2008 dependability seminartc56.iec.ch/action/presentation/topic(iv).pdf · iec 61882.. block...

1

CopenhagenDenmark2008

20082008--1010--1515 11

Dependability Dependability SeminarSeminar

Sponsor: Danish StandardsSponsor: Danish StandardsProgram: IEC/TC56Program: IEC/TC56

20082008--1010--1515


20082008--1010--1515 22IEC/TC56 Dependability Seminar IEC/TC56 Dependability Seminar Copenhagen, DenmarkCopenhagen, Denmark

DesignDesign--FMEA FMEA Reduces Risk and Reduces Risk and improve Reliabilityimprove Reliability

Peter de Place Rimmen Peter de Place Rimmen Global Research R&DGlobal Research R&D

Vestas Wind System A/SVestas Wind System A/SDenmark Denmark

2

IEC/TC56 Dependability Seminar Copenhagen, Denmark

2008-10-15 page 3Peter de Place Rimmen

How do we get quality into the decisions?How do we get quality into the decisions?

• Focus areas: update or new design.• Analysis Methods• FMECA

• Mature way or for beginners

• What do we get from a FMEA analyze• Where can we get input to Project activities Planning

(Design for Reliability)?• Do we have the right specification?

• What is a functional tree?• Can we avoid Human Errors?• How do we make the right Verification?



For reused design and technology:

Do not repeat the failures we have made previously !

For new design and technology:

How can this thing go wrong ?

Brain storm – a Creative process

Things can work only one way, but go wrong in an infinite number of ways!

How shall we guide this creative process ?

How do we get quality into the decisions?How do we get quality into the decisions?

3



Least structuredBrain Storm meeting ………Design Review.. IEC 61160..HAZOP ……….... IEC 61882..Block Diagram.. IEC 61078..FMECA………….. IEC 60812..FTA……………….. IEC 61025..

Most structured

Analysis MethodsAnalysis Methods



A mature way to make a FMECA analysis:A mature way to make a FMECA analysis:1. Select an appropriate part of the design /process (60-80 problems)2. Call a relevant group of experts3. Have the block diagram, circuit diagram or drawing on Screen or on wall4. Let an expert explain what the relevant part of the design/process does5. The facilitator select one block / one part of the design/one component and ask the

experts to tell how it may go wrong (brain storm)6. The facilitator write the mentioned ways on the white board7. When the selected block/area/component has been covered ask the same questions for

all interfaces from the block/area/component (some of these will already have been covered)

8. Repeat 5-7 until the selected part of the design/process has been covered9. List the consequences, probability and detect ability for each point listed10. The facilitator fills out the FMECA form up to and including RPN numbers (if used)11. At a new meeting the facilitator present the partially filled FMECA form, ask for

corrections and comments12. The team now discuss all /the largest RPN numbers and decide if something shall be

done about the potential problem. If so list Action, Responsible and due date

13. You may estimate the new RPN after the action have been implemented

4



Focus is Concentrated to DFocus is Concentrated to D--FMEAFMEA

Design-FMEABelong to DevelopmentProactive ToolFoundation for DesignFoundation for TestFoundation for Risk-Analysis The “C”Always Up to Date ☺Foundation for Production/Sale

Focus Area’sDesign processProduct Performance Functions

System Design-FMEACovers the total System

Process-FMEAFoundation for Screening

D-FMEA = Risk Management for Trustworthiness



Referent

Note: Check that listed functions correspond to functions implemented on wind turbinesITEM

1 Remove plastic/lead seal When twisting the plastic it locks tight to the bottle

I have to look for a knife. it takes longer time before I can enjoy my wine

5 I don't have the experience with a plastic sealing

4 20 5 100 Be carefull to slise the plastic. Use a proff. corkscrew uncutting the top of the plastic seal

2 I get cut by the knife

I have to stoop the bleeding. It takes some time again

6 Slippery fingers, rheumatism in your hand, hangovers, get shocked by a brut noise

3 18 10 180 Wipe your hands. Don't use moisture cream. Check eventual shaking hands

3 10 04 Hold the bootle I loose the

bottle onto the floor

The contents get mixed - wine & sediment


2 8 10 80 Eat good food, do some training

5 I loose the bottle - and the bootle breaks

My mode will change from party to anger



6 10 07 Insert the corkscrew The corkscrew

slips and gets into my hand

I get a wound and loose some blood. Eventually I can get an infection



8 10 09 10 0

10 Uncork The cork demolish partly

Parts of the cork get mixed with the wine

5 The bootle is very old, the wine is very cheap…

6 30 6 180

The Chef, the disher, the restaurant owner, a guest representive, the cleaner…?

