An integrated Approach for RAMS Engineering Ing Stefano

An integrated Approach for RAMS Engineering Ing. Stefano Barbati Relex Italia S. r. l. Roma 29 th September 2017

Email: s. barbati@relexsoftware. it Phone: +39 (0)6 97844838 Phone: +39 (0)6 8186242 Website: www. relexsoftware. it Mail: info@relexsoftware. it Tecnopolo Tiburtino Via Giacomo Peroni 2 -4 00131, Roma, Italia Val Seriana 4 00141 Roma Tel: +39 -06 818 6242

Summary § System Reliability Analysis § RAMS Tasks during Product Life Cycle § Typical Flow of Reliability Information § The System Design Process § RCM Process and MPA § V&V Management Approach § Safety Life Cycle Approach § Relex Italia Activities § R&D EU Project § Some of our Customers

System Reliability Analysis Purpose: To acquire information about a system in order to making decisions based on: Availability, Reliability and Safety Considerations Two important Stages: Inductive analysis stage Deductive analysis stage

System Reliability Analysis (cont. ) Inductive analysis stage : We ask the question: What can happen to the system as a result of a component or software failure We define all possible system failure scenarios In this stage a FMECA at component level and a P. H. A. are often performed.

System Reliability Analysis (cont. ) Deductive analysis stage : It answer the question how can the system fail or be unavailable. In this stage a Logic Tree (Fault Tree / Success Tree) is the best device for deducing how a major system failure could occur.

ARP 4761 Safety Process Overview CONCEPT AND ARCHITECTURE PRELIMINARY DESIGN quantitative System FHAs Aircraft FHA Component FMEAs Accumulator Brake metering valve Anti-skid computer Brake control valve Ldg gear Loss of deceleration capability DETAILED DESIGN quantitative Pneumatic Electric Hydraulic Braking LOSS OF WHEEL BRAKING Aircraft FTA System PFTAs Loss of deceleration capability Braking system Loss of thrust reverser Loss of effective wheel braking Loss of speed brakes in wet runway Systems FMEAs Electric Hydraulic Loss of wheel braking Relationship between FHA, FTA and FMEA Loss of normal braking Closes the loop Pneumatic Electric Hydraulic Braking Loss of wheel braking Loss of normal braking Loss of alternate braking Final SSA FTAs Loss of wheel braking Loss of normal braking Loss of alternate braking

RAMS/ILS Tasks during System Life Cycle Sales & Marketing Promote Company R&M Success Stories Advances Product R&M; LCC Advantages 3 R&M Strategy 3 3 3 3 3 Proposal & Estimating Design Plan Project R&M Programs Perform Design Assurance Tasks Feasibility Studies R&M Predictions LCC Estimates Draft R&M Plans Growth Plans Preliminary FMEA 3 Final R&M Plan 3 Design Review 3 Allocations 3 Predictions 3 Stress Analysis 3 Simulations 3 History Review 3 Design FMEA 3 Process FMEA 3 FMECA 3 FTA 3 Safety Analysis Build & Test Procure Supplier R&M Requirements Standard R&M Requirements 3 R&M Allocations 3 Competitive R&M Measures 3 Build Controls & “FRACAS” Test/DOE Data Collection & Analysis 3 Failure Analysis 3 Measure R&M 3 Measure Growth 3 FRACAS 3 Library Updates: - Fail Rates - Fail Modes - Mode Causes 3 3 Install & Test Field Support Installation Controls & “FRACAS” Warranty Reporting & “FRACAS” Test/DOE Data Collection & Analysis 3 Failure Analysis 3 Measure R&M 3 Measure Growth 3 FRACAS 3 Library Updates: - Fail Rates - Fail Modes - Mode Causes 3 3 Field Data Used to update RAMS/ILS databases and analysis RAMS/ILS INTEGRATION WITH THE BUSINESS PROCESS Test/DOE Data Collection & Analysis 3 Failure Analysis 3 Measure R&M 3 Measure Growth 3 FRACAS 3 Library Updates: - Fail Rates - Fail Modes - Mode Causes 3 3

The System Design Process Study of RAMS Requirements Specification of required functions Determination of environmental, functional and time dependent stresses Selection and qualification of components, materials and processes Project criteria and derating guidelines Failure Rate Data Sources Reliability Modelling and Block Diagrams Stress Analysis RAM Predictions Reliability weakness (FMEA/CA, Worst-Case, Stress-Strenght Analysis) Safety Analysis (PHA, SSHA, FTA)

Typical Flow of Reliability Information LSAR / CMMS Reliability Prediction System Model (RBD/Op. Sim) FMEA/FMECA Customer Call Center Maintainability Prediction *Redundancy *Spares *Maintenance Policy FTA Markov Field Service Eng. FRACAS Weibull Testing Design Life Cycle Cost Outputs Technical Publications

