Professional Documents
Culture Documents
FMEA Handbook 1st Edition 2019 - EN - VDA
FMEA Handbook 1st Edition 2019 - EN - VDA
FMEA Handbook 1st Edition 2019 - EN - VDA
FMEA Handbook
Design FMEA
Process FMEA
Supplemental FMEA for Monitoring & System Response
::i
.ayt.
Ffill EA Handbook
Design FMEA
Process FMEA
o
o o AIAG PUBLICATIONS
An AIAG publication reflects a consensus of those substantially concerned with its scope and
provisions. An AIAG publication is intended as a guide to aid the manufacturer, the consumer,
and the general public. The existence of an AIAG publication does not in any respect preclude
anyone from manufacturing, marketing, purchasing, or using products, processes, or
procedures not conforming to the publication.
CAUTIONARY NOTICE
AIAG publications are subject to periodic review and users are cautioned to obtain the latest
editions.
Published by:
Automotive lndustry Action Group
4400 Town Center
Southfield, Michigan 4807 5
Phone: (248) 358-3570 . Fax: (248) 358-3253 {,
APPROVAL STATUS
The AIAG Quality Steering Committee and designated stakeholders approved this document
for publication on April 2, 2019.
o o -1-
VDA QMC Copyright and Trademark Notice:
the strict limits
IO
use
This publication including all its parts is protected by copyright. Any 9yt?id9
to
and is liable
of copyright law, is not permissible withoutthe consent oi Vbn QMC
and the storing or
prosecution. This applies in particular t;;;pying, translation, microfilming
processing in electronic systems.
Anyone applying them is
VDA Volumes are recommendations available for general use'
responsible for ensuring that they are used correctly in each
case'
curre.nt.St tl'" time of issue'
This vDA volume takes into account state of the art technology,
lmplementation of vDA recommendations relieves no one of
iesponsibility for their own actions'
ln this respect, everyone acts at their own risk. The VDA and
those involved in VDA
recommendations shall bear no liability'
possibility of misinterpretation are
lf during the use of VDA recommendations, errors or the c
that any possible errors can be
found, it is requested that the VDA be notifi'ed immediately so
corrected.
@ 2019 VDA QMC
Translations
status can be requested from
This publication will also be issued in other languages. The latest
either AIAG or VDA.
clo
-3-
-2-
FOREWORD ACKNOWLEDGEMENTS
I-rO The AIAG Quality Steering Committee (OSC) and the VDA QMA would like to recognize and
thank the following companies for the commitment toward the improvement of the FMEA
The AIAG & VDA FMEA Handbook is a reference manual to be used by the automotive methodology and their contributions of resources during the AIAG & VDA FMEA Handbook
industry suppliers as a guide to assist them in the development of Design FMEA, Process project.
FMEA, and Supplemental FMEA for Monitoring and System Response'
The Handbook does not define requirements; it is intended to clarify the steps, activities, AIAG Work Group Member Companies
the AIAG &
and tools related to the technical development of FIMEAs. Efforts were taken to align
VDA FMEA Handbook with the SAE J1739 standard. Daimler Trucks North America
Highlights of the Change Points from the AIAG 4th Edition FMEA Manual and from the FCA US LLC
VDA Volume 4 Manual are provided in Appendix F. Ford Motor Company
This Handbook is a copyright of AIAG and VDA, with all rights reserved.
General Motors
f
Honda of America Mfg., lnc.
Nexteer Automotive
ON Semiconductor
Reliability Risk Reduction, LLC
ZF TRW
AIAG
co
-5-
-4-
Validation Testino Participants
AIAG Supportinq Team Member Companies IlO Alpine Electronics (Europe) GmbH
AIAG Delphi
Dr. Schneider Holding GmbH
EBK Kruger GmbH & Co. KG
Faurecia Automotive GmbH
f
7
-6-
2.3.6 Cottaborstion between Engineering Teams (Systems, Safety, ond Components) 47
TABLE OF CONTENIS
[,tO 2.4
2.3.7 Bosis for Fsilure Analysis........
DESIGN FMEA 4TH SrEP: FNILUNT ANALYSIS
48
48
2.4.1 Purpose 48
2.4.2 Foilures...... 48
2.4.3 The Failure Choin............ 50
2.4.4 Foilure Effects.......... 51
2.4.5 Foilure Mode 51
2.4.6 Failure Couse 52
2.4.7 Foilure Analysis 53
L.L Punpose nruo Descntplott .............,15 2.4.8 Foilure Analysis Documentotion .................. 56
1.2 Os.,rcnvrs AND LrMrrs oF FMEA ..............16 2.4.9 Coltoboration between Customer and Supplier (Failure Effects)................. 57
1.3 INTEGRATToN oF FMEA rN THE CoMpANy................... ..............17 2.4.L0 Basis for Risk Anolysis 57
7.3.1 Potentiol Considerations of the FMEA ........... .......17 2.5 DESTcN FMEA 5rH SrEP: RlsKANALYsls............... 57
7.3.2 Senior Management Commitment. .......18 2.5.1 Purpose .... .57
1.j,3 Know-How Protection of the Design FMEA/Process FMEA........... .......18 2.5.2 Design Controls ..... .57
L.3.4 Agreements between Customers ond Suppliers 18 2,5.3 Current Prevention Controls (PC) .............. 58
5 Tra n sitio n Strotegy
7. 3. 19 2. 5.4 Cu rre nt Detectio n Controls ( DC)......,....... 59
7.3.6 Foundotion ond Fomily FMEAs.......... 19 2.5,5 Confirmation of Current Prevention ond Detection Controls. 60
1.4 FMEA roR PRoouctsaruo PRocrssrs. ....20 2. 5.6 Evaluotions.......... 61
1.4.1 Design FMEA.................. .2L 2.5.7 Severity (S) 61
7.4.2 Process FMEA .21 2.5.8 Occurrence (O) 62
1.4.3 Colloboration between FMEAs..... 2.5.9 Detection (D) ............. 66
1.5 PRoJEcT PLANNING 2. 5. 70 Action Priority (AP).......... 67
1.5. 1 FMEA 1nTent........... .23 2.5.11 Collaborotion between Customer and Supplier (Severity) 72
L.5.2 FMEA Timinl.......... .23 73
o
2.5. 72 Bosis for Optimization.............
.25 2.6 DESTGN FMEA 6rH Srep: OprtvlzarloN .............. 73
.28 0t 2.6.1 Purpose 73
.2'8 2.6. 2 Assi g n me nt of Re spo nsi bi I iti es 74
1.6 FMEA METHODOLOGY.... ................28 2.5.3 Status of the Actions ................... 74
2.6.4 Assessment of Action Effectiveness 75
2.6.5 Continuol lmprovement 75
2.1 Drsre ru FMEA 1sr SrEp: PLANNTNG AND PREpARATToN ... ..31 2.6.6 Cottoborotion between the FMEA teom, Monagement, Customers, and Suppliers regording Potential
2.7.7 Purpose ..31 76
2. 1. 2 DF M EA Project ldentificotion ond Bou ndsries................... ..31 2.7 DESTcN FMEA 7'* Srup: ResuLts DocuMENTATIoN.............,..... 76
2.1.3 DFMEA Project Plon ............. ..32 2.7.1 Purpose 76
2.1.4 ldentification of the Baseline DFMEA......... 32
3 EXECUTION OF THE PROCESS FMEA (PFMEA) 79
2. 1.5 DFMEA Heoder......... .33
2.7.6 Basis for Structure Analysis 33 3.1 Pnocess FMEA 1sr Sre p: PLnrunrruc eruo Pne pannttorrt... ...79
2,2 DesIeru FMEA 2ND STEP: STRUCTURE ANALYSIS 34 3.L.1 Purpose ...79
2.2.1 Purpose .34 3.1.2 PFMEA Project ldentificotion and Boundaries ............... ...79
2.2.2 System Structure .34 3.1.3 PFMEA Project P\on.....,.,. ...82
2.2.3 Define the Customer .34 3.1-.4ldentification of the Boseline PFMEA.. ,82
2.2.4 Visuqlize System Structure .. 35 3.1.5 Process FMEA Heoder .................,...,.,. .82
2.2.5 Colloborotion between Customer and Supplier ......... 40 3.2 PRocEss FMEA 2r,ro Sre p: SrRucruRE ANALysts. .83
2.2.6 Basis for Function Anolysis..... 40 3.2.1 Purpose .83
2.3 Desrcru FMEA 3no Srrp: Furucroru ANALysrs ..... .40 3.2.2 Process Flow Diagrom .84
2.3.L Purpose .40 3.2.3 Structure Tree .......... .84
.41 3.2.4 Colloborotion between Customer ond Supptier engineering teams (interface responsibilities) ...,.,......... .87
2.3.3 Requirements ................. .41 3.2.5 Basis for Function Anolysis .87
2.3.4 Parqmeter Diogrom (P-Diogrom).
2.3.5 Function Analysis
,....,,'.'.,..'42
.45
o 3.3 PRocEss FMEA 3no Srup: Fur.rcrroru ANALysts..
3.3.7 Purpose
.88
.88
-9-
-8-
3.3.2 Function
3. 3. j R e q u i re m e nt ( s ) ( Ch o ra cte r i st i c s
3,3.5 Colloboration between Engineering Teoms (Systems, Safety, ond Components) ..........
.........88
.....89
91
93
rrf 4.4.7
4.4.2
4.4.3
4.4.4
Purpose
Failure Scenario.........
Failure Couse
Failure Mode
132
132
134
1i5
3.3.5 Bosis for Failure Anolysis.. ........93 4.4.5 Failure Effect ........ 135
3.4 PRocEss FMEA 4TH Sre p: Fntune ANALysts........ 93 4,5 FMEA-MSR 5TH STEP: RISK ANALYSIS ........136
3.4.7 Purpose 93 4.5.1 Purpose 136
3.4.2 Failures 93 4. 5.2 Evoluations........... L37
94 4.5.3 Severity (S) L37
3.4,4 Foilure Effects.......... 94 4.5.4 Rotionale for Frequency Rating. 138
3.4.5 Failure Mode...... 96 4.5.5 Frequency (F). 139
3.4.6 Failure Cause:.,........ 97 4.5.6 Current Monitoring Controls... 141
3.4.7 Foilure Analysis 99 4.5.7 Monitoring (M) L4L
3.4.8 Relationship between PFMEA ond DFMEA 101 4.5.8 Action Priority (AP)for FMEA-MSR ......... 146
3.4.9 Foilure Anolysis Docume ntation ............... 102 4,6 FMEA-MSR 6rH Srep: OplMtzAloN. 149
3.4.10 Colloboration between Customer ond Supplier (Failure Effects).. 103 4.6.1 Purpose .... 149
3.4.77 Bosis for Risk Analysis 103 4.6. 2 Assig nme nt of Re spon si bil ities 150
3.5 PRocEss FMEA 5rs Sre p: Rrsx Arunlysrs..... 104 4.6.3 Stotus of the Actions 150
3.5.1 Purpose 704 4.6.4 Assessment of Action Effectiveness ...... L57
3.5.2 Current Prevention Controls (PC) 104 4. 6. 5 Co nti nuous m prove m ent.
I 15L
3.5.3 Current Detection Controls (DC), ..105 4.7 FMEA-MSR 7'* Step: RssuLrs DocUMENTATIoN ....... 153
3.5.4 Current Prevention and Detection Controls 106 4.7.1 Purpose .......... 153
3.5.5 Evoluotions. 106 4.7.2 FM EA Report .......... L53
3.5.6 Severity (S) . ......107
3.5.7 Occurrence (O) ......110
j. 5.8 Detection (D) ..... 777 A SnvpIT FMEA FoRM SHEETS
3.5.9 Action Priority (AP).
3.5.10 Colloboration between Customer ond Supplier (Severity) 11s
....114
tilto B
c
Fonv Snrers - Sre p ev SrEp HtNTs..........,..
SEVTRITY, OccURRENcE, DETECTION NruO ACTIOru PRIORITY TABLES
3. 5. 1 7 B a si s fo r O pti m i zot i o n ....................... .....1L8 D Aootrrorus......
3.6 Pnocrss FMEA 6rH Srep: OprrvrznroN .............. .....119 E FunruEn Appl-tcATtoN FTELDS
o
Exnvplr oF FuNcIoN ANALysrs Fonv Snrrr,....... 47
4.3.1 Purpose .....731 Freune 2.4-1 TYprsor FATLURE MoDES .. 49
4.4 FM EA-MSR 4Tx STep: FAILURE ANALYSIS .....t32
-10- -11 -
FIGURE 2,4-2 DEFrNrroN or n FnrLune ... .50 Frcunr 4.5-2 FMEA-MSR RELIABLE DIAGNOSTIc MOTITOnIruE ..L42
i FIGURE 4.5-3 FM EA-MSR DtAGNosrc Mowrtonntc pARTIALLY EFFEcrtvE........ ..743
FIGURE 2.4-3 THEoRETIcAL FAILURE CHAIN MoDEL., .50
FIGURE2.4-4 FAILURE SrnucTuRE AT DIFFERENT 1EVE1S,.....,.,... .54 , FIGURE 4.5-4 EXAMPLE oT FMEA-MSR RISK ANALYSIS - EVALUATION OF CURRENT RISK FORM SHEET ..149
FIGURE 2.4-5 EXAMPLE oF FAILURE ANALYSIS STRUcTURE TREE.................,...,, .55 Fre unr 4.6-1 EXAMPLE oF FMEA-MSR OprIv|znr|oru WITH NEW RISK EVALUATION FORM SHEET .... ..L52
Fre unr 2.4-6 Exnvplr or FntLunr ArunLysts Fonv SHrrr .55
FIGURE 2,4-7 VtEW oF PRoDUcr END ITEM-FuNCTIoN-FAILURE FoRM SHEET... .56
Freunr 2.4-8 VrEW oF Focus lre v/ETEMENT-FuNcloN-FAtLURE FoRM SHEET .56 Table of Tables
Freunr 2.4-9 VIEW oF LoWER LEVEL ITEM-FUNCTIoN-FAILURE FoRM SHEET ,.., .55
TneLr D1- DFMEA SEVERTTY (S) ................ .............62
FIGURE 2.5-1 PREVENTIoN AND DETECTIoN IN THE DESIGN FMEA ........... .60
TneLr D2 - DFMEA Occunnerucp (O)................ .......... .. .65
FIGURE 2.5-2 RoADMAP oF DESIGN UNDERSTANDING ...,............... .60
TABLE D3 - DFMEA DETECTTON (D)..........,. ... .............67
Frcunr 2.5-3 Exnvple or DFMEA RtsK ANALysts FoRrrl Sue er... .72
TABLE AP-ACTION PRIORITY FOR DFMEAAND PFMEA. .............71
Frcunr 2.6-1 Exnvplr oF DFMEA Oprrwrznrrolr wtrH NEW RtsK EvALUATtoT Fonv SHrer......... .76 p1 - pFMEA SEVERTTY (S).................
TABLE ...........109
FrcuRE 3.L-L DEMoNSTRATIoN oF THE PRoCESS FoR NARRoWING THE PREPARATIoN ......,.,.,...,...,.. .8L
TABLE p2 - pFMEA OCCURRENCE (O)................ .....111
FIGURE 3.1-2 ExAMpLE oF CoMpLETED PFMEA HEADER PnepnRnlorrr (Srrp 1)............... .83
Tnsrr p3 - PFMEA DETECTTON (D)................ .....113
FIGURE 3.2-1 PRocESS Fr-ow DrncRnv .84
TneLT AP _ ACTION PRIORITY FOR DFMEA AND PFMEA .....L77
FIGURE 3.2-2 Exnuple or SrRucrunr Arunlvsrs STRUCTURE TREr (Ele crnrcnL Moron AssEMBLy Lrrur) .................. .85
TABLE MSRL - SupprrvErurnL FMEA-MSR SEVERITY (S) . ................. .....138
Frcune 3.2-3 PRocEsS ITEM .85
TABLE MSR2 - SUPPLEMENTAL FMEA-MSR FREQUENCY (F)......... ..... .....140
Fre unr 3.2-4 .86
TABLE MSR3 - SUppLEMENTAL FMEA-MSR MONITORING (M) .......... .....145
Fre unr 3.2-5 EXAMPLE or SrRucrune ANALYSIS FoRM SHEET...........,. .87
TnsLe AP - ACTION PRIORITY FOR FMEA-MSR............. .....1.48
FIGURE 3.3-1 ExAMpLE oF PARAMETER DTAGRAM or Pnrss rrrr Strutrnro BEARTNG .91
FIGURE 3.3-2 ExAMpLE oF FuNcloN Arunlysrs Srnucrunr Tne E...................... .92
FIGURE 3.3-3 Exnvplr or Furucrroru ANALysts Fonna SHe er .92
FIGURE 3.4-1 THronertcnl FATLURE cHAtN MoDEL.. ..94
Fteunr 3.4-2 Exnvprr oF FAILURE ANALYSIS SrRucrunr TRrp ..99
Frcunr 3.4-3 ExnvlpTT oF FAILURE ANALYSIS FoRM SHEET 100
Frcunr 3.4-4 RELATIoNSHIP BETWEEN PFM EA nruo DFMEA......... to2
Frcunp 3.4-5
Frcunr 3.4-6
VIEW oF PRocEss ITEM-FUNcTIoN-FAILURE Fonv SHrer...
VIEW oF PRocESS STEP-FUNcTIoN-FAILURE FoRIU SHe TT
102
103
tilila
Fre unr 3.4-7 VtEW oF PRocESS Wonr ELrvrrur-Furucrrorv-FnTLURE FoRM Surer ............ 103
Frcunr 3.5-1 PREVENTIoN AND DETECTIoN IN THE PRoCESS FMEA........,.. 105
FIGURE 3,5-2 RoADMAP oF PRocEsS U NDERSTANDING ..,,..,.,.,..,...,,. 106
Frcuns 3.5-3 ExAMpLE or PFMEA wrrH Rrsr Arulrysrs FoRw SHe er............ 118
FIGURE 3,6-1 Exnuplr or PFMEA OprMrzATroN wrrH NEW RrsK EvALUAIoru Fonv Sne rr...................... 122
FrcuRE 4.1-L GENERtc BLocK DTAGRAM oF AN ELEcrRtcnl / Ele crnorutc / Pnoe nnvvABLE ELEcrRoNtc SysrEM.............. 728
FIGURE 4.2-1 Exauple oF A srRucruRE TREE oF A wtNDow LtFT sysrEM FoR tNVESIGATTNG ERRoNEous srcNALS, MoNtroRtNG,
AND sysrEM RESPoNSE ................129
FIGURE4.2-2 Exnvprr oF A srRucruRE TREE oF A sMART sENsoR wrrH AN TNTERNAL SENSTNG ELEMENT AND ourpur ro AN
INTERFACE....,.., ................130
FIGURE 4.2-3 ExnvplE or SrRucrunc ANALysrs rN THE FMEA-MSR Fonv SHerr............. .....130
FIGURE 4.3-1 Exnvpre or n SrRucrunE TREE wtrH FUNcloNS........ .....732
FIGURE 4.3-2 Exnvple oF FUNCTIoN ANALYSIS IN FMEA-MSR Fonv SHrer.,, .....132
Fte une 4.4-1 THEoRETICAL FAILURE CHAIN MoDEL FMEA-MSR,..
DFMEAnTo ,..,.........,.......133
FIGURE 4.4-2 FATLURE Sce ruanro (1) - Noru-HnzARDous.......... ......................133
Fre unr 4.4-3 FATLURE SCENARTo (2) - Hn2nn0ous................... .....................134
Fre unr 4.4-4 (Errecr)
FATLURE SCENARTo (3) - Mrrrenreo .......134
FIGURE 4.4-5 ExAMpLE oF A srRucruRE wrrH FATLURE cHArN wrrHour A MoNrroRtNG oR wrrH A MoNtroRtNG wHlcH rs oNLy
swrrcHESTHESysrEMToAMrrGATEDFArLUREErrrcr(scrrunnro(3))........... ........................136
Ftcunr 4.4-7 ExAMpLEoFAFAILURENErwoRK....... ................136
Frcunr 4.4-8
FIGURE 4.5-1
EXAMPLE oF FAILURE ANALYSIS Iru
FMEA.MSR MoNIToRING NoT IMPLEMENTED
FMEA-MSR FoRM SHEET...
OR NoT CoNSIDERED
.....136
.,..............,,t42 o -13-
-12-
'to 1 INTRODUCTION
This joint publication is the culmination of more than three years of
collaboration between OEM and Tier 1 supplier members of the
Automotive lndustry Action Group (AIAG), and the Verband der
Automobilindustrie (VDA). The text has been completely rewritten,
and the FMEA method has been revised in a few key areas. The
intent is to provide a common foundation for FMEA across the
sectors of the automotive industry which are represented by these
organizations. While every effort was made to achieve consensus,
it may be necessary to refer to individual corporate publications or
Customer-Specific Requirements (CSR).
A new method, Supplemental FMEA for Monitoring and System
Response (FMEA-MSR), has been added. lt provides a means for
the analysis of diagnostic detection and fault mitigatipn during
customer operation for the purpose of maintaining a safe state or
state of regulatory compliance.
This handbook supersedes AIAG 4th Edition FMEA and VDA,
"Product and Process FMEA" Volume 4.
-14- -15-
. Complying with regulations in the registration approval of the
Technical Risks (FMEA)
Has the product or process
Financial Risks
Does the product remain
Time Risks
Gan the improvements be
Strategy Risks
Are the improvements
rlo components, systems, and vehicles
been analyzed for potential prolitable after counter realized within the lime introduced, although the Limitations of the FMEA include the following:
failures? measures? schedule? product is unprolltable?
-16- -17 -
. True: the consequences of potential failures are described 1.3.5 Transition Strategy
accurately (e.g., potentialfor odor, smoke, fire, etc.). ,)t,o Existing FMEAs developed using the previous AIAG 4th Edition
o Realistic: failure causes are reasonable' Extreme events are FMEA "Product and Process FMEA" of VDA Edition, may remain
not considered (e.g., falling rock on road, no power to in their original form for subsequent revisions.
manufacturing plant, etc.). Failures resulting from misuse
The organization should thoughtfully plan the transition from their
relative to perception, judgement, or action are considered
current FMEA process(es)and methods to the new AIAG & VDA
foreseeable when documented by systematic methods
FMEA process and tools. When practical, existing FMEAs used as
(including brainstorming, expert judgement, field reports, use
a starting point for new programs should be converted to reflect
case analysis, etc.). Failures resulting from intentional misuse
the new rating scales, analytical methods, and format. However, if
(e.9. deliberate manipulation and sabotage)are not
the team determines that the new program is considered a minor
considered.
change to the existing product, they may decide to leave the
. Complete: foreseeable potential failures are not concealed. FMEA in the existing format.
Concern about revealing too much know-how by creating a
correct and competent FMEA is not a valid reason for an New projects should follow the FMEA method presented in this
incomplete FMEA. Completeness refers to the entirety of the Handbook unless company leadership and Customer Specific
producUprocess under analysis (e.9., system elements and Requirements (CSRs) mandate a different approach. The
functions). However, the depth of detail depends on the risks transition date and project milestone after which new projects
involved. follow this method should be defined by the company taking into
consideration Customer Specific Req u rements.
i
-18- -19-
critically examined with regard to the respective use case and
experiences from the known application.
o 1.4.1 Design FMEA
A Design FMEA (DFMEA) is an analyticaltechnique utilized
primarily by a design responsible engineer/team as a means to
1.4 FMEA for Products and processes assure that, to the extent possible, potential Failure Modes and
their associated Causes or mechanisms of failure have been
There are three basic cases for which the FMEA is to be applied, considered and addressed prior to releasing the part to
' each with a different scope or focus. production.
Gase 1: New designs, new technology, or new process. The Design FMEA analyzes the functions of a system, subsystem,
The scope of the FMEA is the complete design, technology, or or component of interest as defined by the boundary shown on the
. process. BlockiBoundary Diagram, the relationship between its underlying
elements, and to external elements outside the system boundary.
Gase 2: New application of existing design or process. This enables the identification of possible design weaknesses to
The scope of the FMEA is an existing design or process in a new minimize potential risks of failure.
environment, location, application, or usage profile (including duty A System DFMEA is comprised of various subsysteq.ns and
cycle, regulatory requirements, etc.). The scope of the FMEA components which are represented as system elements (items).
should focus on the impact of the new environment, location, or
application usage on the existing design or process. System and subsystem analyses are dependent on the viewpoint
or responsibility. Systems provide functions at the vehicle level.
Case 3: Engineering changes to an existing design or These functions cascade through subsystems and components.
process.
For purpose of analysis, a sub-system is considered the same
New technical developments, new requirements, product recalls, way as a system.
and reports of failures in the field may drive the need for design lnterfaces and interactions among systems, subsystems, the
and/or process changes. ln these cases, a review or revision of environment and the customers (e.9. Tier N, OEM, and end user)
the FMEA may be necessary.
fhe FMEA contains a collection of knowledge about a design or
process and may be revised after start of production if at least one
o may be analyzed in System FMEAS.
Within a system there may be software, electronic, and
mechanical elements. Examples of systems include: Vehicle,
of the following points applies: Transmission System, Steering System, Brake System or
. Changes to designs or processes Electronic Stability Control System, etc.
. Changes to the operating conditions A component DFMEA is a subset of a system or subsystem
. Changed requirements (e.9., law, norms, customer, state of DFMEA. For example, an Electrical Motor is a component of the
the art) Window Lifter, which is a subsystem of Window Lifter System. A
Housing for the Electrical Motor may also be a component or part.
. Quality lssues, ( e.9., Plant experience, zero mileage, or field For this reason, the terms "system element" or "item" are used
issues, internal / external complaints).
regardless of the level of analysis.
. Changes to the Hazard Analysis and Risk Assessment
(HARA) Design FMEA may also be used to assess the risks of failure of
non-automotive products such as machines, and tooling. The
to the Threat Analvsis and Risk Assessment actions resulting from the analysis may be used to recommend
i#ilfft design changes, additional testing, and other actions which
monitorins reduce the risk of failure or increase the ability of a test to detect
: :H::: :::i:.l'duct failures prior to delivery of the design for production.
There are two main approaches to FMEA: the analysis according 1.4.2 Process FMEA
to product functions (Design FMEA) or according to process steps
(Process FMEA). ln contrast to the Design FMEA (DFMEA), which analyzes the
failure possibilities that may be created during the design phase of
the product, the Process FMEA (PFMEA) analyzes the potential
failures of manufacturing, assembly and logistical processes to
-20 - -21 -
produce products which conform to design intent. Process-related
failures are different than the failures analyzed in the Design
FMEA.
The Process FMEA analyzes processes by considering the
t A good starting point for a manufacturer is to make sure the
severity in the DFMEA and PFMEA are the same when the failure
effects are the same. lf the "product" failure effects to the end user
(vehicle-level) are not included in the PFMEA then the correlation
between the DFMEA and PFMEA is not possible. A correlation
potential failure modes which may result from process variation, to
needs to be made so that a failure of a feature in design that leads
establish priority of actions for prevention, and as needed,
to a certain failure effect is also captured in the PFMEA for the
improve controls. The overall purpose is to analyze processes and
same feature (product characteristic). Please see the note in
take action prior to production start, to avoid unwanted defects
Section 3.4.8 for non-traditional development flows.
related to manufacturing and assembly and the consequences of
those defects.
1.5 Project Planning
1.4.3 Gollaboration between FMEAs
The Five T's are five topics that should be discussed at the
There are opportunities for collaboration between both Design and beginning of a DFMEA or PFMEA in order to achieve the best
Process FMEAs in the same company and outside of the results on time and avoid FMEA rework. These topics can be used
company. To help communicate effects and severities, a joined as part of a projectkick-off. +
Goal: Risk to End User reduced FMEA Team - Who needs to be on the team?
FMEA fask - What work needs to be done?
Failure Effects and
FMEA fool - How do we conduct the analysis?
Severity
Severity
(as possible / as needed) 1.5.1 FMEA lnTent
It is recommended that members of the FMEA team are
competent in the method, based on their role on the team. When
team members understand the purpose and intent of FMEA, they
will be more prepared to contribute to the goals and objectives of
the project.
Severity
1.5.2 FMEA Timing
FMEA is meant to be a "before-the-event" action, not an "after-the-
fact" exercise. To achieve the greatest value, the FMEA is
conducted before the implementation of a product or process in
which the failure mode potential exists.
Technical risk analysis and
Severity One of the most important factors for the successful
proposed product or process
implementation of an FMEA program is timeliness. Up-front time
changes
spent properly completing an FMEA, when producUprocess
(as possible / as needed)
changes can be most easily and inexpensively implemented, will
Goal: Collaboration between Customer and Supplier minimize late change crises. The FMEA as a method for system
analysis and failure prevention is best initiated at an early stage of
the product development process. lt is used to evaluate the risks,
Figure 1.4-1 FMEA Gollaboration valid at that time, in order to initiate actions to minimize them. ln
addition, the FMEA can support the compilation of requirements.
-22- -23 -
The FMEA should be carried out according to the project plan and
evaluated at the project milestones according to the state of the
analysis. o 1.5.3 FMEA feam
It is recommended that a company defines the desired maturity The FMEA team consists of multi-disciplinary (cross-functional)
levels for their FMEAs according to overall company-specific members who encompass the necessary subject matter
development project milestones. knowledge. This should include facilitation expertise and
knowledge of the FMEA process. The success of the FMEA
depends on active participation of the cross-functional team as
Advanced necessary to focus on the topics of discussion.
