Problems and Solutions
Is action always required on high-severity issues? What if severity is high (9 or 10 on a severity scale of 1 to 10), and the occurrence and detection rankings are both low? Is action still required? This problem, as well as a challenging problem involving fail-safe strategies, are the subject of this problem-solution article.
If you haven’t yet read the article titled “Understanding Severity Risk – Part 1“, this might be a good time, as it describes the subject of severity risk.
Using the severity scales shown below, select an appropriate severity ranking for the following examples of effects:
Item: Power steering pump
Function: Delivers hydraulic power for steering by transforming oil pressure at inlet ([xx] psi) into higher oil pressure at outlet [yy] psi during engine idle speed
Failure Mode: Inadequate outlet pressure (less than [yy] psi)
Effect (Local: Pump): Low pressure fluid goes to steering gear
Effect (Next level: Steering Subsystem): Increased friction at steering gear
Effect (End user): Increased steering effort with potential accident during steering maneuvers
Item: Shaft (part of rock grinding equipment)
Function: Provide mechanical transfer of [xx] rotational force while maintaining linear and angular stability
Failure Mode: Shaft fractured
Effect (Local: Shaft): No torque output (does not transport energy)
Effect (Next level: Grinder Subsystem): Rock grinder teeth do not move
Effect (End user): No rocks are pulverized, and product order is not filled
Process Step: Induction harden shafts using induction hardening machine
Function: Induction harden shafts using induction-hardening machine ABC, with minimum hardness Brinell Hardness Number (BHN) “X”, according to specification #123.
Failure Mode: Shaft hardness less than BHN “X”
Effect (In plant): 100% scrap
Effect (End user): Shaft fractures with complete loss of performance
Effect (Assembly): Not noticeable during assembly
Answer 1: Severity ranking 10 (potential accident without warning, during steering maneuvers) Note, this could be a 9, if FMEA team determines “with warning” based on failure effect analysis.
Answer 2: Severity ranking 8 (loss of primary function: pulverizing rocks)
Answer 3: Severity ranking 8 (100% scrap is consistent with manufacturing/assembly effect for severity 8; potential shaft fracture with complete loss of performance for the end user is consistent with severity 8; best practice is to use the worst case, which in this case equals 8)
Is action always required on high-severity issues? What if severity is high (9 or 10 on a severity scale of 1 to 10), and the occurrence and detection rankings are both low? Is action still required?
This question is best answered by reviewing the general approach for high-severity issues:
1. If severity is 9 or 10, the team must first attempt to lower the severity ranking, such as by design change. Reference the section 7.3.1 “Action Strategies to Reduce Severity Risk,” in chapter 7 of Effective FMEAs for specific recommendations about how to lower severity risk.
2. If lowering the severity risk is not possible or feasible, the FMEA team must confirm and verify that the occurrence and detection rankings are as low as possible (preferably 1), or must take all action necessary to achieve lowest possible occurrence and detection rankings.
3. The FMEA team should obtain management’s concurrence and support before determining that no further action is required.
4. Both management and the FMEA team must agree that everything possible has been done to prevent safety problems within the design life of the product or during the manufacturing process.
A fail-safe design is one that, in the event of failure, responds in a way that will cause minimal harm to other devices or danger to personnel. Fail-safe does not mean that failure is improbable; rather that a system’s design mitigates any unsafe consequences of failure. In FMEA language, fail-safe reduces the severity of the effect to a level that is safe.
The following fictitious examples of fail-safe designs were selected randomly. Try to identify at least one fail-safe strategy for each failure scenario.
Fail-safe example 1:
An aircraft landing on an aircraft carrier is assisted with arresting wires to slow landing speed. If the arresting wires fail to capture the plane, the aircraft can overshoot the carrier with potential catastrophic loss of aircraft and harm to pilot. What fail-safe strategy will minimize this potential danger?
Fail-safe example 2:
During normal use of lawnmowers, if the operator stumbles or falls, the blades can potentially cause severe harm. What fail-safe strategy will minimize potential harm?
Fail-safe example 3:
Many air brake systems on large trucks operate on a principle where compressed air pressing on a piston is used to apply the pressure to the brake pad needed to stop the vehicle. Should a brake line split, complete loss of brakes is possible. What fail-safe strategy will minimize harm to the driver?
Fail-safe example 4:
If faults occur with traffic signals, it may be possible for conflicting signals, such as showing green in all directions. What fail-safe strategy can be employed to minimize the danger of conflicting signals at traffic intersections?
Fail-safe example 5:
Electrical appliances can experience short circuits with potential for overheating and fire. What fail-safe strategy can be used to minimize danger to appliances and users?
Fail-safe strategy 1:
Implement the following strategy: Aircraft landing on an aircraft carrier increases the throttle to full power at touchdown. If the arresting wires fail to capture the plane, it is able to take off again.
Fail-safe strategy 2:
Require lawnmowers to have a hand-closed lever that must be held down at all times. If it is released, it stops the rotation of the blades. This is also called a “dead man’s switch.”
Fail-safe strategy 3:
The following strategy is common for air brakes on large trucks. The brakes are held in the “off” position by air pressure created in the brake system. Should a brake line split, the air pressure will be lost and the brakes applied. Using this strategy, a serious leak in the air brake system will implement the brakes on the truck.
Fail-safe strategy 4:
Traffic light controllers use a Conflict Monitor Unit to detect faults or conflicting signals and switch an intersection to all flashing red, rather than displaying potentially dangerous conflicting signals, e.g. showing green in all directions.
Fail-safe strategy 5:
Most electrical appliances are protected from short circuit with fuses. The destruction of the fuse will prevent destruction of the device.
What if an FMEA recommended action is redundant with the Design Controls? A reader makes this observation about an earlier article, and asks the question about the value of redundancy in FMEA. This question is answered in the next article.