Potential Failure Mode L and Effects Analysis for Tooling & Equipment Machinery FMEA Second Edition ee ee era OO eae eaePOTENTIAL FAILURE MODE AND EFFECTS ANALYSIS FOR TOOLING AND EQUIPMENT ® MACHINERY FMEA Reference Manual Second Edition First Edition, November 2001 + Second Edition, June 2012 Copyright © 2001, © 2012 hrysler Group LLC, Ford Motor Company, General Motors Corporation ISBN: 978 160534 251 190000FOREWORD 2" Edition ‘The MFMEA 2” Edition is a reference manual to be used by suppliers to Chrysler LLC, Ford Motor Company, and General Motors Corporation as a guide to assist them in the development of both Machinery (Tooling and Equipment) FMEAs. The manual does not define requirements; it is intended to clarify questions concerning the technical development of MFMEAS. The content of this document is the replacement for SAE J1739, 2002 Section 5. Potential Failure Mode and Effects Analysis for Machinery should be used by suppliers as specified by Customer Requirements. IEA 4" Edition. ‘This manual is aligned with and is intended to be a supplement to the FN ion MFMEA Reference Manual ‘Summary of Changes in the 2™ e¢ ‘The MFMEA methods described in the 2™ edition MFMEA Reference Manual include those associated with design at the machinery system, subsystem, interface, and component levels. General Changes © The formatting used in the 2” edition is intended to provide easier reading. © An index is included. ‘© Icons are used to indicate key paragraphs and visual cues are used. ‘* Additional examples and verbiage have been provided to improve the utility of the manual and to provide a closer tie into the FMEA process as it develops. * Reinforcement of the need for management support, interest, and review of the FMEA process and results. ‘© Define and strengthen the understanding of the linkage between MFMEA and PFMEA as well as defining the linkages to other tools. ‘Improvements to the Severity, Occurrence, Detection ranking tables so that they are more meaningful to real world analysis and usage. ‘* Alternative methods are introduced that are currently being applied in industry. © Additional appendices which have example forms and special case application of | FMEA. ‘© The focus on the “standard form” has been replaced with several options that represent the current application of FMEA in industry. © The suggestion that RPN not be used as the primary means for assessing risk. The need for improvement has been revised including an additional method, and the use of thresholds on RPN is clarified as a practice that is not recommended. Chapter I provides general FMEA guidelines, the need for management support and having a defined process for developing and maintaining FMEAs, and the need for continuous improvement. Chapter II describes the general application of the FMEA methodology, which is common between MFMEA and PFMEA processes. This includes the planning, strategy, action plans, and the need for management support and responsibility in FMEAs.Chapter III focuses on MFMEA (Design Failure Mode Effects and Analysis), establishing the scope of the analysis, use of block diagrams, various types of MFMEAs, formation of the teams, basic procedure for analysis, action plans, and follow-up, alternatives to RPN, and connection to PFMEAs and validation plans. Chapter IV focuses on PFMEA (Process Failure Mode Effects and Analysis), establishing the scope of the analysis, use of flow diagrams, formation of teams, basic procedure for analysis, action plans, the connection to MFMEAS and the development of control plans. j The Appendices have several examples of forms for DMFEA and PFMEA and addresses different applications and procedures for addressing design and process risk. ‘The Supplier Quality Requirements Task Force would like to thank the following individuals, and their companies, who have contributed their time and efforts to the development of this edition of | the FMEA Reference Manual: Michael Down, General Motors Corporation William Hagen, Ford Motor Company Rebecca Snyder, Ford Motor Company Rahn Westveer, Ford Motor Company Melissa White, Ford Motor Company David Nowak. Chrysler Group LLC Gregory Gruska, Omnex ‘This manual is a copyright of Chrysler Group LLC, Ford Motor Company and General Motors Corporation, with all rights reserved. Additional copies may be obtained from AIAG at © www.aiag.org. Supply chain organizations of Chrysler Group LLC, Ford Motor Company or ! General Motors Corporation have permission to copy forms used in this manual.Table of Contents Chapter 1 Introduction Purpose of Manual... . Follow-up and Continuous Improvement. Chapter I. Approach. Basic Structure Development of an FMI Steps for Machinery .nvon 5 Define the Customer. Identify Functions, Requirements, and Specifications... Identify Potential Failure Modes Identify Potential Effects... Identify Potential Causes. Identify Controls... Identifying and Assessing Risk . Recommended Actions and Results Management Responsibility vou. Chapter IIl MFMBA Machinery Failure Mode and Effects s alysis Introduction. Development of a Machinery FMEA vovsseososror Development of a MFMEA Form APPENDICES ‘Appendix A: Example Sample Form.. Appendix B: Glossary Appendix C: System FMEA. Appendix D Machinery FMEA Oceurrence Table Calculations. References and Suggested Readings Table of Tables ‘Table IIL.1 Sample MFMEA Form with Minimal Information Elements & Example Entries 16 ‘Table IH.2 Example Potential Failure Modes. Esse aioe Table IIL3 Example Potential Effects... Table Cri Suggested MFMEA Severity Evaluation Criteria Table IIL4 Example Potential Cause... Table C12 Suggested MFMEA Oceurrence Evaluation Criteria . ‘Table TH.S Examples of Prevention and Detection Design Controls 30 Table Cr3 Suggested MFMEA Detection Evaluation Criteria .nonononovnnnonn 32 Table Di — Occurrence Table Calculation’ errr 45 Table of Figures Figure Cl. Interfaces and Interactions... 2 Figure C2. Items, Functions and Failures. 