Product Product Design Process Design Feedback
Quality Plan and Define Product and
and and Assessment 1,5.3.1 The Design FMEA Team
Planning Program Production
Development Development and Corrective
Validation
(APOP) Verification Verification Action The Core Team may consist of the following people:
Phases
Start FMEA planning in
. facilitator
concept phase beforc
product dewlopment
Start DFMEAwhenthe
design ooncept is well
Complete DFMEA
analysis prior to rclease
CompleteDFMEA
actions prior to start ol
. design engineer $
DFMEA begins
lnformation flow from
undersiood
of design specifi oations
for quotation
production tooling
Shrt agein wlth
. system engineer
OFiiEA to PFMEA
The DFMEAand PFMEA
OFTTIEA ind PFUEA
plannlng ifthere are
r corTlPonentengineers
should be oxecutsd
Start PFMEAwh€n CompletePFMEA Complete PFMEA
changer to an
exlstlng deslgn or
. test engineer
duringthe sametimo
PFMEA period to allow production concept is
well understood
analysis prior to final
process decisions
actions prior lo Procett o quality/reliabilityengineer
optimization of both th6 PPAP/PPA
product and process o others responsible for the development of the product
designs
The Core Team members prepare the FMEA System Analysis
(Steps 1 - 3) and participate in the FMEA meetings. The
1.5-l
VDA
Maturity
MLO
Figure
ML1
FMEA Timing Aligned with APQP Phases
Compl€t6 Complet6
DFMEA and
PFMEA plannlnq
o purchasing
PFMEA
The DFMEAand
PFMEA should be
when produotion
concopt i3 w€ll
PFMEA
analysis
PFMEA
actions prior
lf tiele are
changes to an
. supplier
executsd during
the samelim€
understood pdor to
tinal
to PPAP/
PPA
exlrtlng dellgn
or proce83
o customerrepresentative
PFMEA period lo allow
oplimization of
prccess
dgcisions
o others that may have specialized knowledge which will help
both the producl the core team analyze specific aspects of the product
and process
designs
-24 - -25 -
.
o
quality/reliabilityengineer
others responsible for the development of the process
The Core Team members prepare the FMEA System Analysis
(Steps 1 - 3) and participate in the FMEA meetings. The
t .
.
.
Preparation of the Business Case for technical and/or
financial decisions
Definition of elements, functions, requirements, and interfaces
Focusing on the topics
Extended Team may participate on demand (coordinated by the
FMEA facilitator or meeting organizer).
. Procurement of the necessary documents and information
o lncorporating lessons learned
The Extended Team may consist of the following people:
. design engineer 1.5.3.3.3 FMEA Facilitator
r technical experts o Coordination and organization of the workflows in the FMEA
. service engineer r Mitigation of conflicts
. project manager o Participation in the team formation
o maintenance staff . Participation in the Preparation of the rough schedule
. line worker . Participation in the invitation to the 1st team meeting for the
analysis phase
. purchasing
. supplier
o Participation in the Preparation of the decision
guidelines/criteria
. others (as necessary) o Development of Corporate or Product Line Examples for
Rating Tables (Optional) with support from Design/Process
1.5.3.3 FMEA Team Ro/es and Responsibilities Engineer
Within the organization's product development process, the . Method competence (FMEA) and familiarization of
following roles and responsibilities for FMEA participation should participants in the FMEA method
be assigned. Responsibilities of a given role can be shared
amongst different persons and/or multiple roles may be assigned
to the same person.
o o
.
FMEA Software documentation competence (as necessary)
Social skills, able to work in a team
o Competent moderator, ability to convince, organization and
1.5,3.3.1 Management, (Project Manager) presentation skills
o Authority to make decisions about the acceptability of . Managing execution of the 7 steps of FMEA method
identified risks and the execution of actions . lf necessary, Preparation or wrap-up of FMEA meetings
o Defines the persons responsible for pre-work activities, FMEA . Moderation of the FMEA workgroup
facilitation, and the design/process engineer responsible for I
implementation of actions resulting from the analysis I NOTE: Any team member with the relevant competence and training
r Responsible for selecting and applying resources and I
I
may fulfill the role of facilitator.
ensuring an effective risk management process is
implemented within scheduled project timing
1.5.3.3.4 Core Team Members
o Responsibility and ownership for development and
. Contribute knowledge from relevant product and process
maintenance of the FMEAs. experience
. Management responsibility also includes providing direct
. Contribute necessary information about the product or
process that is the focus of the FMEA
support to the team(s) through on-going reviews and
eliminating roadblocks. o Contribution of existing experiences from previous FMEAs
o Responsible for budget. already known
. Participation in the execution of the 7 steps of FMEA
1.5.3.3.2 Lead Design/Process Engineer (Technicat Lead) o lnvolvement in the Preparation of the Business Case
o Technical responsibility for the FMEA contents o lncorporating lessons learned
-26 - -27 -
1.5,3.3.5 Extended Team Members / Experts
. Contribution of additional information about special topics
o Contribution of necessary information about the product or
process that is the focus of the FMEA
t The FMEA process is carried out in seven steps.
These seven steps provide a systematic approach to perform a
Failure Mode and Effects Analysis and serve as a record of the
technical risk analysis.
o lnvolvement in the Preparation of the Business Case
The 7-Step Overview provides the framework for the tasks and
o
.o
c3 ,WLat
; It
a
s 3
IE sE
Eire
fl
:l
.t
o .:
team needs to have knowledge of how to use the FMEA tool Io. '6
u- E
t
selected for their project as required by the company. ) o. '51
ti3 .!
c
a;l
riiE gi a !
O $ II
e 6 o E3
sEt
There are two views of FMEA examples shown in this manual. o
o ssl F
e
: @E
P
a8
r,F 6o !l $r
4e
A,E
t5 €
The Software View depicts what the user sees when developing a ctu 6l
.o
I €
+.9 !l I gtr E
isiil rli rl
It 8 EE
o 0g TE
FMEA using specialized software that utilizes system element a E3 Hf-
structure, function net, failure net, etc. The Form View depicts
what the user sees when developing a FMEA in a spreadsheet. ! t
qql E ! c
oE
Figures in this handbook include an example of how to develop an 83 €
e
€ s iF ET r
FMEA using either a structure Tree or Form sheet. ln the case of Eg. ,p ol
I
5 $ta tA
EI fir gEe
!i
u e
using structure Trees to develop elements, functions, and failures; €t
at
E
g HSF !t
t.
FE;FE
e3
..c-
E;E
f;l E
sS
.9 6
g!6s
* 5 6ll
E;
P{ tt
ooSta a
The analyses for the Design FMEA, process FMEA and t-
EI 6
Supplemental FMEA for Monitoring and System Response F
l5E E
4i I t
(FMEA-MSR) are each described completely in the following I a
-28 - -29 -
2 EXECUTION OF THE DESIGN FMEA
,30 - -31 -
. Technicalrequirements foundation DFMEA. lf no baseline is available, then the team will
. Customerwants/needs/expectation (externaland internal
customers)
I develop a new DFMEA.
-32- 33-
2.2 Design FMEA 2nd Step: Structure Analysis Knowledge of these customers can help to define the functions,
2,2.1 purpose
I requirements and specifications more robustly as well as aid in
determining the effects of related failure modes.
The purpose of Design Structure Analysis is to identify and NOTE: Reference the NOTE in section 2.4.4 for cases when the
breakdown the FMEA scope into system, subsystem, and end user is not known.
component parts for technical risk analysis.
The main objectives of a Design Structure Analysis are:
2.2.4 Visualize System Structure
r Visualization of the analysis scope
A visualization of the system structure helps the DFMEA team
o Structure tree or equivalent: block diagram, boundary develop the structural analysis. There are various tools which may
diagram, digital model, physical parts be used by the team to accomplish this. Two methods commonly
. ldentification of design interfaces, interactions, close used are described in the sections below:
clearances
. Blocl</BoundaryDiagrams
r Collaboration between customer and supplier engineering
o Structure Tree
ii
teams (interface responsibilities)
. Basis for the Function Analysis step 2.2.4.1 Block/Boundary Diagram
Block/Boundary Diagrams are useful tools that depict the system
under consideration and its interfaces with adjacent systems, the
2.2.2 System Structure environment and the customer. The diagram is a graphic
A system structure is comprised of system elements. Depending representation that provides guidelines for structured
on the scope of analysis, the system elements of a design brainstorming and facilitates the analysis of system interfaces as a
structure can consist of a system, subsystems, assemblies, and foundation for a Design FMEA. The diagram below shows the
components. Complex structures may be split into several physical and logical relationships between the components of the
structures (work packages) or different layers of block diagrams product. lt indicates the interaction of components and
and analyzed separately for organizational reasons or to ensure subsystems within the scope of the design as well as those
sufficient clarity. A system has a boundary separating it from other interfaces to the product Customer, Manufacturing, Service,
systems and the environment. lts relationship with the Shipping, etc. The diagram identifies persons and things that the
environment is defined by inputs and outputs. A system element is design interacts with during its useful life. The Boundary Diagram
a distinct component of a functional item, not a function, a can be used to identify the Focus Elements to be assessed in the
requirement or a feature. Structure Analysis and Function Analysis.
The diagram may be in the form of boxes connected by lines, with
2.2.3 Define the Customer each box corresponding to a major component of the product. The
There are two major customers to be considered in the FMEA lines correspond with how the product components are related to,
analysis: or interface with each other, with arrows at the end point(s) to
indicate the direction of flow. lnterfaces between elements in the
o END USER: The individual who uses a product after it has Boundary Diagram can be included as Focus Elements in the
been fully developed and marketed. Structure and Function Analysis Structure Tree.
. ASSEMBLY and MANUFACTURING: the locations where There are different approaches and formats to the construction of
manufacturing operations (e.9., powertrain, stamping and a Blocl</Boundary Diagram, which are determined by the
fabricating) and vehicle/ product assembly and production organization. ln this handbook, the terms "Block Diagram" and
material processing takes place. Addressing the interfaces "Boundary Diagram" are used interchangeably. However, the
between the product and its assembly process is critical to an Boundary Diagram tends to be more comprehensive due to the
effective FMEA analysis. This may be any subsequent or inclusion of external influences and system interactions.
downstream operation or a next Tier manufacturing process.
ln the context of the DFMEA, Block/Boundary Diagrams define the
analysis scope and responsibility and provides guidelines for
structured brainstorming. The scope of analysis is defined by the
-34- -35-
boundaries of the system; however, interfaces with external it, require clearance, involve motion, or thermal
factors/systems are to be addressed. exposure.
o Defines scope of analysis (helps to identify potential team o The customer/end user
members) . Arrows indicate direction
o ldentifies internal and external interfaces e. Define the boundary (What parts are within the span of
r Enables application of system, sub-system, and component control of the team? What is new or modified?)
hierarchy
Only parts designed or controlled by the team are inside
When correctly constructed, Block/Boundary Diagrams provide the boundary. The blocks within the boundary diagram are
detailed information to the P-Diagram, and the FMEA. Although one level lower than the level being analyzed. Blocks
Block/Boundary diagrams can be constructed to any level of within the boundary may be marked to indicate items that
detail, it is important to identify the major elements, understand are not part of the analysis.
how they interact with each other, and how they may interact with
outside systems.
f Add relevant details to identify the diagram.
-36- -37 -
- 2.2.4.2 I nterface Analysis The interactions between System elements may be described
later as functions and represented by function nets (see Step 3
An interface analysis describes the interactions between elements I Function AnalYsis).
of a system.
There are five primary types of interfaces: There is always a system element present, even if it is only
derived from the function and cannot yet be specified more
. Physical connection (e.9., brackets, bolts, clamps and various clearly.
types of connectors)
o Material exchange (e.g., compressed air, hydraulic fluids or
any other fluid or material exchange)
. Energy transfer (e.9., heat transfer, friction or motion transfer
such as chain links or gears)
r Data exchange (e.9., computer inputs or outputs, wiring
harnesses, electrical signals or any other types of information Carbon Brurh
-40- -41 -
A functional requirement is a criterion by which the intended The complete functional description forms the basis for
performance of the function is judged or measured (e.9., material subsequent failure analysis and risk mitigation.
stiffness). )
A P-Diagram focuses on achievement of function. lt clearly
A non-functional requirement is a limitation on the freedom for identifies all influences on that function including what can be
design decision (e.g., temperature range). controlled (Control Factors), and what cannot reasonably be
Requirements may be derived from various sources, external and controlled (Noise Factors).
internal, these could be: The P-Diagram, completed for specific ldeal Functions, assists in
Legal requirements: the identification of:
-42- -43-
A Parameter Diagram consists of dynamic inputs (including Change Over Time
signals), factors that could affect system performance (control and (aging over life time, e.9., mileage, aging, wear)
noise), sources of variation, and outputs (intended outputs and
a Customer Usage
unintended/diverted outputs).
(use out of desired specifications)
The following is an example of a Parameter Diagram which is a External Environment
used to assess the influences on a function of a product including: (conditions during customer usage, e.g., road type, weather)
Input (What you want to put in to get the desired result) is a a System lnteractions
description of the sources required for fulfilling the system (interference from other systems)
functionality.
Function (What you want to happen) is described in a Parameter
Diagram with an active verb followed by a measurable noun in the Noise Factors
present tense and associated with requirements. Noise Noise 2 Noise 3
1 Noise 4 iik:ise 5
Functional Requirements (What you need to make the function Piece to Piece Variation Change Over Time Customer Usage Exlernal
e.9., variation in clearance e.9., holding clamps e.g., excessive user:f Environment System lnteractions
happen) are related to the performance of a function between rotor and holding become permanenlly window lift system by child e.gX e'ect[omagnetic
e.9., humidity,
clamps magnetized, carbon playing
ienlperatur€, dust, external intederence frclm ECU
Gontrol Factors (What you can do to make it happen) which can brushes wear vibration. shock,-..
be adjusted to make the design more insensitive to noise (more
robust) are identified. One type of Control Factor is a Signal lnput Window Lifter Motor lntended Output
Factor. Signal Factors are adjustment factors, set direcfly or Energy: .lr Energy:
i F:J'
@
El.cttical
indirectly by a user of a system, that proportionally change the
@
e.9,, Voltage, Cunent :{i-.J= gnorgy e.9., angle dependent
Ir...c,
system response (e.9., brake pedal movement changes stopping u1... " lr,0r electrical energy on
Enorgy solenoid
distance). Only dynamic systems utilize signal factors. Systems 6
* Unintended
without signal factors are called static systems.
Non-Functional Requirements (What you need beside the
functional requirements) which limit the design option. )
Ir
I
Function Functional
&s
ControlFactors
output
Non Functional
+ -- - -;
Unintended Output
Convert electrical energy Requirements Natural scientific factors energy losses,
Requirements
lntended Output (What you want from the system) are ideal, into mechanicslenergy
Move window glass up which control the function, Requirements which limit e.9., thermal energy,...
acc. to param€terization e.9., magnetic tield
intended functional outputs whose magnitude may (dynamic and down with a defined the design options, NVH, EMC
Requirement velocity strength, permeability,... e.9., geometric interface to
system) or may not (static system) be linearly proportional to a Generate motor customer system,
signal factor (e.9., Iow beam activation for a headlamp, stopping characteristic curve acc. requiremenls regarding
to spec 6790-1923 weight, material, size,...
distance as a function of brake pedal movement).
Unintended Output (What you don't want from the system) are Figure 2.3-3 Example of Parameter Diagram with Electrical Motor
malfunctioning behaviors or unintended system outputs that divert
system performance from the ideal intended function. For
example, energy associated with a brake system is ideally
transformed into friction. Heat, noise and vibration are examples
2.3.5 Function Analysis
of brake energy diverted outputs. Diverted Outputs may be losses
to thermal radiation, vibration, electrical resistance, flow
restriction, etc. The interactions of the functions of several System elements are
Noise Factors (what interferes with achieving the desired output) to be demonstrated, for example as a function tree/network, or
are parameters which represent potentially significant sources of using the DFMEA form sheet. The focus of the analysis cascades
variation for the system response and cannot be controlled or are from OEM to Tier 1 supplier to Tier N supplier.
not practical to control from the perspective of the engineer. The purpose of creating a function tree/network or function
Noises are described in physical units.
analysis on the DFMEA form sheet is to incorporate the technical
Noise factors are categorized as follows: dependency between the functions. Therefore, it subsequently
supports the visualization of the failure dependencies. When there
. Piece to Piece Variation
is a functional relationship between hierarchically linked functions,
(in a component and interference between components)
-44- -45
then there is a potential relationship between the associated The function structure can be created in the Function Analysis
failures. Otheruyise, if there is no functional relationship between section:
hierarchically linked functions, there will also be no potential )
relationship between the associated failures. FUNCTTON ANALYSTS (STEP 3)
For the preparation of the function tree/network, the functions that
are involved need to be examined. Sub-functions enable the 1. Next Higher Level 2. Focus Element
performance of an overall function. All sub-functions are linked Function and 3. Next Lower Level Function and
Function and
Requirement Requirement or Characteristic
logically with each other in the function structure (Boolean AND- Requirement
relationships).
A function structure becomes more detailed from top down. The Commutation system
Convert electrical Brush card body transports forces
lower level function describes how the higher level function is to transports the electrical
energy into between spring and motor body to hold
be fulfilled. For the logical linking of a function structure, it is current between coil
mechanical energy
pairs of the the brush spring system inx,y,z
helpful to ask: according to position (support commutating contact
electromagnetic
. "How is the higher level function enabled by lower level parameterization
converter
point) {
functions?" (Top-Down) and
. "Why is the lower level function needed?" (Bottom-Up).
Figure 2.3-5 Example of Function Analysis Form Sheet
The column header numbering (1,2,3) and color coding are
included to help show alignment between the Structure Analysis
Brurh Car* Ea6o Body and associated content of the Function Analysis (see figure 2.9-S)
Functlotl: ln this section you work from left to right answering the question:
Bru*h e6rd bae transpoFta fcre€6
besroen tprlng and motor b6dy to hold "How is the higher levelfunction enabled by lower level
th€ bruEh 6prlng syelem ln x, y, I poiltlon functions?"
(6upport eotriillutallng contset polntl
Cofilnutollon sy$t€m
Functlon:
Carbon Brush 1. Next Higher Level Function and Requirement:
Funcilon: The function in scope of the Analysis.
Coffmutatlon sy6tem trinsForl6 the Carbon brurh transp+rte electrical
ela€trlcsl eurf€nt botwcsn eoll pair€ of
the electro m6gnetie conv€rt€r
curr6nt bstwcan carbon xtrandsd wirs
and cmmutnlcr surfacc 2. Focus Element Function and Requirement:
3ruth Card Ea** Body
The function of the associated System Element (item in focus)
Window Lifter Motar
FunctJon: Funcdon: ,,- identified in the Structure Analysis.
Convert elsctric{l energy into
machanical *nergy scc. lo
parameterization Elrctrornagn*tie convarter
Cerbon Brush 3. Next Lower Level Function and Requirement or Characteristic:
Funcfran: ... The function of the associated Component Element identified
F u ncdon al Raqu lrem e nts : Functlon:
h{ove windowglasa up and Eiectro.mag neiic convertsr transformg in the Structure Analysis.
tiown lvith a defined veiocity Bru6h C.rd Br6e Body
Fune''fat : ...
-46- -47-
2.3.7 Basis for Failure AnalYsis
Complete definition of functions (in positive words) will lead to a
comprehensive step 4 Failure Analysis because the potential
failuies are ways the functions could fail (in negative words).
Function derive fallur€g
?
Establishment of the Failure Chain
. Potential Failure Effects, Failure Modes, Failure Causes for -
each product function.
. Collaboration between customer and supplier (Failure Effects)
o Basis for the documentation of failures in the FMEA form
sheet and the Risk AnalYsis steP
Figure 2.4-1 Types of Failure Modes
2.4.2 Failures
Failures of a function are derived from the function descriptions.
There are several types of potentialfailure modes including, but The description of a system and subsystem failure mode is
not limited to: described in terms of functional loss or degradation e.g., steering
turns right when the hand wheel is moved left, as an example of
. Loss of function (e.9. inoperable, fails suddenly) an unintended function. When necessary, the operating condition
o Degradation of function (e.g. performance loss over time) of the vehicle should be included e.g. loss of steering assist during
. lntermittent function (e.9. operation randomly start up or shut down.
starts/stops/starts) A componenVpart failure mode is comprised of a noun and a
o Partialfunction (e.9. performance loss) failure description e.9., seal twisted.
. Unintended function (e.9. operation at the wrong time, It is critical that the description of the failure is clear and
unintended direction, unequal performance) understandable for the person who is intended to read it. A
. Exceeding function (e.9. operation above acceptable statement "not fulfilled," "not OK," "defective," "broken" and so on
threshold) is not sufficient.
e Delayed function (e.9. operation after unintended time More than one failure may be associated with a function.
interval) Therefore, the team should not stop as soon as one failure is
identified. They should ask "how else can this fail?"
-48- -49-
2.4,4 Failure Effects
a
Z: Environrnental influences, noise factors A Failure Effect is defined as the consequence of a fairure mode.
a Describe effects on the next lever of product integration (internal
or external), the end user who is the vehicle operator (external),
X: lnput
f (X,W,Z)
,/ rrrrrlY:Outputy=f(x)
'*""v Y*: side effects
and government regulations (regulatory) as applicable.
Customer effects should state what the user might notice or
experience including those effects that could impact safety. The
intent is to forecast the failure effects consistent with the team's
W: Controlfactors
level of knowledge. A failure mode can have multiple effects
A flawed input andlor noise factors generate a flawed output and/or the occurrence of
relating to internal and external customers.
intolerable side effects. ln this case, the failure analysis focuses on the system element that
Effects may be shared by oEMs with suppliers and suppliers with
caused the flawed output.
sub-suppliers as part of design collaboration.
x = input
o No discernible effect
. Poor appearance e.9., unsighfly close-out, color fade,
cosmetic corrosion
Figure 2.4-2 Definition of a Failure
. Noise e.9., misalignment/rub, fluid-borne noise, squeak/ratile,
chirp, and squawk
. Unpleasant odor, rough feel, increased efforts
2.4.3 The Failure Chain r Operation impaired, intermittent, unable to operate, electro-
There are three different aspects of failures analyzed in an FMEA: magnetic incompatibitity (EMC)
. Failure Effect (FE)
. External leak resulting in performance loss, erratic operation,
unstable
o Failure Mode (FM)
. Unable to drive vehicle (walk home)
. Failure Cause (FC)
r Noncompliance with government regulations
o Loss of steering or braking
NOTE ln some cases, the team conducting the analysis may
What happens? not know the end user effect, e.g., catalogue parts, off-
the-shelf products, Tier 3 components. When this
Failure Effect Failure Mode Failure Cause information is not known, the effects should be defined
in terms of the part function and specification. ln these
whv?
cases, the system integrator is responsible for ensuring
the correct part for the application is selected, e.g., auto,
truck, marine, agriculture.
An additional column is shown on the Rating Tables for
: * I "Corporate or Product Line Examples."
I
-52- -53-
responsible for different levels of the design
they are responsible
to communicate failure effects to the next higher
level as aPProPriate.
or next lower (t Brush Card Base BodY
Function:
Brush card body transports forces between
spring and motor body to hold the brush
spring sYstem in x, Y, z Position
point)
liupport commutatin g contact
Failure:
Brush cald body bends in contact area of
the carbon brush
DfI'TEA Potentlal Failure ileturork and Chain Analttis Window Lifter Motor Commutatlon System
Functlon: Function: Carbon Brush
OFUEA DFilEA DFUEA Convert electrical energY into
DFIrtEA
&raly3is Level ExarnPles Failute ExamPles Commutation system transports the Functian:
at at at at mechanical energy acc. to
Analysis Level electrical current between coil pairs Carbon brush transports electrical current
oEll Level I Level 2 Level 3 parameterization of the electro magnetic converter between carbon stranded wire and
Passenger compartment Comfortclosing Sme too long Fu nctian al Re qu irements :
Itchicle
Failure: commutator surface
Move window gla$s uP and down Angle deviation bY commutation Failure:
with a defined velocity system intermittently connects the Carbon hrush transports too little cutrent
Vlffndow Lifter System lilovlngePeed of wlndowglass Failure: wrong coils (Ll, L3 and L2 instead
Syetem toolow Torque and rolating velocity of the of L{, L2 and L3} Brush Card Base BodY
window lifter motor too low
Function: ...
Slfstem Element
Sub$smElcmeot
FC
Lifter Motor
Commutatioo System
Torque and roteting velocity of
the reindow lifter motor too low
Commutation system
tflhat ? @+ Failure:,.. *
Failure Chains
1. Failure Effects (FE)
to the Next Higher Level
Figure 2.4'4 Failure Structure at different levels Element and/or End User
TolinkFailureCause(s)toaFailureMode,thequestionshouldbe Angle deviation bY commutation Brush card body bends in
"Why is the Failure Mode happening?" Torque and rotating velocity
system intermittentlY connects contact area of the carbon
of the window lifter motor too brush
TolinkFailureEffectstoaFailureMode,thequestionshouldbe low the wrong coils (L1, L3 and L2
"What happens in the event of a Failure Mode?" instead of 11, L2 and L3)
-55-
-54-
2.4.9 Gollaboration between Customer and Supplier (Failure
3. Failure Cause (FC):
The cause of failure associated with the
or Characteristic" in the Function
,.NeXt
Analysis'
Lower Element ffii) l Effects)
The output of the Failure Analysis may be reviewed by customers
and suppliers prior to the Risk Analysis step or after to the Risk
TheStructureAnalysis,FunctionAnalysisandFailureAnalysis Analysis step based on agreements with the customer and need
may Ue documented as in the form sheet below' for sharing with the suPPlier.
2.5,3 Gurrent Prevention Controls (PC) 2.5.4 Current Detection Controls (DG)
potential cause which
current Prevention controls describe how a Current Detection Controls detect the existence of a failure cause
and planned
results in the faifure-frloOe is mitigated using.existing or the failure mode before the item is released for production.
activities.Theydescribethebasisfordeterminingtheoccurrence Current Detection Controls that are listed in the FMEA represent
performance
rating. Preveniion Controls relate back to the planned activities (or activities already completed), not potential
requirement. activities which may never actually be conducted.
Foritemswhichhavebeendesignedout-of-contextandare Current Detection controls need to be clearly and
the
purchased as stock or catalog items from a supplier' comprehensively described. Listing a control such ae"Test" or
reference to how
prevention control should document a specific "Lab Test" is not a clear enough indication of a detection control.
to a
the item fulfills G requirement. This may be
a reference References to specific tests, test plans or procedures should be
specification sheet in a catalog' cited as applicable, to indicate that the FMEA team has
and determined that the test will actually detect the failure mode or
Current Prevention controls need to be clearly -
cause, if it occurs (e.9., Test No. 1234 Burst Pressure Test,
comprenensivelydescribed,withreferencescited'lfnecessary' Paragraph 6.1).
thiscanueoonebyreferencetoanadditionaldocument'Listinga
"lessons learned" is not
a
control sucn as;pau"n material" or Examples of Current Detection controls:
clear enough indication' . Function check
TheDFMEAteamshouldalsoconsidermarginofsafetyindesign
as a Prevention control'
Examples of Current Prevention Controls:
l o
o
Burst test
Environmentaltest
. Driving test
rEMCDirectivesadheredto,DirectiveSS/336/EEC o Endurance test
rSystemdesignaccordingtosimulation,tolerancecalculation
establish design
. Range of motion studies
anO proceJu"re - analysiJ of concepts to . Hardware in-the-loop
requirements
o Published design standard for a thread class
. Software inthe-loop
r Sensorperformancespecifications'
. Voltage output lab measurements
o Mechanicalredundancy(fail-safe) All controls that lead to a detection of the failure cause, or the
failure mode are entered into the "Current Detection Controls"
o Design for testabilitY column.
oDesignandMaterialstandards(internalandexternal)
o Documentation (e'g', records of best practices' lessons
learned, etc.) from similar designs
o part geometry prevents
Error-proofing (Poka-Yoke design i'e''
wrong orientation)
oSubstantiallyidenticaltoadesignwhichwasvalidatedfora
pt"uiout rfplication, with documented performance history'
1no*eveilith"r" is a change to the duty cycle or operating
conditions, then the carry-oJer item requires
re-validation in
order for the detection control to be relevant')
-59-
-58-
Design element
{
ilr" determined
t
2.5.6 Evaluations
Review & reaction
before decision' Each failure mode, cause and effect relationship is assessed to
e.g. CAE. tolsrance study estimate risk. There are rating criteria for the evaluation of risk:
Trial
severity (s): stands for the severity of the failure effect
i: lpc' Ascertain Component' occurrence (o): stands for the occurrence of the failure cause
Theoretical tests and decide product,
e.g. DoE, FEA on design trials
DC:
- Good/Bad insPection Detection (D): stands for the detection of the occurred failure
- lnspection for failures cause and/or failure mode'
- Function test over
service life, Evaluation numbers from 1 to 10 are used for S, O, and D
e.g. trend analysis
respectively, where 10 stands for the highest risk contribution'
Design failure
Time NOTE: lt is not appropriate to compare the ratings of one team's
PC {oreventiv€): Prevention controls
OC iieaotive): Detection controls
FMEA wiin tne ratings of another team's FMEA, even if
the producVprocess appear to be identical, since each
FMEA
Figure 2.5'1 Prevention and Detection in the Design team's environment is unique and thus their respective
individual ratings will be unique (i'e., the ratings are
2.S.SConfirmationofGurrentPreventionandDetection subjective).
