Information Technology Reference
In-Depth Information
Unpredictable results: cannot always determine effects
Purchased software: How to assess failure effects?
FMEAs have gone through a metamorphosis of sorts in the last decade, as a focus
on severity and occurrence has replaced risk priority number (RPN)-driven activities.
In large part, this is a result of measurement risk outcomes, resulting from associated
RPNs being misinterpreted, as so many practitioners of FMEAs believe that the RPN
is the most important outcome. However, the FMEA methodology must consider
taking action as soon as it is practical.
An FMEA can be described as complementary to the process of defining what
software must do to satisfy the customer. In our case, the process of “defining what
software must do to satisfy the customer” is what we entertain in the software DFSS
project road map discussed in Chapter 11. The DFSS team may visit existing datum
FMEA, if applicable, for further enhancement and updating. In all cases, the FMEA
should be handled as a living document.
15.3.4
Fault Tree Analysis (FTA)
FTA is a technique for performing the safety evaluation of a system. It is a process
that uses logical diagrams for identifying the potential causes of a risk or a hazard
or an undesired event based on a method of breaking down chains of failures. FTA
identifies a combination of faults based on two main types. First, several functional
elements must fail together to cause other functional elements to fail (called an “and”
combination), and second, only one of several possible faults needs to happen to
cause another functional element to fail (called an “or” combination). Fault tree
analysis is used when the effect of a failure/fault is known, and the software DFSS
team needs to find how the effect can be caused by a combination of other failures.
The probability of the top event can be predicted using estimates of failure rates for
individual failure. It helps in identifying single-point failures and failure path sets
to facilitate improvement actions and other measures of making the software under
analysis more robust .
Fault tree analysis can be used as a qualitative or a quantitative risk analysis tool.
The difference is that the earlier is less structured and does not require the use of
the same rigorous logic as the later analysis. The FTA diagram shows faults as a
hierarchy, controlled by gates because they prevent the failure event above them from
occurring unless their specific conditions are met. The symbols that may be used in
FTA diagrams are shown in Table 15.1.
FTA is an important and widely used safety analysis technique and is also the
subject of active research. Using the architecture obtained from Chapter 13 and
the failure probabilities of its components (modules), a system fault tree model is
constructed and used to estimate the probability of occurrence of the various hazards
that are of interest to the DFSS team.
The failure probabilities of modules (components) are either measured or esti-
mated. The probability is estimated when it cannot be measured easily. An estimate
Search WWH ::




Custom Search