MIL-STD-1629A
24 NOVEMBER 1980
SUPERSEDING
MIL-STD-1629 (SHIPS)
1 NOVEMBER 1974
MIL-STD-2070 (AS)
12 JUNE 1977
MIL-STD-1629A MILITARY STANDARD PROCEDURES FOR PERFORMING A
FAILURE MODE, EFFECTS AND CRITICALITY ANALYSIS
MILITARY STANDARD
PROCEDURES FOR PERFORMING A FAILURE MODE, EFFECTS AND CRITICALITY
ANALYSIS
AMSC N3074 FSC RELI
DEPARTMENT OF DEFENSE
Washington, DC 20301
Procedures for performing a Failure Mode, Effects, and
Criticality Analysis
MIL-STD-1629A
1. This Military Standard is approved for use by all
Departments and Agencies of the Department of Defense.
2. Beneficial comments (recommendations, additions, deletions)
and any pertinent data which may be of use in improving this
document should be addressed to: Commanding Officer, Engineering
Specifications and Standards Department (Code 93), Naval Air
Engineering Center, Lakehurst, NJ 08733, by using the self-
addressed Standardization Document Improvement Proposal (DD Form
1426) appearing at the end of this document or by letter.
MIL-STD-1629A
Notice 2
28 November 1984
MILITARY STANDARD
PROCEDURES FOR PERFORMING A FAILURE MODE EFFECTS AND CRITICALITY
ANALYSIS
To all holders of MIL-STD-1629A
1. The following pages of MIL-STD-1629A have been revised and
supersede the pages listed:
New Date Superseded Date
Page Page
v 24 November 1980 v Reprinted w/o change
vi 28 November 1984 vi 7 June 1983
A-1 28 November 1984 A-1 24 November 1980
A-2 28 November 1984 New
A-3 28 November 1984 New
A-4 28 November 1984 A-2 24 November 1980
2. Make the following pen and ink changes:
a. Existing page A-3, change page number to A-5.
b. Existing page A-4, change page number to A-6.
c. Existing page A-5, change page number to A-7.
d. Existing page A-6, change page number to A-8.
3. RETAIN THIS NOTICE AND INSERT BEFORE TABLE OF CONTENTS.
4. Holders of MIL-STD-1629A will verify that the page changes
indicated herein have been entered. This notice will be retained
as a check sheet. This issuance is a separate publication. Each
notice is to be retained by stocking points until the Military
Standard is completely revised or canceled.
Custodians: Preparing Activity
Army - CR Navy - AS
Air Force - 17 (Project No. RELI-0037)
Review Activities:
Navy - SH, OS
Army - EA, AR
AMSC N3388 FSC RELI
FOREWORD
The failure mode, effects, and criticality analysis (FMECA) is an
essential function in design from concept through development.
To be effective, the FMECA must be iterative to correspond with
the nature of the design process itself. The extent of effort
and sophistication of approach used in the FMECA will be
dependent upon the nature and requirements of the individual
program. This makes it necessary to tailor the requirements for
an FMECA to each individual program. Tailoring requires that,
regardless of the degree of sophistication, the FMECA must
contribute meaningfully to program decision. A properly
performed FMECA is invaluable to those who are responsible for
making program decisions regarding the feasibility and adequacy
of a design approach.
The usefulness of the FMECA as a design tool and in the decision
making process is dependent upon the effectiveness with which
problem information is communicated for early design attention.
Probably the greatest criticism of the FMECA has been its limited
use in improving designs. The chief causes for this have been
untimeliness and the isolated performance of the FMECA without
adequate inputs to the design process. Timeliness is perhaps the
most important factor in differentiating between effective and
ineffective implementation of the FMECA. While the objective of
an FMECA is to identify all modes of failure within a system
design, its first purpose is the early identification of all
catastrophic and critical failure possibilities so they can be
eliminated or minimized through design correction at the earliest
possible time. Therefore, the FMECA should be initiated as soon
as preliminary design information is available at the higher
system levels and extended to the lower levels as more
information becomes available on the items in question.
Although the FMECA is an essential reliability task, it also
provides information for other purposes. The use of the FMECA is
called for in maintainability, safety analysis, survivability and
vulnerability, logistics support analysis, maintenance plan
analysis, and for failure detection and isolation subsystem
design. This coincident use must be a consideration in planning
the FMECA effort to prevent the proliferation of requirements and
the duplication of efforts within the same contractual program.
CONTENTS
Paragraph Page
1. SCOPE 1
1.1 Scope 1
1.2 Application 1
1.3 Numbering system 1
1.4 Revisions 1
1.4.1 Standard 1
1.4.2 Tasks 1
1.5 Method of reference 1
2. REFERENCED DOCUMENTS 1
2.1 Issues of documents 1
3. DEFINITIONS 3
3.1 Terms 3
3.1.1 Contractor 3
3.1.2 Corrective action 3
3.1.3 Compensating provision 3
3.1.4 Criticality 3
3.1.5 Criticality analysis (CA) 3
3.1.6 Severity 3
3.1.7 Damage effects 3
3.1.7.1 Primary damage effects 3
3.1.7.2 Secondary damage effects 3
3.1.8 Damage mode 3
3.1.9 Damage mode and effects analysis (DMEA) 4
3.1.10 Detection mechanism 4
3.1.11 Environments 4
3.1.12 Failure cause 4
3.1.13 Failure effect 4
3.1.13.1 Local effect 4
3.1.13.2 Next higher level effect 4
3.1.13.3 End effect 4
3.1.14 Failure mode 4
3.1.15 Failure mode and effects analysis (FMEA) 4
3.1.16 FMECA-Maintainability information 4
3.1.17 Indenture level 4
3.1.17.1 Initial indenture level 5
3.1.17.2 Other indenture levels 5
3.1.18 Interfaces 5
3.1.19 Single failure point 5
3.1.20 Threat mechanism 5
3.1.21 Undetectable failure 5
4. GENERAL REQUIREMENTS 5
4.1 General 5
4.2 Implementation 5
4.3 FMECA planning 5
4.3.1 Worksheet formats 6
4.3.2 Ground rules and assumptions 6
4.3.3 Indenture level 6
4.3.4 Coding system 6
4.3.5 Failure definition 7
4.3.6 Coordination of effort 7
4.4 General procedures 7
4.4.1 Contributing information 7
4.4.1.1 Technical specifications and development 7
plans
4.4.1.2 Trade-off study reports 8
4.4.1.3 Design data and drawings 8
4.4.1.4 Reliability data 8
4.4.2 FMEA process 8
4.4.3 Severity classification 9
4.5 FMECA Report 10
4.5.1 Summary 10
4.5.2 Reliability critical item lists 10
4.5.2.1 Category I and Category II failure mode list 11
4.5.2.2 Single failure points list 11
5. DETAIL REQUIREMENTS 11
5.1 Tasks 11
Tasks
101 FAILURE MODE AND EFFECTS ANALYSIS 101-1
102 CRITICALITY ANALYSIS 102-1
103 FMECA-MAINTAINABILITY INFORMATION 103-1
104 DAMAGE MODE AND EFFECTS ANALYSIS 104-1
105 FAILURE MODE, EFFECTS, AND CRITICALITY 105-1
ANALYSIS PLAN
FIGURES
Figure
Task 101
101.1 Example of a functional block diagram 101-9
101.2 Example of a reliability block diagram 101-10
101.3 Example of FMEA worksheet format 101-11
Task 102
102.1 Example of CA worksheet format 102-5
102.2 Example of criticality matrix 102-7
Task 103
103.1 Example of FMECA-maintainability 103-4
information worksheet form
Task 104
104.1 Example of damage mode and effects analysis 104-5
format
APPENDIX
APPENDIX A. APPLICATION AND TAILORING GUIDE A-1
10. GENERAL A-1
10.1 Scope A-1
10.2 Tailoring requirements A-1
10.3 Duplication of effort A-1
20. REFERENCED DOCUMENTS (not applicable) A-1
30. DEFINITIONS (not applicable) A-1
40. GENERAL REQUIREMENTS A-1
40.1 Ordering data A-1
40.2 Data item descriptions (DID) A-2
50. APPLICATION CRITERIA A-2
50.1 General considerations A-2
50.1.1 Level of detail A-2
50.1.2 Timing A-2
50.1.3 Intended use A-3
50.2 FMEA (task 101) A-3
50.3 CA (task 102) A-3
50.4 FMECA-maintainability information (task 103) A-3
50.5 DMEA (task 104) A-4
50.6 FMECA Plan (task 105) A-4
50.7 Criticality number (cr) calculation example A-4
MIL-STD-1629A
Notice 1
7 June 1983
MILITARY STANDARD
PROCEDURES FOR PERFORMING A FAILURE MODE EFFECTS AND CRITICALITY
ANALYSIS
To all holders of MIL-STD-1629A
1. The following pages of MIL-STD-1629A have been revised and
supersede the pages listed:
New Date Superseded Date
Page Page
v 24 November 1980 v Reprinted w/o change
vi 7 June 1983 vi 24 November 1980
1 24 November 1980 1 Reprinted w/o change
2 7 June 1983 2 24 November 1980
103-1 103-1
thru 7 June 1983 thru 24 November 1980
103-3 103-3
103-4 7 June 1983 New
A-3 7 June 1983 A-3 24 November 1980
A-4 7 June 1983 A-4 24 November 1980
2. Make the following pen and ink changes:
a. Page 105-1, paragraph 2, change title of MIL-STD-2080 to
"Maintenance Engineering Planning and Analysis for
Aeronautical Systems, Subsystems, Equipment and Support
Equipment."
b. Page 105-3, paragraph 3.6, line 2, change "PORGRAM" to
"PROGRAM."
c. Page A-6, paragraph 50.7, line that starts with "For
alpha2: add parentheses before beta.
3. RETAIN THIS NOTICE AND INSERT BEFORE TABLE OF CONTENTS.
4. Holders of MIL-STD-1629A will verify that the page changes
indicated herein have been entered. This notice will be retained
as a check sheet. This issuance is a separate publication. Each
notice is to be retained by stocking points until the Military
Standard is completely revised or canceled.
