Beruflich Dokumente
Kultur Dokumente
Integrated Support
E
n
g
i
n
e
e
r
i
n
g
M
a
n
u
a
l
AM 9995 PM
MAINTENANCE REQUIREMENTS
ANALYSIS MANUAL
Version 5.0
Issued July 2010
Owner: Manager, Engineering Services
Approved
by:
Mike Hogan
Engineering Services Manager
Authorised
by:
Ron Azzi
General Manager
Professional Services
Disclaimer
This document was prepared for use on the RailCorp Network only.
RailCorp makes no warranties, express or implied, that compliance with the contents of this document shall be
sufficient to ensure safe systems or work or operation. It is the document users sole responsibility to ensure that the
copy of the document it is viewing is the current version of the document as in use by RailCorp.
RailCorp accepts no liability whatsoever in relation to the use of this document by any party, and RailCorp excludes
any liability which arises in any manner by the use of this document.
Copyright
The information in this document is protected by Copyright and no part of this document may be reproduced,
altered, stored or transmitted by any person without the prior consent of RailCorp.
UNCONTROLLED WHEN PRINTED Page 1 of 114
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 2 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
Document control
Version Date Summary of change
1.0 N/A First Issue
2.0 October 2000 N/A
3.0 March 2003 Updated Section 3 to include Design FMECA
4.0 J une 2008
Rebadging to RailCorp, reformatting and combining Sections
into a single document. Note, as Section 3 was already
version 3, this combined document is now version 4
5.0 J une 2010 Three year review and application of TMA 400 format
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 3 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
Contents
1 Executive Review....................................................................................................................7
1.1 Introduction................................................................................................................7
1.1.1 Maintenance Requirements Analysis (MRA) .............................................7
1.1.2 FMECA and RCM Analysis........................................................................8
1.1.2.1 New Capital Assets.....................................................................8
1.1.2.2 Existing Assets............................................................................8
1.1.3 Documentation.........................................................................................12
1.1.4 Quality management................................................................................12
1.1.5 Use of this Manual....................................................................................12
1.1.6 References...............................................................................................13
1.1.7 Suggested Readings & References.........................................................13
2 Background and theory........................................................................................................14
2.1 Definition of terms....................................................................................................14
2.1.1 Acronym Definitions .................................................................................14
2.2 Reliability and maintenance.....................................................................................18
2.2.1 Introduction...............................................................................................18
2.2.2 Reliability..................................................................................................18
2.2.3 Failure Characteristics..............................................................................19
2.2.4 Reliability Modelling..................................................................................20
2.2.5 Maintenance Task Applicability................................................................22
2.2.6 Maintenance Task Effectiveness .............................................................23
2.2.7 Suggested Readings & References.........................................................23
2.3 Maintenance, Risk and RCM...................................................................................23
2.3.1 Introduction...............................................................................................23
2.3.2 Maintenance.............................................................................................23
2.3.3 Risk...........................................................................................................24
2.3.3.1 Risk Assessment ......................................................................25
2.3.3.2 New Acquisitions Risk...............................................................25
2.3.4 RCM Process ...........................................................................................25
2.3.5 Other Users of RCM.................................................................................26
2.3.6 Benefits ....................................................................................................26
2.3.7 The RCM Model .......................................................................................27
2.3.8 Process Steps ..........................................................................................27
2.3.9 Analysis Team..........................................................................................27
2.3.10 Post Acquisition Analysis .........................................................................30
2.3.11 New Acquisitions......................................................................................31
2.3.12 Data Collection.........................................................................................31
2.3.13 Suggested Readings & References.........................................................32
3 System Breakdown ...............................................................................................................32
3.1 Introduction..............................................................................................................32
3.1.1 Establishing Boundaries...........................................................................33
3.1.2 Develop Functional Block Diagrams ........................................................35
3.1.3 Significant Items.......................................................................................36
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 4 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
3.1.3.1 Top down approach..................................................................39
3.1.4 Prioritisation..............................................................................................39
3.1.5 Numbering Systems.................................................................................40
3.1.6 Electronic Filing........................................................................................43
3.1.7 Suggested Readings & References.........................................................43
3.2 Failure Modes and Effects Analysis (FMEA)...........................................................43
3.2.1 Introduction...............................................................................................43
3.2.2 Process Overview....................................................................................44
3.2.3 Functions, Missions and Failures.............................................................44
