risk assessment in aerospace systems jacek s. stecki phm technology/monash university

Conference AERONET "Aviation Valley" , 13-14 2011

PHM Technology Pty Ltd 1Jacek S. Stecki

Risk assessment in aerospace systems

Jacek S. SteckiPHM Technology/Monash University

Melbourne, Australia



Key issues – Risk drivers

Supportability:– Reduction of life-cycle cost– Safety – environmental, personnel– Reliability – hardware, functional

Reduced manning levelsNeed to reduce the volume of scheduled maintenanceSecondary effects of failuresInherent design problemsNeed to reduce spare parts inventoryHigh performance requirementsAvailability of specialised personnelInsurance and classificationCriticality of the equipment to productivity/availabilityCost of lost production or lost availability as a result of equipment failureCost of fixing a problem in terms of repair and bringing the machine back to a serviceable conditionEtc.



Integrated Logistics Support

Integrated logistics support (ILS) is an integrated approach to the management of logistic disciplines in the military

The pupose of ILS is to ensure that the supportability of the system is considered during its design and development in order:

To create systems that last longer and require less supportTo reduce costsTo increase return on investmentsTo assure supportability throught the operational life of the system

The impact of ILS is measured in metrics: Reliability - Availability - Maintainability (RAM) Reliability - Availability - Maintainability - Testability (RAMT) Reliability - Availability - Maintainability - System safety (RAMS).



Integrated Logistics Support

Integrated Logistics

Reliab ility, M ain ta in ab ility and M ainten ance) P lan ning

Supply (Sp are p art) S upp ort acqu ire resources

Su pport and T est Equ ipmen t/Eq uipm ent

M anpower and Personn el T raining and T rain ing Support

Tech nical Data / Pu b lications

Computer Resources Sup port

Facilities Packag in g , Handlin g , Storage, and T ransportation

Design In terface

UK Def ence S tandard (DEFST AN) 00-600

Supportability of the System

Assuring continued operation and functioning of the systems



Performance-based Logistics (PBL) is an outcome-based, performance-oriented product support strategy

A product support provider (PSP) or product support integrator (PSI) is contracted to meet performance metric (s) for a system or product

The purpose of PBL:

increased system availability, reliabilityshorter maintenance cycles, and/or reduced costs

Thus PBL fits well with ILS

----------------------------------In U.S. Department of Defense (DoD) acquisition programs, the PBL approach is mandated as a first-choice strategy.

– A PBL contract was awarded to Alstom for delivery of trains in France– Also called Performance-based-Contracts

Performance-based Logistics

http://en.wikipedia.org/wiki/Performance_metric



Reliability - Availability – Maintainability (RAM)

The ability of an item to perform a required function under given conditions for a given time intervalIt is generally assumed that the item is in a state to perform this required function at the beginning of the time intervalGenerally, reliability performance is quantified using appropriate measures. In some applications these measures include an expression of reliability performance as a probability, which is also called reliability.



Risk reduction – CBM/PHM

What is it?Risk assessment using techniques like FMECA, HAZOP, RCM etc.Diagnostics – is the process of determining the state of a component to perform its function(s)Prognostics – is predictive diagnostics which includes determining the remaining life or time span of proper operation of a componentHealth Management – is the capability to make appropriate decisions about maintenance actions based on diagnostics/prognostics information, available resources and operational demand.

D e s ig nRisk

Sensors

Diagnostic FDI

Prognostics

Failures Identification

Criticality Assessment



PHM - Fusion of the technologies

Sensors Artificial intelligence Neural

nets, fuzzy logic, genetic algorithms

Algorithms (vibration etc.) Communication capabilities Interchange of maintenance

data Integration of data Security of data User friendly interface Autonomy to be provided by

software agents (Jack platform from AOS)

PrognosisPrognosisLayerLayer

Prognostics and Health

ManagementPHM

MaintenanceMaintenanceaware Designaware Design

SensorsSensorsLayerLayer



Goals of PHM

Enhance Mission Reliability and Equipment Safety Reduce Maintenance Manpower, Spares, and Repair Costs Eliminate Scheduled Inspections Maximize Lead Time For Maintenance and Parts Procurement Automatically Isolate Faults Provide Real Time Notification of an Upcoming Maintenance Event at all