Reliability Prediction Assess reliability metrics using established empirical models and surrogate data sources MIL-HDBK-217 Telcordia Issue 1 -2 -3 -4 217 Plus PRISM Siemens SN 29500 NSWC-98/LE 1 British HRD 5 French IEC 62380 Chinese 299 C FIDES 2009

WTG System Reliability Prediction EC Contract number 212 966 - FP 7 -ENERGY-2007 -1 -RTD

Reliability Prediction Standards

Reliability Block Diagram Model complex, redundant systems to analyze system performance and guide trade-off studies Series Parallel operation Hot/warm/cold standby Redundant Bridge K-out-of-n Generic and random network Load sharing redundancy

FMEA Identify potential reliability and safety defects and prioritize corrective action requirements MIL-STD-1629 A FMD-97 BS 5760 HAZOP SAE ARP 5580 AIAG SAE J 1739 IEC 61508 IEC 60812

FMEA – Reports Failure modes and effects Criticality analysis summaries Industry standard formats Graphs Risk levels Criticality matrix Pareto charts LSAR 1388 2 B export format

Safety and Reliability Analysis for Industrial Equipment - March 11 th, 2003

Fault Tree Evaluate system reliability and safety requirements for complex systems Static coherent logic Static non-coherent logic Dynamic gate support Various event types Basic Spare House Undeveloped Conditional Enforces correct tree logic

Fault Tree Example

ATI MILANO LINEA 5 Completa (AMIL 5)

Integrating the RAMS Analysis Validate System Design System Modeling Reliability Prediction Track Field Performance and Risk FMEA Ensure Continuous Product Improvement Test Production and Post-Production Monitoring FRACAS Fault Tree RBD Design Risk Analysis and Controls Weibull Communicate Lessons Learned Manufacture Service

V&V Management Approach Concept Operation and maintenance Acceptance System definition n tio ca Design and implementation Installation rif i rif Validation (safety acceptance) ica tio Validation Ve Ve System requirements n Risk Analysis Manufacturing Design Production Installation Operation

Safety Life Cycle Approach Concept Overall scope definition Hazard and risk analysis Overall safety requirements Safety requirements allocation Overall planning Operation and maintenance Safety validation Installation and commisioning Realisation of E/E/PE safety related systems (H/S) Overall installation and commissioning Overall safety validation Operation, maintenance and repair Overall modification and retrofit Decommisioning or disposal Figure 1 : Safety Lifecycle from IEC 61508 (ref. Figure 2 from IEC 61508 -1)

Functional safety and Safety-Related Systems Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.

Functional safety and Safety-Related Systems Safety Related Control Function (SRCF) Are functions carried out by (E/E/PE) systems defined inside the system in such a way as to prevent dangerous failures or to control them when they arise. Two types of requirements are necessary to achieve functional safety: - safety function requirements (what the function does) and - safety integrity requirements (the likelihood of the safety function being performed satisfactorily).

Safety Related Control Function (SRCF) The Safety Requirements Specification as a result of the Risk assessment considers whole safety-related control functions Safety-Related subfunction Sensor Acquire information Logic Solver Evaluate information Safety-Related Control Function Actuator Execute action

Safety Integrity Level (high demand mode) SAFETY INTEGRITY LEVEL Safety Integrity Levels for high demand mode of operation (IEC 61508 -1 Table 2) Safety Integrity Level Dangerous failures/hr SIL 4 >= 10 -9 to < 10 -8 SIL 3 >= 10 -8 to < 10 -7 SIL 2 >= 10 -7 to < 10 -6 SIL 1 >= 10 -6 to < 10 -5 Table-1 : Safety Integrity Levels (high demand mode)

Safety Integrity Level (low demand mode) SAFETY INTEGRITY LEVEL Safety Integrity Levels for low demand mode of operation (IEC 61508 -1 Table 2) Safety Integrity Level Average Probability of Failure on Demand (PFD avg) Risk Reduction Factor (RRF) SIL 4 >= 10 -5 to < 10 -4 > 10000 to <= 100000 SIL 3 >= 10 -4 to < 10 -3 > 1000 to <= 10000 SIL 2 >= 10 -3 to < 10 -2 > 100 to <= 1000 SIL 1 >= 10 -2 to < 10 -1 > 10 to <= 100 Table-2 : Safety Integrity Levels (low demand mode)

Architectural constraints (SFF) Taking into account the diagnostic, we can define for the system : l SD l SU l DD l DU = = Safe Detected failure rate Safe Undetected failure rate Dangerous Detected failure rate Dangerous Undetected failure rate derived from the analysis of each system component failure mode, these value are generally the results of a FMEDA ( Failure Mode Effetcs and Diagnostic Analysis). These values can be used to calculate the Safe Failure Fraction.