RPN RECOMMENDED ACTIONSO C C

ParticipantsProject ID

PRODUCT FUNCTION POTENTIAL FAILURE

MODE

POTENTIAL EFFECTS OF

FAILURE

System/Sub-syst./Component

S E V

component: Bootle in the kitchen

CIPOTENTIAL CAUSE(S ) OF FAILURE

HKSON

D V

Uncork bootle

DESIGN VERIFICATION

The Risks are The Risks are Design RelatedDesign Related(Criticality Index)(Criticality Index)

Risk ManagementRisk ManagementD-FMEA are handling both sides of the V-Model

WHAT DO YOU GET ?

Identification of risks in the DESIGN

Identification of TEST ACTIVITIES in the design phase

Test Activities Test Activities are are

IdentifiedIdentified

5



Which kind of failures do you Which kind of failures do you not want?not want?

MCF or M(t) Curves for explaining "Realibility"

0

2

4

6

8

10

0 5 10 15 20

Years in service

Acc

umul

ated

failu

res

0-Time failure level. Installation/Transport damage

Constand failure rate. Lack of Robustness

Early failures. Lack of Procuction Capabilities

Wearout failure level. Lack of Lifetime

Sum of failures. Customer experience

[Linear scale]

[Lin

ear s

cale

]

MCF = Mean Cumulative FailuresM(t) = Mean Accumulated Failures



M(t)

Lifetime

Lack of Robustness failures

• Noise• Overload• …

Process FMEA

Earlyfailures

Wear out

D-FMEA

[lin]

[lin

]

Tread

less

than

1,6mm

Tire

Mounting

Flat Tiredue to

nail/stone/roadside

Which kind of failures do you Which kind of failures do you not want?not want?

6



Specification demands

ProductSpecification

0-time

Specification

Parameter plan

Customer expectations

ProductSpecification

" Customer expectations"

0-time ........................Useful lifetime..............

...

Specification

Time plan

Productspecification

" Customer expectations"

0-time........................Useful lifetime..............

...

Design

Specification

graceful degradation

Construction- / Design- Demands

”Performance shall be specified as end of lifetime”

The Rim

men m

odel

Severe User

Design parametersDesign parameters



1: Describe product

2: Determine functions

3: Find possible failure modes

4: Determine effect of failure

5: Find causes of failure

6: Design verification

7: Calculate risk (RPN)

8: Rectify design

9: Assess result

DD--FMEA MethodFMEA Method0: Plan the analysis

Up

date

Specifications OK ?Specifications OK ?

7



0: Plan the analysis

PLANNING IS IMPORTANT – TO REACH SOUND RESULTS!

Broad analysis group

Train them– before

Prepare

Make brainstorming to the D-FMEA analysis

Review the results with others

RPN

Sev Occ Ver

TimeParti-cipate

DD--FMEA MethodFMEA Method



Knowledge of the product

Drawings

Functional blocks

Description of loads

Design Spec.

Experience from previous projects

Failure reports

Physical models

1: Describe product

Previous D-FMEA


8



Describe functions as Describe functions as actions:actions:Action = verb + noun

PowerLimit

MotorActivate

CircuitReset

TemperatureMeasure

DisplayRead

CorkRemove

ArmLift

CorkscrewInsertNounNounVerbVerb


preliminary work




Functional Flow Chart:

How? Why?

Either: List of Functions:

Or:

Function 1 …

Function 2 …

Function 3 …

Function 4 …

Function 5 …

Function 6 …

Function 7 …

DD--FMEA MethodFMEA Method2: Determine functions

9



Functional flow chart for corkscrew and design demands

Insert corkscrew

Uncork

Remove cork

Place corkscrew tip on cork

Press the tip down

Rotate corkscrew

Lift arm

Uncork bottle

Hold on to cork

Rotate corkscrew

Example

:

How? Why?


Tooth tolerances

Remove plastic/lead

Hold bottle

Low friction

Other tech demands




Also remember the general functions:

Operational reliability:

Lifetime:

Safety:

Robustness:

Operate correctly throughout lifetime(covered by flow chart)

Function insensitive to noise & external loads

Long lifetime (e.g. L10 > 25 years)

Protect users and surroundings against overload

DD--FMEA MethodFMEA Method2: Determine functions

10



3: Determine failure modes How can the function fail?How can the function fail?

• Degraded / intermittent / incorrect

• Unwanted

• Delayed

Guide words for Human Error: • too early

• too late

• too much

• too little

• too long

• too short

• wrong direction

• on wrong object

• wrong action

• No function

• Too much / too little

• Too soon / too late



4: Determine effects of failure

If the failure occurs, what is the effect?Think at the

• customer influenced?

• other parts of the product influenced?