Levels of the Logistics Chain Catch Potentially Catastrophic Failures Before They Occur Detect Incipient Faults and Monitor Until Just Prior to Failure



PHM Paradigm (Joint Strike Fighter F35)

PHM Paradigm

Sensor based Proactive

Prognostic capability

Intelligent Sensors

Data Fusion

Virtual Sensing Model-based Prognostics

Maintenance aware Design

Co-current with Design

Optimization

Life Cycle

Autonomous

Open Architecture

Reliable and Robust

Model-based Prognostics



Joint Strike Fighter F35 PHM Setup



Aerospace

RisksSevere operating environmentStringent statutory safety standardsSafety critical systemsExpensive MaintenanceLong innovation lead time High technologyConservative attitudesHigh reliability requirementsSingle shot operationsVery high cost of failureTools to deal with risks

Computer based design methodsReliability and Hazard AnalysisFailure analysis (FMECA/FTA)PHM (Prognostics and Health Management) Condition Monitoring - CBMTesting



CBM/PHM - what are we dealing with?

FMECA Production Losses

Reliab

ility

Condition monitoring

Prognostics

Maintenance

DetectionDiagnosis

Algorit

hms

Failure modes

Faults

Simulation

Downtime

TestingRisk M

inimiza

tion

$$$$$$$!Training

Fall-back AnalysisHazards

Safety

Training

FMECAStandards

TrainingFMECA

Reliab

ility

Diagnosis

Sensor fusion

Failure modes

BITTraining

FMECA

Fault Tree

ROI

FMECA

Reliab

ility

SensorsDiagnosis

Education

Failure modes

Training

Training

FMECA

Functional

AnalysisTraining

Education

Sensor fusionSensor fusion

Artific

ial

intell

igenc

eMaintainabil

ity

Availa

bili

ty



Reasons for failure of Risk Assessment

Dependencies of failures not identified – spreadsheet vs model basedInadequate Identification of Risks - functional failures (failure modes) vs physical failures Incomplete database of failures (deficient FMECA)Taxonomy – confusion what is the cause, mechanism of failure, fault, symptom and/or failure modeSensor fusion not based on failures dependencies (fall-back – testability) Diagnostic rules not based on dependenciesReliability of Hardware not the same as Functional ReliabilityDifferent models for Criticality and Reliability Assessment



Risk reduction or is it?

Risk is still there if failures are missedWe cannot design a diagnostic system without knowledge of failuresWe do not really know what we should monitorSensors cover only identified failures

D e s ig nRisk

Sensors

Diagnostic FDI

Prognostics

Failures Identification

Criticality Assessment



Barriers

The Advanced Technology Program (ATP), of the National Institute of Standards and Technology (NIST), held a workshop on Condition-Based Maintenance (CBM) as part of it's November 17-18, 1998 Fall Meeting in Atlanta.

Discussions with companies identified 3 technical barriers to CBM's widespread implementation: The inability to accurately and reliably predict the remaining useful

life of a machine ( prognostics) The inability to continually monitor a machine (sensing) The inability of maintenance systems to learn and identify impending

failures and recommend what action should be taken (reasoning).

These barriers could potentially be addressed through innovations in three technical areas: Prognostication capabilities Cost effective sensor and monitoring systems Reasoning or expert systems



Risk Assessment FMECA

Failure Modes

Effects

Criticality Analysis

What effect does the failure have ?

Criticality Analysis of failure

Possible Failures FMFMECAECA

FMFMEECCAA

FMEFMECACA



acceptable operating range

Component model

FMEA model

EnergyEnergy

apply forceControlparameterse.g. pressure

Noisee.g.. friction

Measuredvariablee.g.. force

ComponentFunction Definition

High range

Low range

Effect 1 downstream,e.g.. damaged support

Upper limit

Lower limitEffect 2 downstreame.g. failed to lift

PhysicalComponente.g. actuator

Failure Modes and Effects


Component model

Tribological model

WearFriction


LoadVelocityetc.