FMEDA Worksheet

RCM Process and MPA RAMS ANALYSIS RELIABILITY PREDICTION FMECA LSA/LSAR MAINTENANCE PLAN SIGNIFICANT ITEM SELECTION REDESIGN RCM DECISION LOGIC AGE EXPLORATION RCM PROCESS PREVENTIVE MAINTENANCE REQUIREMENTS MAINTENANCE PROCEDURES EQUIPMENT USE AND SUPPORT OPERATION AND MAINTENANCE DATA

RCM DECISION LOGIC Objectives Identify the following task types: I - Servicing (Replenishment of consumables depleted during normal operations (fuel, oil, nitrogen, etc. ) II - Lubrication (Periodic application of lubricant to items that require lubrication for properation or to prevent premature failure. ) III - On Condition (A periodic or continuous inspection designed to detect a potential failure condition prior to functional failure) IV - Hard Time (The scheduled removal of an item or a restorative action at a specified age/usage limit to prevent functional failure. ) V - Failure Finding (A preventive maintenance task performed at a specified interval to determine whether a hidden failure has occurred. )

On Condition Task Potential Failure: A POTENTIAL FAILURE B FUNCTIONAL CAPABILITY DEFINED POTENTIAL FAILURE CONDITION DEFINED FUNCTIONAL FAILURE CONDITION C OPERATING AGE I I TASK INTERVAL PRACTICAL? PF Interval I FUNCTIONAL FAILURE Inspection Interval

Relex Italia S. r. l. business areas Consulting and training R&D EU Projects • RAMS consulting activities • Training activities • Software development • Reliawind • Marewint • CMDrive • PTC Windchill Quality Solution (former Relex) Software sales and support

• Reliability Defense Systems • Availability Oil & Gas Systems • Maintenance Railway Systems • Reliability. Testing Aerospace Systems Telecommunication Systems • Safety Manufacturing Systems • Field Data analysis Electronics Systems • ILS/LSA Medical devices • Life Cycle cost • Training on Software Tools and methodologies

Defense Systems IRIS-T missile program: Proximity Fuse Radar Section Reliability Analysis and Piece Part FMECA NH 90 program: Floor Winch Assembly Reliability Prediction, FMECA e FTA STORM SHADOW program: Missile System Fore body Process FMECA SAAM-IT -“Cavour” aircraft carrier: SAAM-IT Supportability analysis, field data analysis

Oil & Gas Systems United Gas Derivative Company: Gas Plant UGDCO RCM Analysis & Implementation Nuovo Pignone AGIP Petroli Refinery: Residue Hydroconversion Unit Reliability Centered Maintenance (RCM) Petronash FZE, Arab Emirates: WHCP-Well Head Control Panel RAMS Analysis and SIL Verification Dresser: Electric Sub Sea Actuator - FMECA and FTA Analysis ENPPI Engineering for the Petroleum & Process Industries: Offshore Platform and Onshore Central Processing Facilities NOSPCO Project Reliability, Safety and Human Factor Analysis Biffi Tyco Flow Control: Electric Actuator RAMS Analysis and SIL Verification Total E&P Russia: Dosing Pumps - Reliability Prediction Report

Railway Systems Ansaldo Breda- Comelit: ETR 1000 Diode Lighting System - RAMS Analysis TELEFIN: Optical Fiber Data Transmission System Reliability Prediction Four Metrorail Systems - RAM Analysis for Communication Systems Euro-Transit System: Reliability and Safety Analysis Metro Line 5 in Milan: RAMS Analysis for the Telecommunication System CEG Elettronica: SIAP I-4608 Integrated power supply system and protection system - RAM Analysis / TP&PS power supply system for Riyad Metro- Reliability prediction, RBD, FMEA, Maintenance and Safety analysis Riyad Saudi Landbridge Railway System: Saudi Landbridge Railway System - HAZOP Workshop

Aerospace Systems VEGA Program: Vega Space Launch Vehicle System - Rams Activities Turkish Aerospace Industries: Training Aircraft RAMS Plan and Consulting Activity CIRA s. c. p. a. : PRORA-USV 1 (Unmanned Space Vehicle) Dependability and safety analysis CMD: Aircraft engine - Reliability prediction and FHA Civitanavi System: Inertial navigation system Reliability prediction and FMECA Electronica Aster – Agusta. Westland: AW 169 tail rotor shut-off valve. Safety analysis OMA SUD S. p. A. : SKYCAR A/C System Functional Hazard Assessment and System Safety Assessment Marenco Swiss helicopter SKYe SH 09: SKYe SH 09 - FTA

Telecommunication and manufacturing Systems Urmet: Telecom Service Node - Maintenance Plan Analysis (MPA) / Wireless Local Loop System and a 40 GHz Radio System - Reliability and Availability Analysis Alcatel Italia Sp. A (Former Italtel): Design and Implementation of a Company Integrated Reliability Data System Machining Centers Manufacturing MCM: Flexible Manufacturing System Reliability Prediction FMECA and RCM Salvagnini: Flexible Manufacturing System - Reliability Prediction

