Design for Reliability: Information and Computer-Based Systems

---

Because of changes in technology trends, the evolution of complex supply-chain interactions and new market challenges, shifts in consumer demand, and continuing standards reorganization, a cost-effective and efficient parts selection and management process is needed to perform this assessment, which is usually carried out by a multidisciplinary team.

For a description of this process for an electronic system, see Sandborn et al.

Looking for other ways to read this?

In the next step, the candidate part is subjected to application-dependent assessments. If the part is not found to be acceptable after this assessment, then the assessment team must decide whether an acceptable alternative is available. If no alternative is available, then the team may choose to pursue techniques that mitigate the possible risks associated with using an unacceptable part.

In order to increase performance, manufacturers may adopt features for products that make them less reliable. In general, there are no distinct boundaries for such stressors as mechanical load, current, or temperature above which immediate failure will occur and below which a part will operate indefinitely. However, there are often a minimum and a maximum limit beyond which the part will not function properly or at which the increased complexity required to address the stress with high probability will not offer an advantage in cost-effectiveness.

Equipment manufacturers who use such parts need to adapt their design so that the part does not experience conditions beyond its ratings. It is the responsibility of the parts team to establish that the electrical, mechanical, or functional performance of the part is suitable for the life-cycle conditions of the particular system.

A failure mode is the manner in which a failure at the component, subsystem, or system level is observed to occur, or alternatively, as the specific way in which a failure is manifested, such as the breaking of a truck axle. Failures do link hierarchically in terms of the system architecture, and so a failure mode may, in turn, cause failures in a higher level subsystem or may be the result of a failure of a lower level component, or both.

A failure cause is defined as the circumstances during design, manufacture, storage, transportation, or use that lead to a failure. For each failure mode, there may be many potential causes that can be identified. Failure mechanisms are the processes by which specific combinations of physical, electrical, chemical, and mechanical stresses induce failure.

Failure mechanisms are categorized as either overstress or wear-out mechanisms; an overstress failure involves a failure that arises as a result of a single load stress condition. Wear-out failure involves a failure that arises as a result of cumulative load stress conditions. Knowledge of the likely failure mechanisms is essential for developing designs for reliable systems.

Failure modes, mechanisms, and effects analysis is a systematic approach to identify the failure mechanisms and models for all potential failure modes, and to set priorities among them. High-priority failure mechanisms determine the operational stresses and the environmental and operational parameters that need to be accounted or controlled for in the design.

This process merges the design-for-reliability approach with material knowledge. It uses application conditions and the duration of the application with understanding of the likely stresses and potential failure mechanisms. The potential failure mechanisms are considered individually, and they are assessed with models that enable the design of the system for the intended application. Failure models use appropriate stress and damage analysis methods to evaluate susceptibility of failure.

Failure susceptibility is evaluated by assessing the time to failure or likelihood of a failure for a given geometry, material construction, or environmental and operational condition. Failure models of overstress mechanisms use stress analysis to estimate the likelihood of a failure as a result of a single exposure to a defined stress condition. The simplest formulation for an overstress model is the comparison of an induced stress with the strength of the material that must sustain that stress. Wear-out mechanisms are analyzed using both stress and damage analysis to calculate the time required to induce failure as a result of a defined stress life-cycle profile.

In the case of wear-out failures, damage is accumulated over a period until the item is no longer able to withstand the applied load. Therefore, an appropriate method for combining multiple conditions has to be determined for assessing the time to failure. Sometimes, the damage due to the individual loading conditions may be analyzed separately, and the failure assessment results may be combined in a cumulative manner. Life-cycle profiles include environmental conditions such as temperature, humidity, pressure, vibration or shock, chemical environments, radiation, contaminants, and loads due to operating conditions, such as current, voltage, and power.

The life-cycle environment of a system consists of assembly, storage, handling, and usage conditions of the system. Information on life-cycle conditions can be used for eliminating failure modes that may not occur under the given application conditions. In the absence of field data, information on system use conditions can be obtained from environmental handbooks or from data collected on similar environments.