Custodians: Preparing Activity:
Army - CR Navy - AS
Air Force - 17 (Project No. RELI-0037)
Review Activities:
Navy - SH, OS
Army - EA, AR
1. SCOPE
1.1 Scope. This standard establishes requirements and
procedures for performing a failure mode, effects, and
criticality analysis (FMECA) to systematically evaluate and
document, by item failure mode analysis, the potential impact
of each functional or hardware failure on mission success,
personnel and system safety, system performance,
maintainability, and maintenance requirements. Each
potential failure is ranked by the severity of its effect in
order that appropriate corrective actions may be taken to
eliminate or control the high risk items.
1.2 Application. This standard applies to the acquisition
of all designated DoD systems and equipment. It primarily
applies to the program activity phases of demonstration and
validation and full-scale engineering development; e.g.,
design, research and development, and test and evaluation.
This standard also can be used during production and
deployment to analyze the final hardware design or any major
modifications. The FMECA tasks contained in this standard
apply to all items of equipment. This standard does not
apply to software. Appendix A contains additional
application and tailoring guidelines.
1.3 Numbering system. The tasks are numbered sequentially
as they are introduced into this standard with the first task
being number 101.
1.4 Revisions.
1.4.1 Standard. Any general revision of this standard which
results in a revision of sections 1, 2, 3, or 4 will be
indicated by revision letter after this standard number,
together with date of revision.
1.4.2 Tasks. Any revisions of FMECA tasks are indicated by
a letter following the task. For example, for task 101, the
first revision is 101A, the second revision is 101B. When
the basic document is revised, those requirements not
affected by change retain their existing date.
1.5 Method of reference. The tasks contained herein shall
be referenced by specifying:
a. This standard number.
b. Task number(s).
c. Other data as called for in individual task.
2. REFERENCED DOCUMENTS
2.1 Issues of documents. The following documents of the
issue in effect on the date of invitation for bid or request
for proposal, are referenced in this standard for information
and guidance.
SPECIFICATIONS
Military
MIL-M-24100 Manual, Technical; Functionally Oriented
Maintenance Manuals for Systems and Equipment
STANDARDS
Military
MIL-STD-280 Definitions of Item Levels, Item
Exchangeability, Models and Related Terms
MIL-STD-470 Maintainability Program Requirements (for
Systems and Equipment)
MIL-STD-721 Definitions of Terms for Reliability and
Maintainability
MIL-STD-756 Reliability Prediction
MIL-STD-780 Work Unit Codes for Aeronautical Equipment;
Uniform Numbering System
MIL-STD-785 Reliability Program for Systems and Equipment
Development and Production
MIL-STD-882 System Safety Program Requirements
MIL-STD-1388 Logistics Support Analysis
MIL-STD-1591 On Aircraft, Fault Diagnosis, Subsystems,
Analysis/Synthesis of
MIL-STD-2072 Survivability, Aircraft; Establishment and
Conduct of Programs for
MIL-STD-2080 Maintenance Engineering, Planning, and
Analysis the for Aeronautical Systems,
Subsystems, Equipment and Support Equipment
HANDBOOKS
Military
MIL-HDBK-217 Reliability Prediction of Electronic
Equipment
MIL-HDBK-266 Application of Reliability Centered
Maintenance to Naval Aircraft, Weapon Systems
and Support Equipment
(Copies of specifications, standards, drawings, and publications
required by contractors in connection with specific procurement
functions should be obtained from the procuring activity or as
directed by the contracting officer.)
3. DEFINITIONS
3.1 Terms. The definitions of terms used herein are in
accordance with the definitions in MIL-STD-280, MIL-STD-470,
MIL-STD-721, MIL-STD-780, MIL-STD-785, MIL-STD-882, and
MIL-STD-1388, with the exception and addition of the
following:
3.1.1 Contractor. A private sector enterprise engaged to
provide services or products within agreed limits specified by
a procuring activity. As used in this standard, the term
"contractor" includes government operated activities
developing or producing military systems and equipment.
3.1.2 Corrective action. A documented design, process,
procedure, or materials change implemented and validated to
correct the cause of failure or design deficiency.
3.1.3 Compensating provision. Actions that are available or
can be taken by an operator to negate or mitigate the effect
of a failure on a system.
3.1.4 Criticality. A relative measure of the consequences of
a failure mode and its frequency of occurrences.
3.1.5 Criticality analysis (CA). A procedure by which each
potential failure mode is ranked according to the combined
influence of severity and probability of occurrence.
3.1.6 Severity. The consequences of a failure mode.
Severity considers the worst potential consequence of a
failure, determined by the degree of injury, property damage,
or system damage that could ultimately occur.
3.1.7 Damage effects. The result(s) or consequence(s) a
damage mode has upon the operation, function, or status of a
weapon system or any component thereof. Damage effects are
classified as primary damage effects and secondary damage
effects.
3.1.7.1 Primary damage effects. The result(s) or
consequence(s) a damage mode has directly upon a weapon system
or any components thereof.
3.1.7.2 Secondary damage effects. The result(s) or
consequence(s) indirectly caused by the interaction of a
damage mode with a system, subsystem, or component thereof.
3.1.8 Damage mode. The manner by which damage is observed.
Generally describes the way the damage occurs.
3.1.9 Damage mode and effects analysis (DMEA). The analysis
of a system or equipment conducted to determine the extent of
damage sustained from given levels of hostile weapon damage
mechanisms and the effects of such damage modes on the
continued controlled operation and mission completion
capabilities of the system or equipment.
3.1.10 Detection mechanism. The means or methods by which a
failure can be discovered by an operator under normal system
operation or can be discovered by the maintenance crew by some
diagnostic action.
3.1.11 Environments. The conditions, circumstances,
influences, stresses and combinations thereof, surrounding and
affecting systems or equipment during storage, handling,
transportation, testing, installation, and use in standby
status and mission operation.
3.1.12 Failure cause. The physical or chemical processes,
design defects, quality defects, part misapplication, or other
processes which are the basic reason for failure or which
initiate the physical process by which deterioration proceeds
to failure.
3.1.13 Failure effect. The consequence(s) a failure mode has
on the operation, function, or status of an item. Failure
effects are classified as local effect, next higher level, and
end effect.
3.1.13.1 Local effect. The consequence(s) a failure mode has
on the operation, function, or status of the specific item
being analyzed.
3.1.13.2 Next higher level effect. The consequence(s) a
failure mode has on the operation, functions, or status of the
items in the next higher indenture level above the indenture
level under consideration.
3.1.13.3 End effect. The consequence(s) a failure mode has
on the operation, function, or status of the highest indenture
level.
3.1.14 Failure mode. The manner by which a failure is
observed. Generally describes the way the failure occurs and
its impact on equipment operation.
3.1.15 Failure mode and effects analysis (FMEA). A procedure
by which each potential failure mode in a system is analyzed
to determine the results or effects thereof on the system and
to classify each potential failure mode according to its
severity.
3.1.16 FMECA-Maintainability information. A procedure by
which each potential failure is analyzed to determine how the
failure is detected and the actions to be taken to repair the
failure.
3.1.17 Indenture levels. The item levels which identify or
describe relative complexity of assembly or function. The
levels progress from the more complex (system) to the simpler
(part) divisions.
3.1.17.1 Initial indenture level. The level of the total,
overall item which is the subject of the FMECA.
3.1.17.2 Other indenture levels. The succeeding indenture
levels (second, third, fourth, etc.) which represent an
orderly progression to the simpler division of the item.
3.1.18 Interfaces. The systems, external to the system being
analyzed, which provide a common boundary or service and are
necessary for the system to perform its mission in an
undegraded mode; for example, systems that supply power,
cooling, heating, air services, or input signals.
3.1.19 Single failure point. The failure of an item which
would result in failure of the system and is not compensated
for by redundancy or alternative operational procedure.
3.1.20 Threat mechanism. The means or methods which are
embodied or employed as an element of a man-made hostile
environment to produce damage effects on a weapon system and
its components.
3.1.21 Undetectable failure. A postulated failure mode in
the FMEA for which there is no failure detection method by
which the operator is made aware of the failure.
4. GENERAL REQUIREMENTS
4.1 General. The failure mode, effects, and criticality
analysis (FMECA) shall be planned and performed in accordance
with the general requirements of this standard and the task(s)
specified by the procuring activity.
4.2 Implementation. The FMECA shall be initiated early in
the design phase to aid in the evaluation of the design and to
provide a basis for establishing corrective action priorities.
The FMECA is an analysis procedure which documents all
probable failures in a system within specified ground rules,
determines by failure mode analysis the effect of each failure
on system operation, identifies single failure points, and
ranks each failure according to a severity classification of
failure effect. This procedure is the result of two steps
which, when combined, provide the FMECA. These two steps
are:
a. Failure mode and effects analysis (FMEA).
b. Criticality analysis (CA).
4.3 FMECA planning. Planning the FMECA work involves the
contractor's procedures for implementing the specified
requirements of this standard, updating the FMECA to reflect
design changes, and use of the analysis results to provide
design guidance. Worksheet formats, ground rules, analysis
assumptions, identification of the lowest indenture level of
analysis, coding system description, failure definitions, and
identification of coincident use of the FMECA by the
contractor's reliability organization and other organizational
elements shall be considered in the FMECA planning.
4.3.1 Worksheet formats. The contractor's formats, which
organize and document the FMECA and other analysis methods
contained herein, shall include the information shown in the
example formats in Figures 101.3, 102.1, 103.1 and 104.1. The
initial indenture level of analysis shall be identified (item
name) on each worksheet, and each successive indenture level
shall be documented on a separate worksheet or group of
worksheets.
4.3.2 Ground rules and assumptions. The contractor shall
develop ground rules and analysis assumptions. The ground
rules shall identify the FMECA approach (e.g., hardware,
functional or combination), the lowest indenture level to be
analyzed, and include general statements of what constitutes a
failure of the item in terms of performance criteria and
allowable limits. Every effort should be made to identify and
record all ground rules and analysis assumptions prior to
initiation of the analysis; however, ground rules and analysis
assumptions may be added for any item if requirements change.
