
I Noncompliance with regulations
Loss of primary vehicle function necessary for normal
I driving during expected service life.
High
Degradation of primary vehicle function necessary for
7 normal driving during expected service life'
6 Loss of secondary vehicle function
5 Degradation of secondary vehicle function'
Moderate
Very objectionable appearance, sound, vibration,
4 harshness, or haPtics.
Moderately objectionable appearance, sound, vibration,
3 harshness, or haPtics.
Low
Slightly objectionable appearance, sound, vibration,
2 harshness, or haPtics.
1 Very low No discernible Failure Effect.
4.5.5 Frequency (F)
The Frequency rating (F) is a measure of the likelihood of
occurrence of the cause in relevant operating situations during the
intended service life of the vehicle or the system using the criteria
in Table MSR2.
lf the Failure Cause does not always lead to the associated
Failure Effect, the rating may be adapted, taking intq account the
probability of exposure to the relevant operating condition
(according to Table MSR2). ln such cases the operational
situation and the rationale are to be stated in the column
"Rationale for Frequency Rating."
Example: From field data it is known how often a control unit is
defective in ppm/year. This may lead to F=3. The system under
investigation is a parking system which is used only a very limited
time in comparison to the overall operating time. So harm to
persons is only possible when the defect occurs during the
parking maneuver. Therefore, Frequency may be lowered to F=2.
)

Note: This table is identicalto Table D1 - DFMEA SEVERITY

(s)
Table MSRI - SuPPlemental FMEA-MSR SEVERITY (S)

4.5.4 Rationale for Frequency Rating

ln a Supplemental FMEA for Monitoring and system Response,
the likeiihood of a failure to occur in the field under customer
operating conditions during service life is relevant'
Analysis of end user operation requires assumptions that the
manufacturing process is adequately controlled in order to assess
the sufficiency of the design.
Examples on which a rationale may be based on:
e Evaluation based on the results of Design FMEAs
o Evaluation based on the results of Process FMEAs
o Field data of returns and rejected parts
o Customer comPlaints 0 I
- 139 -
- 138 -
 4.5.6 Gurrent Monitoring Controls
f All controls that are planned or already implemented and lead to a
detection of the Failure Cause, the Failure Mode or the Failure
F requency Pote ntial (F) fo r the Prod uct
Blank until Effect by the system or by the driver are entered into the "Current
F req uency criteri a (F) for the estim ated occu
rrence of the Fai u re Cau SE tn relevant filled in bY Monitoring Controls" column. ln addition, the fault reaction after
life of the vehicle
ope rating situations du nng the ntend ed servlce user detection should be described, i.e. provision of default values, (if
Corporate or not already sufficiently described by the Failure Effect).
Estimated Product Line
FrequencY criteria - FMEA-MSR
F
FrequencY Exam Monitoring evaluates the potential that the Failure Cause, the
Cause IS unknown Failure Mode or the Failure Effect can be detected early enough
ExtremelY Frequ ncy of occurren ce of th e Failure
ptablY high durin the inte nded so that the initial Failure Effect can be mitigated before a hazard
10 high or cannot or known to be u nacce
service life of the veh icle occurs or a noncompliant state is reached. The result is an end
be determined
F ailure Ca use IS ikely to occur duri ng
th e intended servlce state effect with a lower severity.
9 life of the VE hi cle
High Fail u re Cau SE may occur often n the field d
uring the 4.5.7 Monitoring (M)
inte nded service ife of th VE hicle
the fie td during the The Monitoring rating (M) is a measure of the abilitytf detecting a
F ai lu re Cause may occu freq uently
n
7 ntend ed servlce life of the vehicle faulVfailure during customer operation and applying the fault
ntly tn the field reaction in order to maintain a safe or compliant state.
F lu re Cause may occu somewhat frequ e
6 Medium duri the intended servrce life of th e vehicle The Monitoring Rating relates to the combined ability of all
F ailure Cause ma v occur occasionallY tn
the field d u nng sensors, logic, and human sensory perception to detect the
5 the inte nded se rvlce ife of th VE hicle.
faulVfailure; and react by modifying the vehicle behavior by means
n the fi e td
Fail u re Cau se IS predicted to occur rarely of mechanical actuation and physical reaction (controllability). ln
hi cle. At east ten
4 Low d unn g the inte nded service ife of th e VE order to maintain a safe or compliant state of operation, the
occu rrences n the fi eld a re cted
sequence of fault detection and reaction need to take place before
ated CASES tn the
F ailure Ca use IS predi cted to occu in isol ( the hazardous or noncompliant effect occurs. The resulting rating
life of the vehicl At
3 Very low field duri ng th e intended servlce describes the ability to maintain a safe or compliant state of
e ast one occu rre nce in the field is p red cted
operation.
tn the field d unng
F ail ure Cause S pred icted not to occur
ce ife of the VE h cle based on Monitoring is a relative rating within the scope of the individual
the intended SETV
p revention and detection co ntro ls a nd field experience FMEA and is determined without regard for severity or frequency.
2 ExtremelY low rU led out. No
with simil al parts. lso ated CASES can not be Monitoring should be estimated using the criteria in Table MSR3.
it will not This table may be augmented with examples of common
F ail ure Cau SC ca nnot occu d U nng the nten ded servtce monitoring. The FMEA project team should agree on an
life of the vehicl e or S virtual ly eliminated E
vidence that evaluation criteria and rating system which is consistent, even if
1 Gannot Occur mented.
F ail ure Cause ca nnot occur Ration a le is docu
modified for individual product analysis.
The assumption is that Monitoring is implemented and tested as-
Pe rcentage of releva nt ope rati ng condition Value by which F maY be lowered
rati ti m e designed. The effectiveness of Monitoring depends on the design
tn n to overal
< 10o/o I of the sensor hardware, sensor redundancy, and diagnostic
< 1o/o 2 algorithms that are implemented. Plausibility metrics alone are not
considered to be effective. Refer to Table MSR3.
NOTE: Probability increases as number of vehicles
are
increased lmplementation of monitoring and the verification of effectiveness
ReferenceValueforestimationisonemillionvehiclesin should be part of the development process and therefore may be
the field analyzed in the corresponding DFMEA of the product. (see NOTE
for Failure Causes in Section 4.4.1).
(F)
Table MSR2 - Supplemental FMEA'MSR FREQUENCY The effectiveness of diagnostic monitoring and response, the fault
monitoring response time, and the Fault Tolerant Time lnterval
need to be determined prior to rating, Determination of the

aI
t -141-
-140-
 effectiveness of diagnostic monitoring is addressed in detail in lso e.Variations in human perception and reaction
26262-5:2018 Annex D f) ) f. Knowledge of implementation and effectiveness
ln practice, three different monitoring/response cases may be from other projects (newness)
distinguished Depending on these variations or execution
timing, Monitoring
controls may not be considered to oe ne LtngLE in the
sense of
M=1.
(1) No faulUfailure monitoring

(3) Less-thanreliablefault/failuremonitoring
Original M=10 Failure Cause
Failure Effect Failure Mode
F=3
Original Monitoring does
5=1"0
Failure Effect not detect the t0%
S=10 failure I
Figure 4.5-l FMEA-MSR Monitoring not implemented or not considered

M=6 Failure Cause

Failure Mode
lf there is no monitoring control, or if monitoring and response do F=3
not occur within the Fault Handling Time lnterval, then Monitoring Mitigated
should be rated as Not Effective (M=10). Monitoring
Failure Effect detects the
90%
S=6 failure
(21 Reliable faulufailure monitoring and system response
( ) Figure 4.5-3 FMEA-MSR Diagnostic Monitoring partiaily effective
Diagnost
Mitigated Failure Cause The original Failure Effect occurs less often. Most
of the failures
Monitoring and
Failure Effect Failure Mode are detected and the system response leads to a mitigateJ
Fritrr"
System ResPonse F=3 Effect. The reduced risk is_represented by the Monitori"g
S=6 *1
The most serious Failure Effect remains S=10. - iiirg.J

Figure 4.5-2 FMEA'MSR Reliable Diagnostic Monitoring

The original Failure Effect is virtually eliminated. only the
mitigatdd Failure Effect remains relevant for the risk estimation of
the product or system. ln this instance only, the mitigated FE is
relevant for the Action Priority rating, not the original FE.
The assignment of Monitoring Ratings to Failure causes and their
corresponding Monitoring Controls can vary depending on:
a. Variations in the Failure Cause or Failure Mode
b. Variations in the hardware implemented for
diagnostic monitoring
c. The execution timing of the safety mechanism, i'e'
failure is detected during "power up" only
d. Variations in sYstem response

-142- I -143-
 \) sup pl m ental F MEA for Monitoring n d Syste
m Res ponse (M)
Supplemental FMEA for Monitoring and System Response (M) Mon itoring Criteria (M fo F ail ure Ca uses
) F lu re Modes an d F a lu
M o nitorin g duri ng Customer Operation re Effects by Blank until
Blank until Use the rati ng n u mber that corresponds
Monitori ng Crite ila (M for Fai U re Cau ses F at u re Mod ES nd F ail ure Effects by lea st effective of eith e cn teria fo Monitori with the filled in by
with the filled in by n or
Monitorin g du ri ng Customer Operation U SE the rati ng n u mber th at corresponds Effectiveness m Res SE user
of either criteri for M on to nse user
least effe ctive a of Monitoring
System Response /
Effectiveness
System Response / Corporate or
M Controls and _ Diagnostic Monitoring / Corporate or
of Monitoring System Sensory Perception Criieria Human Reaction Product Line
Diagnostic Monitoring / Human Reaction Product Line
M Gontrols and Res Criteria Examples
Sensory Perception Criteria Griteria Examples
System faulVfa ilure will be utom ati ca llv
nse The automated system
d etected by the system duri ng the F au
or the driver will be able
The faulUfailure cannot be detected at No response during the H ndl tn g Tim e lnterval with med IU m
Moderately to react to the detected
all or not during the Fault Handling Fault Handling Time 4 variance in detection time, or detected
10 Not effective High faulVfailure during the
Time lnterval; by the system, the driver, lnterval. by th e driver n m ost operating Fault Handling Time
a passenger, or service technician. conditions. D agnostic coverage
interval, in most
The faulUfailure can almost never be The reaction to the esti mated 97% ratin conditions
detected in relevant oPerating fault/failure by the
system or the driver The system will
conditions. Monitoring control with low
I Very Low effectiveness, high variance, or high may not reliably occur The faulVfailure will be automatically
automatically react to
the detected faulUfailure
uncertainty. Minimal diagnostic during the Fault detected by the system during tne fautt
Handli Time lnterval. during the Fault
3 High Handling Time lntervalwith very low Handling Time lnterval
The reaction to the variance in detection time, and with a
The faultifailure can be detected in very in most operating
few relevant operating conditions' faulUfailure bY the _ high probabitity.
Diagnostic coverage estimated >gg%.
conditions with very low
Monitoring control with low system or the driver variance in system
I Low
effectiveness, high variance, or high may not always occur response time, and with
u ncertainty. Diagnostic coverage during the Fault robabil
estimated <60%. Handling Time lnterval.
{ ) The system will
Low probability of detecting the The faulVfailure will be detected automatically react to
Low probabilitY of the detected faulVfailure
faulVfailure during the Fault Handling automatically by the system with very
reacting to the detected during the Fault
Time Interval by the sYstem or the 2 Very High low variance in detection time during
Moderately faulVfailure during the Handling Time lnterval
7 driver. Monitoring control with low the Fault Handling Time lnterval, ani
Low Fault Handling Time with very low variance in
effectiveness, high variance, or high with a very high probabitity. Diagnostic
lnterval by the sYstem or system response time,
uncertainty. Diagnostic coverage coverage estimated > 99.g%.
the driver. and with a very high
estimated >60%.
The automated sYstem robabili
The faulUfailure will be automatically Reliable and
The faulVfailure will always be detected Th e system willalways
detected by the system or the driver or the driver will be able acceptable for
automatically by the system, Diagnostic automatically react to
6 only during power-up, with medium to react to the detected 1 elimination of
coverage estimated to be significanfly the detected faulVfailure
variance in detection time. Diagnostic faulUfailure in manY original Failure
operating conditions. greater than 99.9%. during the Fault
coverage estimated >90%. Effect.
Handli Time lnterval.
The faulVfailure will be automatically The automated sYstem
Moderate Table MSR3 - Supptementat FMEA-MSR MONTTORTNG
detected by the system during the Fault or the driver will be able (M)
Handling Time lnterval, with medium to react to the detected
5 variance in detection time, or detected faulUfailure during the
by the driver in very many oPerating Fault Handling Time
conditions. Diagnostic coverage lnterval in very manY
estimated between 90% - 97%- operating conditions.

0 I
-144- -145-
 4.5.8 Action Priority (AP) for FMEA-MSR Action for FM EA.MSR
{ )
The Action Priority is a methodology which allow_s for the Action Priority is based on combinations of Severity, Frequency,
prioritization of the need for action, considering severity, and Monitoring ratings in order to
actions for risk reduction.
FrequencY, and Monitoring (SFM)'
Prediction of Failure
This is done by the assignment of sFM ratings which provide a Cause Occurring Effectiveness of ACTION
Effect S
basis for the estimation of risk. During Service Life F
Monitoring M PRIORITY
of Vehicle (AP)
see previous chapters for discussion of reducing risk first by s,
Medium - Extremely
then F, then M. 5-1 0 Reliable - Not effective 1-10
high H

Moderatety high - Not

4-10 H
PriorityHigh(H):Highestpriorityforreviewandaction' Low
effective
The team needs to either identify an appropriate 4
Very high - 2-3 H
action to lower frequency and/or to improve
monitoring controls or justify and document why Reliable 1.; M
current controls are adequate' Product Moderately high - Not
10 4-10
Effect High effective H
Priority- Medium (M): Medium priority for review and action. Very low 3
The team should identify appropriate actions to Very high - High 2-3 M
lower frequency and/or to improve monitoring Reliable 1 L
controls, or, at the discretion of the company, Moderately high - Not
justify and document why controls are adequate' Extremely low 2 effective 4-10 M

Priority- Low (L): Low priority for review and action' Reliable - 1-3 L
The team could identify actions to lower Cannot occur 1 Reliable - Not effective 1-10 L
frequency and/or to improve monitoring controls' Low - Extremely high
It is recommended that potential Severity 9-10 failure effects with
I 4-10 Reliable - Not effective
Very high - Not
1-10 H

Product Extremely low - Very 2-10

Action Priority High and Medium, at a minimum, be reviewed by Effect High I low 2-3 effective H

management including any recommended actions that were Reliable - High 1 L

taken. Cannot occur 1 Reliable - Not effective 1-10 L
This is not the prioritization of High, Medium, or Low risk. lt is
Medium - Extremely
the prioritization of the need for actions to reduce risk. 6-1 0 Reliable - Not effective 1-10 H
high
I Note: lt may be helpful to include a statement such as "No Moderately high - Not
I
I
trrther action is needed" in the Remarks field as
Medium effective 5-1 0 H
II
apProPriate. 5
Reliable - Moderately
1-4
hish M

Moderately low - Not

effective 7-10 H
Product
Low 4 Moderately high -
Effect 4-6 M
Moderately 7-8 Moderate
high Reliable - High 1-3 L
Very low - Not effective 9-1 0 H
Very low 3 Moderately low - Low 7-8 M
Reliable - Moderate 1-6 L
Moderately low - Not
Extremely low effective 7-10 M
2

5 I Cannot occur 1
Reliable - Moderate
Reliable - Not effective
1-6
1-10
L
L

-146- -147-
 Action Prio
Action Priority ts based on combin ations of Seve rity Freq
for FM
uency an d Mon itoring rating S in ord er to
o (, UPPLEMENTAL FMEA-MSR RISK ANALYSIS (STEP 5)

actions for risk reduction

-(5
Prediction of Failure ACTION L
o
Cause Occurring Effectiveness of M PRIORITY
s F o-
Effect During Service Life Monitoring (AP) o
of Vehicle
1-10 H Eo
High - ExtremelY high 7-10 Reliable - Not effective o
C)
Moderate - Not 6-10 H L
o
effective =
Medium 5-6
Reliable - ModeratelY M
iI
Product 1-5
hig h
Effect 4-6 9-10 M
-
Very low Not effective
Moderately The connection
ModeratelY high - 2 None Window will 10 Hand or neck 10 10 M
low 2-4 7-8 M
Extremely low - Low Moderate principle of the close with may be
Reliable - Moderate 1-6 L Hall effect full pinched
1-10 L sensor and ECU clamping between glass
Cannot occur I Reliable - Not effective
is according to force. and frame
Reliable - Not effective 1-10 H
High - ExtremelY high 7-10 standard xyz.
ModeratelY low - Not 7-10 M
5-6 effective
Product
Medium
Reliable - Moderate 1-6 L Figure 4.5.4 Example of FMEA-MSR Risk Analysis - Evaluation of Current Risk Form
2-3
Effect Low Sheet
Reliable - Not effective 1-10 L
Extremely low - Low 2-4
Reliable - Not effective 1-10 L
Cannot occur 1

Product Cannot occur - L

Effect Very 1 1-10 Reliable - Not effective 1-10 4.6 FMEA-MSR 6th Step: Optimization
Extremely high
Low
1:lf M=1, the severity rating of the Failure Effect after 4.6.1 Purpose
NOTE
Monitoring and System Response is to be used for The primary objective of Optimization in FMEA-MSR is to develop
determining trlSi nction Priority' lf M is not equal to
1'
actions that reduce risk and improve safety. ln this step, the team
then the severity Rating of the original Failure Effect is
reviews the results of the risk analysis and evaluates action
to be used for determining MSR Action Priority' priorities.
NOTE 2: When FMEA-MSR is used, and M=1, then DFMEA The main objectives of FMEA-MSR Optimization are:
ActionPrioritizationreplacestheseverityratingofthe
originalFailureEffectwiththeSeverityratingofthe
o ldentification of the actions necessary to reduce risks
mitigated Failure Effect' . Assignment of responsibilities and target completion dates for
action implementation
Table AP - ACTION PRIORITY FOR FMEA-MSR . lmplementation and documentation of actions taken including
confirmation of the effectiveness of the implemented actions
and assessment of risk after actions taken
o Collaboration between the FMEA team, management,
customers, and suppliers regarding potential failures
. Basis for refinement of the product requirements and
preventionidetection controls

-149-
-148-
 indicate a need for The action has been defined but has not yet decided on. A
High and medium action priorities may
decision paper is being created.
technical imProvement. )
more reliable lmplementation pending (optional)
lmprovements may be achieved by introducing
componentswnicnreducetheoccurrencepotentialoftheFailure The action has been decided on but not yet implemented.
which
cause in the ti"ii'orlntioor." additional monitoring
improve tfre Oeteltion capabilities of the
system' lntroduction of Gompleted
monitoring i, to design change' Frequency of the Failure Completed actions have been implemented and their
Cause is not
"imifai ft tJy also bL possible to eliminate the effectiveness has been demonstrated and documented. A
Failure Effect"nung"d'
by introducing redundancy' final evaluation has been done.
lftheteamdecidesthatnofurtheractionsarenecessary,..No Not lmplemented
furtheractioni'n*o"o,,iswrittenintheRemarksfieldtoshow Not lmplemented status is assigned when a decision is
the risk analYsis was comPleted' made not to implement an action. This may occur when
Theoptimizationismosteffectiveinthefollowingorder: risks related to practical and technical limita(ions are
to reduce the beyond current capabilities.
e Component desigrr modifications in order
(FC)
Frequency (F) oflhe Failure Cause
Failure Cause
o lncrease the Monitoring (M) ability for the The FMEA is not considered "complete" until the team assesses
(FC) or Failure Mode (FM)' each item's Action Priority and either accepts the level of risk or
documents closure of all actions. crosure of all actions should be
lnthecaseofdesignmodifications,allimpacteddesignelements documented before the FMEA is released at start of production
are evaluated again' (soP).
FMEA are
ln the case of concept modifications' all steps of the lf "No Action Taken", then Action priority is not reduced and the
reviewedfortrreaffectedsections.Thisisnecessarybecausethe risk of failure is carried forward into the product design.
it was based upon a
original analysis is no longer valid since ( )
different design concePt' 4.6.4 Assessment of Action Effectiveness
4.6.2 Assignment of Responsibilities when an action has been completed, Frequency, and Monitoring
values are reassessed, and a new Action priority may be
EachactionshouldhavearesponsibleindividualandaTarget determined.
-ompletion Date (TCD) associated with it'
The new action receives a preliminary Action priority rating as a
Theresponsiblepersonensurestheactionstatusisupdated.lf prediction of effectiveness.
theactionisconfirmedthispersonisalsoresponsibleforthe
action imPlementation' However, the status of the action remains ,,implementation
pending" until the effectiveness has been tested. After the tests
TheActualCompletionDateisdocumentedincludingthedatethe are finalized the preliminary rating has to be confirmed or adapted,
actions are imPlemented' when indicated. The status of the action is then changed from
TargetCompletionDatesshouldberealistic(i.e.,inaccordance "implementation pending" to "completed .,,
prior to process validation'
with the proor.l J"velopment plan' The reassessment should be based on the effectiveness of the
prior to start of Production)' MSR Preventive and Diagnostic Monitoring Actions taken and the
new values are based on the definitions in the FMEA-MSR
4.6.3 Status of the Actions Frequency and Monitoring rating tables.
Suggested levels for Status of Actions:
4.6.5 Gontinuous lmprovement
OPen
FMEA-MSR serves as an historical record for the design.
No Action defined' Therefore, the original Severity, Frequency, and Monitoring (S, F,
Decision Pending (oPtional) M) numbers are not modified once actions have been taken.

