FAILURE MODES

AND
EFFECTS ANALYSIS

8th Edition R. R. Mohr

January 1994

Sverdrup
1
BACKGROUND…
• Premise: You own/operate/require/design/or are responsible for equipment
essential to a system/process/activity which may be small or large, simple or
complex. It may be a future plan, or be presently in operation.

• Need: Reassurance that causes, effects, and risks of system failures have been
reviewed systematically.

• Approach: Perform an FMEA or FMECA.

In casual use,
“FMEA” also means
FMEA + C = FMECA
“FMECA” — the
C = Criticality = Risk = Severity/Probability Assessment
distinction between
the two has become
• Analogy: PHL / PHA = FMEA / FMECA
blurred.
• Classical FMEA Questions (for each system element):

(1) How (i.e., in what ways) can this element fail (failure modes)?
(2) What will happen to the system and its environment if this
element does fail in each of the ways available to it (failure
effects)?

• FMEA Origin: FMEA is a tool originated by SAE Reliability Engineers. It

continues to be associated by many with Reliability Engineering. It analyzes
potential effects caused by system elements ceasing to behave as intended.

2
DEFINITIONS…
• Fault: Inability to function in a desired manner, or operation in an undesired manner,
regardless of cause.

• Failure: A fault owing to breakage, wear out, compromised structural integrity, etc.

FMEA does not limit itself strictly to failures, but “Failure Modes...”
includes faults. is a misnomer — some
sources now call FMEA by
• Failure Mode: The manner in which a fault occurs, i.e. the way another name:
in which the element faults. “Fault Hazard Analysis.”

• Element Failure Mode Examples

Switch open, partially open, closed, partially closed, chatter
Valve open, partially open, closed, partially closed, wobble
Spring stretch, compress/collapse, fracture
Cable stretch, break, kink, fray
Relay contacts closed, contacts open, coil burnout, coil short
Operator wrong operation to proper item, wrong operation to wrong item
proper operation to wrong item, perform too early
perform too late, fail to perform

more ➟

3
DEFINITIONS (concl)…
• Failure Effect: The consequence(s) of a failure mode on an operation, function, status
of a system/process/activity/environment. The undesirable outcome of a fault of a
system element in a particular mode. The effect may range from relatively harmless
impairment of performance to multiple fatalities, major equipment loss, and
environmental damage, for example.

All failures are faults; not all faults are failures. Faults can be caused by
actions that are not strictly failures.

A system that has been shut down by safety features responding properly
has NOT faulted (e.g., an overtemperature cutoff).

A protective device which functions as intended (e.g., a blown fuse) has NOT
failed.

• Failed/Faulted SAFE - Proper function is compromised, but no further threat of harm

exists (e.g., a smoke detector alarms in the absence of smoke).

• Failed/Faulted DANGEROUS - Proper function is impaired or lost in a way which poses

threat of harm (e.g., a smoke detector does not alarm in the presence of smoke).

4
FMEA USES AND PRACTICAL APPLICATIONS…
1. Identify individual elements/operations within a
system that render it vulnerable…
Single Point Failures

2. Identify failure effects:

• FMEA — general description
• FMECA — specific Severity and
Probability assessments

3. Industries that frequently use FMEA:

• Consumer Products — Automotive / Toys /
Home Appliances / etc.
• Aerospace, NASA, DoD
• Process Industries — Chemical Processing

5
THE PROCESS…
1. Define the system to be analyzed, and obtain necessary
drawings, charts, descriptions, diagrams, component lists.
Know exactly what you’re analyzing; is it an area, activity,
equipment? — all of it, or part of it? What targets are to be
considered? What mission phases are included?

2. Break the system down into convenient and logical elements.

System Breakdown can be either Functional (i.e., according to
what the System Elements “do”), or Geographic/Architectural
(i.e., according to where the System Elements “are”), or both
(i.e., Functional within the Geographic, or vice versa).

3. Establish a Coding System to identify system elements.

4. Analyze (FMEA) the elements.

more ➟

6
THE PROCESS: Three Questions to Ask / Answer…
1. Will a failure of the system result in intolerable/undesirable loss?
If NO, document and end the analysis. If YES, see (1.a).