Additional ground rules and analysis assumptions shall be
documented and separately identified for inclusion in the
FMECA report.
4.3.3 Indenture level. The indenture level applies to the
system hardware or functional level at which failures are
postulated. Unless otherwise specified, the contractor shall
establish the lowest indenture level of analysis using the
following guidelines:
a. The lowest level specified in the LSA candidate list
to assure complete inputs for each LSA candidate.
b. The lowest indenture level at which items are
assigned a catastrophic (Category I) or critical
(Category II) severity classification category (see
4.4.3).
c. The specified or intended maintenance and repair
level for items assigned a marginal (Category III) or
minor (Category IV) severity classification category (see
4.4.3).
4.3.4 Coding system. For consistent identification of system
functions and equipment and for tracking failure modes, the
contractor shall adhere to a coding system based upon the
hardware breakdown structure, work unit code numbering system
of MIL-STD-780, or other similar uniform numbering system.
The coding system shall be consistent with the reliability and
functional block diagram numbering system to provide complete
visibility of each failure mode and its relationship to the
system.
4.3.5 Failure definition. The contractor shall develop
general statements of what constitutes a failure of the item
in terms of performance parameters and allowable limits for
each specified output. The contractor's general statements
shall not conflict with any failure definitions specified
by the procuring activity.
4.3.6 Coordination of effort. Consideration shall be given
to the requirements to perform and use the FMECA in support of
a reliability program in accordance with MIL-STD-785,
maintainability program in accordance with MIL-STD-470, safety
program in accordance with MIL-STD-882, survivability and
vulnerability program in accordance with MIL-STD-2072,
logistics support analysis in accordance with MIL-STD-1388,
maintenance plan analysis (MPA) in accordance with
MIL-STD-2080, fault diagnosis analysis in general accordance
with MIL-STD-1591, and other contractual provisions. The
contractor shall identify the program organization responsible
for performing the FMECA and assure that the FMECA results
will be used by other organizational elements to preclude
duplication of effort.
4.4 General procedure. The FMECA shall be performed in
accordance with the requirements specified herein to
systematically examine the system to the lowest indenture
level specified by the procuring activity. The analysis shall
identify potential failure modes. When system definitions and
functional descriptions are not available to the specified
indenture level, the initial analysis shall be performed to
the lowest possible indenture level to provide optimum
results. When system definitions and functional definitions
are complete, the analysis shall be extended to the specified
indenture level.
4.4.1 Contributing information. System definition requires a
review of all descriptive information available on the system
to be analyzed. The following is representative of the
information and data required for system definition and
analysis.
4.4.1.1 Technical specifications and development plans.
Technical specifications and development plans generally
describe what constitutes and contributes to the various types
of system failure. These will state the system objectives and
specify the design and test requirements for operation,
reliability, and maintainability. Detailed information in the
plans will provide operational and functional block diagrams
showing the gross functions the system must perform for
successful operation. Time diagrams and charts used to
describe system functional sequence will aid in determining
the time-stress as well as feasibility of various means of
failure detection and correction in the operating system.
Acceptable performance limits under specified operating and
environmental conditions will be given for the system and
equipments. Information for developing mission and
environmental profiles will describe the mission performance
requirements in terms of functions describing the tasks to be
performed and related to the anticipated environments for each
mission phase and operating mode. Function-time relationships
from which the time-stress relationship of the environmental
conditions can be developed shall be presented. A definition
of the operational and environmental stresses the system is
expected to undergo, as well as failure definitions, will
either be provided or must be developed.
4.4.1.2 Trade-off study reports. These reports should
identify areas of marginal and state-of-the-art design and
explain any design compromises and operating restraints agreed
upon. This information will aid in determining the possible
and most probable failure modes and causes in the system.
4.4.1.3 Design data and drawings. Design data and drawings
identify each item and the item configuration that perform
each of the system functions. System design data and drawings
will usually describe the system's internal and interface
functions beginning at system level and progressing to the
lowest indenture level of the system. Design data will
usually include either functional block diagrams or schematics
that will facilitate construction of reliability block
diagrams.
4.4.1.4 Reliability data. The determination of the possible
and probable failure modes requires an analysis of reliability
data on the item selected to perform each of the system
internal functions. It is always desirable to use reliability
data resulting from reliability tests run on the specific
equipment to be used with the tests performed under the
identical conditions of use. When such test data are not
available, reliability data from MIL-HDBK-217 or from
operational experience and tests performed under similar use
conditions on items similar to those in the systems should be used.
4.4.2 FMEA process. The FMEA shall be initiated as an
integral part of early design process of system functional
assemblies and shall be updated to reflect design changes.
Current FMEA analysis shall be a major consideration at each
design review from preliminary through the final design. The
analysis shall be used to assess high risk items and the
activities underway to provide corrective actions. The FMEA
shall also be used to define special test considerations,
quality inspection points, preventive maintenance actions,
operational constraints, useful life, and other pertinent
information and activities necessary to minimize failure risk.
All recommended actions which result from the FMEA shall be
evaluated and formally dispositioned by appropriate
implementation or documented rationale for no action. Unless
otherwise specified, the following discrete steps shall be
used in performing an FMEA:
a. Define the system to be analyzed. Complete system
definition includes identification of internal and
interface functions, expected performance at all
indenture levels, system restraints, and failure
definitions. Functional narratives of the system
should include descriptions of each mission in terms of
functions which identify tasks to be performed for each
mission, mission phase, and operational mode. Narratives
should describe the environmental profiles, expected
mission times and equipment utilization, and the
functions and outputs of each item.
b. Construct block diagrams. Functional and reliability
block diagrams which illustrate the operation, inter-
relationships, and interdependencies of functional
entities should be obtained or constructed for each item
configuration involved in the system's use. All system
interfaces shall be indicated.
c. Identify all potential item and interface failure
modes and define their effect on the immediate function
or item, on the system, and on the mission to be
performed.
d. Evaluate each failure mode in terms of the worst
potential consequences which may result and assign a
severity classification category (see 4.4.3).
e. Identify failure detection methods and compensating
provisions for each failure mode.
f. Identify corrective design or other actions required
to eliminate the failure or control the risk.
g. Identify effects of corrective actions or other
system attributes, such as requirements for logistics
support.
h. Document the analysis and summarize the problems
which could not be corrected by design and identify the
special controls which are necessary to reduce failure
risk.
4.4.3 Severity classification. Severity classifications are
assigned to provide a qualitative measure of the worst
potential consequences resulting from design error or item
failure. A severity classification shall be assigned to each
identified failure mode and each item analyzed in accordance
with the loss statements below. Where it may not be possible
to identify an item or a failure mode according to the loss
statements in the four categories below, similar loss
statements based upon loss of system inputs or outputs shall
be developed and included in the FMECA ground rules for
procuring activity approval. Severity classification
categories which are consistent with MIL-STD-882 severity
categories are defined as follows:
a. Category I - Catastrophic - A failure which may
cause death or weapon system loss (i.e., aircraft, tank,
missile, ship, etc.)
b. Category II - Critical - A failure which may cause
severe injury, major property damage, or major system
damage which will result in mission loss.
c. Category III - Marginal - A failure which may cause
minor injury, minor property damage, or minor system
damage which will result in delay or loss of availability
or mission degradation.
d. Category IV - Minor - A failure not serious enough
to cause injury, property damage, or system damage, but
which will result in unscheduled maintenance or repair.
4.5 FMECA Report. The results of the FMEA and other related
analyses shall be documented in a report that identifies the
level of analysis, summarizes the results, documents the data
sources and techniques used in performing the analysis, and
includes the system definition narrative, resultant analysis
data, and worksheets. The worksheets shall be organized to
first display the highest indenture level of analysis and then
proceed down through decreasing indenture levels of the
system. The ground rules, analysis assumptions, and block
diagrams shall be included, as applicable, for each indenture
level analyzed. Interim reports shall be available at each
design review to provide comparisons of alternative designs
and to highlight the Category I and Category II failure modes,
the potential single failure points, and the proposed design
corrections. The final report shall reflect the final design
and provide identification of the Category I and Category II
failure modes and the single failure points which could not be
eliminated from the design.
4.5.1 Summary. The report shall contain a summary which
provides the contractor's conclusions and recommendations
based upon the analysis. Contractor interpretation and
comments concerning the analysis and the initiated or
recommended actions for the elimination or reduction of
failure risks shall be included. A design evaluation summary
of major problems detected during the analysis shall be
provided in the final report. A list of items omitted from
the FMEA shall be included with rationale for each item's
exclusion.
4.5.2 Reliability critical item lists. Reliability critical
item lists extracted from the FMEA shall be included in the
summary. The information provided for each item listed shall
include the following:
a. Item identification and FMEA cross-reference.
b. Description of design features which minimize the
occurrence of failure for the listed item.
c. Description of tests accomplished that verify design
features and tests planned at hardware acceptance or
during operations and maintenance that would detect the
failure mode occurrence.
d. Description of planned inspections to ensure
hardware is being built to design requirements, and
inspections planned during down-time or turnaround or
during maintenance that could detect the failure mode or
evidence of conditions that could cause the failure mode.
e. A statement relating to the history of this
particular design or a similar design.
f. Description of the method(s) by which the occurrence
of the failure mode is detected by the operator, and
whether a failure of a redundant or alternative operating
mode, when available, can be detected.
g. Rationale for not eliminating the related failure
mode(s).
4.5.2.1 Category I and Category II failure mode list. A list
of all Category I (catastrophic) and Category II (critical)
failure modes shall be provided. The information described
above shall be provided for each Category I and Category II
failure mode listed such that it is possible to identify
directly the FMEA entry and its related drawings and
schematics.
4.5.2.2 Single failure points list. A separate list of all
single failure points shall be provided. The information
described above shall be provided in the summary for each
single failure point listed such that it is possible to
identify directly the FMEA entry and its related drawings and
schematics. The criticality classification for each single
failure point shall be included in the listing.