44 iii‘This page intentionally left blank,| I | I Chapter I General FMEA Guidelines Chapter | General MFMEA Guidelines| ! Chapter I General FMEA Guidelines | Introduction ® The need of the automotive industry for the disciplined use of a | technique to identify and prevent potential problems has become | ‘more important than ever before, This is due to rapidly changing technology and customer expectations as well as increasing legislation. Studies have shown that effectively implemented | FMEA (Failure Mode and Effects Analysis) methodologies could have prevented many production shutdowns. FMEA are an integral part of an organization’s engineering risk analysis activity and, as such, should be considered controlled documents. In addition, they can provide a foundation for continual improvement and knowledge management activities. Purpose of Manual This reference manual outlines the process for managing, and conducting Machinery Failure Mode and Effects Analysis (MFMEA) as defined and used within the American automotive industry. ‘This manual assumes that the reader has the knowledge of the FMEA process as defined by the FMEA Reference Manual 4® Edition’, This manual provides an overview of the FMEA development and documentation process as applied to the analysis of machine risk. Further, it discusses the value added aspects of the FMEA process: the information access and usage by the various customers of this knowledge. Failure Mode and Effects Analysis concepts can be applied to machinery (the term machinery, as used throughout this text includes tooling and equipment) to reduce the probability that potential failure modes, related to machinery, will occur. The ‘Machinery FMEA (MFMEA) supports the machinery design process from design development through design approval and beyond into planning and operation and maintenance. The MFMEA is a thorough review of each step, or function, in the overall operation of the machinery. This manual addresses the concepts used to develop an effective MFMEA. The MFMEA is a design output used to evaluate and improve the reliability, maintainability, and the durability of the machinery. om | Note: It is recommended that the Process FMEA? should be C Ss initiated prior to the development of any machinery that will be used for production. 1 Chrysler Group LLC, Ford Motor Company, & General Motors Corporation (2008). Potential Failure Mode and Effects Analysis (FMEA) Reference Manual. 4th Edition, Automotive Industry Action Group 2. This should follow the concepts covered in the Chrysler Group LLC, Ford Motor Company, General Motors Corporation FMEA Manual, 4th Edition)Chapter I General FMEA Guidelines @ Follow-up and Continuous Improvement The need for taking effective preventive and corrective actions, with appropriate follow-up on those actions, cannot be overemphasized. Actions should be communicated to all affected activities. A thoroughly thought-out and well-developed MFMEA will be of limited value without positive and effective preventive/corrective actions during the machine development, | production, and use. MFMEAs should be continually updated as changes occur or additional information is obtained throughout the phases of machine development and operation. When fully implemented, the MFMEA discipline can be used on new, modified, carry-over, or overhauled machinery for new applications or environments. Machinery FMEA ‘+ Aids in the objective evaluation and understanding of the sequence of steps of the machinery, * Increases the probability that potential failure modes and their effects on the customer (the using manufacturing facility and support personnel) have been considered before manufacturing the machinery, @ + Provides information to aid in the planning ofan efficient and effective process for preventive maintenance, + Improves the reliability and durability of the machinery, resulting in reduced life cycle costs, Improves machinery maintainability, resulting in reduced mean time to repair, Improves reliability, durabilty, and maintainability of the machinery, resulting in increased machinery availability, and, * Develops a ranked list of potential failure modes, thus establishing a priority system for preventive/corrective actionsChapter I General FMEA Guidelines ‘This page intentionally left blank.Chapter It Strategy, Planning, Implementation Chapter II Overview of FMEA Strategy, Planning and ImplementationChapter IL Strategy, Planning, Implementation Approach @ FMEA development uses a common approach? to methodically address: ‘© The defined function/expectations/expected output of the machinery. * How the machinery could fail to meet function } /expectations/expected output (potential failure modes)? jure modes ‘© What would be the potential effects of the fa (efiects)? What are the causes of the failure mode (potential causes)? | © What is in place to address potential causes of failure modes (controls)? ‘© What is the level of risk? * How can we reduce risk through prevention / detection? | FMEA development is a cross-functional team responsibility whose members possess the necessary subject matter knowledge. During the MFMEA process, the machinery-responsible engineer is expected to actively involve representatives from all © (ed areas, These areas should include, but are not limited to: © production, + manufacturing engineering, | safety, © quality, © suppliers, ‘* product engineering, and the customer. This process should be a catalyst to stimulate the interchange of ideas between activities affected and thus promote a team approach. In addition, for any commercial “Catalog” components, the responsible representative from the component supplier should be consulted as required. Unless the responsible engineer is experienced with FMEA and team facilitation, it is helpful to have an experienced FMEA facilitator assist the team in its activities. Chr Grup LLG Ford Wott Company, & Geel Moar Capron (208), Pott Fate Mite sa Eats Amy (MEA) Rasen Mana hilo Suan noes tee @ SeeChapter II Basic Structure Strategy, Planning, Implementation A large benefit from the FMEA process comes from an increase in knowledge generated by team discussions and related activities. This in itself is sufficient justification for using the FMEA process. The format used in this manual is a typical way to collect and display information. The specific format should be based on individual organization's needs and customer requirements, Whatever format is used, it should contain information which can answer the following: What should happen? This includes function, expectation, and expected output of the machinery being analyzed. ‘+ What could potentially go wrong? This answers the question “What is seen when the functional requirements, are not met?” ‘* What are the consequences? This answers the question “Why should I be concerned and how serious are the consequences?” + What could go wrong? What are the potential causes of each failure mode and how likely are they to happen? * What could we do? What are the current preventive or detective activities that will address causes and potential failure modes? * _ Isthere something more we can do? How can the risk be further reduced and managed through specific actions, Development of an FMEA for Machinery ‘The machinery-responsible engineer has at his or her disposal a number of formal and informal documents that will be useful in the preparation of the MFMEA. The process of preparing the MFMEA begins with the full understanding of what the machin- ery is expected to do or not to do, in a given environment, under stated conditions, and for a defined period of time. These expectations may be determined from sources such as the reliability and maintainability specification statement, design requirements, program objectives, performance reports, preventive / corrective action reports, and maintenance history for similar machines, and federal or local regulatory requirements.