1 MPD 575 Design for Failure Jonathan Weaver. 2 Developed By: Cohort Team 3: Cathy Campbell Brandon Johnson Robbin McDaniel Britt Scott Updates by Anita

1

MPD 575MPD 575Design for FailureDesign for Failure

Jonathan Weaver

2

Developed By:Developed By:Cohort Team 3:Cathy Campbell

Brandon JohnsonRobbin McDaniel

Britt Scott

Updates by Anita Bersie

3

Design for FailureDesign for Failure

• Introduction to Design for Failure (DFF)

• System Engineering V-Model and DFF

• Heuristics

• How DFF fits into PD Process

• Situation to implement DFF

• Examples

• Summary

4


Design:

– Creative process in the Arts, Sciences and Technologies.

– There are many design heuristics that are derived from rules, relationships and experiences.

5


Failure:

The many definitions of failure are:• System Failure takes place when load exceeds

capacity by an unacceptable amount • Different types of Failures (highly dependent on

the individual):– Failures which cause unacceptable damage

(important or catastrophic)– Failures which cause damage of little or no

importance.

6


Failure, cont’d:– Failure should be qualified and quantified if possible.– The results of failure should be taken into account and

fed back into the design process.– The most important aspect is “proper feedback”.– Failures are something engineers spend their life trying

to avoid. However, there are times in which a failure is designed into the system as a function under certain conditions.

• The cause of the conditions are uncontrollable by the engineers but the failure under these conditions can be controlled.

7


Team’s definition of DFF:

“A system or component designed to fail under certain conditions or circumstances”

8




• Heuristics



• Examples

• Summary

9


The System Engineering V-Model has three phases:

1. Design the Product or Component

2. Optimize the Design

3. Validate the Design

10


Key “DFF” Procedures in relation to the System Engineering V-Model

• Design the Product or Component– Understand the System Architecture (design)– Determine the acceptable failure criteria or

requirements– Conduct a DFMEA on the system or component– Rank severity of failures – Implement actions taken to reduce severity of

failures identified as critical and unavoidable

11



• Optimize the Design– Evaluate design actions to reduce failure

severities of unavoidable failures with minimal impact on: cost, weight and system function

12



• Validate the Design– Test System for Failure

• Analyzing failure types• Failure detection• Verify severity of failure

– Verify that the design under the identified failures meets customer specification by using modeling and prototypes

– Retest the system

13


Definition of Key DFF Procedures:• System Architecture is defined as the art and science of

creating and building complex systems. That part of systems development most concerned with scoping, structuring, and certification

• Failure Mode Effect Analysis (FMEA) is defined as systematized activities intended to: 1) recognize and evaluate potential failure of

products/processes and its effects, 2) identify actions to eliminate or reduce the chance of

the potential failure occurring, and 3) document the process

14


Definition of failure types:– Elastic failure: excessive elastic deformation

• Elastic: strain resulting from the load leaves after the load has been removed

– Slip failure: excessive plastic deformation due to slip.• Plastic: strain exceeds the elastic limit; a portion of the

deformation remains after the load is removed• Slip: plastic deformation independent of time duration of the

applied load– Creep failure: excessive plastic deformation over a long period of

time under constant stress– Failure by Fracture: complete separation of the material.

15


Two approaches to detect failure:– Passive: detector monitors the inputs and the outputs of the system and decides whether (and if possible what kind of) a failure has occurred. This is done by comparing the measured input-output behavior with “normal” behavior of the system.

– Active: The active approach to failure detection consists of acting upon the system on a periodic basis or at critical times using a test signal, auxiliary signal, in order to exhibit abnormal behaviors which would otherwise remain undetected during normal operation.

16




• Heuristics



• Examples

• Summary

17


HeuristicsP = Prescriptive, D = Descriptive• (D) It is better to be aware of the failures than not.• (P) You want to design a “less expensive”

component to fail in order to protect a more expensive component.