-151-
- 150 -
 The completed analysis becomes a.repository
to capture the 4.7 FMEA-MSR 7th Step: Results Documentation
progr"rrion of design decisions and design refinements' family .

modified for basis' 4.7.1 Purpose

However, original sl f , Vf t"tings may be
information is used as a starting
or generic DFMEAs o"""ur" t6e The purpose of the results documentation step is to summarize
point tot an application-specific analysis' and communicate the results of the Failure Mode and Effects
Analysis activity.
The main objectives of FMEA - MSR Results Documentation are:
SUPPLEM ENTAL FMEA-M SR o PTI M
IZATION
ul
IL IL - . Communication of results and conclusions of the analysis
6
o
MSR Diagnostic System
Most severe bcr
^o
e.E
Responsible Target
Statug
Action Taken Completion
with Pointer
.l}
o
C
o
(!
L
. Establishment of the content of the documentation
Person'9 Completion Date t d)
Preventive Monitoring Response after System bb Name Date to Evidence g t x . Documentation of actions taken including confirmation of
Action Action Response Cr .[
(,
IL -o the effectiveness of the implemented actions and
o
implem 2 1 L assessment of risk after actions taken
Comfort Loss of 6 Test {
entatlon
plausibility
closing
mode
convenience engineer
Mr. Warren
. Communication of actions taken to reduce risks, including
check disabled Watchful within the organization, and with customers and/or
The window
suppliers as appropriate

loss of
and moves
manual
o Record of risk analysis and reduction to acceptable levels
from
effect 4.7.2 FMEA Report
The scope and results of an FMEA should be summarized in a
report. The report can be used for communication purposes within
new Risk Evaluation Form sheet
Figure 4.6-l Example of FMEA-MSR Optimization with a company, or between companies. The report is not meant to
( ) replace reviews of the FMEA-MSR details when requested by
management, customers, or suppliers. lt is meant to be a
summary for the FMEA-MSR team and others to confirm
completion of each of the tasks and review the results of the
analysis.
It is important that the content of the documentation fulfills the
requirements of the organization, the intended reader, and
relevant stakeholders. Details may be agreed upon between the
parties. ln this way, it is also ensured that all details of the analysis
and the intellectual property remain at the developing company.
The layout of the document may be company specific. However,
the report should indicate the technical risk of failure as a part of
the development plan and project milestones. The content may
include the following:
A. A statement of final status compared to original goals
established in 1.5 Project Plan
1. FMEA lntent - Purpose of this FMEA?
2. FMEA Timing - FMEA due date?
3. FMEA Team - List of participants?
4. FMEA Task - Scope of this FMEA?
5. FMEA Tool - How do we conduct the analysis Method
used?
a
- 153 -
-152-
 APPENDIX
B. A summary
new.
of the scope of the analysis and identify
what is
ft 0 A SAMPLE FMEA FoRM Suerrs..,....,.. .....158
C A of how the functions were developed A1 DFMEA Form Sheets .....158
"u**rty A2 PFMEA Form Sheets. .....162
43 FMEA - MSR Form 9heets.......... .....169
D'Asummaryofatleastthehigh-riskfailuresasdeterminedby B Fonv SHrrrs - Srup sy Srsp Hrrurs............. .....171
the team ano proviJe a copy-or the specific
S/F|V rgJino tables
8L DFMEA Form Sheet Hints............ .....171
(e.g. Action Priority,table).
and methoO ot #ion priorit'ation 82 PFMEA Form Sheet Hints ,........,., ,....176
E.Asummaryoftheactionstakenand/orplannedtoaddressthe 83 FMEA-MSR Form Sheet Hints.. BA
high-risk fiilures including status of those actions' c SEVERtry, OccuRnENcE, DETECIoN AND AcloN PRtoRrryTnerrs............. 185
FMEA
F. A"pfrn and commitment of timing for ongoing Cl DFMEA SOD and AP Tables.......... 185
improvement actions' cl.1 DFMEA SEVERTTY (S) 185
a. Commitment and timing to close openaction?.^^ during
cl.2 DFMEA OCCURRENCE (O) .........,.,... ..........186
b. commitmenito review-and revise the FMEA-MSR completeness
C7.3 Alternative DFMEA Occurrence (O)Tables 188
mass production to ensure the accuracy and 192
production
of the analysis as compared with the original C1.5 ACTION PRIORITY TABLE FOR DFME4.............. ..193
changes'
design (e.g. revisions triggered from design C2 PFMEA SOD ond AP Tobles .......... ..........195
procedures)'
corrective actions, etc', 6ised on company c2.1 PFMEA SEVER\TY (S)....,..... ..........L95
(Refer to section 1.4 Case 3 FMEA revisions) c2.2 PFMEA OCCURRENCE (O)................ ..........797
c. Commitmeniio capture "things gone wrong" in foundation C2.3 Alternqtive PFMEA Occurrence (O) Tobles.....
c2.4 PFMEA DETECTTON (D).
..198
200
FMEA-MSRsforthebenefitoffutureanalysisreuse,when
and Family
applicable' (Refer to section 1'3'6 Foundation C2.5 ACTION PRIORITY TABLE FOR PFMEA 202
C3 FMEA-MSR SFM ond AP Tab|es........... 204
FMEAs)
c3.7 Supplementol FMEA-MSR SEVERITY (S) 204
C3.2 Supple mental FM EA-MSR FREQU EN CY (F ).............. 205
( ) C3.j Supple mental F M EA-MSR MON ITORING (M ) ........... .,......, 206
C3.4 ACTION PRIORITY FOR FM EA-M'R............ 208
D ADDrroNS................... 2r0
D 1 Speci o I Ch a ra cte ri sti cs ................. .2L0
D2 FMEA ond Functionol Sofety....,.. 210
E FURTHER AppLrcATroN Freros ........... 213
E1 FMEA for Software 9copes......... 213
E2 Objective of the Software Scopes lnspection ......213
E3 FMEA in the Softwore Development Process .... ......214
E4 FMEA for Mochine and Facility Monufacturers ......214
F CHANGEPorrurSuvruanrES................. ......275
Fl AIAG 4th Edition FMEA Reference Manuqlto AIAG & VDA FMEA Handbook ......215
F2 VDA Volume 4, Chopter Product and Process FMEA to AIAG & VDA FMEA Hondbook ......223
G REFERENCES AND SUGGESTED READINGS ......235
H G LossARY ............

Table of Figures
FoRv A: Srnruoeno DFMEA FoRM SHEET..
FORIv B: ALTERNATE DFMEA FoRM SHEET..
VIEW A: DFM EA Sorrwnar VrEw
FOnu C: STANDARD PFMEA FoRM SHEET..,
FOnv D: ALTERNATE PFMEA FonU SHETT..
FOnv E: ALTERNATE PFMEA FONV SHTET..
FOnv F: ALTERNATE PFMEA FoNV SHTET,,
'ri
':l
ifi
Ll,
F
- 155 -
,{
hl
h' -154-
 VIEW B: PFMEA SorrwnRe Vtew
Fonu H: STANDARD FMEA-MSR FORM SHEET..,
168
,.,...169 cI
FTGURE 81.1-1 DFMEA FoRM SHEETWtttt Hrrrrrs: Srep 1............ ....................171
Fre unr BL.2-1 DFMEA Fonv SHe er wrH Htnrs: Srep 2............ ....................L7L
Fre une 81.3-1 DFMEA Fonu SHe rr wrH Htrurs: Srep 3. L72
Fre une 81.4-L DFMEA Fonv SHe er wrH Hr]\lrs: Srep 4. L72
Fre unr 81.5-1 DFMEA FoRM SHEEr wrn Hrrurs: Srep 5............ ....................173
FrcuRE 81.5-1 DFMEA FoRM SHEEr wrn Htrurs: Sre p 6. L73
FTGURE BL.8-1 DFMEA Frulune SrnuctunE (Sorrwnne Vrrw) ................ .......174
Fre uns 81.8-2 DFMEA RrsK ANALysrs (Sorrwnnr Vtew) ................ ...............t74
Fre une 81.8-3 DFMEA OprMrzAroN wrrH NEW Rrsx Evnlunrton (Sorrwanr Vtew) t75
Freunr 82.1-1 PFMEA FoRM SHEETWITH HINTS: STEP 1 L76
FIGURE 82.2-1 PFMEA Fonv SHeer wtrH HrNTs: STEP 2 L76
Fre unE 82.3-1. PFMEA Fonv Suerr wru HtNrs: Srup 3 L77
Freune 82.4-L PFMEA Fonu Sreer wrH Htnrs: SrEp 4 L77
Freune 82.5-1 PFMEA FoRM SHEET WTH HIruTs: STEp 5 L78
FIGURE 82.5-1 PFMEA FoRM SHEET W|TH HIruTs: STep 6 178
FIGURE 82.8-L PFMEA FnrtuRe SrRUcruRE (SoFrwARE VrEW) t79
FTGURE 82.8-2 PFMEA wrrH Rrsx AnALvsrs (SoFrwARE VtEW) L79
Fre unE 82.8-3 PFMEA OprMrzATroN wrrH NEW RrsK EVALUATToN (Sorrwnne Vtew)............... 180
Freune 83.1-1 FMEA-MSR FoRu SHerr wIrH H|urs: SrEp 1 180
Freune 83.2-1 FMEA-MSR FoRM SHEETWTn H|rurs: Srep 2 181
Freune 83.3-1 FMEA-MSR FoRM SHEETWITH HINTS: STEP 3 181
FTGURE 83.4-1 FMEA-MSR FoRv SHe et wtrH HrNTs SHEET: STEp 4 ..................... t82
FTGURE 83.5-1 FMEA-MSR Fonna SHe n wtrH HrNrs: SrEp 5 r82
FTGURE 83.6-1 FMEA-MSR Fonv SHrer wrH Htrurs: SrEp 6 183
FTGURE 83.8-1 FMEA-MSR Fe[une Srnucrunr (Sorrwnnr Vrew) 183
FTGURE 83.8-2 FMEA-MSR RrsK ANALysrs (Sorrwane Vtew) L84
FTGURE 83.8-3 FMEA-MSR OprMrzATroN wrrH NEW RrsK EvALUAror.r (Sorrwnnr Vrew) .............. L84
FIGURE D2-], LINKAGE BETWEEN FAILURE CAUSES IN FMEA-MSR To FAULTS Iru ISO 25262. 2L2

Table of Tables
185
Tnele Cl.2 - DFMEA Occunne rucr (O) 187
TABLE C1.3.1 - ALrrRruarr DFMEA Occunnrrucr (O) 189
TABLE C1.3.2 -ALTERNATE DFMEA OccunnrrucE (O) L9L
TABLE C]..4 - DFMEA DETECTION (D) 792
TABLE C]..5 -ACTION PRIORITY FOR DFMEA 194
TABLE C2-1- PFMEA SEVERITY (S)......... L95
Tnete C2. 2 - PFMEA OCCURRENCE (O) 197
Teate C2.3.1- AlrsRNnre PFMEA OCCURRENCE (O) 198
TABLE C2.3.2 - Atre Rrunre PFMEA OCCURRENCE (O) 199
TABLE C2.4 - PFMEA DETECTION (D) 20L
TABLE C2.5 -ACTION PRIORITY FOR PFMEA..... 203
TasLE C3-1- Suppreue rurnl FMEA-MSR SEVERITY (S) ................ 204
TABLE C3-2 - SupplruerurnL FMEA-MSR FREQUENCY (F) 20s
TABLE C3-3 - SupplrvrrurnL FMEA-MSR MONITORING (M) 207
TABLE C3.4-ACTION PRIORITY FOR FMEA-MSR 209

-156-
 A Sample FMEA Form Sheets
f) 0 {
E
{
o-
t
A1 DFMEA Form Sheets I
uJ
F
(t, '9 B
(euoIdO)
spo3 Jel[l

. Form A: Standard DFMEA Form Sheet '6

I
(tt !oE
o AIAG & VDA Form Sheet Supporting 7 Step Approach TEi
U t J grf
=
6 z Et
a.
6 .i
a Form B: Alternate DFMEA Form Sheet trJ
t.
o with "Next Higher Level" and "Next Higher Level and Function and f
J
#iiii
,9
Requirement" in a single row and not prepared in all rows' lt
;o
Eo
o
a View A: DFMEA Software View'
iai:E
js uE 9Eg
6r tE€
.9aLi
(r)
o.
uJ
IEe
F
o-
uJ
F
g I
{i

at, z @
dE
;i U'
o
IIJ o.o al,
F
=
IL
'6 1 J
HEE s -.9
g,t s
z
(9
U dc
=
o .S fi{
z
!FF =
F-
q
,Fs3
o
heo z o
o o
F et
IJJ o '62
o z3
:E
E9
9-e
lt t: rE
d6
..!2 d
o IE
.>
G
0 0 c
o I
u
N
o-
lrJ
o F
o U'
z
UJ 9 L c
F U'
tttr u J E
.c
0
4 z
t! U
e.
I

o I e (tBuo0do) epoC roltj

tto ot
o
UJ
tr
f
ti
lO
z 5P F o.
2 3Z o
z IJJ
=o J
I
JC
et
f
t a
F
U'
F
o L
.9" z a
G
lt U

c z
.9 3F 5 s.q
o tro >9 d
Y
o oI :t<
!d{ o
o o-
E

Form A: Standard DFMEA Form Sheef

- 158 - - 159 -
 I
I
O)
o I

(Design FMEA)
Design Failure Mode and Effects Analysis
(STEP Nurber:
PLANNING & PREPARATION DFMEAID
Pro@ss
DFMEAStail Date: Confidentiality Level:
Engineefing Locationi DFMEARevision Oate:
Customr Nare:
Cross-Functional Team:
Mod6l Year / Platforft
3) FAILURE AMLYSIS (STEP 4)
FUNCTION ANALYSIS (srEP
2)
STRUCTURE AMLYSIS (STEP

l. Noxt Hlghsr Lsvol

l. I'lext Hlgher Lovcl !nd
'l'l
o
u
r
l.FalluB Efioctt (FE) to tho o
p9 @ 2. Fa[uB Itode (Flt)
History /Change Noxt Hlghor Lovol
Authorization Focut
Element.ndlo. Vchlclo End E
(As Appllcablo) Ulgr
I (fhis column is @
o oPtional)
q)
o
o
TI
tn
=
'n oPTrMlzATloN (STEP 6)
o RrsK ANALYSIS (STEP 5)
l
u,
o
o

=
o
Fa Ta.get Action Taken conpletion Remarks
o Responsible Cofipleiion Stdus Pointer Date
Pe6on's Date Eviden@
o
o
E

q
O
I O

Design Failure Mode and Effects Analysis (Design FMEA) PLANNING & PREPARATION (STEP I)

STRUCTURE ANALYSTS (STEP 2)

S
m
FUNCTION ANALYSTS (STEP 3)
E t,blh|d
as&di4tuiffi
P
tr
.T
FATLURE ANALYSTS (STEP 4) DFMEA RISKANALYSIS (STEP q and DFMEA, OPTIMIZAT|ON (STEP 6)
m
=
D
6 l.t&na[6fq g
btuhNFldtrm
o &ffiEndU*
!
€
!, CONTROLS

o
S
o
{ DFTllEA OPTIMIZATION

I
J
O)
A
I
 A2 PFMEA Form Sheets
Sheet
f) ) OE
sl
!i t
o Form C: Standard PFMEA Form
Supporting 7 Step Approach !I
E

o AIAG & VDA form bt""i d

If dv veHJd
&
u a5
Form D:Alternate PFMEA Form Sheet. row F
of the Process ltem" in a single
a o
,,pro."".'ii!;'; ir {o) uollcol€o

o with ;;l'"F;nction Iq
EG (o) a.u€[n..o
and not PrePared in all rows
J
I

2
lc
dt (S) ilr6^os
U tl ro {s) f,xr€^os
d
f
PFMEA Form Sheet
i g J
a Form E: Alternate
,,Functior, f?g," pro""r, Step and product characteristics"
and ?6 I u Eo
o with
,,Function of process work er"rlltlno Process characteristics"
split e B
G
o

category of {.Eq
to ru[" each column a unique FS:
F a
into multipt";;il;;r in order F Et!
{i'
c
information u
F
t,
z q

Sheet- IF
a Form F: Alternate PFMEA Form
and Form E combined N
o Adjustmentsfr'om Form O
a F
=
a
-.s
9.i s
I
c
U o 6 qO
F
Sheet 6

Form G:Alternate PFMEA Form

g
Analysis and Failure Analysis
a e

with moditication, to t structure

t4
q th
o " F
=
E :2 '62

sections. LrJ
z
BE

l=
!
I
IF
o
ii:gu .9c
z
View B: PFMEA Software View
o f t.9
a to
o
E
! tt €{
() iiF.
o 3ii