Controls
Theeffectivenessofthecurrentprevention'anddetectioncontrols
shouldbeconfirmeo.rnis-cano"oon"duringvalidationteardown 2.5.7 Severity (S)
be documented within the
reviews' Such confirmation can The severity rating (s) is a measure associated with the most
DFMEA,orwithinotherprojectdocuments,lsappropriate,
deveropment procedure. serious failure effect for a given failure mode of the function being
according to the team,s .;;;i froduct are proven not to evaluated. The rating is used to identify priorities relative to the
Additional action may be ;;;"e if the controls { )
scope of an indiviOuit fVER and is determined without regard for
be effective' occurrence or detection.
Theoccurrenceanddetectionevaluationsshouldbereviewed
previous products, due to the severity should be estimated using the criteria in the severity
*n"n'"u"rTng'iMEA entries irom Table tjt. me table may be augmented to include product-
new product'
possibilityof different conditions for the specific examples. The FMEA project team should agree on an
evaluation criteria and rating system, which is consistent even if
Confirm Prevention modified for individual design analysis'
Design understanding
SaryPle Time
0i
s------ G alculation New calculation 1 ,
Tests with
:
New experiments *
:
0 -61 -
-60-
Expertise, data handbooks, warranty databases or other
P rod u ct Ge neral Eva uati on
Gri teri a SeveritY ( s)
Blank until
f 'I experiences in the field of comparable products, for example, can
be consulted for the analysis of the evaluation numbers.
to the criteria below filled in bY user When failure causes are rated for occurrence, it is done taking into
Potenti al Failure Effects rated according account an estimation of the effectiveness of the current
CorPorate or prevention control. The accuracy of this rating depends on how
Product Line wellthe prevention control has been described.
Effect SeveritY criteria
S Exam es
Questions such as the following may be helpfulfor a team when
icle and lo r othe r
Affects safe ope ratio n of the veh trying to determine the appropriate Occurrence rating:
p assenger( S ) o
10 very veh icl ES th e health of d flver or . What is the service history and field experience with similar
road users or NS
High components, subsystems, or systems?
liance with ulations
I Non
necessary for
. ls the item a carryover product or similar to a previous level
Loss of pn ma ry veh icle fu n ctio n item?
d un d servlce life
8 n orm al drivi
High icle fu nction n ecessary
. How significant are changes from a previous lev€l item?
D egradatio n of p ri ma ry VE h
7 for no rmal d NV du cted SE rvi ce life . ls the item completely new?
Loss of second vehi cle function o What is the application or what are the environmental
6 changes?
radation of seconda VE hicle function
5
Moderate sound VI brati on
. Has an engineering analysis (e.9. reliability) been used to
V e ry obj ecti ona ble a ppea rance estimate the expected comparable occurrence rate for the
4 h ars h ne SS o r ha CS
application?
ppeara nC€' sou n d
Mode rate ly ob jecti on abl e a . Have prevention controls been put in place?
3 VI bratio n ha rS h
o r ha
Low nce SO u nd
. Has the robustness of the product been proven during the
S ti ghtly o bje ctio n ab le appeara prod uct development process?
2 vibratio n hars h NCSS or ha
(S)
Table D1 'DFMEA SEVERITY
-63-
-62-
Occurrence Potential (O) for the Product
fo r th e Prod uct
Potenti a F ailu re c a u ses
Occurre nGe Pote ntia
rated accordin g to the criteria bel ow
Gonsider Prod uct
best Occurrence
Blank until
filled in bY
fr I Potential Failure Gauses rated according to the criteria below. Gonsider Product
Experience and Prevention Gontrols when determining the best Occurrence
Blank until
filled in by
Controls when determ ning the user estimate (Qualitative rating). user
Experience and Preve ntion
estimate Corporate or Prediction of Corporate or
Product Line o Failure Cause Occurrence criteria - DFMEA Product Line
Prediction of
Occurrence criteria' DFMEA ExamPles Occurring Examples
o Failure Gause
Occurring Detail changes to previous design, using proven technology and
materials. Similar application, duty cycle or operating conditions.
Previous testing or field experience, or new design with some test
experience related to the failure.
ExtremelY high yet bee n 5
10
Standards do not exist and
best practices have not Design addresses lessons learned from previous designs. Best
not able to pred field
ict Practices re-evaluated for this design but have not yet been
determined Prevention controls
ce or do not exist proven. Prevention controls capable of finding deficiencies in the
product related to the failure cause and provide some indication
Moderate
of performance.
Almost identical design with shortterm field exposure. Similar
9
application, with minor change in duty cycle or operating
to identifY pe rformance to conditions. Previous testing or field experience.
Prevention controls not targeted
ments.
or mate rials on a 4 Predecessor design and changes for new design conform to best
n with technica in novations
First use of des rg
tn d uty cycle practices, standards, and specifications. Prevention controls
or change
Very high new ap pl ication New app ication and/or val id ati o n capable of finding deficiencies in the product related to the failure
p rod uct verification
o perati ng con d ition S No cause and indicate likely design conformance.
experience.
Detail changes to known design (same application, with minor
I
l
applicable change in duty cycle or operating conditions) and testing or field
best practices' not directly
Few existing standards and indicator of field experience under comparable operating conditions, or new
pil,"!"ii"n not a reliable
for this desig
". "onttoit ce. {i 3 Low
design with successfully completed test procedure.
-65-
-64-
{
I Detection Potential (D) for the Validation of the Product Design
2.5.9 Detection (D)
measure of the Blank until
The Detection rating (D) is an estimated Detection Controls rated according to Detection Method Maturity and
demonstrate the
effectivene$ of tlnJoLtection control to reliably Opportunity for Detection.
filled in by
item is released for
faiture cause ;;f".,lr;; mooe before the user
associated with the
production. rn" J"t""tion rating is the rating
Gorporate or
most effective detection control' Ability to
Detection Method Maturity
Opportunity for
D
Detect Product Line
Detection
Detectionisarelativerating,withinthescopeoftheindividual Examples
FMEAandisdeterminedwithoutregardforseverityor
using the criteria in Test method not
occurrence. o"t""tion should be es[imated 10 Test procedure yet to be developed
with examples of defined
Table D3' Tnis table may be augmented
comp.any The FMEA
common O"t""tion m"tn'oOt used by the Very low Pass-Fail, Test-to-
Test method not designed specifically
projectteamshouldagreeonanevaluationcriteriaandrating
product
for individual
I to detect failure mode or cause.
Fail, Degradation €
I further efforts are needed to reduce the risk. Due to the inherent
-67 -
-66-
the company, justify and document why
and other factors' they {,
limitations on resources, time' technology' controls are adequate.
must choose how to Oest prioritize
these efforts' )
is introduced in this handbook'
lt Priority Low (L): Low priority for review and action.
The Action Priority (AP) method of S' o' and D' lt was
The team could identify actions to improve
accounts for all 1odft;;;ibie-comoinations first' then occurrence' prevention or detection controls.
on severity
created to give more emphasis
fti;i;lffi the failure-prevention intent of It is recommended that potential Severity 9-10 Failure Effects
then detection' Thi]
high-medium-low priority with Action Priority High and Medium, at a minimum, be
FMEA. The Ap t"b";;?i;a suggested svslem to evaluate action reviewed by management including any recommended
for action. co*punil'";;;" a"Iingte
required from multiple actions that were taken.
priorities instead of muttipte systems
customers. This is not the prioritization of High, Medium, or Low risk, it is
product of S x O x D and range from the prioritization of the actions to reduce risk.
Risk Priority Numbers are the
can provide some information Note:
1 to 1000. The RpN distribution lt may be helpful to include a statement such as "No
about the range ;;t''G, ournpru alone is not an adequate gives further action is needed" in the Remarks field as
"f
method to determin" if'6 n""O
for more actions since RPN appropriate
result in
equalweight to S, d, O' For this reason' RPN could
"O combinations of S' O' and D
similar risk numbe;'f;;;"ty different
how to prioritize' When using
leaving the team un""'t"in lnout
additional method to prioritize
RpN it is ,ecomm";;;;1; ,r" ur,
likeRPNresults,utn"tSxO'TheuseofaRiskPriorityNumber
practice for determining
(RPN) threshold ;;;;'"tott"nd-ed
S x O methods are not
the need tor actions'-fhe npftf and
included in this Publication'
of S and O' S and D'
Risk matrices can represent combinations
provide a visual representation of
and o and D. rn"r"Jr"tiices to )
the results of the and can be used as an input
"t"fytii criteria not
prioritization of aciions based on company-established
included in this Publication'
to work with the Severity'
Since the AP Table was designed
provided in this handbook, if the
occurrence, ano'oetection talbles
organization t" t"Oify the S' O' D' tables for specific
"nool'It oi ptol"tlt' the AP table should also be
products, pro"",'ll,
carefullY reviewed'
rating- tables are the same
for DFMEA
? Note: Action Priority
''"'"' pirt'rEA,'but difterent for FMEA-MSR'
: "ti
Priority Hish (H): ft:ifi':"l
fl,tJtee'j#'ioJxyd;l1:':ili?Y
appropriate a"tion to improve. Prevention
Detection Controls or justify and
"itbloi are
Jocument whY current controls
adequate'
-69-
-68-
Prediction of ACTION
Action PrioritY (AP) for DFMEA and PFMEA
Blank until
f Effect S Failure Cause
Occurrinq
o Ability to Detect D PRIORITY
(AP)
Gomments
Occu rrence and D etection rati ngs
n
PrioritY ts based on com b inations of Severity filled in bY Low - Very low 7-10 H
order to actions for n sk reduction.
ACTION Moderate 5-6 H
Prediction of Gomments Very high 0
o AbilitY to Detect D PRIORITY B-1
Effect S Failure Gause High 2-4 M
Very high 1 M
Low - Very low 7-10 H
Low - Very low 7-10 M
Moderate 5-6 H
Very high 8-1 0 Moderate 5-6 M
High 2-4 H High 6-7
High 2-4 M
Very high 1 H
Very high 1 L
7-10 H Product or
Low - low Low - Very low 7-10 M
Plant Effect 4-6
Moderate 5-6 H Moderate Moderate 5-6 L
High 6-7 2-4 H Moderate 4-5
High High 2-4 L*
Very high 1 H
Very high 1 L
Product or Plant 9-1 0 Low - Very low 7-10 H
Low - Very low 7-10 L
Effect Very high 5-6 H
Moderate Moderate 5-6 L
Moderate 4-5 2-4 H Low 2-3
H h High 2-4 L
Very high I M
Very high 1 L
Low - Very low 7-10 H
Very low 1 Very high - Very low 1-10 L
Moderate 5-6 M
Low - Very low 7-10 M
Low 2-3 2-4 L
High 5-6
Moderate M
Very high 1 L 0 ) Very high B-10
High 2-4 L
Very hig h - Very low 1-10 L
Very low 1
Very high 1 L
Low - Very low 7-10 H
Low - Very low 7-10 L
Moderate 5-6 H
Moderate 5-6 L
Very high 8-10 2-4 H High 6-7
High High 2-4 L
Very high 1 H
Very high 1 L
H Product or
Low - Very low 7-10 7-10
Plant Effect 2-3 Low - Very low L
Moderate 5-6 H Low Moderate 5-6 L
High 6-7 H Moderate 4-5
High 2-4 High 2-4 L
Very high 1 M
Very high 1 L
Product or Plant Low - Very low 7-10 H
7-B Low - Very low 7-10 L
Effect High Moderate 5-6 M
Moderate 5-6 L
Moderate 4-5 2-4 M Low 2-3
High High 2-4 L
Very hi h 1 M
Very high 1 L
Low - Very low 7-10 M
Very low 1 Very high - Very low 1-10 L
Moderate 5-6 M
Low 2-3 No discernible Very low - 1-10 L
h 2-4 L 1 1-10 Very high - Very low
Effect Very high
Very 1 L
-71 -
-70 -
f design team communicates the associated risk of making
product characteristics out of specification the process
team can build in the appropriate level of prevention and
DFMEA RlsK ANALYSIS (STEP 5) detection controls in manufacturing. Reference PFMEA
FATLURE ANALYSIS (STEP 4) Section 3.4 for more information.
6c
1. Failure o
Effects (FE)
o 2.5.12 Basis for Optimization
o
to the Next o The output of Steps 1,2,3,4, and 5 of the 7-step FMEA process
E
Higher Level o
O is used to determine if additional design or testing action is
Element L
needed. The design reviews, customer reviews, management
o
and/or =
iI reviews, and cross-functional team meetings lead to Step 6
End User Optimization.
Simulation 2 Sample test: 2 L
6 Brush card *
Torque and Angle deviation bY of dynamic measuring the
rotating commutation sYstem body bends in forces on elastics and
contact area brush card plastic
velocity of the intermittentlY
of the carbon body acc. deformation 2.6 Design FMEA 6th Step: Optimization
window lifter connects the wrong
FEM 6370 effects of b
motor too low coils (Ll, L3 and L2 brush
card body acc. 2.6.1 Purpose
instead of L1, L2 test spec.
and L3) The purpose of the Design Optimization is to determine actions to
MRJ82/60
mitigate risk and assess the effectiveness of those actions.
The main objectives of a Design Optimization are:
Figure2.5.3ExampleofDFMEARiskAnalysisFormSheet
r ldentification of the actions necessary to reduce risks
) . Assignment of responsibilities and deadlines for action
2.5.11 Gollaboration between Customer and Supplier implementation
(SeveritY) o lmplementation and documentation of actions taken including
understanding confirmation of the effectiveness of the implemented actions
The output of the Risk Analysis creates the mutual and assessment of risk after actions taken
Irlethods of
of technical risk between customers and suppliers'
collaboration |,"nd irom verbal to formal reports.
The amount of . Collaboration between the FMEA team, management,
project, company customers, and suppliers regarding potential failures
information shareld is based on the needs of a
policy,contractualagreements,andsoon'Theinformationshared . Basis for refinement of the product requirements and
b"p"no, on the plac-ement of the company in the supply chain. prevention and detection controls
Some examPles are listed below' The primary objective of Design Optimization is to develop actions
1'TheoEMmaycomparedesignfunctio-ns,failureeffects, that reduce risk and increase customer satisfaction by improving
andseverityfromavehicle-levelDFMEAwiththeTierl the design. ln this step, the team reviews the results of the risk
suPPlier DFMEA. analysis and assigns actions to lower the likelihood of occurrence
of the Failure Cause or increase the robustness of the Detection
2'TheTierlsuppliermaycomparedesignfunctions,failure
the Control to detect the Failure Cause or Failure Mode. Actions may
with
effects, and severity from a subsystem DFMEA also be assigned which improve the design but do not necessarily
Tier 2 supplier who has design responsibility'
lower the risk assessment rating. Actions represent a commitment
3.TheTierlsuppliercommunicatesnecessaryinformation to take a specific, measurable, and achievable action, not
about producicharacteristics on product drawings
and/or potential actions which may never be implemented. Actions are
specifications,orothermeans,includingdesignationof not intended to be used for activities that are already planned as
standardorspecialcharacteristicsandseverity.This these are documented in the Prevention or Detection Controls and
informationisusedaSaninputtotheTier2supplier are already considered in the initial risk analysis.
pFMEA as well as the Tier i's internal PFMEA. When the
-73 -
-72 -
Gompleted
are necessary' "No
lf the team decides that no further 9"11oltRemarks field to show firr Completed actions have been implemented and their
in the
further action i, n""l$JiI *iitt"n effectiveness has been demonstrated and documented. A
the rist< analYsis was comPleted' final evaluation has been done.
to
assess technical risks related
The DFMEA should be used to Not lmplemented
design'
continuous improvement of the
in the following order: Not lmplemented status is assigned when a decision is
The optimization is most effective made not to implement an action. This may occur when
or mitigate a Failure Effect
. Design modifications to eliminate risks related to practical and technical limitations are
(FE). beyond current caPabilities.
the Occurrence (O) of the
o Design modifications to reduce The FMEA is not considered "complete" until the team assesses
Failure Cause (FC) each item's Action Priority and either accepts the level of risk or
for the Failure Cause (FC)
e lncrease the Detection (D) abitity documents closure of all actions.
or Failure Mode (FM)' lf "No Action Taken," then Action Priority is not reducpd, and the
all impacted design
o ln the case of design modifications' risk of failure is carried forward into the product design. Actions
elements are evaluated again' are open loops that need to be closed in writing.
all steps of the Flt4EA are
ln the case of concept modifications'
reviewedtortneatrettedsectionr.initisnecessarybecausethe 2.6.4 Assessment of Action Effectiveness
it was based upon a
valid since
original anatysl; ;;'lo;g"r when an action has been completed, occurrence and Detection
different design concePt' values are reassessed, and a new Action Priority may be
determined.
2.6.2 Assignment of Responsibilities The new action receives a preliminary Action Priority rating as a
EachactionshouldhavearesponsibleindividualandaTarget
it' prediction of effectiveness.
with
Compietion Date (TCD) associated
However, the status of the action remains "implementation
Theresponsiblepersone.nsurestheactionstatusis.updated.lf pending" until the effectiveness has been tested. After the tests
person is also responsible for the
the action is coniirmed this are finalized the preliminary rating has to be confirmed or adapted,
action imPlementation' when indicated. The status of the action is then changed from
"implementation pending" to "completed."
TheActualCompletionDateforPreventiveandDetectionActions
isdocumentedincludingthedatetheactionsareimplemented. The reassessment should be based on the effectiveness of the
TargetCompletionDatesshouldberealistic(i'e"inaccordance Preventive and Detection Actions taken and the new values are
plan, prior to process validation' based on the definitions in the Design FMEA Occurrence and
with the proou".i"i"u"roprn"nt
Detection rating tables.
Prior to start of Production)'
-75 -
-74 -
DFMEA RISK ANALYSIS (STEP 5) DFMEA OPTlMlzATloN (STEP 6)
o) o
a (u C
E 7o o '6
(L
o)
o o c (E
.E o -q)
t9 o
o.
o
o
(Lo)
-9
o ';b tr
o
oE o
o)
E -o(u
az E
o
o
a ei
-E)
-g
o.
o
o co
o
o
c)
fB E
o
o
o a ct) o
o
=
IL x. (5
F o
Figure 2.6-l Example of DFMEA Optimization with new Risk Evaluation Form Sheet
-76-
I
3 EXECUTTON OF THE PROCESS FMEA (PFMEA)
)
3.1 Process FMEA 1st Step: Planning and Preparation
3.1.1 Purpose
The purpose of the Process Planning and Preparation Step is to
describe what producUprocesses are to be included or excluded
for review in the PFMEA project.
The process takes into account that all processes within the
facility can be analyzed or reanalyzed using PFMEA. This process
allows an organization to review all processes at a high level and
to make a final determination for which processes will be
analyzed. The overall advantage of Preparation is tofocus
resources on processes with the highest priority.
The main objectives of the Process Planning and Preparation
Step are:
. Projectidentification
. Project plan: lnTent, Timing, Team, Tasks, Tools (5T)
. Analysis boundaries: What is included and excluded from the
analysis
. ldentification of baseline FMEA with lessons learned
) o Basis for the Structure Analysis step
-79 -
Answers to these questions and others
help create the list;i#M;A projecls
defined by the company
needed' The PFMEA
commitment and focus'
f )
Planning and Preparation: All piocesses L€vel
& Delivsry
Plannlng and Preparation: Department Levets
oErrorproofingrequirements,DesignforManufacturabilityand
AssemblY (DFM/A)
Figure 3.1-l Demonstration of the process for narrowing the Preparation
. QFD QualitY Function DePloYment The following may be considered in defining the scope of the
Preparationneedstobeestablishedatthestartoftheprocessto PFMEA, as appropriate:
assure consistent diiection and focus'
e'g'' an entire process line'
o Novelty of technology / degree of innovation
process item / Process element'
progY:1,::ality and . Quality/Reliability History (ln-house, zero mileage, field
Processes within the plant that can impactthe ) failures, warranty and policy claims for similar products)
include: recelvlng
;u;G considered for PFMEA analysisproduct a,n$ . Complexity of Design
processes, part and material storage' laterial
delivery, rnanrtu"iuting,
pabkaging' labeling' completed . Safety of people and systems
"tt"tnoty'
product transportatlon, itot"g", maintenance
processes' detection
. Cyber-Physical System (including cybersecurity)
and rework and repair processes' etc'
Fio""tt"t . Legal Compliance
o Catalog and standard parts
Items that may assist in determining whether an existing PFMEA
should be included in the final scope:
. New development of products and processes.
. Changes to products or processes
. Changes to the operating conditions
. Changed requirements (laws/regulations, standards/norms,
customers, state of the art)
r Manufacturing experience, 0 km issues, or field issues /
Warranty
. Process failures that may result in hazards
o Findings due to internal product monitoring
. Ergonomic issues
. Continuouslmprovement
-81 -
-80-
Gompany Name: Name of Company Responsible of PFMEA
) Manufacturing Location: Geographical Location
Customer Name: Name of Customer(s) or Product Family
Model Year / Program(s): Customer Application or Company
Model/Style
Subject: Name of PFMEA project
PFMEA Start Date: Start Date
PFMEA Revision Date: Latest Revision Date
Gross-Functional Team: Team: Team Roster needed
PFMEA lD Number: Determined by Company
Process Responsibility: Name of PFMEA owner s
) Date: Responsiblllty:
Model Year{s) / 2020 PX123 Eee Team List Confidential
Cross Functonal Confidentiality
Program(s): Tearn: Level:
I
teams (interface responsibilities)
o Basis for the Function Analysis step
-83-
ProdscUProcess Process Step/Statlon 4ll Elamentg
Tree helps define the
A Process Flow Diagram or a Structure ll*rn- kchine. lld.tiaL Environ&dl
2) is comPlete.
Line
ffi Operalor
Press lllachine
IOP 30i Sintered
gearing Press-in Process
3.2.2 Process Flow Diagram Sintered Eearing
AProcessFlowDiagramisatoolthatcanbeusedaSaninputto
IOP {01 Gear Cover ass€mbly Process
the Structure AnalYsis'
lncoming insPection for
production components loP...l ...
q
Transport comPonents from
warehouse to Production line
Figure 3.2-2 Example of Structure Analysis Structure Tree (Electrical Motor Assembly Line)
IOP 101 Grease bearing shaft
The Process ltem of the PFMEA is the highest level of the
gear wheel structure tree or process flow diagram and PFMEA. This can also
IOP 201 Grease
be considered the end result of all of the successfully completed
Transport Process Steps.
Transport
)
IOP 401 Gear cover
assemblY i;i:::iii*1;ljfi;i$*i;#
Transport
A $orage
o Operabon
toP...1...
o Test Chsracterisgc
I -85-
-84-
STRUGTURE ANALYSIS (STEP 2)
Process StePlStation
) 1. Process ltem
101 Greasing Process (bearing shaft) Systern, $ubsystem,
loP
Part Elernent or
Proceqs Flow Name of Process
+ Operator
Electrical Motor Assy IOP 30] Sintered Bearing
201 Greasing Process {gear
wheel} Line Press-ln Process
loP
'tOP 301 Sintered Bearing Press Machine
Electrical Motor Assy
Line Press-ln Process
I ffi
Press'in Process Example of Structure Analysis Form Sheet ri
loP 30t Sintered Bearing Figure 3.2-5
1 Process ltem:
I The highest level of integration within the scope of
assembly Process analysis.
tOP 401 Gear Gover
I 2 Process Step:
I
* The element in focus. This is the item that is topic of
consideration of the failure chain.
toP...1... 3. Process Work Element:
) The element that is the next level down the structure from
Figure 3'2'4 Process StePs
the focus element.
TheProcessWorkElementisthelowestleveloftheprocessflow
name of a main
or structure tree. fa-cn'wort< etement
is the 3.2,4 Gollaboration between Gustomer and Supplier
impact the process step' eng i neeri g teams (i nterface responsi bi I ities)
;a;il"i fotentiaicauses that could 5M'
n
Method
Measurement
-87 -
-86-
Note: The negative of these will be the Failure Modes
. process functions
Visualization of product or
. Function tree/net or equivalent
process flow diagram Example: Get sintered bearing from chute manually
.Associationofrequirementsorcharacteristicstofunctions
teams (systems' safety'
. Collaboration between engineering Example: Press force to press sintered bearing into pole
and comPonents) housing *
? #
lnput lntended output
Product Characteristics :
Components: Process Assembly;
t
Housing housing until defined position assembled sinter Bearint
\.
Legal requirements:
. Compliance with designated hea,lth & safety and
environmental protection regulations
\..F Unintended
output
Process Function & Requirement to the Product: lmpacted or changed Product Generic Process
lndustry Norms and Standards: Product Characteristics/ (lnterface to Design) Characteristics Requirements
Requirements e.g. e.g. e.g. *'
olSOg00l,VDAVolume6Part3'ProcessAudit'SAEJ1739 - Axial position rintered - lmpact to components due to part - lnner diameter of sinter Bearing - Target Cycle Time
bearing in pole housin6 handllng or press in forces - Surface o{ Bearing seat in housing . OEE
- Force fit of sint€red - distinctness of components - Scalability
Gustomer Requirements :
bearing and pole - Operator safety (sharp edges) - Health & Safety Req.
. According to customer specifications'
e'g' adherence to housing
provision of product(s) in
required qr"riii, tunut"ltut" a.nd
time x and quantity y (output z/hou$ Figure 3.3-l Example of Parameter Diagram of Press in Sintered Bearing
lnternal Requirements:
in process cycle, com.pliance with
. Manufacture of the product,(e.g,.
expected pd;;i# .oiir {acilities availability, limited 3.3.4 Visualization of functional relationships
rejects, no work)' pioduction system principles' )
"otl.tiue The interaction of process item functions, process step functions
pio*tt quality and cleanliness instructions
and process work element functions may be visualized as function
Process Gharacteristics : network, function structure, function tree, and/or function analysis
depending on the software tool used to perform the PFMEA. For
.AProcesscharacteristicistheprocesscontrolthatensures
by the p-roc.ess' lt may example, Function Analysis is contained in the Form Sheet to
the Product Cnui'"t"tittic is achieved perform the PFMEA.
beshownon-manutacturingdrawingsorspecifications jnstructions'
(including op"t"to' *ork inltructions' set-up
n g verif ication proced u res'
etc' )' P rocess
while the product is being
characteristiJr'."n 6" measured
"rror-pro-ofi
value is
quantitative
made t"'g., pi;force)' The specific
oPtionalfor the PFMEA form sheet'
rl
t
-91 -
-90-
3.3.5 Gollaboration between Engineering Teams (Systems,
oo€r6tof
Pioceee Functlon: -
( tl SafetY, and ComPonents)
;;;;''p,;;;;ths butron or ftbchine tor
I#""i"girtt p'"Es'ir\ Proe when
eEs loadlng Engineering teams within the company need to collaborate to
ir eomPl6ted make sure information is consistent for a project or customer
Op€ratot program especially when multiple PFMEA teams are
pimers Functlon:
ijil'r"ii,' t"i-* trniered bearing f rom shut simultaneously conducting the technical risk analysis. For
prostjn 6hrtt until iho
iffi Jut'n f, t"t" the
example, design information from systems, safety, and/or
uppet *top
component groups helps the PFMEA team understand the
Presr llachlne
Fr@68 Functlon: functions of the product they manufacture. This collaboration may
lo the
B€sring PrsseJn Procssa
iiJ"ttrn".rig"" *lntsred bsarlRg be verbal (program meetings) or written as a summary'
IOP 30i Sintcred bearlng 6set ln Polg houEing
Lina
El€ctrie6l ltlotct A66e$bly
t Frmess Function:
Pr0e€Eg Funetl6n ;llli u""dns r" achiavo axiar Pra66 tiachlRe
Funetion:
-ilfi;;;;;i;;; 3.3.6 Basis for Failure AnalYsis
in potu housing to max gsp P€r -.
ProcoEg
4f 6hafI lnlo Potg ';;i;iJi"J ths 6intcred bsari$s to ths
AsserrtbtY
- po"ition
houslng asse{ri,blr Print b€avinq EcEt 1n Pol6 houslng complete definition of process functions (in positive words) will
Fre36 ll.ehlnq lead to a comprehensive Step 4 Failure Analysis beqpuse the
Pr6e66& Fun€lioR:
ii"lr,r-o-" oi"*""t ln the Elntered bssrldg potential failures are ways the functions could fail (in negative
ffi;il; #;il;at in Porc h6$6rns uhtrl
words).
tho defin€d 6xial Po€llion
nEl{r*r BOES TT Eg?
PleiE Itachine
3.4 Process FMEA 4th Step: Failure Analysis
3.4.1 PurPose
Structure Tree ,The purpose of the Process Failure Analysis is to identify failure
Figure 3.3'2 Example of Function Analysis
causes, modes, and effects, and show their relationships to
enable risk assessment.