• (P) Understand planned failures; fail as they are planned.

• (P) Failure is defined by the beholder, not by the

architect. (Modification of Maier/Rechtin, 270)

18


Heuristics (continued)• (P) Don’t confuse the functioning of the parts for the

functioning of the system. (Maier/Rechtin, 269)

• (D) Some of the worst failures are system failures. (Maier/Rechtin, 271)

• (P) Choose the elements so that they are as independent as possible; that is, elements with low external complexity (low coupling) and high internal complexity (high cohesion). (Maier/Rechtin, 273)

• (P) The principles of minimum communications and proper partitioning are key to system testability and fault isolation. (Maier/Rechtin, 275)

• (D) Knowing a failure has occurred is more important than the actual failure. (Maier/Rechtin, 276)

19




• Heuristics



• Examples

• Summary

20


How DFF fits into PD Process1. Gather raw data from the customers2. Interpret the data in terms of customers needs.3. Organize and establish the importance4. Establish target specifications5. Identify any potential products that require safe

failure modes6. Determine the strategy7. Establish warranty guidelines 8. Include the failure strategy in overall system

architecture – boundaries for failure

21


How DFF fits into PD Process

9. Set-up design requirements and targets

10. Define validation requirements

11. Establish assembly, service and maintenance guidelines

22


How DFF fits into PD Process• You can identify potential design for failure opportunities

through multiple ways:– Upfront Design

• Customer wants and needs (surveys)• Focus Groups• Competitive product analysis• Aftermarket product analysis• Review product requirements and restrictions• Review assembly, serviceability and maintenance

requirements

23



through multiple ways:– Design Phase

• Analyzing overall system architecture• Conducting DFMEAs on product or system• Simulating critical system interactions and

interfaces

24



through multiple ways:– Design and Release

• Analyzing a component/system that has failed

• The Product Design and Development team reviews the data and decides on the overall system architecture.

25




• Heuristics



• Examples

• Summary

26


Situations to implement DFF• The main purpose of designing for failure is the

prevention of injury or harm to a system, component or person in the event of a potential system or component failure (either catastrophic or minor).

• The following systems were developed to meet the above criteria:– Air Bag Deployment System– Electrical Circuit Protection– Whiplash Protection Seating System (WHIPS)

27


Situations to implement DFF

– Collapsible Steering Column– Windshield Breakage– Run “Flat” Tire– Paper Shredder

28


Concepts in Planning for Failure• Single Point Failure – Example: If system operations

depend on knowing the time and there is only one watch, it becomes a single point failure mechanism. (Smead)

• Redundant Systems – Example: Having 2 watches there is a back-up device to tell time. However, you must have a way to resolve inconsistencies between the two watches to determine the correct time. (Smead)

• Failsafe – “describes a device which if (or when) it fails, fails in a way that will cause no harm or at least a minimum of harm to other devices or danger to personnel.” (Wikipedia)

• Failover / Switchover – a device that takes over for a failed mechanism only after the point of failure (Smead)

• Ping-pong – devices that take turns operating, so as not to get overloaded, (also beware of inconsistencies) (Smead)

29

Design for FailureDesign for Failure“Fail-safe” mechanism failure examples• Therac 25 – Computerized radiation therapy machine (Leveson)

– 1985-87 Injuries and deaths from radiation overexposure – Model had replaced several mechanical interlocks for safety with

software algorithms.– Operators were able to retry administering doses after a dose-rate

malfunction was indicated incorrectly by the software.– A safety analysis of the device in 1983 by manufacturer excluded

software in the fault tree analysis. • Christus St. Joseph Hospital – Elevator Decapitation (Greene)

– August 2003, Surgical Intern, Hitoshi Nikaidoh pinned in elevator doors while closing, decapitated when elevator raised

– Nikaidoh had expected the elevator doors to retract when an obstacle (his body) was encountered but they did not.