3.2.4 Types of Functions...................................................................................45
3.2.5 Failure Modes...........................................................................................47
3.2.6 Types of Failures......................................................................................48
3.2.7 Failure Causes .........................................................................................49
3.2.8 Failure Effects ..........................................................................................50
3.2.8.1 Local Effect...............................................................................50
3.2.8.2 System Effect............................................................................51
3.2.8.3 Impact of operating mode of failure effect. ...............................51
3.2.9 Hidden Failures ........................................................................................51
3.2.9.1 Types of hidden failures............................................................52
3.2.10 Analysis Logic Statement.........................................................................52
3.2.11 Protective Systems...................................................................................53
3.2.12 Use of Risk Assessment..........................................................................54
3.2.13 Suggested Readings & References.........................................................54
3.3 Criticality Analysis....................................................................................................55
3.3.1 Introduction...............................................................................................55
3.3.2 Criticality During design............................................................................55
3.3.2.1 Operator detection....................................................................56
3.3.2.2 Compensating provision...........................................................57
3.3.2.3 Severity Class...........................................................................57
3.3.2.4 Criticality Analysis.....................................................................58
3.3.3 During Maintenance Analysis...................................................................60
3.3.4 RCM analysis ...........................................................................................62
3.3.4.1 Hidden.......................................................................................62
3.3.4.2 Safety/Environment...................................................................63
3.3.4.3 Economic..................................................................................63
3.3.5 Suggested Readings & References.........................................................64
4 RCM Analysis ........................................................................................................................64
4.1 Task Analysis...........................................................................................................64
4.1.1 Task Objectives........................................................................................65
4.1.2 Task Options ............................................................................................65
4.1.3 Task Applicability......................................................................................66
4.1.3.1 Service / Lubrication Task Application Using
MIMIR .......................................................................................68
4.1.4 Task Effectiveness ...................................................................................69
4.1.5 Non Programmed Tasks ..........................................................................70
4.1.6 Task Logic Charts ....................................................................................72
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 5 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
4.1.7 Default Actions and Tasks .......................................................................72
4.1.8 Default Decision Strategy.........................................................................72
4.1.9 Default Tasks ...........................................................................................77
4.1.10 Documentation of Task Decisions............................................................77
4.1.11 Summary..................................................................................................78
4.1.12 Suggested Readings & References.........................................................78
4.2 Frequency Determination........................................................................................80
4.2.1 Introduction...............................................................................................80
4.2.2 On Condition Examinations......................................................................80
4.2.3 Zonal Examinations..................................................................................82
4.2.4 Hard time Rework or Discard Tasks ........................................................83
4.2.5 Combinations of Tasks.............................................................................84
4.2.6 Failure Finding Tasks...............................................................................84
4.2.7 Suggested Readings & References.........................................................86
4.3 Task Packaging.......................................................................................................86
4.3.1 Introduction...............................................................................................86
4.3.2 Options.....................................................................................................86
4.3.3 Packaging Process...................................................................................88
4.3.4 Latitudes...................................................................................................89
4.3.5 Task Packaging Guidelines......................................................................90
4.3.6 Standard Terminology..............................................................................90
4.3.7 Suggested Readings & References.........................................................91
5 Audit and Evaluation ............................................................................................................92
5.1 Auditing....................................................................................................................92
5.1.1 Introduction...............................................................................................92
5.1.2 Timing of the Audit...................................................................................92
5.1.3 Auditor Selection......................................................................................92
5.1.4 Significant Item Selection.........................................................................93
5.1.5 Item Function, Failure and Effects ...........................................................93
5.1.6 Classification of Failure Consequences...................................................94
5.1.7 Evaluation of Applicability and Effectiveness Criteria..............................94
5.1.8 The Completed Program..........................................................................95
