Verification of a conformity assessment institution by a third body (DAkkS)
In Germany, the "Deutsche Akkreditierungsstelle" (DAkkS) is responsible for the acceptance in the field of quality and environmental management systems. The DAkkS examines, monitors and confirms conformity assessment institutions (e.g. certification companies) their conformity with the applicable requirements. In short, the DAkkS audits the auditors.
- Action group
Group of actions (or measures, controls) assigned to a failure (cause)
The action group contains the attributes Occurrence O and Detection D.
- Action state
Group of actions to a specific state
All actions (or measures, controls) relating to a date are listed under one action state which can be e.g. "initial" or "revision".
- Action status
Status of the actions
- decision pending
- implementation pending
- not implemented
- APQP (Advanced Product Quality Planning)
Systematic and qualitative project- and development planning
APQP is a defined and structured procedure for failure prevention, which is already used in the planning and development phase of a product. Measures are defined, executed and documented. This should ensure that a product meets customer expectations. Errors should be avoided and not corrected!
- Cause (of failure)
potential cause of failure
Causes in an FMEA are failure modes of a hierarchically subordinated system.
- Controling Methods
actions that ensure the manufacture of a product feature.
The control methods must ensure the production of a product feature under controlled and reproducible conditions.
- Controls (or Measures or Actions)
Prevention and Detection Controls to Failure Causes
The types of controls (measures, actions) in an FMEA are subdivided into prevention and detection controls to failure causes. The action includes the attributes deadline, responsibility and status.
- D (Detection)
Detection of a failure cause or its effects considering all detection actions
The detection assessment is an indication of the effectiveness of the detection measures to detect a failure before production release (D-FMEA) or before product delivery (P-FMEA) or before damage occurs (MSR-FMEA).
The detection is a relative classification within the framework of the respective FMEA and is determined without consideration of the Severity or Occurrence ratings.
The detection can be made on the basis of the criteria in the rating table. This rating table can be extended to include examples of common detection measures used by the organization. The FMEA project team should agree on uniform evaluation criteria, evaluation levels and evaluation systems, even if these are adapted for an individual product analysis.
The detection, which has not yet taken place, is initially a prediction of the effectiveness of a detection measure that has not yet been tested. Once the discovery measure has been implemented, its effectiveness must be reviewed and reassessed.
If possible, the detection measures should refer to the cause of failure. For technical, but mostly cost reasons, this is rarely used and is not enforceable. Therefore, the discovery of failures or their effects is the more practical way. This detection can therefore refer to the assumed cause of the failure, the failure itself or the effects of failure. The earlier the failure is detected, the more favourable is the effect on capacities and total costs (this loss of value is not included in the evaluation, however - although this is still being discussed in expert circles).
D=10 is chosen if it is impossible or unlikely to detect the failure at all or in time or if no detection measure is available.
D=1 is chosen if the failure is detected very reliably and in time and if it is determined reliably by the sum of all measures.
- Effect of failure
potential effect of a failure mode
Bezeichnung der möglichen Folgen (Wirkung in einer hierarisch höheren Ebene), die durch das Auftreten des Fehlers/das eintreten könnte.
1. Jeder Fehler kann mehrere mögliche Folgen auf mehreren übergeordneten Ebenen hervorrufen.
2. Folgen sind Fehler eines übergeordneten Systems.
3. Jede mögliche Top-Folge wird separat bewertet.
Vorsicht: Verwechslung mit Signalpfad-Folgen (Blockdiagramm) sind sehr leicht möglich aber nicht zielführend.
- Failure Failure mode in the considered system element (focus element)
Failure Mode and Effects Analysis
FMEA is an analytical method for improving the quality, reliability and safety of products and processes. Thus, FMEA supports teams in the development and manufacturing of failure-free products. In addition, a correctly performed FMEA also fulfils the due diligence as part of the responsibility in the product development process. Potential product or process failures are evaluated according to their Severity, Occurrence and Detection in order to determine the need for further control measures.
Failure Mode, Effects, and Criticality Analysis
The FMECA is an extended FMEA for the analysis and evaluation of the probability of failure and the expected damage. This is now 100% mapped in an FMEA and therefore no longer needs to be explicitly considered. In some cases, a quantitative probability for the failure effects is required. This means that only the evaluation of the Severity S is not sufficient.
Failure Mode Effects Diagnostic Analysis (for electrics/electronics only)
The FMEDA is a quantitative analysis for all electronic components or modules to determine the reliability of the product through metrics (random failures as a supplement to the systematic failures of an FMEA). The FMEDA also determines the Safe Failure Fraction (SFF) as an evaluation quantity for Functional Safety Management according to IEC 61508.