5. DETAIL REQUIREMENTS
5.1 Tasks. The detail tasks for performing an FMEA and other
related analyses follow. The tasks for the related analyses
supplement and are dependent upon performing an FMEA in
accordance with Task 101.
Custodians: Preparing Activity
Army - CR Navy - AS
Air Force - 17 (Project No. RELI-0003)
Review Activities:
Navy - SH, OS
Army - EA, AR
TASK 101
FAILURE MODE AND EFFECTS ANALYSIS
1. Purpose. The purpose of the FMEA is to study the results
or effects of item failure on system operation and to classify
each potential failure according to its severity.
2. Documents referenced in Task 101:
SPECIFICATIONS
Military
MIL-M-24100 Manual, Technical, Functionally Oriented
Maintenance Manuals (FOMM) for Equipment and
Systems
STANDARDS
Military
MIL-STD-756 Reliability Prediction
MIL-STD-780 Definitions of Item Levels, Item
Exchangeability, Models and Related Terms:
3. Analysis approach. Variations in design complexity and
available data will generally dictate the analysis approach to be
used. There are two primary approaches for accomplishing an
FMEA. One is the hardware approach which lists individual
hardware items and analyzes their possible failure modes. The
other is the functional approach which recognizes that every item
is designed to perform a number of functions that can be
classified as outputs. The outputs are listed and their failure
modes analyzed. For complex systems, a combination of the
functional and hardware approaches may be considered. The FMEA
may be performed as a hardware analysis, a functional analysis,
or a combination analysis and may be initiated at either the
highest indenture level and proceed through decreasing indenture
levels (top-down approach) or at the part or assembly level and
proceed through increasing indenture levels (bottom-up approach)
until the FMEA for the system is complete.
3.1 Hardware approach. The hardware approach is normally
used when hardware items can be uniquely identified from
schematics, drawings, and other engineering and design data.
The hardware approach is normally utilized in a part level up
fashion (bottom-up approach); however, it can be initiated at
any level of indenture and progress in either direction. Each
identified failure mode shall be assigned a severity
classification which will be utilized during design to
establish priorities for corrective actions.
3.2 Functional approach. The functional approach is normally
used when hardware items cannot be uniquely identified or when
system complexity requires analysis from the initial indenture
level downward through succeeding indenture levels. The
functional approach is normally utilized in an initial
indenture level down fashion (top-down approach); however, it
can be initiated at any level of indenture and progress in
either direction. Each identified failure mode shall be
assigned a severity classification which will be utilized
during design to establish priorities for corrective actions.
3.3 Failure mode severity classification. Severity
classifications are assigned to each failure mode and each
item to provide a basis for establishing corrective action
priorities. First priority shall be given to the elimination
of the identified Category I (catastrophic) and Category II
(critical) (see General Requirements, 4.4.3) failure modes.
Where the loss of input or output at a lower indenture level
is critical to the operational success of a higher indenture
level, action shall be taken to eliminate or control the
identified failure modes. When identified Category I and
Category II failure modes cannot be eliminated or controlled
to levels acceptable to the procuring activity, alternative
controls and recommendations shall be presented to the
procuring activity.
4. Procedure. Each single item failure, as its effects are
analyzed, is to be considered the only failure in the system.
Where a single item failure is non-detectable, the analysis shall
be extended to determine the effects of a second failure, which
in combination with the first undetectable failure, could result
in a catastrophic or critical failure condition. Passive and
multiple failures which may result in catastrophic or critical
conditions shall also be identified. When safety, redundant, or
back-up items exist, failure assumptions shall be broadened to
include the failure conditions which resulted in the need for the
safety, redundant, or back-up item. Design changes or special
control measures shall be identified and defined for all
catastrophic (Category I) and critical (Category II) failure
modes. All single failure points identified during the analyses
shall be uniquely identified on the FMEA worksheets to maintain
visibility of these failure modes.
4.1 System definition. The first step in performing the FMEA
is to define the system to be analyzed. Functional narratives
shall be developed for each mission, mission phase, and
operational mode and include statements of primary and
secondary mission objectives. The narratives shall include
system and part descriptions for each mission phase and
operational mode, expected mission times and equipment
utilization, functions and output of each item, and conditions
which constitute system and part failure.
4.1.1 Mission functions and operational modes. The system
definition shall include descriptions of each mission in terms
of functions which identify the task to be performed and the
functional mode of operation for performing the specific
function. Mission functions and operational modes shall be
identified starting at the highest system level and
progressing to the lowest indenture level to be analyzed.
When more than one method of performing a particular function
is available, the alternative operational modes shall be
identified. All multiple functions utilizing different
equipment or groups of equipment also shall be identified.
The functions and outputs for each indenture level also may be
presented in a function-output list or in narrative form.
4.1.2 Environmental profiles. The environmental profiles
which present the anticipated environmental conditions for
each mission and mission phase shall be defined. When a
system will be utilized in more than one environment each
different environmental profile shall be described. The
intended use, through time, of the system and its equipments
shall be developed from the mission time statements for each
environmental profile. The use time-environment phasing is
used in determining the time-stress relationships and the
feasibility of failure detection methods and compensating
provisions in the operating system.
4.1.3 Mission time. A quantitative statement of system
function-time requirements shall be developed and included in
the system definition. Function-time requirements shall be
developed for items which operate in different operational
modes during different mission phases and for items which
function only if required.
4.1.4 Block diagrams. Block diagrams which illustrate the
operation, interrelationships, and interdependencies of
functional entities of a system shall be constructed to
provide the ability for tracing failure mode effects through
all levels of indenture. Both functional and reliability
block diagrams are required to show the functional flow
sequence and the series dependence or independence of
functions and operations. Block diagrams may be constructed
in conjunction with or after defining the system and shall
present the system as a breakdown of its major functions.
More than one block diagram will usually be required to
display alternative modes of operation, depending upon the
definition established for the system. All inputs and outputs
of the item as a whole shall be shown on the diagram and
clearly labeled. Each block shall be designated by a
consistent and logical item number that reflects the
functional system breakdown order. A uniform numbering system
developed in functional system breakdown order is required to
provide traceability and tracking through all levels of
indenture. MIL-STD-780 provides an example of a uniform
numbering system for aeronautical equipment that can be used
as a guide in the development of a consistent and logical
identification code for block diagrams. Figures 101.1 and
101.2 depict examples of functional and reliability block
diagrams.
4.1.4.1 Functional block diagrams. A functional block
diagram illustrates the operation and interrelationships
between functional entities of a system as defined in
engineering data and schematics. A functional block diagram
will provide a functional flow sequence for the system and
each indenture level of analysis and present hardware
indenture and can be used for both hardware and functional
method FMEA's. MIL-M-24100 procedures and techniques for
developing major function diagrams may be used for guidance in
developing functional block diagrams.
4.1.4.2 Reliability block diagrams. A reliability block
diagram defines the series dependence or independence of all
functions of a system or functional group for each life-cycle
event. The reliability block diagram will provide
identification of function interdependencies for the system
and can be used for a functional method FMEA. MIL-STD-756
procedures illustrate a method which may be used to develop
reliability block diagrams.
5. FMEA worksheet. The documentation of the FMEA is the next
step and is accomplished by completing the columns of the
approved FMEA worksheet. An example of an FMEA worksheet format
is shown in Figure 101.3.
5.1 Identification number. A serial number or other
reference designation identification number is assigned for
traceability purposes and entered on the worksheet. A uniform
identification code in accordance with General Requirements,
4.3.4, shall be used to provide consistent identification of
system functions an equipment and provide complete visibility
of each failure mode and its relationship to the system
function identified in the applicable block diagram.
5.2 Item/functional identification. The name or nomenclature
of the item or system function being analyzed for failure mode
and effects is listed. Schematic diagram symbols or drawing
numbers shall be used to properly identify the item or
function.
5.3 Function. A concise statement of the function performed
by the hardware item shall be listed. This shall include both
the inherent function of the part and its relationship to
interfacing items.
5.4 Failure modes and causes. All predictable failure modes
for each indenture level analyzed shall be identified and
described. Potential failure modes shall be determined by
examination of item outputs and functional outputs identified
in applicable block diagrams and schematics. Failure modes
of the individual item function shall be postulated on the
basis of the stated requirements in the system definition
narrative and the failure definitions included in the ground
rules. The most probable causes associated with the
postulated failure mode shall be identified and described.
Since a failure mode may have more than one cause, all
probable independent causes for each failure mode shall be
identified and described. The failure causes within the
adjacent indenture levels shall be considered. For example,
failure causes at the third indenture level shall be
considered when conducting a second indenture level analysis.
Where functions shown on a block diagram are performed by a
replaceable module in the system, a separate FMEA shall be
performed on the internal functions of the module, viewing the
module as a system. The effects of possible failure modes in
the module inputs and outputs describe the failure modes of
the module when it is viewed as an item within the system. To
assist in assuring that a complete analysis is performed, each
failure mode and output function shall, as a minimum, be
examined in relation to the following typical failure
conditions:
a. Premature operation.
b. Failure to operate at a prescribed time.
c. Intermittent operation.
d. Failure to cease operation at a prescribed time.
e. Loss of output or failure during operations.
f. Degraded output or operational capability.
g. Other unique failure conditions, as applicable, based
upon system characteristics and operational requirements
or constraints.
5.5 Mission phase/operational mode. A concise statement of
the mission phase and operational mode in which the failure
occurs. Where subphase, event, or time can be defined from
the system definition and mission profiles, the most
definitive timing information should also be entered for the
assumed time of failure occurrence.
5.6 Failure effect. The consequences of each assumed failure
mode on item operation, function, or status shall be
identified, evaluated, and recorded. Failure effects shall
focus on the specific block diagram element which is affected
by the failure under consideration. The failure under
consideration may impact several indenture levels in addition
to the indenture level under analysis; therefore, "local,"
"next higher level," and "end" effects shall be evaluated.
Failure effects shall also consider the mission objectives,
maintenance requirements and personnel and system safety.