5.1.9 Suggested Readings & References.........................................................95
5.2 Test and Evaluation.................................................................................................95
5.2.1 Introduction...............................................................................................95
5.2.2 Initial Schedules - New Equipment..........................................................96
5.2.3 Initial Schedules - In Service Equipment..................................................96
5.2.4 Suggested Readings & References.........................................................96
5.2.5 Test and Evaluation Program Brief ..........................................................97
5.2.5.1 Introduction...............................................................................97
5.2.5.2 Objective...................................................................................97
5.2.5.3 Scope of Work..........................................................................97
5.2.5.4 Key Issues ................................................................................97
5.2.5.5 Typical Project Profile...............................................................98
5.3 Technical Maintenance Plans..................................................................................98
5.3.1 Introduction...............................................................................................98
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 6 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
5.3.2 Item Listing Criteria..................................................................................98
5.3.3 Plan Information.......................................................................................98
5.3.4 Responsibility...........................................................................................99
5.3.5 Suggested Readings & References.........................................................99
6 MRA Techniques and Policy ................................................................................................99
6.1 Age exploration........................................................................................................99
6.1.1 Introduction...............................................................................................99
6.1.2 Process ....................................................................................................99
6.1.3 Research Opportunities......................................................................... 100
6.1.4 Cost Effectiveness................................................................................. 100
6.1.5 Responsibilities ..................................................................................... 100
6.1.6 Summary............................................................................................... 100
6.1.7 Suggested Readings & References...................................................... 100
6.2 Task Frequency Algorithms.................................................................................. 101
6.2.1 Introduction............................................................................................ 101
6.2.2 Condition Monitoring Algorithm............................................................. 101
6.2.3 Double Failure Algorithm....................................................................... 102
6.2.4 Hard Time Algorithm............................................................................. 103
6.3 Level of Repair Analysis....................................................................................... 104
6.3.1 Introduction............................................................................................ 104
6.3.2 Repair Versus Replace Decisions......................................................... 105
6.3.3 Repair In Situ......................................................................................... 105
6.3.4 Repair at Local Workshop..................................................................... 105
6.3.5 Repair at Contractor Facility.................................................................. 105
6.3.6 Process Map for LORA......................................................................... 106
6.4 MRA Policy........................................................................................................... 107
6.4.1 Introduction............................................................................................ 107
6.4.2 Supplier Recommendations.................................................................. 107
6.4.3 New Systems ........................................................................................ 107
6.4.4 Individual Equipment Replacement....................................................... 108
6.4.5 Existing Equipment Modification........................................................... 108
6.4.6 Maintenance Reviews........................................................................... 109
6.4.7 Pro-active Reviews................................................................................ 109
6.4.8 Reactive Reviews.................................................................................. 109
7 Analysis of Safety Critical Items ...................................................................................... 110
7.1 Introduction........................................................................................................... 110
7.1.1 Quantitative Risk Assessment .............................................................. 110
7.1.2 Documentation...................................................................................... 111
7.1.3 Suggested Readings & References...................................................... 111
Appendix A Packing Guidelines............................................................................................. 112
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 7 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
1 Executive Review
1.1 Introduction
This document supports the RailCorp Asset Management Policy Manual with detailed
procedures for implementing a significant element of Logistic Support Analysis (LSA)
1
.
This element includes the determination of preventive maintenance requirements of both
in service and new assets. This process, along with the identification of all corrective
maintenance needs of a system, is termed Maintenance Planning in the LSA task list.
The document is not meant to stand alone and should be read in conjunction with the
reference documents at the end of each section. These references have been assessed
as "world best practice" and provide additional detail to staff tasked with undertaking
maintenance requirements analysis.
This document is primarily directed at engineers responsible for establishing and
implementing maintenance policies contained in Technical Maintenance Plans. Other
staff involved in the technical management and maintenance of capital assets would also
benefit from a conceptual knowledge of the process.
1.1.1 Maintenance Requirements Analysis (MRA)
A significant component in the LSA process is the determination of maintenance
requirements which consist of preventive and corrective maintenance procedures. These
procedures are related to both the physical and functional configurations of items
comprising a system and recognise that the operating context or environment of
equipment is a critical contributor to system maintenance needs.