) The main objectives of a Process Failure Analysis are:
Function of the Process
1. Function of the Process
ltem
a nd Product Characteristic
o Establishment of the Failure Chain
Function of SYstem, SubsYstem' ntitative value is optional) o Potential Failure Effects, Failure Modes, Failure Causes for
(Qua
Part Element or Process
I
I o uohec€ssary activity
-93-
-92-
2 Shipto plant: the effect of the failure mode assuming the
3.4.3 The Failure Ghain {
\
) defect is not detected before shipping to the next plant
aspects to be considered (what action will the next plant take, e.9., sort)
For a specific failure, there are three
o Failure Effect (FE) 3 End user: the effect of the process item effect (what will the
end user notice, feel, hear, smell, etc., e.9., window raises
. Failure Mode (FM) too slow)
r Failure Cause (FC)
Failure Mode ilure Cause This includes an inability to assemble or joinJo a mating
Failure Effect component at any subsequent customer's facility.
whv? lf so, then identify the manufacturing impact "Your Plant"
and/or "ship-to plant" in the PFMEA. lf not, then go to
question 2.
Examples could include:
. Unable to assemble at operation x
o Unable to attach at customer facility
o Unable to connect at customer facility
( r Cannot bore at operation x
model
Figure 3.4-1 Theoreticalfailure chain . Causes excessive tool wear at operation x
i1
I
I
-95-
-94 -
Verification of completeness of the failure modes can be made
ExamPles could include: through a review of past things-gone-wrong, reject or scrap
{\ )
r Noise reports, and group brainstorming. Sources for this should also
o High effort .include a comparison of similar processes and a review of
customer (end user and subsequent operation) claims relating to
. Unpleasant odor similar components.
. lntermittentoPeration There are several categories of potential failure modes including:
. Water leak e Loss of process function/operation not performed
. Rough idle r Partialfunction - lncomplete operation
. Unable to adjust . Degradation of process function
o Difficult to control . Overachieving process function - Too much too high.
o Poor appearance o lntermittent process function - operation not consistent
. Regulatory System Function reduced or failed o
. End user lack of vehicle control Unstable operation *
. Unintended process function - wrong operation
o SafetY effect on end user .
was detected prior
Wrong part installed
3 What would happen if a failure effect r Delayed process function - operation too late
to reaching the end user?
locations Typical failure modes could be, but are not limited to:
The failure effect at the current or receiving
also needs to be considered' . Hole too shallow, too deep, missing or off location.
ldentify the manufacturing impact
"Your Plant" and/or . Dirty surface
"shiP-to Plant" in the PFMEA' . Surface finish too smooth
ExamPles could include: ) . Misaligned connector pins
o Line shutdown
. Connector not fully seated
o StoP shiPment
r Pass a bad part, or reject a good part, bypass inspection
operation
. Yard hold
o Label missing
o 100% of Product scraPPed
. Barcode not readable
o Decreased line sPeed
.
line rate ECU flashed with wrong software.
. Added manpower to maintain required
e Rework and rePair 3.4.6 Failure Gause:
A failure cause is an indication of why a failure mode could occur.
3.4.5 Failure Mode The consequence of a cause is the failure mode. ldentify, to the
as the manner in which the
A (Process) Failure Mode is defined extent possible, every potential manufacturing or assembly cause
deliver or provide the
process could caus"-in" ptoOuct not to for each failure mode. The cause should be listed as concisely
intended function' and completely as possible so that efforts (controls and actions)
design of the p.roduct is can be aimed at appropriate causes.
The team should assume that the basic
result in
;;;i h"*ever, if Gre are design issues which Typical failure causes may include the classic lshikawa's 4M, but
be communicated to the
process concerns, thot" issues s[ould are not limited to:
design team for resolution' . Man: set-up worker, machine operator/ associate, material
occur but may not necessarily
Assume that the failure mode could associate, maintenance technician etc.
occur.FailuretoO"ttnoufOn"describedintechnicalterms'not
as a symptom noticeable by the customer'
I
-97 -
-96-
tank' injection
3.4.6.4 Environfient (Milieu)
a -siiiatrobot' !"19:::"tervoir
Machine/Equipment: { ) ls lighting adequate for task?
conueyor' inspection devices'
1.
molding macnine,
fixtures, etc. 2. Can parts used within the process, be considered foreign
installation grease' washer material?
a Material (lndirect): machining -oil'
etc'
Ioncentration, (aid for operation)' The description of the failure cause needs to be clear. Terms such
such as heat' as "defective, broken," "operator failure," "non-fulfillment or "not
a Environ$ent (Silieu): ambient.conditions
JutC lighting' noise' etc' OK" and so on are insufficient to comprehensively assign the
"on:tumin'Jiion, that the incoming failure cause and mode and to determine actions.
Note: ln preparing the FMEA' assumeexceptions can be made
part(s)/mat"ti"fttl'"t" coriect' 3.4.7 Failure Analysis
data indicate
by the ffr'f fnie'am where historical
in incoming part quality' Based on the process steps, the failures are derived and failure
dlficiencies
chains (i.e., Failure structure/failure trees/failure network) are
created from the function analysis (see figure 3.3-1).
failure causes is to have a
One method to help reveal/uncover The focus element of the failure structure is the Failure Mode, with
i"'*
facilitator ttrat tealJ in" through "Thought P'rovoking
its associated Failure Effects and potential Failure Causes.
queitions can be broad category
Stimulation Ot"tiio"t:'ir'"t" Depending on the focus, a failure can be viewed as a Failure
questions, ;timuiate tne-process experts thought
questions to a manageable Effect, a Failure Mode, or a Failure Cause.
process, wnife"nougiilo
f<Seping tne number of the
specific and broken down into To link failure cause(s) to a Failure Mode, the question should be
level. Questions can be process formed by reviewing
questio_ns can be "Why is the Failure Mode occurring?"
4M categories. rn]ti"riist'of
previous PFMEA's'
tf,e faif .ire Causes in To link failure effects to a Failure Mode, the question should be
"What happens in the event of a Failure Mode?"
ExamPle - AssemblY Process:
3.4.6.1 Man { )
process' can wrong part be
1. From parts available within the
aPPlied?
2. Can no Part be aPPlied?
3. Can the parts be loaded incorrectly? Pr6$ Machine
Proeess characteristic:
pickup to application?
4. Can parts be damaged - From Electrical Motor , Asrembly Lln6
Process Requirement: IOP 301 Sintored Eearing Pro8iln Procoss Machine press in the sint€red bearing into lhe
bearing seat in po16 housing ufitil the defined axial
Product Characteristic
Assemblyof shaft into pole housing position
5. Can wrong material be used? assembly ----'--
Axial po6ition sintered bearing in pole h0using
{max. gap: < 0,3 mm} Failure:
Effecf on Proeess-'
Fallure: Machine stops before reaching final position
elearance too small to assemble
Axial position of sintered bearing is l'iot reached
3,4. 6.2 flachine shaft
excessive
4
in the spreadsheet in order to avoid
modes and causes'
duplicaiion of the same failure
2 Failure Mode (FM):
with the "Focus
The mode (or type) of failure associated
Element" in the Function Analysis'
Noteforspreadsheetusers:ltisrecommendedthatusersstart
related failu.re
with the faiture mode and then identify
Function of the
effects using tt'lt intottution in the #1
process rteft-corumn of the Function Analysis section
because some or all categories may apply'
3 Failure Cause (FC):
"Work Element
The cause of failure associated with the
Analysis'
unJ pro.".s Characteristic" in the Function
0 )
-101 -
- 100 -
2. Process Step 2. Function of the Process SteP
2. Failure Mode (FM)
(\ Station No. and Name and Product Characteristic
End User
comfort ctosing time too long
analyzrd in the DestgnflrlEA ) of Focus Element (Quantitative value is
of the Process Step
.....JtI.?{!
IOP 301 Sintered Press in sintered bearing to Axial position of sintered
Failure Effect on
Bearing Press-ln achieve axial position in Pole bearing is not reached
Failule Effect on Product Paocess Function'
i DFMEA Torque and
the
Function, analyzed in the analvzeci in the Process housing to max gap per Print
i@l window Frocess FMEA Proc$s FMEA
Window lifter a$emblY Figure 3.4-G View of Process Step'Function'Failure Form Sheet
Commutatlon System Effects
Commutation System line
Shio to Plant Assembly ol
Anole deviatlon bY commutation Your Plant: Clearancetoo
motor to vehicle door
sv;tem intermittently connects to assemble shan
i@I
small
reduires additional insertion
tire wrong coits 1Lt, L3 and L2 without Potential damage
instead of Ll, L2 and L3)
rorie with Potential damage
Modes
lncorrecl
PFMEA and DFMEA Figure 3.4-Z View of Process Work Element-Function-Failure Form Sheet
Figure 3.4-4 Relationship between
-103-
-102-
Failure Causes are rated for occurrence, taking into account the
3.5 Process FMEA 5th Step: Risk Analysis ( effectiveness of the current prevention control (Chapter Risk
Evaluation).
3.5.1 PurPose Current Prevention Controls describe measures which should be
estimate risk by
The purpose of Process Risk Analysis is to implemented in the design process and verified during prototype,
in order to
evaluating Severity, Occurrence and Detection' machine qualifications (run-off), and process verification prior to
prioritize the need for actions' start of regular production. Prevention Controls may also include
are: standard work instructions, set-up procedures, preventive
The main objectives of the Process Risk Analysis
mai ntenance, cal ibration proced u res, error-proofi ng verification
.Assignmentofexistingand/orplannedcontrolsandratingof procedures, etc.
failures
oAssignmentofPreventionControlstotheFailureCauses 3.5.3 Gurrent Detection Gontrols (DG)
oAssignmentofDetectionControlstotheFailureCauses Definition: Current Detection controls detect the existence of a
and/or Failure Modes failure cause or the failure mode, either by automated or manual
oRatingofSeverity,occurrenceandDetectionforeachfailure methods, before the item leaves the process or is shipped to the
customer.
chain
o Evaluation of Action PrioritY Examples of Current Detection controls:
. Collaboration between customer and supplier
(Severity) . Visual inspection
o Basis for the OPtimization steP . Visual inspection with sample checklist
TherearetwodifferentControlGroups:CurrentPrevention . Optical inspection with camera system
Controls, and Current Detection Controls' . Optical test with limit sample
. Attributive test with mandrel
3.5.2 Current Prevention Controls (PC) r
{ Dimensional check with a caliper gauge
3.5.2.1 Process Planning . Random inspection
Definition: Current Prevention Controls facilitate
optimal process . Torque monitoring
planningtominimizethepossibilityoffailureoccurrence. o Press load monitoring
Prevention of possible layout deficiencies of
the production facility: o End of line function check
e Test runs according to start-up regulation AV
17l3b
jj;
PC:
Review & reaction
3.5.2.2 Production Process before decision,
e.g. Poka-Yoke
Definition:Eliminate(prevent)thefailurecauseorreduceitsrate
Process
of occurrence. parameters
I
. Work instructions / Visual aids DC (reactive): Detection controls
ti
o Machine controls
3.5-l
I
t1
tr
o First Part release Figure Prevention and Detection in the Process FMEA
-105-
-104-
{ )
Detection 3.5.6 Severity (S)
Prevention
Severity is a rating number associated with the most serious effect
rca% for a given failure mode for the process step being evaluated. lt is
a relative rating within the scope of the individual FMEA and is
Process qualitY determined without regard for Occurrence or Detection.
For process-specific effects, the Severity rating should be
Time determined using the criteria in evaluation Table P1. The table
0 Product characteristic
may be augmented to include corporate or product line specific
-Visual lnsPection" examples.
-Operator instruetisn*
:
+
*-- The evaluations of the Failure Effects should be mutually agreed
: Sensory lnsPection" -
? -Machine CaPabilitY-- to by the customer and the organization.
t
* - -."... lnsPection - NOTE: lf the customer impacted by a Failure Modb is the next
* i
- -' *rocess monitorlng manufacturing or assembly plant or the product user,
assessing the severity may lie outside the immediate
Figure 3.5'2 Roadmap of process understanding process engineer's/team's field of experience or
knowledge. ln these cases, the Design FMEA, design
3.5.4 Gurrent Prevention and Detection Gontrols engineer, and/or subsequent manufacturing or assembly
plant process engineer, should be consulted in order to
CurrentPreventionandDetectionControlsshouldbeconfirmedto comprehend the propagation of effects.
beimplementeOanOeffective'Thiscanbedoneduringanin-
station |."ui"* G.g- Line Side Review, Line
walks and Regular
additional action may be
audits). rt tne conirol is not effective,
needed' {, )
TheoccurrenceandDetectionratingsshouldbereviewedwhen
possibility of
using data from previous processes' due to the
different conditions for the new process'
3.5.5 Evaluations
(failure chain or
Each Failure Mode, Cause and Effect relationship
."tj i" assesseo for its independent risk. There three rating
are
criteria for the evaluation of risk:
Severity(S):standsfortheSeverityoftheFailureEffect
occurrence(o):standsfortheoccurrenceoftheFailureCause
Detection(D):standsfortheDetectionoftheoccurredFailure
Cause and/or Failure Mode
Evaluation numbers from 1 to 10 are used for
S' O' and D
l."rp""iiu"ry, in which 10 stands for the highest risk contribution.
NOTE: lt is not appropriate to compare the ratings
olgne team's
even if
FMEA witn the ratings of another team's FMEA'
theproducUprocess-appeartobeidentical,sinceeach
team'senvironmentisuniqueandthustheirrespective
are
individual ratings will be unique (i'e', the ratings
subjective).
)
-107 -
-106-
Process General Evaluation Griteria Severity (S)
Process General Evaluation Criteria Seve
Blank
filled in by
) Potential Failure Effects rated according to the criteria below
Blank until
filled in by
Potential Failure Effects rated according to the criteria below user USET
Corporate or lmpact to Ship-to Plant Corporate or
lmpact to End User s lmpact to End User
lmpact to ShiP'to Plant Product Line Effect lmpact to Your Plant
(when known) Product Line
s Effect lmpact to Your Plant (when known) (when known)
(when known) Examples
Affects safe 100% of production run
operation of the may have to be Line shutdown up to one Loss of secondary
6
Failure may result in an Failure maY result in an vehicle and/or other reworked off line and hour vehicle function.
acute health and/or acute health and/or vehicles, the health accepted
10 safety risk for the safety risk for the of driver or Less than 100% of
manufacturing or manufacturing or passenger(s) or
High A portion of the product affected; strong
assemblY worker assembly worker road users or production run may have possibility for additional Degradation of
5 Moderately secondary vehicle
low to be reworked off line defective product; sort
function.
Failure may result in in- Failure may result in in- Noncompliance with
and accepted required; no line
plant regulatory plant regulatory shutdown *
9 regulations.
noncom iance noncom rance Defective product Very objectionable
100o/o of production run
Line shutdown greater may have to be
triggers significant appearance, sound,
than full production shift; 4 reaction plan; additional vibration,
reworked in station
stop shipment Possible; defective products not harshness, or
100% of production run before it is processed
field rePair or likely; sort not required haptics.
affected maY have to be replacement required
scrapped. Loss of primary Moderately
(Assembly to End User) vehicle function Defective product
Failure maY result in in- A portion of the objectionable
other than for regulatory necessary for production run may have
triggers minor reaction
plant regulatory appearance, sound,
noncompliance. 3 plan; additional defective
I noncompliance or may normaldriving to be reworked in-station vibration,
Failure may result in in- during expected
products not likely; sort
have a chronic health before it is processed harshness, or
plant regulatory not required
and/or safetY risk for the noncompliance or may
service life. ( ) haptics.
Moderately manufacturing or Low
have a chronic health
high assemblY worker Defective product Slightly
and/or safetY risk for the
triggers no reaction plan; objectionable
manufacturing or Slight inconvenience to
worker additional defective appearance, sound,
2 process, operation, or
products not likely; sort vibration,
Line shutdown from 1 operator
Product may have to be Degradation of not required; requires harshness, or
hour up to full Production
sorted and a Portion primary vehicle feedback to supplier haptics.
shift; stop shiPment
(less than 100%) possible; field rePair or function necessary
7 scrapped ; deviation from replacement required for normal driving 1 Very low No discernible effect
No discernible effect or No discernible
primary process; (Assembly to End User) during exPected no effect effect.
decreased line sPeed or other than for regulatory service life.
added manpower noncom iance Table Pl - PFMEA SEVERITY (S)
0 )
- 109 -
- 108 -
Occurrence Potential (O) for the Process
3.5.7 Occurrence (O) (
occurrence of Failure
)
The Occurrence rating (O) describes the Potential Failure Causes rated according to the criteria below. Consider Prevention
the associated current '
Cause in the pro""rr]dking into account Controls when determining the best Occurrence estimate. Occurrence is a predictive
prevention controls. qualitative rating made at the time of evaluation and may not reflect the actual Blank untilfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
Theoccurrenceratingnumberisarelativeratingwithinthescope FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
occurrence'
of the FMEA and may not reflect the actual Ratings, use the rating that best reflects the robustness of the control.
Theoccurrenceratingdescribesthepotentialofthefailurecause Prediction of Corporate or
regard to the Type of
to o".ur, according to-the rating table' without o Failure Gause
Control
Prevention Controls Product Line
detection controls' Occurrinq Examoles
p-rocess.es' for 10 Extremely high None No prevention controls.
Expertise or other experiences with comparable I
&itpfe, can be considered in the assessment the rating
of
8
Very high Behavioral
Prevention controls will have little
effect in preventing failure cause.
numbers.
7 Prevention controls somewhat *
lndeterminingthisrating,questionssuchasthefollowingshould High
6 Behavioral effective in preventing failure cause.
be considered: or Technical
5 Prevention controls are effective in
processes and
o What is the equipment history with similar 4
Moderate
preventing failure cause.
process stePs? 3 Low Best
e What is the field experience with similar
processes? Practices: Prevention controls are highly
previous process? Behavioral effective in preventing failure cause.
o ls the process a carryover or similar to a
2 Very low
or Technical
production
o How significant are changes from a current Prevention controls are extremely
process? effective in preventing failure cause
. ls the Process comPletelY new? from occurring due to design (e.9.
o What are the environmental changes?
6 1 Extremely low Technical
part geometry) or process (e.9.
fixture or tooling design). lntent of
o Are best practices already implemented? prevention controls - Failure Mode
. instructions, set-up
Do standard instructions exist? (e.g', work cannot be physically produced due
error- to the Failure Cause.
and calibration procedures, preventive maintenance'
prooting verification procedures' and process monitoring Prevention Control Effectiveness: Consider if prevention controls are technical (rely on machines, tool
verification checklists) life, tool matedal, etc.), or use best practices (fixtures, tool design, calibration procedures, error-
(e'g''
o Are technical error-proofing solutions implemented?
tool design'
proofing verification, preventive maintenance, work instructions, statistical process control charting,
process monitoring, product design, etc.) or behavioral (rely on certified or non-certified operators,
product or process design, fixture and
control skilled trades, team leaders, etc.) when determining how effective the prevention controls will be.
established process sequence, production
tracking/traceability,machinecapability'andSPCcharting)
Table P2 - PFMEA OCCURRENCE (O)
J
- 113.
-112-
Priority Medium (M): Medium priority for review and action.
3.5.9 Action PrioritY (AP)
oncetheteamhascompletedtheinitialidentificationoffailure
fi The team should identify appropriate actions
to improve prevention and / or detection
ratil-S-s f9r
modes and effects, ;;;t;; and controls, including
must decide if further
controls, or, at the discretion of the company,
severity, o".urr"n."l ,nJ O"t"ttion' they
justify and document why controls are
Due to the inherent
efforts are needed to reduce the risk' adequate.
and other factors' they
limitations on r.""ori""t, iit", technology' Priority Low (L): Low priority for review and action.
efforts'
must choose how to best prioritize these The team could identify actions to improve
TheActionPriority(AP)methodisintroducedinthishandbook.lt prevention or detection controls.
for all 1000 possible combinations of S'
O' and D' lt was
accounts It is recommended that potential Severity 9-10 failure effects
createdtogivemoreemphasisonseverityfirst'thenoccurrence' intent of with Action Priority High and Medium, at a minimum, be
then detection. ThiJ rogif tollo*s the failure-prevention. priority reviewed by management including any recommended
high-medium-low
FMEA. The Ap taoie oiiers a suggested action actions that were taken.
for action. companies l'n a-Iingte system to evaluate
""
il";itL; i.t1""d of multiple systems required from multiple This is not the prioritization of High, Medium, orlow risk, it is
customers. the prioritization of the need for actions to reduce risk.
S x O x D and range from Note: lt may be helpful to include a statement such as "No
Risk Priority Numbers are the product of
i-to f ooO. in" Rpn distribution can provide some information further action is needed" in the Remarks field as
adequate
range of ratings, but RPN alone is not an appropriate.
"ooutln" more actions since RPN gives
method to determine th6 need for
to S, O, O f9t this reason' RPN could result inD
"qu"i*"ight "nO of S, o, and
similar risk numbeo iol" u"ry different combinations using
prioritize. when
leaving the team un""rt"in lnout how to prioritize
method to
RpN it is recommeno"Jto use an additional
S x O' The use of a Risk Priority Number
like RPN results ,u"h { )
"' practice
IRFNjthreshold isnot a recommendedx O methods are not
for determining
the need for actions. The RPN and S
included in this Publication'
of S and O' S and D'
Risk matrices can represent combinations
visual representation of
and o and D. rnesJmatrices provide a
as an input to
the results of the analysis and can be used
criteria not
piLrit,r"tion of actioni based on company-established
included in this Publication'
SincetheAPTablewasdesignedtoworkwiththeSeverity,
occurrence,andDetectiontablesprovidedinthishandbook,ifthe
org@nization t'o modify the S' O' D' tables for specific
"hootet should also be
products, pro""rr"i' or projecis, the AP table
carefullY reviewed.
are the same for DFMEA and
- Action Priority rating tables
! Note:
E PFMEA, but different for FMEA-MSR'
t
't
Pred iction of
Action Priority (AP) for DFMEA and PFMEA ACTION
filled
{ ) Effect s Failure
o Ability to Detect D PRIORITY Gomments
Priority is based on combinations of Severity, Occurrence, and Detection ratings in Blank until Cause
in by user Occurrinq (AP)
order to rioritize actions for risk reduction
Prediction of ACTION Low - Very low 7-10 H
Effect S Failure Cause o Ability to Detect D PRIORITY Gomments
Moderate 5-6 H
Occurrin Very high 8-1 0
High 2-4 M
Low - Very low 7-10 H
Very high 1 M
Moderate 5-6 H
Very high 8-1 0 Low - Very low 7-10 M
High 2-4 H
Moderate 5-6 M
Very high 1 H High 6-7
High 2-4 M
Low - Very low 7-10 H
Product or Very high 1 L
Moderate 5-6 H
High 6-7 Plant Effect 4-6 Low - Very low 7-10 M
High 2-4 H Moderate
H Moderate 4-5
Moderate 5-6 L{
Product or Very high 1
High 2-4 L
Plant Effect 9-1 0 Low - Very low 7-10 H
Very high Very high 1 L
Moderate 5-6 H
Moderate 4-5 Low - Very low 7-10 L
High 2-4 H
Moderate 5-6 L
Very high 1 M Low 2-3
High 2-4 L
Low - Very low 7-10 H
Very high 1 L
Moderate 5-6 M
Low 2-3 Very low 1 Very high - Very low 1-10 L
High 2-4 L
( Low - Very low 7-10 M
Very high 1 L ) Moderate 5-6 M
Very low 1 Very high - Very low 1-10 L Very high B-1 0
High 2-4 L
Low - Very low 7-10 H
Very high 1 L
Moderate 5-6 H
Very high B-1 0 Low - Very low 7-10 L
High 2-4 H
Moderate 5-6 L
Very high 1 H High 6-7
High 2-4 L
Low - Very low 7-10 H
Product or Very high 1 L
Moderate 5-6 H
Plant Effect
High 6-7 2-3 Low - Very low 7-10 L
High 2-4 H Low
Moderate 5-6 L
Very h 1 M Moderate 4-5
Product or High 2-4 L
Plant Effect 7-8 Low - Very low 7-10 H
Very high 1 L
High Moderate 5-6 M
Moderate 4-5 Low - Very low 7-10 L
High 2-4 M
Moderate 5-6 L
Very high 1 M Low 2-3
High 2-4 L
Low - Very low 7-10 M
Very high 1 L
Moderate 5-6 M
Low 2-3 Very low 1 Very high - Very low 1-10 L
High 2-4 L No
Very low -
Very high 1 L discernible 1 1-10 Very high - Very low 1-10 L
Very high
Effect
Very low 1 Very high - Very low 1-10 L
-116- -117-
\
reviews, and cross-functional team meetings lead to Step 6
FATLURE ANALYSIS (STEP 4)
PFMEA RlsK ANALYSIS (STEP 5)
tc
f ) Optimization.
"9
o
o 3.6 Process FMEA 6th Step: Optimization
r. Fdur8 Efi8cts{FE)
lto
ill3fiext lggher
!o
tw€l Eltm€fltandot
oo 3.6.1 Purpose
c
End tlscr
tr
The purpose of the Process Optimization Step is to determine
M
8 Axial position of Machine stoPs Force 5 1007o check of 2
actions to mitigate risk and assess the effectiveness of those
adiusted acc-
Clearance t0(} smallto sintered bearing reachin{t
data sheet
actions. The end result is a process which minimizes the risk of
is not reached final positisn
assenrble shaft without curve acc. spec. producing and delivering products that do not meet the customer
potential damage MRKJ5039
and stakeholder expectations.
of motor to
door requires The main objectives of a Process Optimization are:
additional insedion
force with Potential o ldentification of the actions necessary to reduce risks
. Assignment of responsibilities and deadlines foi action
Comfort closirrg time implementation
too
. lmplementation and documentation of actions taken including
Figure3.5.3ExampleofPFMEAwithRiskAnalysisFormSheet confirmation of the effectiveness of the implemented actions
and assessment of risk after actions taken
3.5.l0collaborationbetweencustomerandSupplier . Collaboration between the FMEA team, management,
(SeveritY) customers, and suppliers regarding potential failures
TheoutputoftheRiskAnalysiscreatesthemutualunderstanding . Basis for refinement of the product and/or process
oftechnicalriskbetweencustomersandSuppliers.I/ethodsof- requirements and prevention and detection controls
collaborationrangefromverbaltoformalreports.Theamountof
of a project, company
{ ) The primary objective of optimization is to develop actions that
intormation sharJd is based on the needs reduce risk by improving the process. ln this step, the team
policy,contractualagreements'andsoon'Theinformationshared reviews the results of the risk analysis and assigns actions to
the supply chain.
oeplnos on the plac-ement of the company in lower the occurrence of the failure cause or increase the ability to
Some examples are listed below' detect the failure cause or failure mode. Actions may also be
1'TheoEMmaycomparedesignfunctions,failureeffects, assigned which improve the process but do not necessarily lower
andSeveritytroma,vehicle-le-velDFMEAwiththeTierl the risk assessment rating. Actions represent a commitment to
suPPlier PFMEA. take a specific, measurable, and achievable action, not potential
actions which may never be implemented. Actions are not
2'TheTierlsuppliercommunicatesnecessaryinformation
drawings and/or intended to be used for activities that are already planned as
about product characteristics on product these are documented in the Prevention or Detection Controls,
designation of
specifications, or other means, including and are already considered in the initial risk analysis. All actions
This
standard or special characteristics and severity' should have a responsible individual and a target completion time
informationisusedaSaninputtotheTier2supplier associated with the action.
PFMEA *"it the Tier i's internal PFMEA' When the
", "t
designteamcommunicatestheassociatedriskofmaking lf the team decides that no further actions are necessary, "No
process
prod-uct characteristics out of specification the further action is needed" is written in the Remarks field to show
prevention and
team can build in the appropriate level of the risk analysis was completed.
detection controls in manufacturing' The PFMEA can be used as the basis for continuous improvement
of the process.
