Failure Modes and Effects Analysis _FMEA_ is a systematic

Document Sample
Failure Modes and Effects Analysis _FMEA_ is a systematic Powered By Docstoc
					Guide for Application of Optical Current and Voltage Systems for Protective Relaying
Section 8 – Reliability and Failure Mode


Overview:
An optical current and voltage sensing system provides information for protective
relaying to respond during system events. When compared to traditional iron-core
voltage and current transformers, the output signals from optical devices are typically
generated using electronics operating in both high voltage and low voltage environments.
As these signals are conditioned in some manner, the designer has to provide sub-systems
containing both electronic and optical components.
All control systems are nominally designed to provide long life and to minimize the rate
of failure. However, unless a system is designed to military specifications (or other?),
there will be a point at which time the system does not perform as originally designed.
One method to determine what may happen over time and what steps can be taken to
reduce/eliminate the chance that a problem will occur is to perform a Failure Modes and
Effects Analysis (FMEA) at the system level.
For an optical current and voltage sensing system, there are three main components:
       Sensor head assembly
       Interconnection wiring
       Ground level signal conditioning and output ac driver
Each of these components can be assessed for their likelihood of a problem by
performing the FMEA on both the individual components and the complete current and
voltage sensing system. An example of an FMEA is shown below.
Need input from manufacturers regarding the types of failure modes expected and how
they are mitigated by using hardware and software in the design. What does the customer
see when a failure occurs, how does this change in performance impact system accuracy,
protection elements, and power system reliability.


Reference Information:
Guidelines For Auditing FMEA’S per QS 9000:
(Source: Potential Failure Mode and Effects Analysis (FMEA) Reference
Manual (AIAG): (Feb, 1996))



Failure Modes and Effects Analysis (FMEA) is a systematic, proactive method of
evaluating a process. An FMEA identifies the opportunities for failure, or "failure
modes," in each step of the process. Each failure mode gets a numeric score that
quantifies (a) likelihood that the failure will occur, (b) likelihood that the failure will be
detected, and (c) the amount of harm or damage the failure mode may cause to a person
or to equipment. The product of these three scores is the Risk Priority Number (RPN) for
that failure mode. The sum of the RPNs for the failure modes is the overall RPN for the
process. As an organization works to improve a process, it can anticipate and compare
the effects of proposed changes by calculating hypothetical RPNs of different scenarios.
The RPN is a measure for comparison within one process only; it is not a measure for
comparing risk between processes or organizations.
9 November 2006                                                                        Page 1 of 5
B. Mugalian
Guide for Application of Optical Current and Voltage Systems for Protective Relaying
Section 8 – Reliability and Failure Mode

A formula is used to determine what actions are needed. The Risk Priority Number, or
RPN, is a numeric assessment of risk assigned to a process, or steps in a process, as part
of Failure Modes and Effects Analysis (FMEA), in which a team assigns each failure
mode numeric values that quantify likelihood of occurrence, likelihood of detection, and
severity of impact.
RPN = Risk Priority Number = Severity x Occurrence x Detection.
The RPN value should dictate when a company should take corrective action. This
depends on business practices, product usage, cost to change, customer acceptance. In
most cases, corrective actions should be taken when the RPN is exceeds 50.


                                           Severity Evaluation Criteria

Effect                Criteria: Severity of Effect                                              Rank

                      Very high severity ranking when a potential failure mode affects safe
Hazardous -
                      vehicle operation and/or involves noncompliance with government             10
without warning
                      regulation without warning

                      Very high severity ranking when a potential failure mode affects safe
Hazardous - with
                      vehicle operation and/or involves noncompliance with government             9
warning
                      regulation with warning

Very High             Vehicle/item inoperable, with loss of primary function.                     8

                      Vehicle/item operable, but at reduced level of performance. Customer
High                                                                                              7
                      dissatisfied.

                      Vehicle/item operable, but Comfort/ Convience item(s) inoperable.
Moderate                                                                                          6
                      Customer experiences discomfort.

                      Vehicle/item operable, but Comfort/ Convience item(s) operable at
Low                   reduced level of performance. Customer experiences some                     5
                      dissatisfaction.

                      Fit & finish/Squeak & Rattle item does not conform. Defect noticed by
Very Low                                                                                          4
                      average customers.

                      Fit & finish/Squeak & Rattle item does not conform. Defect noticed by
Minor                                                                                             3
                      most customers.

                      Fit & finish/Squeak & Rattle item does not conform. Defect noticed by
Very Minor                                                                                        2
                      discriminating customers.

None                  No effect.                                                                  1*

*Note: Zero (0) rankings for Severity, Occurrence or Detection are not allowed



                                    Suggested Occurrence Evaluation Criteria

Rank         CPK                   Failure Rates                       Probability of Failure

   10        > 0.33       > 1 in 2
                                                      Very High: Failure almost inevitable
   9         > 0.33       1 in 3

   8         > 0.51       1 in 8                      High: Repeated failures


9 November 2006                                                                                 Page 2 of 5
B. Mugalian
Guide for Application of Optical Current and Voltage Systems for Protective Relaying
Section 8 – Reliability and Failure Mode

   7        > 0.67     1 in 20

   6        > 0.83     1 in 80

   5        > 1.00     1 in 400                    Moderate: Occasional failures

   4        > 1.17     1 in 2000

   3        > 1.33     1 in 15 000
                                                   Low: Relatively few failures
   2        > 1.50     1 in 150 000

   1*       > 1.67     < 1 in 1 500 000            Remote: Failure is unlikely

*Note: Zero (0) rankings for Severity, Occurrence or Detection are not allowed



                                  Suggested Detection Evaluation Criteria

Detection       Criteria                                                           Rank

                Design Control will not and/or cannot detect a
Absolute
                potential cause/ mechanism and subsequent                           10
Uncertainty
                failure mode; or there is no Design Control.