Ideally, such data should be obtained and processed during actual application. Recorded data from the life-cycle stages for the same or similar products can serve as input for a failure modes, mechanisms, and effects analysis. Ideally all failure mechanisms and their interactions are considered for system design and analysis. In the life cycle of a system, several failure mechanisms may be activated by different environmental and operational parameters acting at various stress levels, but only a few operational and environmental parameters and failure mechanisms are in general responsible for the majority of the failures see Mathew et al.

Failure susceptibility is evaluated using the previously identified failure models when they are available. For overstress mechanisms, failure susceptibility is evaluated by conducting a stress analysis under the given environmental and operating conditions. For wear-out mechanisms, failure susceptibility is evaluated by determining the time to failure under the given environmental and operating conditions.

If no failure models are available, then the evaluation is based on past experience, manufacturer data, or handbooks. After evaluation of failure susceptibility, occurrence ratings under environmental and operating conditions applicable to the system are assigned to the failure mechanisms.

Editorial Reviews

For the wear-out failure mechanisms, the ratings are assigned on the basis of benchmarking the individual time to failure for a given wear-out mechanism with overall time to failure, expected product life, past experience, and engineering judgment. The purpose of failure modes, mechanisms, and effects analysis is to identify potential failure mechanisms and models for all potential failures modes and to prioritize them.

To ascertain the criticality of the failure mechanisms, a common approach is to calculate a risk priority number for each mechanism. The higher the risk priority number, the higher a failure mechanism is ranked. That number is the product of the probability of detection, occurrence, and severity of each mechanism.

Detection describes the probability of detecting the failure modes associated with the failure mechanism. Severity describes the seriousness of the effect of the failure caused by a mechanism. Additional insights into the criticality of a failure mechanism can be obtained by examining past repair and maintenance actions, the reliability capabilities of suppliers, and results observed in the initial development tests.

Assessment of the reliability potential of a system design is the determination of the reliability of a system consistent with good practice and conditional on a use profile. The reliability potential is estimated through use of various forms of simulation and component-level testing, which include integrity tests, virtual qualification, and reliability testing.

Integrity test data often available from the part manufacturer are examined in light of the life-cycle conditions and applicable failure mechanisms and models. If the magnitude and duration of the life-cycle conditions are less severe than those of the integrity tests, and if the test sample size and results are acceptable, then the part reliability is acceptable.

Product details

If the integrity test data are insufficient to validate part reliability in the application, then virtual qualification should be considered. Virtual qualification can be used to accelerate the qualification process of a part for its life-cycle environment. Virtual qualification uses computer-aided simulation to identify and rank the dominant failure mechanisms associated with a part under life-cycle loads, determine the acceleration factor for a given set of accelerated test parameters, and determine the expected time to failure for the identified failure mechanisms for an example, see George et al.

Each failure model is made up of a stress analysis model and a damage assessment model. The output is a ranking of different failure mechanisms, based on the time to failure. Virtual qualification can be used to optimize the product design in such a way that the minimum time to failure of any part of the product is greater than its desired life.

Although the data obtained from virtual qualification cannot fully replace the data obtained from physical tests, they can increase the efficiency of physical tests by indicating the potential failure modes and mechanisms that can be expected. Ideally, a virtual qualification process will identify quality suppliers and quality parts through use of physics-of-failure modeling and a risk assessment and mitigation program. The process allows qualification to be incorporated into the design phase of product development, because it.

The effects of manufacturing variability can be assessed by simulation as part of the virtual qualification process. But it is important to remember that the accuracy of the results using virtual qualification depends on the accuracy of the inputs to the process, that is, the system geometry and material properties, the life-cycle loads, the failure models used, the analysis domain, and the degree of discreteness used in the models both spatial and temporal.

Hence, to obtain a reliable prediction, the variability in the inputs needs to be specified using distribution functions, and the validity of the failure models needs to be tested by conducting accelerated tests see Chapter 6 for discussion. Reliability testing can be used to determine the limits of a system, to examine systems for design flaws, and to demonstrate system reliability.