A "world class" standardised Maintenance Requirements Analysis (MRA) process now
accepted by, and applied across, all engineering disciplines for the development of
system preventive maintenance requirements is Reliability-Centred Maintenance
2
(RCM)
analysis. The RCM process derives from the application of Failure Modes, Effects and
Criticality Analysis (FMECA) and recognises that preventive maintenance can only, at
best, enable assets to achieve their built-in level of inherent reliability.
RCM programs require the selection of preventive maintenance tasks on the basis of the:
reliability characteristics of the equipment
operating context of the equipment (ie its environment)
logical analysis of the failure consequences
The RCM process is supported by Level of Repair Analysis (LORA)
3
. LORA identifies
the most cost effective corrective maintenance strategy for failed items, that is to maintain
or to dispose of failed items and, if maintain, the organisational level at which that
maintenance strategy will be applied. FMECA, RCM and LORA combined provide a
comprehensive set of analysis tools to determine, either at the design stage or later in-
service, an equipment's complete set of preventive and corrective maintenance
requirements and the organisational level at which that maintenance will be done.
1
MIL-STD-1388-2A&B Logistic Support Analysis
2
Anthony Smith, Reliability Centred Maintenance, McGraw Hill, 1993, J ohn Moubray, RCM II Reliability-centred Maintenance,
Butterworth Heinemann, 1992 and US MIL-STD-2173AS, Reliability Centred Maintenance for Naval Aircraft Weapons and
Support Equipment.
3
US MIL-STD-1390C, Level of Repair Analysis.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
1.1.2 FMECA and RCM Analysis
Failure Mode Effects and Criticality Analysis
4
(FMECA) is a standard tool for identifying
and prioritising the failure potential of a design. It is usually conducted during the
developmental stage in order to prioritise design actions aimed at their (failure potential)
removal during that stage. Removal of high risk failure modes early in the design process
has significant economic advantages and will usually more than justify the additional
investment necessary to conduct a FMECA during the acquisition phase
5
.
1.1.2.1 New Capital Assets
Application of the FMECA process was originally established to support military
equipment procurement activity; however the process is now rapidly expanding to non-
military equipment6. Process FMECA 7 extends the original hardware design FMECA
concept into production and other process type activity to identify all possible failures,
hardware and human, and establish effective control mechanisms.
For newly acquired assets, the Failure Mode Effects Analysis (FMEA) element of the
FMECA is used as raw information for RCM analysis. This information combined with the
functional specifications required by the acquisition methodology to be defined in the RSA
Asset Management Policy Manual, provide the basic data for undertaking RCM analysis.
The RCM analysis for new assets should be the responsibility of the prime system
supplier and the subsequent documentation should be a contract deliverable.
The analysis sequence for new assets is shown at Figure 1.
ESTABLISH
FUNCTIONS
UNDERTAKE
FMECA
UNDERTAKE
RCM
UNDERTAKE
LORA
MAINTENANCE
REQUIREMENTS
ANALYSIS
COMPLETE
Figure 1 - Maintenance requirements analysis elements
1.1.2.2 Existing Assets
The application of RCM analysis to existing assets usually means that there is no pre-
established FMECA data to work with and hence considerable work must be done to
establish functional relationships and FMEA data. This process is staff resource
intensive. The establishment of functional relationships can take up to 40% of the total
time but usually provides considerable insights into the equipment and its functions.
Major reasons for implementing maintenance requirements analysis on existing assets is
to:
Improve the understanding of all engineering and maintenance staff as to what is the
equipment's function and how this supports the business.
Establish a baseline of functional failures and their compensating redesign, operational or
maintenance tasks
4
US MIL-STD-1629A A Procedure for a Failure Mode Effects and Criticality Analysis.
5
Blanchard, Logistics Engineering and Management
6
Smith, Reliability Centred Maintenance, McGraw-Hill, 1991
7
Reheja, Assurance Technologies, McGraw Hill, 1991 Pp 198-203
RailCorp Page 8 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 9 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
Establish an optimised preventive maintenance program that matches business needs
and the inherent reliability characteristics of the equipment
A basic seven step process for undertaking RCM analysis in accordance with the
principles contained in referenced standards and guidelines is shown at Figure 2.
