System Safety - Holistic view by means of the FMEA

by Dr. Adam Schnellbach (AVL List GmbH)

Modern mechatronic systems can lead to a wide variety of hazards. These in turn often belong to different and partially overlapping security domains. The following article on "System Safety" examines whether and how an integrated FMEA can map all of these domains.

1. Objective (Why?)
The term security is multi-faceted. In addition to common topics such as functional safety and cyber security, other domains such as crash safety, high-voltage safety, safety in use and SOTIF (Safety of the intended function) are among the hot topics of our times.

Modern security-relevant systems can belong to several security domains at the same time. Moreover, these security domains are partially overlapping.

Since safety analyses play an important role in all these domains, it gives birth to the issue of the extent to which an integrated representation is possible, and how such a representation should be designed successfully.

On one hand, the aim of this report is to identify and record the possibilities and limitations of such a security analysis; on the other hand to create the methodological background for it.

The question therefore arises: Where is the FMEA located in your company?

2. Procedure (How?)
In order to find answers to this question, the security domains mentioned above must be examined in detail for the following factors:

  • Which threats are in spotlight?
  • Which root causes are in spotlight?
  • What kind of root causes are in spotlight?

From this basic framework, it can then be derived how the 5-steps of the VDA methodology can be applied, with a special focus on structure, function and malfunction analysis.

Since the primary objective here is to determine the strengths, weaknesses and limitations of the integrated analysis, deviations from the classic FMEA thinking are justified.

The principle representation of the integrated fault network, as shown in the following figure.

Die prinzipielle Darstellung des integrierten Fehlernetzes, wie sie dem folgenden Bild zu entnehmen ist:

system[/tooltip]_safety/1.jpg"]Fig. 1: Fault network: hazard - consequence - malfunction - cause

3. Result
As evident from the presentation, the following conclusions can be drawn:

  • There are very large overlaps in terms of hazards and root causes.
  • However, several safety domains consider root causes that do not fit 1:1 into classic FMEA thinking.
  • Accordingly, the rules of FMEA must be interpreted in a flexible and goal-oriented manner.
  • Not all domains can be represented in FMEA with a sensible approach.

However, the integrated FMEA can be meaningfully and profitably complemented and implemented despite these restrictions. It is possible to create an overall picture and to master the overlaps efficiently only with the help of an integrated view. Likewise, is it possible to develop efficient and effective measures for a complex and modern mechatronic product only with the help of an integrated view.