{ ) r q3
ie E di
5!:
.9, E! a{
o
.>
(! {puo[dO) opoJr6nH
c
o &
o U
o F
q
Ei Iq
u,l ltz
E 3i o
tr
att
fE z
u
iE{r
c itt
c
u
F
ttoo . :F
v i .z o
L
o an

=o
l
d
F i:; J
z
p
!iE
E'g ; Y
o
=IE
l!
q
iI! e

o ql
o 9E
o
o ";
o zd
od
o. OE ilEce
# enrsl

Form C: Standard PFMEA Form Sheef

-163-
-162-
 I
J
o,
5
I

Process Failure ttllode and Effects Analysis (Process FftlEAl

PLATIIIIIG & PREPARATIOI{ PFUEA lO l.turlt r
PFTEA St tl0rtt:
Pradt
Plrrt
Lerti6: '
Cusiqnrttre:-- PFU€A Revirin n*l

(STE P 3l r AIURE AI{ALYSIS (STEP 4I

co{Tiluo{rs sTRUCTURE AIIALYSIS (STtp 2l r uilcTloil AIIALYSIS

l.f6fi.tdbPr!4r f eiPtrqtl
t.Ppillo l-
sHalo Flet:
.lI ryrb,tati-" Fedo0.att|{a,
PrrlElrartt $rlqcqiPalElcdi
o lrdFm otPDdl ErdiJ*(

&
P 2"ffi.rCfapr$ia o
$iloryrctl.t9. l?dhdlc aFflFb*Fl
rt A.6qArlin cl{t.ailb LFrl.reEtclr(fEl
et'rApprdblil
diift'o6tho
F
:I
o Itllirolmb nffrt-.b
o$srl .*r{
q)
o
!T
r=n

Ir
o oPTlllt lzATlON (STEP 6)
RlsK ANALYSIS (STEP 5)
s
CN

o
o

o o 4
o
Target Adion Taken Codpletion .E o
o Detection Responsible Poiftea E Remar*s
Prevention Conpletion Stdus Oate E
Hion Mion Pecon's Nam Dde Eviden@ E
o q 4
o o o

rA\
-
Y O

Process Failure Mode and Effects Analysis (Process FMEA)

PUNNING & PtrPRTION {STEP 1}
Subjd
Pro6$ R$ponrlbuq: _
Contu.nelrykv.t__

coTtNU@s
STruCTUEMYSIS (STEP 2} FUNCTTONMYSTS (STEP 3)

.i:
'n
o rio' g

s 'dff. (D{qereL
m

o
5
q)
o
!
g
|.n
D RrsK ANALYSTS (STEP 5) oPTTMlzATTON (STEP 6)
'tl
o
o o
o Targ€l
Shus Rematu
U, E
Dde Evidenco =
o
o o
o
o

I
J
O)
(rl
I
I
O)
O)
I

Process Failure Mode and Effects

Analysis (Process FMEA)
PLANNING & PREPARATION PFMEAID Numben

PFMEASbd Dab: Confidsn@lity L€vel:

PlantLo€ton: PFMEARevEion Dab:
Crcss-Funcsnal Team:
ModslYoar/ Pldom:
FAILURE ANALYSIS (STEP 4}
FUNCTION ANALYSIS (STEP 3}
STRUCTURE AMLYSIS (STEP 2)

6FM,8!bytbm, Fun&n d sYdm,

2! Prdd T.bPffi
TI clles$c Ch.nrcilldc g 2, Fitur kdr (fl4 of
HbtorylChang€ 2.Plocdsbp t Plldrvlort ondorlfi t. F.lbn Effi (FE)
o lrfomb oth ommf $.F@8!o
Elild
(k Applicable) 6doo xo'rd (or*rgetn vrut
(ftb column b :aItF ((l0n$drnll .feo0
ELffit oPUoC)
opdonal)
\
o
5
qt
o
!
e
rn
sFT iMg.&T !$li { 5',1- 69 6}
.n Rrsl(ANALYSIS(sTSF 5l
o
s
@
o $
o
I C
Ti Qtt is${t $ i
OritCldl &s f6i9s lrfisqls l1r1ii ks g
g sssttoo lrtBfi ffi swti6s 0** -t !
U s
c

...l,
Gl

Process Failure Mode and Effects Analysis (Process FMEA)

Plant Lo€tion:_
Customr Nare PFMEAStafr Dde:
Model Year / Plafform:_

STRUCTURE ANALYSIS ISTEP 2} FUNCTION ANALYSIS (STEP 3) FAILURE ANALYSIS (STEP 4I

2. Funcion oillhe u
I
2,Pl!ffiSLp Process Description P@E! 8t p and
3.Pm$rort o
(Verb / Noun) Prcduc{ 2, F luo toda
Ebfrrtrt 3, Puncdon ottha PmEl YVqi Ebmllt md 3. Fdhrn C.u$ (Fc) qf
3t {,on 1{o, .nd Chrncirrralb (FlT) otthi 1. FslluE Efrocb (FE)
Pl@.ChncnrL6c 'i
OrYtor* Ebmot
tllm otFw$ (Function or Outcome F@sbp
ofthe Process Step) (Ourn$t ttn vdn b 4ITypr
'n Elrrunt
o opooE0

o
o
qt
o
t
g
m
b PFMilID
'tl Pr@ss Responsibilitf
o SecurityClssift€tion:
.gt
RISK ANALYSIS (STEP I
6
o o o 4
o E Target
p e Oetection Respnsible Coqletion .9
f
Prcvenlion tution Goryletion Status Pointerto U E
& E v Date
Date Evidence =
o o o c c
o o o

I
I
O)
\t
I
 I
I
o)
@
I

PLNNII{G & PREPARATpil (STEP 1)

Process Failure Mode and Effects Analysis (Process FMEA)

STRUCTURE ANALYSIS (STEP 2)

sIn
E
p9
FUNCTTON AMLYSIS (STEP 3)

t t.*d-bh
l*a'iSb
E-b
*rn
D
cn
RISK AilALYSIS CURRENT CONTROLS (STEP 5) and oPnrfizATloN (STEP 6)
o
:t
t!r i
d
PFi'il CURRENT CONTROLS
so
{

,!'ris...jf .-..
j
'J+* + -.-3

O
(.,
.Tl

m
=
t'l
/=
Design Failure Mode and Effects Analysis (DESlcN FMEA) E"i n
I ewmffiW$ry---l

c[d.tn:- D*a;;;D;:- ffiiqhl-

kiY;i.i;;;- Y>; 3
STRUfrURE AULreF (STEP 2) FUNCTON MreF (STEP 3) 3
DFMSOmttaTpN (srEP 6) <lo
mtr=
>Qo6i A
f
Is
I I:
E
Cn
tl
:5i
6>)
flo
or zlt
I
a- ttttt g)Y>
q, tl tttt q3 +
tl itt A @U)
a. II ttt tttl oi *l
3 <ti tb rr
Itt .z*O
SUPPLEMENTAL FMEA-MSR RISKANALYSIS (STEP 5}
;''gj
SUPPLEMENTAL FMEA.MSR OPTIMIZATION (STEP 6) €-;
*
v, qd
E
D 4(D
tsR
;e (o
J =o
i
\
s @
o
3 I E
o
o tt E
I E
tt d
0)
tt o
J

I
A
o)
(o
I
t
J
{o
I

'I
PLANNING & PREPARATION (STEP
Design Failure Mode and Effects Analysis (Design FMEA)

ANALYSTS (STEP 2)

ANALYSTS (STEP 3)

*dwi

(STEP 6)
DFMEA RISK ANALYSIS (STEP 5) and DFMEA oPTlMrzATlON
aNALYSTS (STEP 4)
srT
E I
i.arh&(nt €
a bftFfrhldlh
.lt .e*hb

rt
=
I

v,
=
T DFMEA OPTIMIZATION
cn
o
(STEP 6)
t
gr FMEA-ItlSR RISK ANALYSIS (STEP 5) and OPTIMIZATION

o !
s
so €

{
FMEA-MSR CURRENT CON1ROLS

OPTIMIZATION

r" r' -
i \' r:ir

e
!= t, trg P ! EE
o .a
€F 0
.lr .Tl
g
e.H zo E !.f
g|D 5FE Eg tr=o
dE xal r\ 6 g E rE {m=
Eq N \>
o-r J.
d frto q

-$e ct U ei 9
9q e,
0
rl * ESP 3s Fs Ess E
Eg i:l
I!
ro
m Eq
ga sE s;a F o B
c 3? ro
a D aI! €*: $ J>or
$a
tl 'lt u. b(Dl
o o -{ o gE
=s. $8 s 59a $
tr o E o
\o :4.
€d €€ d'T(/D
i.!FF
'n
gl
iN cn s :\ ec :: s= €
I f) I (,c, 0
ct, ca trar c,c'
o.lt E
{ so o Aocr
u c tr IO 63 .S g
'tt o o lr -6 "s Fg "s o
d<
7 o
FI *t fl g!.
c n(D o E9
TT
= eg m T
r= If!
AI '1. O
D ._ i< Pg
b ifr .+ :T
at
tr S
FT 'tr o * Stt
o ea z v, o g tit
jrt T B=
8g l-
o J
q tn al s o
C" 6 o o g ag5 gl 26
gE 3 4 at
@ v
o .DH bo o o 7
o E;.sa E
o @ o @ o
N o g. 3 Eg {
€ { to o
:
o
o-
q EgF
o o 39p
6{
o o -€.
I o m I g
o 1' S
o o
v, 3 o N o
r! 3 zo 11
rE' c'll
cn €F o9 (t, g
o o ctm
s3gE 33 m
E s Eli ;g E E>
30 "6 e
N =6
qe
3 916',
t; qg
E -sld €q
; 916" dF
6:!
il tH F.F o.lto
o:g er ot'
60
Btn 2 5J O :J'
3 o 3d
!:
:! g$fr Edo OJ
:='
6' o <d
t 6':c c o
'n o"
@
JD
g tt
m

I
A
N
J
I
L

81.3 DFMEA Form Sheef Hints: SfeP 3 81.5 DFMEA Form Sheef Hints: Sfep 5
i

I
FUNCTION ANALYSIS (STEP 3)
f )
DFMEA RISK ANALYSI s STEP 5
1. Next Higher Level
Function and Requirement

Functlon of Vehicle, Syst€m or Fsnctlon of Subsyst€m, Component of Gomponent or

ta
ob
Subsystem and a d$cription of the or lnt€rface and a description of the or o'F
R€guir€ment or lntended Ouput lt Requirament or lntended Output it
must fulfll must tullill
Characterirtic Description F0-
{quantitatlve value l3 optional, one
(Ouantitative valua l! optional, one {Quantitative value i3 optional, one Characteristic Por rowl
Reoulrement ner row) Reoulrement per rowl lnitial State - Paot controlg lnitial State - past controls
proven and/or controls 1-10 proven and/or controls M,
1-t0 t
commltted to committed to L,
NA

Figure 81.3-1 DFMEA Form Sheef with Hints; Sfep 3 Figure 81.5-1 DFMEA Form Sheef with Hints; Sfep J

81.4 DFMEA Form Sheef Hints: SteP 4

FATLURE ANALYSIS (STEP 4) 81.6 DFMEA Form Sheef Hints: Sfep 6
'1.Failure Effects (FElto
{ )
the Next Higher Level
Element andlor Vehicle
DFMEAOPTIM IZATION P
End User
Action or^
Responslble Target !G o
..1

Horiv the Vehlcle, System or

Person's Completion Status
Taken with
Polnter to
Completlon
Date
d6
rE G
How tha subiyltem, Component or lnterface How the Subsystam, Name Date 0, cL E
q,
Subryst€m could tail to could fail to psrform the Function described Component or lnterface Evidence
pertorm the Functlon
as the Focui Element and lead to lhe Failurg could fail to perfonn the
u-- &,

debcribed at the Next Higher Effecti Function descilbed as the Name, not flile ol mmyy or Opan, Descrlptton of
Actlons Actlons mmyy or
level. lnclude potenfial l-10 itert Lower l6vel and lead dopatunsnt ddmmyy Dscision actlon taken and ddmm)ry
FoT DFMEA
naedsd !o nseded to ieam use
effects to thc vehicle (End Failure Analyii3 can begln wlth the FM, FE ot to the Failure Mode reduce
pendlng document
lmprovs (optionall,
Uierl level and regulations, FC as long as there 15 an accurate Fallure Occurence Oet ctlon
numbet, repon
H,
Irnplamontstlon name and date,
ac applicable Chaln M,
pendlng etc- 1-10 1-10 {-t0 LL
(op$onat), L,
NA
Completed,
DFcardsd
Figure 81.4-1 DFMEA Form Sheef with Hints: Step 4
Figure 81.6-I DFMEA Form Sheef with Hints; Sfep 6

81.7 DFMEA Form Sheef,' Step 7

PIVEA step 7 is independently handled by each organization and is not recorded on the
DFMEA form sheet.

-172- -173-
 FATLURE ANALYSIS (STEP 4) DFMEA R|SK ANALYSTS (STEP and DFM EA
81.8 DFMEA Soffrttrare ExamPles
o0 l. f.llur.
Effecr'{FE)
to ttF l{dt
HlgilrsLarnl
Elontnt Pergon'a Stslus
Actlon

STRUCTURE ANALYSIS {STEP 2) cr|d!e Ilame Polnterto

Evld.nF
Rmrd<t
lloilclegnd
lhr
t. Next Higher Level DFMEA CUNRENT CON1ROLS
Window doea nol 6 Commutation glmuldon ot
Brush card Base BodY BruBh dardbody L
Window Lifter Commutation System syBtom bend6in cont6ct dynsmlc forq
int6hilignoy areaofthe ctrbon on brsrh catd alaitidt rnd
FUNCTION ANALYSIS (STEP connoctgth6 btu5h body .cc. FEl, plr.do
wrong cqila 6370 dc{offirdon
{Ll, L3 rnd L2
rltlct otbrulh
I Next Higher Level Function ineiodd of Lt,
crrdbody rcc,
tort apac.
LZahd L3|
system tran3portg the card body transports forces between
electrical energy into mechanical and motor body to hold the brush
DFMEA OPTIMEANON
current between coil Pairs of l{on. lfinal produot 1 L lert dd.mm.yyyt phnmd
acc. to Parameterization system in x, Y, z Position (support
I
lort: I Engin.gr Itt,
electromagnetlc converter lmoaruringoc I t .x illlnrt
contact Point) Icumntunder I
lwmtqr I
lcondldom rco. I
It".t.pro. I
lileJ{td I

Fatlwe Efrecis {FE} to the Next Hlgher Figure 81.8-3 DFMEA Optimization with new Risk Evaluation (Softvttare View)
Lrvel gement and,or End User
card body bends contact area of the
deviation bY commutation system
and rotating velocity of the carbon brush
intermittently connects the wrong coils
window lifter motor too low

Figure 81.8'1 DFMEA Faiture Structure

(software View)

STRUCTURE ANALYSIS (STEP

WindowLifter
@fmmutetion
svstm
flrren
Cird Bass BodY
0
oN ANALYSIS (sTl 3)
Ttlext Hlgi.tlw.l
Funcllon
and RequlFBont

nvon ol€ctrlcal 6nstgy into

ctr6nical €notgY acc. to tt!5 6loctrical
coil paiF of
ram€torization
abc$omagnotic

ANALYSIS

to oEf,rf tldr E?
CrdlrEr
gs

DFMEA CURRENT CONTROLS

2 L
Simulation ot dynamic 2 Sample tost: msssuring the
6 Brush @rd body bends ln olasticsand Plasiic
Torquoand totating doviatlon bY forcoE on bru6hcatd body
velocitY ofths
windowlift€r motor
too low
systom

coil6{Ll,
i0stsadol 11, L2
the
L3 and L2
contactarca of acc. FEM 8370

a dofomation etfscts ot brush

card body acc, tsat sp€c'
MRJS2,60

View)
l Figure 81.8-2 DFMEA Risk Analysis (Soffware
-

-175-
-174-
 82,3 PFMEA Form Sheef Hints: Sfep 3
82 PFMEA Form Sheet Hints f 0 FUNCTTON ANALYSTS (STEP 3)
82.1 PFMEA Form Sheef Hints: SteP 1
l. Function ofthe Proeess ltem
Function of System, Subsystem, part
Element or Process
Planning and PreParation (SteP t) Determined bY
PFi/iEA ID description of what the Process ltem i3 expected to description of what lhe operation or otation must posllivo descripuon of how the work is completed
Name of PFMEA
GompanY Name: NameofComPanY Subiect: Project Number:
CompanY :hieve broken down into severalcalegories. s.g. Axial positlon sintared bearing in pole including the positive process charactorisllc related
Responsible for lo each 4M.
categorles may b€ unfinown and tFted as Not
PFMEA
Procesg Name of PFMEA able {llA}. is lhe Product Chalacterlstlc and must The negativa of these positlvei will be used for the
Start Date
llanufactudng Geographical PFMEA Start
ResponsibilitY:
Owner ln the product afier the Fallure Cau3e cotumn. The mote detail used here,

Location:
Looation Date:
Business Use,
expestatlons can be raferred to when
rting Failure Effects (FEl.
ha3 been produced. mor6 po8itlves, wlll produce more Failure Causss.