The tests may be conducted according to industry standards or to required customer specifications. Reliability testing procedures may be general, or the tests may be specifically designed for a given system. The information required for designing system-specific reliability tests includes the anticipated life-cycle conditions, the reliability goals for the system, and the failure modes and mechanisms identified during reliability analysis.

Design for Reliability: Information and Computer-Based Systems

The different types of reliability tests that can be conducted include tests for design marginality, determination of destruct limits, design verification testing before mass production, on-going reliability testing, and accelerated testing for examples, see Keimasi et al. Reliability test data analysis can be used to provide a basis for design changes prior to mass production, to help select appropriate failure models and estimate model parameters, and for modification of reliability predictions for a product.

Test data can also be used to create guidelines for manufacturing tests including screens, and to create test requirements for materials, parts, and sub-assemblies obtained from suppliers.

IN ADDITION TO READING ONLINE, THIS TITLE IS AVAILABLE IN THESE FORMATS:

Department of Defense, does not provide adequate design guidance and information regarding microelectronic failure mechanisms. It is in clear contrast with physics-of-failure estimation: Failure tracking activities are used to collect test- and field-failed components and related failure information.

Failures have to be analyzed to identify the root causes of manufacturing defects and to test or field failures. The information collected needs to include the failure point quality testing, reliability testing, or field , the failure site, and the failure mode and mechanism. For each product category, a Pareto chart of failure causes can be created and continually updated. The outputs for this key practice are a failure summary report arranged in groups of similar functional failures, actual times to failure of components based on time of specific part returns, and a documented summary of corrective actions implemented and their effectiveness.

All the lessons learned from failure analysis reports can be included in a corrective actions database for future reference.

Description

Such a database can help save considerable funds in fault isolation and rework associated with future problems. A classification system of failures, failure symptoms, and apparent causes can be a significant aid in the documentation of failures and their root causes and can help identify suitable preventive methods. By having such a classification system, it may be easier for engineers to identify and share information on vulnerable areas in the design, manufacture, assembly, storage, transportation, and operation of the system.

Broad failure classifications include system damage or failure, loss in operating performance, loss in economic performance, and reduction in safety. Failures categorized as system damage can be further categorized according to the failure mode and mechanism. Different categories of failures may require different root-cause analysis approaches and tools. The goal of failure analysis is to identify the root causes of failures. The root cause is the most basic causal factor or factors that, if corrected or removed, will prevent the recurrence of the failure.

Failure analysis techniques include nondestructive and destructive techniques. Nondestructive techniques include visual observation and observations under optical microscope, x-ray, and acoustic microscopy. Destructive techniques include cross-sectioning of samples and de-capsulation.

Design for Reliability: Information and Computer-Based Systems - Eric Bauer - Google Books

Failure analysis is used to identify the locations at which failures occur and the fundamental mechanisms by which they occurred. Failure analysis will be successful if it is approached systematically, starting with nondestructive examinations of the failed test samples and then moving on to more advanced destructive examinations; see Azarian et al. Product reliability can be ensured by using a closed-loop process that provides feedback to design and manufacturing in each stage of the product life cycle, including after the product is shipped and fielded.

Data obtained from maintenance, inspection, testing, and usage monitoring can be used to perform timely maintenance for sustaining the product and for preventing failures. According to the Reliability Analysis Center:. A failure reporting, analysis and corrective action system FRACAS is defined, and should be implemented, as a closed-loop process for identifying and tracking root failure causes, and subsequently determining, implementing and verifying an effective corrective action to eliminate their reoccurrence.

The FRACAS accumulates failure, analysis and corrective action information to assess progress in eliminating hardware, software and process-related failure modes and mechanisms.

It should contain information and data to the level of detail necessary to identify design or process deficiencies that should be eliminated. Reliability predictions are an important part of product design. They are used for a number of different purposes: As a consequence, erroneous reliability predictions can result in serious problems during development and after a system is fielded. An overly optimistic prediction, estimating too few failures, can result in selection of the wrong design, budgeting for too few spare parts, expensive rework, and poor field performance.