| | Chapter Il Steps Strategy, Planning, Implementation Identify the Team ‘The Machinery FMEA is an analytical technique used primarily by a Machinery-Responsible Engineer/Team as a means to ensure that potential failure modes and their associated causes/mechanisms of failure have been considered and addressed Since the MFMEA is an input to the preventive maintenance program, and used to assist in the determination of machinery controls that will be used, it is impossible to develop an effective MFMEA without Customer Maintenance and Supplier Field Service Departments represented on the team, The team should also focus on improving the reliability, maintainability, and durability of the machinery while conducting the analysis. In its most rigorous form, the MFMEA is a summary of the team’s thoughts (including analysis of items that could potentially fail based on experience and past concerns) regarding the overall operating performance of the machinery in a production environment. Define the Scope Before the MFMEA process is started the team must define project scope and collect existing information necessary for an effective and efficient FMEA development process. ‘The MFMEA team members must decide on what constitutes a system, subsystem, or component for their specific activities. ‘The actual boundaries that divide a system, subsystem, and component are arbitrary and must be set by the MFMEA team. ‘System MFMEA Scope A. system can be considered to be made up of various subsystems. These subsystems often have been designed by different teams. Some typical System MFMEAs might cover the following systems: Underbody Welding System, or Chassis Decking/Marriage System, etc. Thus, the focus of the System MFMEA is to ensure that all interfaces and interactions are covered among the various subsystems that make up the system. Subsystem MFMEA Scope ‘A Subsystem MFMEA is generally a sub-set of a larger system. For example, the robots are a sub-set of the underbody welding system. Thus, the focus of the Subsystem MFMEA is to ensure that all interfaces and interactions are covered among the various components that make up the subsystem.Chapter II Strategy, Planning, Implementation ‘Component MFMEA Scope ‘A Component MFMEA is a generally an MFMEA focused on the sub-set of a subsystem. For example, end-of-arm tooling (eg,, weld gun, sealer gun, gripper) is a component of the robot, (which is a subsystem of the underbody welding system.) ‘The team should have at their disposal a minimum of: © equipment literature, * detailed description of the sequence of steps in the overall operation of the machine, including sub-system/component, + layout/sub-system/component drawings, ‘© sub-system/component MFMEA’s, Tier I & Tier II, © preventative maintenance task list (recommended scheduled maintenance), ‘© spare parts list with MTTR & MTBF (historical performance), + lessons learned from similar equipment, ‘© recent warranty/service & field performance data, ‘© component reliability studies, + qualifi tion plan (checklist, methodology, procedures), and ‘© installation manual, To improve MFMEA review efficiency, we recommend machinery-responsible engineer make sure the information necessary for the efficient development of the MFMEA is available prior to team review. This would include step by step sequence of operation, function of each operation, expected outputs, historical failures of function, failure modes and effects of failure. Define the Customer MFMEA customers include any person or group that is interested in the effectiveness (of pieces) of manufacturing equipment, This includes the process designers, the equipment designers, those involved in verifying equipment design and funetion, and those who use the equipment; that is the manufacturing facility. During the design phase the MFMEA serves as a tool for verifying and validating the equipment design. After equipment installation it serves as input for ‘maintenance planning and potentially as a tool for developing equipment training, documentation, and troubleshooting guidesChapter II Identify Functions, Requirements, and Specifications Identify Potential Failure Modes Identify Potential Effects Identify Potential Causes Strategy, Planning, Implementation Identify and understand the functions, requirements and specifications relevant to the defined scope. The purpose of this activity is to clarify the machinery design intent or process purpose. This assists in the determination of the potential failure mode for each attribute or aspect of the functions. Failure mode is defined as the way or manner in which a product or process could fail to meet the identified design intent or process requirements. The assumption is made that the failure could occur but may not necessarily occur. A concise and understandable failure definition is important since it properly focuses the analysis. Potential failure modes should be described in technical terms and not as a symptom necessarily noticeable by the customer. A large number of failure modes identified for a single requirement may indicate that the defined requirement is not concis Potential effects of failure are defined as the effects of the failure mode as perceived by the customer. ‘The effects or impact of the failure are described in terms of what the customer might notice or experience. The customer may be an internal customer as well as the End Users. Determining potential effects includes the analysis of the consequences of the failures and the severity or seriousness of those consequences. Potential cause of failure is defined as an indication of how the failure could occur, described in terms of something that can be corrected or can be controlled. Potential cause of failure may be an indication of a design weakness, the consequence of which is the failure mode. ‘There is a direct relation between a cause and its resultant failure mode (i.e. if the cause occurs, then the failure mode occurs). 