1.a Divide the system into its subsystems*. Ask this

question for each subsystem: Will a failure of this
These subsystem result in intolerable/undesirable loss? If
“filtering” NO, document and end the analysis. If YES, see (1.b).
questions
shorten the 1.b Divide each subsystem into its assemblies. Ask this
analysis and
conserve
question for each assembly: Will a failure of this
manhours. assembly result in intolerable/undesirable loss? If
NO, document and end the analysis. If YES, continue
this questioning through the subassembly level, and
onward — into the piece-part level if necessary.

2. For each analyzed element, what are the Failure Modes? These two
questions,
alone,
3. For each Failure Mode, what are the Failure Effects? guide
FMEA - General “classical”
FMECA - Severity and Probability assessments FMEA.

*Treat interfaces, at each level of analysis, as system elements at same that level. more ➟
7
 FMEA Process Flow
1. Identify TARGETS to be protected:
• Personnel • Product • Environment QUESTION: For each element . . .
2. Recognize
• Equipment • Productivity • . . . other . . . • System, then
RISK TOLERANCE LIMITS • Subsystem, then
3. “SCOPE” system as to: (i. e., Risk Matrix Boundaries) • Assembly, then
(a) physical boundaries; (b) operating • Subassembly, then
phases (e. g., shakedown, startup, • . . . etc. . . .
4. IN WHAT WAYS
standard run, emergency stop, mainten- (MODES) CAN THIS • Don’t overlook
ance); and (c) other assumptions made ELEMENT FAIL . . . ? INTERFACES!
(e.g., as-is, as-designed,
no countermeasures
in place) …etc. MODE MODE MODE MODE
1 2 3 m

WHAT ARE THE CONSEQUENCES (EFFECTS)

QUESTIONS: For each OF FAILURE IN THIS MODE . . . ?
FAILURE MODE . . .

what are the EFFECTS? EFFECT EFFECT EFFECT EFFECT

1 2 3 e
. . . for each TARGET?

TARGET TARGET TARGET TARGET

1 2 3 t

REPEAT . . . for each

REASSESS AND MODE/EFFECT/TARGET
RISK combination.

EVALUATE WORST-CASE EVALUATE

SEVERITY PROBABILITY

AND
USE RISK MATRIX…
MATRIX must be defined for and
must match the assessment
DEVELOP Probability Interval and
COUNTERMEASURES ASSESS RISK Force/Fleet Size.

NO IS
ACCEPT
OR RISK See 2. above.
(WAIVER)
ACCEPTABLE
?
YES
ABANDON
STOP

5. Do the countermeasures
introduce NEW hazards? . . . or, 6. Do the countermeasures
IMPAIR system performance?
. . . if so, develop NEW COUNTERMEASURES !
SYSTEM BREAKDOWN CONCEPT…
SYSTEM… a composite of subsystems whose functions are integrated to
achieve a mission / function (includes materials, tools, personnel,
facilities, software, equipment)

SUBSYSTEM… a composite of assemblies whose functions are integrated to

achieve a specific activity necessary for achieving a mission

ASSEMBLY… a composite of subassemblies

SUBASSEMBLY… a composite of components

COMPONENT… a composite of piece parts

PIECE PART… least fabricated item, not further reducible

INTERFACE… the interaction point(s) necessary to produce the desired /

essential effects between system elements (interfaces transfer
energy / information, maintain mechanical integrity, etc…)

more ➟
9
 Subsystem 1
SYSTEM A Assembly 6

Assembly 6
SA 1
Subsystem 4
Subsystem 3 SA 2 SA =
Subassembly

Assembly 1
Subsystem 1
Subsystem 7

SA 3

Assembly 5

SA 4
Subsystem 5 SA 5

Subsystem 2 Assy 4
Subsystem 6

Assy 2

Assy 3
Subassembly 5
SYSTEM C1 C2 C=
BREAKDOWN Component 3 C3 C4 C5
Component

CONCEPT… 2
DO NOT
System Breakdown 3 overlook
1
can be INTERFACES
“FUNCTIONAL” 5 between
or system elements!
“GEOGRAPHIC”
4 Item
or both.
A.1.6.5.3.5
C 3 contains these Piece Parts
more ➟
10
FUNCTIONAL vs. GEOGRAPHIC
SYSTEM BREAKDOWN…
• Functional:
• Cooling System Don’t neglect interface
• Propulsion System components — e.g., if an
engine-driven belt powers
• Braking System both a water pump and a
• Steering System power steering system, be
sure to include it as a part
• …etc… of one, or as a separate
• Geographic / Architectural: Interface Element!
• Engine Compartment
• Passenger Compartment
• Dashboard / Control Panel
• Rear End more ➟
• …etc…
11
SYSTEM BREAKDOWN EXAMPLE…
System Subsystem Assembly Subassembly

