曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
procedures and examples of these techniques. The analysis techniques covered in this chapter are the
following:
Fault Hazard
Fault Tree
Common Cause Failure
Sneak Circuit
Energy Trace
Failure Modes, Effects, and Criticality
Analysis (FMECA)
9.2 Fault Hazard Analysis
The Fault Hazard Analysis is a deductive method of analysis that can be used exclusively as a qualitative
analysis or, if desired, expanded to a quantitative one. The fault hazard analysis requires a detailed
investigation of the subsystems to determine component hazard modes, causes of these hazards, and
resultant effects to the subsystem and its operation. This type of analysis is a form of a family of reliability
analyses called failure mode and effects analysis (FMEA) and FMECA. The chief difference between the
FMEA/FMECA and the fault hazard analysis is a matter of depth. Wherein the FMEA or FMECA looks
at all failures and their effects, the fault hazard analysis is charged only with consideration of those effects
that are safety related. The Fault Hazard Analysis of a subsystem is an engineering analysis that answers a
series of questions:
What can fail?
How it can fail?
How frequently will it fail?
What are the effects of the failure?
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
9 - 3
How important, from a safety viewpoint, are
the effects of the failure?
A Fault Hazard Analysis can be used for a number of purposes:
Aid in system design concept selection
Support "functional mechanizing" of
hardware
"Design out" critical safety failure modes
Assist in operational planning
Provide inputs to management risk control
efforts
The fault hazard analysis must consider both "catastrophic" and "out-of-tolerance modes" of failure. For
example, a five-percent, 5K (plus or minus 250 ohm) resistor can have as functional failure modes failing
open or failing short, while the out-of-tolerance modes might include too low or too high a resistance.
To conduct a fault hazard analysis, it is necessary to know and understand certain system characteristics:
Equipment mission
Operational constraints
Success and failure boundaries
Realistic failure modes and a measure of their
probability of occurrence.
The procedural steps are:
1. The system is divided into modules (usually functional or partitioning) that can be handled
effectively.
2. Functional diagrams, schematics, and drawings for the system and each subsystem are then
reviewed to determine their interrelationships and the interrelationships of the component
subassemblies. This review may be done by the preparation and use of block diagrams.
3. For analyses performed down to the component level, a complete component list with the specific
function of each component is prepared for each module as it is to be analyzed. For those cases
when the analyses are to be performed at the functional or partitioning level, this list is for the
lowest analysis level.
4. Operational and environmental stresses affecting the system are reviewed for adverse effects on the
system or its components.
5. Significant failure mechanisms that could occur and affect components are determined from
analysis of the engineering drawings and functional diagrams. Effects of subsystem failures are
then considered.
6. The failure modes of individual components that would lead to the various possible failure
mechanisms of the subsystem are then identified. Basically, it is the failure of the component that
produces the failure of the entire system. However, since some components may have more than
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
9 - 4
one failure mode, each mode must be analyzed for its effect on the assembly and then on the
subsystem. This may be accomplished by tabulating all failure modes and listing the effects of
each, e.g. a resistor that might fail open or short, high or low). An understanding of physics of
failure is necessary. For example, most resistors cannot fail in a shorted mode. If the analyst does
not understand this, considerable effort may be wasted on attempting to control a nonrealistic
hazard.
7. All conditions that affect a component or assembly should be listed to indicate whether there are
special periods of operation, stress, personnel action, or combinations of events that would increase
the probabilities of failure or damage.
8. The risk category should be assigned.
9. Preventative or corrective measures to eliminate or control the risks are listed.
10. Initial probability rates are entered. These are "best judgments" and are revised as the design
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(45)
