MIL-STD-1629-RevA - Barringer and Associates, Inc.
MIL-STD-1629-RevA - Barringer and Associates, Inc. MIL-STD-1629-RevA - Barringer and Associates, Inc.
NTl,-STD-162!lAindenture level analysis. Where functions shown on a block diagram areperformd by a replaceable module in the system, a separate FMEA shallbe performed on the internal functions of the module, viewing the moduleas a system. The effects of possible failure modes in the module lnp~ltsand outputs describe the failure modes of tl}emodule wl~en it is viewedas an item within the system. To assist in assuring that a completeanalysis Is performed, each failure mode and output function shall, as aminimum, be examined in relation to the following typical failure conditions:a. Premature operation.b. Failure to operate at a prescribed time.c* Intermittent operation.d. Failure to cease opera~ion at a prescribed time.e. Loss of output or failure during operation.f. Degraded output or operational capability.g“ Other unique failure conditions, as applicable,based upon ~y~~en characteristics and operti~iundlrequirements or constraints.5.5 Mission phase/operational mode. A concise statement ofthe mission phase and operational mode in which the failure occurs.Where subphase, event, or time can be defined from the system definitionand mission profiles, the most definitive timing information should alsobe entered for the assumed time of failure occurrence.5.6 Failure effect. The consequences of each assumed failuremode on item operation, function, or status shall be identified, evaluated,and recorded. Failure effects shall focus on the specific block diagramelement which is affected by the failure under consideration. Thefailure under consideration may impact several indenture levels inaddition to the indenture level under analysis; therefore, “local,”“next higher level,” and ‘“endt’effects shall be evaluated. Failureeffects shall also consider the mission objectives, maintenance requirementsand personnel and sys~ern safety.5.6.1 Local effects. Local effects concentrate specifically on—— -—the impact an assumed failure mode has on the operation and function ofthe item in the indenture level under consideration. The consequencesof each postulated failure affecting the item shall be described alnn~with any second-order effects which result. T!ICIpurpose of definin}-,lc)CaI effects is to provide a basis for evaluating compensatin~ prn’risi~)nsand for recommending corrective action:;. It is j)ossible for ~l]e “lf)cal”effect to be the failure mode its~’lf.
MI L-STD-1629A5.6.2 Next higher level. Next higher level effects concentrateon the impact an assumed failure has on the operation and function ofthe items in the next higher indenture level above the indenture levelunder consideration. The consequences of each postulated failure affectingthe next higher indenture level shall be described.“15.6.3 End effects. End effects evaluate and define the totaleffect an assumed failure has on the operation, function, or status ofthe uppermost system. The end effect described may be the result of adouble failure. For example, failure of a safety device may result in acatastrophic end effect only in the event that both the prime functiongoes beyond limit for which the safety device is set and the safetydevice falls. Those end effects resultil~g from a double failure shallbe indicated on the FMRA worksheets.5.7 Failure detection method. A description of the methodsby which occurrence of the failure mode is detected by the operatorshall be recorded. The failure detection means, such as visual oraudible warning devices, automatic sensing devices, sensing instrumentation,other unique indications, or none shall be identified..5.7.1 (3Cher indications. Description+ of indicati(’~nswhich areevident to an operator that a system has malfunctioned or failed, otherthan the identified warning devices, shall be recorded. Proper correlationof a system malfunction or failure may require identification of nomalindications as well as abnormal indications. If no indication exists,identify if the undetected failure will jeopardize the mission objectivesor personnel safety. If the undetected failure allows the system toremain in a safe state, a second failure situation should be explored todetermine whether or not an indication will be evident tu alloperator.Indications to the operator should be described as follows:a. Normal. An indication that is evident to an operatorwhen the system or equipment is operating nomally.b. Abnormal. An indication that is evident to anoperator when the system has malfunctioned or failed.c. Incorrect. An errone:)us indication to an operatorduc to the malfunction or failure of an indicator(i.e., instruments, s~nsin~ devices, visual eraudible warning devices, etc.).5.7.2 Isolation. Describe the most direct procedure thatallclws an operator C(-Iis(~latc the mal fIII’ct ion [-’rfailure. An operatorwill kno~’ only tlILJinitial symptom:; unril further specific action istaken such as performing a more detailed built-in-test (BIT). Thefailure being considered in the analysis may be of lesser importance orlikelihood than anwther failure tIlaL cuuld produce the snme symptoms andthis must be considered. Fault isolatio[l pro(:edurt>srequire a spt’cific..., —— . .
- Page 1 and 2: MIL-STD-1629A24 NOVEMBER 1980SUPERS
- Page 3 and 4: MT7,-STW 1629AFOREWORDIThe~failure
- Page 5 and 6: ----MIL-STD-16Z9ACONTENTS(Continued
- Page 7 and 8: MI1.-STD-1629A1. SCOPEThis standard
- Page 9 and 10: MTL-STD-1 629A3. DEFINITIONS3.1 Ter
- Page 11 and 12: !’11 L-!;’J’l)- 1629A3. 1.17.