Revision Latest Revision Dat€ ConlidentialitY

Customer Name: Name of custome(s) PFMEA Proprietary Fallure Mode or Failure Modes wlll bo the valuo/specilicatlon optlonal, reterto
Femily Lovet: expected results may apply for the entire or negatives of the posltive Product procase documents. Examples: Press forcg,
or Product Date: Confidential € ltem e.g. elecltlcal motor as3embly llne. Charucleristlc. temperatute, wash concentration, sp6ed,
Proces3 chara?tori$llca are measured when the
Functional Team Roster needed
ilodel Year(s) I customerApplication Cross
or GomPanY ModeU Team:
Program{s}: Style I
Figure 82.3-1 PFMEA Form Sheef with Hints; Sfep 3
Hints; Sfep
Figure Fl2.1'1 PFMEA Form Sheef with
1

82.4 PFMEA Form Sheef Hints: Step 4

82.2 PFMEA Form Sheef Hints: SteP 2 FAILURE ANALYSIS

ST RU CT U RE ANALYS S ST E P 1. Failure Effects (FE) to the

N€xt Higher Level Element and/or

1. Process ltem ( D
End Uso.

System, SubsYstem, Part
Element or Name of Process
The operation or station to be analYzed
name of the process being analYzed
which
e.9. electrical motor assembtY line
OP 30 Sintered
the end result of all successfullY
completed Process stePs
also be a non-direct manufacturing
process e.g. shiPPing
Use the 4M's to identifY tYPes of
e.g. that have an influenceon
produces the Process Item
bearing press-in the oPeration or station being
4M Tvpes: Man, Machine, Material
tf nairectt,
Milieu {Environment)
the Vehisle, System or r-10 Fatlure Cau3e is the negative of the po3iuve
to perfom the Function
Hlgher level.
ths th6 product {dotect} lbted in "Fuilction ot the Proceea Wor* Elemanl
ProceBr Chamcteristlc"
The Failure Mode t^rill be the negative ot
conaidedno Eftects, concider items liated negatlves of lhe poritlve Product Characterirdc, mult be detectable in the process (emr)
"Function of the Process llem" and the lead to the Failur. Mode.
Mode" and how they can Efiect the 3
belng considered {Your Plant, Strip.to
Proceas ltem, End U8efl
it recommended to lilt the Severlty Rating
next to each of the 3 areat {Your Planl Siip to
plant, Procesi ltem, End U!er) behg considered
and ua6 the higheit Ratino tor the Severity.
Rank, One area, 3uch as End U6er, may not

List a single "M" for each line'

mayvary bY comPanY Figure 82.4-1 PFMEA Form Sheef with Hints: Step 4

Hints: Step 2
Figure 82.2-1 PFMEA Form Sheef with

-177-
-176-
 82.8 PFMEA Software Examples
Fl2.5 PFMEA Form Sheet
Hints: SteP 5 o r)
STRUCTURE ANALYSTS (STEP 2)
l. Procelr llem
Systenq Subr|Elefit, Part Element or Rano of
ProG€.
Oa Electrical MotorAssy Line [OP 30] Sintered Bearing Press-ln Process Operator

EE
o6 FUNCTTON ANALYSTS (STEP 3)

lr
oo. t. Funqlon ot &e Frocesr tem
Functon ot Eystefi, SuDsyrtrm' Part Elem€nl or
tl =o Your Plant:
Pnaceil
Press in sintered beating to achieve axial position in Operator press the button of machinelor releasinglhe
Assemblyof shaft into pole housing assembly pole housing to max gap per print press-in process when loading is completed
Ship to Plant:
As6emblyof motor{o v€hicle door without line
pfoven H, stoppage, sort or 6onlainment
t.t0 Shte Part controlt $, End User:
sbte Past contolg ProvcB contols conmitted to l. Windowraises and lower6
to
andor controlt conmttred
FATLURE ANALYSTS (STEP 4)
t. Falure Eftctt {FE} to $s llexl Hlgher Lev6l
5 Elernent andror End Uset
82'5-1 PFMEA Form Sheet with Hints; Step
Figure Your Plant: Axial position of sintered bearing is not reached l\4achine stops before reaching linal position
Clearance too small to ass€mble shafl
Ship to Plant:
Assemblyof motor to vehicle door is not possible
End User:
Comfort closind time too lond
SfeP 6
82.6 PFMEA Form Sheef Hints:
Figure 82.8-1 PFMEA Failure Structure (Software View)
slRucflJRE A{ALY9|S (SIEP 2)
t.
Adton Takcn ComPlefion Remarks 8F@ututsyrsePdt
Reiponslble Tsrget
Status wlth Polnter Date
Porron'a ComPlo$on
to Evidence Ure IOP 301 Sintered Bearing Pressl Op€rator
Name Date
FUI{CllOil AilALYStS (SrEP 3}

1.10 1-10 r-10 cc usg

of ol sc M, Fefon otsysf.lD,
nol L, &!syrer,igt8dn'trtot
Dsci6ion NA Plffi

to ne€dedto Your Plant: Press in sintered bearing lo loperator press lhe button
namo Assembly ofshafl into pole achieve axial position in pole lolmachine forreleasing
data, etc. housing assembly rcuslng lo md gap per print
Shio to Planl;
Assembly of motorlo vehicle
doorwithout line stoppage,
sort or containment
lil:"ffi'n,l"ffil:fi**
Fnd User:
Wndow raises and lowers I

Form Sheef with Hints; Sfep 6

Figure fl2.6'1 PFMEA
I

I
l,FahmElllqtr
I
(FElb{L&r. E:
f0gns L.v6l
Cbrstedc #6
E'rt l!.ar

!
PFI'EA CURRENT CONIROLS
Vour Plant; 8 Axial position of sinlered Machine stops before None 10 Lot Release Protocol oblective z H
ir
Assembly olshaft is not bearing is not reached reaching final position (Effectivity: 100%):
7 possible because Msual Gauge hspectlon otaxial gap of
it,
:r
82.7 PFMTEA Form Sheet Hints: SteP clearcnce too small
Shlo lo Plant:
bearing lo pole housing sealby
Operatoi
I None Del6ction indlcaton OI(NOK
End User: (RED/GREEN area);
Comforl closing lime ioo 100% ch6ck of motor pertormance curv6
long
acc. spec. MRKJ5038

PFMEAStepTisindependentlyhandledbyeachorganizationandisnotrecordedonthe
I
PFMEA form sheet' 82.8-2 PFMEA with Risk Analysis (Software View)
Figure
I
-179-
rl

-178-
 FAILURE ANALYSIS (STEP 4}
B,3.2 FMEA-MSR Form Sheef Hints: Step 2
L FaIw E68c!
(FEl to lhe tlorl
Target
Action
Taken
with tion
o
!ts
0 STRUCTURE ANALYSIS EP
tlghq L6vol tlon Oate o
Name Date tr
Elam.ntsdro.
Erd Ua.r

PFMEA CURRENT CONTROLS

5 '100% check of 3 M
1. Next Higher Level
Yow Plant: 8 Axial posilion of stops Force
sinlered bearing is not reaching adiusled acc. motor performanc€
Assembly of shatt is
reached final position data sheet curve acc. sp6c.
not possible because
MRKJ5039
clearsnce too smali
stip&-Plad Component or
None
End Usel or characterbtic
Comtort closing time Subeyrtem, System, Aryay Subcystem, Component
loo lonq of Syrtemc, Vehlele or lntcrface Name
PFIIIEA OPIIMIZATION
Selected 3 Selected press 2 L Process dd.mm. open ilatsrial, Flnish,
i press lYilh with force Engineer Yvw
position monitoring Mr. Paul
control Duncan
sensor
Figure 83.2-1 FMEA-MSR Form Sheef with Hints: Step 2 *

Figure B2.g-J \FMEA Optimization with new Risk Evaluation (Softttrare View)

83.3 FMEA-MSR Form Sheef Hints: Sfep 3

83 FMEA-MSR Form Sheet Hints FUNCTION ANALYSIS (srEP 3)

Bg.1 FMEA'MSR Form Sheef Hints: Sfep / 1. l{ext Hlgher Levsl

Plannlng and PreParatlon (SteP t)

*tlode and Effecte
0 Functlon and Rsqulrement

Nameof DFMEAProject DFtrEAID Dobrminedby

Comoany Name: NameofComPonY Subloct: Company Func$on of VGhlclc, Syitem or Funs{on of Subryrtam,
R€6ponsibl6 for {Sfstom, Subsyetem Number: of Conponmt or
andtor Component)
Subryrtem and a do$rlpflon of tte or lrhrfaca and a dercrtpton of tho
DFMEA
Nanreof DFMEA Rrqulrament or lnt ndsd Ou$ut lt Rrquirenant or lntendcd Output lt ot
Englneerlng Gcognphioal t ftEA Stett Start Oate I!,eslgn
murttulflll mu$trmil Characbrlr$c Delcrlpton
Locafon: Location Date: ResponelbllltY: oYvngr

GonfldentlalltY Businesg Uae, value la opdonal,

Customer Name: Name of Cuetoner(s) DFtrlEA Revlslon LsbstR€i,ishn Oab
Proprietary, {Qmntibtlye value lt optlonal, one {Quantlta$vc valus lt optional, oilG lQurntitatlvo
or Product FamllY Date: Level:
Conlidential Ragulremont [Grrburl Requlrcmcnt pirrowl Chailact rl*lc per ron)

GrossfunCtlonal Te€mRotternoqd€d
fodcl Year(e) I Custom€rApplketon
Program(el: orOompany ModeU Team: Figure 83.3-1 FMEA-MSR Form Sheef with Hints: Sfep 3
Style

Figure 83.1-1 FMEA'MSR Form Sheet with Hints; Sfep 7

It

-180- -181 -
 Bg,4 FMEA-MSR Form Sheef Hints: Step 4
FAILU RE ANALYSIS ST EP
f c
83.6 FMEA-MSR Form Sheef Hints: Step 6
SUPPLEMENTAL FMEA-MSR RISKANALYSIS (STEP 6)
Most UJ
lt
Severe aE Actlon
MSR Fallure Target Taken
Failure Efecb (FEl
System
Ellect og Person's Status wlth
l. AcSon Actlon alter bb
'trc Name Date Pointerto Date
ihe Next HlgherLwd System o6 Evldence
o
Element andlor Vetlcle (tt
End Urer
Oprn, H,
Drchlon M,
Addltonrl pobnthl pcndlnc ofrctlon t
ot How the SubrYitem' Addlbnd
How tltc EubsytlEltl Compongnt or lnlsrlace
Addlbn!l .fretrto
!ml loptlorulL tfanrltd NA
Subjitltsm coultl tall to coufC fan to plrform the Fumtlon dotcrlbed Component or lntsrlacc Actolr' dctlcfoli
Acllont lhcEnd Ntna, mmyyot al,ocumtnt mnryyor
could fall to Porform the mad.dto nildcdto Ullrhvcl r-10 nottlllc ot l-t0 1-10 't-10 MSRblm
peffotm the Funcuon ar the FocusElsment and lead lo the Fallure trdu6 l'F8todt reducr dfparhrcnt
ddruryy onprndlng numbcr, ddmnB/y
utt
attho il8xt Efiectt descrihed as the Fruquincy
drfig dbr
Fnrqur.cy monlbilng
(optond), uta
t-,10 ilext Lowar leveland lead vehlchu$ Complctrd, rnddrb,
levol. lncludc PotElttlal Dlrcrdcd atc.
ettsctl !o lh8 vehlcle (Efld or to the Fanurc Mode
Fallure Analytlt c.n bcgin wlth ths Fil' FE rltponra
Urerl levtl 8nd rcgulationf ' FC at loni aa tters la an accuraie Fallurs ln
al appllcablc Chaln t
Figure 83.6-1 FMEA-MSR Form Sheet with Hints; Step 6
Figure83'4-1FMEA-MiRFormsheefwithHintsSheet;Step4
83.7 FMEA-MSR Form Sheef Hints: Step 7

83.5 FMEA'MSR Form Sheef Hints: Step 5 FMEA-MSR Step 7 is independently handled by each organization and is not recorded on the
FMEA-MSR form sheet.

or= 83.8 FMEA-MSR Soffware Examples

E(E
0e
o0
ocL
C STRUCTURE ANALYSTS (STEP 2)
EO
l. Next Hlgher Leval

tl, LiftSFtem WlndowLifter WlndowLlfter

thrn wvdllch, tl'
I Eytbmol L,
8ub3Y.bm FUNCTTON ANALYSIS (STEP 3)
I
NA
trtrmal conrnrnb I
Enordc6ctbn Erorlrlpgrto pobnhl.{lbcb io
lhc End Utlt hv.l {-r0 {-t0 LL L t{extHigher Level Functlon
ruonr
abouitlra 14' mcfrodrdudnE .cilon dutlng r-t0 f lrlt and
totfi.F.q!.!lcy v.hlcL ula vchlcburc rl!.tmonliorlng uat
nlhe andrYctrm i"scvrdty anli-pinch protection for comfort signalto stop and reverse window ignaltrom Hall effectsensorto ECU
rlrpon$confolt
ttlln Phgr
II *r8R"
rfbr mode motor in case of pincb situation

FAILUREANALYSIS
Failue Etlects (FElto Orb tlextHlgher
Figure 83.5'1 FMEA'MSR Form Sheef with Hints; Sfep
5 Lc\rel ElementrndorEnd User
anti-pinch protection in comfort closing
I of ttall effect sensoris not transmitted to
signalto stop and reverse window lifter dueto poor connectionafHall effect
in case of pinch situation
or neck may be pinched between
I
and frame)
ri

ll

I Figure 83.8-1 FMEA-MSR Failure Structure (Sofhanre View)

I
,l

lr

-183-
-182-
 C Severity, Occurrence, Detection and Action Priority Tables
ANALYSIS o i) C1 DFMEA SOD and AP Tables
cu
Liltcr It

c1.1 DFMEA SEVERTTY (S)

stoP from
for comfofr abd window Product General Evaluation Griteria Severity (S)
mode in €5e ot ECU
(STEP 5)
FMEA.MSR RISK ANALYSIS Blank untilfilled in by
1t FAILURE (STEP Potential Failure Effects rated according to the criteria below user
nsr
Corporate or
s Effect Severity criteria Product Line
Examples
b. plnahrd
Affects safe operation of the vehicle and/or other
in tomfo{ signalof Halletf*t
l{ill
EcU lr rnd
gh3:
lEile 10 vehicles, the health of driver or passenge(s) or
is not
lran5mitted to ECU du€
Very High road users or pedestrians.
of pinch
n*k ffaY be P@r connsction at
or

and
*n50r. I Noncompliance with regulations
Loss of primary vehicle function necessary for
Analysis (Softv'rare View) I
Figure Bg.8'2 FMEA-MSR Risk normal driving during expected service life.
High Degradation of primary vehicle function
7 necessary for normal driving during expected
service life.
RISK ANALYSIS (STEP 5)
FAILURE ANALYSIS {srEP4) and OPTIMIZATION
6 Loss of secondary vehicle function
Acdon
T*.n 5
Moderate
Degradation of secondary vehicle function
€&.lr ic Sbtt wlth
o tlon
E
Ptt$n'3
Ntm
on Polnt r D|t. Very objectionable appearance, sound, vibration,
trdEh!ildl o Dri. lo 4
rdo(Eutllt harshness, or haptics.
,;
GURRENT coilTROLS
Moderately objectionable appearance, sound,
3
to etoP and Signal ol Hall effecr lho6nFtdon 2 l0 I
tr
vibration, harshness, or haptics.
ln
6
.ev6r* window lifter snsor is not prlnclpbotih.
Hdt.ilLd$mr Wndowwlll Low
ffifott closlng mgior in Ese of Pinch fansmitted to ECU
duoto P@r rnd ECU 13 dos.whhtull Slightly objectionable appearance, sound,
mode
connec'tion gf Hall racordlng to clrnpilrg tord. 2
or n*k may effecl *rsr. strndfd t(Yz. vibration, harshness, or haptics.
plnched b€ren
sndawqlass snd 1 Very low No discernible etfect.
t L T.rt dd.mm.
Nom 2 lnttoduadon of
plru3lblllty lnolffi WN rmnt
illon
ch.ckbltwl.n ilr,Wa'r.n
Wrtchtul p.ndt
molorcumlll
ildlos ol
riomlirom Hdl Tabte C1.1 - DFMEA SEVERITY (S)
.lfects3or'

with new Risk Evaluation (sofrvvare view)

Figure Bg.8-g FMEA-MSR Optimization
ll
I

-185-
-184-
 Occurrence Potential ( for the Product
c1.2 DFMEA OCCURRENCE (O) I (n Potential Fail ure Causes rated according to the criteria below. Consider product
Occurrence Potential for the Product Experience and Prevention Controls when determining the best Occurrence estimate Blank until
ria be ow Con sider Product Blank until filled in by
Potenti a F ail ure Cau SES rated accordi ng to the crite filled in by
(Qualitative rating).
user
g the best Occurren ce esti mate
Experience and Preve ntion Controls wh e n d eterm ln tn Prediction of
user
Qu a itative rating) Failure
Corporate o Gause Occurrence criteria - DFMEA or Product
Prediction of or Product Line
Occurrinq
o
Failure Occurrence criteria' DFMEA Line Detail ch anges to previous design, using proven technology and
Exam les
Cause Exam les
Occu materials. Similar application, duty cycle or operating conditions.
F rst application of new technologY nywh re without
6 ope rating Previous testing or field experience, or new design with some test
NS N o
expe nen ce an d or und e u n contro led operating conditio experience related to the failure.
prod uct verification and/or val id ati o n expe nence.
5
Extremely Design addresses lessons learned from previous designs. Best
10 yet been Practices re-evaluated for this design, but have not yet been proven
high Standards do not exist and best practices have not
not able to predict field performance Prevention controls capable of finding deficiencies in the product
deteimined. Prevention controls
or do not extst. related to the failure cause and provide some indication of a
Moderate
within th e
First use of design with tech n cal nnovati ons or mate rials ce
ppli cati n or chan g e n duty cycl e ope ratin g Almost identical design with shortterm field exposure. Similar
compa ny New
expe nence application, with minor change in duty cycle or operating conditions.
co nd itions No p rod uct VC rificati o n an d/or val d ati o n
I Previous testing or field experience.
Preventioncontrolsnottargetedtoidentifyperformancetospecific 4
ments. Predecessor design and changes for new design conform to best
materi S on d n ew practices, standards, and specifications. Prevention controls capable
F rst of design wi th techn rcal n novation S
Very high USE
of finding deficiencies in the product related to the failure cause, and
ap pl cation N CW a p pl cation o ch nge in du ty cycl e ope rating
lidation expen e nce indicate I desi n conformance,
conditi ons N o produ ct verifi cation and/o VA
Detail changes to known design (same application, with minor change
8 in duty cycle or operatin g conditions) and testing or field experience
ap p icable fo (
Few ext sting stand ard S and best practices not di rectly () under comparable operating conditions, or new design with
this design Preve ntio n con trols not re iab e n d cator of field
successfully completed test procedure.
e rform a nce
3 Low
New d ES g n based on SI mt a te ch nology and mate rials
N EW
produ ct Design expected to conform to Standards and Best practices,
e du ty cycle I operatin g co nditions No
app ication or chang n considering Lessons Learned from previous designs. prevention
VE rificati o n an d/or VA idation expenence. controls capable of finding deficiencies in the product related to the
7 failure cause and predict conformance of production desiqn.
Sta ndards best p ra ctices a n d design ru les ap
plv to th e basel in e
Almost identical mature design with long term field exposure. Same
co ntro S p rovide limited
design, b ut not th e n novations Prevention application, with comparable duty cycle and operating conditions.
ndi cati on of rform a nce
Testing or field experience under comparable operating conditions.
High materi a ls
Similar to previous design S, u srng exi sting technology and
g e uty cycle or operating con d itions.
Si mil a a ppli catio n th chan S tn d 2 Very low Design expected to conform to Standards and Best practices,
P revrou S testing fi e td expefl e nce considering Lessons Learned from previous designs, with significant
6 margin of confidence. Prevention controls capable of finding
that the
standards and design rules exist but are insufficient to ensure deficiencies in the product related to the failure cause, and indicate
will not occur. Prevention controls provide some ability to confidence in desi n conformance
failure cause
t a failure cause Extremely Failure eliminated through prevention control and failure cause is not
1
low possible by design
Product Experience: History of product usage within the company (Novelty of design, application or use case).
Results of already completed detection controls provide experience with the design.
Prevention Controls: Use of Best Practices for product design, Design Rules, Company Standards, Lessons
Learned, lndustry Standards, Material Specifications, Government Regulations and effeitiveness of prevention
oriented analytical tools including ComputerAided Engineering, Math Modeling, Simulation Studies, Tolerance
Stacks and Design Safety Margins
Note: OCC 10, 9, 8, 7 can drop based on product validation activities.