AUTOMOBILE Cooling radiator

water pump
coolant
hoses/clamps
engine block
thermostat
Propulsion fuel storage
delivery
carburetor
Some breakdowns air carburetor
combine Functional and spark/ignition battery
Geographic approaches. generator
This can help to ensure plugs
coil
thoroughness. distributor
engine heads
block
pistons
valves
transmission (more…)
Braking standard (more…)
emergency (more…)
Chassis/Body engine comp.
passenger comp.
storage comp.
front bumper
rear bumper
fenders
gages & indicators
Steering (more…)
Electrical (more…)
Suspension (more…) more ➟
Operator (more…)
12
NUMERICAL CODING SYSTEM…
SYSTEM: AUTOMOBILE
SUBSYSTEMS COOLING - 10 PROPULSION - 20 BRAKING - 30 STEERING - 40

ASSEMBLIES Radiator
10-11

Water Pump
10-12 Develop/implement a
Coding System that
Coolant gives each analyzed
10-13
system element a
Hoses/Clamps unique identification.
10-14

Engine Block
10-15 Subassemblies Radiator Body
10-11-01
Thermostat
10-16 Radiator Cap
10-11-02 more ➟

13
DON’T OVERLOOK THESE…
• Utilities — electricity, compressed air, cooling
water, pressurized lube oil, steam, etc.
• Human support activities — e.g., process
control,
• Interface Elements
• All applicable mission phases (for any potential
target)

ELEMENTS CONVENTIONALLY IGNORED…

• Passive elements in non-hostile environments
— e.g., electrical wires
• Static or non-loaded elements — e.g.,
decorative trim
14
TYPICAL FMEA WORKSHEET INFORMATION…
1. General administrative / heading information

2. Identification number (from System Breakdown)

3. Item name

4. Operational Phase(s)

5. Failure mode

6. Failure cause

7. Failure effect

8. Target(s)

9. Risk assessment (Severity / Probability / Risk)

10. Action required / remarks more ➟

15
FMEA/Worksheet

FMEA No.: N/246.n Sheet 11 of 44

Project No.: Osh-004-92 Sverdrup Technology, Inc. Date: 6 Feb '92
Subsystem: Illumination
System: Headlamp Cntrls
Failure Modes & Effects Analysis Prep. by: R. R. Mohr
Rev. by: S. Perleman
Probability Interval: 20 years Approved by: G. Roper
T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code
R/N.42 Relay Open w/Command to Corrosion/or Loss of forward P I D 2 Redesign headlamp circuit to produce
K-28/Contacts Close Mfg. Defect/or Basic illumination/Impair- E III D 3 headlamp fail-on, w/timed off feature to
(Normally Coil Failure (Open) ment of night T I D 2 protect battery, or eliminate relay/use HD
Open) vision/Potential M I D 2 Sw. at panel.
collision(s)
w/unillumi-
nated obstacles

P: Personnel / E: Equipment / T: Downtime / M: Mission / V: Environment

16
 EXAMPLE: OPERATOR: (1) loads cooker, (2) closes/seals lid,
(3) connects power, (4) observes pressure, (5) times
HEIRLOOM cooking at prescribed pressure, (6) offloads dinner.
PRESSURE
SYSTEM DESCRIPTION:
COOKER*…
• Electric coil heats cooker.
• Thermostat controls tempera-
SAFETY
VALVE
PRESSURE ture — Switch opens >250° F.
GAGE
• Spring-loaded Safety Valve
LID opens on overpressure.
CLAMP
• Pressure Gage red zone
DINNER indicates overpressure.
ELECTRICAL
POWER • High temperature/pressure
THERMOSTAT
cooks/sterilizes food — tender-
SWITCH izes and protects against
HEATING
COIL
botulin toxin.

