Dealing adequately with technical uncertainties

Statistics, RAMS & Quality Management
Search this site:

Automotive FMEA
  FMEA, Introduction
  Example 1: Mil-STD-1629 Piece Part FMEA
  Example 2: Mil-STD-1629 Criticality Analysis
  Example 3: Automotive FMEA
  General concerns with FMEA

This FMEA type is from IEC 60812 annex B. It is very close to those FMEA types used in automotive industry.
The main goals of this FMEA type are
Columns 1,2,3,9 and 10 reveal the expert that this FMEA type is for electronic systems.

IEC 60812 Annex B

Column title
Item/Function, subdivided in Subsystem, Assembly and Component.
Three levels for hierarchical classification. In some FMEAs, only one or two levels may be necessary.
4 Potential Failure Mode
Potential Failure Mode of the component (if component is the lowest level).
There may be multiple failure modes (4) per component (3).
Potential Effect(s) of failure
Potential effects of the failure mode (4) on local (component) level and system (final) level.
For comprehensive systems, final effect may be on system level, and local effect on subsystem level. For small systems however, local effect may be on single component level, and final effect on subsystem level (e.g. PCB level).
There may be multiple local and final effects per failure mode (4).
Severity of the failure mode (4).
Automotive industry uses 10 different levels for severity, with 1 = insignificant and 10 = multiple fatalities.
SAE-J-1739 has detailed and dedicated severity scales for different FMEA types.
Some major automotive suppliers have their own severity scales.
Classification of the failure mode (4). An alternative for Severity with typically 5 different levels: Negligible, Minor, Major, Critical and Catastrophic.
Potential causes / mechanisms of failure
Potential causes of the failure modes (4). In some cases, it may be better to tie the causes rather to the effects than to the failure modes. Whatever the FMEA team may decide, it should be made clear which applies.
Entries should be short, precise and standardized in order to facilitate later sorting and filtering. If more detail is needed, use column 10.
Detail causes / mechanisms of failure A more detailed description of the potential causes (8).
Probability of occurrence of the failure mode (4).
Automotive industry uses 10 different levels for severity, with 1 = failure is unlikely to occur and 10 = permanent failure.
SAE-J-1739 has detailed and dedicated occurrence scales for different FMEA types.
Some major automotive suppliers have their own severity scales.
Current design controls, prevention
Product, process or other features eligible for avoiding this failure mode (4).
Example: Use components that are proven to be robust against this failure mode.
Current design controls, detection Product, process or other features eligible for detecting this failure mode (4) before the product gets to the customer.
Example: Final end test that explicitly addresses this failure mode.  

Probability of detection of the failure mode (4) before the potential effects can deploy.
Depending on the nature of the failure mode, detection can be accomplished e.g. by a periodic diagnostics routine during useful product life, or by a dedicated end test before useful product life.
Automotive industry uses 10 different levels for detection, with 1 = failure detection is almost certain, and 10 = failure cannot be detected.
SAE-J-1739 has detailed and dedicated detection scales for different FMEA types.
Some major automotive suppliers have their own detection scales.
Risk Priority Number of the failure mode (4).
The product Occurrence x Severity x Detection, and therefore a value between 1 and 1000.
There are two conventions in the automotive industry: RPNs equal or smaller than 125 (1) or 60 (2) are acceptable.
Despite industry wide convention, RPN is only a clumsy metric for real failure mode assessment, and should therefore be conceived only a coarse assessment.
Instead of relying on RPN alone, it is better to take Occurrence, Severity and Detection explicitly into account and use more common sense.
There at least two reasons for RPN being clumsy:
1. The scales for Occurrence, Severity and Detection are not metric but ordinal.
On ordinal scales, distances between steps are not constant, and therefore multiplicative operations lead to misleading results.
2. Severity in particular covers very different aspects, e.g. severity of a scratch in a varnish and severity of a safety related failure mode.
As a consequence, for example, there may be failure modes with RPN = 50 (1 x 5 x 10) being conceived unacceptable, whereas RPN = 64 (4 x 4 x 4) being conceived acceptable.
Recommended Actions
If RPN > 60 or 125, or if conceived necessary for other reasons, corrective actions can be defined in order to improve / mitigate failure occurrence, severity or detection. 
Responsibility and target completion date
Due date and responsibility for corrective action(s).
18 - 22
Action results
Reassessment of Occurrence, Severity and Detection of the failure mode (4) under the perspective of finished corrective actions.
The reassessed RPN must be below or equal 60 or 125. If not, additional actions must be defined.


Privacy Policy