II Table Cl.2 - DFMEA Occurrence (O)

-187-
- 186 -
 C1.3 Alternative DFMEA Occurrence
(O) Tables

Inciden ts per Thousand Values

f ,o
Occurrence Potential (O) for the Product
Potential Failure Causes rated according to the criteria below. Consider Product
Experience and Prevention Controls when determini the best Occurrence estimate
Blank until
filled by user
Cl'3.1 DFMEAOCCURR ENCE (O): Incidents per Gorporate or
(o) for th e Product o 1000 Occurrence criteria - DFMEA Product Line
Occurre nGe Potenti a items/vehicles
ct Blank until
to the criteria below Consid e Produ Detail changes to previous design, using proven technology and
Pote ntial F ailure Causes rated according the best Occurrence esti mate filled bY user
Expe rience and Preve ntion Controls when d etermi nl materials. Similar application, duty cycle or operating conditions.
Gorporate or
Previous testing or field experience, or new design with some test
lncidents Per Product Line .5 per
Occurrence criteria - DFMEA ExamPles experience related to the failure.
o 1000 thousand
items/vehicles 5 Design addresses lessons learned from previous designs. Best
without operating 1 in 2000
First ap pl icatio n of new technologY anywhere Practices re-evaluated for this design, but have not yet been
u nder uncontrolled operati ng cond ition s. No
experl ence and proven. Prevention controls capable of finding deficiencies in the
2 100 Per product verification and/or validation experience product related to the failure cause and provide some indication of
10 thousand practices h ave not yet bee n performance.
N
Standards do not exi st and best
>/= I in 10 determi ned. P reventi n controls
not ble to p red ict field Almost identicaldesign with short{erm field exposure. Similar r
ri, or d o not exist application, with minor change in duty cycle or operating
NS or mate rials within conditions. Previous testing or field experience.
First use of design with tech n cal innovatio .1 per
n duty cycle operating
1

the co mpa ny New a ppli cati on or change 4 thousand Predecessor design and changes for new design conform to best
50 per nd/or validation experi ence 1 in 10,000
conditions. N o product verification practices, standards, and specifications. Prevention controls
9 thousand,
1in20 Prevention controls not targeted
to identify performance to sPecific capable of finding deficiencies in the product related to the failure
requirements. cause. and indicate likelv desiqn conformance.
rn novation S or materi a S on
a n EW Detail changes to known design (same application, with minor
F rst use of design with technical I operating change in duty cycle or operating conditions) and testing or field
tn duty cycle
app lication N ew ap pl ication or change experience under comparable operating conditions, or new design
and/or vali dation experience.
cond itions. No product verification .01 per

0t
20 Per with successfully completed test procedure.
8 practices not directly ap pl icable 3 thousand
thousand, Few ext sting standards and best Design expected to conform to Standards and Best Practices,
not re liable tn d icator of fiel d 1 in 100,000
1in50 for this design Prevention controls considering Lessons Learned from previous designs. Prevention
ance.
nology and m aterials New controls capable of finding deficiencies in the product related to the
New des rg n based on simila tech
10 per e ope rating cond ition S. No
failure cause. and predict conformance of production desiqn.
ap pl ication or change n duty cycl Almost identical mature design with long term field exposure.
thousand prod uct VE rification an d/or val id ati on experience.
1 in 100 Same application, with comparable duty cycle and operating
7 rules app ly to the basel ine
Standards, best p ractices an d design conditions. Testing or field experience under comparable operating
d esig n but not the rnn ovatio ns
Prevention controls provide ti mited < .001 per conditions.
ind ication of ce.
2 thousand Design expected to conform to Standards and Best Practices,
lar to previous desig flS' existing technol ogy an d
US tng
1 in 1,000,000
Si m considering Lessons Learned from previous designs, with
with chang ES tn duty cycle or
materials Similar pplication significant margin of confidence. Prevention controls capable of
testi ng or field experien ce.
2Per operating conditions Previous finding deficiencies in the product related to the failure cause, and
6 thousand are NS uffici nt to ensure that
Stand a rd and des ig n rul es exist but indicate confidence in desion conformance.
1 in 500 ntion controls provide some
I the la lure cause will not occur Preve Prevention
I bi to revent a failure cause. controls Failure eliminated through prevention controland failure cause is
1
eliminate not possible by design
I failure
Product Experiencel History of product usage within the company (Novelty of design, application or use case).
rl
Results of already completed detection controls provide experience with the design.
Prevention Controls: Use of Best Practices for product design, Design Rules, Company Standards, Lessons
ll;
Learned, lndustry Standards, Material Specifications, Government Regulations and effectiveness of prevention
oriented analytical tools including Computer Aided Engineering, Math Modeling, Simulation Studies, Tolerance
Stacks and Design Safety Margins
Note: OCC 10, 9,8, 7 can drop based on product validation activities.

Table Cl.3.1 - Alternate DFMEA Occurrence (O)

- 189 -
-188-
 c1.3.2 DFMEA Occurrence (o) with Time Based Failure Prediction values
Occurrence Potential (O) for the Product
o0 Occurrence Potential (O) for the Product
Potentia F ail ure Causes rated accordi ng to the crite
Experience and Prevention Controls when determi nt ng
na be ow Consid e I P rod uct Blank untit
nsider P rod uct Blank until th e best Occu rrence esti mate filled in by
Potenti F ail ure Causes rated accordi ng to the criteria below Co (Qualitative rati ng).
user
Controls whe n dete rm n tng the best Occu rrence estimate filled in by
Experience and Preve ntion Time Based
itative rating user
Failure Corporate or
o Gause Occurrence criteria - DFMEA Product Line
Time Based Corporate or
Failure Product Line Prediction Examples
o Occurrence criteria' DFMEA
Cause Examples m ost identica expos ure Similar
Prediction appl ication with m nor change tn duty cycle or ope rating
First app ication of new tech no ogy anywhere with out ope ratin g conditions. Previous testing or fi e ld expen nce.
experi e nce and or un der uncontrol led ope ratin g conditions No 4
More than
product verifi cation and/or validation experience once per Predecessor design and chan ges for new design co nform to
10 Every time year best practices stan dards, and specification S. Prevention controls
Standards do not exist and best practices have not yet been
ca pable of fi nding deficiencies tn the prod u ct related to the
determined. Prevention controls not able to predict field
or do not exist. fail ure ca USE a nd ndicate ke des n conformance.
of with tech n cal nnovatio ns or materials within Detai chan ges to known d esrg n (same ap pl ication with mt nor
First u SE design
chan ge n duty cycle or operating conditio ns nd testi ng or field
the com pany New a pplication, or change in duty cycle / )
experience und r comparable operati ng cond itions, or new
Almost every o perating conditio NS N o product verification and/or validation
des g n with successfu llv co mpleted test p roced ure
9
time
experience. Once per
3
year
Prevention controls not targeted to identify performance to Design expected to conform to Stan dards a nd Best Practices,
S c irements co NS derin g Lessons Learned from previous des g NS Prevention
First use of design with technical innovations or materials on a controls ca pable of fi nding deficiencies tn the product related to
new application. New application, or change in duty cycle / the fai lu re cause an d conformance of ucti o n
More than operating conditions. N o product verification and/or validation Almost id e ntical matu re des g n with ong term fi e d exposure
expenence.
I once per
shift Few existing standards and best practices, not directlY
0D Same application, with com para br du ty cycl e an d operating
cond itions. T esting or field experience un d e r compa rable
applicable for this design. Prevention controls not a reliable Less than operating conditions
indicator of field 2 once per
year Design expected to conform to Standards and Best practices,
New design based on similar technology and materials' New considering Lessons Learned from previous designs, with
applicatiori, or change in duty cycle / operating conditions' No significant margin of confidence. prevention controls capable of
More than product verification and/or validation experience' finding deficiencies in the product related to the failure cause,
7 once per day
standards, best practices, and design rules apply to the baseline and indicate confidence in d n conformance
design, but not the innovations. Prevention controls provide Failure eliminated through prevention control and failure cause is
1 Never
limited indication of performance' not possible by design
Similar to prevr o us designs u ng existi ng technology a nd
Product Experience: History of product usage within the company (Novelty of design, application or
mate rials Si mil ap pl ication with ch a nges tn d uty cycle or use case). Results of already completed detection controls prwide experience with ihe design.
More than operating conditio NS Previous testi ng or field experience.
6 once per Prevention Gontrols: Use of Best Practices for product design, Design Rules, Company Standards,
week standards and design rules exist but are insufficient to ensure Lessons Learned, lndustry Standards, Material Specifications-, Government Regulations and
that the failure cause will not occur. Prevention controls provide effectiveness of prevention oriented analytical tools including Computer Aided ingineering, Math
some abil to nt a failure cause Modeling, simulation studies, Tolerance stacks and Design safety Margins
i p
Deta il changes to reviou S d esrgn usi ng proven technology nd Note: occ 10, 9, B, 7 can drop based on product validation activities.
materials. S mt lar app lication, d uty cycle o operati ng conditions.
P revrou S testing or field experience, or new desig n with some
test experience related to the failure'
Table Cl.3.2 - Alternate DFMEA Occurrence (O)
More than
t
5 once per Design addresses lessons learned from previous designs' Best
month Prictices re-evaluated for this design, but have not yet been
proven. P reventi o n controls ca pable of fi ndi ng deficien cies ln th
L

product related to th fail u re cause an d provid e some indication

of rformance

- 190 - -191-
 c1.4 DFMEA DETEGTION (D)
Detection Potential (D) for the validation of the Product Design
f n
C1.5 ACTION PRIORITY TABLE FOR DFMEA
Action Priority (Ap) for DFMEA
Action Priority is based on com bi nation S of Severity Occurren
Blank untilfilled ce an d Detection rati ngs in
and Opportunity
Detection Controls rated according to Detection Method Maturity rd to actio NS for risk reduction. Blank until
for Detection. in by user filled in by user
Prediction of Action
Effect s Failure Cause o Ability to Detect D Priority
Corporate or Comments
Ability to Opportunity for Product Line
D Detection Method MaturitY Detection Low - Very low
Detect Examples 7-10 H
Moderate 5-6 H
Very high B-1 0
Test procedure Yet to be Test method not defined High 2-4 H
i
10 develoPed,
Very high 1 H
Very low
1

Test method not designed Low - Very low 7-10 H

Pass-Fail, Test-to-Fail,
ll
9 specifically to detect failure Degradation Testing Moderate 5-6 Hr
High 6-7
mode or cause.
High 2-4 H
Pass-Fail, Test-to-Fail, Product or Very high 1 H
8 New test method; not Proven Degradation Testing Plant Effect 9-10 Low - Very low 7-10 H
Low Very high
Moderate 5-6 H
Proven test method for Moderate 4-5
7 Pass-Fail Testing High
verification of functionalitY or 2-4 H
validation of Performance, Very high 1 M
quality, reliability and durability; Test-to-Failure Low - Very low
6 7-10 H
planned timing is later in the
product develoPment cYcle such Moderate 5-6 M

5
Moderate that test failures maY result in
production delaYs for re-design Degradation Testing
00 Low 2-3
High
Very high
2-4 L
1 L
and/or re-tooling.
Very low 1 Very high - Very low 1-10 L
Proven test method for Pass-Fail Testing Low - Very low 7-10 H
4
verification of functionalitY or Moderate 5-6 H
validation of Performance, Very high 8-1 0
3 High quality, reliability and durability; Test-to-Failure High 2-4 H
planned timing is sufficient to Very high 1 H
modify production tools before
2 Degradation Testing Low - Very low 7-10 H
release for Production'
Moderate 5-6 H
High 6-7
Prior testing confirmed that failure mode or cause cannot High 2-4 H
1 Very high occur, or detection methods proven to always detect the
Product or Very high M
failure mode or failure cause. 1
Plant Effect 7-8 Low - Very low 7-10 H
High
Moderate 5-6
Tabte C1.4 - DFMEA DETECTION (D) Moderate 4-5
M
High 2-4 M
Very high 1 M
Low - Very low 7-10 M
Moderate 5-6 M
Low 2-3
High 2-4 L
Very high 1 L
Very low 1 Very high - Very low 1-10 L

-192- -193-
 C2 PFMEA SOD and Ap Tabtes

Very high 8-1 0

Low - Very low
Moderate
High
7-10
5-6
2-4
H
H
M
f ril
c2.1 PFMEA SEVERTTY (S)
Very high 1 M
Process General Evaluation c riteria Seve
Low - Very low 7-10 M

Moderate 5-6 M Potential Failure Effects rated according to the criteria below Blank until
High 6-7 filled in by
High 2-4 M
user
Very hi h 1 L lmpact to Your lmpact to Ship-to Plant lmpact to End
Product or s Effect User or Product
Low - Very low 7-10 M Plant (when known)
Plant Effect 4-6 (when known) Line
Moderate Moderate 5-6 L
Moderate 4-5 Affects safe
High 2-4 L operation of the
L Failure may result in vehicle and/or
Very high 1
Failure may result in an
an acute health other vehides,
Low - Very low 7-10 L 10 and/or safety risk for acute health and/or safety
risk for the manufacturing the health of
Moderate 5-6 L the manufacturing or driver or
High or assembly worker
Low 2-3 assembly worker passenger(s) or
High 2-4 L
L
road users or
Very high 1
s.
Very low 1 Very high - Very low 1-10 L Failure may result in Failure may result in in-
9 in-plant regulatory plant regulatory Noncompliance
Low - Very low 7-10 M
with regulations.
no iance
Moderate 5-6 M
Line shutdown greater
Very high 8-1 0
High 2-4 L than full production shift;
100% o'f production
Very high
Low - Very low 7-10
1 L
L
00 run affected may
have to be scrapped
stop shipment possible;
field repair or
replacement required
5-6 L Failure may result in (Assembly to End User) Loss of primary
Moderate
High 6-7 in-plant regulatory other than for regulatory vehicle function
2-4 L
High I noncompliance or noncompliance. necessary for
Very high 1 L may have a chronic Failure may result in in- normal driving
Product or health and/or safety during expected
Low - Very low 7-10 L plant regulatory
Plant Effect 2-3 service life.
risk for the noncompliance or may
Low Moderate 5-6 L Moderately
manufacturing or have a chronic health
Moderate 4-5
L
high
High 2-4 assembly worker and/or safety risk for the
Very high 1 L manufacturing or
ASSEM worker
Low - Very low 7-10 L
Product may have to Line shutdown from 1
Moderate 5-6 L be sorted and a hour up to full production Degradation of
Low 2-3 portion (less than primary vehicle
High 2-4 L shift; stop shipment
100Y:o) scrapped; possible; field repair or function
Very high L 7
1
deviation from replacement required necessary for
Very high - Very low 1-10 L primary process; (Assembly to End User) normaldriving
I
Very low 1
decreased line speed other than for regulatory during expected
No service life.
Very low - 1-10 Very high - Very low 1-10 L or added man r no
Discernible 1
Very high
Effect

Table C1.5 - ACTION PRIORITY FOR DFMEA

-194- -195-
 Process General Evaluation Griteria
c2.2 PFMEA OCCURRENCE (O)
Blank until ( (\
filled in by Occurrence Potential (O) for the process
Potential Failure Effects rated according to the criteria below user
Corporate Potential Failure Causes rated according to the criteria below. Consider Prevention
lmpact to End or Product
lmpact to Your lmpact to ShiP'to Plant User Controls when determining the best Occurrence estimate. Occurrence is a predictive
S Effect (when known) Line qualitative rating made at the time of evaluation and may not reflect the actual
Plant (when known) Examples Blank untitfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
100% of production FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
Loss of
run may have to be Line shutdown uP to one secondary
Ratings, use the rating that best reflects the robustness of the control.
6 reworked off line and hour vehicle function Corpo rate or
accePted Prediction of Failure Type of
o Gause Occurring Prevention Controls Product Line
Less than 100% of Control
Exa m es
A portion of the product affected; strong Degradation of 10 hi None No on controls
production run may possibility for additional secondary
5 Moderately have to be reworked defective product; sort 9
vehicle function. Prevention controls will have little
low required; no line Very high Behavioral
off line and accePted effect in preventing failure cause.4
shutdown I
Very Prevention controls somewhat
Defective Product triggers objectionable 7
100% of production significant reaction Plan;
High effective in preventing failure
run may have to be appearance, 6 cause.
additional defective Behavioralor
4 reworked in station sound, vibration,
products not likelY; sort Technical
before it is processed harshness, or 5 Prevention controls are effective
not required Moderate
ha in preventing failure cause.
4
ModeratelY 3 Low Best Practices: Prevention controls are highly
A portion of the Defective Product triggers objectionable
minor reaction Plan; Behavioralor effective in preventing failure
production run may appearance, 2 Very low
additional defective Technical cause.
3 have to be reworked
products not likelY; sort
sound, vibration, ( ()
in-station before it is harshness, or
not required Prevention controls are
processed haptics. extremely effective in preventing
Low failure cause from occurring due
Defective product triggers Slightly to design (e.9. part geometry) or
no reaction Plan; objectionable 1 Extremely low Technical process (e.9. fixture or tooling
Slight inconvenience additional defective appearance, design). lntent of prevention
2 to process, oPeration, products not likely; sort sound, vibration, controls - Failure Mode cannot
or oPerator not required; requires harshness, or be physically produced due to
feedback to suPPlier haptics. the Failure Cause.

No discernible effect or No discernible Prevention Control Effectiveness: Consider if prevention controls are technical (rely on machines, tool
1 Very low No discernible effect no effect effect. life, tool material, etc.), or use best practices (fixtures, tool design, calibration procedures, error-proofing
verification, preventive maintenance, work instructions, statistical process control charling, process
monitoring, product design, etc.) or behavioral (rely on certified or non-cedified operators, skilled trades,
team leaders, etc.) when determining how effective the prevention controls will be.
Table C2-1 - PFMEA SEVERTTY(S)
Tabte C2.2 - PFMEA OCCURRENCE (O)

1 l)
-197-
- 196 -

G2.3 Alternative PFMEA Occurrence (O) Tables
Values
C2.g.1 PFMEA Occurrence (O) with lncidenfs per Thousand
Occurrence Potential (O) for the Process
below Co NS der P reve ntion
Potential F a lu re Cau ses rated accord ing to the criteria
Occu rrence IS a p red ctive
Contro ls when determining the best Occu rre nce estimate
qu itative rating mad e at th ti me of evaluation and may not
reflect the actual
VE rating withi n th scope of the
occu rrence. The occurren ce ratin NU m ber S re ati
o n Co ntro with MU tiple Occurre nce
F M EA (p roces S bei ng evalu ated) For P reventi
S
C2.3.2 PFMEA OCCIIRRENCE (O) with Time Based Faiture prediction
( (ilt Values
Occurrence Potential (O) for the Process
Potential Failure Causes rated according to the criteria below. Consider Prevention
Controls when determining the best Occurrence estimate. Occurrence is a predictive
qualitative rating made at the time of evaluation and may not reflect the actual Blank untitfiiled
Blank untilfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
in by user
Ratings, use the rating that best reflects the robustness of the control.

Ratings use the rati ng th at best reflects th e robustness of the control. Time Based Failure Type of c orporate or
o Prevention Gontrols Product Line
Gorporate or Cause Prediction Gontrol
Type of Exam
lncidents per 1000 Prevention Gontrols Product Line
o items/vehicles Control les
10 Eve time None No controls.