5.6.1 Local effects. Local effects concentrate specifically
on the impact an assumed failure mode has on the operation and
function of the item in the indenture level under
consideration. The consequences of each postulated failure
affecting the item shall be described along with any second-
order effects which result. The purpose of defining local
effects is to provide a basis for evaluating compensating
provisions and for recommending corrective actions. It is
possible for the "local" effect to be the failure mode itself.
5.6.2 Next higher level. Next higher level effects
concentrate on the impact an assumed failure has on the
operation and function of the items in the next higher
indenture level above the indenture level under consideration.
The consequences of each postulated failure affecting the next
higher indenture level shall be described.
5.6.3 End effects. End effects evaluate and define the total
effect an assumed failure has on the operation, function, or
status of the uppermost system. The end effect described may
be the result of a double failure. For example, failure of a
safety device may result in a catastrophic end effect only in
the event that both the prime function goes beyond limit for
which the safety device is set and the safety device fails.
Those end effects resulting from a double failure shall be
indicated on the FMEA worksheets.
5.7 Failure detection method. A description of the methods
by which occurrence of the failure mode is detected by the
operator shall be recorded. The failure detection means, such
as visual or audible warning devices, automatic sensing
devices, sensing instrumentation, other unique indications,
or none shall be identified.
5.7.1 Other indications. Descriptions of indications which
are evident to an operator that a system has malfunctioned or
failed, other than the identified warning devices, shall be
recorded. Proper correlation of a system malfunction or
failure may require identification of normal indications as
well as abnormal indications. If no indication exists,
identify if the undetected failure will jeopardize the mission
objectives or personnel safety. If the undetected failure
allows the system to remain in a safe state, a second failure
situation should be explored to determine whether or not an
indication will be evident to an operator. Indications to the
operator should be described as follows:
a. Normal. An indication that is evident to an
operator when the system or equipment is operating
normally.
b. Abnormal. An indication that is evident to an
operator when the system has malfunctioned or failed.
c. Incorrect. An erroneous indication to an operator
due to the malfunction or failure of an indicator (i.e.,
instruments, sensing devices, visual or audible warning
devices, etc.).
5.7.2 Isolation. Describe the most direct procedure that
allows an operator to isolate the malfunction or failure. An
operator will know only the initial symptoms until further
specific action is taken such as performing a more detailed
built-in-test (BIT). The failure being considered in the
analysis may be of lesser importance or likelihood than
another failure that could produce the same symptoms and this
must be considered. Fault isolation procedures require a
specific action or series of actions by an operator, followed
by a check or cross reference either to instruments, control
devices, circuit breakers, or combinations thereof. This
procedure is followed until a satisfactory course of action is
determined.
5.8 Compensating provisions. The compensating provisions,
either design provisions or operator actions, which circumvent
or mitigate the effect of the failure shall be identified and
evaluated. This step is required to record the true behavior
of the item in the presence of an internal malfunction or
failure.
5.8.1 Design provisions. Compensating provisions which are
features of the design at any indenture level that will
nullify the effects of a malfunction or failure, control, or
deactivate system items to halt generation or propagation of
failure effects, or activate backup or standby items or
systems shall be described. Design compensating provisions
include:
a. Redundant items that allow continued and safe
operation.
b. Safety or relief devices such as monitoring or alarm
provisions which permit effective operation or limits
damage.
c. Alternative modes of operation such as backup or
standby items or systems.
5.8.2 Operator actions. Compensating provisions which
require operator action to circumvent or mitigate the effect
of the postulated failure shall be described. The
compensating provision that best satisfies the indication(s)
observed by an operator when the failure occurs shall be
determined. This may require the investigation of an
interface system to determine the most correct operator
action(s). The consequences of any probable incorrect
action(s) by the operator in response to an abnormal
indication should be considered and the effects recorded.
5.9 Severity classification. A severity classification
category (see 4.4.3) shall be assigned to each failure mode
and item according to the failure effect. The effect on the
functional condition of the item under analysis caused by the
loss or degradation of output shall be identified so the
failure mode effect will be properly categorized. For lower
levels of indenture where effects on higher indenture levels
are unknown, a failure's effect on the indenture level under
analysis shall be described by the severity classification
categories.
5.10 Remarks. Any pertinent remarks pertaining to and
clarifying any other column in the worksheet line shall be
noted. Notes regarding recommendations for design
improvements shall be recorded and further amplified in the
FMECA report, General Requirements, 4.5. This entry also may
include a notation of unusual conditions, failure effects of
redundant items, recognition of particularly critical design
features or any other remarks that amplify the line entry.
Since it is improbable that all failure modes in Category I
and Category II can be designed out, information shall be
provided that other reasonable actions and considerations are
or have been accomplished to reduce occurrence of a given
failure mode and provide a qualitative basis or rationale for
acceptance of the design. The rationale for acceptance of
Category I and Category II failure modes shall address the
following:
a. Design. Those features of the design that relate to
the identified failure mode that minimize the occurrence
of the failure mode; i.e., safety factors, parts derating
criteria, etc.
b. Test. Those tests accomplished that verify the
design features and tests at hardware acceptance or
during ground turnaround or maintenance that would detect
the failure mode occurrence.
c. Inspection. The inspection accomplished to ensure
that the hardware is being built to the design
requirements and the inspection accomplished during
turnaround operations or maintenance that would detect
the failure mode or evidence of conditions that could
cause the failure mode.
d. History. A statement of history relating to this
particular design or a similar design.
6. Ordering data. The following details shall be specified in
the appropriate contractual documents:
a. FMECA plan, if required (see Task 105).
b. Indenture level (see General Requirements, 4.3.3).
c. DI-R-7085 (FMECA Report should be specified when
deliverable data is desired in conjunction with general
requirements, Section 4.5).
TASK 102
CRITICALITY ANALYSIS
1. Purpose. The purpose of the criticality analysis (CA) is to
rank each potential failure mode identified in the FMEA Task 101,
according to the combined influence of severity classification
and its probability of occurrence based upon the best available
data.
1.1 Application. The CA, Task 102, supplements the FMEA,
Task 101, and shall not be imposed without the imposition of
Task 101.
2. Documents referenced in Task 102:
HANDBOOKS
Military
MIL-HDBK-217 Reliability Prediction of Electronic
Equipment
3. Analysis approach. One approach from the two specified in
3.1 and 3.2 of Task 102 shall be selected. The availability of
specific parts configuration data and failure rate data will
determine the analysis approach to be used. The qualitative
approach is appropriate when specific failure rate data are not
available. The failure probability levels, when used, should
be modified as the system is better defined. As parts
configuration data and failure rate data become available,
criticality numbers should be calculated and incorporated in the
analysis.
3.1 Qualitative approach. Failure modes identified in the
FMEA are assessed in terms of probability of occurrence when
specific parts configuration or failure rate data are not
available. Individual failure mode probabilities of
occurrence should be grouped into distinct, logically defined
levels, which establish the qualitative failure probability
level for entry into the appropriate CA worksheet column.
Probability of occurrence levels are defined as follows:
a. Level A - Frequent. A high probability of occurrence
during the item operating time interval. High
probability may be defined as a single failure mode
probability greater than 0.20 of the overall probability
of failure during the item operating time interval.
b. Level B - Reasonably probable. A moderate
probability of occurrence during the item operating time
interval. Probable may be defined as a single failure
mode probability of occurrence which is more than 0.10
but less than 0.20 of the overall probability of failure
during the item operating time.
c. Level C - Occasional. An occasional probability of
occurrence during item operating time interval.
Occasional probability may be defined as a single failure
mode probability of occurrence which is more than 0.01
but less than 0.10 of the overall probability of failure
during the item operating time.
d. Level D - Remote. An unlikely probability of
occurrence during item operating time interval. Remote
probability may be defined as a single failure mode
probability of occurrence which is more than 0.001 but
less than 0.01 of the overall probability of failure
during the item operating time.
e. Level E - Extremely Unlikely. A failure whose
probability of occurrence is essentially zero during item
operating time interval. Extremely unlikely may be
defined as a single failure mode probability of
occurrence which is less than 0.001 of the overall
probability of failure during the item operating time.
3.2 Quantitative approach. The failure rate data source used
for the quantitative approach shall be the same as that used
for the other reliability and maintainability analyses
required by contract. When other analyses are not required by
contract or a failure rate data source has not been specified
by the procuring activity, failure rates and failure rate
adjustment factors (e.g., environmental and quality pi-
factors) shall be derived as follows:
a. MIL-HDBK-217 shall be the primary source of failure
rate data for electronic parts. Both the base failure
rate and all failure rate adjustment factors shall be
identified.
b. When parts are similar to those listed in
MIL-HDBK-217, base failure rates shall be selected from
MIL-HDBK-217 and shall include other adjustment factors,
such as special quality pi-factors, as may be required to
modify the MIL-HDBK-217 data for applicability to the
particular part.
c. Failure rate data for parts not covered by
MIL-HDBK-217 shall be selected from alternative data
sources.
3.2.1 CA worksheet. Items in this section and related
subsections apply when a quantitative approach has been
specified. The calculation of a criticality number or
assignment of a probability of occurrence level and its
documentation are accomplished by completing the columns of
the approved CA worksheet. An example of a CA worksheet
format is shown in Figure 102.1. Completed CA worksheets
shall be included in the FMECA report, General Requirements,
4.5, following the FMEA worksheet for the same indenture
level. The following information is the same as given in the
FMEA worksheet and shall be transferred to the CA worksheet:
a. Identification number
b. Item/Functional identification
c. Function
d. Failure modes and causes
e. Mission phase/operational mode
f. Severity classification
3.2.1.1 Failure probability/failure rate data source. When
failure modes are assessed in terms of probability of
occurrence, the failure probability of occurrence level shall
be listed. When failure rate data are to be used in the
calculation of criticality numbers, the data source of the
failure rates used in each calculation shall be listed. When
a failure probability is listed, the remaining columns are not
required and the next step will be the construction of a
criticality matrix (see 4 of Task 102).