A function is a (clearly defined) activity, task or result to be performed within a larger context
- Understanding of the product / process
- Completeness of the functions as the basis for failure analysis
- Understanding and communicating system levels
- should be unambiguous, concrete, verifiable and validatable, and should be formed from a noun and a verb
- can be derived from technical and country-specific requirements as well as from design objectives
Functional descriptions implicitly contain the associated requirements (e.g. over service life, environmental conditions, ...) without having to mention them explicitly. This also includes:
- expressed expectations (specifications)
- naturally assumed expectations
- predictable misuse
Activities in the frame of functional analysis:
- Finding functions at the right system levels
- Analyze signal paths or hierarchical paths
- Assignment of requirements to functions
- Visualize hierarchical functional relationships
Functional safety refers to that part of the safety of a system that depends on the correct functioning of the safety-related system and other risk-reducing measures. Functional safety does not include electrical safety, fire protection or radiation protection.
Safety can also be achieved by stopping the intended function and achieving a safe state if necessary.
The complexity of electronic systems, especially programmable systems, increases the variety of possible failures: Nowadays, microcomputers perform almost all safety functions. They ensure, for example, that the pressure in the steam boiler does not exceed the norm; they ensure the safety of chemical plants or direct trains to the right tracks at the right speed.
Accordingly, the IEC 61508 series of standards "Functional safety of safety-related electrical/electronic/programmable electronic systems" requires the use of various methods to control faults:
- avoidance of systematic failures in development, e.g. specification and implementation errors
- Monitoring during operation to detect random failures
- Safe control of detected failures and transition to a previously defined safe state.
(in the automotive industry refer to ISO 26262)
- HW (Hardware)
General term for the physical components (electronics and mechanical parts) of a system.
- Mechatronical analysis Graphical representation in which error discoveries and reactions for critical causes are modelled.
Time of a special event in project management
A milestone is an event of particular importance. Milestones divide the course of the project into verifiable stages with intermediate goals, thus facilitating both project planning and monitoring of project progress.
- O (Occurrence)
Evaluation of the occurrence O of the failure cause considering all preventive actions.
The occurrence O of the cause of the failure is evaluated under consideration of all effective preventive measures during the service life under all operating conditions and other requirements. (This evaluation attribute is assigned in APIS to the action groups and to the action status in other SW).
The occurrence rating is the respective relative assessment by the technical experts according to the current state of knowledge and does not have to be proven by evaluations (with the exception of 1). It is not an absolute measure and the resulting risk assessment can therefore only be assumed to be relative.
The occurrence should be estimated using the criteria in the rating table. This table should be extended by product-specific examples.
Expert knowledge, data manuals, failure rates or other experiences from the field of comparable products can be used for this assessment. Tolerance calculations and simulations are also prevention measures that influence the occurrence.
- In some cases ppm data can be used for the evaluation of possible failures with experience in series production. The exact determination of the ppm numbers in new products or products of small quantities is not possible.
- The occurrence is a relative classification within the FMEA and may not reflect the actual occurrence.
- The occurrence describes the potential with which the cause of the failure occurs, according to the rating table, without taking into account the detection measures.
- Expert knowledge, manuals, warranty databases or other experience, for example from comparable products, can be used to evaluate the occurrence.
- If causes of failure are classified according to occurrence, the effectiveness of the ongoing preventive measure is taken into account. The accuracy of this evaluation depends on how well the prevention measure has been described.
O=10 is entered if the considered cause of the failure occurs with a high probability, no prevention measure is available or its effectiveness is unknown.
O=1 is entered if it is almost impossible for the considered cause of failure to occur.
- PDP Product Development Process
- Process characteristics Causal parameters that affect the product features to be manufactured
- Response measures Measures to be taken if errors are found
- Risk Matrix A diagram to illustrate the Severity over the Occurrence
Risk-Matrix based Ranking
Designation of a prioritization indicator (from the APIS software), which is formed from the risk matrix combinations (SxO, SxD, OxD) of an FMEA.
- Root cause
Failure mode in lowest level of failures
There are no other causes below the root cause. So no further link (right end of the failure chain).
- Root element
Highest system element in a system tree
The root element is the highest system element (far left) in a system tree in the system analysis. The root element is where the potential effects of an FMEA are located. In most cases, the higher-level systems (law, OEM, vehicle, user) are contained here.
Risk Priority Number (former indicator for risk prioritization)
The risk priority number is the product of S x O x D. The RPN is described in the current regulations (VDA, AIAG, DGQ and others) as not recommendable with regard to a reliable statement or even completely rejected or prohibited. Threshold values are generally not recommended. (RPN=60 can be highly risky whereas RPN=300 does not cause any problems).
In 2019, AIAG and VDA have replaced the RPN by the action priority AP.
- S (Severity) Severity of the failure effect on a scale from 1 to 10
- SE System element (an element in the structure tree)
- SG Safety goal
- SGL Safety goal latent
- Special Characteristics
Characteristics whose considerations require special care
Special characteristics form a subset of the total of all characteristics and are divided into three categories according to the VDA approach.
"BM S": Related to safety requirement / product safety / safety related consequences
"BM Z": Related to legal and regulatory requirements
"BM F": related to special requirements and functions
- SW Software
- Top effect potential effect at highest level (left end of the failure chain)
- VDA German Association of the Automotive Industry