10Chapter II Strategy, Planning, Implementation Identifying the root cause(s) of the failure mode, in sufficient @ detail, enables the identification of appropriate controls and action plans. A separate potential cause analysis is performed for each cause if there are multiple causes. Identify Controls Controls are those activities that prevent or detect the cause of the failure or failure mode, In developing controls it is important to identify what is going wrong, why, and how to prevent or detect it. Controls are applicable to machinery design or | manufacturing processes. Controls focused on prevention will provide the greatest return. | For Machinery FMEA an additional type of control is possible ~ machinery control. These are controls which are designed into the process to prevent or mitigate causes of failure. | Identifying and | Assessing Risk One of the important steps in the FMEA process is the assessment of risk. This is evaluated in three ways, severity, ‘occurrence, and detection: Severity is an as the customer. sment of the level of impact of a failure on Occurrence is how often the cause of a failure may occur. Detection is an assessment of how well the product or process controls detect the cause of the failure or the failure mode. | | I Organizations need to understand their Severity is the value f associated with the most serious effect for a given failure mode requirements for risk sssment.Chapter II Recommended Strategy, Planning, Implementation Actions and Results The intent of recommended actions is to reduce overall risk and likelihood that the failure mode will occur. The recommended actions address reduction of the severity, occurrence and detection. ‘The following can be used to assure that the appropriate actions are taken, including but not limited to: ensuring design requirements including reliability are achieved, reviewing engineering drawings and specifications, confirming incorporation in the assembly or manufacturing processes which will use the machinery, and reviewing related PFMEAs, control plans and operations instructions. Responsibility and timing to complete the recommended actions should be recorded. ‘Once actions are completed and results captured, the updated ratings for severity, occurrence and detection should also be recorded. Management Responsibility Management owns the FMEA process. Management has the ultimate responsibility of selecting and applying resources and. ensuring an effective risk management process including timing, Management responsibility also includes providing direct support to the team through on-going reviews, eliminating roadblocks, and incorporating lessons leamed.Chapter II Machine Failure Mode and Effects Analysis I | | Chapter III ® MFMEA Machinery Failure Mode and Effects AnalysisIntroduction Machinery Failure Mode and Effects Analysis ‘The Machinery Failure Mode Effects Analysis, referred to as MFMEA, supports the machine design process in reducing the risk of failures by: Aiding in the objective evaluation of the machine design, including functional requirements and design alternatives, Evaluating the initial machine design for manufacturing, assembly, service, and recycling requirements, Increasing the probability that potential failure modes and their effects on system and machine operation have been considered in the design/development process, Providing additional information to aid in the planning of thorough and efficient design, development, and validation programs, Developing a ranked list of potential failure modes according, to their effect on the customer, thus establishing a priority system for design improvements, development, and validation testing/analysis, Providing an open issue format for recommending and tracking risk-reducing actions, and Providing future reference, (e.g., lessons leamed), to aid in addressing field concerns, evaluating design changes, and developing advanced designs. ‘The MFMEA is a living document and should: Be initiated before machine design concept finalization, Be updated as changes occur or additional information is obtained throughout the phases of product development, Be fundamentally completed before the production design is released, and, Be a source of lessons learned for future machine design iterations.Chapter 111 Machinery Failure Mode and Effects Analysis, @ Development of a Machinery FMEA ‘The approach to the development of a MFMEA follows that of the DFMEA (see FMEA Reference manual 4" Edition), Development of a MFMEA Form ‘The following describes the information to be entered on a MFMEA form. Although there is no “required” form, the MEMEA form used should minimally contain the information described below. The header should clearly identify the focus of the FMEA as well as information related to the document development and control process. This should include an FMEA number, identification of the scope, design responsibility, completion dates, ete. The header should contain the following elements': 15‘Machinery Failure Mode and Effects Analysis Chapter 111 stexrwney si33449 ONY 3000 Bu ‘Table IIL1 Sample MFMEA Form with Minimal Information Elements & Example Entries 16ey Chapter III Machinery Failure Mode and Effects Analysis FMEA Number (A) Enter an alphanumeric string which is used to identify the FMEA document. This is used for document control. Machinery/System, Subsystem, or Component Name and Number (B) Enter the name and number of the system, subsystem, or component which is being analyzed, (See section entitled Define the Scope) Design Respon: ity (C) Enter the OEM, organization, and department or group who is design responsible, Also enter the supply organization name, if applicable. Program(s)/Plant(s) (D) Enter the intended program(s) and plant(s) that will use and/or be affected by the machinery being analyzed (if known). Key Date (E) Enter the initial MFMEA due date, which should not exceed the scheduled production design release date FMEA Dates (F) Enter the date the original MFMEA was completed and the latest revision date, Core Team (G) Enter the team members responsible for developing the MFMEA. Contact information (eg, name, organization, telephone number, and email) may be included in a referenced supplemental document. Prepared By (H) Enter the name and contact information including the organization (company) of the engineer responsible for preparing the MFMEA.Chapter I Machinery Failure Mode and Effects Analysis, Body of the MFMEA Form (fields a —n) ‘The body of the FMEA contains the analysis of risks related to the potential failures, and improvement action being taken.? Item / Function / Requirements (a) Item/Function can be separated into two (or more) columns or combined into a single, bridged column which encompasses these elements. Interfaces (as “items” of analysis) can be either combined or