To conduct a fault hazard analysis, it is necessary to know and understand certain system characteristics:
• Equipment mission
• Operational constraints
• Success and failure boundaries
• Realistic failure modes and a measure of their probability of occurrence.
The procedural steps are:
1. The system is divided into modules (usually functional or partitioning) that can be handled
effectively.
2. Functional diagrams, schematics, and drawings for the system and each subsystem are then reviewed to determine their interrelationships and the interrelationships of the component sub-assemblies. This review may be done by the preparation and use of block diagrams.
3. For analyses performed down to the component level, a complete component list with the specific function of each component is prepared for each module as it is to be analyzed. For those cases when the analyses are to be performed at the functional or partitioning level, this list is for the lowest analysis level.
4. Operational and environmental stresses affecting the system are reviewed for adverse effects on the system or its components.
5. Significant failure mechanisms that could occur and affect components are determined from analysis of the engineering drawings and functional diagrams. Effects of subsystem failures are then considered.
6. The failure modes of individual components that would lead to the various possible failure mechanisms of the subsystem are then identified. Basically, it is the failure of the component that produces the failure of the entire system. However, since some components may have more than one failure mode, each mode must be analyzed for its effect on the assembly and then on the subsystem. This may be accomplished by tabulating all failure modes and listing the effects of each, e.g. a resistor that might fail open or short, high or low). An understanding of physics of failure is necessary. For example, most resistors cannot fail in a shorted mode. If the analyst does not understand this, considerable effort may be wasted on attempting to control a nonrealistic hazard.
7. All conditions that affect a component or assembly should be listed to indicate whether there are special periods of operation, stress, personnel action, or combinations of events that would increase the probabilities of failure or damage.
8. The risk category should be assigned.
9. Preventative or corrective measures to eliminate or control the risks are listed.
10. Initial probability rates are entered. These are "best judgments" and are revised as the design process goes on. Care must be taken to make sure that the probability represents that of the particular failure mode being evaluated. A single failure rate is often provided to cover all of a component's failure modes rather than separate ones for each. For example, MIL-HBK-217, a common source of failure rates, does not provide a failure rate for capacitor shorts, another for opens, and a third for changes in value. It simply provides a single failure for each operating condition (temperature, electrical stress, and so forth).
11. A preliminary criticality analysis may be performed as a final step.
Defines standard
Replaced/Superseded by document(s)
Cancelled by
Amended by
| File | MIME type | Size (KB) | Language | Download | |
|---|---|---|---|---|---|
| System Safety Handbook Chapter 9 Analysis Techniques.pdf | application/pdf | 207.13 KB | English | DOWNLOAD! |
Provides definitions
Cover images