Electronics Systems and Medical devices Bracco: Automated contrast media injector system RAM Analysis and Reliability Evidence Report Gambro: Hemo dialysis System Safety Hazard Analysis (SSHA) Eutron: Reliability Prediction for Operator Panels with TFT and Touch Screen Displays - / Digital Signature Active USB and LCD Remote Controller Ceia Electronic: Metal Detector - Reliability Analysis Nortel Networks – Hiross: Ambient Cooling System – Reliability Analysis Whirlpool: Electronic Power and Control Boards Reliability Prediction

R&D EU Projects 2008 2009 2010 Reliawind project Reliability focused research on optimizing Wind Energy systems design, operation and maintenance: Tools, proof of concepts, guidelines & methodologies for a new generation 2011 2012 2013 2014 2015 Mare. Wint project new MAterials and REliability in offshore WINd Turbines technology 2016 2017 2018 2019 CMDrive project Non-contact microphone array for structural health diagnostics combined with active noise and vibration cancellation for wind turbine nacelle machinery

R&D EU Projects 2008 2009 2010 Reliawind project 2011 2012 2013 2014 2015 Mare. Wint project Well-known technologies for onshore wind turbines Off-shore wind turbine increasing power from 5 MW to 10 MW Complete and preliminary RAM analysis and Failure Mode and Effect Analysis (FMEA) Research on advanced analysis methodologies for offshore environment. Complete RAM analysis, FMEA and RCM (reliabilty centered maintenance) for maintenance task optimization First reliability approach for Wind Turbine Generator Second approach more focused on maintainability 2016 2017 2018 2019 CMDrive project Pro-active condition monitoring with non-intrusive Acoustic Emission technology Approach for optimizing maintenance and availability

Reliawind Reliability Assessment model and FMECA for a new generation of WTG (Wind Turbine Generator) under the FP 7 project of the European Commission

Marewint MARE-WINT ITN project was focused on the reliability availability and maintenance analysis for a 10 MW offshore wind turbine. Since in the offshore sector the O&M represents a high percentage of total costs, increasing reliability and optimizing O&M have a direct impact on the availability of wind turbines and thus reduce cost and increase energy output.

CMDrive

Preliminary reliability studies for Onshore WT Preliminary reliability studies for Offshore WT Reliability centered maintenannce Maintainability optimization H 2020 New Proposals Useful life extention Submitted proposal ‘Racetims’ New methodologies for testing of mechatronic devices using Po. F Design for Reliability using Physic of Failure Proactive monitoring Advanced AE condition monitoring and Io. T

Some of our Customers Aermacchi Aeronautica Militare Agusta Alcatel - Lucent Alenia SIA (ex Teleavio) Ansaldo Segnalamento Ferroviario Ansaldo Sistemi Industriali Aramco Overseas Company B. V. Aselsan HC Aselsan Makunkoy AYESAS Banca IMI BECAR Beko Elektronic A. S. Biffi C. E. I. A. C. I. R. A. C. T. Elettronica Carlo Gavazzi Space Celestica Italia CESI Cobra Automotive Technologies COMAU Consorzio Intellimech Cooper Cameron CRF Centro Ricerche FIAT Datalogic Ducati Sistemi ELE. SI. A. Elettromeccanica CM Energoconsult Engineering ENPPI ERA Electronic System Ericsson Telecomunicazioni Fincantieri Cantieri Italiani Galileo Avionica (ex Meteor) Gambro Dasco Gitronica Havelsan Hellenic Aerospace Industry I. N. F. N. - Pisa Section I. N. F. N. - Milano - L. A. S. A. I. N. F. N. - Napoli Section I. N. F. N. Gran Sasso Lab ISL Altran IDS Ingegneria dei Sistemi Intracom ISPESL ITIA-CNR Jeraisy Kone Landmark International FZE Magneti Marelli Sospesioni Magneti Marelli Power Train MBDA MCM Methode Electronics Malta Microtecnica National Technical University of Athens Netuss Northrop Grumman Italia OSRAM OMA SUD OTE Oto Melara P. I. C. O. Petronash Piaggio Aero Industries Pirelli ROAL Electronics Roketsan Seira Elettronica Industriale Selex Communications Selex Komünikasyon Selex Sistemi Integrati Siemens Metering SIMKO Sipal Sirio Panel Sitek Solari di Udine Sulaiman Petrotech Takreer Telefin Telespazio Thales Alenia Space Tubitak SAGE Tuv Nord Italia Turkish Aerospace Industries Umbra Cuscinetti Vestel Electronics Vulcanair Whirlpool Europe