separate. Components may be listed in the item/function column, and an additional column may be added containing the functions or requirements of that item. “Item”, “Function”, and “Requirements” are described below: Item (a1) Enter the items, interfaces, or parts which have been identified through block diagrams, P-diagrams, schematics and other drawings, and other analysis conducted by the team. ‘The terminology used should be consistent with customer requirements and with those used in other design development documents and analysis to ensure traceability. Function (a1) € Enter the function(s) of the item(s) or interface(s) being analyzed which are necessary to meet the design intent based on customer requirements and the team’s discussion, If the item(s) or interface has more than one function with different potential : modes of failure, it is highly recommended that each of these functions and associated failure mode(s) is listed separately. = | Function becomes a2 if tem and Function are spit i Requirements (a2) 3 An additional column, “Requirements”, may be added to further refine the analysis of the failure mode(s). Enter the requirement(s) for each of the functions being analyzed (based ‘on customer requirements and the team’s discussion; see also Chapter II, Section: Prerequisites). If the fumetion has more than one requirement with different potential modes of failure, it is 2 highly recommended that each of the requirements and functions : are listed separately. 4 | Requirement becomes a3 if Item and Function are | split into separate columns, e.g., a1 and a2. 4 5 The letters atthe end of each heading indicate the area referred to onthe sample form. 18(Chapter IIL Machinery Failure Mode and Effects Analysis Potential Failure Mode (b) Potential failure mode is defined as the manner in which a | component, subsystem, or system could potentially fail to meet or deliver the intended function described in the item/function | column. Identify the potential failure mode(s) associated with the function(s)requirement(s). Potential failure modes should be described in technical terms, and not necessarily as a symptom noticeable by the customer. Each function may have multiple failure modes. A large number of failure modes identified for a single function may indicate that, the requirement is not well defined. ‘The assumption is made that the failure could occur, but may not necessarily occur, consequently the use of the word “potential” | Potential failure modes that could occur only under certain operating conditions (i.e., hot, cold, dry, dusty, etc.) and under certain usage conditions (i.e., above- average mileage, rough terrain, city driving only, etc.) should be considered. After determining all the failure modes, a validation of the completeness of the analysis can be made through a review of past things-gone-wrong, concems, reports, and group brainstorming The potential failure mode may also be the cause of a potential failure mode in a higher level subsystem or system, of lead to the effect of one in a lower level component. Example failure modes, as related to different requirements, are shown in table IIL3.Chapter 111 Machinery Failure Mode and Effects Analysis Electrical Panel an input a) transmit digital signal - high to controller if voltage is JO Modules | between 20 and 27 volts within 20msec, b) transmit digital signal- low if between Oand 12 volts within 20msec Requirement Failure Mode Does not transmit digital When configured as signal ‘Wrong signal transmitted Signal sent too late Input read stuck ‘high’ Input read stuck ‘low’ ‘Table 111.2 Example Potential Failure ModesChapter III Machinery Failure Mode and Effects Analysis @ Potential Effect(s) of Failure (c) Potential effects of failure are defined as the effects of the failure mode on the function, as perceived by the customers). | Desetibe the eects ofthe fire in terms of what the customer ' might notice or experience, remembering that the customer may be an intemal customer as well as the ultimate End User. State clearly if the failure mode could impact safety or non- compliance to regulations. The effects should always be stated in terms of the specific system, subsystem, or component being analyzed. Remember that a hierarchical relationship exists between the component, subsystem, and system levels®. For example, a part could fracture, which may cause the assembly to vibrate, resulting in an intermittent system operation. ‘The intermittent system operation could cause performance to degrade and ultimately lead to customer dissatisfaction. The intent is to predict the potential failure effects to the team’s level of knowledge. Typical faiture effects should be stated in terms of product or system performance. Table IIl.4 shows example effects of the failure modes from Table IIL3. @ Item Failure Mode Effect | Machine shutdown Does not transmit Loss of production digital signal Machine shutdown Loss of production VO Modules Foie Machine malfunction to crash Signal sent too late Machine malfunction to crash Input read stuck ‘high’ Machine malfunction to crash f Table 111.3 Example Potential Effects ® See also Appendix B 21Severity (S) (d) Severity is the value associated with the most serious effect for a given iailure mode. Severity is a relative ranking within the scope of the individual FMEA. Suggested Evaluation Criteria fi | i Chapter II. Machinery Failure Mode and Effects Analysis } } | ‘The team should agree on evaluation criteria and a ranking | system and apply them consistently, even if modified for individual process analysis. (See Table Cr1 below for criteria | guidelines.) It is not recommended to modify criteria ranking values of 9 and 10. Failure modes with a rank of i severity 1 should not be analyzed further. i Effect I Cri everity of Effect Ranking f | Very high severity ranking — Affects operator, plant, or Hazardous | maintenance personnel, safety andlor affects non- fa Without Warning | compliance with government regulations, without | | warning i ~ wan | High severity ranking — Affects operator, plant, or Hazardous — With | maintenance personnel, safely andior affects non- 9 ii Warning compliance with government regulations with warning. i Downtime of more than 8 hours or the production of | Very High | defective parts for more than 4 hours. 