3.2.1.2 Failure effect probability (Beta). The Beta values
are the conditional probability that the failure effect will
result in the identified criticality classification, given
that the failure mode occurs. The Beta values represent the
analyst's judgment as to the conditional probability the loss
will occur and should be quantified in general accordance with
the following:
Failure effect Beta value
Actual loss 1.00
Probable loss >0.10 to <1.00
Possible loss >0 to = 0.10
No effect 0
3.2.1.3 Failure mode ratio (alpha). The fraction of the
part failure rate (lambdap) related to the particular failure
mode under consideration shall be evaluated by the analyst and
recorded. The failure mode ratio is the probability expressed
as a decimal fraction that the part or item will fail in the
identified mode. If all potential failure modes of a
particular part or item are listed, the sum of the alpha
values for that part or item will equal one. Individual
failure mode multipliers may be derived from failure rate
source data or from test and operational data. If failure
mode data are not available, the alpha values shall represent
the analyst's judgement based upon an analysis of the item's
functions.
3.2.1.4 Part failure rate (lambdap). The part failure rate
(lambdap) from the appropriate reliability prediction or as
calculated using the procedure described in MIL-HDBK-217,
shall be listed. Where appropriate, application factors
(piA), environmental factors (piE), and other pi-factors as
may be required shall be applied to the base failure rates
(lambdab) obtained from handbooks or other reference material
to adjust for differences in operating stresses. Values of
pi-factors utilized in computing lambdap shall be listed.
3.2.1.5 Operating time (t). The operating time in hours or
the number of operating cycles of the item per mission shall
be derived from the system definition and listed on the
worksheet.
3.2.1.6 Failure mode criticality number (Cm). The value of
the failure mode criticality number (Cm) shall be calculated
and listed on the worksheet. Cm is the portion of the
criticality number for the item due to one of its failure
modes under a particular severity classification. For a
particular severity classification and operational phase, the
Cm for a failure mode may be calculated with the following
formula:
3.2.1.7 Item criticality numbers (Cr). The second
criticality number calculation is for the item under analysis.
Criticality numbers (Cr) for the items of the system shall be
calculated and listed on the worksheet. A criticality number
for an item is the number of system failures of a specific
type expected due to the item's failure modes. The specific
type of system failure is expressed by the severity
classification for the item's failure modes. For a particular
severity classification and mission phase, the Cr for an item
is the sum of the failure mode criticality numbers, Cm, under
the severity classification and may also be calculated using
the following formula:
4. Criticality matrix. The criticality matrix provides a means
of identifying and comparing each failure mode to all other
failure modes with respect to severity. The matrix is
constructed by inserting item or failure mode identification
numbers in matrix locations representing the severity
classification category and either the probability of occurrence
level or the criticality number (Cr) for the item's failure
modes. The resulting matrix display shows the distribution of
criticality of item failure modes and provides a tool for
assigning corrective action priorities. As shown in Figure
102.2, the further along the diagonal line from the origin the
failure mode is recorded, the greater the criticality and the
more urgent the need for implementing corrective action. The
example criticality matrix in Figure 102.2 was constructed to
show how either the criticality number (Cr) or probability of
occurrence level can be used for the vertical axis. The
completed criticality matrix shall be included in the FMECA
report, General Requirements, 4.5.
5. Ordering data. The following details shall be specified in
the appropriate contractual documents:
a. Task 101 (see 1.1 of Task 102).
b. Analysis approach (see 3 of Task 102).
c. Failure rate data source(s) (see 3.2 of Task 102) if
quantitative approach is specified.
TASK 103
FMECA - MAINTAINABILITY INFORMATION
1. Purpose. FMECA-maintainability information supplies early
criteria for Maintenance Planning Analysis (MPA), Logistic
Support Analysis (LSA), test planning, inspection and checkout
requirements, and identifies maintainability design features that
require corrective action, and supplies information for the
Reliability-Centered Maintenance (RCM) process required by
MIL-HDBK-266(AS).
1.1 Application. The FMECA maintainability information
requires data from the FMEA Task 101. Task 103 shall not be
done without first doing Task 101.
1.2 Planning. Planning for the FMECA - maintainability
information analysis includes the contractor's procedures for
assuring the coincident use of this analysis when logistic
support analysis in accordance with MIL-STD-1388, the
maintenance planning analysis in accordance with
MIL-STD-2080(AS), and maintainability analysis in accordance
with MIL-STD-470 are required by contract.
2. Documents Referenced in Task 103:
STANDARDS
Military
MIL-STD-470 Maintainability program requirements (for
systems and equipment)
MIL-STD-1388 Logistics Support Analysis
MIL-STD-2080(AS) Maintenance Engineering, Planning and
Analysis for Aeronautical Systems,
Subsystems, Equipment and Support Equipment
HANDBOOKS
MIL-HDBK-266(AS) Application of Reliability-Centered
Maintenance in Naval Aircraft, Weapon Systems
and Support Equipment
3. FMECA-Maintainability information Worksheet. Maintainability
information is documented on the approved FMECA - maintainability
worksheet. Figure 103.1 is a sample worksheet. Complete
worksheets will be included in the FMECA report, General
Requirements, 4.5, following the FMEA worksheet for the same
indenture level. The following information can be found and
copied from the FMEA worksheet:
a. Item Identification Number
b. Item Nomenclature
c. Function
d. Functional Failure (Failure Mode (Task 101))
e. Engineering Failure Mode (Failure Causes (Task 101))
f. Failure Effects (local, next higher level, end)
g. Severity Class
h. Mission Phase
3.1 System/Subsystem Description. Provide a concise
description of the system or subsystem in terms of its general
function and major assemblies or components.
3.2 Compensating provisions. This entry shall specifically
address redundancies and protective features in relation to
functions and functional failures. An item is considered
redundant if its purpose is to duplicate the function of
another item. Also list the protective or warning devices, or
fail-safe design, that act to mitigate serious consequences
upon failure of a critical item.
3.3 Functions. Functions and subfunctions should be
transferred from Task 101 worksheets. A number shall be
placed in the small column next to each function. The first
function will be numbered 1, the second 2, and so on.
3.4 Functional Failures. Record the functional failure
(failure mode from Task 101). Functional failures shall be
lettered alphabetically beginning with "A". Note that a
function may have more than one functional failure (failure
mode, Task 101).
3.5 Engineering Failure Mode. Record the engineering failure
modes (failure causes from Task 101). Engineering failure
modes shall be numbered beginning with "1". Note that a
functional failure may have more than one engineering failure
mode (failure cause, Task 101).
3.6 Minimum Equipment List. Specify if the aircraft or end
item of equipment can be dispatched on its assigned mission
with the analysis item inoperative. If the answer is "yes",
specify any limitation.
3.7 Failure Detection Method. A description of the methods
by which occurrence of a specific functional failure (failure
mode) is detected and localized by the operator or maintenance
technician shall be recorded. Describe the warning devices,
if applicable, and other indications which make evidence to
the operator or technician that an item has malfunctioned or
failed. If no indication exists, state whether or not the
undetected failure will jeopardize the mission objectives or
personnel safety, and if the undetected failure allows the
item to remain operational in a safe state, a second failure
situation shall be explored to determine whether or not an
indication will be evident to the operator or maintenance
technician. Proper correlation of an item malfunction or
failure may require identification of normal, abnormal and
incorrect indications. Normal indications are those that
are evident to an operator or maintenance technician when the
item is operating normally. Incorrect indications are those
that are evident to the operator or maintenance technician
when the item has malfunctioned or failed.
3.8 Engineering Failure Mode MTBF and Remarks. Calculate and
provide MTBF data for each engineering failure mode (failure
cause) developed as part of Task 101. Also include any
remarks pertaining to and clarifying any other columns. Notes
regarding recommendations for design improvements shall be
recorded and further amplified in the FMECA report, General
Requirements, 4.5.
3.9 Ordering Data. The following details shall be specified
in the appropriate contractual documents:
a. Task 101 (see 1.1 of Task 103)
b. DI-R-7085
c. DI-R-7086
d. The Statement of Work
e. Other requirements as necessary for tailoring.
TASK 104
DAMAGE MODE AND EFFECTS ANALYSIS
1. Purpose. The purpose of the damage mode and effects
analysis (DMEA) is to provide early criteria for survivability
and vulnerability assessments. The DMEA provides data related to
damage caused by specified threat mechanisms and the effects on
weapon system operation and mission essential functions.
1.2 Application. The DMEA, Task 104, utilizes the results of
Task 101, and shall not be imposed without imposition of Task
101.
1.3 Planning. Planning the DMEA includes the contractor's
procedures for assuring the timeliness of the analysis and its
utilization in the vulnerability assessments of the weapon
system.
2. Analysis approach. The DMEA is an expansion of the FMEA to
include the generation of data required for vulnerability
assessments. It is primarily applicable to new weapon system
acquisitions but may be applied to developed (existing) weapon
systems where data is required to provide criteria for a
survivability enhancement program.
2.1 New weapon systems. The DMEA is an expansion of the FMEA
conducted and maintained for the weapon system design during
conceptual, validation, and full scale development. The DMEA
shall consider all failure modes and damage modes that can
occur to each item and the effect each has on the weapon
system. The relationship between the weapon system essential
functions, mission capabilities, hostile threat capabilities,
and hostile weapon effects shall be analyzed to provide design
criteria for survivability enhancement.
2.2 Developed weapon systems. When specified, a DMEA is
conducted to identify all subsystems and components in a
developed (existing) weapon system to the level defined by the
procuring agency. The DMEA is used to provide data related to
the impact of Engineering Change Proposals (ECPs) and retrofit
programs on total weapon system survivability. Threats should
be periodically assessed to determine if the weapon system is
still capable of operating effectively in a hostile
environment.
3. Procedure. The FMEA shall be expanded to provide data
related to the damage cause by threat mechanisms and the effects
upon weapon system operation and mission essential functions.
The damage mode(s) for each essential component as caused by the
specified threat mechanism(s) shall be identified and the effect
on the essential function(s) of the weapon system determined.