- Page 13 and 14: .MT1.-ST~-l629A4.3.5 Failure defini
- Page 15 and 16: MTT,-sTn-1629Afor each mission, mis
- Page 17 and 18: ?f?l.-STD-l629Ab. Des~ripGlon of de
- Page 19 and 20: MT1,-STD-1629A3.2 Functional approa
- Page 21: MI J,-STD-16?9Afunctional block dia
- Page 25 and 26: Ml 1,-STD-1079Afurther amplified in
- Page 27 and 28: MIL-STD-1629A. --1III[IIIIIIIIIIIii
- Page 29 and 30: MIL-STD- 1629ATASK 102CRITICALITYAN
- Page 31 and 32: IMII.-ST1)-162(]Ashown in Figure 10
- Page 33 and 34: MIL-STD-1629Awhere:C* = Criticality
- Page 35 and 36: MI I.-sTI)-I629AINCREASINGCRITICALI
- Page 37 and 38: MIL-STD-1629A3*1 Failure predictabi
- Page 39 and 40: .--— .-—--— , --—— ——
- Page 41 and 42: MTL-STD- 1629A4\l Damage modes. All
- Page 43 and 44: NI 1.-[; 1’1)- 1(); ?!)Au0.-.mr-r
- Page 45 and 46: MI I,-ST1)-1629A3. Content. The FME
- Page 47 and 48: —..-A 1MIL-STD-1629AAPPENDIXA10.
- Page 49 and 50: MIL-STD-1629A50.1.3 Intended use. T
- Page 51 and 52: MIL-STD-1629AWhere:C= “ Criticali
- Page 53 and 54: INSIRUCII ONS: In ● continuing ef
- Page 55 and 56: MIL3TD-1629ANotice 17 June 1983MILI
- Page 57 and 58: MIL-STD-1629ACONTENTS (Continued)Fi
- Page 59 and 60: MIL-STD-1629ASPECIFICATIONSMilitary
- Page 61 and 62: MIL-STD-1629Ad. Functional Failure
- Page 63 and 64: MIL-STD-1629A..2’Ilm.o.,id1-< xQ
- Page 65 and 66: —MIL-STD-1629A50.5 DMEA (Task 104
- Page 67 and 68: MIL-STD-1629ACONTENTS (Continued)Pa
- Page 69 and 70: .-MIL-STD-1629AAPPENDIX AAPPLICATIO
- Page 71 and 72: 20-30Stop LCNMIL-STD-1629AEnter the
MI L-<strong>STD</strong>-<strong>1629</strong>A5.6.2 Next higher level. Next higher level effects concentrateon the impact an assumed failure has on the operation <strong>and</strong> function ofthe items in the next higher indenture level above the indenture levelunder consideration. The consequences of each postulated failure affectingthe next higher indenture level shall be described.“15.6.3 End effects. End effects evaluate <strong>and</strong> define the totaleffect an assumed failure has on the operation, function, or status ofthe uppermost system. The end effect described may be the result of adouble failure. For example, failure of a safety device may result in acatastrophic end effect only in the event that both the prime functiongoes beyond limit for which the safety device is set <strong>and</strong> the safetydevice falls. Those end effects resultil~g from a double failure shallbe indicated on the FMRA worksheets.5.7 Failure detection method. A description of the methodsby which occurrence of the failure mode is detected by the operatorshall be recorded. The failure detection means, such as visual oraudible warning devices, automatic sensing devices, sensing instrumentation,other unique indications, or none shall be identified..5.7.1 (3Cher indications. Description+ of indicati(’~nswhich areevident to an operator that a system has malfunctioned or failed, otherthan the identified warning devices, shall be recorded. Proper correlationof a system malfunction or failure may require identification of nomalindications as well as abnormal indications. If no indication exists,identify if the undetected failure will jeopardize the mission objectivesor personnel safety. If the undetected failure allows the system toremain in a safe state, a second failure situation should be explored todetermine whether or not an indication will be evident tu alloperator.Indications to the operator should be described as follows:a. Normal. An indication that is evident to an operatorwhen the system or equipment is operating nomally.b. Abnormal. An indication that is evident to anoperator when the system has malfunctioned or failed.c. <strong>Inc</strong>orrect. An errone:)us indication to an operatorduc to the malfunction or failure of an indicator(i.e., instruments, s~nsin~ devices, visual eraudible warning devices, etc.).5.7.2 Isolation. Describe the most direct procedure thatallclws an operator C(-Iis(~latc the mal fIII’ct ion [-’rfailure. An operatorwill kno~’ only tlILJinitial symptom:; unril further specific action istaken such as performing a more detailed built-in-test (BIT). Thefailure being considered in the analysis may be of lesser importance orlikelihood than anwther failure tIlaL cuuld produce the snme symptoms <strong>and</strong>this must be considered. Fault isolatio[l pro(:edurt>srequire a spt’cific..., —— . .
Change language