3.5.11 Basis for OPtimization
7-Step FMEA process The optimization is most effective in the following order:
The output of Steps 1,2' 3' 4' and 5 of the
i, ,rlo io determine ii adoitional design or testing action
is o Process modifications to eliminate or mitigate a Failure Effect
needed'Theprocessreviews,customerreviews,management (FE)
0 )
-119-
-118-
Not lmplemented status is assigned when a decision is
.Processmodificationstoreducetheoccurrence(o)ofthe made not to implement an action. This may occur when
Failure Cause (FC). risks related to practical and technical limitations are
olncreasetheDetection(D)abilityfortheFailureCause(FC) beyond current caPabilities.
or Failure Mode (FM)'
olnthecaseofprocessmodifications,allimpactedprocess
stePs are evaluated again' The FMEA is not considered "complete" until the team assesses
each item's Action Priority and either accepts the level of risk or
documents closure of all actions.
lnthecaseofconceptmodifications,allstepsoftheFMEAare
reviewedfortheaffectedsections.Thisisnecessarybecausethe lf "No Action Taken," then Action Priority is not reduced, and the
original analysis is no longer valid since it was
based upon
a risk of failure is carried forward into the product. Actions are open
loops that need to be closed in writing.
d iflerent man ufacturi ng concept'
flih11r;i'it"fillii'1:3f e"'Tl:;l[t{i;;mafrtr'"
assesses the effectiveness of fault detection performance in
customer operation, assuming that specifications are fulfilled. The
-125-
Monitoring rating also comprehends the safe performanc" 119 4.1.2 FMEA-MSR Project ldentification and Boundaries
reliability of systet reactions to monitored faults' lt contributes
^^
to, (J FMEA-MSR project identification includes a clear understanding of
and may be used
the assessment of the fulfillment of Safety Goals what needs to be evaluated. This involves a decision-making
for deriving the SafetY ConcePt. process to define the FMEA-MSRs that are needed for a customer
SupplementalFMEA-MSRaddressesrisksthatinDFMEAwould program. What to exclude can be just as important as what to
otherwise be assessed as High, by considering more factors include in the analysis.
which accurately reflect lower assessed risk according to the The following may assist the team in defining FMEA-MSR
diagnostic functions of the vehicle operating system' fF:9 projects, as applicable:
of
additionalfactors contribute to an improved depiction of risk
i"itur" (including risk of harm, risk of noncompliance, and risk of o Hazard Analysis and Risk Assessment
not fulfilling sPecifications). . Legal Requirements
FMEA-MSR contributes to the provision of evidence of the
ability o TechnicalRequirements
of the diagnostic, logical, and actuation mechanisms to achieve o Customerwants/needs/expectation (externaland internal
and mainiain a safe-or compliant state (in particular, appropriate customers) *
i"irrr" mitigation ability within the maximum fault handling time . Requirementsspecification
interval and within the fault tolerant time interval)'
end
. Diagrams (Block/Boundary/System)
FMEA-MSR evaluates the current state of risk of failure under .
of Schematics, Drawings, and/or 3D Models
user conditions (not just risk of harm to persons). Th9 detection
faults/failures during'customer operation can be used to avoid
the . Bill of Materials (BOM), Risk Assessment
oiitinaf failure effecl by switching t9 a degraded operational state o Previous FMEA for similar products
(inEruoing disabling the vehicle), informing the driver and/or writing
Answers to these questions and others defined by the company
I oi"gnoitic troublL code (DTC) into the control unit for service help create the list of FMEA-MSR projects needed. The FMEA-
purpJr".. ln terms of FMEA, the result of RELIABLE diagnostic
MSR project list assures consistent direction, commitment and
detection and response is to eliminate (prevent) the original effect, ( focus.
and replace it with a new, less severe effect'
fulfills
FMEA-MSR is useful in deciding whether the system design
the performance requirements with respect to safety and Below are some basic questions that help identify FMEA-MSR
compliance. The results may include items such as: boundaries:
o additional sensor(s) may be needed for monitoring purposes (1) After completing a DFMEA on an
o redundancy in processing may be needed Electrical/Electronic/Prog ram mable Electronic System, are
there effects that may be harmful to persons or involve
o plausibility checks may reveal sensor malfunctions
regulatory noncompliance?
(2) Did the DFMEA indicate that all of the causes which lead
4.1 FMEA-MSR 1st step: Planning and Preparation to harm or noncompliance can be detected by direct
sensing, and/or plausibility algorithms?
4.1.1 Purpose (3) Did the DFMEA indicate that the intended system
The main objectives of Planning and Preparation in FMEA-MSR response to any and all of the detected causes is to switch
are: to a degraded operational state (including disabling the
o Projectidentification vehicle), inform the driver and/or write a Diagnostic Trouble
Code (DTC) into the control unit for service purposes?
. Project plan (lnTent, Timing, Team, Tasks, Tools (5T))
FMEA for Monitoring and System Response may be used to
o Analysis boundaries: what is included and excluded from the
examine systems which have integrated fault monitoring and
analYsis
response mechanisms during operation. Typically, these are more
. ldentification of baseline FMEA complex systems composed of sensors, actuators and logical
. Basis for the Structure Analysis step
J I processing units. The diagnosis and monitoring in such systems
may be achieved through hardware and/or software.
-126- -127-
for 4-2 FMEA-MSR 2nd Step: Structure Analysis
Systems that may be considered in a Supplemental.FMEA
Monitoring and System Response consist
in general
subset of
of at
them
least
and
a
are
f 4.2.1 Purpose
sensor, a control unit, ,nJ an actuator or a
may also consist
called mechatroni. tytl"*t' Systems in-scope
The main objectives of Structure Analysis in FMEA-MSR are:
of mechanicat rrarow'ar" (e'g., pneumatics and
hydraulics),
"otpon"nts . Visualization of the analysis scope
o Structure tree or equivalent: block diagram, boundary
diagram, digital model, physical parts
Data
Data
e ldentification of design interfaces, interactions
Voltage
Voltage o Collaboration between customer and supplier engineering
Current teams (interface responsibilities)
Current
Sensor Electronic Control Unit
Actuator o Basis for the Function Analysis step
Depending on the scope of analysis, the structure may consist of
hardware elements and software elements. Complet structures
may be split into several structures (work packages) or different
layers of block diagrams and analyzed separately for
Figure 4.1'1 GenericblockdiagramofanElectrical/Electronic/Programmable organizational reasons or to ensure sufficient clarity.
Electronic SYstem
The scope of the FMEA-MSR is limited to the elements of the
system for which the baseline DFMEA showed that there are
and System causes of failure which can result in hazardous or noncompliant
The scope of a SupplementalFMEA for Monitoring effects. The scope may be expanded to include signals received
Responsemaybe.establishedinconsultationbetweencustomer by the control unit.
but are not
anJ'supptier. nfpticaole scoping criteria may include,
limited to: ln order to visualize a system structure, two methods are
{ ) commonly used:
1. SYstem SafetY relevance
. Block (Boundary) Diagrams
2.lSOStandards,i'e',SafetyGoalsaccordingtolSO26262 o Structure Trees
3.Documentationrequirementsfromlegislativebodies,e'9.
and On
UN/ECi n"gufutiohs, FMVSS/CMVSS' NHTSA' For more details, refer to Section 2.2 Design FMEA
Board Diagn-ostic Requ rements (OB D) Compliance'
i
Figure 4.2-1 Example of a structure tree of a window lift system for investigating
erroneous signals, monitoring, and system response
0 )
-129-
-128-
4.3 FMEA-MSR 3rd Step: Function Analysis
The sensor element and the control unit may
also be part of one f )
4.3.1 Purpose
and monitoring in such
component (smart senso r). Diaqnostics
software elements
systems may be rcalized Oy naiOware and/or fhe main objectives of Function Analysis in FMEA-MSR are
. Visualization of functions and relationships between functions
Root element at system level
Unit
Elemerrts of Smart Sensor
I
r Function tree/ function net, or equivalent parameter diagram
Data
Connector (OutPut) Sensor o EM,
I
(P-diagram)
of
Connector (lnPut)
L
Suppliers o Cascade of customer (external and internal) functions with
Manufacturerl associated req u rements
i
Vehicle
Data
of Actuator
U
. Basis for the Failure Analysis step
Connector (lnPut)
ln a Supplemental FMEA for Monitoring and System Response,
Manufacturer 2
L monitoring for failure detection and failure responses are
considered as functions. Hardware and software functions may
Figure 4.2-2 Example Of a Structure.tree of a
smart sensor with an internal sensing
include monitoring of system states.
element and output to an interface
Functions for monitoring and detection of faults/failures may
an
ln case there is no sensor within the scope of analysis, consist of, for example: out of range detections, cyclic redundancy
lnterface Element is used to describe the data/currenuvoltage checks, plausibility checks and sequence counter checks.
is to receive
received by the ECU' One function of any ECU Functions for failure reactions may consist of, for example,
signals can be missing or
signals viaa connector' These provision of default values, switching to a limp home mode,
With no monitoring, you get erroneous output' {,
"r-roneour. switching off the corresponding function and/or display of a
analysis, an
ln case there is no actuator within the scope of warning.
the data/currenwoltage sent
lnterface Element is used to describe Such functions are modeled for those structural elements that are
bytheECU.AnotherfunctionofanyECUistosendsignals,i.e. carriers of these functions, i,e., control units or components with
Viaaconnector.Thesesignalscanalsobemissingorerroneous. computational abilities like smart sensors.
It can also be "no output" or "failure information'"
Additionally, sensor signals can be considered which are received
Thecausesoferroneoussignalsmaybewithinacomponent by control units. Therefore, functions of signals may be described
whichisoutsidethescopeofresponsibilityoftheengineeror the as well.
These erroneous signals m9y hgve an effect on
organization.
performanceofacomponentwhichiswithinthescopeof Finally, functions of actuators can be added, which describe the
lesponsibility of the engineer or organizalgLl-t is.therefore way the actuator or vehicle reacts on demand.
necessarytoincludesuchcausesintheFMEA-MSRanalysis. Performance requirements are assumed to be the maintenance of
NoTE:EnsurethatthestructureisconsistentwiththeSafety a safe or compliant state. Fulfillment of requirements is assessed
ConcePt (as aPPlicable)' through the risk assessment.
ln case sensors and/or actuators are not within the scope of
analysis, functions are assigned to the corresponding interface
STRUCTURE ANALYSIS (srEP 2) elements (consistent with the Safety Concept-as applicable).
Provide signalto stoP and Transmit signal from Hall Facus Eleme,nt
Provide anti-pinch protection for reverse window lifter motor in effect sensor to ECU
comfort closing mode case of Pinch situation
t
corresponding degree of Severity.
chain of event; *r,i.n lead up to the end
relevant scenario' However, if the component can detect the failure, this leads to a
FMEA-MSR are: system response with a Failure Effect with a lower Severity
The main objectives of Failure Analysis in
compared to the original Failure Effect. Details are described in
o Establishment of the failure chain the following scenarios (1) to (3).
o Potential Failure Cause, Monitoring' System
Response'
Reduced Failure Effect
oldentificationofproductFailureCausesusingaparameter Fault occurs Failure [ffect occurs No hazardous event
(S = 1...9)
diagram or failure network
Malfunctioning Behavior {Failure Mode)
rCollaborationbetweencustomerandsupplier(FailureEffects) t
oBasisforthedocumentationoffailuresintheFMEAform
sheet and the Risk AnalYsis steP Figure 4.4-2 Failure Scenario (1) - Non-Hazardous
4.4.2 Failure Scenario Failure Scenario (1) describes the malfunctioning behavior from
the occurrence of the fault to the Failure Effect, which in this
AFailureScenarioiscomprisedofadescriptionofrelevant example is not hazardous but may reach a non-compliant end
operating in which a fault results in malfunctioning
"oniiiiont system state.
behaviorandpossiblesequencesofevents(systemstates)that
lead to staie (Failure Effect). lt starts from defined
"nir'.tem
and leads to irre Failure Effects. (see Figure
4'4-
Failure "n
causes
1)
-133-
-132-
be derived from the DFMEA, catalogues for failures of E/E
Failr:re Effect leads to
( ) components, and network communication data descriptions
Failure Effect occurs a hazardous event (S = 10)
Fault occurs
NOTE: ln FMEA-MSR, diagnostic monitoring is assumed to
Malfunctioning Behavior {Failure Mode} 4 t function as intended. (However, it may not be effective.)
Therefore, Failure Causes of diagnostics are not part of
Fault Handling Time lnterval
FMEA-MSR but can be added to the DFMEA section of
the form sheet. These include:
Mitigated Failure No hazardous event but loss or Detection Controls of diagnostics in a DFMEA would relate back
Fault occurs Effect occurs degradation of a function' to development tests which verify the correct implementation and
the effectiveness of the monitoring mechanism.
Maif unctioning Bellavior Transition t
I
( 4.4.4 Failure Mode
I Time for Detection Tinre for
Fault Handling Time lnterval a. ln case of failure scenarios (1) and (2) the fault is not
detected or the system reaction is too late. Therefore, the
Failure Mode in FMEA-MSR is the same as in DFMEA.
Figure 4.4'4 Failure Scenario (3) - Mitigated (Effect) (see Figure 4.4-5).
FAILURE ANALYSIS (STEP 4) Evaluation numbers from 1 to 10 are used for S, F, and M
respectively, where 10 stands for the highest risk contribution.
l.Faiture Effectg {FE}to the By examining these ratings individually and in combinations of the
Next Higher Level Element three factors the need for risk-reducing actions may be prioritized.
and/or End User
4.5.3 Severity (S)
to stoP and reverse Signal of Hall effect sensor ls
No anti-pinch protection in comfort No signal The Severity rating (S) is a measure associated with the most
lifter motor in case of a not transmifted to ECU due to
clqs tng mode poor connection of Hali effect
pinched pinch situation serious Failure Effect for a given Failure Mode of the function
{Hand or neck may be
and being evaluated and is identical for DFMEA and FMEA-MSR.
Severity should be estimated using the criteria in the Severity
Figure4,4.SExampleofFailureAnalysisinFMEA.MSRFormSheet Table MSR1. The table may be augmented to include producl
specific examples. The FMEA project team should agree on an
evaluation criteria and rating system, which is consistent even if
4.5 FMEA-MSR sth SteP: Risk AnalYsis modified for individual design analysis.
-137-
-136-
. Customer complaints
Product General Evaluation Griteria Severity (S) f ) . Warranty databases
aI
t -141-
-140-
effectiveness of diagnostic monitoring is addressed in detail in lso e.Variations in human perception and reaction
26262-5:2018 Annex D f) ) f. Knowledge of implementation and effectiveness
ln practice, three different monitoring/response cases may be from other projects (newness)
distinguished Depending on these variations or execution
timing, Monitoring
controls may not be considered to oe ne LtngLE in the
sense of
M=1.
(1) No faulUfailure monitoring
(3) Less-thanreliablefault/failuremonitoring
Original M=10 Failure Cause
Failure Effect Failure Mode
F=3
Original Monitoring does
5=1"0
Failure Effect not detect the t0%
S=10 failure I
Figure 4.5-l FMEA-MSR Monitoring not implemented or not considered
-142- I -143-
\) sup pl m ental F MEA for Monitoring n d Syste
m Res ponse (M)
Supplemental FMEA for Monitoring and System Response (M) Mon itoring Criteria (M fo F ail ure Ca uses
) F lu re Modes an d F a lu
M o nitorin g duri ng Customer Operation re Effects by Blank until
Blank until Use the rati ng n u mber that corresponds
Monitori ng Crite ila (M for Fai U re Cau ses F at u re Mod ES nd F ail ure Effects by lea st effective of eith e cn teria fo Monitori with the filled in by
with the filled in by n or
Monitorin g du ri ng Customer Operation U SE the rati ng n u mber th at corresponds Effectiveness m Res SE user
of either criteri for M on to nse user
least effe ctive a of Monitoring
System Response /
Effectiveness
System Response / Corporate or
M Controls and _ Diagnostic Monitoring / Corporate or
of Monitoring System Sensory Perception Criieria Human Reaction Product Line
Diagnostic Monitoring / Human Reaction Product Line
M Gontrols and Res Criteria Examples
Sensory Perception Criteria Griteria Examples
System faulVfa ilure will be utom ati ca llv
nse The automated system
d etected by the system duri ng the F au
or the driver will be able
The faulUfailure cannot be detected at No response during the H ndl tn g Tim e lnterval with med IU m
Moderately to react to the detected
all or not during the Fault Handling Fault Handling Time 4 variance in detection time, or detected
10 Not effective High faulVfailure during the
Time lnterval; by the system, the driver, lnterval. by th e driver n m ost operating Fault Handling Time
a passenger, or service technician. conditions. D agnostic coverage
interval, in most
The faulUfailure can almost never be The reaction to the esti mated 97% ratin conditions
detected in relevant oPerating fault/failure by the
system or the driver The system will
conditions. Monitoring control with low
I Very Low effectiveness, high variance, or high may not reliably occur The faulVfailure will be automatically
automatically react to
the detected faulUfailure
uncertainty. Minimal diagnostic during the Fault detected by the system during tne fautt
Handli Time lnterval. during the Fault
3 High Handling Time lntervalwith very low Handling Time lnterval
The reaction to the variance in detection time, and with a
The faultifailure can be detected in very in most operating
few relevant operating conditions' faulUfailure bY the _ high probabitity.
Diagnostic coverage estimated >gg%.
conditions with very low
Monitoring control with low system or the driver variance in system
I Low
effectiveness, high variance, or high may not always occur response time, and with
u ncertainty. Diagnostic coverage during the Fault robabil
estimated <60%. Handling Time lnterval.
{ ) The system will
Low probability of detecting the The faulVfailure will be detected automatically react to
Low probabilitY of the detected faulVfailure
faulVfailure during the Fault Handling automatically by the system with very
reacting to the detected during the Fault
Time Interval by the sYstem or the 2 Very High low variance in detection time during
Moderately faulVfailure during the Handling Time lnterval
7 driver. Monitoring control with low the Fault Handling Time lnterval, ani
Low Fault Handling Time with very low variance in
effectiveness, high variance, or high with a very high probabitity. Diagnostic
lnterval by the sYstem or system response time,
uncertainty. Diagnostic coverage coverage estimated > 99.g%.
the driver. and with a very high
estimated >60%.
The automated sYstem robabili
The faulUfailure will be automatically Reliable and
The faulVfailure will always be detected Th e system willalways
detected by the system or the driver or the driver will be able acceptable for
automatically by the system, Diagnostic automatically react to
6 only during power-up, with medium to react to the detected 1 elimination of
coverage estimated to be significanfly the detected faulVfailure
variance in detection time. Diagnostic faulUfailure in manY original Failure
operating conditions. greater than 99.9%. during the Fault
coverage estimated >90%. Effect.
Handli Time lnterval.
The faulVfailure will be automatically The automated sYstem
Moderate Table MSR3 - Supptementat FMEA-MSR MONTTORTNG
detected by the system during the Fault or the driver will be able (M)
Handling Time lnterval, with medium to react to the detected
5 variance in detection time, or detected faulUfailure during the
by the driver in very many oPerating Fault Handling Time
conditions. Diagnostic coverage lnterval in very manY
estimated between 90% - 97%- operating conditions.
0 I
-144- -145-
4.5.8 Action Priority (AP) for FMEA-MSR Action for FM EA.MSR
{ )
The Action Priority is a methodology which allow_s for the Action Priority is based on combinations of Severity, Frequency,
prioritization of the need for action, considering severity, and Monitoring ratings in order to
actions for risk reduction.
FrequencY, and Monitoring (SFM)'
Prediction of Failure
This is done by the assignment of sFM ratings which provide a Cause Occurring Effectiveness of ACTION
Effect S
basis for the estimation of risk. During Service Life F
Monitoring M PRIORITY
of Vehicle (AP)
see previous chapters for discussion of reducing risk first by s,
Medium - Extremely
then F, then M. 5-1 0 Reliable - Not effective 1-10
high H
Priority- Low (L): Low priority for review and action' Reliable - 1-3 L
The team could identify actions to lower Cannot occur 1 Reliable - Not effective 1-10 L
frequency and/or to improve monitoring controls' Low - Extremely high
It is recommended that potential Severity 9-10 failure effects with
I 4-10 Reliable - Not effective
Very high - Not
1-10 H
5 I Cannot occur 1
Reliable - Moderate
Reliable - Not effective
1-6
1-10
L
L
-146- -147-
Action Prio
Action Priority ts based on combin ations of Seve rity Freq
for FM
uency an d Mon itoring rating S in ord er to
o (, UPPLEMENTAL FMEA-MSR RISK ANALYSIS (STEP 5)
-149-
-148-
indicate a need for The action has been defined but has not yet decided on. A
High and medium action priorities may
decision paper is being created.
technical imProvement. )
more reliable lmplementation pending (optional)
lmprovements may be achieved by introducing
componentswnicnreducetheoccurrencepotentialoftheFailure The action has been decided on but not yet implemented.
which
cause in the ti"ii'orlntioor." additional monitoring
improve tfre Oeteltion capabilities of the
system' lntroduction of Gompleted
monitoring i, to design change' Frequency of the Failure Completed actions have been implemented and their
Cause is not
"imifai ft tJy also bL possible to eliminate the effectiveness has been demonstrated and documented. A
Failure Effect"nung"d'
by introducing redundancy' final evaluation has been done.
lftheteamdecidesthatnofurtheractionsarenecessary,..No Not lmplemented
furtheractioni'n*o"o,,iswrittenintheRemarksfieldtoshow Not lmplemented status is assigned when a decision is
the risk analYsis was comPleted' made not to implement an action. This may occur when
Theoptimizationismosteffectiveinthefollowingorder: risks related to practical and technical limita(ions are
to reduce the beyond current capabilities.
e Component desigrr modifications in order
(FC)
Frequency (F) oflhe Failure Cause
Failure Cause
o lncrease the Monitoring (M) ability for the The FMEA is not considered "complete" until the team assesses
(FC) or Failure Mode (FM)' each item's Action Priority and either accepts the level of risk or
documents closure of all actions. crosure of all actions should be
lnthecaseofdesignmodifications,allimpacteddesignelements documented before the FMEA is released at start of production
are evaluated again' (soP).
FMEA are
ln the case of concept modifications' all steps of the lf "No Action Taken", then Action priority is not reduced and the
reviewedfortrreaffectedsections.Thisisnecessarybecausethe risk of failure is carried forward into the product design.
it was based upon a
original analysis is no longer valid since ( )
different design concePt' 4.6.4 Assessment of Action Effectiveness
4.6.2 Assignment of Responsibilities when an action has been completed, Frequency, and Monitoring
values are reassessed, and a new Action priority may be
EachactionshouldhavearesponsibleindividualandaTarget determined.
-ompletion Date (TCD) associated with it'
The new action receives a preliminary Action priority rating as a
Theresponsiblepersonensurestheactionstatusisupdated.lf prediction of effectiveness.
theactionisconfirmedthispersonisalsoresponsibleforthe
action imPlementation' However, the status of the action remains ,,implementation
pending" until the effectiveness has been tested. After the tests
TheActualCompletionDateisdocumentedincludingthedatethe are finalized the preliminary rating has to be confirmed or adapted,
actions are imPlemented' when indicated. The status of the action is then changed from
TargetCompletionDatesshouldberealistic(i.e.,inaccordance "implementation pending" to "completed .,,
prior to process validation'
with the proor.l J"velopment plan' The reassessment should be based on the effectiveness of the
prior to start of Production)' MSR Preventive and Diagnostic Monitoring Actions taken and the
new values are based on the definitions in the FMEA-MSR
4.6.3 Status of the Actions Frequency and Monitoring rating tables.
Suggested levels for Status of Actions:
4.6.5 Gontinuous lmprovement
OPen
FMEA-MSR serves as an historical record for the design.
No Action defined' Therefore, the original Severity, Frequency, and Monitoring (S, F,
Decision Pending (oPtional) M) numbers are not modified once actions have been taken.
-151-
- 150 -
The completed analysis becomes a.repository
to capture the 4.7 FMEA-MSR 7th Step: Results Documentation
progr"rrion of design decisions and design refinements' family .
loss of
and moves
manual
o Record of risk analysis and reduction to acceptable levels
from
effect 4.7.2 FMEA Report
The scope and results of an FMEA should be summarized in a
report. The report can be used for communication purposes within
new Risk Evaluation Form sheet
Figure 4.6-l Example of FMEA-MSR Optimization with a company, or between companies. The report is not meant to
( ) replace reviews of the FMEA-MSR details when requested by
management, customers, or suppliers. lt is meant to be a
summary for the FMEA-MSR team and others to confirm
completion of each of the tasks and review the results of the
analysis.
It is important that the content of the documentation fulfills the
requirements of the organization, the intended reader, and
relevant stakeholders. Details may be agreed upon between the
parties. ln this way, it is also ensured that all details of the analysis
and the intellectual property remain at the developing company.
The layout of the document may be company specific. However,
the report should indicate the technical risk of failure as a part of
the development plan and project milestones. The content may
include the following:
A. A statement of final status compared to original goals
established in 1.5 Project Plan
1. FMEA lntent - Purpose of this FMEA?
2. FMEA Timing - FMEA due date?
3. FMEA Team - List of participants?
4. FMEA Task - Scope of this FMEA?
5. FMEA Tool - How do we conduct the analysis Method
used?
a
- 153 -
-152-
APPENDIX
B. A summary
new.
of the scope of the analysis and identify
what is
ft 0 A SAMPLE FMEA FoRM Suerrs..,....,.. .....158
C A of how the functions were developed A1 DFMEA Form Sheets .....158
"u**rty A2 PFMEA Form Sheets. .....162
43 FMEA - MSR Form 9heets.......... .....169
D'Asummaryofatleastthehigh-riskfailuresasdeterminedby B Fonv SHrrrs - Srup sy Srsp Hrrurs............. .....171
the team ano proviJe a copy-or the specific
S/F|V rgJino tables
8L DFMEA Form Sheet Hints............ .....171
(e.g. Action Priority,table).
and methoO ot #ion priorit'ation 82 PFMEA Form Sheet Hints ,........,., ,....176
E.Asummaryoftheactionstakenand/orplannedtoaddressthe 83 FMEA-MSR Form Sheet Hints.. BA
high-risk fiilures including status of those actions' c SEVERtry, OccuRnENcE, DETECIoN AND AcloN PRtoRrryTnerrs............. 185
FMEA
F. A"pfrn and commitment of timing for ongoing Cl DFMEA SOD and AP Tables.......... 185
improvement actions' cl.1 DFMEA SEVERTTY (S) 185
a. Commitment and timing to close openaction?.^^ during
cl.2 DFMEA OCCURRENCE (O) .........,.,... ..........186
b. commitmenito review-and revise the FMEA-MSR completeness
C7.3 Alternative DFMEA Occurrence (O)Tables 188
mass production to ensure the accuracy and 192
production
of the analysis as compared with the original C1.5 ACTION PRIORITY TABLE FOR DFME4.............. ..193
changes'
design (e.g. revisions triggered from design C2 PFMEA SOD ond AP Tobles .......... ..........195
procedures)'
corrective actions, etc', 6ised on company c2.1 PFMEA SEVER\TY (S)....,..... ..........L95
(Refer to section 1.4 Case 3 FMEA revisions) c2.2 PFMEA OCCURRENCE (O)................ ..........797
c. Commitmeniio capture "things gone wrong" in foundation C2.3 Alternqtive PFMEA Occurrence (O) Tobles.....
c2.4 PFMEA DETECTTON (D).
..198
200
FMEA-MSRsforthebenefitoffutureanalysisreuse,when
and Family
applicable' (Refer to section 1'3'6 Foundation C2.5 ACTION PRIORITY TABLE FOR PFMEA 202
C3 FMEA-MSR SFM ond AP Tab|es........... 204
FMEAs)
c3.7 Supplementol FMEA-MSR SEVERITY (S) 204
C3.2 Supple mental FM EA-MSR FREQU EN CY (F ).............. 205
( ) C3.j Supple mental F M EA-MSR MON ITORING (M ) ........... .,......, 206
C3.4 ACTION PRIORITY FOR FM EA-M'R............ 208
D ADDrroNS................... 2r0
D 1 Speci o I Ch a ra cte ri sti cs ................. .2L0
D2 FMEA ond Functionol Sofety....,.. 210
E FURTHER AppLrcATroN Freros ........... 213
E1 FMEA for Software 9copes......... 213
E2 Objective of the Software Scopes lnspection ......213
E3 FMEA in the Softwore Development Process .... ......214
E4 FMEA for Mochine and Facility Monufacturers ......214
F CHANGEPorrurSuvruanrES................. ......275
Fl AIAG 4th Edition FMEA Reference Manuqlto AIAG & VDA FMEA Handbook ......215
F2 VDA Volume 4, Chopter Product and Process FMEA to AIAG & VDA FMEA Hondbook ......223
G REFERENCES AND SUGGESTED READINGS ......235
H G LossARY ............
Table of Figures
FoRv A: Srnruoeno DFMEA FoRM SHEET..
FORIv B: ALTERNATE DFMEA FoRM SHEET..
VIEW A: DFM EA Sorrwnar VrEw
FOnu C: STANDARD PFMEA FoRM SHEET..,
FOnv D: ALTERNATE PFMEA FonU SHETT..
FOnv E: ALTERNATE PFMEA FONV SHTET..