7 i aa Downtime of between 4 and 8 hours or the production | 7 ' 2 of defective parts for between 3 and 4 hours. | Downtime of between 1 and 4 hours or the production | Moderate | of defective parts for between 1 and 2 hours. . = Downtime of between 30 minutes and 1 hour or the 5 : production of defective parts for up to 1 hour. Downtime of between 10 and 30 minutes but no Very Low | production of defective parts. fm | — Downtime of up to 10 minutes but no production of : defective parts. i Process parameter variability not within specification | Very Minor | liits. Adjustment or other process controls need to > be taken during production. No downtime and no production of defective parts. Process parameter variability within specification None limits, Adjustment or other process controls can be 1 done during normal maintenance. ‘Table Cr1 Suggested MFMEA Severity Evaluation Criteria © 22Chapter IIL Machinery Failure Mode and Effects Analysis, Classification (e) This column may be used to highlight high-priority failure modes and their associated causes or other customer mandated usage. Potential Cause(s)/Mechanism(s) of Failure Mode (f) This information can be separated into multiple columns or combined into a single column, In the development of the FMEA, the identification of all potential causes of the failure mode is key to subsequent analysis. Although varied techniques (such as brainstorming) can be used to determine the potential cause(s) of the failure mode, it is recommended that the team should focus on an understanding, of the failure mechanism for each failure mode. Potential Mechanism(s) of Failure Mode (f1) A failure mechanism is the physical, chemical, electrical, thermal, or other process that results in the failure mode. It is important to make the distinction that a failure mode is an “observed” or "external" effect so as not to confuse failure mode with failure mechanism, the actual physical phenomenon behind the failure mode or the process of degradation or chain of events leading to and resulting in a particular failure mode. To the extent possible, list every potential mechanism for each failure mode. The mechanism should be listed as concisely and completely as possible. For a system, the failure mechanism is the process of error propagation following a component failure which leads to a system failure, t A process can have several failure modes which are correlated to each other because of a common failure | mechanism behind them. | Ensure that process effects are considered as part of | the MFMEA process.Chapter IL Machinery Failure Mode and Effects Analysis Potential Cause(s) of Failure Mode (f2) © Potential cause of failure is defined as an indication of how the design process could allow the failure to occur, described in terms of something that can be corrected or can be controlled. Potential cause of failure may be an indication of a design ‘weakness, the consequence of which is the failure mode. | | Causes are the circumstances that induce or activate | a failure mechanism. In identifying potential causes of failure, use concise descriptions of the specific causes of failures, e.g., specified bolt plating allows for hydrogen embrittlement. Ambiguous phrases such as, poor design or improper design, should not be used. Investigation of causes needs to focus on the failure mode and not on the effect(s). In determining the cause(s), the team should assume the existence of the cause under discussion will result in the failure mode (i.., the failure mode does not require multiple causes to occur). ‘Typically, there may be several causes each of which can result in the failure mode. This results in multiple lines (cause branches) for the failure mode. © To the extent possible, list every potential cause for each failure mode/failure mechanism. The cause should be listed as concisely and completely as possible. Separating the causes will result in a focused analysis for each cause and may yield different ‘measurement, controls, and action plans. ‘Table TILS. shows sample causes for the failure modes in Table I1L.3. Although not required as part of the minimum FMEA form elements, the table includes the failure mechanism to show the relationships among failure mode, failure mechanism, and cause. In preparing the MFMEA, assume that the design will be manufactured and assembled to the design intent, Exceptions can be made at the team’s discretion where historical data indicate the manufacturing process. 24 3S Chapter II Machinery Failure Mode and Effects Analysis Failure Mode Mechanism Cause | eee Failure of component in /O module | 3 Signal ‘sent too late Failure of component in I/O module Ls Input read stuck ‘high’ Failure of component in I/O module a Input read stuck ‘ow’ Failure of component in lO module Table I1L.4 Example Potential Causes 5 ee 25Chapter IIL ‘Machinery Failure Mode and Effects Analysis Occurrence (0) (9) © Occurrence is the likelihood that a specific cause/mechanism will occur resulting in the failure mode within the design life. The likelihood of occurrence ranking number has a relative meaning rather than an absolute value (See Table Cr2). A consistent occurrence ranking system should be used to ensure continuity. The occurrence number is a relative ranking within the scope of the FMEA and may not reflect the actual likelihood | of occurrence. Suggested Evaluat ‘The team should agree on evaluation criteria and a ranking system and apply them consistently, even if modified for individual process analysis. Occurrence should be estimated using a 1 to 10 scale using Table Cr2 as a guideline. The suggested criteria allows for the use of standard operating time | of reliability as a means for determining the occurrence rankings. n Criteria i Reliability is the probability that manufacturing machinery can perform continuously, without failure, for a specified interval of user's time when operating under stated conditions. User's time i is the span of time the machinery is required to run without failure (time, cycles, etc.). The user's time frame should be defined in terms of an operating patter that is important to the i | user. i In determining this estimate, questions such as the following | should be considered: | ‘© What is the service history and field experience with similar components, subsystems, or systems? * Is the item a carryover or similar to a previous level item? How significant are changes from a previous level item? + Isthe item radically different from a previous level item? # Isthe item completely new? © What is the application or what are the environmental changes? © Has an engineering analysis (e.g., reliability) been used to estimate the expected comparable occurrence rate for the application? ‘© Have preventive controls been put in place? 