The analysis shall include all identified operation and mission
essential subsystems and components. The type of damage mode
that each component can experience (i.e., fire, explosion, engine
fuel ingestion, toxic fumes, smoke-corrosive materials, etc.) and
the primary and secondary damage effects to which each component
can be exposed shall be identified. Each nonessential component
also shall be examined to determine if a hazardous
environment may be created by its sustaining the type or level of
damage identified. This shall also include any cascading effect
on other subsystems from an initial system or component response.
The essential components that may be exposed to the hazardous
environments shall be identified.
3.1 Weapon system operation and mission essential functions.
The requirements for weapon system operation and mission
essential functions shall be determined for each mission phase
and included in the functional narrative developed in 4. of
Task 101. The weapon system operation and mission essential
functions shall be established down to the indenture that
individual subsystems and major components required to perform
the function can be identified.
3.2 Identification of critical components. Using the system
schematic or functional block diagram, the assigned severity
codes, and the established weapon system operation and mission
essential functions, each subsystem and major component
required to perform each mission essential function shall be
identified. The reliability block diagram shall be used to
identify subsystem and function redundancies. A critical
components listing shall be included with the functional
narrative and with the DMEA worksheets in the FMECA report,
General Requirements, 4.5.
4. DMEA worksheet. Documentation of the DMEA is accomplished
by completing the columns of the approved DMEA worksheet. An
example of a DMEA worksheet format is shown in Figure 104.1.
Completed DMEA worksheets shall be included in the FMECA report,
General Requirement, 4.5, following the FMEA worksheet for the
same indenture level. The following information is the same as
given in the FMEA worksheet and shall be transferred to the DMEA
worksheet:
a. Identification number
b. Item/functional identification
c. Function
d. Failure modes and causes
e. Mission phase/operational mode
f. Severity classification
4.1 Damage modes. All possible damage modes which could
result from exposure to the specified threat mechanism(s)
shall be determined through analysis of each subsystem,
component, or part. The analysis shall include both primary
and secondary damage effects. Damage modes of individual item
functions shall be postulated on the basis of the stated
mission requirements, specified threats, and system
descriptions. The effects of the possible damage mode shall
include performance degradation as well as total item failure.
To assist in assuring that a complete damage mode analysis is
performed, each damage mode and function shall, as a minimum,
be examined in relation to the following typical damage
conditions.
a. Penetration
b. Severed
c. Shattered, cracked
d. Jammed
e. Deformed
f. Ignited, detonated
g. Burned out (i.e., electrical overload)
h. Burn through (i.e., threat caused fires)
4.2 Damage effects. The consequences of each assumed damage
mode on item operation, function or status shall be
identified, evaluated, and recorded. Damage effects shall
focus on the specific block diagram element which is effected
by the damage condition under consideration. The damage mode
under consideration may impact several indenture levels in
addition to the indenture level under analysis; therefore,
"local," "next higher level," and "end" effects shall be
evaluated.
4.2.1 Local effects. Local effects concentrate specifically
on the impact an assumed damage mode has on the operation and
function of the item in the indenture level under
consideration. The consequences of each postulated damage
mode affecting the item shall be described along with any
second-order effects which results. Potential conditions
where the damage of one item results in a conditional failure
probability or effect of a second item which differs from the
failure probability or effect when the second item is
considered independently shall be identified. The purpose of
defining local effects is to provide a basis for evaluating
compensating provisions and for recommending survivability
enhancement. It is possible for the "local" effect to be the
damage mode itself.
4.2.2 Next higher level. Next higher level effects
concentrate on the impact an assumed damage mode has on the
operation and function of the items in the next higher
indenture level above the indenture level under consideration.
The consequences of each postulated damage mode affecting
the next higher indenture level shall be described.
4.2.3 End effects. End effects evaluate and define the total
effect an assumed damage mode has on the operation, function,
or status of the uppermost system. The effect of each damage
mode upon the essential function(s) affecting weapon system
operating capability and mission completion capability shall
be determined. The end effect described may be the result of
a double failure. For example, failure of a safety device may
result in a catastrophic end effect only in the event that
both the prime function goes beyond limit for which the safety
device is set and the safety device fails. Those end effects
resulting from a double failure shall be indicated on the DMEA
worksheets.
4.3 Remarks. Any pertinent remarks pertaining to and
clarifying any other column in the worksheet line shall be
noted. Notes regarding recommendations for design improvement
shall be recorded and further amplified in the FMECA report,
General Requirements, 4.5. This entry also may include a
notation of unusual conditions, damage effects of redundant
items, recognition of particularly critical design features or
any other remarks that amplify the line entry. Information
shall be provided that reasonable actions and considerations
are or have been accomplished to enhance survivability through
recommended design changes. Information provided shall
address the following:
a. Design. Those features of the design that relate to
the identified damage mode that minimize the
vulnerability with respect to the specified threat
mechanisms; i.e., redundancy, separation of components,
lines, and structure, elimination of fire paths, integral
armor, etc.
b. Test. Those tests recommended to verify the design
features recommended or incorporated for survivability
enhancement.
c. History. Identification of previous testing and
analysis relating to this particular case which will be
used to support the validity.
5. Ordering data. The following details shall be specified in
the appropriate contractual documents:
a. Task 101 (see 1.2 of Task 104).
b. Threat mechanisms (see 3. of Task 104).
TASK 105
FAILURE MODE, EFFECTS, AND CRITICALITY ANALYSIS PLAN
1. Purpose. The purpose of the FMECA plan is to document the
contractor's planned activities implementing the Failure Mode,
Effects, and Criticality Analysis Tasks.
1.1 Interrelationship. The FMECA plan shall not be required
unless Task 101 is required.
1.2 Application. This plan is used to evaluate planned FMECA
Task efforts by a contractor prior to plan approval. When
approved by the procuring activity, the plan is used for
monitoring and evaluating contractor implementation of the
FMECA tasks. When a Reliability Program Plan, as a selected
task from MIL-STD-785, has been proposed by the procuring
activity, the requirements of this Task shall be satisfied by
incorporating the FMECA plan in the Reliability Program Plan.
2. Documents referenced in Task 105:
STANDARDS
Military
MIL-STD-470 Maintainability, Human Factors and Safety
MIL-STD-780 Work Unit Codes for Aeronautical Equipment;
Uniform Numbering System
MIL-STD-785 Reliability Program for Systems and Equipment
Development and Production
MIL-STD-1388 Logistics Support Analysis
MIL-STD-1591 On Aircraft, Fault Diagnosis, Subsystems,
Analysis/Synthesis of
MIL-STD-2072 Survivability, Aircraft; Establishment and
Conduct of Programs for
MIL-STD-2080 Maintenance Plan Analysis for Aircraft and
Ground Support Equipments
HANDBOOKS
Military
MIL-HDBK-217 Reliability Prediction of Electronic
Equipment
3. Content. The FMECA plan shall describe the contractor's
procedures for implementing the specified requirements of this
standard updating the FMECA to reflect design changes, and use of
the analysis results to provide design guidance. Sample
worksheet formats, ground rules, analysis assumptions,
identification of the lowest indenture level of analysis, coding
system description, failure definitions, and identification of
coincident use of the FMECA by the contractor's reliability
organization and other organization elements shall be included in
the plan.
3.1 Worksheet formats. The contractor's formats, which
organize and document the FMECA and other analysis methods
contained herein, shall include the information shown in the
example formats in Figures 101.3, 102.1, 103.1, 104.1. The
initial indenture level of analysis shall be identified (item
name) on each worksheet, and each successive indenture level
shall be documented on a separate worksheet or group of
worksheets. A sample of the contractor's worksheet formats
shall be included with the FMECA plan.
3.2 Ground rules and assumptions. The contractor shall
develop ground rules and analysis assumptions and include them
in the FMECA plan. The ground rules shall identify the FMECA
approach (e.g., hardware, functional, or combination), the
lowest indenture level to be analyzed, and include general
statements of what constitutes a failure of the item in terms
of performance criteria and allowable limits. Every effort
should be made to identify and record all ground rules and
analysis assumptions prior to initiation of the analysis;
however, ground rules and analysis assumptions may be added
for any item if requirements change. Additional ground rules
and analysis assumptions shall be documented and separately
identified for inclusion in the FMECA report.
3.3 Indenture level. The indenture level applies to the
system hardware or functional level at which failures are
postulated. Unless otherwise specified, the contractor shall
establish the lowest indenture level of analysis using the
following guidelines:
a. The lowest level specified in the LSA candidate list
to assure complete inputs for each LSA candidate.
b. The lowest indenture level at which items are
assigned a catastrophic (Category I) or critical
(Category II) severity classification category (see
4.4.3).
c. The specified or intended maintenance and repair
level for items assigned a marginal (Category III) or
minor (Category IV) severity classification category (See
4.4.3).
3.4 Coding system. For consistent identification of system
functions and equipment and for tracking failure modes, the
contractor shall adhere to a coding system based upon the
hardware breakdown structure, work unit code numbering system
of MIL-STD-780, or other similar uniform numbering system.
The coding system shall be consistent with the reliability and
functional block diagram numbering system to provide complete
visibility of each failure mode and its relationship to the
system. The contractor shall describe the coding system to be
used in the FMECA plan.
3.5 Failure definition. The contractor shall develop general
statements of what constitutes a failure of the item in terms
of performance parameters and allowable limits for each
specific output. Failure definitions shall be included in the
ground rules submitted with the FMECA plan. The contractor's
general statements shall not conflict with any failure
definitions specified by the procuring activity.
3.6 Coordination of effort. The coincident performance and
use of the FMECA by reliability and other program elements
shall be identified in the FMECA plan. Consideration shall be
given to the requirements to perform and use the FMECA in
support of a reliability program in accordance with
MIL-STD-785, maintainability program in accordance with
MIL-STD-470, survivability and vulnerability program in
accordance with MIL-STD-2072, logistics support analysis in
accordance with MIL-STD-1388, maintenance plan analysis (MPA)
in accordance with MIL-STD-2080, fault diagnosis analysis in
general accordance with MIL-STD-1591, and other contractual
provisions. The contractor shall identify the program
organization responsible for performing the FMECA and show how
the FMECA results will be used by other organizational
elements to preclude duplication of effort.