An overly pessimistic prediction can result in unnecessary additional design and test expenses to resolve the perceived low reliability. This section discusses two explicit models and similarity analyses for developing reliability predictions. Fault trees and reliability block diagrams are two methods for developing assessments of system reliabilities from those of component reliabilities: Thus, components can be modeled to have decreasing, constant, or increasing failure rates.

These methods can also accommodate time-phased missions. Unfortunately, there may be so many ways to fail a system that an explicit model one which identifies all the failure possibilities can be intractable. Solving these models using the complete enumeration method is discussed in many standard reliability text books see, e.

Reliability block diagrams allow one to aggregate from component reliabilities to system reliability. A reliability block diagram can be used to optimize the allocation of reliability to system components by considering the possible improvement of reliability and the associated costs due to various design modifications. It is typical for very complex systems to initiate such diagrams at a relatively high level, providing more detail for subsystems and components as needed.

Fault tree analysis is a systematic method for defining and analyzing system failures as a function of the failures of various combinations of components and subsystems. As is the case for reliability block diagrams, fault trees are initially built at a relatively coarse level and then expanded as needed to provide greater detail. The construction concludes with the assignment of reliabilities to the functioning of the components and subcomponents. At the design stage, these reliabilities can either come from the reliabilities of similar components for related systems, from supplier data, or from expert judgment.

Once these detailed reliabilities are generated, the fault tree diagram provides a method for assessing the probabilities that higher aggregates fail, which in turn can be used to assess failure probabilities for the full system. Fault trees can clarify the dependence of a design on a given component, thereby prioritizing the need for added redundancy or some other design modification of various components, if system reliability is deficient.

Fault trees can also assist with root-cause analyses. They use failure data at the component level to assign rates or probabilities of failure. Once the components and external events are understood, a system model is developed. Such an analysis compares two designs: If the two products are very similar, then the new design is believed to have reliability similar to the predecessor design. Sources of reliability and failure data include supplier data, internal manufacturing test results from various phases of production, and field failure data.

Similarity analyses have been reported to have a high degree of accuracy in commercial avionics see Boydston and Lewis, Because this is a relatively new technique for prediction, however, there is no universally accepted procedure. The main idea in this approach is that all the analysts agree to draw as much relevant information as possible from tests and field data. However, changes between the older and newer product do occur, and can involve. In this process, every aspect of the product design, the design process, the manufacturing process, corporate management philosophy, and quality processes and environment can be a basis for comparison of differences.

As the extent and degree of difference increases, the reliability differences will also increase. Redundancy exists when one or more of the parts of a system can fail and the system can still function with the parts that remain operational. Two common types of redundancy are active and standby. In active redundancy, the parts will consume life at the same rate as the individual components. In standby redundancy, some parts are not energized during the operation of the system; they get switched on only when there are failures in the active parts.

In a system with standby redundancy, ideally the parts will last longer than the parts in a system with active redundancy. A standby system consists of an active unit or subsystem and one or more inactive units, which become active in the event of a failure of the functioning unit.

The failures of active units are signaled by a sensing subsystem, and the standby unit is brought to action by a switching subsystem. There are three conceptual types of standby redundancy: In cold standby, the secondary part s is completely shut down until needed. This type of redundancy lowers the number of hours that the part is active and does not consume any useful life, but the transient stresses on the part s during switching may be high.

This transient stress can cause faster consumption of life during switching. In warm standby, the secondary part s is usually active but is idling or unloaded. In hot standby, the secondary part s forms an active parallel system. The life of the hot standby part s is consumed at the same rate as active parts. Redundancy can often be addressed at various levels of the system architecture. General methodologies for risk assessment both quantitative and qualitative have been developed and are widely available.

The process for assessing the risks associated with accepting a part for use in a specific application involves a multistep process:. Prognostics is the prediction of the future state of health of a system on the basis of current and historical health conditions as well as historical operating and environmental conditions.