• Immediate and delayed effect

• Same failure, several effects, take them all together

Assessed the effect at the Severity-scale of 1 to 10


11



Risk Management

6

8

Partial failure.

No Product function.

Not notice failure.1

Noticed but no influence. 2

Irritated. Self repair.3

Irritated and contacts Service. 4

Complains.5

Alternative supplier ?7

Major Costs. Safety risk. With warning.9

Dangerous and life-threatening effect. Without warning.10

SEVERITY RATINGSEVERITY RATINGDetail




5: Determine causes of failures

What may cause the failure?

• Design failure & weaknesses

• Consider environment, wear, use/misuse

• The failure usually has several causes. Include the most important causes.

• Does the design make it impossible to produce it correctly?

• Process failures are not included. This is handled by the P-FMEA.

Go for the right things


12



Hardware

+

Software

Input

Input

Product

Performance

Etc?

Output

Output

OccurrenceWhere are designers looking?

orCompiler

Coding

SW-DesignDesign process

HW-Design

Design process




<1:10.000Unlikely1

1:10002

1:250Known principles that only cause few problems.

3

1:1004

1:505

1:25

Principles that very rarely cause problems.

6

1:107

1:5Principles that might cause problems.

8

1:39

>1:2Probable a large number of failures

will occur.

10

How often?QS9000 (A)Detailedscale

OCCURRENCE RATING

DD--FMEA MethodFMEA MethodRisk Management

13



6 7

SEV

ER

ITY

1 2 3 4 5 8 9 10

12345678

9

10

Low riskLow risk

Medium riskMedium risk

High riskHigh risk

OCCURRENCE

Risk ManagementRisk ManagementCriticality = Severity * Occurrence Criticality = Severity +½ Occurrence (for prioritization)




6: Design verification

How can you know that the construction is OK?

Which activities have already been carried out?

Examples of verification activities:

• Simulation, calculation, F.E. analysis

• Tolerance chain analysis

• Test of prototypes

• Poka Yoke (mistake proven)

• Experience from previous productsAssessed on a Verification scale of 1 to 10


14



1

2

3

4

5

6

7

8

9

10

Simulations, tolerances

Derating/load-strgth

Supplier info + Experi.

Technological platform know

n

Functional

Robustness, H

ALT

Wear-out test re. budget

Tests at customers

Performance tests

Review

, design

Tolerance chain analysis

Safety

Design Verification RatingDesign Verification Rating



1

2

3

4

5

6

7

8

9

10

Simulations, tolerances

Derating/load-strgth

Supplier info + Experi.

Technological platform know

n

Functional

Robustness, H

ALT

Wear-out test re. budget

Tests at customers

Performance tests

Tests in design phaseReview

, design

Tolerance chain analysis

Safety

Example:For getting “6” in Verification you must if relevant have done the following:

• Design must be based on solid information from the supplier• Have a good load/strength (derating) relation to expect no failure at the weakest material

when maximum load is applied.• The chosen technology is mature and proven in similar situations/environments• Have simulated the tolerances to verifying the capabilities• Have done Review’s with experts from design, production, supplier and service.• Made functional test and performance test with relevant stimuli's. • Making test for safety, wear and functional test in products where we previously have seen

problems.

Design Verification RatingDesign Verification Rating

15



7: Determine risk (RPN)

Criticality Index = Severity x Occurrence

Risk Priority Number =Severity

x Occurrence

xVerification

The Risks are The Risks are Design RelatedDesign Related(Criticality Index)(Criticality Index) Test Test

Activities are Activities are IdentifiedIdentifiedPrioritization:Prioritization:

Severity + Severity + ½½OccurrenceOccurrence



• D-FMEA carried out too late

• Incorrect composition of team, knowledge…

• The team focuses too much on the figures. It’s just a rough indication of risk.

• Mix of P- and D-FMEA

• Attempts to solve all problems at the meetings

• Places the FMEA in the file, and forgets it

Common MistakesCommon Mistakes DD--FMEA MethodFMEA Method

16


20082008--1010--1515 3131IEC/TC56 Dependability Seminar IEC/TC56 Dependability Seminar Copenhagen, DenmarkCopenhagen, Denmark

Conclusions:Conclusions:How do we get qualityHow do we get quality

into the decisions?into the decisions?• Focus areas: update or new design.• Analysis Methods• FMECA • Mature way or for beginners• What do we get from a FMEA analyze• Where can we get input to Project activities Planning

(Design for Reliability)?• Do we have the right specification?• What is a functional tree?• Can we avoid Human Errors?• How do we make the right Verification?

2008 dependability seminartc56.iec.ch/action/presentation/topic(iv).pdf · iec 61882.. block...

Documents