1 component Assembly Component Failure description Failure mode Failure effect Failure consequence Cause of failure Critical analysis RJS pump no.. Table 3.16 continued Assembly Componen
Trang 1Table 3.16 Extract from FMECA worksheet of quantitative RAM analysis field study: motor RJS pump no 1 component
Assembly Component Failure
description
Failure mode Failure effect Failure consequence Cause of failure Critical analysis
RJS
pump
no 1
Motor
RJS pump
no 1
Motor fails
to start or drive pump
TLF Motor failure prevents quenching of the gas and the protection of the RJS structure due to reduced flow Standby pump should start up automatically
Maintenance Loose or corroded
connections or motor terminals
(1) 100%
(2) 0.50 (3) 2 (4) 2.0 (5) 1.00
Low criticality
RJS
pump
no 1
Motor
RJS pump
no 1
Motor fails
to start or drive pump
TLF Motor failure prevents quenching of the gas and the protection of the RJS structure due to reduced flow Standby pump should start up automatically
Maintenance Motor winding short or
insulation fails
(1) 100%
(2) 0.25 (3) 2 (4) 2.0 (5) 0.50
Low criticality
RJS
pump
no 1
Motor
RJS pump
no 1
Motor cannot be stopped or started locally
TLF If required to respond in
an emergency failure of motor, this could result in injury risk
Injury risk Local stop/start switch
fails
(1) 50%
(2) 0.25 (3) 11 (4) 5.5 (5) 1.38
Trang 2Table 3.16 (continued)
Assembly Component Failure
description
Failure mode Failure effect Failure consequence Cause of failure Critical analysis
RJS
pump
no 1
Motor
RJS pump
no 1
Motor overheats and trips
PFC Motor failure prevents quenching of the gas and the protection of the RJS structure due to reduced flow Standby pump should start up automatically
Maintenance Bearings fail due to lack
of or to excessive lubrication
(1) 100%
(2) 0.50 (3) 1 (4) 1.0 (5) 0.50
Low criticality
RJS
pump
no 1
Motor
RJS pump
no 1
Motor vibrates excessively
PFC Motor failure prevents quenching of the gas and the protection of the RJS structure due to reduced flow Standby pump should start up automatically
Maintenance Bearings worn or
damaged
(1) 100%
(2) 0.50 (3) 1 (4) 1.0 (5) 0.50
Low criticality
Trang 3Table 3.17 Extract from FMECA worksheet of quantitative RAM analysis field study: MCC RJS pump no 1 component
Assembly Component Failure
description
Failure mode Failure effect Failure consequence Cause of failure Critical analysis
RJS
pump
no 1
MCC RJS
pump
no 1
Motor fails
to start upon command
TLF Motor failure starting upon command prevents the standby pump to start
up automatically
Maintenance Electrical supply or
starter failure
(1) 100%
(2) 0.25 (3) 2 (4) 2.0 (5) 0.50
Low criticality
RJS
pump
no 1
MCC RJS
pump
no 1
Motor fails
to start upon command
TLF Motor failure starting upon command prevents the standby pump to start
up automatically
Maintenance High/low voltage
defective fuses or circuit breakers
(1) 100%
(2) 0.25 (3) 2 (4) 2.0 (5) 0.50
Low criticality
RJS
pump
no 1
MCC RJS
pump
no 1
Motor fails
to start upon command
TLF Motor failure starting upon command prevents the standby pump to start
up automatically
Maintenance Control system wiring
malfunction due to hot spots
(1) 100%
(2) 0.25 (3) 2 (4) 2.0 (5) 0.50
Low criticality
Trang 4Table 3.18 Extract from FMECA worksheet of quantitative RAM analysis field study: RJS pump no 1 control valve component
Assembly Component Failure
description
Failure mode Failure effect Failure consequence Cause of failure Critical analysis
RJS
pump
no 1
Control
valve
Fails to open TLF Prevents discharge of
acid from the pump that cleans and cools gas and protects the RJS Flow and pressure protections would prevent damage.
May result in downtime
if it occurs on standby pump when needed
modules electronic fault
or cabling
(1) 100%
(2) 0.50 (3) 6 (4) 6.0 (5) 3.00
Low/medium criticality
RJS
pump
no 1
Control
valve
Fails to open TLF Prevents discharge of
acid from the pump that cleans and cools gas and protects the RJS Flow and pressure protections would prevent damage.