Prepare an FMEA at component level for cooking (after loading/closing/

sealing). Targets are personnel (P), product (R), and the pressure cooker itself
(E). Ignore facility/kitchen and energy consumption. Food is for private use.
*Source: American Society of Safety Engineers
more ➟
17
Pressure Cooker FMEA

Project No.:________________________________
Subsystem:________________________________ Sverdrup Technology, Inc. Sheet________of________
Date:_____________________________________
System:___________________________________
Pressure Cooker/Food/Operator
Probability Interval:__________________________
25-year / twice-weekly use
Failure Modes & Effects Analysis Prep. by:__________________________________
Rev. by:___________________________________
FMEA No.:_________________________________
Operational Phase(s):_________________________
Cooking (after load/close/sealing) Approved by:_______________________________
T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code
SV Safety Open Broken Spring Steam burns; in- P II
Valve creased production R IV
time E IV

Closed Corrosion; Faulty Overpressure pro- P I

Manufacture; Im- tection compromis- R IV
pacted Food ed; Thermostat Sw E IV
protects; no immed-
iate effect (Potential
explosion/burns)

Leaks Corrosion; Faulty Steam burns; in- P II

Manufacture creased production R IV
time E IV

TSw Thermostat Open Defective No heat production; P NA

Switch mission fails R IV
E IV

Closed Defective Continuous heating; P I

Safety Valve pro- R IV
tects; no immediate E IV
effect (Potential exp-
losion/burns)
more ➟

P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment

18
Pressure Cooker FMEA (cont)

T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code

PG Pressure False High Reading Defective; Stuck Dinner undercooked; P I

Gage bacteria/toxins not R IV
destroyed; OR… E IV

Operator intervenes/ P NA
interrupts process R IV
(mission fails) E IV

False Low Reading Defective; Stuck Dinner overcooked; P I

Safety Valve pro- R IV
tects/releases steam E IV
if Thermostat Sw
fails closed (Potent-
ial explosion/burns)

CLMP Lid Fracture/Thread Defective Explosive pressure P I

Clamp(s) Strip release; flying R IV
debris/burns E IV

more ➟
P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment

19
Pressure Cooker FMEA (conc)

T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code

P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment

20
ZOOLOGICAL
FMEA…

Not to
Scale

more ➟
21
COYOTE HOIST — SYSTEM BREAKDOWN…
Subsystem Assembly Subassembly
Hoist (A) Motor (A-01) Windings (A-01-a)
Inboard bearing (A-01-b)
Outboard bearing (A-01-c)
Rotor (A-01-d)
Stator (A-01-e)
Frame (A-01-f)
Mounting plate (A-01-g)
Wiring terminals (A-01-h)
Drum (A-02)

External power source (B)

Cage (C) Frame (C-01)

Lifting Lug (C-02)

Cabling (D) Cable (D-01)

Hook (D-02)
Pulleys (D-03)

Controls (E) Electrical (E-01) START Switch (E-01-a)

FULL UP LIMIT Switch (E-01-b)
Wiring (E-01-c)
Canine (E-02)
more ➟

22
Coyote Lifter FMEA

Project No.:________________________________
Subsystem:________________________________ Sverdrup Technology, Inc. Sheet________of________
Date:_____________________________________
System:___________________________________
Coyote Hoist
Probability Interval:__________________________
4 one-way trips ea. Sat. AM / 25 yrs
Failure Modes & Effects Analysis Prep. by:__________________________________
Rev. by:___________________________________
FMEA No.:_________________________________
Operational Phase(s):_________________________
Uprising Approved by:_______________________________
T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code

M: Mission more ➟
P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment
23
Coyote Lifter FMEA (conc)

T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code

P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment

24
COUNTERMEASURES FOR
SINGLE-POINT FAILURES…
1. Adopt redundancy. ( Use dissimilar methods — consider
common-cause vulnerability.)

2. Adopt a fundamental design change.

3. Use equipment which is EXTREMELY reliable / robust.

4. Use derated equipment.

5. Perform frequent Preventive Maintenance / Replacement.

PF (MTBF) = 63%

6. Reduce or eliminate service and / or environmental stresses.

25
WHEN IS AN FMEA BEST PERFORMED…?
• An FMEA cannot be done until design has
proceeded to the point that System Elements
have been selected at the level the analysis is to
explore.
• Ideally, FMEA is best done in conjunction with or
soon after PHA efforts. Results can be used to
identify high-vulnerability elements and to guide
resource deployment for best benefit. An FMEA
can be done anytime in the system lifetime,
from initial design onward.