Lesson: Fail safe devices, poke-yokes and safety mechanisms must be fully tested for proper designed function. Don’t assume they work properly, or will continue to work properly over time.

30




• Heuristics


• Examples

• Summary

31

Airbag Deployment System

32

How does it relate to DFF?• The air bag system is

designed to deploy in the event of an accident (failure of a system or component).

• Consistent deployment is vital in airbag designs. This means consistent failure of components that contain airbags is vital.

http://a332.g.akamai.net/f/332/936/12h/www.edmunds.com/edweb/editorial/features/airbags/SaabSideAirBag.jpg

33

How does it work?• Internal seam in steering wheel

covers allows for uniform failure in order for airbag to inflate in an consistent time and manner.

• Seats and Headliners – Some designs have a panel

that opens like a door in order to have controlled deployment of the seat side air bags.

– Headliners typically have a weak point in the design that will break during the deployment.

34

Electrical Circuit Protection

35

How does it relate to DFF?• The electrical circuit system is

designed for …• One Time Applications• Once failed the

component cannot be reused.– Bolt-In Fuse– J-Case Fuses– Maxi/Mini Fuses

36

How does it work?• The circuit protection system is

designed to fail when the conditions (listed below) are over exerted.

• Following parameters are part of circuit protection selection.– Ambient Temperature– Breaking Capacity– Operating Voltages in Volts– Operating Current in

Amperes– Required Failure Time– Re-settable or One-Time

37

• Re-Settable Breakers– Once the component fails,

it can be manually reset and used again. Some reset themselves after failed condition is stopped.

• Blade Design• 120240V AC Single

pole breaker (typically used in residential wiring)

• High Speed Fuse Applications– Used with Allen-Bradley

Controllers and Drivers.– Manufacturing Equipment

Application

38

Volvo Whiplash Protection Seating System (Whips)

39

How does it relate to DFF?• The WHIPS system, unique to Volvo, is designed to provide markedly better protection from neck and back injuries in the event of a rear impact.

How does it work?• In the event of a rear impact, the WHIPS seat responds immediately.

• The seatback/headrest assembly moves back and then tilts down, absorbing the impact.– In laboratory tests acceleration forces on the neck are reduced by up to 50%.

• Under normal condition this would be a failure of the seat system.

40

Collapsible Steering Column

NASCAR Steering Column

41

How does it relate to DFF?• Volvo has designed a steering column that collapses

down and away from the driver during a severe crash (system failure).

How does it work?• Upon impact, the steering column structure fails in order

to protect the customer.

42

Windshield Breakage

43

How does it relate to DFF?• The windshield is designed to

provide a clear and undistorted view to the driver and passenger AND minimize danger in the event of a collision.

• The windshield in a vehicle is designed to stay in place upon impact. The glass will not shatter into a lot of small pieces. This protects the vehicle occupants from serious injury.

• The safest place to be during a car accident is in the car. Your windshield is an important barrier that keeps you in the car. A cracked windshield can fail during a collision or roll over, allowing you or your passenger to be ejected. A passenger ejected from a car or truck is much more likely to experience a serious injury or death.

44

How does it relate to DFF?• An automobile's windshield is

designed to prevent the roof from crushing you in a roll over accident. A windshield can be significantly weakened by cracks and may fail to support the roof if the car flips over, causing severe injury or death to occupants.

45

How does it work?

• Windshield glass is made by fabricating ordinary glass (flat) into high-grade shaped and tempered glass.

• Two primary types of safety glass:– Laminated (Front Windshields)– Tempered (Side/Rear

Windshields)

• Many people don't realize that front-seat passenger airbags deploy against the windshield.

• In the event of a front-end collision, a cracked windshield can fail, allowing passengers who aren't seat-belted properly to be ejected from the vehicle through the windshield.

46

Run “Flat” Tire

47

How does it relate to DFF?– The “run flat tire” is a system that is designed to allow the

driver to continue to drive their vehicle in the event of a tire blowout (product failure).