FOnv F: ALTERNATE PFMEA FoNV SHTET,,
'ri
':l
ifi
Ll,
F
- 155 -
,{
hl
h' -154-
VIEW B: PFMEA SorrwnRe Vtew
Fonu H: STANDARD FMEA-MSR FORM SHEET..,
168
,.,...169 cI
FTGURE 81.1-1 DFMEA FoRM SHEETWtttt Hrrrrrs: Srep 1............ ....................171
Fre unr BL.2-1 DFMEA Fonv SHe er wrH Htnrs: Srep 2............ ....................L7L
Fre une 81.3-1 DFMEA Fonu SHe rr wrH Htrurs: Srep 3. L72
Fre une 81.4-L DFMEA Fonv SHe er wrH Hr]\lrs: Srep 4. L72
Fre unr 81.5-1 DFMEA FoRM SHEEr wrn Hrrurs: Srep 5............ ....................173
FrcuRE 81.5-1 DFMEA FoRM SHEEr wrn Htrurs: Sre p 6. L73
FTGURE BL.8-1 DFMEA Frulune SrnuctunE (Sorrwnne Vrrw) ................ .......174
Fre uns 81.8-2 DFMEA RrsK ANALysrs (Sorrwnnr Vtew) ................ ...............t74
Fre une 81.8-3 DFMEA OprMrzAroN wrrH NEW Rrsx Evnlunrton (Sorrwanr Vtew) t75
Freunr 82.1-1 PFMEA FoRM SHEETWITH HINTS: STEP 1 L76
FIGURE 82.2-1 PFMEA Fonv SHeer wtrH HrNTs: STEP 2 L76
Fre unE 82.3-1. PFMEA Fonv Suerr wru HtNrs: Srup 3 L77
Freune 82.4-L PFMEA Fonu Sreer wrH Htnrs: SrEp 4 L77
Freune 82.5-1 PFMEA FoRM SHEET WTH HIruTs: STEp 5 L78
FIGURE 82.5-1 PFMEA FoRM SHEET W|TH HIruTs: STep 6 178
FIGURE 82.8-L PFMEA FnrtuRe SrRUcruRE (SoFrwARE VrEW) t79
FTGURE 82.8-2 PFMEA wrrH Rrsx AnALvsrs (SoFrwARE VtEW) L79
Fre unE 82.8-3 PFMEA OprMrzATroN wrrH NEW RrsK EVALUATToN (Sorrwnne Vtew)............... 180
Freune 83.1-1 FMEA-MSR FoRu SHerr wIrH H|urs: SrEp 1 180
Freune 83.2-1 FMEA-MSR FoRM SHEETWTn H|rurs: Srep 2 181
Freune 83.3-1 FMEA-MSR FoRM SHEETWITH HINTS: STEP 3 181
FTGURE 83.4-1 FMEA-MSR FoRv SHe et wtrH HrNTs SHEET: STEp 4 ..................... t82
FTGURE 83.5-1 FMEA-MSR Fonna SHe n wtrH HrNrs: SrEp 5 r82
FTGURE 83.6-1 FMEA-MSR Fonv SHrer wrH Htrurs: SrEp 6 183
FTGURE 83.8-1 FMEA-MSR Fe[une Srnucrunr (Sorrwnnr Vrew) 183
FTGURE 83.8-2 FMEA-MSR RrsK ANALysrs (Sorrwane Vtew) L84
FTGURE 83.8-3 FMEA-MSR OprMrzATroN wrrH NEW RrsK EvALUAror.r (Sorrwnnr Vrew) .............. L84
FIGURE D2-], LINKAGE BETWEEN FAILURE CAUSES IN FMEA-MSR To FAULTS Iru ISO 25262. 2L2
Table of Tables
185
Tnele Cl.2 - DFMEA Occunne rucr (O) 187
TABLE C1.3.1 - ALrrRruarr DFMEA Occunnrrucr (O) 189
TABLE C1.3.2 -ALTERNATE DFMEA OccunnrrucE (O) L9L
TABLE C]..4 - DFMEA DETECTION (D) 792
TABLE C]..5 -ACTION PRIORITY FOR DFMEA 194
TABLE C2-1- PFMEA SEVERITY (S)......... L95
Tnete C2. 2 - PFMEA OCCURRENCE (O) 197
Teate C2.3.1- AlrsRNnre PFMEA OCCURRENCE (O) 198
TABLE C2.3.2 - Atre Rrunre PFMEA OCCURRENCE (O) 199
TABLE C2.4 - PFMEA DETECTION (D) 20L
TABLE C2.5 -ACTION PRIORITY FOR PFMEA..... 203
TasLE C3-1- Suppreue rurnl FMEA-MSR SEVERITY (S) ................ 204
TABLE C3-2 - SupplruerurnL FMEA-MSR FREQUENCY (F) 20s
TABLE C3-3 - SupplrvrrurnL FMEA-MSR MONITORING (M) 207
TABLE C3.4-ACTION PRIORITY FOR FMEA-MSR 209
-156-
A Sample FMEA Form Sheets
f) 0 {
E
{
o-
t
A1 DFMEA Form Sheets I
uJ
F
(t, '9 B
(euoIdO)
spo3 Jel[l
at, z @
dE
;i U'
o
IIJ o.o al,
F
=
IL
'6 1 J
HEE s -.9
g,t s
z
(9
U dc
=
o .S fi{
z
!FF =
F-
q
,Fs3
o
heo z o
o o
F et
IJJ o '62
o z3
:E
E9
9-e
lt t: rE
d6
..!2 d
o IE
.>
G
0 0 c
o I
u
N
o-
lrJ
o F
o U'
z
UJ 9 L c
F U'
tttr u J E
.c
0
4 z
t! U
e.
I
c z
.9 3F 5 s.q
o tro >9 d
Y
o oI :t<
!d{ o
o o-
E
- 158 - - 159 -
I
I
O)
o I
(Design FMEA)
Design Failure Mode and Effects Analysis
(STEP Nurber:
PLANNING & PREPARATION DFMEAID
Pro@ss
DFMEAStail Date: Confidentiality Level:
Engineefing Locationi DFMEARevision Oate:
Customr Nare:
Cross-Functional Team:
Mod6l Year / Platforft
3) FAILURE AMLYSIS (STEP 4)
FUNCTION ANALYSIS (srEP
2)
STRUCTURE AMLYSIS (STEP
=
o
Fa Ta.get Action Taken conpletion Remarks
o Responsible Cofipleiion Stdus Pointer Date
Pe6on's Date Eviden@
o
o
E
q
O
I O
Design Failure Mode and Effects Analysis (Design FMEA) PLANNING & PREPARATION (STEP I)
S
m
FUNCTION ANALYSTS (STEP 3)
E t,blh|d
as&di4tuiffi
P
tr
.T
FATLURE ANALYSTS (STEP 4) DFMEA RISKANALYSIS (STEP q and DFMEA, OPTIMIZAT|ON (STEP 6)
m
=
D
6 l.t&na[6fq g
btuhNFldtrm
o &ffiEndU*
!
€
!, CONTROLS
o
S
o
{ DFTllEA OPTIMIZATION
I
J
O)
A
I
A2 PFMEA Form Sheets
Sheet
f) ) OE
sl
!i t
o Form C: Standard PFMEA Form
Supporting 7 Step Approach !I
E
If dv veHJd
&
u a5
Form D:Alternate PFMEA Form Sheet. row F
of the Process ltem" in a single
a o
,,pro."".'ii!;'; ir {o) uollcol€o
o with ;;l'"F;nction Iq
EG (o) a.u€[n..o
and not PrePared in all rows
J
I
2
lc
dt (S) ilr6^os
U tl ro {s) f,xr€^os
d
f
PFMEA Form Sheet
i g J
a Form E: Alternate
,,Functior, f?g," pro""r, Step and product characteristics"
and ?6 I u Eo
o with
,,Function of process work er"rlltlno Process characteristics"
split e B
G
o
category of {.Eq
to ru[" each column a unique FS:
F a
into multipt";;il;;r in order F Et!
{i'
c
information u
F
t,
z q
Sheet- IF
a Form F: Alternate PFMEA Form
and Form E combined N
o Adjustmentsfr'om Form O
a F
=
a
-.s
9.i s
I
c
U o 6 qO
F
Sheet 6
sections. LrJ
z
BE
l=
!
I
IF
o
ii:gu .9c
z
View B: PFMEA Software View
o f t.9
a to
o
E
! tt €{
() iiF.
o 3ii
{ ) r q3
ie E di
5!:
.9, E! a{
o
.>
(! {puo[dO) opoJr6nH
c
o &
o U
o F
q
Ei Iq
u,l ltz
E 3i o
tr
att
fE z
u
iE{r
c itt
c
u
F
ttoo . :F
v i .z o
L
o an
=o
l
d
F i:; J
z
p
!iE
E'g ; Y
o
=IE
l!
q
iI! e
o ql
o 9E
o
o ";
o zd
od
o. OE ilEce
# enrsl
-163-
-162-
I
J
o,
5
I
l.f6fi.tdbPr!4r f eiPtrqtl
t.Ppillo l-
sHalo Flet:
.lI ryrb,tati-" Fedo0.att|{a,
PrrlElrartt $rlqcqiPalElcdi
o lrdFm otPDdl ErdiJ*(
&
P 2"ffi.rCfapr$ia o
$iloryrctl.t9. l?dhdlc aFflFb*Fl
rt A.6qArlin cl{t.ailb LFrl.reEtclr(fEl
et'rApprdblil
diift'o6tho
F
:I
o Itllirolmb nffrt-.b
o$srl .*r{
q)
o
!T
r=n
Ir
o oPTlllt lzATlON (STEP 6)
RlsK ANALYSIS (STEP 5)
s
CN
o
o
o o 4
o
Target Adion Taken Codpletion .E o
o Detection Responsible Poiftea E Remar*s
Prevention Conpletion Stdus Oate E
Hion Mion Pecon's Nam Dde Eviden@ E
o q 4
o o o
rA\
-
Y O
coTtNU@s
STruCTUEMYSIS (STEP 2} FUNCTTONMYSTS (STEP 3)
.i:
'n
o rio' g
s 'dff. (D{qereL
m
o
5
q)
o
!
g
|.n
D RrsK ANALYSTS (STEP 5) oPTTMlzATTON (STEP 6)
'tl
o
o o
o Targ€l
Shus Rematu
U, E
Dde Evidenco =
o
o o
o
o
I
J
O)
(rl
I
I
O)
O)
I
2! Prdd T.bPffi
TI clles$c Ch.nrcilldc g 2, Fitur kdr (fl4 of
HbtorylChang€ 2.Plocdsbp t Plldrvlort ondorlfi t. F.lbn Effi (FE)
o lrfomb oth ommf $.F@8!o
Elild
(k Applicable) 6doo xo'rd (or*rgetn vrut
(ftb column b :aItF ((l0n$drnll .feo0
ELffit oPUoC)
opdonal)
\
o
5
qt
o
!
e
rn
sFT iMg.&T !$li { 5',1- 69 6}
.n Rrsl(ANALYSIS(sTSF 5l
o
s
@
o $
o
I C
Ti Qtt is${t $ i
OritCldl &s f6i9s lrfisqls l1r1ii ks g
g sssttoo lrtBfi ffi swti6s 0** -t !
U s
c
...l,
Gl
Plant Lo€tion:_
Customr Nare PFMEAStafr Dde:
Model Year / Plafform:_
2. Funcion oillhe u
I
2,Pl!ffiSLp Process Description P@E! 8t p and
3.Pm$rort o
(Verb / Noun) Prcduc{ 2, F luo toda
Ebfrrtrt 3, Puncdon ottha PmEl YVqi Ebmllt md 3. Fdhrn C.u$ (Fc) qf
3t {,on 1{o, .nd Chrncirrralb (FlT) otthi 1. FslluE Efrocb (FE)
Pl@.ChncnrL6c 'i
OrYtor* Ebmot
tllm otFw$ (Function or Outcome F@sbp
ofthe Process Step) (Ourn$t ttn vdn b 4ITypr
'n Elrrunt
o opooE0
o
o
qt
o
t
g
m
b PFMilID
'tl Pr@ss Responsibilitf
o SecurityClssift€tion:
.gt
RISK ANALYSIS (STEP I
6
o o o 4
o E Target
p e Oetection Respnsible Coqletion .9
f
Prcvenlion tution Goryletion Status Pointerto U E
& E v Date
Date Evidence =
o o o c c
o o o
I
I
O)
\t
I
I
I
o)
@
I
t t.*d-bh
l*a'iSb
E-b
*rn
D
cn
RISK AilALYSIS CURRENT CONTROLS (STEP 5) and oPnrfizATloN (STEP 6)
o
:t
t!r i
d
PFi'il CURRENT CONTROLS
so
{
,!'ris...jf .-..
j
'J+* + -.-3
O
(.,
.Tl
m
=
t'l
/=
Design Failure Mode and Effects Analysis (DESlcN FMEA) E"i n
I ewmffiW$ry---l
I
A
o)
(o
I
t
J
{o
I
'I
PLANNING & PREPARATION (STEP
Design Failure Mode and Effects Analysis (Design FMEA)
ANALYSTS (STEP 2)
ANALYSTS (STEP 3)
*dwi
(STEP 6)
DFMEA RISK ANALYSIS (STEP 5) and DFMEA oPTlMrzATlON
aNALYSTS (STEP 4)
srT
E I
i.arh&(nt €
a bftFfrhldlh
.lt .e*hb
rt
=
I
v,
=
T DFMEA OPTIMIZATION
cn
o
(STEP 6)
t
gr FMEA-ItlSR RISK ANALYSIS (STEP 5) and OPTIMIZATION
o !
s
so €
{
FMEA-MSR CURRENT CON1ROLS
OPTIMIZATION
r" r' -
i \' r:ir
e
!= t, trg P ! EE
o .a
€F 0
.lr .Tl
g
e.H zo E !.f
g|D 5FE Eg tr=o
dE xal r\ 6 g E rE {m=
Eq N \>
o-r J.
d frto q
-$e ct U ei 9
9q e,
0
rl * ESP 3s Fs Ess E
Eg i:l
I!
ro
m Eq
ga sE s;a F o B
c 3? ro
a D aI! €*: $ J>or
$a
tl 'lt u. b(Dl
o o -{ o gE
=s. $8 s 59a $
tr o E o
\o :4.
€d €€ d'T(/D
i.!FF
'n
gl
iN cn s :\ ec :: s= €
I f) I (,c, 0
ct, ca trar c,c'
o.lt E
{ so o Aocr
u c tr IO 63 .S g
'tt o o lr -6 "s Fg "s o
d<
7 o
FI *t fl g!.
c n(D o E9
TT
= eg m T
r= If!
AI '1. O
D ._ i< Pg
b ifr .+ :T
at
tr S
FT 'tr o * Stt
o ea z v, o g tit
jrt T B=
8g l-
o J
q tn al s o
C" 6 o o g ag5 gl 26
gE 3 4 at
@ v
o .DH bo o o 7
o E;.sa E
o @ o @ o
N o g. 3 Eg {
€ { to o
:
o
o-
q EgF
o o 39p
6{
o o -€.
I o m I g
o 1' S
o o
v, 3 o N o
r! 3 zo 11
rE' c'll
cn €F o9 (t, g
o o ctm
s3gE 33 m
E s Eli ;g E E>
30 "6 e
N =6
qe
3 916',
t; qg
E -sld €q
; 916" dF
6:!
il tH F.F o.lto
o:g er ot'
60
Btn 2 5J O :J'
3 o 3d
!:
:! g$fr Edo OJ
:='
6' o <d
t 6':c c o
'n o"
@
JD
g tt
m
I
A
N
J
I
L
81.3 DFMEA Form Sheef Hints: SfeP 3 81.5 DFMEA Form Sheef Hints: Sfep 5
i
I
FUNCTION ANALYSIS (STEP 3)
f )
DFMEA RISK ANALYSI s STEP 5
1. Next Higher Level
Function and Requirement
Figure 81.3-1 DFMEA Form Sheef with Hints; Sfep 3 Figure 81.5-1 DFMEA Form Sheef with Hints; Sfep J
debcribed at the Next Higher Effecti Function descilbed as the Name, not flile ol mmyy or Opan, Descrlptton of
Actlons Actlons mmyy or
level. lnclude potenfial l-10 itert Lower l6vel and lead dopatunsnt ddmmyy Dscision actlon taken and ddmm)ry
FoT DFMEA
naedsd !o nseded to ieam use
effects to thc vehicle (End Failure Analyii3 can begln wlth the FM, FE ot to the Failure Mode reduce
pendlng document
lmprovs (optionall,
Uierl level and regulations, FC as long as there 15 an accurate Fallure Occurence Oet ctlon
numbet, repon
H,
Irnplamontstlon name and date,
ac applicable Chaln M,
pendlng etc- 1-10 1-10 {-t0 LL
(op$onat), L,
NA
Completed,
DFcardsd
Figure 81.4-1 DFMEA Form Sheef with Hints: Step 4
Figure 81.6-I DFMEA Form Sheef with Hints; Sfep 6
PIVEA step 7 is independently handled by each organization and is not recorded on the
DFMEA form sheet.
-172- -173-
FATLURE ANALYSIS (STEP 4) DFMEA R|SK ANALYSTS (STEP and DFM EA
81.8 DFMEA Soffrttrare ExamPles
o0 l. f.llur.
Effecr'{FE)
to ttF l{dt
HlgilrsLarnl
Elontnt Pergon'a Stslus
Actlon
Fatlwe Efrecis {FE} to the Next Hlgher Figure 81.8-3 DFMEA Optimization with new Risk Evaluation (Softvttare View)
Lrvel gement and,or End User
card body bends contact area of the
deviation bY commutation system
and rotating velocity of the carbon brush
intermittently connects the wrong coils
window lifter motor too low
WindowLifter
@fmmutetion
svstm
flrren
Cird Bass BodY
0
oN ANALYSIS (sTl 3)
Ttlext Hlgi.tlw.l
Funcllon
and RequlFBont
ANALYSIS
to oEf,rf tldr E?
CrdlrEr
gs
coil6{Ll,
i0stsadol 11, L2
the
L3 and L2
contactarca of acc. FEM 8370
View)
l Figure 81.8-2 DFMEA Risk Analysis (Soffware
-
-175-
-174-
82,3 PFMEA Form Sheef Hints: Sfep 3
82 PFMEA Form Sheet Hints f 0 FUNCTTON ANALYSTS (STEP 3)
82.1 PFMEA Form Sheef Hints: SteP 1
l. Function ofthe Proeess ltem
Function of System, Subsystem, part
Element or Process
Planning and PreParation (SteP t) Determined bY
PFi/iEA ID description of what the Process ltem i3 expected to description of what lhe operation or otation must posllivo descripuon of how the work is completed
Name of PFMEA
GompanY Name: NameofComPanY Subiect: Project Number:
CompanY :hieve broken down into severalcalegories. s.g. Axial positlon sintared bearing in pole including the positive process charactorisllc related
Responsible for lo each 4M.
categorles may b€ unfinown and tFted as Not
PFMEA
Procesg Name of PFMEA able {llA}. is lhe Product Chalacterlstlc and must The negativa of these positlvei will be used for the
Start Date
llanufactudng Geographical PFMEA Start
ResponsibilitY:
Owner ln the product afier the Fallure Cau3e cotumn. The mote detail used here,
Location:
Looation Date:
Business Use,
expestatlons can be raferred to when
rting Failure Effects (FEl.
ha3 been produced. mor6 po8itlves, wlll produce more Failure Causss.
1. Process ltem ( D
End Uso.
System, SubsYstem, Part the Vehisle, System or r-10 Fatlure Cau3e is the negative of the po3iuve
Element or Name of Process to perfom the Function
Hlgher level.
ths th6 product {dotect} lbted in "Fuilction ot the Proceea Wor* Elemanl
ProceBr Chamcteristlc"
Use the 4M's to identifY tYPes of The Failure Mode t^rill be the negative ot
The operation or station to be analYzed conaidedno Eftects, concider items liated negatlves of lhe poritlve Product Characterirdc, mult be detectable in the process (emr)
name of the process being analYzed e.g. that have an influenceon "Function of the Process llem" and the lead to the Failur. Mode.
which produces the Process Item
e.9. electrical motor assembtY line
Mode" and how they can Efiect the 3
bearing press-in the oPeration or station being belng considered {Your Plant, Strip.to
OP 30 Sintered
the end result of all successfullY Proceas ltem, End U8efl
completed Process stePs it recommended to lilt the Severlty Rating
4M Tvpes: Man, Machine, Material next to each of the 3 areat {Your Planl Siip to
plant, Procesi ltem, End U!er) behg considered
also be a non-direct manufacturing tf nairectt,
Milieu {Environment) and ua6 the higheit Ratino tor the Severity.
process e.g. shiPPing Rank, One area, 3uch as End U6er, may not
mayvary bY comPanY Figure 82.4-1 PFMEA Form Sheef with Hints: Step 4
Hints: Step 2
Figure 82.2-1 PFMEA Form Sheef with
-177-
-176-
82.8 PFMEA Software Examples
Fl2.5 PFMEA Form Sheet
Hints: SteP 5 o r)
STRUCTURE ANALYSTS (STEP 2)
l. Procelr llem
Systenq Subr|Elefit, Part Element or Rano of
ProG€.
Oa Electrical MotorAssy Line [OP 30] Sintered Bearing Press-ln Process Operator
EE
o6 FUNCTTON ANALYSTS (STEP 3)
lr
oo. t. Funqlon ot &e Frocesr tem
Functon ot Eystefi, SuDsyrtrm' Part Elem€nl or
tl =o Your Plant:
Pnaceil
Press in sintered beating to achieve axial position in Operator press the button of machinelor releasinglhe
Assemblyof shaft into pole housing assembly pole housing to max gap per print press-in process when loading is completed
Ship to Plant:
As6emblyof motor{o v€hicle door without line
pfoven H, stoppage, sort or 6onlainment
t.t0 Shte Part controlt $, End User:
sbte Past contolg ProvcB contols conmitted to l. Windowraises and lower6
to
andor controlt conmttred
FATLURE ANALYSTS (STEP 4)
t. Falure Eftctt {FE} to $s llexl Hlgher Lev6l
5 Elernent andror End Uset
82'5-1 PFMEA Form Sheet with Hints; Step
Figure Your Plant: Axial position of sintered bearing is not reached l\4achine stops before reaching linal position
Clearance too small to ass€mble shafl
Ship to Plant:
Assemblyof motor to vehicle door is not possible
End User:
Comfort closind time too lond
SfeP 6
82.6 PFMEA Form Sheef Hints:
Figure 82.8-1 PFMEA Failure Structure (Software View)
slRucflJRE A{ALY9|S (SIEP 2)
t.
Adton Takcn ComPlefion Remarks 8F@ututsyrsePdt
Reiponslble Tsrget
Status wlth Polnter Date
Porron'a ComPlo$on
to Evidence Ure IOP 301 Sintered Bearing Pressl Op€rator
Name Date
FUI{CllOil AilALYStS (SrEP 3}
to ne€dedto Your Plant: Press in sintered bearing lo loperator press lhe button
namo Assembly ofshafl into pole achieve axial position in pole lolmachine forreleasing
data, etc. housing assembly rcuslng lo md gap per print
Shio to Planl;
Assembly of motorlo vehicle
doorwithout line stoppage,
sort or containment
lil:"ffi'n,l"ffil:fi**
Fnd User:
Wndow raises and lowers I
I
l,FahmElllqtr
I
(FElb{L&r. E:
f0gns L.v6l
Cbrstedc #6
E'rt l!.ar
!
PFI'EA CURRENT CONIROLS
Vour Plant; 8 Axial position of sinlered Machine stops before None 10 Lot Release Protocol oblective z H
ir
Assembly olshaft is not bearing is not reached reaching final position (Effectivity: 100%):
7 possible because Msual Gauge hspectlon otaxial gap of
it,
:r
82.7 PFMTEA Form Sheet Hints: SteP clearcnce too small
Shlo lo Plant:
bearing lo pole housing sealby
Operatoi
I None Del6ction indlcaton OI(NOK
End User: (RED/GREEN area);
Comforl closing lime ioo 100% ch6ck of motor pertormance curv6
long
acc. spec. MRKJ5038
PFMEAStepTisindependentlyhandledbyeachorganizationandisnotrecordedonthe
I
PFMEA form sheet' 82.8-2 PFMEA with Risk Analysis (Software View)
Figure
I
-179-
rl
-178-
FAILURE ANALYSIS (STEP 4}
B,3.2 FMEA-MSR Form Sheef Hints: Step 2
L FaIw E68c!
(FEl to lhe tlorl
Target
Action
Taken
with tion
o
!ts
0 STRUCTURE ANALYSIS EP
tlghq L6vol tlon Oate o
Name Date tr
Elam.ntsdro.
Erd Ua.r
Figure B2.g-J \FMEA Optimization with new Risk Evaluation (Softttrare View)
GrossfunCtlonal Te€mRotternoqd€d
fodcl Year(e) I Custom€rApplketon
Program(el: orOompany ModeU Team: Figure 83.3-1 FMEA-MSR Form Sheef with Hints: Sfep 3
Style
It
-180- -181 -
Bg,4 FMEA-MSR Form Sheef Hints: Step 4
FAILU RE ANALYSIS ST EP
f c
83.6 FMEA-MSR Form Sheef Hints: Step 6
SUPPLEMENTAL FMEA-MSR RISKANALYSIS (STEP 6)
Most UJ
lt
Severe aE Actlon
MSR Fallure Target Taken
Failure Efecb (FEl
System
Ellect og Person's Status wlth
l. AcSon Actlon alter bb
'trc Name Date Pointerto Date
ihe Next HlgherLwd System o6 Evldence
o
Element andlor Vetlcle (tt
End Urer
Oprn, H,
Drchlon M,
Addltonrl pobnthl pcndlnc ofrctlon t
ot How the SubrYitem' Addlbnd
How tltc EubsytlEltl Compongnt or lnlsrlace
Addlbn!l .fretrto
!ml loptlorulL tfanrltd NA
Subjitltsm coultl tall to coufC fan to plrform the Fumtlon dotcrlbed Component or lntsrlacc Actolr' dctlcfoli
Acllont lhcEnd Ntna, mmyyot al,ocumtnt mnryyor
could fall to Porform the mad.dto nildcdto Ullrhvcl r-10 nottlllc ot l-t0 1-10 't-10 MSRblm
peffotm the Funcuon ar the FocusElsment and lead lo the Fallure trdu6 l'F8todt reducr dfparhrcnt
ddruryy onprndlng numbcr, ddmnB/y
utt
attho il8xt Efiectt descrihed as the Fruquincy
drfig dbr
Fnrqur.cy monlbilng
(optond), uta
t-,10 ilext Lowar leveland lead vehlchu$ Complctrd, rnddrb,
levol. lncludc PotElttlal Dlrcrdcd atc.
ettsctl !o lh8 vehlcle (Efld or to the Fanurc Mode
Fallure Analytlt c.n bcgin wlth ths Fil' FE rltponra
Urerl levtl 8nd rcgulationf ' FC at loni aa tters la an accuraie Fallurs ln
al appllcablc Chaln t
Figure 83.6-1 FMEA-MSR Form Sheet with Hints; Step 6
Figure83'4-1FMEA-MiRFormsheefwithHintsSheet;Step4
83.7 FMEA-MSR Form Sheef Hints: Step 7
83.5 FMEA'MSR Form Sheef Hints: Step 5 FMEA-MSR Step 7 is independently handled by each organization and is not recorded on the
FMEA-MSR form sheet.
FAILUREANALYSIS
Failue Etlects (FElto Orb tlextHlgher
Figure 83.5'1 FMEA'MSR Form Sheef with Hints; Sfep
5 Lc\rel ElementrndorEnd User
anti-pinch protection in comfort closing
I of ttall effect sensoris not transmitted to
signalto stop and reverse window lifter dueto poor connectionafHall effect
in case of pinch situation
or neck may be pinched between
I
and frame)
ri
ll
lr
-183-
-182-
C Severity, Occurrence, Detection and Action Priority Tables
ANALYSIS o i) C1 DFMEA SOD and AP Tables
cu
Liltcr It
stoP from
for comfofr abd window Product General Evaluation Griteria Severity (S)
mode in €5e ot ECU
(STEP 5)
FMEA.MSR RISK ANALYSIS Blank untilfilled in by
1t FAILURE (STEP Potential Failure Effects rated according to the criteria below user
nsr
Corporate or
s Effect Severity criteria Product Line
Examples
b. plnahrd
Affects safe operation of the vehicle and/or other
in tomfo{ signalof Halletf*t
l{ill
EcU lr rnd
gh3:
lEile 10 vehicles, the health of driver or passenge(s) or
is not
lran5mitted to ECU du€
Very High road users or pedestrians.
of pinch
n*k ffaY be P@r connsction at
or
and
*n50r. I Noncompliance with regulations
Loss of primary vehicle function necessary for
Analysis (Softv'rare View) I
Figure Bg.8'2 FMEA-MSR Risk normal driving during expected service life.
High Degradation of primary vehicle function
7 necessary for normal driving during expected
service life.
RISK ANALYSIS (STEP 5)
FAILURE ANALYSIS {srEP4) and OPTIMIZATION
6 Loss of secondary vehicle function
Acdon
T*.n 5
Moderate
Degradation of secondary vehicle function
€&.lr ic Sbtt wlth
o tlon
E
Ptt$n'3
Ntm
on Polnt r D|t. Very objectionable appearance, sound, vibration,
trdEh!ildl o Dri. lo 4
rdo(Eutllt harshness, or haptics.
,;
GURRENT coilTROLS
Moderately objectionable appearance, sound,
3
to etoP and Signal ol Hall effecr lho6nFtdon 2 l0 I
tr
vibration, harshness, or haptics.
ln
6
.ev6r* window lifter snsor is not prlnclpbotih.
Hdt.ilLd$mr Wndowwlll Low
ffifott closlng mgior in Ese of Pinch fansmitted to ECU
duoto P@r rnd ECU 13 dos.whhtull Slightly objectionable appearance, sound,
mode
connec'tion gf Hall racordlng to clrnpilrg tord. 2
or n*k may effecl *rsr. strndfd t(Yz. vibration, harshness, or haptics.
plnched b€ren
sndawqlass snd 1 Very low No discernible etfect.
t L T.rt dd.mm.
Nom 2 lnttoduadon of
plru3lblllty lnolffi WN rmnt
illon
ch.ckbltwl.n ilr,Wa'r.n
Wrtchtul p.ndt
molorcumlll
ildlos ol
riomlirom Hdl Tabte C1.1 - DFMEA SEVERITY (S)
.lfects3or'
-185-
-184-
Occurrence Potential ( for the Product
c1.2 DFMEA OCCURRENCE (O) I (n Potential Fail ure Causes rated according to the criteria below. Consider product
Occurrence Potential for the Product Experience and Prevention Controls when determining the best Occurrence estimate Blank until
ria be ow Con sider Product Blank until filled in by
Potenti a F ail ure Cau SES rated accordi ng to the crite filled in by
(Qualitative rating).
user
g the best Occurren ce esti mate
Experience and Preve ntion Controls wh e n d eterm ln tn Prediction of
user
Qu a itative rating) Failure
Corporate o Gause Occurrence criteria - DFMEA or Product
Prediction of or Product Line
Occurrinq
o
Failure Occurrence criteria' DFMEA Line Detail ch anges to previous design, using proven technology and
Exam les
Cause Exam les
Occu materials. Similar application, duty cycle or operating conditions.
