SYS-RAMS
Reliability, Availability, Maintainability and Safety
Reliability, Availability, Maintainability and Safety
Fichier Détails
| Cartes-fiches | 115 |
|---|---|
| Langue | English |
| Catégorie | Technique |
| Niveau | Université |
| Crée / Actualisé | 19.02.2020 / 05.01.2023 |
| Lien de web |
https://card2brain.ch/box/20200219_rams
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20200219_rams/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
What is the impact on Safety/Reliability, by adding redundancy to a system?
e.g. Adding multiple actuators to a flap.
In this case, implementing a redundant system might enhance the system safety but lower the system reliability.
Safety: the probabilities of all systems are multiplied (10-3 * 10-3 = 10-6)
Reliability: the probabilities of all systems are added (10-3 + 10-3 = 2 * 10-3)
Explain the Top-Down approach to a safety assesment:
The top-down analysis begins with high-level functional descriptions and design objectives and produces a high-level description of the system architecture and associated failure conditions and a classification of failure severity.
Functions are defined and, once the system design is finalized, failures are mapped to specific system components (items).
Explain the bottom-up approach to a safety assessment:
The purpose of a bottom-up analysis is to determine how a failure condition at one level affects the system at the next higher level.
This analysis usually begins with basic components and component data and builds upon those data to conduct the required levels of analysis.
The challenge for the analyst is to ensure that the systems and failure conditions identified in a bottom-up analysis are reconciled with the functions and functional failures identified in the top-down analysis.
Explain the purpose of a FHA:
A Functional Hazard Assessment is defined as a systematic, comprehensive examination of functions to identify and classify failure conditions of those functions according to their severity.
In other words the purpose of the FHA is:
- to identify and classify all significant failure conditions and to describe them in functional and operational terms
- to consider functions at the most appropriate level and to identify failure conditions and the associated classifications (required probability)
Definition of Fault:
A manifestation of an error in an item or system that may lead to a failure.
An undesired anomaly in an item or system.
Definition of Failure:
An occurrence which affects the operation of a component, part or element such that it can no longer function as intended.
A loss of function or a malfunction of a system or a part thereof.
Definition of failure condition:
A condition having an effect on the aircraft and/or its occupants, either direct or consequential, which is caused or contributed to by one or more failures or errors, considering flight phase and relevant adverse operational or environmental conditions or external events.
A condition with an effect on the aircraft and its occupants, both direct and consequential, caused or contributed to by one or more failures, considering relevant adverse operation or environmental conditions.
Definition of failure mode:
The way in which the failure of a system or item occurs.
Definition of failure effect:
The consequence(s) a failure mode has on the operation, function or status of a system or an item.
Explain how the terms Fault, Failure, Failure Condition, Failure Effect and Failure Mode are connected: (sketch)
In what ways can a system / an item fail?
Loss of function
- Total loss -> the function cannot be performed anymore
- Partial loss -> the function can still be performed somehow but:
- reduced effectiveness
- increased difficulty
- using alternative means
e.g. loss of one (partial) or all (total) hydraulic systems
Malfunction (also called Erroneous Operation)
- The function is performed incorrectly
e.g. erroneous indication of airspeed
What is the AFHA?
The Aircraft Functional Hazard Assessment (AFHA) is a process which allows the identification and evaluation of potential hazards related to an aircraft regardless of the details of its design.
It is performed early in the development process and is used to guide the development of the aircraft to achieve a safe design.
What has to be considered when installing a new item on an aircraft? (In regards to CS23.1309)
basically, installing a new part shall not prevent other systems or parts to work propperly.
What does it mean to minimize hazards? (CS23.1309)
To reduce, lessen, or diminish a hazard to the least practical amount with current technology and materials.
(concept somtimes called ALARP: as low as reosanably practicable)
What are development assurance levels (or DAL for short), and how are they defined? (CS23.1309)
The concept of DAL has been introduced to minimize the number of errors that will remain at the end of the developent of Software and Complex Electronic Hardware.