How does it work?– When the tire loses pressure, it rests on a support ring

attached to the wheel. – Majority of the run-flat capability is on the wheel versus the

tire. The wheel does not “wear out” whereas, the tire does wear out and require replacement.

– Benefit of Run Flat Tire• Eliminate the need for spare tire – reduce the weight of

vehicle – increase fuel efficiency• Allow more luggage space by eliminating the spare tire• Increase driver security and confidence in their vehicles• Promise better ride quality because their sidewall's stiffness

can be equivalent to today's standard tires versus the other technologies that are on the market (self sealing and self supporting)

48


• Paper Shredder (Jam Mechanism)

49


Paper Shredder (Jam Mechanism)How does it relate to DFF?• The paper shredder is designed to shred paper. If too many sheets

or a non-paper object (metal, thick plastic) are fed through it the failure mode is to jam or stop working before damaging the product.

How does it work?• There are several shredder designs available (electrical or battery

operated) to accept different quantities ( 1 thru 140 sheets) of paper. The paper is then fed thru the shredder opening.

• If the quantity or thickness is too great the shredder jams.• If a non-paper object is placed in the shredder it jams.• Once the extra sheets or object is removed, the shredder reset

button can be activated.

50


• Introduction to Design for Failure (DFF)• System Engineering V-Model and DFF• Heuristics• How DFF fits into PD Process• Situation to implement DFF• Case Study• Examples• Summary

51


Summary• Incorporate the DFF procedures into each design• Define useful life of product and its failures• Challenge engineering to develop customer satisfaction

criteria for all types of uses/ misuses (additional failures)• Develop products or processes that meet the failure

mode and is robust against different sources of variation• Address new technology or existing technology in new

environments against the failure modes• Design for failure may prevent more damage by making

the system inoperable.

52


Summary• Gain an understanding of a system’s failure sensitivity• Meet the global challenge of incorporating product failure

modes on all components or systems• Look at the big picture, address a component or sub-

component that is part of the product system design

53

Design for FailureDesign for FailureReferences

• The Art of System Architecting, M. Maier & Rechtin, 2nd edition, CRC Press, 2000

• Systems Architecting of Organizations, CRC Press, 2000• Product Design and Development, Karl T. Ulrich and

Steven Eppinger, 2nd edition • Mechanics of Materials, A. Higdon, E. Ohlsen, W. Stiles,

J. Weese, W. Riley; John Wiley & Sons, Inc, 4th Edition, 1985

• Mechanical Engineering Design, Joseph Edward Shigley, Charles Mischke; McGraw-Hill, Inc, 5th Edition, 1989

54

ReferencesReferences

• www.fpds.ford.com/fpds2k/index.html• www.ford.com……• www.destroyit-shredders.com• www.bestbuy.com• www.helmets.org• http://www.be.ford.com/safety/training/general

%20airbags/airbag101/links.htm

• www.ask.com/main/metaAnswer.

55

References (Cont)References (Cont)• Smead, David. “Vessel Networking #2.” On-line

posting. 8 May, 2007. Available: http://www.amplepower.com/dave_blog/2/vessel_networking_2.pdf

• Greene M.D., Alan. “A Tragic Lesson.” On-line posting. 20 Aug, 2003. Available: http://www.drgreene/com/21_1660.html

• “Failsafe.” Wikipedia [On-line]. 26 Oct, 2007. Available: http://en.wikipedia.org/wiki/Failsafe

• Leveson, Nancy & Clark Turner. “An Investigation of the Therac-25 Accidents.” IEEE Computer, Vol. 26, No. 7, July 1993, pp. 18-41.

56

QUESTIONS????

57


Thank You

Documents

1 MPD 575 Design for Failure Jonathan Weaver. 2 Developed By: Cohort Team 3: Cathy Campbell Brandon Johnson Robbin McDaniel Britt Scott Updates by Anita