                Very Remote chance the Design Control will
Very Remote     detect a potential cause/mechanism and                              9
                subsequent failure mode.

                Remote chance the Design Control will detect a
Remote          potential cause/ mechanism and subsequent                           8
                failure mode.

                Very Low chance the Design Control will detect a
Very Low        potential cause/ mechanism and subsequent                           7
                failure mode.

                Low chance the Design Control will detect a
Low             potential cause/mechanism and subsequent                            6
                failure mode.

                Moderate chance the Design Control will detect a
Moderate        potential cause/mechanism and subsequent                            5
                failure mode.

                Moderately High chance the Design Control will
Moderately
                detect a potential cause/mechanism and                              4
High
                subsequent failure mode.

                High chance the Design Control will detect a
High            potential cause/mechanism and subsequent                            3
                failure mode.

                Very High chance the Design Control will detect
Very High       a potential cause/mechanism and subsequent                          2
                failure mode.

                Design Controls will almost certainly detect a
Almost
                potential cause/mechanism and subsequent                            1*
Certain
                failure mode.

*Note: Zero (0) rankings for Severity, Occurrence or Detection are not allowed



9 November 2006                                                                           Page 3 of 5
B. Mugalian
Guide for Application of Optical Current and Voltage Systems for Protective Relaying
Section 8 – Reliability and Failure Mode

Checklist items for review:
    1. Is there evidence that a cross-functional team was used to develop the FMEA?
    2. Is the FMEA header completely filled out with a tracking number, the component
        or (sub) system name, design responsible activity, preparer’s name, model year
        and vehicle (if known), the initial FMEA due date, the date the original FMEA
        was compiled, the latest revision date and names/departments of team member?
    3. Is the FMEA that is being audited the latest revision level?
    4. Potential Failure Mode – Is there at least one failure mode listed for every
        function?
    5. Potential Effects of Failure – Are the effects of the failure defined and are they
        defined in terms of what the internal or vehicle level external customer might
        notice?
    6. Severity – Is the severity (or seriousness) of the potential effect of the failure
        rated? (See Definitions provided above.)
    7. Classification – Are the significant and critical characteristics identified in this
        column? (blanks are allowed) (See Special Characteristics model on other side)
    8. Potential Causes/Mechanisms of Failure – Is there at least one potential cause
        of failure listed for every failure mode?
    9. Occurrence – has an occurrence ranking been assigned to each of the potential
        causes/mechanisms of failure? (See Definitions provided above.)
    10. Current Design Controls – Is there listed a prevention, design
        validation/verification (DV) or other activities which will maximize design
        adequacy of the failure mode and or cause mechanism?
    11. Detection – Is there a detection ranking that assesses the ability of the design
        controls to detect a potential cause/mechanism or the ability of the design controls
        to detect the subsequent failure mode before the component or (sub) system is
        released for production. (See Definitions provided above.)
    12. RPN – Has the RPN been calculated by multiplying S x O x D?
    13. Recommended Actions – Have actions been identified for potential significant
        and critical characteristics and to lower the risk of the higher RPN failure modes?
        Has “none” been entered in the column if no actions are recommended?
    14. Responsibility – Has an individual, SBU and target completion date been entered
        in columns where an action has been recommended? (Blanks are OK when no
        action is recommended)
    15. Actions Taken – Has a brief description of the actual action and effective date
        been entered after the action has been taken? (Blanks are OK when no action is
        recommended)
    16. Resulting severity, occurrence, detection and RPN – Have the new severity,
        occurrence, detection and RPN numbers been entered after an action has been
        completed and verified?
    17. Has the design responsible engineer implemented or adequately addressed the
        recommended action?




9 November 2006                                                                        Page 4 of 5
B. Mugalian
Guide for Application of Optical Current and Voltage Systems for Protective Relaying
Section 8 – Reliability and Failure Mode



Example of an FMEA spreadsheet:


                                                                                                                                                  Initial Risk             Mitigation                          Residual Risk
ID No.       Function                 Failure Mode      Cause                     Effect                 Current Controls                         S      O       D   RPN   Type         Reference              S    O     D           RPN
1

                                                        Component or                                                                                                       Hard-
             Sensor head output       No signal         assembly defect           Incorrect output                                                                         ware         Add redundant output
             Power Supply with
             Low voltage power
                                                                                                         The supervisor circuit detects loss of
             regulators including
                                                                                                         any of the four voltages and resets
             5.0V, 3.3V, 2.5V,
                                                                                                         the CPU. Once all four voltages
             1.9V.
                                                        Voltage Regulator         CPU board goes         voltage is regained to the proper
             Including a supervisor                     Failure or associated     into reset and halts   level, the CPU is released out of
2            circuit.                 Loss of power     component failure         execution              reset.                                   8      2       2   32
                                                                                                             a) Watchdog timer
                                                                                                             b) Flash Checksum
                                                                                                             c) Power on Self test                                                      MCU should test
                                      No                                                                                                                                                memory on power on
                                                                                                             d) I/O pad check
                                      Communication     Failure in MCU, Bad       No External                                                                              Soft-        and test memory as a
3            MCU Processor            s                 Memory, Bad device        Communications             e) Peripheral/Address Check          5      2       3   30    ware         background test        1    1     2           2
4                                                       Bad termination due to
                                                        contamination, broken
             Fiber optic cable                          fiber due to stress or                                                                                             Hard-        Include additional
             interconnection          No signal         other cause               No output                                                                                ware         fiber cable




9 November 2006                                                                                                                                                                                                                Page 5 of 5
B. Mugalian

				
DOCUMENT INFO