Prognostics and health management consists of technologies and methods to assess the reliability of a system in its actual life-cycle conditions to determine the likelihood of failure and to mitigate system risk: The application areas of this approach include civil and mechanical structures, machine-tools, vehicles, space applications, electronics, computers, and even human health. Sensing, feature extraction, diagnostics, and prognostics are key elements. Feature extraction is used to analyze the measurements and extract the health indicators that characterize the system degradation trend.

With a good feature, one can determine whether the system is deviating from its nominal condition: The prognostics and health management process does not predict reliability but rather provides a reliability assessment based on in-situ monitoring of certain environmental or performance parameters. This process combines the strengths of the physics-of-failure approach with live monitoring of the environment and operational loading conditions.

A high percentage of defense systems fail to meet their reliability requirements. This is a serious problem for the U.

Department of Defense DOD , as well as the nation. Those systems are not only less likely to successfully carry out their intended missions, but they also could endanger the lives of the operators. Furthermore, reliability failures discovered after deployment can result in costly and strategic delays and the need for expensive redesign, which often limits the tactical situations in which the system can be used.

Finally, systems that fail to meet their reliability requirements are much more likely to need additional scheduled and unscheduled maintenance and to need more spare parts and possibly replacement systems, all of which can substantially increase the life-cycle costs of a system. Beginning in , DOD undertook a concerted effort to raise the priority of reliability through greater use of design for reliability techniques, reliability growth testing, and formal reliability growth modeling, by both the contractors and DOD units.

To this end, handbooks, guidances, and formal memoranda were revised or newly issued to reduce the frequency of reliability deficiencies for defense systems in operational testing and the effects of those deficiencies. Reliability Growth evaluates these recent changes and, more generally, assesses how current DOD principles and practices could be modified to increase the likelihood that defense systems will satisfy their reliability requirements. Design for Reliability brings together the analysis, design,and system implementation principles necessary to build highlyavailable, reliable systems.

This book takes a very pragmatic approach of framing reliabilityand robustness as concrete, functional attributes of a system,rather than abstract, non-functional notions. It is divided intothree sections:. Reliability Basics —frames the elements of a typicalsystem; defines eight broad categories of errors that can producecritical system failures; and explains the failure recoveryprocess. Reliability Concepts —covers concepts for failurecontainment and recovery; reviews techniques that complementfailure containment and redundancy to improve system reliability;outlines error detection and failure recovery mechanisms; providesdesign basics for reliable procedures; and offers information tohelp enterprises deploy robust operational policies to maximizehighly available system operation.

A case study of design for reliability diligence of a networkedsystem is then presented to illustrate appropriate considerationsfor developing a high-availability, high-reliability system. Quality professionals for products with high-availabilityexpectations will also find this book useful in understanding whatit takes to design and deploy robust systems. Would you like to tell us about a lower price? If you are a seller for this product, would you like to suggest updates through seller support?

Learn more about Amazon Prime. System reliability, availability and robustness are often not well understood by system architects, engineers and developers.

The book takes a very pragmatic approach of framing reliability and robustness as a functional aspect of a system so that architects, designers, developers and testers can address it as a concrete, functional attribute of a system, rather than an abstract, non-functional notion. Read more Read less. Review "Thus, I highly recommend this book to undergraduate students andjunior researchers entering the reliability studies field.

It is divided intothree sections: Related Video Shorts 0 Upload your video. Try the Kindle edition and experience these great reading features: Share your thoughts with other customers. Write a customer review. There was a problem filtering reviews right now. Please try again later. This book does a great job of relaying the basic concepts of reliability and how to put together systems using those concepts.

In particular, there is a void in the IT space for this kind of information, even though we now have many tools available at reasonable cost to assemble reliable IT systems. In particular, techniques such as fail over, load balancing, and redundancy of systems and components are much more feasible to deploy than they were a mere decade ago. This book gives a sufficient understanding of how to use those techniques without burdening the reader with the mathematical theory behind reliability.

• Prices and Production and Other Works on Money, the Business Cycle, and the Gold Standard (LvMI)
• Humble Giants: Orion
• Dunking Tralfamadore: the Lessons Vonnegut Wanted to Teach Us
• Simple Men
• The Lost Boy