26
PRINCIPAL LIMITATIONS & ABUSES OF FMEA…
• Frequently, human errors and hostile environments are
overlooked.
• Because the technique examines individual faults of system
elements taken singly, the combined effects of coexisting
failures are not considered.
• If the system is at all complex and if the analysis extends to the
assembly level or lower, the process can be extraordinarily
tedious and time consuming.
• Failure probabilities can be hard to obtain; obtaining,
interpreting, and applying those data to unique or high-stress
systems introduces uncertainty which itself may be hard to
evaluate.
• Sometimes FMEA is done only to satisfy the altruistic urge or
need to “do safety.” Remember that the FMEA will find and
summarize system vulnerability to SPFs, and it will require lots
of time, money, and effort. How does the recipient intend to
use the results? Why does he need the analysis? more ➟
27
FMEA LIMITATIONS & ABUSES (cont)…
• Ignoring the role of Mission Phasing.
• When a facility proprietor learns the facility has 100s or 1000s of
SPFs, frequently he panics, develops SPF paranoia, and
demands “Critical Items Lists” or “Total System
Redundification.” This paranoia leads to (1) misplaced fear
(“This SPF-loaded system is sure to get us one day!”) and (2)
loss of focus on other, possibly deadlier, system threats.

more ➟

28
FMEA LIMITATIONS & ABUSES (cont)…
Single Points Abound! You encounter them daily, yet continue to
function. Remember:
Each day you… (a biological bundle of SPFs with only 1
brain,spinal chord, stomach, bladder, liver,
pancreas)
drive your vehicle… (a rolling cathedral of SPFs with only 1 engine,
brake pedal, carburetor, steering wheel,
radio, fuel gage)
to work … (past a jungle of SPFs — traffic signals, other
vehicles, bridges)
to spend the day… (at a facility laden with SPFs — 1 desk,
computer, wastebasket)
earning money
to buy commodities… (filled with SPFs — TV with 1 picture tube,
toaster with 1 cord, phone with 1 of each
pushbutton)
Most system nastiness results from complex
threats, not from SPFs — don’t ignore more ➟
SPFs, just keep them in perspective.

29
FMEA LIMITATIONS & ABUSES (concl)…
Redundifying to reduce the single-point threat?
Will the amount spent on redundifying exceed the price you
would pay if the undesired event occurred? Don’t forget to
include the cost of redundant parts, their installation, and their
upkeep. Don’t overlook the need to make room and weight
allowances for the extra equipment. How are you going to
protect yourself against common-causing? Who decides which
of two identical items is the “routine-use item” and which is the
“backup?” You’ll have to devise means for switching from to the
other. If it’s an automatic switching device, don’t forget to
redundify that element, too!

30
BENEFITS OF FMEA…
• Discovers potential single-point failures.

• Assesses risk (FMECA) for potential, single-element failures for

each identified target, within each mission phase.

• Knowing these things helps to:

- optimize reliability, hence mission accomplishment.
- guide design evaluation and improvement.
- guide design of system to “fail safe” or crash softly.
- guide design of system to operate satisfactorily
using equipment of “low” reliability.
- guide component/manufacturer selection.

• High-risk hazards found in a PHA can be analyzed to the

piece-part level using FMEA.

• Hazards caused by failures identified in the FMEA can be added

to the PHA, if they haven’t already been logged there.

• FMEA complements Fault Tree Analysis and other techniques.

31
BIBLIOGRAPHY…
• Procedures for Performing a Failure Mode, Effects and
Criticality Analysis MIL-STD-1629A, Nov. 1980.
• System Safety Engineering And Management Harold E.
Roland & Brian Moriarty. John Wiley & Sons; 2nd Edition;
1990. (See Ch. 28, “Failure Mode and Effect Analysis.”)
• Assurance Technologies - Principles and Practices Dev G.
Raheja. McGraw-Hill, Inc.: 1991.
• Fault Tree Handbook N. H. Roberts, W. E. Vesely, D. F. Haasl,
F. F. Goldberg. NUREG-0492. U.S. Government Printing
Office, Washington, DC: 1981. (See Ch. II, “Overview of
Inductive Methods.”)
• Systems Safety - Including DOD Standards Donald Layton.
Weber Systems Inc., Chesterland, OH: 1989. (See Ch. 7,
“Hazard Analysis Techniques I.”)
• Loss Prevention in the Process Industries (2 vols.) Frank P.
Lees. Butterworths, London: 1980. (See Vol. 1, Ch. 7,
“Reliability Engineering.”)
32
 EXECUTIVE SUMMARY [Abstract of complete report]
THE FMEA SCOPE OF THE ANALYSIS…
Brief System Description
Say what is analyzed
and
what is not analyzed.
REPORT… Analysis Boundaries
Physical Boundaries Operational Boundaries
Operational Phases Targets Recognized/Ignored
Human Operator in/out Exposure Interval
Interfaces Treated Others…
THE ANALYSIS…
F M E A Discuss FMEA Method — Strengths/Limitations [Cite Refs.]
System
Author
Present Risk Assessment Matrix [if used]
Company State Resolution Level(s) used/how decided
Date Describe Software Used [If applicable] Show Worksheets as
…etc…
Present/Discuss the Analysis Data Results an Appendix or
Discuss Trade Studies [If done] attached Table.
FINDINGS…
Interpretation of Analysis Results
Predominant Hazards [Overall “Census” and comments on “Repeaters”]
Comments on High Risk Hazards [High from Severity or Probability?
Countermeasures Effective?]
Comments on High Severity Risks [Probability acceptably low?]
Chief Contributors to Overall System Risk
CONCLUSIONS AND RECOMMENDATIONS …
[Interpret Findings — Is overall Risk under acceptable control? — Is further
analysis needed? …by what method(s)?]
ANALYSIS WORKSHEETS…
[Present as Table or Appendix — use Indenture Coding as an introductory Table
of Contents]