26Chapter 111 Machinery Failure Mode and Effects Analysis ® [ Criteria: Criteria: Possible ~ 7 | Possible number number of foe - of failures within |2/ failures within | 9] Criteria: The reliability based on | Ranking hours of cycles of e users required time. operation. operation. R(t) <1 %: MTBF is about 10% of tint Tin @0 the User's required time. 10 , R(t) = 5%: MTBF is about 30% of ine yo User's required time z R(t) = 20%: MTBF is about 60% of 1in24 1in 36000 the User's required time. 8 R(t) = 37%: MTBF is equal to the eee Oe User's required time. U R(t) = 60%: MTBF is 2 times 1 in 360 1 in 180000 greater than the User's required 6 time. R(t) = 85%: MTBF is 6 times 4 in 2500 1 in 360000 greater than the User's required 5 ® time R(t) = 90%: MTBF is 10 times 1 in 5000 1 in 840000 greater than the User's required 4 time. R(t) = 95%: MTBF is 20 times 1 in 10,000 4 in 900000 greater than the User's required 3 time tin more than |_| Rlt)= 98%: MTBF is 50 times 1 in 26,000 So0000 eyces | | oestrthan to Users required 2 Failure is eliminated through preventive control 1 Note: The above reliability calculations assume the machines have a constant failure rate and are repairable. See Appendix D for sample calculations for the occurrence table. ‘Table Cr2 Suggested MFMEA Occurrence Evaluation Criteria a7Chapter Il Machinery Failure Mode and Effects Analysis. Current Design Controls (h) © Current Design Controls are those activities conducted as part of the design process that have been completed or committed to and that will assure the design adequacy for the design functional and reliability requirements under consideration, ‘There are two types of design controls to consider: Prevention: Eliminate (prevent) the cause of the mechanism of failure or the failure mode from occurring, or reduce its rate of occurrence. Detection: Identify (detect) the existence of a cause, the resulting mechanism of failure or the failure mode, either by analytical or physical methods, before the item is released for production. The preferred approach is to first use prevention controls, if possible. The initial occurrence rankings will be affected by the prevention controls provided they are integrated as part of the design intent. Detection control should include identification of those activities which detect the failure mode as well as those that detect the cause. ‘The team should consider analysis, testing, reviews, and other activities that will assure the design adequacy such as: 1: Prevention Controls © Benchmarking studies © Fail-safe designs © Design and Material standards (internal and extemal) © Documentation ~ records of best practices, lessons learned, etc. from similar designs © Simulation studies — analysis of concepts to establish design requirements 0 Error-proofing h2: Detection controls Design reviews © Prototype testing © Validation testing imulation studies ~ validation of design i Design of Experiments; including reliability testing ® 28Chapter II Machinery Failure Mode and Effects Analysis © Mock-up using similar parts 3: Machine controls For Machinery FMEA an additional type of control is possible — machinery control. These are controls which are designed into the process to prevent or mitigate causes of failure. Design/Machinery Controls are methods, techniques, devices, or tests used to: 1) Prevent the Cause, interrupt the mechanism or prevent the Failure Mode from occurring, ot reduce the rate of occurrence. 2) Detect the Cause, or 3) Detect the Failure mode. In each case, the approach used should either: * Take corrective action to keep nonconforming parts from being produced or damage from occurring, ‘+ Notify the operator that corrective action is needed, or ‘© Stop the process before damage can occur. Note: @ Machinery Control will also be identified in the Process | EMEA as a detective contol and will impact the RPN of the | implemented process. 43: Machine controls © Proximity Sensors ‘© Temperature Sensors © Oil Pressure Light © Timing Sensors * Vibration Sensor © Proactive Maintenance | Note: Proactive Maintenance actions are key preventive, | predictive, and visual management tools to control the reliability ‘of machinery. Preventive maintenance schedules, procedures, and in-plant resources are valid machinery controls only if they | have been developed as part of the design process, and are | included in the machinery user’s manual. | Note: The Machinery Design Engineer's goal is to make the design robust so that machinery controls are not required. The | Machinery Design Engineer must not rely on machinery controls or control plans to overcome potential design weaknesses 29Chapter IIT Machinery Failure Mode and Effects Analysis ‘The example Machinery FMEA form in this manual has three © columns for the design controls (i.e., separate columns for Prevention Controls, Detection Controls and Machinery Controls) to assist the team in clearly distinguishing between these types of design controls. This allows for a quick visual determination that all types of design controls have been considered. If a one-column (for design controls) form is used, then the following prefixes should be used. For prevention controls, place a'P' before each prevention control listed. For detection controls, place a 'D' before each detection control listed. For machinery controls, place a'M' before each machinery control listed Preventing the causes of the failure mode through a design change or design process change is the only way a reduction in the oceurrence ranking can be effected. Table III.6 shows example prevention and detection controls for the causes identified in Table 111.5 = : Prevention | _ Detection Machinery Coneeeee came controls controls controls, Design Environmental Does not transmit | Standards, Doesnot | megs eStsanal™ | component | S¥eSSIest0S- | None transmit digital specifications signal Wrong signal wong ional | rami None None None ransmitted signal sent too | Sian! sent too None None None | late ae input read stud | | ee None None None | ‘Table IILS Examples of Prevention and Dete ion Design ControlsMachinery Failure Mode and Effects Analysis Detection (D) (i) Detection is the rank associated with the best detection control listed in the Current Design Control Detection column. When more than one control is identified, it is recommended that the detection ranking of each control be included as part of the description of the control. Record the lowest ranking value in the Detection column. ‘A suggested approach to Current Design Control Detection is to assume the failure has occurred and then assess the capabilities of the current design controls to detect this failure mode. Do not automatically presume that the detection ranking is low because the occurrence is low. It is important to assess the capability of the design controls to detect low frequency failure modes or reduce the risk of them going further in the design release process Detection is a relative ranking within the scope of the individual FMEA. In order to achieve a lower ranking, generally the design control (analysis or verification activities) has to be improved. Suggested Evaluation Criteria The team should agree on evaluation criteria and a ranking system and apply them consistently, even if modified for individual process analysis. Detection should be estimated using Table Cr3 as a guideline. | The ranking value of one (1) is reserved for failure | prevention through proven design solutions. 