FMEA Approach

It should be clear that a complete FMEA approach is not practical for the evaluation of production facility safety systems. This is because (1) the cost of failure is not as great as for nuclear power plants or rockets, for which this technology has proven useful (2) production facility design projects cannot support the engineering cost and lead time associated with such analysis (3) regulatory bodies are not staffed to be able to critically analyze the output of an FMEA for errors in subjective judgment and most importantly, (4) there are similarities to the design of all production facilities that have allowed industry to develop a modified FME.A approach that can satisfy all these objections. 

The modified FMEA approach evaluates each piece of equipment (not each device) as an independent unit, assuming worst case conditions of input and output. Separators, flowlines, heaters, compressors, etc., function in the same manner no matter the specific design of the facility. That 

Furthermore, once every process component has been analyzed separately for worst case, stand-alone conditions, there is no additional safety risk created by joining the components into a system. That is, if every process component is fully protected based on its FMEA analysis, a y tern made up of several of these components will also be fully protected, 

It is even possible that the system configuration is such that protecnon furnished by devices on one process component can protect others. That is, devices that may be required to provide adequate protection for a component standing alone may be redundant once all components are assembled in a system. This procedure is outlined below  

For each piece of equipment (process component), develop an FMEA by assuming in turn that each process upset that could become a potential source occurs. That is, assume a control failure, leak, or odier event leading to a process upset. 

---

The FMEA approach is a bottom-up approach, looking at component failures and establishing their effect on the system. An alternative approach is to use a top-down approach such as Fault Tree Analysis to postulate system failure modes and establish which processes, procedures, or activities are likely to cause such failures. 

The modified FMEA approach has been used by the API to develop RP14C. In this document ten different process components have been analyzed and a Safety Analysis Table (SAT) has been developed for each component. A sample SAT for a pressure vessel is shown in Table 14-4. The fact that Tables 14-3 and 14-4 are not identical is due to both the subjective natures of a Hazard Analysis and FMEA, and to the fact that RP14C is a consensus standard. However, although the rationale differs somewhat, the devices required are identical. (The gas make-up system in Table 14-4 is not really required by RP14C, as we shall see.)... 

The Failure Mode and Effects Analysis (FMEA) is a systematic, bottom-up method of identifying the failure modes of a system, item, function and determining the effects on the higher level. It may be performed at any level within the system (e.g., piece-part, function, blackbox, etc,). Software can also be analyzed qualitatively using a functional FMEA approach. Typically, a FMEA is used to address failure effects resulting from single failures [1]... 

When performing an FMEA on software, very few information or support is available. The safety engineer has to apply his own knowledge of software to set up an FMEA approach, i.e. ... 

The FMEA approach can be extended to include an evaluation of the diagnostic ability of a circuit, module, unit or system. Additional columns are added to the chart as shown in Table E-2. 

The FMEA approach has been around for a very long time. Before any documented format was developed, inventors and process experts would try to anticipate what could go wrong with a design or process before it was developed or tried. The FMEA discipline was first formalised in the late 1940s by the US Military (refer MIL-P-1629A, page 2) where it used as a reliability evaluation technique to determine the effect of system and equipment failures. Failures were classified according to then-impact on mission success and personnel/equipment safety. 

ABSTRACT On the strength of experience with risk analysis methodology in IT-operating enterprises, an approach has to be able to deal with limited resources. This prompts an analyst to perform a heuristic and biased approach, which is typically a questiomiaire structured by a IT security standard. The difficulty is to draw up a limited set of concise IT security related questions, which result in meaningful outcomes for IT risk analysis purposes. In the proposed approach, the Code of Practice ISO/IEC 27002 is used to structure the analysis and to restrict the number of questions. The Code s recommendations are rephrased and a Guttman scale is introduced for an IT security FMEA-like risk analysis approach. For frequency assessments it is assumed that an implemented high-level security measurement resiilts in low frequencies of imdesired events. The paper pictures the adapted IT-FMEA approach and presents the results of a feasibihty study at Switzerland s leading telecom provider. 

The FMEA approach is presumably known to the reader and is not explicated in detail in this paper (otherwise, see e.g. (lEC 2006)). Based on expert knowledge, a list of failure modes of system units or processes is generated. Each failure mode is analysed with regard to its impact, causes, given counter measurement, risk, and recommended elimination measures. Risk is defined by ten classes of F and C. Maximum risk is RFN s = F osk = 10 10 =... 

Since the FMEA approach needs to be as simple as possible, the concept of SBP is used in the following. 

Others the remaining procedure follows the standard FMEA approach (e.g. identification of failure cause)... 

FMVEA [3] is a combined analysis method for safety and security. It is based on the Failure Mode and Effects Analysis, as described in lEC 60812 [6]. In the FMEA approach, each component of a system is analyzed for potential failure modes. Based on the detail level and maturity of the design, components can be HW/SW-modules or functions. A failure mode is the manner in which the component fails [6] or the manner by which a occurred fault is observed [4]. In the next step the effects of the failure mode on the system are identified. A failure mode could cause a component to cease to function and still only have a negligible effect on the functionality of the complete system. After the severity of the final effect is determined, potential causes are identified. Based on the causes, the probability of the failure mode is estimated. This process is repeated until every failure mode of the component and every component on the chosen analysis level is examined. 

As FMVEA is an extension to the SW/Functional-FMEA approach, the first step is to decompose a system into functions. We can distinguish between processing... 

Step 2 Analysis of Operations Classes encompass operations showing further details of the specified business process. The malfunction of an operation is considered as a failure mode in the context of an FMEA approach. The Sequence Diagram shows its position within the business process chain. An initial position of an operation roughly indicates a more serious impact on the overall business process than a rear light one. 

Step 3 Risk assessment Following the common FMEA approach, the Risk Prioritisation Value (RPV) is used to identify most important risks, i.e., classes and operations as well as associated sub-business processes, underlying hardware and software, persons responsible to maintain the processes, etc. 

---