33
 APPENDIX

Example FMEA Worksheets

34
APPENDIX
FMECA 1629A

SYSTEM__________________________ FAILURE MODE AND EFFECTS ANALYSIS DATE_____________________________

INDENTURE LEVEL_________________ SHEET__________OF_______________
REFERENCE DRAWING_____________ COMPILED BY_____________________
MISSION__________________________ APPROVED BY____________________

ITEM/FUNCTIONAL MISSION PHASE/ FAILURE EFFECTS FAILURE

IDENTIFICATION IDENTIFICATION FUNCTION FAILURE MODES OPERATIONAL NEXT DETECTION
COMPENSATING SEVERITY
REMARKS
NUMBER AND CAUSES LOCAL END PROVISIONS CLASS
(NOMENCLATURE) MODE HIGHER
EFFECTS EFFECTS METHOD
LEVEL

Worksheet from
MIL-STD-1629A

35
APPENDIX
CRITICALITY ANALYSIS 1629A

SYSTEM__________________________ CRITICALITY ANALYSIS DATE_____________________________

INDENTURE LEVEL_________________ SHEET__________OF_______________
REFERENCE DRAWING_____________ COMPILED BY_____________________
MISSION__________________________ APPROVED BY____________________
IDENTIFICATION ITEM/FUNCTIONAL FUNCTION FAILURE MODES MISSION PHASE/ SEVERITY FAILURE FAILURE FAILURE FAILURE OPERATING FAILURE ITEM REMARKS
NUMBER IDENTIFICATION AND OPERATIONAL CLASS PROBABILITY EFFECT MODE RATE TIME MODE CRIT #
(NOMENCLATURE) CAUSES MODE
FAILURE RATE
PROBABILITY RATIO (t) CRIT # Cr=Σ(Cm)
DATA SOURCE (β) (α) (λp) Cm=βαλpt

Worksheet from
MIL-STD-1629A

36
APPENDIX
Sverdrup FMEA

Project No.:________________________________
Subsystem:________________________________ Sverdrup Technology, Inc. Sheet________of________
Date:_____________________________________
System:___________________________________
Probability Interval:__________________________
Failure Modes & Effects Analysis Prep. by:__________________________________
Rev. by:___________________________________
FMEA No.:_________________________________
Operational Phase(s):_________________________ Approved by:_______________________________
T
ITEM/ A RISK
IDENT. FAILURE FAILURE FAILURE R ASSESSMENT
FUNCTIONAL
No. MODE CAUSE EFFECT G
Risk ACTION REQUIRED / REMARKS
IDENT. E
SEV PROB
T Code

Sverdrup Technology, Inc.

Worksheet

P: Personnel / E: Equipment / T: Downtime / R: Product / V: Environment

37
APPENDIX
TOPICS COVERED…

Concept Page
Background 2
Definitions 3-4
Uses & Practical Applications 5
Procedure - Process 6-8
System Breakdown Concept 9-12
Don’t Forget These & Items Typically Ignored 14
FMEA Worksheets 15-16
Pressure Cooker Problem & Example 17-20
Coyote Hoist Problem & Example 21-24
SPF Countermeasures 25
When is an FMEA performed? 26
Benefits of FMEA 31
Limitations & Abuses of FMEA 27-30
Further Reading 32

38