It is devided into the four following levels:
DAL A: errors are Extremely Improbable and occure once in less than 109 flight hours
DAL B: errors are Extremely Remote and occure approximately once between 107 and 109 flight hours
DAL C: errors are Remote and occure approximately once between 105 and 107 flight hours
DAL D: errors are Probable and occure approximately once between 103 and 105 flight hours
What is a functional FMEA, and what is it mainly used for?
The analysis is performed at functional level. (Funktionen auf kleinstem Niveau)
the functional FMEA us mostly used for electrical components, where it wouldn't make sense to analyse every single capacitor, resistor etc.
What is a Piece Part FMEA?
The analysis is performed at component level. (Effektiv jedes einzelne Bauteil wird angeschaut)
How do the FHA and the FMEA compare to each other?
Basically, only the approach is different (top down and bottom up), the results should be the same!
FMEA: what is the effect of this part failing
FHA: what component can cause this function to fail
What is the Probability Density Function (PDF) f(t) ?
f(t) expresses the probability of a specific failure occuring at a specific time t.
What is the Cumulative Density Function (CDF) F(t) ?
F(t) is the probability that a specific failure as occured up until a specific time t. It's derrived by integrating the PDF f(t).
\(F(t) = \int_{0}^{t} f(t)dx \\ F(0) = 0 \\ F(\infty) = 1\)
What is the reliability R(t) ?
R(t) = the probability that a specific failure hasn't occured up until a specific time t.
It's derrived by subtracting F(t) from 1
\(R(t) = 1 - F(T) = \int_{t}^{\infty} f(x) dx \\R(0) = 1 \\R(\infty) = 0\)
How are Flight Hours converted into Operating Hours?
Often it is assumed that 1 Flight Hour = 1.25 Operating Hour
How is the Mean Time To Failure (MTTF) calculated?
By integrating the Reliability function R(t)
\(MTTF = \int_{0}^{\infty} R(t) dt\)
what is the difference between Mean Time To Failure (MTTF) and Mean Time Between Failure (MTBF)?
The term MTTF is used for non repairable items
The term MTBF is used for repairable items
What does the bathtub curve describe?
It illustrates what types of failure (early life, useful life and wearout life) are caused by a time-dependant lambda(failure rate)
What does early life refer to?
If the failure rate (lambda) is time-dependant and decreases with time.
What does useful life refer to?
If the failure rate (lambda) is approximately constant and doesn't change with time.
What does wearout life refer to?
If the failure rate (lambda) is time-dependant and increases with time.
Whats the difference between a qualitative and a quantitative fault tree analysis?
In a qualitative FTA minimal combinations of components failure resulting in system
failure are analysed.
in a quantitative FTA the probability or frequency of the specific system failure are determined
State some applications for a FTA:
The FTAmay be used to:
- Quantify probability of occurrence
- Evaluate proposed system architecture:
- Hardware reliability budgets
- Development Assurance Levels (A/B/C/D)
- etc.
- Assess the impact of a design modification
- Identify the need for a design modification
- Identify unique situations that require special attention
- Show compliance with qualitative and/or quantitative safety objectives
- Provide a visual aid to qualitatively illustrate the significance of the software with respect to the failure condition classification of a top level event.
- Establish crew and maintenance tasks and intervals
The FTA is a top-down system evaluation:
The FTA is usually performed once for the design and development of an aircraft:
The FTA has to be updated constantly to assure it's correctness. After the initial FTA is performed there are THREE main FTA iterations. After the requirements have been frozen a PDR (preliminary design review) is conducted. Later, when the design is frozen a CDR (critical design review) is conducted. And finally there is a final FTA for certification purposes.
What is the at risk time?
The period of time during which an item must fail in order to cause the failure effect in question. This is usually associated with the final fault in a fault sequence leading to a specific failure condition.
What is the exposure time?
Time period between
Time when the item was last known to be operating properly
Time when it will be known to be operating properly again
What are minimal cut sets?
A Minimal Cut Set is the smallest combination of basic events causing the top event:
- All the basic events need to occur to cause the top event
- A MCS is a combination of basic events
- The complete set of MCS provides the complete set of causes of the top event