ComponentRepresentation e.g. drawing

Modeling Failure



Modelling of failure



Fault

Fault

Fault

All faults are enumerated.Transient and steady-state responses to faults are identified

Fault propagation - dependability



PHM Cycle

PHM requires two main cycles of development, design and operation

The Design Cycle is required in order to generate the knowledge base from which the PHM system can obtain its decisions.

The Operation Cycle describes the steps taken within the PHM system from detection of faults through to conveying instructions or actions.



Interaction between MAD and CBM/PHM Layers at Design Stage

System Concept

System specification

Implementation

Functional diagram

FASTContraints

RiskLayer

PHM Layer

Sensor set

DiagnosticsOptimization

Life cycle

FMECA/HAZOP

Prognostics

Sensors

Techniques

Faults

Techniques

Functions

Manufacturing

PH M L a y e r

M A DL a y e r

D e s ig n p r o c e s s

MAD – Maintenance aware Design



Criteria for RCM Processes

SAE JA1011 “Evaluation Criteria for RCM Processes” defines seven questions for RCM:

What are the functions…of the asset…(functions)? In what ways can it fail…(functional failures)? What causes each functional failure (failure modes)? What happens when each failure occurs (failure effects)? In what way does each failure matter (failure consequences)? What should be done…(proactive tasks and intervals)? What should be done if a suitable proactive task cannot be

found?



MADe software

Fa ilure databa se

Fa ilures de pen dabili ty

B IT des ig n & evaluat ion

Auto Sen sor s elect ion

Fa ilure diagram s

Te stabilit y

Fa ilures critica li ty

Cau ses Fa ilureM ec hanism s

Fa ults Fa ilure m ode s

Fa ilure ta xonom y

Com p one nt

Sys te m s

Parts

Fa ilure diagram s

Fu nct io nal fa ilure diag ra ms

Auto func tiona l an alysis

Auto qu alitat ive s im ulat ion

Auto report ge nerat io n

Auto de s ign ofdiag nos tic ru le s

Fa ilure coverageas ses sm ent

Failure database

Sensor selection/coverage

Coverage of am b ig uity

Dat ab ase

FM EA/FM ECA

Use d e fine d se nsors



RR250 Engine Lubrication System



Jet Engine Lubrication System Model



Model of pump



Define Component Structure



Define Component Functions



Define Physical Failures



Propagate Functional Failures >> Dependency



Assess Criticality



Produce FMEA/FMECA Report



Assess hardware Reliability



Fault Tree



Define Sensors Locations



Select sensors and generate diagnostic rules



CAD concurrent with MADe



PHM Design Cycle Deliverables

At the end of the risk assessment process, the user has knowledge of:How the system can fail (failure modes)How critical each failure isWhat are the causes of functional failures What are the interactions between functional failuresWhat physical failures are linked to functional failureWhere to place sensors – i.e sensor fusingHow to monitor physical failures How to diagnose functional failureWhat is the expected reliability of the sensing systemWhat is the expected functional and hardware reliability of the system



Despite expectations the acceptance and effectiveness CBM is in question. To be effective:CBM/PHM programs must be designed and executed with the knowledge of the risks to which a system is exposed, i.e. the knowledge how the system failsModel-based failure analysis, defining failures dependencies and improving completeness of risk identifications, should be adopted in preference to spreadsheet and “spreadsheet” like FMECA methodologyModel-based failure analysis should be adopted to enhance knowledge retention, knowledge transfer and to facilitate integration of risk assessment through supply chainsTaxonomies of functions, failure concepts, components should be adopted to improve readability/portability of risk assessment resultsDiagnostic rules and Sensors sets should be selected on the basis of dependencies between failure modes (symptoms >>> syndrome)Clear hierarchy of failure concepts (cause> failure mechanism> fault> failure mode) should be enforced in risk assessment processPhysical failures (cause/failure mechanism/fault) and their symptoms should form basis for BIT design

Concluding Remarks



Thank You!

risk assessment in aerospace systems jacek s. stecki phm technology/monash university

Documents