Experience indicates that 12 to 18 months is required to complete a comprehensive
analysis and implement a significant RCM program on an existing asset. However, a
"fast track" analysis process which bypasses some of the more onerous quality
assurance aspects of a formal analysis program can be achieved in much shorter time
but at the sacrifice of some accuracy. The "fast track" is generally used to rapidly
establish a documented maintenance "baseline" for existing assets with established
maintenance programs to enable the implementation of an effective prioritised continual
improvement program.
The output from either the comprehensive or fast track process is a set of preventive
maintenance tasks which achieve necessary levels of safety and availability at minimum
life cycle cost commensurate with the inherent characteristics of the design.
The RCM analysis process is usually an initial "best guess" that will require review as
assumptions made during the analysis are verified or otherwise by service performance.
Additionally, changes to operational requirements, system configuration and operating
and maintenance environments will require reference back to original analysis and review
of the maintenance requirements.
The maintenance requirements analysis process that connects RCM analysis with FMEA
and the continual improvement process is shown at Figure 3.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 10 of 114
Issued J uly 2010 5.0 UNCONTROLLED WHEN PRINTED Version
RELIABILITY - CENTRED MAINTENANCE
(A seven step structured decision support process)
STEP 1 Breakdown the asset into manageable
systems and items of equipment.
STEP 2 Prioritise the assets for analysis according to
risk exposure from failure.
STEP 3 Collect system information and define each
failure problem to be addressed.
STEP 4 Establish possible preventive maintenance
strategies for dealing with each failure cause
based on its consequence.
STEP 5 Evaluate the validity of each particular
preventive maintenance policy (task and
frequency).
STEP 6 Determine what to do if there are no
applicable and effective maintenance policies.
STEP 7 Package the valid preventive maintenance
policies into cost effective schedules.
Figure 2 - The 7 Step RCM Analysis Method
ering Manual Integrated Support
quirements Analysis Manual AM 9995 PM
RailCorp Page 11 of 114
Issued J uly 2010 Version 5.0
Figure 3 - Maintenance Requirements Analysis process (MIL-STD-2173AS)
UNCONTROLLED WHEN PRINTED
RailCorp Engine
Maintenance Re
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
1.1.3 Documentation
The analysis documentation, whether electronic or paper, must provide the justification
for all the tasks defined in the preventive maintenance program and specified in a
Technical Maintenance Plan (TMP). The particular details of what data has been
collected against each Application will also provide the details needed to complete each
field in sufficient detail to allow systems engineers today or 20 years hence to understand
completely the reason for the existence of each and every task in the schedules without
conducting a reverse engineering exercise or redoing the analysis.
Any necessary caveats regarding the accuracy of information used, or assumptions
made, should be included with the analysis documentation associated with each asset
type.
The output of the maintenance requirements analysis process, whether hard copy or
electronic, should be maintained by a single authorised engineering manager. This
manager is responsible and accountable for the configuration control aspects of the data
as defined in an asset type's Configuration Management Plan (CMP).
Maintenance requirements analyses are controlled documents defined in the relevant
configuration management plans.
The quality of the documentation, which will be the basis of audits and quality
improvement programs, must be maintained at all times.
1.1.4 Quality management
Quality assurance of the analysis process should be achieved through an accreditation
framework for MRA analysts.
This Manual will be the prime documentation covering the maintenance requirements
analysis process and should be referred to by the quality manual framework covering the
organisation's activity.
Having produced a baseline via the RCM analysis process, every effort must be made to
continually refine the output in accordance with the principles of Total Quality
Management. This continual refinement process follows the principle of using staff at all
levels to continually refine the analysis results. Certain analysis decisions will however
require the application of statistical analysis and engineered solutions and hence require
specially trained and accredited staff.
To ensure that limited engineering resources achieve their best return, activities will be
prioritised on the basis of opportunities for monetary savings or performance
improvement. Analysis candidates are identifiable either by their high resource
consumption or by demonstrating considerably less performance than benchmarked
"world best". Prioritisation for improvement analysis will be based on a combination of
the two factors.
1.1.5 Use of this Manual
This Manual is not a definitive document providing all the detailed procedures and
technical knowledge necessary to undertake maintenance requirements analysis.