F rst application of new technologY nywh re without
6 ope rating Previous testing or field experience, or new design with some test
NS N o
expe nen ce an d or und e u n contro led operating conditio experience related to the failure.
prod uct verification and/or val id ati o n expe nence.
5
Extremely Design addresses lessons learned from previous designs. Best
10 yet been Practices re-evaluated for this design, but have not yet been proven
high Standards do not exist and best practices have not
not able to predict field performance Prevention controls capable of finding deficiencies in the product
deteimined. Prevention controls
or do not extst. related to the failure cause and provide some indication of a
Moderate
within th e
First use of design with tech n cal nnovati ons or mate rials ce
ppli cati n or chan g e n duty cycl e ope ratin g Almost identical design with shortterm field exposure. Similar
compa ny New
expe nence application, with minor change in duty cycle or operating conditions.
co nd itions No p rod uct VC rificati o n an d/or val d ati o n
I Previous testing or field experience.
Preventioncontrolsnottargetedtoidentifyperformancetospecific 4
ments. Predecessor design and changes for new design conform to best
materi S on d n ew practices, standards, and specifications. Prevention controls capable
F rst of design wi th techn rcal n novation S
Very high USE
of finding deficiencies in the product related to the failure cause, and
ap pl cation N CW a p pl cation o ch nge in du ty cycl e ope rating
lidation expen e nce indicate I desi n conformance,
conditi ons N o produ ct verifi cation and/o VA
Detail changes to known design (same application, with minor change
8 in duty cycle or operatin g conditions) and testing or field experience
ap p icable fo (
Few ext sting stand ard S and best practices not di rectly () under comparable operating conditions, or new design with
this design Preve ntio n con trols not re iab e n d cator of field
successfully completed test procedure.
e rform a nce
3 Low
New d ES g n based on SI mt a te ch nology and mate rials
N EW
produ ct Design expected to conform to Standards and Best practices,
e du ty cycle I operatin g co nditions No
app ication or chang n considering Lessons Learned from previous designs. prevention
VE rificati o n an d/or VA idation expenence. controls capable of finding deficiencies in the product related to the
7 failure cause and predict conformance of production desiqn.
Sta ndards best p ra ctices a n d design ru les ap
plv to th e basel in e
Almost identical mature design with long term field exposure. Same
co ntro S p rovide limited
design, b ut not th e n novations Prevention application, with comparable duty cycle and operating conditions.
ndi cati on of rform a nce
Testing or field experience under comparable operating conditions.
High materi a ls
Similar to previous design S, u srng exi sting technology and
g e uty cycle or operating con d itions.
Si mil a a ppli catio n th chan S tn d 2 Very low Design expected to conform to Standards and Best practices,
P revrou S testing fi e td expefl e nce considering Lessons Learned from previous designs, with significant
6 margin of confidence. Prevention controls capable of finding
that the
standards and design rules exist but are insufficient to ensure deficiencies in the product related to the failure cause, and indicate
will not occur. Prevention controls provide some ability to confidence in desi n conformance
failure cause
t a failure cause Extremely Failure eliminated through prevention control and failure cause is not
1
low possible by design
Product Experience: History of product usage within the company (Novelty of design, application or use case).
Results of already completed detection controls provide experience with the design.
Prevention Controls: Use of Best Practices for product design, Design Rules, Company Standards, Lessons
Learned, lndustry Standards, Material Specifications, Government Regulations and effeitiveness of prevention
oriented analytical tools including ComputerAided Engineering, Math Modeling, Simulation Studies, Tolerance
Stacks and Design Safety Margins
Note: OCC 10, 9, 8, 7 can drop based on product validation activities.
-187-
- 186 -
C1.3 Alternative DFMEA Occurrence
(O) Tables
the co mpa ny New a ppli cati on or change 4 thousand Predecessor design and changes for new design conform to best
50 per nd/or validation experi ence 1 in 10,000
conditions. N o product verification practices, standards, and specifications. Prevention controls
9 thousand,
1in20 Prevention controls not targeted
to identify performance to sPecific capable of finding deficiencies in the product related to the failure
requirements. cause. and indicate likelv desiqn conformance.
rn novation S or materi a S on
a n EW Detail changes to known design (same application, with minor
F rst use of design with technical I operating change in duty cycle or operating conditions) and testing or field
tn duty cycle
app lication N ew ap pl ication or change experience under comparable operating conditions, or new design
and/or vali dation experience.
cond itions. No product verification .01 per
0t
20 Per with successfully completed test procedure.
8 practices not directly ap pl icable 3 thousand
thousand, Few ext sting standards and best Design expected to conform to Standards and Best Practices,
not re liable tn d icator of fiel d 1 in 100,000
1in50 for this design Prevention controls considering Lessons Learned from previous designs. Prevention
ance.
nology and m aterials New controls capable of finding deficiencies in the product related to the
New des rg n based on simila tech
10 per e ope rating cond ition S. No
failure cause. and predict conformance of production desiqn.
ap pl ication or change n duty cycl Almost identical mature design with long term field exposure.
thousand prod uct VE rification an d/or val id ati on experience.
1 in 100 Same application, with comparable duty cycle and operating
7 rules app ly to the basel ine
Standards, best p ractices an d design conditions. Testing or field experience under comparable operating
d esig n but not the rnn ovatio ns
Prevention controls provide ti mited < .001 per conditions.
ind ication of ce.
2 thousand Design expected to conform to Standards and Best Practices,
lar to previous desig flS' existing technol ogy an d
US tng
1 in 1,000,000
Si m considering Lessons Learned from previous designs, with
with chang ES tn duty cycle or
materials Similar pplication significant margin of confidence. Prevention controls capable of
testi ng or field experien ce.
2Per operating conditions Previous finding deficiencies in the product related to the failure cause, and
6 thousand are NS uffici nt to ensure that
Stand a rd and des ig n rul es exist but indicate confidence in desion conformance.
1 in 500 ntion controls provide some
I the la lure cause will not occur Preve Prevention
I bi to revent a failure cause. controls Failure eliminated through prevention controland failure cause is
1
eliminate not possible by design
I failure
Product Experiencel History of product usage within the company (Novelty of design, application or use case).
rl
Results of already completed detection controls provide experience with the design.
Prevention Controls: Use of Best Practices for product design, Design Rules, Company Standards, Lessons
ll;
Learned, lndustry Standards, Material Specifications, Government Regulations and effectiveness of prevention
oriented analytical tools including Computer Aided Engineering, Math Modeling, Simulation Studies, Tolerance
Stacks and Design Safety Margins
Note: OCC 10, 9,8, 7 can drop based on product validation activities.
- 189 -
-188-
c1.3.2 DFMEA Occurrence (o) with Time Based Failure Prediction values
Occurrence Potential (O) for the Product
o0 Occurrence Potential (O) for the Product
Potentia F ail ure Causes rated accordi ng to the crite
Experience and Prevention Controls when determi nt ng
na be ow Consid e I P rod uct Blank untit
nsider P rod uct Blank until th e best Occu rrence esti mate filled in by
Potenti F ail ure Causes rated accordi ng to the criteria below Co (Qualitative rati ng).
user
Controls whe n dete rm n tng the best Occu rrence estimate filled in by
Experience and Preve ntion Time Based
itative rating user
Failure Corporate or
o Gause Occurrence criteria - DFMEA Product Line
Time Based Corporate or
Failure Product Line Prediction Examples
o Occurrence criteria' DFMEA
Cause Examples m ost identica expos ure Similar
Prediction appl ication with m nor change tn duty cycle or ope rating
First app ication of new tech no ogy anywhere with out ope ratin g conditions. Previous testing or fi e ld expen nce.
experi e nce and or un der uncontrol led ope ratin g conditions No 4
More than
product verifi cation and/or validation experience once per Predecessor design and chan ges for new design co nform to
10 Every time year best practices stan dards, and specification S. Prevention controls
Standards do not exist and best practices have not yet been
ca pable of fi nding deficiencies tn the prod u ct related to the
determined. Prevention controls not able to predict field
or do not exist. fail ure ca USE a nd ndicate ke des n conformance.
of with tech n cal nnovatio ns or materials within Detai chan ges to known d esrg n (same ap pl ication with mt nor
First u SE design
chan ge n duty cycle or operating conditio ns nd testi ng or field
the com pany New a pplication, or change in duty cycle / )
experience und r comparable operati ng cond itions, or new
Almost every o perating conditio NS N o product verification and/or validation
des g n with successfu llv co mpleted test p roced ure
9
time
experience. Once per
3
year
Prevention controls not targeted to identify performance to Design expected to conform to Stan dards a nd Best Practices,
S c irements co NS derin g Lessons Learned from previous des g NS Prevention
First use of design with technical innovations or materials on a controls ca pable of fi nding deficiencies tn the product related to
new application. New application, or change in duty cycle / the fai lu re cause an d conformance of ucti o n
More than operating conditions. N o product verification and/or validation Almost id e ntical matu re des g n with ong term fi e d exposure
expenence.
I once per
shift Few existing standards and best practices, not directlY
0D Same application, with com para br du ty cycl e an d operating
cond itions. T esting or field experience un d e r compa rable
applicable for this design. Prevention controls not a reliable Less than operating conditions
indicator of field 2 once per
year Design expected to conform to Standards and Best practices,
New design based on similar technology and materials' New considering Lessons Learned from previous designs, with
applicatiori, or change in duty cycle / operating conditions' No significant margin of confidence. prevention controls capable of
More than product verification and/or validation experience' finding deficiencies in the product related to the failure cause,
7 once per day
standards, best practices, and design rules apply to the baseline and indicate confidence in d n conformance
design, but not the innovations. Prevention controls provide Failure eliminated through prevention control and failure cause is
1 Never
limited indication of performance' not possible by design
Similar to prevr o us designs u ng existi ng technology a nd
Product Experience: History of product usage within the company (Novelty of design, application or
mate rials Si mil ap pl ication with ch a nges tn d uty cycle or use case). Results of already completed detection controls prwide experience with ihe design.
More than operating conditio NS Previous testi ng or field experience.
6 once per Prevention Gontrols: Use of Best Practices for product design, Design Rules, Company Standards,
week standards and design rules exist but are insufficient to ensure Lessons Learned, lndustry Standards, Material Specifications-, Government Regulations and
that the failure cause will not occur. Prevention controls provide effectiveness of prevention oriented analytical tools including Computer Aided ingineering, Math
some abil to nt a failure cause Modeling, simulation studies, Tolerance stacks and Design safety Margins
i p
Deta il changes to reviou S d esrgn usi ng proven technology nd Note: occ 10, 9, B, 7 can drop based on product validation activities.
materials. S mt lar app lication, d uty cycle o operati ng conditions.
P revrou S testing or field experience, or new desig n with some
test experience related to the failure'
Table Cl.3.2 - Alternate DFMEA Occurrence (O)
More than
t
5 once per Design addresses lessons learned from previous designs' Best
month Prictices re-evaluated for this design, but have not yet been
proven. P reventi o n controls ca pable of fi ndi ng deficien cies ln th
L
- 190 - -191-
c1.4 DFMEA DETEGTION (D)
Detection Potential (D) for the validation of the Product Design
f n
C1.5 ACTION PRIORITY TABLE FOR DFMEA
Action Priority (Ap) for DFMEA
Action Priority is based on com bi nation S of Severity Occurren
Blank untilfilled ce an d Detection rati ngs in
and Opportunity
Detection Controls rated according to Detection Method Maturity rd to actio NS for risk reduction. Blank until
for Detection. in by user filled in by user
Prediction of Action
Effect s Failure Cause o Ability to Detect D Priority
Corporate or Comments
Ability to Opportunity for Product Line
D Detection Method MaturitY Detection Low - Very low
Detect Examples 7-10 H
Moderate 5-6 H
Very high B-1 0
Test procedure Yet to be Test method not defined High 2-4 H
i
10 develoPed,
Very high 1 H
Very low
1
5
Moderate that test failures maY result in
production delaYs for re-design Degradation Testing
00 Low 2-3
High
Very high
2-4 L
1 L
and/or re-tooling.
Very low 1 Very high - Very low 1-10 L
Proven test method for Pass-Fail Testing Low - Very low 7-10 H
4
verification of functionalitY or Moderate 5-6 H
validation of Performance, Very high 8-1 0
3 High quality, reliability and durability; Test-to-Failure High 2-4 H
planned timing is sufficient to Very high 1 H
modify production tools before
2 Degradation Testing Low - Very low 7-10 H
release for Production'
Moderate 5-6 H
High 6-7
Prior testing confirmed that failure mode or cause cannot High 2-4 H
1 Very high occur, or detection methods proven to always detect the
Product or Very high M
failure mode or failure cause. 1
Plant Effect 7-8 Low - Very low 7-10 H
High
Moderate 5-6
Tabte C1.4 - DFMEA DETECTION (D) Moderate 4-5
M
High 2-4 M
Very high 1 M
Low - Very low 7-10 M
Moderate 5-6 M
Low 2-3
High 2-4 L
Very high 1 L
Very low 1 Very high - Very low 1-10 L
-192- -193-
C2 PFMEA SOD and Ap Tabtes
Moderate 5-6 M Potential Failure Effects rated according to the criteria below Blank until
High 6-7 filled in by
High 2-4 M
user
Very hi h 1 L lmpact to Your lmpact to Ship-to Plant lmpact to End
Product or s Effect User or Product
Low - Very low 7-10 M Plant (when known)
Plant Effect 4-6 (when known) Line
Moderate Moderate 5-6 L
Moderate 4-5 Affects safe
High 2-4 L operation of the
L Failure may result in vehicle and/or
Very high 1
Failure may result in an
an acute health other vehides,
Low - Very low 7-10 L 10 and/or safety risk for acute health and/or safety
risk for the manufacturing the health of
Moderate 5-6 L the manufacturing or driver or
High or assembly worker
Low 2-3 assembly worker passenger(s) or
High 2-4 L
L
road users or
Very high 1
s.
Very low 1 Very high - Very low 1-10 L Failure may result in Failure may result in in-
9 in-plant regulatory plant regulatory Noncompliance
Low - Very low 7-10 M
with regulations.
no iance
Moderate 5-6 M
Line shutdown greater
Very high 8-1 0
High 2-4 L than full production shift;
100% o'f production
Very high
Low - Very low 7-10
1 L
L
00 run affected may
have to be scrapped
stop shipment possible;
field repair or
replacement required
5-6 L Failure may result in (Assembly to End User) Loss of primary
Moderate
High 6-7 in-plant regulatory other than for regulatory vehicle function
2-4 L
High I noncompliance or noncompliance. necessary for
Very high 1 L may have a chronic Failure may result in in- normal driving
Product or health and/or safety during expected
Low - Very low 7-10 L plant regulatory
Plant Effect 2-3 service life.
risk for the noncompliance or may
Low Moderate 5-6 L Moderately
manufacturing or have a chronic health
Moderate 4-5
L
high
High 2-4 assembly worker and/or safety risk for the
Very high 1 L manufacturing or
ASSEM worker
Low - Very low 7-10 L
Product may have to Line shutdown from 1
Moderate 5-6 L be sorted and a hour up to full production Degradation of
Low 2-3 portion (less than primary vehicle
High 2-4 L shift; stop shipment
100Y:o) scrapped; possible; field repair or function
Very high L 7
1
deviation from replacement required necessary for
Very high - Very low 1-10 L primary process; (Assembly to End User) normaldriving
I
Very low 1
decreased line speed other than for regulatory during expected
No service life.
Very low - 1-10 Very high - Very low 1-10 L or added man r no
Discernible 1
Very high
Effect
-194- -195-
Process General Evaluation Griteria
c2.2 PFMEA OCCURRENCE (O)
Blank until ( (\
filled in by Occurrence Potential (O) for the process
Potential Failure Effects rated according to the criteria below user
Corporate Potential Failure Causes rated according to the criteria below. Consider Prevention
lmpact to End or Product
lmpact to Your lmpact to ShiP'to Plant User Controls when determining the best Occurrence estimate. Occurrence is a predictive
S Effect (when known) Line qualitative rating made at the time of evaluation and may not reflect the actual
Plant (when known) Examples Blank untitfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
100% of production FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
Loss of
run may have to be Line shutdown uP to one secondary
Ratings, use the rating that best reflects the robustness of the control.
6 reworked off line and hour vehicle function Corpo rate or
accePted Prediction of Failure Type of
o Gause Occurring Prevention Controls Product Line
Less than 100% of Control
Exa m es
A portion of the product affected; strong Degradation of 10 hi None No on controls
production run may possibility for additional secondary
5 Moderately have to be reworked defective product; sort 9
vehicle function. Prevention controls will have little
low required; no line Very high Behavioral
off line and accePted effect in preventing failure cause.4
shutdown I
Very Prevention controls somewhat
Defective Product triggers objectionable 7
100% of production significant reaction Plan;
High effective in preventing failure
run may have to be appearance, 6 cause.
additional defective Behavioralor
4 reworked in station sound, vibration,
products not likelY; sort Technical
before it is processed harshness, or 5 Prevention controls are effective
not required Moderate
ha in preventing failure cause.
4
ModeratelY 3 Low Best Practices: Prevention controls are highly
A portion of the Defective Product triggers objectionable
minor reaction Plan; Behavioralor effective in preventing failure
production run may appearance, 2 Very low
additional defective Technical cause.
3 have to be reworked
products not likelY; sort
sound, vibration, ( ()
in-station before it is harshness, or
not required Prevention controls are
processed haptics. extremely effective in preventing
Low failure cause from occurring due
Defective product triggers Slightly to design (e.9. part geometry) or
no reaction Plan; objectionable 1 Extremely low Technical process (e.9. fixture or tooling
Slight inconvenience additional defective appearance, design). lntent of prevention
2 to process, oPeration, products not likely; sort sound, vibration, controls - Failure Mode cannot
or oPerator not required; requires harshness, or be physically produced due to
feedback to suPPlier haptics. the Failure Cause.
No discernible effect or No discernible Prevention Control Effectiveness: Consider if prevention controls are technical (rely on machines, tool
1 Very low No discernible effect no effect effect. life, tool material, etc.), or use best practices (fixtures, tool design, calibration procedures, error-proofing
verification, preventive maintenance, work instructions, statistical process control charling, process
monitoring, product design, etc.) or behavioral (rely on certified or non-cedified operators, skilled trades,
team leaders, etc.) when determining how effective the prevention controls will be.
Table C2-1 - PFMEA SEVERTTY(S)
Tabte C2.2 - PFMEA OCCURRENCE (O)
1 l)
-197-
- 196 -
C2.3.2 PFMEA OCCIIRRENCE (O) with Time Based Faiture prediction
G2.3 Alternative PFMEA Occurrence (O) Tables ( (ilt Values
Values
C2.g.1 PFMEA Occurrence (O) with lncidenfs per Thousand Occurrence Potential (O) for the Process
Occurrence Potential (O) for the Process Potential Failure Causes rated according to the criteria below. Consider Prevention
Controls when determining the best Occurrence estimate. Occurrence is a predictive
below Co NS der P reve ntion
Potential F a lu re Cau ses rated accord ing to the criteria qualitative rating made at the time of evaluation and may not reflect the actual Blank untitfiiled
Occu rrence IS a p red ctive
Contro ls when determining the best Occu rre nce estimate Blank untilfilled
occurrence. The occurrence rating number is a relative rating within the scope of the in by user
qu itative rating mad e at th ti me of evaluation and may not
reflect the actual FMEA (process being evaluated). For Prevention Controls with multiple Occurrence
VE rating withi n th scope of the in by user
occu rrence. The occurren ce ratin NU m ber S re ati Ratings, use the rating that best reflects the robustness of the control.
o n Co ntro with MU tiple Occurre nce
F M EA (p roces S bei ng evalu ated) For P reventi
S
Ratings use the rati ng th at best reflects th e robustness of the control. Time Based Failure Type of c orporate or
o Prevention Gontrols Product Line
Gorporate or Cause Prediction Gontrol
Type of Exam
lncidents per 1000 Prevention Gontrols Product Line
o items/vehicles Control les
10 Eve time None No controls.
t
- 199 -
- 198 -
c2.4 PFMEA DETECTION (D)
Detection Potential for the Validation of the Process Des
Detection Controls rated according to the Detection Method Maturity and Opportunity for
n
Blank until
filled in by
f !(T
Detection Potential for the Va lidati on of th e Process Desi gn
Detection Control s rated according to the Detection
Detection.
Method Maturity and opportunity for Blank until
filled in by
user
Detection. user Corporate
D
Ability to Detection Method
Corporate Opportunity for Detection or Product
Detect Maturity
Ability to Detection Method or Product Line
D Opportunity for Detection Line
Detect Maturity
Examoles Machine-based automated detection
No testing or inspection method that will detect the failure mode
The failure mode will not or cannot be
10 method has been downstream, prevent further processing
detected.
established or is known. or system will identify the product as
Very low It is unlikely that the 4 discrepant and allow it to automatically
testing or inspection The failure mode is not easily detected move forward in the process untiltho
9 through random or sporadic audits. System has been proven designated reject unload area. Discrepant
method will detect the
failure mode. to be effective and product will be controlled by a robust
reliable (e.9. plant has system that will prevent orfflow of the
Human inspection (visual, tactile, audible),
Test or inspection method or use of manual gauging (attribute or experience with method product from the facil ity
I has not been proven to variable) that should detect the failure on identical process or
Machine-based automated detection
be effective and reliable mode or failure cause. this application), gauge
method that will detect the failure mode in-
(e.9. plant has little or no R&R results are
Machine-based detection (automated or High station, prevent further processing or
Low experience with method, acceptable, etc.
gauge R&R results semi-automated with notification by light, system will identify the product as
buzzer, etc.), or use of insPection 3 discrepant and allow it to automatically
7 marginalon comparable
equipment such as a coordinate move foruvard in the process until the
process or this
measuring machine that should detect designated reject unload area. Discrepant
application, etc.). product will be controlled by a robust
failure mode or failure cause.
Human inspection (visual, tactile, audible), system that will prevent outflow of the
has been proven to be or failure cause (including product sample Machine-based detection method that will
checks 2 effective and reliable (e.g. detect the cause and prevent the failure
effective and reliable (e.9. plant has experience with
plant has experience with Machine-based detection (semi- mode (discrepant part) from being
Moderate method, error-proofing produced.
method, gauge R&R automated with notification by light,
etc.
results are acceptable on buzzer, etc.), or use of insPection
Fai lu re mode cann ot be physical ly prod uced as-designed
5 comparable process or equipment such as a coordinate or
1 Very high processed or detecti o n methods proven to always
this application, etc.). measuring machine that will detect failure d etect the fa lure
mode or failure cause (including product mode or failure cause
sam checks
-200 - - 201
Prediction of ACTION
1-10 L
V high - Very low Low - Very low 7-10 L
Very low 1
7-10 H
Low - low Moderate 5-6 L
5-6 H High 6-7
H High 2-4 L
B-10 High 2-4
Very high Very high 1 L
1 H Product or
Very high
H Plant Effect 2-3 Low - Very low 7-10 L
Low - Very low
7-10
Low Moderate 5-6 L
5-6 H 4-5
Moderate Moderate
6-7 H High 2-4 L
High h 2-4
1 M Ve high 1 L
h h
low 7-10 H Low - Very low 7-10 L
Product or Low -
5-6 M Moderate 5-6 L
Plant Effect 7-B Moderate Low 2-3
4-5 2-4 M High 2-4 L
High Moderate High
1 M Very high 1 L
VerY h
7-10 M Very low I Very high - Very low 1-10 L
Low - Very low
5-6 M No
Moderate Very low -
L Discernible 1 1-10 Very high - Very low 1-10 L
Low 2-3 High 2-4 Very high
Effect
1 L
Very high
Very low I Very high - Very low 1-10 L Table C2.5 - ACTION PRIORITY FOR PFMEA
-203 -
-202 -
C3.2 Supplemental FMEA-MSR FREQUENCY (F)
C3 FMEA-MSR SFM and AP Tables ( (@
Frequency Potential for the Product
C3.1 Supplemental FMEA-MSR SEVERITY (S) Frequency criteria (F) for the estimated occurrence of the Failure Cause in relevant B I a nk unti I
operating situations during the intended service Iife of the vehicle fi lled in by
user
Estimated rate or
Product General Evaluation Criteria Severity (S) F
Frequency Frequency criteria - FMEA-MSR Product Line
Blank untilfilled in bY Exa m es
Extremely Frequency of occurrence of the Failure Cause is unknown
Potential Failure Effects rated according to the criteria below user
10 high or cannot or known to be unacceptably high during the intended
Gorporate or be determined service life of the vehicle
Severity criteria Product Line I Failure Cause is likely to occur during the intended service
s Effect
life of the vehicle
High
Fail ure Cause may occur often in the field during the
Affects safe oPeration of the vehicle and/or other I intended service life of the vehicle
10 vehicles, the health of drive r or passenger(s) or Failure Cause may occur frequently in the field during the
road users or estrians 7
Very High intended service life of the vehicle
Note: This table is identical to Table c1.1 - DFMEA SEVERITY (S) < 1o/o 2
Table C3-1 - Supplementat FMEA-MSR SEVERITY (S) NOTE: Probability increases as number of vehicles are
increased
Reference value for estimation is one million vehicles in
the field
-205-
-204-
Su pplementa FM EA for Mo n ito n n g and System Respon
G3.3 Supplemental FMEA-MSR MONIToRING (M) ( se (I'r)
m M on ito ring Crite na M) for F a ilure Ca uses Fai u re Mod es nd Fai
Supplemental FMEA for Monitoring and System Response (M) u re
Monitorin g du n ng c ustom er Operation Use the rati ng n u mber th at corresponds by Blank u ntil
Failure Effects by Blank until least effective of eith e cn te na for Monitori with the filled in by
Monitori ng c riteri (M fo Fail u re Cau SES, F ailure Modes an d or m Res
numbe that correspo nds with the filled in by user
Monitoring du n ng c ustom er Operation U SE the rating user Effectiveness of
of eith criteria for Mo nitori n or m nse Gorporate
least effective Monitoring Diagnostic Monitoring / System Response /
Gorporate M or
Controls and Sensory Perception Criteria Human Reaction
Effectiveness of System ResPonse / or Product
Diagnostic Monitoring / System Response Criteria
Monitoring Human Reaction Product Line
M Sensory PercePtion Griteria
Gontrols and Griteria Line The faulVfailure will be
System ResPonse automatically detected by the The automated system
or the driver will be able
The faulVfailure cannot be system during the fault tolerant
No response during the to react to the detected
detected at all or not during the 4 Moderately High time interval, with medium
fault tolerant time faulVfailure during the
10 Not effective fault tolerant time interval; by the variance in detection time, or
interval. fault tolerant time
system , the driver, a Passenger, detected by the driver in most
or service technician operating conditions. Diagnostic interval, in most
The reaction to the operating conditions.
The faulVfailure can almost never e estimated >97o/o.
be detected in relevant oPerating faulVfailure bY the The system will
conditions. Monitoring control system or the driver maY The faulVfailure will be automatically react to the
9 Very Low with low effectiveness, high not reliably occur during automatically detected by the detected faulVfailure
variance, or high uncertaintY. the fault tolerant time system during the fault tolerant during the fault tolerant
Minimal ostic interval. time intervalwith very low time interval in most
3 High
The faulUfailure can be detected The reaction to the variance in detection time, and operating conditions with
in very few relevant oPerating faulVfailure bY the with a high probabitity. very low variance in
conditions. Monitoring control system or the driver maY Diagnostic coverage system response time,
I Low with low effectiveness, high not always occur during estimated >99o/o. and with a high
variance, or high uncertaintY. robabil
Diagnostic coverage estimated
the fault tolerant time ( D The system will
interval. The faulVfailure will be detected
<60%. automatically react to the
automatically by the system with
Low probabilitY of detecting the very low variance in detection detected faulUfailure
fault/failure during the fault Low probabilitY of during the fault tolerant
2 Very High time during the fault tolerant time
tolerant time interval bY the reacting to the detected time intervalwith very
interval, and with a very high
system or the driver. Monitoring faulUfailure during the low variance in system
Moderately Low probability. Diagnostic coverage
7 control with low effectiveness, fault tolerant time interval response time, and with
by the system or the estimated > 99.9%.
high variance, or high a h h
uncertainty. Diagnostic coverage driver. Reliable and The faulVfailure will always be The system willalways
estimated >60%. acceptable for detected automatically by the automatically react to the
The faulVfailure will be 1 elimination of system. Diagnostic coverage detected faulVfailure
The automated sYstem
automaticallY detected bY the originalfailure estimated to be significantly during the fault tolerant
or the driver will be able
system or the driver onlY during effect than 99.9% time interval.
6 to react to the detected
power-up, with medium variance faulUfailure in manY
in detection time. Diagnostic operating conditions. Table C3-3 - Supplementat FMEA-MSR MONITOflNG (M)
estimated >90%
The faulUfailure will be
Moderate automaticallY detected bY the
system during the fault tolerant The automated sYstem
time interval, with medium or the driver will be able
5 variance in detection time, or to react to the detected
detected bY the driver in very faulVfailure in very manY
many operating conditions. operating conditions.
