9.1 Failure mode is the manner by which a failure
is observed. It generally describes the way the failure occurs and
its impact on the equipment or system. As an example, a list of failure
modes is given in table 1. The
failure modes listed in table 1 can describe the failure of any system
element in sufficiently specific terms. When used in conjunction with
performance specifications governing the inputs and outputs on the
system block diagram, all potential failure modes can be thus identified
and described. Thus, for example, a power supply may have a failure
mode described as "loss of output" (29), and a failure cause "open
(electrical)" (31).
Table 1 Example of a set of
failure modes
footnote
| 1
|
Structural
failure (rupture)
|
18
|
False actuation
|
| 2
|
Physical
binding or jamming
|
19
|
Fails to stop
|
| 3
|
Vibration
|
20
|
Fails to start
|
| 4
|
Fails to
remain (in position)
|
21
|
Fails to switch
|
| 5
|
Fails to
open
|
22
|
Premature
operation
|
| 6
|
Fails to
close
|
23
|
Delayed operation
|
| 7
|
Fails
open
|
24
|
Erroneous input
(increased)
|
| 8
|
Fails
closed
|
25
|
Erroneous input
(decreased)
|
| 9
|
Internal
leakage
|
26
|
Erroneous output
(increased)
|
| 10
|
External
leakage
|
27
|
Erroneous output
(decreased)
|
| 11
|
Fails out
of tolerance (high)
|
28
|
Loss of input
|
| 12
|
Fails out
of tolerance (low)
|
29
|
Loss of output
|
| 13
|
Inadvertent
operation
|
30
|
Shorted
(electrical)
|
| 14
|
Intermittent operation
|
31
|
Open (electrical)
|
| 15
|
Erratic
operation
|
32
|
Leakage
(electrical)
|
| 16
|
Erroneous
indication
|
33
|
Other unique failure
conditions as applicable to the system characteristics, requirements and
operational constraints.
|
| 17
|
Restricted
flow
|
9.2 A failure mode in a system element could also
be the failure cause of a system failure. For example, the hydraulic
line of a steering gear system might have a failure mode of "external
leakage" (10). This failure mode of the hydraulic line could become
a failure cause of the steering gear system's failure mode "loss of
output" (29).
9.3 Each system shall be considered in a top-down
approach, starting from the system's functional output, and failure
shall be assumed by one possible cause at a time. Since a failure
mode may have more than one cause, all potential independent causes
for each failure mode shall be identified.
9.4 If major systems can fail without any adverse
effect there is no need to consider them further unless the failure
can go undetected by an operator. To decide that there is no adverse
effect does not mean just the identification of system redundancy.
The redundancy shall be shown to be immediately effective or brought
on line with negligible time lag. In addition, if the sequence is:
the effects of delay shall be considered.