Rather, it should be read in conjunction with other more detailed texts included in the
suggested reading material from which the methods have been drawn. This includes the
user manual for any electronic database used to capture information and apply decision
algorithms to determine optimum task frequencies.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
This Manual provides:
A tailored beginners manual for applying RCM analysis to non safety critical
equipment (closure on safety critical failures shall require a further HAZOP or
equivalent safety analysis refer Section 7).
An RCM guide for those accredited in RCM analysis
Adequate explanation for those not involved in the process of maintenance
requirements analysis to understand the concept.
Necessary text for the training of staff that will provide specialist technical
knowledge during an RCM analysis project under guidance from a trained
facilitator.
1.1.6 References
There are a number of reference texts that either explain the RCM analysis process in
detail or in some way provide support to the total process of producing preventive
maintenance programs.
Available RCM procedural texts are all based on the same original work conducted during
the development of the Maintenance Steering Group procedures of the International Air
Transport Association. Detailed directions for RCM analysis are contained in the four
primary references as follows:
Nowlan and Heap, United Airlines, San Francisco, California, 1978
United States Military Standard MIL-STD-2173AS, Reliability Centred Maintenance
for Naval Aircraft Weapons and Support Equipment. 1992
Smith, Reliability Centred Maintenance, McGraw Hill, 1992
Moubray, RCMII Reliability-Centred Maintenance, 1991
The following documents are also recommended as further reading for those who intend
to extend their knowledge of the MRA process and associated reliability engineering
techniques applied as part of a systems engineering process integrating the LSA function
into design.
Maintenance Steering Group 3 Report. 1980
United States Military Standard MIL-STD-2169A, A procedure for a Failure Mode,
Effect and Criticality Analysis. 1977
Blanchard, Logistics Engineering and Management, Wiley Interscience 1986
Blanchard, Systems Engineering and Management, Wiley Interscience, 1991
US MIL-HDBK-388-1A, Electronic Reliability Design Handbook, 1988
United States Military Standard MIL-STD-1388-1A Logistic Support Analysis, 1991
AMCP (US Army Material Command), 706-132
1.1.7 Suggested Readings & References
The following are suggested additional readings for this section.
Standard or Reference Name Page Numbers
Asset Management Policy Manual 12-1 to 12-6
Nowlan & Heap, Reliability - centred Maintenance
Preface and executive
summary
United States Military Standard MIL-STD-2173AS Foreword Pp 1-33
Moubray, RCMII Pp 1-20
Smith, Reliability Centred Maintenance
Foreword and Preface
Pp 1-26
MSG 3 Report Preface
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
2 Background and theory
2.1 Definition of terms
The terms listed in this Manual have the following definitions.
2.1.1 Acronym Definitions
The following acronyms are commonly used within this Manual and are defined below:
FMEA Failure Mode Effects Analysis
FMECA Failure Mode Effects and Criticality Analysis
FTA Fault Tree Analysis
LSA Logistic Support Analysis
MIL-HDBK United States Military Handbook
MIL-STD United States Military Standard
RCM Reliability-Centred Maintenance
MTBF Mean Time Between Failures
MTTF Mean Time To Failure
MDT Mean Down Time
MRA Maintenance Requirements Analysis
MTTR Mean Time To Repair
COTS Commercial Off The Shelf
Actuarial Analysis Statistical analysis of failure data to determine the age-
reliability characteristics of an item.
Age Exploration The process of determining age-reliability relationships through
controlled testing and analysis of chance or unintentional events of safety critical items;
and from operating experience for non-safety items.
Application The set of assets defined by a single Technical Maintenance Plan and
hence given a single accountability for engineering management.
Check Task A scheduled task requiring measurement of some parameter and its
comparison to a required standard (accept/reject criteria).
Configuration Management Plan A document that provides key managerial
accountability and local procedures for the configuration management functions of
identification, change control, status accounting and audit. Additionally, the document
provides details of the numbering and information management practices necessary for
controlling the data set required by configuration management.
Conditional (also Potential) Failure The failure of an item to meet a desired quantifiable
performance criteria which may be either an output or condition parameter and which
indicates that conditional risk is unacceptable.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
Conditional Probability of Failure The probability that an item will fail during a particular
age interval, given that it survives to enter that age interval.