> 100 per thousa nd No prevention controls

I Almost every time
Prevention controls will have little
10 None Behavioral
>/= 1 in 10 More than once per effect in preventing failure cause.
50 per thousand
I shift
I 1in20 Prevention controls will have little
More than once per
Behavioral effect in preventing failure cause. 7
20 per thousand Prevention controls somewhat
d
I 1in50 More than once per
effective in preventing failure
6 cause.
10 per thousand Prevention controls somewhat week Behavioral or
7
1 in 100 effective in Preventing failure More than once per Technical
5
2 per thousand cause' month Prevention controls are effective
6 Behavioral or
1 in 500 More than once per in preventing failure cause.
Technical 4
.5 per thousand (
5
1 in 2000 Prevention controls are effective
in preventing failure cause. 3 Once per year Best Practices Prevention controls are highly
1 per thousand Behavioral or effective in preventing failure
4
1in1 000 Less than once per
2 Technical cause.
.01 per thousand Best Practices Prevention controls are highlY
3 Prevention controls are
1 in 100 0
Behavioral or effective in Preventing failure
< .001 per thousand cause. extremely effective in preventing
2 Technical
linl 000 failure cause from occurring due
Prevention controls are to design (e.9. part geometry) or
1 Never Technical process (e.9. fixture or tooling
extremely effective in preventing
design). lntent of prevention
failure cause from occurring due
controls - Failure Mode cannot
Failure is eliminated to design (e.g. Part geometry) or
process (e.g. fixture or tooling be physically produced due to
1 through Prevention Technical
design). lntent of Prevention the Failure Cause.
control
controls - Failure Mode cannot Prevention Control Effectiveness: Consider if prevention controls are technical (rely on machines, tool
be physicallY Produced due to life, tool material, etc.), or use best practices (fixtures, tool design, calibration procedures, error'proofing
the Failure Cause. verification, preventive maintenance, work instructions, statistical process control charting, process
monitoring, product design, etc.) or behavioral (rely on certified or non-certified operators, skilled trades,
are technical (rely on machines, tool
Prevention Control Effectiveness: Consider if prevention controls team leaders, etc.) when determining how effective the prevention controls will be.
(fixtures, tool design, calibration procedu res' error-proofing
life, tool material, etc.), or use best Practices
work instructions, statistical p rocess control charting, Process
verification, Preventive maintenance,
monitoring, Product desig n, etc.) or behavioral ( rely on certified or non-certified operators, skilled trades, Table C2.3.2 - Alternate PFMEA OCCURRENCE (O)
co ntrols will be.
team leaders, etc.) when determining how effective the Prevention

Tabte C2.3.1 - Atternate PFMEA OCCURRENCE (O)

t
- 199 -
- 198 -
 c2.4 PFMEA DETECTION (D)
Detection Potential for the Validation of the Process Des
Detection Controls rated according to the Detection Method Maturity and Opportunity for
Detection.
Ability to Detection Method
D Opportunity for Detection
Detect Maturity
No testing or inspection
10 method has been
established or is known.
Very low It is unlikely that the
testing or inspection
9 through random or sporadic audits.
method will detect the
failure mode.
Test or inspection method
I has not been proven to
be effective and reliable
(e.9. plant has little or no
Low experience with method,
gauge R&R results
7 marginalon comparable
process or this
application, etc.).
6 Test or inspection method
has been proven to be
effective and reliable (e.9.
plant has experience with
Moderate
method, gauge R&R
results are acceptable on
5 comparable process or
this application, etc.).
-200 - - 201
n
Blank until
filled in by
f !(T
Detection Potential for the Va lidati on of th e Process Desi gn
Detection Control s rated according to the Detection
Detection.
Method Maturity and opportunity for Blank until
filled in by
user
user Corporate
D
Ability to Detection Method
Corporate Opportunity for Detection or Product
Detect Maturity
or Product Line
Line
Examoles Machine-based automated detection
method that will detect the failure mode
The failure mode will not or cannot be
downstream, prevent further processing
detected.
or system will identify the product as
4 discrepant and allow it to automatically
The failure mode is not easily detected move forward in the process untiltho
System has been proven designated reject unload area. Discrepant
to be effective and product will be controlled by a robust
reliable (e.9. plant has system that will prevent orfflow of the
Human inspection (visual, tactile, audible),
or use of manual gauging (attribute or experience with method product from the facil ity
variable) that should detect the failure on identical process or
Machine-based automated detection
mode or failure cause. this application), gauge
method that will detect the failure mode in-
R&R results are
Machine-based detection (automated or High station, prevent further processing or
acceptable, etc.
semi-automated with notification by light, system will identify the product as
buzzer, etc.), or use of insPection 3 discrepant and allow it to automatically
equipment such as a coordinate move foruvard in the process until the
measuring machine that should detect designated reject unload area. Discrepant
product will be controlled by a robust
failure mode or failure cause.
Human inspection (visual, tactile, audible), system that will prevent outflow of the
or use of manual gauging (attribute or
variable) that will detect the failure mode
0 Detection method has
been proven to be
from the
or failure cause (including product sample Machine-based detection method that will
checks 2 effective and reliable (e.g. detect the cause and prevent the failure
plant has experience with
Machine-based detection (semi- mode (discrepant part) from being
method, error-proofing produced.
automated with notification by light,
etc.
buzzer, etc.), or use of insPection
Fai lu re mode cann ot be physical ly prod uced as-designed
equipment such as a coordinate or
1 Very high processed or detecti o n methods proven to always
measuring machine that will detect failure d etect the fa lure
mode or failure cause (including product mode or failure cause
sam checks
Table C2.4 - PFMEA DETECTION (D)
 Prediction of ACTION

c2.5 ACTIoN P RIORITY

T ABLE FOR PFMEA
Action PrioritY (AP) for
P FMEA
Blank until
om Effect S Failure Cause
Occu
o Ability to Detect D PRIORITY Comments

tn Low - Very low 7-10 H

co mbinations of SeveritY o ccurrence an d D etection ratings filled in bY
based on Moderate 5-6 H
Action P rioritY rs user
Very high 8-1 0
fo risk redu ction
ord er to prioritize actions High 2-4 M
ACTION
Prediction of PRIORIT Comments Very high 1 M
D
Failure o AbilitY to Detect Y (AP) Low - Very low 7-10 M
Effect S Cause
Occu H Moderate 5-6 M
Low - Very low
7-10 High 6-7
H High 2-4 M
Moderate 5-6
H Very high 1 L
Very high B-10 2-4 Product or
High
H Plant Effect 4-6 Low - Very low 7-10 M
1
V high Moderate
H Moderate 5-6 L
7-10 Moderate 4-5
Low - Very low High 2-4
I
5-6 H
il Moderate
H Very high 1 L
High 6-7 High 2-4
H Low - Very low 7-10 L
1
Ve high
Moderate 5-6 L
Product or 7-10 H
Low 2-3
9-10 Low - Very low High 2-4 L
Plant Effect 5-6 H
Very high Moderate
H Very high 1 L
Moderate 4-5 High 2-4
M Very low 1 Very high - Very low 1-10 L
1
high
H Low - Very low 7-10 M
Low - Very low
7-10
5-6 M Moderate 5-6 M
Moderate Very high 8-10
Low 2-3 2-4 L High 2-4 L
I L Very high L
Ve 1

1-10 L
V high - Very low Low - Very low 7-10 L
Very low 1
7-10 H
Low - low Moderate 5-6 L
5-6 H High 6-7
H High 2-4 L
B-10 High 2-4
Very high Very high 1 L
1 H Product or
Very high
H Plant Effect 2-3 Low - Very low 7-10 L
Low - Very low
7-10
Low Moderate 5-6 L
5-6 H 4-5
Moderate Moderate
6-7 H High 2-4 L
High h 2-4
1 M Ve high 1 L
h h
low 7-10 H Low - Very low 7-10 L
Product or Low -
5-6 M Moderate 5-6 L
Plant Effect 7-B Moderate Low 2-3
4-5 2-4 M High 2-4 L
High Moderate High
1 M Very high 1 L
VerY h
7-10 M Very low I Very high - Very low 1-10 L
Low - Very low
5-6 M No
Moderate Very low -
L Discernible 1 1-10 Very high - Very low 1-10 L
Low 2-3 High 2-4 Very high
Effect
1 L
Very high

Very low I Very high - Very low 1-10 L Table C2.5 - ACTION PRIORITY FOR PFMEA

-203 -

-202 -
 C3.2 Supplemental FMEA-MSR FREQUENCY (F)
C3 FMEA-MSR SFM and AP Tables ( (@
Frequency Potential for the Product
C3.1 Supplemental FMEA-MSR SEVERITY (S) Frequency criteria (F) for the estimated occurrence of the Failure Cause in relevant B I a nk unti I
operating situations during the intended service Iife of the vehicle fi lled in by
user
Estimated rate or
Product General Evaluation Criteria Severity (S) F
Frequency Frequency criteria - FMEA-MSR Product Line
Blank untilfilled in bY Exa m es
Extremely Frequency of occurrence of the Failure Cause is unknown
Potential Failure Effects rated according to the criteria below user
10 high or cannot or known to be unacceptably high during the intended
Gorporate or be determined service life of the vehicle
Severity criteria Product Line I Failure Cause is likely to occur during the intended service
s Effect
life of the vehicle
High
Fail ure Cause may occur often in the field during the
Affects safe oPeration of the vehicle and/or other I intended service life of the vehicle
10 vehicles, the health of drive r or passenger(s) or Failure Cause may occur frequently in the field during the
road users or estrians 7
Very High intended service life of the vehicle

9 Noncompliance with regulations 6 Medium

Failure Cause may occur somewhat frequenfly in the field
during the intended service life of the vehicle
Loss of primary vehicle function necessary for Failure Cause may occur occasionally in the field during
I normal driving during expected service life.
5
the intended service life of the vehicle.
High Degradatio n of primary vehicle function Failure Cause is predicted to occur rarely in the field
7 necessary for normal driving during exPected 4 Low during the intended service life of the vehicle. At least ten
service life. occurrences in the field are predicted

6 Loss of secondary vehicle function

0 3 Very low
Failure Cause is predicted to occur in isolated cases in the
field during the intended service life of the vehicle. At
least one occurrence in the field is predicted.
5 Moderate Degradation of secondary vehicle function Failure Cause is predicted not to occur in the field during
the intended service life of the vehicle based on
Very objectionable appearance, sound, vibration, 2 Extremely low prevention and detection controls and field experience
4 harshness, or haPtics. with similar parts. lsolated cases cannot be ruled out. No
Moderately objectionable appearance, sound, proof it will not happen
3 vibration, harshness, or haPtics. Failure Cause cannot occur during the intended service
Low 1 Gannot Occur life of the vehicle or is virtually eliminated. Evidence that
Slightly objectionable appearance, sound, Failure Cause cannot occur. Rationale is documented.
2 vibration, harshness, or haPtics.
Percentage of relevant operating condition
1 Very low No discernible Failure Effect. rn com parison to overall operating time Value by which F may be lowered
< 10% 1

Note: This table is identical to Table c1.1 - DFMEA SEVERITY (S) < 1o/o 2

Table C3-1 - Supplementat FMEA-MSR SEVERITY (S) NOTE: Probability increases as number of vehicles are
increased
Reference value for estimation is one million vehicles in
the field

Table C3-2 - Supplemental FMEA-MSR FREQUENCY (F)

-205-
-204-

G3.3 Supplemental FMEA-MSR MONIToRING (M)
Supplemental FMEA for Monitoring and System Response (M)
Monitori ng c riteri (M fo Fail u re Cau SES, F ailure Modes an d
numbe that correspo nds with the
Monitoring du n ng c ustom er Operation U SE the rating
of eith criteria for Mo nitori n or
least effective
Effectiveness of
Diagnostic Monitoring /
Monitoring
M Sensory PercePtion Griteria
Gontrols and
System ResPonse
The faulVfailure cannot be
detected at all or not during the
10 Not effective fault tolerant time interval; by the
system , the driver, a Passenger,
or service technician
The faulVfailure can almost never
be detected in relevant oPerating
conditions. Monitoring control
9 Very Low with low effectiveness, high
variance, or high uncertaintY.
Minimal ostic
The faulUfailure can be detected
in very few relevant oPerating
conditions. Monitoring control
I Low with low effectiveness, high
variance, or high uncertaintY.
Diagnostic coverage estimated
<60%.
Low probabilitY of detecting the
fault/failure during the fault
tolerant time interval bY the
system or the driver. Monitoring
Moderately Low
7 control with low effectiveness,
high variance, or high
uncertainty. Diagnostic coverage
estimated >60%.
The faulVfailure will be
automaticallY detected bY the
system or the driver onlY during
6 to react to the detected
power-up, with medium variance
in detection time. Diagnostic
estimated >90%
The faulUfailure will be
Moderate automaticallY detected bY the
system during the fault tolerant
time interval, with medium
5 variance in detection time, or
detected bY the driver in very
many operating conditions.
Diagnostic coverage estimated
between 90% -97%
Failure Effects by Blank until
filled in by
m nse
Gorporate
System ResPonse /
Human Reaction
Griteria
No response during the
fault tolerant time
interval.
The reaction to the
faulVfailure bY the
system or the driver maY
not reliably occur during
the fault tolerant time
interval.
The reaction to the
faulVfailure bY the
system or the driver maY
not always occur during
the fault tolerant time
interval.
Low probabilitY of
reacting to the detected
faulUfailure during the
fault tolerant time interval
by the system or the
driver.
The automated sYstem
or the driver will be able
faulUfailure in manY
operating conditions.
The automated sYstem
or the driver will be able
to react to the detected
faulVfailure in very manY
operating conditions.
Su pplementa FM EA for Mo n ito n n g and System Respon
( se (I'r)
m M on ito ring Crite na M) for F a ilure Ca uses Fai u re Mod es nd Fai
Monitorin g du n ng c ustom er Operation Use the rati ng n u mber th at corresponds by
least effective of eith e cn te na for Monitori
or
user Effectiveness of
Monitoring Diagnostic Monitoring /
M or
Controls and Sensory Perception Criteria
or
System Response
Product
Line The faulVfailure will be
automatically detected by the
system during the fault tolerant
4 Moderately High time interval, with medium
variance in detection time, or
detected by the driver in most
operating conditions. Diagnostic
e estimated >97o/o.
The faulVfailure will be
automatically detected by the
system during the fault tolerant
time intervalwith very low
3 High
variance in detection time, and
with a high probabitity.
Diagnostic coverage
estimated >99o/o.
( D
The faulVfailure will be detected
automatically by the system with
very low variance in detection
2 Very High time during the fault tolerant time
interval, and with a very high
probability. Diagnostic coverage
estimated > 99.9%.
Reliable and The faulVfailure will always be
acceptable for detected automatically by the
1 elimination of system. Diagnostic coverage
originalfailure estimated to be significantly
effect than 99.9%
Table C3-3 - Supplementat FMEA-MSR MONITOflNG
u re
Blank u ntil
with the filled in by
m Res
user
Gorporate
System Response /
Human Reaction
Product
Criteria
Line
The automated system
or the driver will be able
to react to the detected
faulVfailure during the
fault tolerant time
interval, in most
operating conditions.
The system will
automatically react to the
detected faulVfailure
during the fault tolerant
time interval in most
operating conditions with
very low variance in
system response time,
and with a high
robabil
The system will
automatically react to the
detected faulUfailure
during the fault tolerant
time intervalwith very
low variance in system
response time, and with
a h h
The system willalways
automatically react to the
detected faulVfailure
during the fault tolerant
time interval.
(M)

-207 -
-206 -
 Action for FMEA-MSR
G3.4 ACTION PRIORITY FOR FMEA.MSR
Action Pri for FMEA'MSR
rati ngs n order to
o (fti Action Priority ts based on com bi nations of Severity F req
uen cy a nd Mon itoring rati
p rioritize actions fo r risk red uction ngs In order
to
and M onitorin
Action Priority IS based on combi nations of SeveritY FrequencY
pno ritize actions for risk redu ction. Prediction of
Effect S Failure Gause F
Effectiveness of
ACTION M
Prediction of Effectiveness of PRIORITY
Monitoring
F M
Effect S Failure Cause Monitoring High - Extremely
high 7-10 Reliable - Not effective 1-10
H
Medium - ExtremelY 5-1 0 Reliable - Not effective 1-10 H
h
ModeratelY high - Not Moderate - Not effective 6-1 0
4-10 H H
effective Medium 5-6
Low 4 2-3 H Product Reliable - Moderately
I
Very hish - High 1-5
I
Reliable 1 M Effect hish M
I
Moderately 4-6
ModeratelY high - Not 4-10 H
i Product Low Very low - Not effective 9-1 0
I 10 effective M
i Effect High Very low 3
Very high - High 2-3 M
Extremely low - Low 2-4 Moderately high -
Reliable 1 L 7-B
Moderate M
ModeratelY high - Not 4-10 M
2 effective Reliable - Moderate 1-6 L
Extremely low
Reliable - 1-3 L Cannot occur Reliable - Not effective
1
1-10 L
1-10 L
Cannot occur 1 Reliable - Not effective High - Extremely
high 7-10 Reliable - Not effective 1-10 H
1-10 H
Low - Extre 4-10 Reliable - Not effective
- Not effective 2-10 H
ExtremelY low - Very 2-3 Moderately low - Not
Reliable - H h 1 L 7-10 M
Product I low Medium 5-6 effective
Effect High Product
1-10 L Effect Low 2-3 Reliable - Moderate
Cannot occur Reliable - Not effective 1-6 L

Extremely low - Low 2-4 Reliable - Not effective

Medium - ExtremelY Reliable - Not effective 1-10 H 1-10 L
6-1 0
high
ModeratelY high - Not 5-10 H Cannot occur Reliable - Not effective
1
1-10 L
effective
Medium 5
Reliable - ModeratelY Product
1-4 M Cannot occur -
h h Effect Very 1 1-10 Reliable - Not effective
Extremely high 1-10 L
ModeratelY low - Not low
7-10 H
effective
ModeratelY high -
NorE: lf M=1, the severity rating of the Fairure Effect after
Product Low 4 4-6 M
Monitoring and System Response is to be used for
Effect Moderate
7-8 1-3 L determining MSR Action priority. lf M is not equal to 1,
ModeratelY Reliable - High
then the severity Rating of the originar Fairure Effect is
high Very low - Not effective 9-10 H
to be used for determining MSR nttion priority.
M
Very low 3 ModeratelY low - Low 7-B

Reliable - Moderate 1-6 L Table C3.4 - ACTTON pRtORtTy FOR FMEA_MSR

ModeratelY low - Not 7-10 M
2 effective
Extremely low
Reliable - Moderate 1-6 L

Reliable - Not effective 1-10 L

Cannot occur 1

-208- -209 -
 Analysis (FTA) as methods to identify potential causes of malfunctioning behavior..FMEA_MSR
( h
i tt Tgl",1t-"d to supplement the DFMEA by analyzing the effectiveness of diagnostic monitoring
and system response in maintaining functional safety. ln addition to safety considerations, the
method can also be used for analysis of regulatory compliance topics.

D2.2 Linkage between Frequency (F) and Exposure in ISO 262G2

Exposure in ISO 26262 refers to the duration or frequency of an operational situation. However,
Frequency in FMEA-MSR refers to the occurrence of a fault during an operational situation.
Therefore, the two metrics are related, but not equivalent.

