FMEA-MSR task priority – Considerations for deriving the TP table
Sensible or nonsensical? Well or poorly thought out? Why do the TP ratings for B=9 and B=10 differ in the FMEA for monitoring and system response?
1. Challenge / Task:
The task priority (TP) had to be coordinated and defined for the first time for the FMEA-MSR of the FMEA Manual. The customer operation and the associated boundary conditions had to be taken into account. A particular challenge was the treatment of violations of the law, as the product had to be considered completely developed and tested in the customer's company.
3. Technical content (How?)
The AIAG/VDA FMEA Manual recommends using the Task Priority (TP) tables when assessing the risk of an error chain. Strictly speaking, the risk is not directly assessed here, but rather the need for action or the prioritization of measures resulting from the specific combinatorics of importance B, occurrence A and discovery E. In FMEA-MSR, frequency H is used instead of A and monitoring M isused instead of E.
The definition of the task priority is taken into account:
- The evaluation catalogs for B, A and E or B, H and M
- The combination of the ratings B, A and E or B, H and M
- The criteria for the classifications HIGH, MEDIUM and LOW
Own conceptual model for B=9 (violations of the law)
The classification of the task priority in the FMEA-MSR for violations of the law (B=9) is based on its own conceptual model. It is taken into account that compliance with legal and official requirements must be proven before customer approval. If evidence is available, frequency H is to be given a rating of "1” according to the evaluation table C3-2 (use the appendix!).
In this special case, the H-rating does not only take into account how often the cause of the error occurs, but also the combinatorics of the occurrence of the cause of the error and violation of a legal or official requirement.
If there is a system with a fallback level or redundancy, an error can possibly be detected by the system. This detection and the system reaction triggered by it must be sufficiently safe and have been proven in the course of the approval procedure. This usually requires a monitoring rating of M = 1 at H>1.
If such an error occurs more frequently, it could lead to a lack of customer acceptance. For this reason, the manual for the LOW TP rating suggests a limit to H≤3 (see graphic of TP table below).
An example of proof regarding a legal requirement is the braking distance measurement. In the event of brake circuit failure or failure of the brake booster, a minimum deceleration must be possible despite a limited brake pedal force.
Furthermore, certain symbols can be prescribed for the driver’s information in the event of a malfunction, e.g. for ABS failure. This can be checked visually.
Since compliance with the law must always be proven before a product is placed on the market, only the LOW and HIGH levels are proposed in connection with B=9. A level of “somewhat half-proven” should not exist, which is why the evaluation of FUNDS was not taken into account.
A survey among the participants of a lecture showed that just over 60% were able to understand the presented argumentation. On the other hand, around 40% were not convinced.
So there may very well be products and systems for which the suggestion from the FMEA manual does not fit. This can also be due to a company-specific procedure. Perhaps this is a reason for you to dwell on the topic in more detail.
Conceptual model for B=10 (impact on safe operation)
The H-rating in the FMEA-MSR, in conjunction with all meanings except 9, follows the usual procedure: The frequency evaluates the occurrence of the cause of the error in customer operation. A small time component of the associated relevant operating condition can lead to a reduction of H by max. two stages.
The combinatorics of H and M then results in a residual risk from safety and availability considerations in conjunction with the B rating. With low B-ratings, quality and comfort considerations can also play a role. However, let's stick to B=10. The occurrence of an error with a safety-relevant error sequence may not be intercepted in the event of poor detection. That would be a security risk.
However, a reliable detection of the error alone may not be sufficient if this error occurs too frequently. This can lead to customer irritation or a recall. Both possibilities, security risk and frequent occurrence, can therefore lead to a high classification of the task priority. The TP table takes this into account and makes high demands in connection with B=10. However, combinatorics with the evaluation MEANS are also proposed, since, for example, according to the state of the art or because of disproportionately high effort, a further technical improvement may not seemuseful. In that case, a justification should be documented so that the decision remains comprehensible even at a later date.
The conceptual model for B=10 met with approval from about 80% of the participants in a lecture.
As a rule, it is therefore also advisable to list error causes with error sequence B = 9 separately and to draw up a specific error sequence chain. This makes it possible to make the appropriate assessments of H and M for these cases.
In a direct comparison of the above TP tables, it is noticeable that there are more HIGH ratings for B=9 than for B=10. From my experience, many say this is illogical or wrong. After all, B=10 is associated with personal hazards, and B=9 "only" with violations of the law.
In the D- and P-FMEA, the conceptual models for B=9 and B=10 are the same. Therefore, such a statement would be justified here.
In the FMEA-MSR, the comparison is not possible because the HIGH ratings were chosen due to different relationships.
In cases where this is not appropriate for the specific product or company, there is the possibility to make adjustments.