Failure Mode and Effects Analysis is a reliability procedure
which documents all possible failures in a system design within specified
ground rules. It determines, by failure mode analysis, the effect of each
failure on system operation and identifies single failure points, that are
critical to mission success or crew safety. It may also rank each failure
according to the criticality category of failure effect and probability
occurrence. This procedure is the result of two steps: the Failure Mode and
Effect Analysis (FMEA) and the Criticality Analysis (CA).
In performing the analysis, each failure studied is considered
to be the only failure in the system, i.e., a single failure analysis. The
FMEA can be accomplished without a CA, but a CA requires that the FMEA has
previously identified critical failure modes for items in the system design.
When both steps are done, the total process is called a Failure Mode, Effects
and Criticality Analysis (FMECA). The procedures for performing both the FMEA
and the CA are found in Reference  and
At the time of this update Reference ,
MIL-STD-1629, was scheduled to be cancelled and replaced by a non-government
standard by June 1997. However, it is not known at this time what that new
document will be.
FMEA utilizes inductive logic in a "bottoms up" approach.
Beginning at the lowest level of the system hierarchy, (e.g., component part),
and from a knowledge of the failure modes of each part, the analyst traces up
through the system hierarchy to determine the effect that each failure mode
will have on system performance. This differs from fault tree analysis
(discussed in the next section) which utilizes deductive logic in a "top down"
approach. In fault tree analysis, the analyst assumes a system failure and
traces down through the system hierarchy to determine the event, or series of
events, that could cause such a failure.
The FMEA provides:
A method of selecting a design with a high probability
of operational success and crew safety.
||A documented method of uniform style for
assessing failure modes and their effect on operational success of the
||Early visibility of system interface
||A list of possible failures which can be
ranked according to their category of effect and probability of
||Identification of single failure points
critical to mission success or to crew safety.|
||Early criteria for test
||Quantitative and uniformly formatted data
input to the reliability prediction, assessment, and safety
||A basis for design and location of
performance monitoring and fault sensing devices and other built-in
automatic test equipment.|
||A tool which serves as an aid in the
evaluation of proposed design, operational, or procedural changes and
their impact on mission success or crew
Items (5) and (8) are the two most important functions performed
by an FMEA.
The FMEA is normally accomplished before a reliability
prediction is made to provide basic information. It should be initiated as an
integral part of the early design process and should be periodically updated
to reflect design changes. Admittedly, during the early stages, one usually
does not have detailed knowledge of the component parts to be used in each
equipment. However, one usually has knowledge of the "black boxes" which make
up the system. Thus, at this stage, an FMEA might start at the "black box"
level and be expanded as more detailed knowledge becomes available. This
analysis may also be used to provide a model for analyzing already-built
systems. An FMEA is a major consideration in design reviews.
The principles of FMEA are straightforward and easy to grasp.
The practice of FMEA is tedious, time consuming and very profitable. It is
best done in conjunction with Cause-Consequence and Fault Tree Analysis. The
bookkeeping aspects, namely, the keeping track of each item and its place in
the hierarchy, are very important because mistakes are easily made.
The Cause-Consequence chart shows the logical relationships
between causes (events which are analyzed in no more detail) and consequences
(events which are of concern only in themselves, not as they in turn affect
other events). The chart usually is represented with consequences at the top
and causes at the bottom; and the words Top and Bottom have come into common
use to describe those portions of the chart. A Failure Modes and Effects
Analysis (FMEA) deals largely with the bottom part of the chart. A fault tree
is a part of a Cause-Consequence chart. It consists of only one consequence
and all its associated branches. The Cause-Consequence chart is created by
superimposing the separately created fault trees. The Cause-Consequence chart
can be used to organize one’s knowledge about any set of causes and their
consequences; its use is not limited to hardware oriented systems.
The FMEA consists of two phases which provide a documented
analysis for all critical components of a system. First, however, definitions
of failure at the system, subsystem, and sometimes even part level must be
Phase 1 is performed in parallel with the start of detailed
design and updated periodically throughout the development program as dictated
by design changes. Phase 2 is performed before, or concurrent with, the
release of detail drawings.
The Phase 1 analysis consists of the following steps:
Constructing a symbolic logic block diagram, such as a
reliability block diagram or a Cause-Consequence
||Performing a failure effect analysis,
taking into account modes of failure such as:|
(b) Short circuits
||Proper system and item
||Preparation of a critical items
During Phase 2, the results of Phase 1 are revised and updated
as required by design changes. In addition, all items in the system are
analyzed to determine their criticality with respect to the