D2.3 Linkage between Frequency (F) and FIT Rates ,n ,SO 26262
Frequency is a qualitative estimation of how often the considered failure cause may occur
during an operational situation. FIT Rates are a quantitative assessment of the measured
reliability of an E/E component, based on exposure of the component to specific*test conditions.
Therefore, the two metrics are related, but not equivalent.

D2.4 Linkage between Monitoring (M) and Diagnostic Coverage in

tso 26262
Monitoring (M) considers the ability of persons and/or the system to detect a specific cause
(fault or failure), and react to that detected fault or failure within the Fault Tolerant Time lnterval
(FTTI). Diagnostic Coverage in ISO 26262 refers to the ability of the system to detect a
percentage of all possible faults, and react to a fault within the Fault Tolerant Time lnterval
(FTTI). Therefore, the Monitoring rating in FMEA-MSR has a wider scope of detection, but
relates only to a specific cause.

D2.5 Linkage between Failures in FMEA-MSR fo

Faults/ErrorslFailures rn rSO 26262
A Failure Cause in FMEA-MSR is equivalent to a Fault in ISO 26262. However, it is not
necessarily a root cause, depending on whether the scope of analysis is a component or a
system. A Failure Mode in FMEA-MSR is equivalent to an "Error" in ISO 26262. A Failure Effect
in FMEA-MSR is equivalent to a "Failure" in ISO 26262 (Ref. Part 10, Clause 4.3.1).

-211 -
 (
E Further Application Fields
Failure Effect
0 with the DFMEA and PFMEA described, all application fields
Failure Effect can
original
Failure Effect S = 1'..9 be covered.
Failure Effect S = 1..'9
10 5=1"0
S=10 The procedure is also transferable to suppliers of the automotive
--
Mitigated Failur* Effect industry of other industrial branches. The special features
ss8 specific procedures are to be taken into account. "nJ

M=2."9
M=2...10 El FMEA for Software Scopes
M=10 M=L
The functions of a system are realized more and more often by
software. A Design FMEA examines the functional capability of a
Failure Cause
Failure Cause system, and therefore the inspection of software scopes is a part
Failure Cause Failure Cause of this. The system and its effect relationships should be inspected
Safe Fault or
Residual Fault
Non safetY-relevant Fault
as a whole in the analysis of the software scope. r,
No [quivalent
Single-PointFault
When inspecting software scopes, special problems can occur
not in scope of FMEA-MSR
f.rOff: Multiple-point Faults are that are considered in the following sections.
{ NOTE: The term "Software FMEA" is misleading, since not the
software but the functions that are realized by the
FigureD2-lLinkagebetweenFailureCausesinFMEA.MSRfoFauttsintSo26262
software are to be examined in the system context.

fo manufacturers of E2 Objective of the Software Scopes lnspection

D2.6 Appticability of FMEA-MSR
Analysis of the software requirements:
microcontrollers FMEA-MSR
analysis of microcontrollers' G
method'for ouantitative Demand from the complete system
FMEDA is the recommended but inY additionar value'
;;;
;;ft;;uio"
analYsis'
;;;;; t;"d for qualitative Checking the basis information/boundary conditions/specifications
Systematical actions for risk reduction, e.g. concept change,
avoidance, detection.
Analysis of possible faults in software scopes:
Effect on the complete system
Depiction of the interaction of software modules in the complete
system
Risk assessment of the of software modules.

I,

ir,

-213-

-212-
 F
E3FMEAintheSoftwareDevelopmentProcess Vehicle aPProval test
f fr
Change Point Summaries

F1 AIAG 4th Edition FMEA Reference Manual to AIAG & VDA FMEA Handbook
D€veloPmentof
fequ iremanta'
Valldatlon F1.1 AIAG 4th Edition DFMEA to ALAG & vDA FMEA Handbook
)-_.'
DFMEA
DeveloPment of Systs$ test lntrllrati o n
The AIAG & VDA FMEA method is described by a 7-Step approach. The steps are the
architectu.e synthesis of AIAG and VDA DFMEA process steps. For example, Block/Boundary Diagrams
f+
(0!
\.- shown as Step 2 of the 7-Step approach and the same deliverable is shown as a prerequisite
are
in
A\, Ptoducttast the 4th Edition.
Product
Oesign"
o procossing lntsgration Special Characteristics are removed from DFMEA but stay in PFMEA, see Annex Dl Special
a Function t Characteristics.
module
tost For continuous lmprovement a History/Change Authorization column is added (For use as
Function I
applicable)
module
integration
The linkage between DFMEA and PFMEA is explained and FMEA Collaboration (Customer
Tiern-Tiern+1). -

The FMEA is especially suited for

the analvsis of requirements 1st Step: Planning and Preparation
-"plementation' Therefore its field of
and for the validati;;i G Preparation is partly considered in the 4th Edition General FMEA Guidelines, Chapter ll
upper part of the model shown'
application is primaiiiy in tne Overview of FMEA, and Chapter lll DFMEA. Step 1 includes definition of the "ST's": lnTent,
Timing, Team, Task, and Tool to be used to document the analysis as well as identification of

E4FMEAforMachineandFacilityManufacturers
0 the analysis subject and baseline DFMEA as appropriate.
FMEA Form Sheet header is defined within Step 1 and the following changes apply:
TheDFMEAofamachineissometimesreferredtoasa,.Machine
FMEA" in the literature' i. Gompany Name added
a machine was identified as a ii. Marking of System, Subsystem or Gomponent removed
Starting from a PFMEA in which iii. Engineering Location added
;il,'; biMen be prepared for the machine'
"un iv. Customer Name added
lnthePFMEA,therequirementson.thefunctions/abilitiesofthe
machine.
the
v. ModelYear(s)/Program(s)changedtoModelyear/platform
,"lni"" are ioentitieo in fft" analysis of vi. Subject added
Separate evaluation tables are
to be developed for this Machine vii. Key Date removed
FMEA.
viii. Revision Date added
follows the rules as Design or
ix. FMEA Number changed to DFMEA lD Number
At the end the Machinery FMEA x. Page Number of Page Number removed
Process FMEA' xi. Prepared By changed to Design Responsibility
xii. FMEA Date (orig.) changed to Start Date
xiii. Gore Team changed to Cross-FunctionalTeam
xiv. Gonfidentiality Level added
Re for chanqe : To use common terms and include necessary information for record
management

-215-
-214-
 2nd SteP: Structure AnalYsis
For DFMEA' ITEM is exPanded
to SYSTEM, SYSTEM ELEMENT'
ELEMEN
and COMPONENT
T as Focus Element, and
f rcil
4th

i.
Step: Failure Analysis
Concept of FOCUS ELEMENT establishes the focus of the analysis.
Potential Failure Mode changed to: Failure Mode (FM) of the Focus
Higher Level, SYSTEM Element
ELEMENT with SYSTEM as Next
Next Lower Level or Characteristic
TYPe ii. Potential Failure Effect changed to: Failure Effects (FE) to tne r.reiirrigher
levet
COMPONENT ELEMENT as Element and/or End User
Collaboration between customer
and supplier is defined and added iii. Potential Failure Gause changed to: Failure Gause (FG) of the Next Lower
Element
co mponent and/or or Characteristic
identifY the sYstem, subsystem,
Reason for change To
ation
correctlY
to the item (focus element) being analyzed
This information is needed iv. Order of columns changed from FM, FE, FC to FE, FM, FC
characteristic in rel
lmportant note: Although the order of columns changed, the
for SteP 3, Function AnalYsis
order of creating the analysis using a spreadsheet
remains the same. rt is necessary to identify first the
i 1. Next Higher Levet (FM), then either the (FE) or (FC) depending on the
,tl
rl SYSTEM team. When using FMEA-dedicated softwaie the team
may perform the DFMEA in a different way e.g.
identifying failures and then linking them in a froper
3rd SteP: Function AnalYsis failure chain of (FE), (FM), (FC).
so that rtem is
4TH Edition Form sheet A and c: rtem/Function and.Requiremenlarg,'sotit
the tevels defined in ldentify failures by systematic description of question approach.
ArAG i*u"iiuoi!:ioi each of
part of Step 1 and Function and nequireml.irp""" More detailed description how to formulate failure effects, failure mode and failure cause with
Step 2. examples.
how to formulate functions'
The description is more detailed Relationship is shown between PFMEA and DFMEA.
P-Diagram explained'
/ characteristics and usage of
Detailed definition of requirements Possible views in form sheet are described.
teams is described
Collaboration between engineering Collaboration between customer and supplier explained.
Reason for chanqe:- To establish the functions for each Item/SYstem
Element to demonstrate
of the next higher level
O
of how each level contributes to the functio nality leads to listing 1. Failure Effects (FE) to the
an understanding and Requirements of the Product
listin g the Positive Functions
Considering and Next Higher Level Element
and the Causes of Failure
the negatives, the Effect of Failure, and/or End User
A and C: ltem/Function
lmporta nt note: AIAG Form Sheet where customers
ne eded correction due to instances
an Item descriPtion and
have rece ived DFMEAs showing
or Requ irement identified Reason for chanoe: To promote the cause and effect analysis in terms of a chain of potential
Failure Mode with no Function
and Requirement are events. The structure, function, and failure sections of the form sheet are designed using a
The exPectation is that a Function
of how the Function pattern that leads to three levels of a failure chain (FE), (FM), (FC).
necessary for an u nderstanding
could fail
Sth Step: Risk Analysis
The term "ranking" replaced by "rating" because each failure is rated according to the criteria
1. Next Higher defined in the rating charts. Each rating chart has a new column to add company-specific
Level Function and examples
Requirement
i. Severity rating - Ten-point scale with similar definitions for each level. Split rating of 10
and 9 allowing for alignment with functional safety groups (Safety is 10 regardless of
warning, and 9 is regulatory). The same scale is used for DFMEA, PFMEA, and FMEA-
MSR when rating the (FE) to the end user level.
ii. Occurrence rating - Ten-point scale with added emphasis on Prevention Controls as
input to the Occurrence rating.

-217 -
-216-
 iii. Detection rating
_ Ten-point scare that considers Abi'ty to Detect,
Detection Method
f @
Responsible Target
Action
Taken
Completion
;nU[';.tt'*,n:*k:*3ii#ilr:lglf:ft
Reference AF
::-fi :",'j't^j'ili*S'S'uo'"
Person's Completion Status
Name Date
with
Pointer to
Date
Evidence
toi orruen and PFMEA'
by the
6iotn"iinformation designated
V.classification-replacedwithrirlercode(optional)_TheFitterCodecolumnmaybe
special
used to fiag potential
"nuru.iJ'i'iiJ'
7th Step: Result Documentation
Step 7 summarizes the scope and results of the DFMEA in a report for review by internal
management and/or the customer. The AIAG 4th Edition FMEA manual indicates that
management owns the FMEA process and has the ultimate responsibility of selecting and
applying resources and ensuring an effective risk management process including timing. These
statements are found in Chapter 2, Strategy, Planning, lmplementation. However, the 4th
Edition does not provide additional guidance on how to engage management in the DFMEA
team. Step 7 provides recommendations for what to include in results documentation. This
report should indicate the technical risk of failure as a component of the development plan and
project milestones.

Fl.2 AIAG 4th Edition PFMEA to AIAG & VDA FMEA Handhook
(s PFMEA
o
The AIAG & VDA FMEA method is described by a 7-Step approach. The descriptions below
1. Failure o O compare these 7-Steps to the current AIAG process. The comparisons include all form sheets
Effects (FE) to used in both manuals. As appropriate, it will be pointed out why (Reason for change or Reason
the Next
oc)o
C)
for use) the change can help lead to a more complete PFMEA.
Higher- Level
Element o
=
Ll
1st Step: Planning & Preparation -
and/or
End User
i. Define the Scope changed to 1st Step: Planning & Preparation
2nd Step: Structure Analysis -
i. ltem changed to Process ltem System, Subsystem, Part Element or Name of
6th SteP: OPtimization Process
Note: Different form formats, allow this to be listed a single place or on each line.
ThedefinitionofoptimizationisdetailedintheA|AG&VDAFMEAHandbook' ii. Process Step changed to Process Step Station No. and Name of Focus Element
open''completed' Discarded)
i.RecommendedActionsplitintotwocolumns:PreventiveActionand.DetectionAction iii. Process Work Element 4M Type has been added.
ii. New: Stat#(Sfi;;'t"o'tutu'l;;il;
iii. n-"iioiii"r"n yitl Pointer to Evidence
Changed:
Reason for use: This added step (4M) requires the users to consider the 4M's while reviewing
or internal use) the activity taking place within the process.
iv. New: Rem;i;i;";;FMeR tt"tn
effectiveness defined'
New assessment of action
described'
I
Continual improvement
CollaborationbetweenFMEAteam,management,customerandsupplierexplained' each
management to be sure
The information herps the user with visuar for follow-uP
Reason for change: tn";point"*o Evidence"
L

I
tl
''l
i, i."i"o"J und .or'r[""i ffi;";iir
piece of information
il reasons.

-219 -

-218-
 Or alternate form sheet

Or alternate form sheet

( 0 t. Funcficn of Sr Rmcfroo
sftr
E-bPmcerr
SrcPrs@rs Chmc*rffic
1. Prccaas Item lbm IUodt
Systen1 SubaYetem' Func$onof Etrfiur* fQneilrtlur
Part Elementor 8y*bn1 vr$rh
SubeyttrnL
PrrtElr*rat
@t
orFrocc*r

4th Step: Failure Analysis -

3rd Ste i. Potential Effect(s) of Failure changed to Failure Effects (FE) to the next Higher Level
Element and/or Vehicle End User
ii. Severity changed to Severity (S) of FE {
Note: The AIAG Severity Table was based on Effect on Customer and Effect on
Manufacturing, while AIAG & VDA Severity table is also based on Effect End User, it
divides Effect on Manufacturing into two sections, lmpact to Your PIant and lmpact
to Ship-to Plant (when known).
Reason r chanoe The division of manufacturing requires the user to consider the
internal impact and external impact to manufacturing.
iii
ilt Potential Failure Mode changed to Failure Mode (FM) of the Focus Element.
IV Potential Gause(s) of Failure changed to Failure Gause (FC) of the Work Element

0 0
1. Failure Effec{s (FE) to
3. FailweCase{FC}
the Next Higher Level
of &eWskElsnent
Element ancl/or End User

5th Step: Risk Analysis -

1. Function of the Process

ltem
Function of SYstem, SubsYstem'
Part Element or Process
Or alternate form sheet
ltem
1. Function of the Process
Function of SYstem, SubsYstem'
Part Element or Process
Function of thE Process
and Producl Characteristic
(Quantitative value is oPtional)
Function of the Prcoess
and Product Characteristic
{Quantitative
valuE 6 optionat)
3. Function of the Proess
Work Elernent and Proces
Charwtgdelic
i. Current Process Controls - Prevention changed to Current Prevention Control (PG)
of FC.
ii. Occurrence changed to Occurrence (O) of the FG.
Note: The AIAG Occurrence Table was based on "Likelihood of Failure" and "lncidents
items / vehicles" while the AIAG & VDA Table is based on "Prediction of Failure Cause
Occurring", "Type of Control", and "Prevention Controls".
Reason for Change: The AIAG & VDA is based on the robustness of the Prevention
Controls and can be applied to any production rate.
iii. Gurrent Detection Process Gontrols / Cause and Gurrent Detection Process
Controls / Failure Mode (Form Sheet E) is changed to Current Detection Controls
(DC) of FG or FM.
iv. Detection changed to Detection (D) of the FC / FM'.
Note: The AIAG Detection Table was based on "Opportunity for Detection", "Likelihood
of Detection by Process Control" and "Likelihood of Detection, while the AIAG & VDA

-221 -

-220 -
 Tabre is based on
,,Detection Method Maturity,,, "opportunity for Detection" and

Detect". gotn iabtes are based on

a 1 to 10 scale'
"Ability to

f T?
Responsible Target
Action
Taken
p
o
IJ

o
(,
v. RPN changed to PFMEA AP' with Completion G
Person's Completion Status
Name
Pointer Date so
is t (tow)' M (Medium)
ReasonforGhanqe:Th91|I,caleis1to1,000-basedonthesimplemultiplicationof Date o
i

S, O and o arIO-O-oEs apply rogic.

inl ne (nction prioiiiv) scale to
t!
the raiing of S' o' and D at the same Evidence (,
j

(,
and H (High);;ilr ilJoonia*inginto "l.ount CL
o
time and appties togic todetermine the priority of action'
lt

Characteristics'
vi. Glassification changed to Special
7th Step: Results Documentation -
Note:specialcharacteristicsandFiltercodearesub-categoriesofA|AGClassification'
& VDA Handbook' Step 7 summarizes the scope and results of the DFMEA in a report for review by internal
vii. Filter Code (Optional) new for AIAG
I

management and/or the customer. The AIAG 4th Edition FMEA manual indicates that
1

rl
management owns the FMEA process and has the ultimate responsibility of selecting and
I
applying resources and ensuring an effective risk management process including tim-ing.
I
These
statements are found in Chapter 2, Strategy, Planning, lmplementation. However, the 4th
I
o Edition does not provide additional guidance on how to engage management in the DFMEA
!
team. Step 7 provides recommendations for what to include in resultJdocumentation. This
I
i
o
(J
1

i
o report should indicate the technical risk of failure as a component of the development plan
i and
iE project milestones.

F2 vDA volume 4, chapter Product and process FMEA to AIAG & vDA FMEA
6th SteP: OPtimization - Handbook
i.RecommendedActionchangedtoPreventionActionandDetectionAction
F2.1 vDA volume 4, chapter product DFMEA to ALAG & vDA FMEA
I

Reasonforchange.=Thedivisionofinformationhelpstheuserwithvisualmanagement
rffi-o-prevention and Detection' Handbook
I
of actions
I
ii.Responsibility&TargetGompletionDatechangedtoResponsiblePersonsName The FMEA Method is described by seven-step approach, similar to the previous five-step
! and Target GomPletion Date' approach in VDA Volume 4, Product and process FMEA.
:
Reasonforchanqe:Requiresanameratherthanadepartment. The section Definition is the new first step Preparation and Project Planning. The result
documentation is added as step seven.
ill Status new for AIAG & VDA Handbook'
1. Preparation and Project planning
Reasonforchanqe:Userscantrackthepercentageofcompletion' 2. Structure Analysis
iv ActionResults.ActionsTakenGompletionDateandActionsTaken&Effective
with Pointer to Evidence and 3. Function Analysis
Date (Form sheets;': H) is cnangeo t"'A;tdJaken 4. Failure Analysis
Completion Date. !-,--^^. 5. Risk Analysis
addition to listing actions taken' a direction to evidence ls 6. Optimization
Reason for chanqe: ln 7. Result Documentation
required.
Special Characteristics are removed from the DFMEA Form Sheet but stay in the pFMEA Form
V Severity/occurrence/Detection/RPNchangedtoSeverity/occurrence/ Sheet. See Annex C1 Special Characteristics.
Detection / AP'
& VDA Handbook'
VI Soecial Gharacteristics new for AIAG For continuous lmprovement history column is added and the authorization column changed.
vii il;;i" ;"* tot AIAG & VDA Handbook'
The linkage between DFMEA and PFMEA is explained and the FMEA Collaboration (Customer
- Tier n - Tier n+1).