May result in downtime
if it occurs on standby pump when needed
Production Solenoid valve fails,
failed cylinder actuator or air receiver failure
(1) 100%
(2) 0.50 (3) 6 (4) 6.0 (5) 3.00
Low/medium criticality
Trang 5Table 3.19 Extract from FMECA worksheet of quantitative RAM analysis field study: RJS pump no 1 instrument loop (pressure) assembly
Assembly Component Failure
descrip-tion
Failure mode
conse-quence
Cause of failure Critical analysis
RJS
pump
no 1
in-strument
loop
(pressure)
Instrument
(pressure 1)
Fails to provide accurate pressure indication
TLF Fails to permit pressure monitoring
Maintenance Restricted sensing port due to
blockage by chemical or physical action
(1) 100%
(2) 3.00 (3) 2 (4) 2.0 (5) 6.00
Medium/high criticality
RJS
pump
no 1
in-strument
loop
(pressure)
Instrument
(pressure 2)
Fails to detect low-pressure condition
TLF Does not permit essential pressure monitoring and can cause damage to the pump due to lack of mechanical seal flushing
Maintenance Pressure switch fails due to
corrosion or relay or cable failure
(1) 100%
(2) 0.50 (3) 2 (4) 2.0 (5) 1.00
Low criticality
RJS
pump
no 1
in-strument
loop
(pressure)
Instrument
(pressure 2)
Fails to provide output signal for alarm condition
TLF Does not permit essential pressure monitoring and can cause damage to the pump due to lack of mechanical seal flushing
Maintenance PLC alarm function or
indicator fails
(1) 100%
(2) 0.30 (3) 2 (4) 2.0 (5) 0.60
Low criticality
Trang 6188 3 Reliability and Performance in Engineering Design
To introduce uncertainty in this analysis, according to the theory developed for the extended FMECA, the following approach is considered:
• Express the various failure modes, including their (more or less) certain
conse-quences (i.e the more or less certainty that the consequence can or cannot occur)
• Present the number of uncertainty levels in linguistic terms
• For a given failure mode, sort the occurrence of the consequences into a specific
range of(6 + 1) categories:
– Three levels of more or less certain consequences (‘completely certain’, ‘al-most certain’, ‘likely’)
– Three levels of more or less impossible consequences (‘completely impossi-ble’, ‘almost impossiimpossi-ble’, ‘unlikely’)
– One level for ignorance
The approach is thus initiated by expressing the various failure modes, along with
their (more or less) certain consequences The discriminability of the failure modes
Table 3.20 Uncertainty in the FMECA of a critical control valve
Compo- Failure Failure Failure Failure (1) (1) Critical nent description mode consequence cause μM (d)+μM (d)−analysis
Control
valve
Fails to open TLF Production No PLC output
due to modules electronic fault
or cabling
0.6 0.4 (2) 0.5
(3) 6 (4) 3.6 (or not—2.4) (5) 1.8 (or not—1.2)
Low criticality
Control
valve
Fails to open TLF Production Solenoid valve
fails, due to failed cylinder actuator or air receiver failure
0.6 0.4 (2) 0.5
(3) 6 (4) 3.6 (or not—2.4) (5) 1.8 (or not—1.2)
Low criticality
Control
valve
Fails to
seal/close
TLF Production Valve disk
damaged due
to corrosion or wear
0.8 0.2 (2) 0.5
(3) 6 (4) 4.8 (or not—1.2) (5) 2.4 (or not—0.6)
Trang 73.3 Analytic Development of Reliability and Performance in Engineering Design 189
with their (more or less) certain consequences is checked If this is not sufficient,
then the question is explored whether some of the (more or less) certain conse-quences of one failure mode could not be expressed as more or less impossible for some other fault modes The three categories of more or less impossible con-sequences are thus indicated whenever necessary, to allow a better discrimination After this refinement stage, if a set of failure modes still cannot be discriminated in
a satisfying way, then the observability of the consequence should be questioned
b) Results of the Qualitative FMECA
As an example, the critical control valve considered in the FMECA chart of Ta-ble 3.18 has been itemised for inclusion in an extended FMECA chart relating to
the discriminated failure mode, TLF, along with its (more or less) certain
conse-Table 3.21 Uncertainty in the FMECA of critical pressure instruments
Compo- Failure Failure Failure Failure (1) (1) Critical nent description mode consequence cause μM (d)+ μM (d)−analysis
Instru-ment
(pres-sure 1)
Fails to detect
low-pressure
condition
TLF Maintenance Pressure
switch fails due to corrosion or relay or cable failure
0.6 0.4 (2) 0.50
(3) 2 (4) 1.2 (or not—0.8) (5) 0.6 (or not—0.4)
Low criticality
Instru-ment
(pres-sure 1)
Fails to
provide
accurate
pressure
indication
TLF Maintenance Restricted
sensing port due to blockage by chemical or physical action
0.8 0.2 (2) 3.00
(3) 2 (4) 1.6 (or not—0.4) (5) 4.8 (or not—1.2)
Medium criticality
Instru-ment
(pres-sure 2)
Fails to detect
low-pressure
condition
TLF Maintenance Pressure
switch fails due to corrosion or relay or cable failure
0.6 0.4 (2) 0.50
(3) 2 (4) 1.2 (or not—0.8) (5) 0.6 (or not—0.4)
Low criticality
Trang 8190 3 Reliability and Performance in Engineering Design
quences, given in Tables 3.20 and 3.21 To simplify, it is assumed that all the events are directly observable—that is, each effect is non-ambiguously associated to a con-sequence, although the same consequence can be associated to other effects (i.e the