Diagnostic coverage estimated
between 90% -97%
-207 -
-206 -
Action for FMEA-MSR
G3.4 ACTION PRIORITY FOR FMEA.MSR
Action Pri for FMEA'MSR
rati ngs n order to
o (fti Action Priority ts based on com bi nations of Severity F req
uen cy a nd Mon itoring rati
p rioritize actions fo r risk red uction ngs In order
to
and M onitorin
Action Priority IS based on combi nations of SeveritY FrequencY
pno ritize actions for risk redu ction. Prediction of
Effect S Failure Gause F
Effectiveness of
ACTION M
Prediction of Effectiveness of PRIORITY
Monitoring
F M
Effect S Failure Cause Monitoring High - Extremely
high 7-10 Reliable - Not effective 1-10
H
Medium - ExtremelY 5-1 0 Reliable - Not effective 1-10 H
h
ModeratelY high - Not Moderate - Not effective 6-1 0
4-10 H H
effective Medium 5-6
Low 4 2-3 H Product Reliable - Moderately
I
Very hish - High 1-5
I
Reliable 1 M Effect hish M
I
Moderately 4-6
ModeratelY high - Not 4-10 H
i Product Low Very low - Not effective 9-1 0
I 10 effective M
i Effect High Very low 3
Very high - High 2-3 M
Extremely low - Low 2-4 Moderately high -
Reliable 1 L 7-B
Moderate M
ModeratelY high - Not 4-10 M
2 effective Reliable - Moderate 1-6 L
Extremely low
Reliable - 1-3 L Cannot occur Reliable - Not effective
1
1-10 L
1-10 L
Cannot occur 1 Reliable - Not effective High - Extremely
high 7-10 Reliable - Not effective 1-10 H
1-10 H
Low - Extre 4-10 Reliable - Not effective
- Not effective 2-10 H
ExtremelY low - Very 2-3 Moderately low - Not
Reliable - H h 1 L 7-10 M
Product I low Medium 5-6 effective
Effect High Product
1-10 L Effect Low 2-3 Reliable - Moderate
Cannot occur Reliable - Not effective 1-6 L
-208- -209 -
Analysis (FTA) as methods to identify potential causes of malfunctioning behavior..FMEA_MSR
( h
i tt Tgl",1t-"d to supplement the DFMEA by analyzing the effectiveness of diagnostic monitoring
and system response in maintaining functional safety. ln addition to safety considerations, the
method can also be used for analysis of regulatory compliance topics.
D2.3 Linkage between Frequency (F) and FIT Rates ,n ,SO 26262
Frequency is a qualitative estimation of how often the considered failure cause may occur
during an operational situation. FIT Rates are a quantitative assessment of the measured
reliability of an E/E component, based on exposure of the component to specific*test conditions.
Therefore, the two metrics are related, but not equivalent.
-211 -
(
E Further Application Fields
Failure Effect
0 with the DFMEA and PFMEA described, all application fields
Failure Effect can
original
Failure Effect S = 1'..9 be covered.
Failure Effect S = 1..'9
10 5=1"0
S=10 The procedure is also transferable to suppliers of the automotive
--
Mitigated Failur* Effect industry of other industrial branches. The special features
ss8 specific procedures are to be taken into account. "nJ
M=2."9
M=2...10 El FMEA for Software Scopes
M=10 M=L
The functions of a system are realized more and more often by
software. A Design FMEA examines the functional capability of a
Failure Cause
Failure Cause system, and therefore the inspection of software scopes is a part
Failure Cause Failure Cause of this. The system and its effect relationships should be inspected
Safe Fault or
Residual Fault
Non safetY-relevant Fault
as a whole in the analysis of the software scope. r,
No [quivalent
Single-PointFault
When inspecting software scopes, special problems can occur
not in scope of FMEA-MSR
f.rOff: Multiple-point Faults are that are considered in the following sections.
{ NOTE: The term "Software FMEA" is misleading, since not the
software but the functions that are realized by the
FigureD2-lLinkagebetweenFailureCausesinFMEA.MSRfoFauttsintSo26262
software are to be examined in the system context.
I,
ir,
-213-
-212-
F
E3FMEAintheSoftwareDevelopmentProcess Vehicle aPProval test
f fr
Change Point Summaries
F1 AIAG 4th Edition FMEA Reference Manual to AIAG & VDA FMEA Handbook
D€veloPmentof
fequ iremanta'
Valldatlon F1.1 AIAG 4th Edition DFMEA to ALAG & vDA FMEA Handbook
)-_.'
DFMEA
DeveloPment of Systs$ test lntrllrati o n
The AIAG & VDA FMEA method is described by a 7-Step approach. The steps are the
architectu.e synthesis of AIAG and VDA DFMEA process steps. For example, Block/Boundary Diagrams
f+
(0!
\.- shown as Step 2 of the 7-Step approach and the same deliverable is shown as a prerequisite
are
in
A\, Ptoducttast the 4th Edition.
Product
Oesign"
o procossing lntsgration Special Characteristics are removed from DFMEA but stay in PFMEA, see Annex Dl Special
a Function t Characteristics.
module
tost For continuous lmprovement a History/Change Authorization column is added (For use as
Function I
applicable)
module
integration
The linkage between DFMEA and PFMEA is explained and FMEA Collaboration (Customer
Tiern-Tiern+1). -
E4FMEAforMachineandFacilityManufacturers
0 the analysis subject and baseline DFMEA as appropriate.
FMEA Form Sheet header is defined within Step 1 and the following changes apply:
TheDFMEAofamachineissometimesreferredtoasa,.Machine
FMEA" in the literature' i. Gompany Name added
a machine was identified as a ii. Marking of System, Subsystem or Gomponent removed
Starting from a PFMEA in which iii. Engineering Location added
;il,'; biMen be prepared for the machine'
"un iv. Customer Name added
lnthePFMEA,therequirementson.thefunctions/abilitiesofthe
machine.
the
v. ModelYear(s)/Program(s)changedtoModelyear/platform
,"lni"" are ioentitieo in fft" analysis of vi. Subject added
Separate evaluation tables are
to be developed for this Machine vii. Key Date removed
FMEA.
viii. Revision Date added
follows the rules as Design or
ix. FMEA Number changed to DFMEA lD Number
At the end the Machinery FMEA x. Page Number of Page Number removed
Process FMEA' xi. Prepared By changed to Design Responsibility
xii. FMEA Date (orig.) changed to Start Date
xiii. Gore Team changed to Cross-FunctionalTeam
xiv. Gonfidentiality Level added
Re for chanqe : To use common terms and include necessary information for record
management
-215-
-214-
2nd SteP: Structure AnalYsis
For DFMEA' ITEM is exPanded
to SYSTEM, SYSTEM ELEMENT'
ELEMEN
and COMPONENT
T as Focus Element, and
f rcil
4th
i.
Step: Failure Analysis
Concept of FOCUS ELEMENT establishes the focus of the analysis.
Potential Failure Mode changed to: Failure Mode (FM) of the Focus
Higher Level, SYSTEM Element
ELEMENT with SYSTEM as Next
Next Lower Level or Characteristic
TYPe ii. Potential Failure Effect changed to: Failure Effects (FE) to tne r.reiirrigher
levet
COMPONENT ELEMENT as Element and/or End User
Collaboration between customer
and supplier is defined and added iii. Potential Failure Gause changed to: Failure Gause (FG) of the Next Lower
Element
co mponent and/or or Characteristic
identifY the sYstem, subsystem,
Reason for change To
ation
correctlY
to the item (focus element) being analyzed
This information is needed iv. Order of columns changed from FM, FE, FC to FE, FM, FC
characteristic in rel
lmportant note: Although the order of columns changed, the
for SteP 3, Function AnalYsis
order of creating the analysis using a spreadsheet
remains the same. rt is necessary to identify first the
i 1. Next Higher Levet (FM), then either the (FE) or (FC) depending on the
,tl
rl SYSTEM team. When using FMEA-dedicated softwaie the team
may perform the DFMEA in a different way e.g.
identifying failures and then linking them in a froper
3rd SteP: Function AnalYsis failure chain of (FE), (FM), (FC).
so that rtem is
4TH Edition Form sheet A and c: rtem/Function and.Requiremenlarg,'sotit
the tevels defined in ldentify failures by systematic description of question approach.
ArAG i*u"iiuoi!:ioi each of
part of Step 1 and Function and nequireml.irp""" More detailed description how to formulate failure effects, failure mode and failure cause with
Step 2. examples.
how to formulate functions'
The description is more detailed Relationship is shown between PFMEA and DFMEA.
P-Diagram explained'
/ characteristics and usage of
Detailed definition of requirements Possible views in form sheet are described.
teams is described
Collaboration between engineering Collaboration between customer and supplier explained.
Reason for chanqe:- To establish the functions for each Item/SYstem
Element to demonstrate
of the next higher level
O
of how each level contributes to the functio nality leads to listing 1. Failure Effects (FE) to the
an understanding and Requirements of the Product
listin g the Positive Functions
Considering and Next Higher Level Element
and the Causes of Failure
the negatives, the Effect of Failure, and/or End User
A and C: ltem/Function
lmporta nt note: AIAG Form Sheet where customers
ne eded correction due to instances
an Item descriPtion and
have rece ived DFMEAs showing
or Requ irement identified Reason for chanoe: To promote the cause and effect analysis in terms of a chain of potential
Failure Mode with no Function
and Requirement are events. The structure, function, and failure sections of the form sheet are designed using a
The exPectation is that a Function
of how the Function pattern that leads to three levels of a failure chain (FE), (FM), (FC).
necessary for an u nderstanding
could fail
Sth Step: Risk Analysis
The term "ranking" replaced by "rating" because each failure is rated according to the criteria
1. Next Higher defined in the rating charts. Each rating chart has a new column to add company-specific
Level Function and examples
Requirement
i. Severity rating - Ten-point scale with similar definitions for each level. Split rating of 10
and 9 allowing for alignment with functional safety groups (Safety is 10 regardless of
warning, and 9 is regulatory). The same scale is used for DFMEA, PFMEA, and FMEA-
MSR when rating the (FE) to the end user level.
ii. Occurrence rating - Ten-point scale with added emphasis on Prevention Controls as
input to the Occurrence rating.
-217 -
-216-
iii. Detection rating
_ Ten-point scare that considers Abi'ty to Detect,
Detection Method
f @
Responsible Target
Action
Taken
Completion
;nU[';.tt'*,n:*k:*3ii#ilr:lglf:ft
Reference AF
::-fi :",'j't^j'ili*S'S'uo'"
Person's Completion Status
Name Date
with
Pointer to
Date
Evidence
toi orruen and PFMEA'
by the
6iotn"iinformation designated
V.classification-replacedwithrirlercode(optional)_TheFitterCodecolumnmaybe
special
used to fiag potential
"nuru.iJ'i'iiJ'
7th Step: Result Documentation
Step 7 summarizes the scope and results of the DFMEA in a report for review by internal
management and/or the customer. The AIAG 4th Edition FMEA manual indicates that
management owns the FMEA process and has the ultimate responsibility of selecting and
applying resources and ensuring an effective risk management process including timing. These
statements are found in Chapter 2, Strategy, Planning, lmplementation. However, the 4th
Edition does not provide additional guidance on how to engage management in the DFMEA
team. Step 7 provides recommendations for what to include in results documentation. This
report should indicate the technical risk of failure as a component of the development plan and
project milestones.
Fl.2 AIAG 4th Edition PFMEA to AIAG & VDA FMEA Handhook
(s PFMEA
o
The AIAG & VDA FMEA method is described by a 7-Step approach. The descriptions below
1. Failure o O compare these 7-Steps to the current AIAG process. The comparisons include all form sheets
Effects (FE) to used in both manuals. As appropriate, it will be pointed out why (Reason for change or Reason
the Next
oc)o
C)
for use) the change can help lead to a more complete PFMEA.
Higher- Level
Element o
=
Ll
1st Step: Planning & Preparation -
and/or
End User
i. Define the Scope changed to 1st Step: Planning & Preparation
2nd Step: Structure Analysis -
i. ltem changed to Process ltem System, Subsystem, Part Element or Name of
6th SteP: OPtimization Process
Note: Different form formats, allow this to be listed a single place or on each line.
ThedefinitionofoptimizationisdetailedintheA|AG&VDAFMEAHandbook' ii. Process Step changed to Process Step Station No. and Name of Focus Element
open''completed' Discarded)
i.RecommendedActionsplitintotwocolumns:PreventiveActionand.DetectionAction iii. Process Work Element 4M Type has been added.
ii. New: Stat#(Sfi;;'t"o'tutu'l;;il;
iii. n-"iioiii"r"n yitl Pointer to Evidence
Changed:
Reason for use: This added step (4M) requires the users to consider the 4M's while reviewing
or internal use) the activity taking place within the process.
iv. New: Rem;i;i;";;FMeR tt"tn
effectiveness defined'
New assessment of action
described'
I
Continual improvement
CollaborationbetweenFMEAteam,management,customerandsupplierexplained' each
management to be sure
The information herps the user with visuar for follow-uP
Reason for change: tn";point"*o Evidence"
L
I
tl
''l
i, i."i"o"J und .or'r[""i ffi;";iir
piece of information
il reasons.
-219 -
-218-
Or alternate form sheet
0 0
1. Failure Effec{s (FE) to
3. FailweCase{FC}
the Next Higher Level
of &eWskElsnent
Element ancl/or End User
-221 -
-220 -
Tabre is based on
,,Detection Method Maturity,,, "opportunity for Detection" and
f T?
Responsible Target
Action
Taken
p
o
IJ
o
(,
v. RPN changed to PFMEA AP' with Completion G
Person's Completion Status
Name
Pointer Date so
is t (tow)' M (Medium)
ReasonforGhanqe:Th91|I,caleis1to1,000-basedonthesimplemultiplicationof Date o
i
(,
and H (High);;ilr ilJoonia*inginto "l.ount CL
o
time and appties togic todetermine the priority of action'
lt
Characteristics'
vi. Glassification changed to Special
7th Step: Results Documentation -
Note:specialcharacteristicsandFiltercodearesub-categoriesofA|AGClassification'
& VDA Handbook' Step 7 summarizes the scope and results of the DFMEA in a report for review by internal
vii. Filter Code (Optional) new for AIAG
I
management and/or the customer. The AIAG 4th Edition FMEA manual indicates that
1
rl
management owns the FMEA process and has the ultimate responsibility of selecting and
I
applying resources and ensuring an effective risk management process including tim-ing.
I
These
statements are found in Chapter 2, Strategy, Planning, lmplementation. However, the 4th
I
o Edition does not provide additional guidance on how to engage management in the DFMEA
!
team. Step 7 provides recommendations for what to include in resultJdocumentation. This
I
i
o
(J
1
i
o report should indicate the technical risk of failure as a component of the development plan
i and
iE project milestones.
F2 vDA volume 4, chapter Product and process FMEA to AIAG & vDA FMEA
6th SteP: OPtimization - Handbook
i.RecommendedActionchangedtoPreventionActionandDetectionAction
F2.1 vDA volume 4, chapter product DFMEA to ALAG & vDA FMEA
I
Reasonforchange.=Thedivisionofinformationhelpstheuserwithvisualmanagement
rffi-o-prevention and Detection' Handbook
I
of actions
I
ii.Responsibility&TargetGompletionDatechangedtoResponsiblePersonsName The FMEA Method is described by seven-step approach, similar to the previous five-step
! and Target GomPletion Date' approach in VDA Volume 4, Product and process FMEA.
:
Reasonforchanqe:Requiresanameratherthanadepartment. The section Definition is the new first step Preparation and Project Planning. The result
documentation is added as step seven.
ill Status new for AIAG & VDA Handbook'
1. Preparation and Project planning
Reasonforchanqe:Userscantrackthepercentageofcompletion' 2. Structure Analysis
iv ActionResults.ActionsTakenGompletionDateandActionsTaken&Effective
with Pointer to Evidence and 3. Function Analysis
Date (Form sheets;': H) is cnangeo t"'A;tdJaken 4. Failure Analysis
Completion Date. !-,--^^. 5. Risk Analysis
addition to listing actions taken' a direction to evidence ls 6. Optimization
Reason for chanqe: ln 7. Result Documentation
required.
Special Characteristics are removed from the DFMEA Form Sheet but stay in the pFMEA Form
V Severity/occurrence/Detection/RPNchangedtoSeverity/occurrence/ Sheet. See Annex C1 Special Characteristics.
Detection / AP'
& VDA Handbook'
VI Soecial Gharacteristics new for AIAG For continuous lmprovement history column is added and the authorization column changed.
vii il;;i" ;"* tot AIAG & VDA Handbook'
The linkage between DFMEA and PFMEA is explained and the FMEA Collaboration (Customer
- Tier n - Tier n+1).
-223 -
-222-
Characteristic or lntended-. Function v' Characteristics
' -"J'vrr or
fr
vrrqrqvrsrrDLrt/D of vurrrpurlent El
ur Component tslernent (Next
or Characteristic Type). Lower Level
thor" listed in the Appendices'
ThecomparisonbelowshowsthefolrytofFMEAForm.SheetslistedintheVDAVolume4to
& vDA]i;;l[oo* in"ruoing
0
the form sheets rirtJin-inl'nrAc
1. Next Higher Level
Asappropriate,itwillbepointedoutwhy(Reasonforchange)theformatcanhelpleadtoa Function and
more complete DFMEA' Requirement
lst SteP: Planning and PreParation
"Definition - D" i'lepracedt{f::'::i,1i",il:'l3r?il:,t#:ffilt:","1["X3iill"'1"'01?I'J'"" The description is more detailed how to formulate functions.
sectlons
considered in definition' Both
I
I
l
SteP: 0
l'
2nd Structure AnalYsis
and COMPONENT
t,
ITEM is exPand ed to SYSTEM, S YSTEM ELEMENT' as Focus Element, and
For DFMEA, Level, SYSTEM ELEMENT
SYSTEM as Next Higher
ELEM ENT with or Characteristic TYPe
AS Next Lower Level
COMPON ENT ELEMENT
I
Connectiondescriptionwithprocessflowdiagramandstructuretree
are described'
Possible views in form sheet
added'
and supplier is defined and
Collaboration between customer
help
rhe Next Hisher and Lower Level
fiffi:J:Jffi?TEA team on the,Erement to anarvze. SYSTEM'
r".ur", and the ot i".ut" tint< in the defined
ffi;;;
to identify the Effectli
-225 -
-224 -
4th SteP: Failure AnalYsis ( 1. Failure
Concept of FOCUS ELEMENT establishes
the focus of the analysis Effects (FE)to -6
C
the Next o
o.
1. Failure Effects (FE) to the
Next Higher Level Element
Higher Level
Element
I o)
and/or End User and/or E
o
End User o
iI
of question approach'
ldentify failures by systematic description
with
fairure effects, fairure mode and fairure cause ,|?:*".'j|:X?:tr'J,[:il
More detaired description how to formurate an d cu rre nt d etect o n co n tro s with exa
iX3f":"i? :J#,:'
i r
i mp r es
examples.
and DFMEA' Current Controls, even if the implementation is in the future,
Relationship is shown between PFMEA are part of Risk AngJysis.
New and more detailed described evaluation table of severity ,,end
Possible views in form sheet are described' of user,,.
explained' More detailed described evaluation tables occurrence and detection
Collaboration between customer and supplier with examples.
AP as replacement of RPN introduced with Action Priority high,
Reason for change: medium, and low.
New column "Filter Code (Optional),, introduced.
TheFailureEffects(FE)totheNextHigherLevelElementand/orEndUser,theFailureMode
(FC) of the Next Lower Element or
Cause
(FM) of the Focus f]"ni"nt, and the Failure Possible views in form sheet are described.
bharacterlstic are aligned in the SYSTEM'
I
I
collaboration between customer and supprier exprained.
i Reason for chanqe:
I
t.
Sth SteP: Risk AnalYsis
0 The AP (Action Priority) scale is_L (Low), M (Medium), and H (High)
is based on taking into
SeveritY (S) rating: account the rating of S, o, and D at the s.ame time and applying
Iogi" to determine the priority of
Tenpointscalewithnewdefinitionsforeachlevel.Splitratingofl0andgallowingfor action' The table also makes recommendations on how wort< tnrou-gh
the three Ap levels.
I
Ten point scale with new definitions for each Name Date Pointer to Date E
0)
considered' Evidence
t
Action PrioritY (AP):
(AP) replaceg, Jh" 13*" table is used
Risk Priority Number (RPN) with Action Priority
priority ijshown by'high"'medium' and'low'' Status of different action defined.
for DFMEA und PFMEA. The nction
New assessment of action effectiveness defined;
Continual improvement described
Remarks column added to document internal comments, notes,
and filter column for
manipulation of data.
Possible views in form sheet are described.
-226 - -227 -
I
I
Collaboration between FMEA team, management, customer and supplier explained. iv, Changed: Cross FunctionalTeam
( t;\ft) V. Changed: PFMEA lD Number
Reason for chanqe: vi. Changed: Process Responsibility
The information helps the user with visual management; each piece of information is included vii. Added: Company Name
and correct. lmportant is the "Pointer to Evidence" for follow-up reasons. viii. Added: Customer Name
ix. Added: Manufacturing Location
X. Added: Confidentiality Level
7th Step: Result Documentation
The added step seven summarizes the scope and results of an FMEA in a report.
This report should indicate the technical risk of failure as a component of the development plan
and project milestones.
2nd Step:
Structure Analysis
For PFMEA, |TEM is expanded to pROCESS
ITEM with S ystem,
Name of Process, p ROCESS STEP with Station Su bsystem , Part Element or
No. and Name
PROCESS WORK ELEMENT with 4M Type. PROCESS of F ocus Elem ent, and
F2.2 VDA Volume 4, Chapter Product PFMEA to AIAG & VDA FMEA Machine, Man, Material (lndirect), Envi ronMent (Milieu) woRK ELEMENT tabeb added
Handbook , etc.
1. Process ltem
The FMEA Method is described by seven-step approach, similar to the previous five-step System, Subsystem, part
approach in VDA Volume 4, Product and Process FMEA. Element or Name of process
The section Definition is the new first step Preparation and Project Planning. The result
documentation is added as step seven.
connection description with process frow diagram
1. Preparation and Project Planning and structure tree.
2. Structure Analysis 4M especially Material (indirect) is more clarified
and detailed explained;
3.
4.
5.
Function Analysis
Failure Analysis
Risk Analysis
I Possible views in form sheet are described.
collaboration between customer and supprier is defined
and added.
6. Optimization
for c qe
7. ResultDocumentation
This focuses the FMEA team on the Element to analyze.
Special Characteristics stay in the PFMEA Form Sheet but are removed from the DFMEA Form The process ltem and process Work
help to identify the Effect of Failure,
Sheet. See Annex Cl Special Characteristics. !l-e19nt
PROCESS.
and the Causes of Failure tink in the defined
For continuous lmprovement history column is added and the authorization column changed.
The linkage between DFMEA and PFMEA is explained and the FMEA Collaboration (Customer
3rd Step: Function Analysis
- Tier n - Tier n+1).
For PFMEA, FUNCTION of Process ltem is expanded to Function of
The comparison below shows the format of FMEA Form Sheets listed in the VDA Volume 4 to System, Subsystem, part
Element or Process, FUNCTION oF PROCESS srEP is expandeo to
the forms listed in the AIAG & VDA Handbook including those listed in the Appendices. Functtn of system,
Subsystem, Part Element or Process, and FUNCTION OF WORK ELEMENi
to Function of the
As appropriate, it will be pointed out why (Reason for chanqe) the format can help lead to a Process Work Element and process bharacteristic.
more complete PFMEA
2. Function of the Process
1st Step: Planning and Preparation 1. Function of the process ltem Step and Product
"Definition - D" is replaced by "1st Step: Planning and Preparation". Preparation is partly Function of System, Subsystem, Characteristic
considered in definition. Both sections define the depth of what will be included in the document Part Element or process (Quantitative value is
optlonal)
FMEA Form Sheet header is defined within step 1 and new columns are changed or added.
i. Changed: ModelYea(s) / Program(s)
ii. Changed: Subject The description is more detailed how to formulate functions.
iii. Changed: Start Date and Revision Date Detailed definition of functions / characteristics and usage of P-Diagram
explained
-228- -229 -
Possible view in form sheet is
described
1. Failure E
c
Effects (FE) o
o.
ffigthepositive,Functions/characteristicsoftheProcesS,leadstolistingthe to the Next o
;;;i";t, ir''" er".i Jt i"itu'"' and the causes of Failure' Higher Level c)
rc
Element o
C)
and/or L
o
4th SteP: Failure AnalYsis End User
=
establ ishes the focus of the analYsis
LL
ConcePt of FOCUS ELEMENT
Remarkscolumnaddedtodocumentinternalcomments,notes,andfiltercolumnfor
( O
maniPulation of data'
sheet are described'
cc
Possible views in form o
o_
CollaborationbetweenFMEAteam,management,customerandsupplierexplained o
o
E
o
ffitn9.us91yr]hlisualmanagement;,'eachpieceofinformationisincluded
jrin";poi"ter to Evidenc6" for follow-up reasons' O
L
and correct. f mportiit o
=
iI
7th SteP: Result Documentation
TheaddedstepsevensummarizesthescopeandresultsofanFMEAinareport' plan
a component of the development
as
the technicar risk of fairure
This report shourd indicate The Supplement shows detailed definition of Rationale for Frequency, Current D'iagnostic
and Project milestones' Monitoring and System Response, Most Severe Failure Etfect after System Response, Severity
(S) of FE after MSR, Severity (S) of Original FE from Failure Anatysis (Step 4), and MSR AP.
F2'3vDAVolume4,Chapter.FMEAforMechatronicalsysfemsto MSR AP introduced with Action Priority high, medium, and low.
AIAG a vbA-iien
ilandbook
repraced by "supplemental is Possible views in form sheet are described.
FMEI for Mechatronicar _systems"
The VDA Vorume 4, chapter n"tponse (FM EA-M SR)"' Collaboration between customer and supplier explained.
F M EA for Monitor"lbi"isJ'i"t
-233 -
-232-
G References and Suggested Readings
Collaboration between FMEA
team, management, customer
and supplier explained. (\ o
r IATF 16949: 2016 Quality management systems
ffitheuserwithvisualmanagement;'eachpieceofinformationisincluded Particular requirements for the application of ISO 9001
to Evidence" for follow-up reasons'
rmportJititln";pointer for automotive production and relevant service part
and correct.
organizations
o ISO 9001 Quality management systems - Requirements
o ISO 26262 Road vehicles - Functional safety
o SAE'J1739 Potential Failure Mode and Effects Analysis in
Design (Design FMEA), Potential Failure Mode and Effects
Analysis in Manufacturing and Assembly Processes (Process
FMEA)
o VDA Volume 2 Quality Assurance of Supplies
,
r VDA Maturity Level Assurance for New Parts
o AIAG APQP Advanced Production and Quality Planning
. AIAG PPAP Production Part Approval Process
-235-
-234 -
H Glossary
fi?
Gyber-physical Systems: a mechanism that is controlled or monitored by computer-based
algorithms, tightly integrated with the lnternet and its users
Diagnostic coverage: per ISO 26262-1:2018, the percentage of the failure rate of a hardware
elerient, or percentlge of the failure rate of a failure mode of a hardware element that is
are
detected or controlleO Oy tfre implemented safety mechanism, the diagnostic figures
determined by the hardware functional safety analysis
Failure Chain: A failure chain consists of a Failure Effect, a Failure Mode, and a Failure Cause.
Failure Network: A failure network is the connection of one or more failure chains that can
Mode at
represent failures at multiple levels such that a Failure Cause at one level is a Failure
the next lower level.
Focus Element: The subject of the analysis. ln a hierarchically described system, a focus
element has a next highei level element and at least one next lower element. A focus element I
provide a
may Oe a System Eleirent (item), a function of a system element, or a failure to
function as sPecified.
Hybrid Failure Ghain: A hybrid failure chain consists of a Failure Cause or Failure Mode,
iniended Monitoring Controls, and a mitigated failure effect.
Mechatronics: technology combining electronics and mechanical engineering
Operational situation: per ISO 26262-1:2018, a scenario that can occur during a vehicle's life
(e.g. driving at high speed; parking on a slope; maintenance)
primary Vehicle Function: a function that is essential to fulfil the basic purpose of a vehicle,
e.g. steering, braking, propulsion, and visibility
Residual Risk: The risk(s) remaining after the deployment of safety measures. See 15026262-
1:2018.
Secondary Vehicle Function: a function that enhances or enables a primary vehicle function
and
as well as the user experience, e.g. safety, comfort, convenience, interface, diagnostic,
serviceability
Service life: the intended design life of the item (FMEA-MSR: the intended design life of the
vehicle)
Structure Tree: A graphical depiction of the hierarchical links between system elements and its
dependencies.
System Element: elements of a system that are represented in the structure tree
System response: the system's reaction to a detected fault, usually in the form of degrading or
disabling of a function and/or warning the operator and setting a fault code
Useful life: the operating interval in which a function is correctly provided, and the failure rate is
within acceptable tolerance
Zero Milea ge I Zero km I Zero Hours: vehicle has not left the assembly plant
-236 -