-223 -
-222-
 Characteristic or lntended-. Function v' Characteristics
' -"J'vrr or
fr
vrrqrqvrsrrDLrt/D of vurrrpurlent El
ur Component tslernent (Next
or Characteristic Type). Lower Level
thor" listed in the Appendices'
ThecomparisonbelowshowsthefolrytofFMEAForm.SheetslistedintheVDAVolume4to
& vDA]i;;l[oo* in"ruoing
0
the form sheets rirtJin-inl'nrAc
1. Next Higher Level
Asappropriate,itwillbepointedoutwhy(Reasonforchange)theformatcanhelpleadtoa Function and
more complete DFMEA' Requirement
lst SteP: Planning and PreParation
"Definition - D" i'lepracedt{f::'::i,1i",il:'l3r?il:,t#:ffilt:","1["X3iill"'1"'01?I'J'"" The description is more detailed how to formulate functions.
sectlons
considered in definition' Both
I
I
l

Detailed definition of requirements / characteristics and usage

FMEAFormsheetheaderisdefinedwithinsteplandnewcolumnsarechangedoradded. of p-Diagram exptained.
Changed:
L
Model Year(s) / Program(s) Possible view in form sheet is described
ii. Changed: Subiect Collaboration between engineering teams is described.
iii. Changed: Siutt Prt" and Revision Date
iv. Changedr Cross FunctionalTeam Reason for chanqe: !
V. Changed DFMEA lD Number considering and listing the positive Function_s and Requirements of
Design ResPonsibilitY the product, leads to listing
vi. Changed the negatives, the Effect of Failure, and the causes of Failure.
vii. Added: ComPanY Name
viii. Added: Engineering Location
ix. Added: Customer Name
X. Added: ConfidentialitY Level

SteP: 0
l'
2nd Structure AnalYsis
and COMPONENT
t,
ITEM is exPand ed to SYSTEM, S YSTEM ELEMENT' as Focus Element, and
For DFMEA, Level, SYSTEM ELEMENT
SYSTEM as Next Higher
ELEM ENT with or Characteristic TYPe
AS Next Lower Level
COMPON ENT ELEMENT
I

1. Next Higher Level

SYSTEM

Connectiondescriptionwithprocessflowdiagramandstructuretree
are described'
Possible views in form sheet
added'
and supplier is defined and
Collaboration between customer
help
rhe Next Hisher and Lower Level
fiffi:J:Jffi?TEA team on the,Erement to anarvze. SYSTEM'
r".ur", and the ot i".ut" tint< in the defined
ffi;;;
to identify the Effectli

3rd SteP: Function AnalYsis

unJ n"quitement and lntended
FoTDFMEA,FUNCTIoN/REQUlREMENTisexpandedtoFunctionandRequirementor
lntended output of system (rrre{,Hi9!"ir"""r)1-qunction Requirement or
LGrn"nt), ano rui'rction and
performance output bt system etement Fl'";!

-225 -
-224 -
 4th SteP: Failure AnalYsis ( 1. Failure
Concept of FOCUS ELEMENT establishes
the focus of the analysis Effects (FE)to -6
C
the Next o
o.
1. Failure Effects (FE) to the
Next Higher Level Element
Higher Level
Element
I o)
and/or End User and/or E
o
End User o
iI
of question approach'
ldentify failures by systematic description
with
fairure effects, fairure mode and fairure cause ,|?:*".'j|:X?:tr'J,[:il
More detaired description how to formurate an d cu rre nt d etect o n co n tro s with exa
iX3f":"i? :J#,:'
i r

i mp r es
examples.
and DFMEA' Current Controls, even if the implementation is in the future,
Relationship is shown between PFMEA are part of Risk AngJysis.
New and more detailed described evaluation table of severity ,,end
Possible views in form sheet are described' of user,,.
explained' More detailed described evaluation tables occurrence and detection
Collaboration between customer and supplier with examples.
AP as replacement of RPN introduced with Action Priority high,
Reason for change: medium, and low.
New column "Filter Code (Optional),, introduced.
TheFailureEffects(FE)totheNextHigherLevelElementand/orEndUser,theFailureMode
(FC) of the Next Lower Element or
Cause
(FM) of the Focus f]"ni"nt, and the Failure Possible views in form sheet are described.
bharacterlstic are aligned in the SYSTEM'
I

I
collaboration between customer and supprier exprained.
i Reason for chanqe:
I

t.
Sth SteP: Risk AnalYsis
0 The AP (Action Priority) scale is_L (Low), M (Medium), and H (High)
is based on taking into
SeveritY (S) rating: account the rating of S, o, and D at the s.ame time and applying
Iogi" to determine the priority of
Tenpointscalewithnewdefinitionsforeachlevel.Splitratingofl0andgallowingfor action' The table also makes recommendations on how wort< tnrou-gh
the three Ap levels.
I

;;";t regardless of warning' and 9 is

is"r"tv it 1o
atignment witn tunctional safety
regulatory). ih" ,ur" scate is uieJior brvEn, PFMEA, and FMEA-MSR'
6th Step: Optimization
Occurrence (O) rating:
Definition of optimization detailed
Tenpointscalewithnewdefinitionsforeachlevel.EmphasisonPreventionControlsas
inpuito the Occurrence rating added'
Action
Responsible Target a
Detection (D) rating: Taken
Completion
lz
L

level' Ability to detect and timing Person's Completion Status with (U

Ten point scale with new definitions for each Name Date Pointer to Date E
0)
considered' Evidence
t
Action PrioritY (AP):
(AP) replaceg, Jh" 13*" table is used
Risk Priority Number (RPN) with Action Priority
priority ijshown by'high"'medium' and'low'' Status of different action defined.
for DFMEA und PFMEA. The nction
New assessment of action effectiveness defined;
Continual improvement described
Remarks column added to document internal comments, notes,
and filter column for
manipulation of data.
Possible views in form sheet are described.

-226 - -227 -
 I
I

Collaboration between FMEA team, management, customer and supplier explained. iv, Changed: Cross FunctionalTeam
( t;\ft) V. Changed: PFMEA lD Number
Reason for chanqe: vi. Changed: Process Responsibility
The information helps the user with visual management; each piece of information is included vii. Added: Company Name
and correct. lmportant is the "Pointer to Evidence" for follow-up reasons. viii. Added: Customer Name
ix. Added: Manufacturing Location
X. Added: Confidentiality Level
7th Step: Result Documentation
The added step seven summarizes the scope and results of an FMEA in a report.
This report should indicate the technical risk of failure as a component of the development plan
and project milestones.
2nd Step:
Structure Analysis
For PFMEA, |TEM is expanded to pROCESS
ITEM with S ystem,
Name of Process, p ROCESS STEP with Station Su bsystem , Part Element or
No. and Name
PROCESS WORK ELEMENT with 4M Type. PROCESS of F ocus Elem ent, and
F2.2 VDA Volume 4, Chapter Product PFMEA to AIAG & VDA FMEA Machine, Man, Material (lndirect), Envi ronMent (Milieu) woRK ELEMENT tabeb added
Handbook , etc.
1. Process ltem
The FMEA Method is described by seven-step approach, similar to the previous five-step System, Subsystem, part
approach in VDA Volume 4, Product and Process FMEA. Element or Name of process
The section Definition is the new first step Preparation and Project Planning. The result
documentation is added as step seven.
connection description with process frow diagram
1. Preparation and Project Planning and structure tree.
2. Structure Analysis 4M especially Material (indirect) is more clarified
and detailed explained;
3.
4.
5.
Function Analysis
Failure Analysis
Risk Analysis
I Possible views in form sheet are described.
collaboration between customer and supprier is defined
and added.
6. Optimization
for c qe
7. ResultDocumentation
This focuses the FMEA team on the Element to analyze.
Special Characteristics stay in the PFMEA Form Sheet but are removed from the DFMEA Form The process ltem and process Work
help to identify the Effect of Failure,
Sheet. See Annex Cl Special Characteristics. !l-e19nt
PROCESS.
and the Causes of Failure tink in the defined
For continuous lmprovement history column is added and the authorization column changed.
The linkage between DFMEA and PFMEA is explained and the FMEA Collaboration (Customer
3rd Step: Function Analysis
- Tier n - Tier n+1).
For PFMEA, FUNCTION of Process ltem is expanded to Function of
The comparison below shows the format of FMEA Form Sheets listed in the VDA Volume 4 to System, Subsystem, part
Element or Process, FUNCTION oF PROCESS srEP is expandeo to
the forms listed in the AIAG & VDA Handbook including those listed in the Appendices. Functtn of system,
Subsystem, Part Element or Process, and FUNCTION OF WORK ELEMENi
to Function of the
As appropriate, it will be pointed out why (Reason for chanqe) the format can help lead to a Process Work Element and process bharacteristic.
more complete PFMEA
2. Function of the Process
1st Step: Planning and Preparation 1. Function of the process ltem Step and Product
"Definition - D" is replaced by "1st Step: Planning and Preparation". Preparation is partly Function of System, Subsystem, Characteristic
considered in definition. Both sections define the depth of what will be included in the document Part Element or process (Quantitative value is
optlonal)
FMEA Form Sheet header is defined within step 1 and new columns are changed or added.
i. Changed: ModelYea(s) / Program(s)
ii. Changed: Subject The description is more detailed how to formulate functions.
iii. Changed: Start Date and Revision Date Detailed definition of functions / characteristics and usage of P-Diagram
explained

-228- -229 -
 Possible view in form sheet is
described

collaboration between engineering

teams is described'
f (tu
Risk Priority Number (RPN)with Action Priority (AP) replaced. The same table is used
for DFMEA und PFMEA. The Action Priority is shown by'high', 'medium' and 'low'.

1. Failure E
c
Effects (FE) o
o.
ffigthepositive,Functions/characteristicsoftheProcesS,leadstolistingthe to the Next o
;;;i";t, ir''" er".i Jt i"itu'"' and the causes of Failure' Higher Level c)
rc
Element o
C)
and/or L
o
4th SteP: Failure AnalYsis End User
=
establ ishes the focus of the analYsis
LL
ConcePt of FOCUS ELEMENT

1. Failure Effects (FE) to tne \exf

cno More detailed definition of current prevention and current detection controls with examples
Higher Level Element and/or
User instead of prevention and detection actions. r
Current Controls, even if the implementation is in the future, are part of Risk Analysis.
New and more detailed described evaluation table of severity with differentiation of "your plant",
"ship-to-plant" and "end user".
ldentifyfailuresbysystematicdescriptionofquestionapproach.
mode and fairure cause with
detaired description how to formurate fairure effects, fairure More detailed described evaluation tables occurrence and detection with examples.
More
examPles. AP as replacement of RPN introduced with Action Priority high, medium, and low.
and "end user" defined
Effects between "your plant""'ship-to-plant" New column "Filter Code (Optional)" introduced.
PFMEA and DFMEA'
Relationship is shown between Possible views in form sheet are described.
Possible views in form sheet are
described' O Collaboration between customer and supplier explained.
and supplier explained'
Collaboration between customer Reason for chanqe:
Reason for chanqe: Failure Mode The AP (Action Friority) scale is L (Low), M (Medium), and H (High) is based on taking into
(FE) to the Next Higher Lever Erement and/or End User, the
-c"ur" account the rating of S, O, and D at the same time and applying logic to determine the priority of
The Fairure Effects
l;iil;; trc) of the Next Lower Element or
(FM) of the Focus E\Hi#,';;;'t;; action. The table also makes recommendations on how work through the three AP levels.
SYSTEM'
bnaiacteristic are aligned in the
6th Step: Optimization
5th SteP: Risk AnalYsis Definition of optimization detailed
SeveritY (S) rating:
and 9 allowing for
point scale with new definitions for each level..split rating of 1-0 9 is o
Ten
safety;;;J;; is"t"tv is t-o'iegardtiss of warnins' and Responsible Target
Action .Y
alignment *iiniunitionar Taken with Completion
L
o
b"FiliA, prrvre-n, and FMEA-MSR' Person's Completion Status
regulatory). in" ,ur" s""r" ir-u:""ii"; Pointer to Date E
Name Date o
Evidence t
Occurrence (O) rating: controls as
for each level' Emphasis on Prevention
Ten point scale with new definitions
added'
inpui to the Occurrence rating
Status of different action defined.
Detection (D) rating:
New assessment of action effectiveness defined;
Tenpointscalewithnewdefinitionsforeachlevel.Abilitytodetectandtiming
considered. Continual improvement described

Action PrioritY (AP)

-231 -
-230 -
 -Y-

Supplement of FMEA-MSR Risk Analysis:

Remarkscolumnaddedtodocumentinternalcomments,notes,andfiltercolumnfor
( O
maniPulation of data'
sheet are described'
cc
Possible views in form o
o_
CollaborationbetweenFMEAteam,management,customerandsupplierexplained o
o
E
o
ffitn9.us91yr]hlisualmanagement;,'eachpieceofinformationisincluded
jrin";poi"ter to Evidenc6" for follow-up reasons' O
L
and correct. f mportiit o
=
iI
7th SteP: Result Documentation
TheaddedstepsevensummarizesthescopeandresultsofanFMEAinareport' plan
a component of the development
as
the technicar risk of fairure
This report shourd indicate The Supplement shows detailed definition of Rationale for Frequency, Current D'iagnostic
and Project milestones' Monitoring and System Response, Most Severe Failure Etfect after System Response, Severity
(S) of FE after MSR, Severity (S) of Original FE from Failure Anatysis (Step 4), and MSR AP.
F2'3vDAVolume4,Chapter.FMEAforMechatronicalsysfemsto MSR AP introduced with Action Priority high, medium, and low.
AIAG a vbA-iien
ilandbook
repraced by "supplemental is Possible views in form sheet are described.
FMEI for Mechatronicar _systems"
The VDA Vorume 4, chapter n"tponse (FM EA-M SR)"' Collaboration between customer and supplier explained.
F M EA for Monitor"lbi"isJ'i"t

(FMEA-MSR)' Reason for chanqe:

i.i rui'^ii;'il;';;; 6v't"* n"ipon-'"
TheFMEA.MSRsupplementstheDesignFMEA.ltshowsthelinkageqgy:g.Functional
safety and suppreil'#;;i;Mtn
This methodology evaruates
the effects of monitoring and system response in
a system or
o The FMEA-MSR is a supplement to DFMEA and takes aspects of road vehicle safety in
account.
product'
in step five and six'
Changes to DFMEA are 6th Step: Optimization
5th SteP: Risk AnalYsis Definition of optimization detailed
Sweri\(Q;:lI1*," each rever. sprit ratins or 10 T9,e
allowins ror
lrl
derinitions ror Most Action
irl0;;b;JtJss of warning' and e
with new is I,L

arisnment*i;n-t"".iionarsatety ilil;G;i"it pFME-A, and FMEA-M'R' Diagnosti

Severe o c() Taken U'
tz
resulatory). ih; ;;scare ir-#;"ii";fiirt,'dn, MSR
Preventive
c
System Failure
Respon Effect t
Responsible Target with
a Person's Completion Status Pointer Completion
E
L
(!
Monitorin .E ( Date o
Action se after { Name Date to t
Frequency t:[1t'J:"," repraces the occurrence g Action o ( Eviden
for each rever. FMEA-M'R System
with newiefrnitions
*,it ,t'-"qu"nty ratinglcate' Frequency of a
failure Response ao ce
FMEn
rating ,.ur"'JiL oesign o pe rati n g con d iti
o n s'
rir"""r",iii J u n ie i cu sto m b r
cau se,o o.Jr
"i"
Monitoring (H,:?t:l;" the Detection Status of different action defined.
rever. FMEA-MSR repraces
w*h newiefinitions for each Consider capability to
FMEn *i'n a Monitoring New assessment of action effectiveness defined;
rating ,"urJoiu oesign "iin'#tuie'
monitor and sYstem response' Continual improvement described

Action rJ:lTjfiI prioritv (Ap) repraced. rhe Action

prioritv is Remarks column added to document internal comments, notes, and filter column for
manipulation of data.
Number (RpN) with Action
nY dign"'medium' and'low'' Possible views in form sheet are described.
shown

-233 -

-232-
 G References and Suggested Readings
Collaboration between FMEA
team, management, customer
and supplier explained. (\ o
r IATF 16949: 2016 Quality management systems
ffitheuserwithvisualmanagement;'eachpieceofinformationisincluded Particular requirements for the application of ISO 9001
to Evidence" for follow-up reasons'
rmportJititln";pointer for automotive production and relevant service part
and correct.
organizations
o ISO 9001 Quality management systems - Requirements
o ISO 26262 Road vehicles - Functional safety
o SAE'J1739 Potential Failure Mode and Effects Analysis in
Design (Design FMEA), Potential Failure Mode and Effects
Analysis in Manufacturing and Assembly Processes (Process
FMEA)
o VDA Volume 2 Quality Assurance of Supplies
,
r VDA Maturity Level Assurance for New Parts
o AIAG APQP Advanced Production and Quality Planning
. AIAG PPAP Production Part Approval Process

-235-
-234 -
 H Glossary
fi?
Gyber-physical Systems: a mechanism that is controlled or monitored by computer-based
algorithms, tightly integrated with the lnternet and its users
Diagnostic coverage: per ISO 26262-1:2018, the percentage of the failure rate of a hardware
elerient, or percentlge of the failure rate of a failure mode of a hardware element that is
are
detected or controlleO Oy tfre implemented safety mechanism, the diagnostic figures
determined by the hardware functional safety analysis

Failure Chain: A failure chain consists of a Failure Effect, a Failure Mode, and a Failure Cause.
Failure Network: A failure network is the connection of one or more failure chains that can
Mode at
represent failures at multiple levels such that a Failure Cause at one level is a Failure
the next lower level.
Focus Element: The subject of the analysis. ln a hierarchically described system, a focus
element has a next highei level element and at least one next lower element. A focus element I
provide a
may Oe a System Eleirent (item), a function of a system element, or a failure to
function as sPecified.
Hybrid Failure Ghain: A hybrid failure chain consists of a Failure Cause or Failure Mode,
iniended Monitoring Controls, and a mitigated failure effect.
Mechatronics: technology combining electronics and mechanical engineering
Operational situation: per ISO 26262-1:2018, a scenario that can occur during a vehicle's life
(e.g. driving at high speed; parking on a slope; maintenance)
primary Vehicle Function: a function that is essential to fulfil the basic purpose of a vehicle,
e.g. steering, braking, propulsion, and visibility
Residual Risk: The risk(s) remaining after the deployment of safety measures. See 15026262-
1:2018.
Secondary Vehicle Function: a function that enhances or enables a primary vehicle function
and
as well as the user experience, e.g. safety, comfort, convenience, interface, diagnostic,
serviceability
Service life: the intended design life of the item (FMEA-MSR: the intended design life of the
vehicle)
Structure Tree: A graphical depiction of the hierarchical links between system elements and its
dependencies.
System Element: elements of a system that are represented in the structure tree
System response: the system's reaction to a detected fault, usually in the form of degrading or
disabling of a function and/or warning the operator and setting a fault code
Useful life: the operating interval in which a function is correctly provided, and the failure rate is
within acceptable tolerance
Zero Milea ge I Zero km I Zero Hours: vehicle has not left the assembly plant

-236 -