3.7 Failure rate data sources. The failure rate data source
shall be the same as that used for the other reliability and
maintainability analyses required by the contract.
MIL-HDBK-217 shall be the primary source of failure rate data
for electronic parts. Failure rate data for parts not covered
by MIL-HDBK-217 shall be selected from alternative data
sources. The failure rate data sources shall be identified in
the FMECA plan and shall be approved by the procuring activity
prior to use.
4. Ordering data. The following details shall be specified in
the appropriate contractual documents:
a. Task 101 (See 1.1 of Task 105).
b. Other requirements as necessary for tailoring.
c. DI-R-7086 (FMECA Plan) should be specified when
deliverable data is desired in conjunction with this
task.
APPENDIX A
APPLICATION AND TAILORING GUIDE
10. GENERAL
10.1 Scope. This appendix provides notes for the guidance of
the procuring activity in generating the contractual
requirements for a failure mode, effects, and criticality
analysis (FMECA).
10.2 Tailoring requirements. Each provision of this standard
should be reviewed to determine the extent of applicability.
Tailoring of requirements may take the form of deletion,
addition, or alteration to the statements in Sections 3 and 4
and any specified tasks to adapt the requirements to specific
system characteristics, procuring activity options,
contractual structure, or acquisition phase. The tailoring
FMECA requirements are specified in the contractual provisions
to include input to the statement of work, contract data item
list (CDRL), and other contractual means.
10.3 Duplication of effort. It is incumbent upon the
procuring activity to review the contractual requirements to
avoid duplication of effort between the reliability program
and other program efforts such as safety, maintainability,
human engineering, test and evaluation, survivability and
vulnerability, maintenance planning, and integrated logistics
support. Identification of the coincident use of FMECA
results by the reliability program and other disciplinary
areas is required in the FMECA plan or other appropriate
program documentation to avoid duplication of effort by the
procuring activity and the contractor.
20. REFERENCED DOCUMENTS (not applicable)
30. DEFINITIONS (not applicable)
40. GENERAL REQUIREMENTS
40.1 Ordering data. The procuring activity shall specify the
following:
a. Title, number and date of this standard.
b. Task number(s) required.
c. FMECA plan (Task 105) if required.
d. Indenture level of analysis (4.3.3) required.
e. Steps to be used in the FMECA process (4.4.2).
f. FMECA report (4.5) if required. Code A in block 8
of DD1423 if preliminary draft is required. An automated
LSAR output report LSA-060 or a nonautomated LSAR report,
if required. If an automated LSAR output report is
required, the information at figure A1 must be specified.
LSA-060, LCN Master File.
Basic Card Entry Instructions.
CARD DESCRIPTION INSTRUCTIONS
COLUMN
1 Selection Indicator Mandatory entry of "S".
(SEL IND)
2-4 Report Selection Number Mandatory entry of "060"
(RSN) report number
which is identifying the
output requested.
5 Report Control Code (RCC) Mandatory entry of an
alphanumeric code;
"A"-"Z", "0"-"9", which
will uniquely identify
this report number
selection. If a trailer
or option card is
associated with this
report selection, it must
match the RCC on the basic
selection card. (If
necessary, instructions
for trailer cards will be
provided by the requiring
authority).
6 Type Card (TYPE) Mandatory entry of "A"
(basic card). If a
listing of the entire
content of the LCN Master
File is desired, no
further data is required
to be entered on this card
with the exception of cc
35.
7 Sequence Code (SEQ CD) Leave blank.
8-18 Start Logistic Support Enter the LCN identifying
the Analysis Control
Number first item to be
included in the (START
LCN) report. It
identifies the system,
subsystem, or component
for which the report is
desired. Data element
definitions (DED) are
contained in appendix F
of MIL-STD-1388-2A. See
DED 197 for a complete
definition of LCN.
19 Alternate LCN Code (ALC) If the report is required
for an alternate design or
maintenance concept of an
associated LCN, enter the
ALC. See DED 023 for a
complete definition of
ALC.
50.1.3 Intended use. The FMECA is potentially one of the
most beneficial and productive tasks in a well structured
reliability program. Since individual failure modes are
listed in an orderly, organized fashion and evaluated, the
FMECA serves to verify design integrity, identify and quantify
sources of undesirable failure modes, and document the
reliability risks. FMECA results can be used to provide the
rationale for changes in operating procedures for ameliorating
the effects or for detecting the incipience of the undesirable
failure modes. Although the FMECA is an essential reliability
task, it supplements and supports other engineering tasks
through identification of areas in which effort should be
concentrated. The FMECA results are not only used to provide
design guidance, but they are used advantageously in and for
maintenance planning analysis, logistics support analysis,
survivability and vulnerability assessments, safety and
hazards analyses, and for fault detection and isolation
design. This coincident use of the FMECA must be considered
in FMECA planning and every endeavor made to prevent
duplication of effort by the program elements which utilize
FMECA results.
50.2 FMEA (Task 101). The FMEA is an essential design
evaluation procedure which should not be limited to the phase
traditionally thought of as the design phase. The initial
FMEA should be done early in the conceptual phase when design
criteria, mission requirements, and conceptual designs are
being developed to evaluate the design approach and to compare
the benefits of competing design configurations. The FMEA
will provide quick visibility of the more obvious failure
modes and identify potential single failure points, some of
which can be eliminated with minimal design effort. As the
mission and design definitions become more refined, the FMEA
can be expanded to successively more detailed levels. When
changes are made in system design to remove or reduce the
impact of the identified failure modes, the FMEA must be
repeated for the redesigned portions to ensure that all
predictable failure modes in the new design are considered.
50.3 CA (Task 102). The CA is a procedure for associating
failure probabilities with each failure mode. Since the CA
supplements the FMEA and is dependent upon information
developed in that analysis, it should not be imposed without
imposition of the FMEA. The CA is probably most valuable for
maintenance and logistics support oriented analyses since
failure modes which have a high probability of occurrence
(high criticality numbers) require investigation to identify
changes which will reduce the potential impact on the
maintenance and logistic support requirements for the system.
Since the criticality numbers are established based upon
subjective judgments, they should only be used as indicators
of relative priorities.
50.4 FMECA-maintainability information (Task 103). This
analysis is an extension of the FMECA and is dependent upon
FMEA generated information; therefore, the FMECA-
maintainability information analyses should not be imposed
without imposition of the FMEA. The identification of how
each failure will be detected and localized will provide
information for evaluating item testability. The failure mode
listing which is included on the completed worksheet should be
utilized to provide this required data for logistics support
analyses (LSA), maintenance plan analysis (MPA), and
reliability centered maintenance (RCM).
50.5 DMEA (Task 104). The DMEA provides essential inputs for
the vulnerability assessment of a weapon system to aid in the
identification of deficiencies and the evaluation of designs
for enhancing survivability. Since the DMEA utilizes the
failure mode information from the FMEA, it should not be
imposed without imposition of the FMEA. The DMEA, like the
initial FMEA, should be done early in the conceptual phase to
provide data related to the capability of the conceptual
weapon system design to survive the effects of the specified
hostile threats. Development of this data before weapon system
design configuration is finalized will provide significant
survivability benefits with minimal impact on cost and
schedule.
50.6 FMECA plan (Task 105). The FMECA plan provides the
contractor's plans and activities for implementing the FMECA
tasks. The plan is used by the procuring activity to evaluate
the planned FMECA task efforts, and when approved, is used for
monitoring contractor implementation of the tasks. The plan
can be required as a separate document submittal or it can be
included as part of the Reliability Program Plan. The FMECA
plan includes a description of the contractor's procedures for
implementing the tasks and provides a cross index showing the
relationship of coincident performance and use of the FMEA
tasks to preclude duplication of effort. Sample contractor
formats used in performance of each FMECA task are included as
a part of each task specified in the contract statement of
work.
50.7 Criticality number (Cr) calculation example. Calculation
of meaningful criticality numbers requires the use of specific
failure rate and part configuration data. When part
configurations are known, failure rate data can be obtained
from the appropriate reliability prediction, field data from
past systems of similar design and environmental use, or
failure rate data sources such as MIL-HDBK-217. With known
failure rates, the criticality number for an item is the
number of failures of a specific type expected per million
hours due to the item's failure modes under a particular
severity classification as discussed in Task 101. A failure
mode criticality number, Cm, for a particular severity
classification is given by the expression:
The item criticality number, Cr, under a particular severity
classification, is then calculated by summing the Cm for each
failure mode under that severity classification. This summation
is given by the expressions:
It should be noted that failure rates are usually defined in
terms of failures per million hours (fx10-6) and, for
simplification purposes, equation (1) may be multiplied by a
factor of 106 to eliminate an unnecessary degree of arithmetic
precision in worksheet entries. That is, it is easier to enter
criticality number on the worksheets as 1.08 than to enter 1.08 x
10-6 or 0.00000108. The importance of the criticality number is
in providing a relative ranking of the failures or failure modes
and not in the absolute value of the numeric.
For example, the calculations for Cm and Cr for a given mission
phase under severity classification Category II is as follows:
Given: Base failure rate
INSTRUCTIONS: In a continuing effort to make our standardization
documents better, the DoD provides this form for use in
submitting comments and suggestions for improvements. All users
of military standardization documents are invited to provide
suggestions. This form may be detached, folded along the lines
indicated, taped along the loose edge (DO NOT STAPLE), and
mailed. In block 5, be as specific as possible about particular
problem areas such as wording which required interpretation, was
too rigid, restrictive, loose, ambiguous, or was incompatible,
and give proposed wording changes which would alleviate the
problems. Enter in block 6 any remarks not related to a specific
paragraph of the document. If block 7 is filed out, an
acknowledgement will be mailed to you within 30 days to let you
know that your comments were received and are being considered.
NOTE: This form may not be used to request copies of documents,
nor to request waivers, deviations, or clarification of
specification requirements on current contracts. Comments
submitted on this form do not constitute or imply authorization
to waive any portion of the referenced document(s) or to amend
contractual requirements.