31Chapter IIT Machinery Failure Mode and Effects Analysis Detection Criteria: Likelihood of Detection by Design (Detection) Control Ranking Almost Impossible Design or machinery controls cannot detect a potential cause and subsequent failure, or there are no design or machinery controls, 10 Very Remote Very remote chance that design or machinery controls will detect a potential cause and subsequent failure mode. Remote Remote chance that design or machinery controls will detect a potential cause and subsequent failure mode. Machinery control will provide indication of failure. Very Low Design or machinery controls do not prevent the failure from occurring. Machinery controls will isolate the cause and subsequent failure mode after the failure has occurred. Low Low chance that design or machinery controls will detect a potential cause and subsequent failure mode. Machinery controls will provide an indicator of imminent failure Moderate Medium chance design controls will detect a potential cause and subsequent failure mode. Machinery controls will prevent imminent failure. Moderately High Moderately high chance that design controls will detect a potential cause and subsequent failure mode. Machinery controls will prevent imminent failure. High High chance that design controls will detect a potential cause and subsequent failure mode. Machinery controls will prevent an imminent failure and isolate the cause. Very High Very high chance that design controls will detect a potential cause and subsequent failure mode. Machinery controls may not be required Almost Certain Detection not applicable; Failure Prevention: Failure cause or failure mode cannot occur because it is fully prevented through design solutions (e.g., proven | design standard, best practice or common material, etc.). Tabl le Cr3 Suggested MFMEA Detection Evaluation Criteria 32Chapter I Machinery Failure Mode and Effects Analysis ® Determining Action Priorities Once the team has completed the initial identification of failure modes and effects, causes and controls, including rankings for severity, occurrence, and detection, they must decide if further efforts are needed to reduce the risk. Due to the inherent limitations on resources, time, technology, and other factors, they must choose how to best prioritize these efforts The initial focus of the team should be oriented towards failure modes with the highest severity rankings. When the severity is 9 or 10, it is imperative that the team must ensure that the risk is addressed through existing design controls or recommended actions (as documented in the FMEA). For failure modes with severities 8 or below the team should consider causes having highest occurrence or detection rankings. It is the team’s responsibility to look at the information identified, decide upon an approach, and determine how to best Prioritize the tisk reduction efforts that best serve their organization and customers, Risk Evaluation; Risk Priority Number (RPN) (/) ‘One approach to assist in action prioritization has been to use the ® Risk Priority Number: RPN = Severity (S) x Occurrence (O) x Detection (D) Within the scope of the individual FMEA, this value can range between 1 and 1000. The use of an RPN threshold is NOT a recommended practice for determining the need for actions. Applying thresholds assumes that RPNs are a measure of relative risk (Which they often are not) and that continuous improvement is not required (which it is). | Use of the RPN index in the discussions of the team | can be a useful tool. The limitations of the use of RPN | need to be understood. However, the use of RPN | thresholds to determine action priority is not | recommended. Recommended Action(s) (k) In general, prevention actions (j.e., reducing the occurrence) are preferable to detection actions. An example of this is the use of proven design standard ot best practice rather than product Verification/validation after design freeze. @ ‘The intent of recommended actions is to improve the design. Identifying these actions should consider reducing rankings in 33Chapter IT Machinery Failure Mode and Effects Analysis the following order: severity, occurrence, and detection, Example approaches to reduce these are explained below: © To Reduce Severity (S) Ranking: Only a design revision can bring about a reduction in the severity ranking, ‘A design change, in and of itself, does not imply that the severity will be reduced. Any design change should be reviewed by the team to determine the effect to the product functionality and process. For maximum effectiveness and efficiency of this approach, changes to the product and process design should be implemented carly in the development process. For example, alternate materials may need to be considered early in the development cycle to eliminate corrosion severity To Reduce Occurrence (0) Ranking: A reduction in the coceurrence ranking can be effected by removing or controlling, cone or more of the causes or mechanisms of the failure mode through a design revision. Actions such as, but not limited to, the following should be considered: © Error proof the design to eliminate the failure mode © Revised design geometry and tolerances © Revised design to lower the stresses or replace weak (high failure probability) components © Add redundancy © Revised material specification To Reduce Detection (D) Ranking: The preferred method is the use of error/mistake proofing. An increase in design validation/verification actions should result in a reduction of the detection ranking only. In some cases, a design change to a specific part may be required to increase the likelihood of detection (ie., reduce the detection ranking). Additionally, the following should be considered: © Design of Experiments (particularly when multiple or interactive causes of a failure mode are present) © Revised test plan If the assessment leads to no recommended actions for a specific failure mode/cause/control combination, indicate this by entering “None” in this column, It may be useful to also include @ rationale if “None” is entered, especially in case of high severity. 34