Safety Analysis Knowledge Base

FMEA is the most widely used safety analysis method in automotive, industrial, and aerospace engineering. It provides a systematic, structured approach for identifying potential failure modes in a design or process, evaluating their effects on system performance, and prioritizing corrective actions.

The method is applicable across the entire product lifecycle. Design FMEA (DFMEA) focuses on hardware and software design weaknesses, Process FMEA (PFMEA) targets manufacturing and assembly risks, and MSR FMEA addresses monitoring and system response strategies. Each variant follows the same core logic: identify how something can fail, determine what happens when it does, and decide what to do about it.

FMEA is governed by multiple international standards. The AIAG-VDA FMEA Handbook (2019) defines the 7-step approach used across the automotive industry. IEC 60812 provides the general methodology for all sectors, while SAE J1739 covers the North American automotive perspective.

FTA is a top-down, deductive analysis method used to determine the root causes of an undesired system-level event. Starting from a defined top event (such as unintended acceleration or loss of braking), the analyst works downward through logic gates to identify all combinations of lower-level faults that could produce that event.

The analysis uses Boolean logic gates (AND, OR, Voting, Inhibit) to model causal relationships. An AND gate means all child events must occur simultaneously, while an OR gate means any single child event is sufficient. This structure enables both qualitative reasoning (what combinations are dangerous) and quantitative calculation (how likely is the top event).

FTA is governed by IEC 61025 and is specifically required by ISO 26262 Part 5 for deductive safety analysis in automotive systems. It is the primary method for identifying minimal cut sets, evaluating common cause failures, and calculating top-event probabilities.

FMEDA extends traditional FMEA with detailed diagnostic coverage information. For each component failure mode, the analyst classifies the effect as safe, dangerous detected, or dangerous undetected, and records the diagnostic mechanism that detects it. This classification is essential for calculating hardware safety metrics required by IEC 61508 and ISO 26262.

The primary output of an FMEDA is a set of quantitative metrics: Safe Failure Fraction (SFF), single-point fault metric (SPFM), latent fault metric (LFM), and Probabilistic Metric for Hardware Failures (PMHF). These metrics determine whether a hardware element meets the requirements of its target ASIL or SIL.

FMEDA is required by IEC 61508 Part 2 for SIL-rated safety functions and by ISO 26262 Part 5 for ASIL-rated hardware elements. It is typically performed at the component level, using failure rate data from sources like SN 29500, FIDES, or MIL-HDBK-217.

FMECA extends FMEA with a quantitative criticality ranking that enables objective prioritization of failure modes. Rather than relying on subjective severity-occurrence-detection scores, FMECA uses failure rate data, mode ratios, conditional probabilities of effect, and operating time to compute a criticality number for each failure mode.

The criticality number (Cm) is the product of the failure mode ratio, the conditional probability of the end effect, the part failure rate, and the operating time. These numbers are then aggregated into a criticality matrix that plots severity category against item criticality, providing a visual overview of where the highest risks lie.

FMECA is defined by MIL-STD-1629A, the U.S. military standard for reliability analysis. While originally developed for defense applications, it is widely adopted in aerospace, nuclear, and industrial sectors where quantitative risk ranking is required.

An RBD represents system reliability as a network of interconnected blocks, where each block represents a component or subsystem with its own failure characteristics. The arrangement of blocks (series, parallel, or k-of-n voting) determines how individual component failures affect overall system reliability.

In a series configuration, all blocks must function for the system to work. In a parallel (redundant) configuration, at least one block must work. A k-of-n configuration requires at least k out of n identical blocks to be operational. Each block can use different failure models: constant failure rate (exponential), Weibull (wear-out), or lognormal distributions.

RBDs are used to calculate system-level reliability R(t), mean time to failure (MTTF), and to identify reliability weak points. They are governed by IEC 61078 and are commonly used alongside FTA and FMEDA to provide a complete reliability picture.

Markov chain analysis models system behavior as a set of discrete states with transition rates between them. Unlike FTA and RBD, which assume independent failures, Markov models can capture repair processes, degraded operation, common cause failures, and diagnostic coverage in a single unified model.

Each state represents a distinct system condition (e.g., fully operational, degraded, failed safe, failed dangerous). Transition rates between states represent failure rates, repair rates, or diagnostic detection rates. The model is solved as a system of differential equations to compute state probabilities over time.

Markov analysis is used when simpler methods like FTA or RBD cannot capture state-dependent behavior, such as systems with repair, standby redundancy, or sequential failure modes. It is referenced in IEC 61508 Part 6 and ISO 26262 Part 5 as a method for calculating PFH and availability for complex architectures.