effects, or events, are equated to their associated consequences, or manifestations) The knowledge expressed in Tables 3.20 and 3.21 describes the fuzzy relation be-tween failure modes, effects and consequences, in terms of the fuzzy sets for the
expanded FMECA, M (d) + (m i ) and M(d) − (m i)
The linguistic qualitative-numeric mapping used for uncertainty representation
is tabulated below (Cayrac et al 1994)
Qualifier Ref code μM (d)+ μM (d)−
Almost certain 2 0.8 0.2
Almost unlikely 5 0.2 0.8
The ‘critical analysis’ column of the extended FMECA chart relating to the
dis-criminated failure mode, along with its (more or less) certain consequences,
in-cludes items numbered 1 to 5 that indicate the following:
(1) Possibility of occurrence of a consequence (μM(d)+) or impossibility of occur-rence of a consequence (μM(d)−)
(2) Estimated failure rate (the number of failures per year)
(3) Severity (expressed as a number from 0 to 10)
(4) Risk (product of 1 and 3)
(5) Criticality value (product of 2 and 4)
3.3.3 Analytic Development of Reliability Evaluation
in Detail Design
The most applicable methods selected for further development as tools for reliability evaluation in determining the integrity of engineering design in the detail design
phase are:
i The proportional hazards model (or instantaneous failure rate, indicating the
Trang 93.3 Analytic Development of Reliability and Performance in Engineering Design 191
3.3.3.1 The Proportional Hazards Model
The proportional hazards (PH) model was developed in order to estimate the effects
of different covariates influencing the times to failure of a system (Cox 1972) In its original form, the model is non-parametric, i.e no assumptions are made about the nature or shape of the underlying failure distribution The original non-parametric formulation as well as a parametric form of the model are considered, utilising the Weibull life distribution Special developments of the proportional hazards model are:
General log-linear, GLL—exponential General log-linear, GLL—Weibull models
a) Non-Parametric Model Formulation
From the PH model, the failure rate of a system is affected not only by its
oper-ating time but also by the covariates under which it operates For example, a unit
of equipment may have been tested under a combination of different accelerated stresses such as humidity, temperature, voltage, etc These factors can affect the failure rate of the unit, and typically represent the type of stresses that the unit will
be subject to, once installed
The instantaneous failure rate (or hazard rate) of a unit is given by the following relationship
λ(t) = f (t)
where:
f (t) = the probability density function,
R (t) = the reliability function.
For the specific case where the failure rate of a particular unit is dependent not only
on time but also on other covariates, Eq (3.144) must be modified in order to be
a function of time and of the covariates The proportional hazards model assumes
that the failure rate (hazard rate) of a unit is the product of the following factors:
• An unspecified baseline failure rate,λo(t), which is a function of time only,
• A positive function g(x,A) that is independent of time, and that incorporates
the effects of a number of covariates such as humidity, temperature, pressure, voltage, etc
Trang 10192 3 Reliability and Performance in Engineering Design
A= a column vector consisting of the unknown model parameters
(regression parameters),
A= (a1,a2,a3, ,a m)T
m= number of stress-related variates (time-independent)
It can be assumed that the form of g (X,A) is known andλo(t) is unspecified Dif-ferent forms of g (X,A) can be used but the exponential form is mostly used, due to
its simplicity
The exponential form of g (X,A) is given by the following expression
g (X,A) = eATXT
= exp
m
∑
j=1
a j x j
where:
a j = model parameters (regression parameters),
x j = covariates
The failure rate can then be written as
λ(t,X) =λo· exp
m
∑
j=1
a j x j
b) Parametric Model Formulation
A parametric form of the proportional hazards model can be obtained by assuming
an underlying distribution In general, the exponential and the Weibull distributions are the easiest to use The lognormal distribution can be utilised as well but it is not considered here In this case, the Weibull distribution will be used to formulate the parametric proportional hazards model The exponential distribution case can
be easily obtained from the Weibull equations, by simply setting the Weibull shape parameterβ= 1 In other words, it is assumed that the baseline failure rate is para-metric and given by the Weibull distribution The baseline failure rate is given by the following expression taken from Eq (3.37):
λo=β(t)β−1
μβ ,
where:
... FormulationA parametric form of the proportional hazards model can be obtained by assuming
an underlying distribution In general, the exponential and the Weibull distributions are... equations, by simply setting the Weibull shape parameterβ= In other words, it is assumed that the baseline failure rate is para-metric and given by the Weibull distribution The baseline failure rate... considered here In this case, the Weibull distribution will be used to formulate the parametric proportional hazards model The exponential distribution case can
be easily obtained from the