Consequence of Failure The results, to an operating organisation, of a given functional
failure at the equipment level and classified in RCM analysis as:
safety
operational
economic
safety hidden
non safety hidden
Corrective Maintenance The actions performed, as a result of failures (either functional
or conditional) to restore an item to a specified condition (MIL-STD-721B).
COTS The acronym used for Commercial Off The Shelf. Applies to equipment and
software which are part of the manufacturers / suppliers standard product.
Defect Any unacceptable departure of a characteristic of an entity (system, equipment,
assembly, part) requirements.
Default Decision In a decision tree where one of two decisions must be made, it is the
mandatory decision to be made in the absence of complete information. This may occur
in the analysis of both new and in service equipment.
Discard Task The scheduled removal and disposal of items or parts at a specified life or
condition of item or part (time or event) limit.
Double Failure A failure event consisting of the sequential occurrence of the failure of a
protective function and the failure of a function it is protecting. The double failure may
have consequences that would not be produced if either of the failures occurred
separately.
Effectiveness (Task) The criteria for determining whether a particular task is capable of
reducing the failure rate or probability of failure to a required or acceptable level. (i.e. that
the task is worth doing).
Engineering Failure Mode The specific engineering mechanism of failure which leads to
a particular functional or conditional failure.
Examination Task A scheduled task requiring visual examination for explicit evidence of
failure.
Failure The cessation of the ability of an item to perform a specified function.
Failure Effects The impact a particular failure mode has on the operation, function or
status of an item.
Failure Mode The engineering mechanism of failure which leads to a particular functional
or conditional failure. It includes the manner by which the failure is observed and is
generally described by the way in which the failure occurs and its impact, if any, on
equipment operation.
Failure Rate Ratio of the total number of failures within an item population, divided by the
total number of life units expended by that population during a particular measurement
interval under stated conditions.
Fail Safe A design property of a system or equipment which prevents its failure resulting
in catastrophic outcomes.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
Fault The inability of an entity to perform a required function.
Fault Tree Analysis (FTA) The analysis process where by the relationship and
combinations of faults/events are established that will lead to the occurrence of a defined
Fault, and are presented diagrammatically.
FMEA Acronym for Failure Modes Effects Analysis. A process that identifies how a
systems or equipment fail, and identifies the effect of the failure.
FMECA Acronym for Failure Modes Effects and Criticality Analysis which extends the
FMEA to assess the criticality of the failure on the system. (Ref MIL-STD-1629A)
Functional Failure The failure of an item to perform its normal or characteristic functions
within specified limits.
Functional Check A task requiring measurement of some defined parameter and its
comparison against a defined standard (synonymous with a check task).
Hidden Failure A failure not evident to the operator(s) during their performance of normal
duties.
Infant Mortality The relatively high conditional probability of failure during the period
immediately after an item enters or returns to service. Such failures are usually due to
defects in manufacturing not prevented or detected by the quality assurance process (if
any).
Inherent Reliability A measure of the reliability that includes only the effects of an item
design and its application and assumes an ideal operating and support environment.
Level Of Repair Analysis (LORA) The process for determining on an economic basis
whether equipment should be discarded or maintained, and if so whether the
maintenance is performed on or off site.
Logistics Support Analysis The process of determining the total support requirements
for equipment or systems. (MIL-STD-1388-2A&B Logistic Support Analysis).
Mean Down Time A measure of the period of time that an entity is unavailable for its
required function. (includes Mean Time To Repair (MTTR), logistics down time and
administrative downtime).
Maintenance Requirements Analysis (MRA) The process of identifying the appraisal,
preventive and corrective maintenance requirements of systems / equipment to allow the
system / equipment to fulfil its intended function.
Mean Time Between Failure (MTBF) A basic measure of reliability for large repairable
items which exhibit an exponential (random) failure characteristic.
Mean Time To Failure (MTTF) A basic measure of reliability for large non-repairable
items which exhibit an exponential (random) failure characteristic.
Mean Time To Repair (MTTR) A basic measure of the maintainability for repairable
items/systems. It is generally taken as the mean repair time once the staff are on site
with the requisite spares, tools and test equipment.
MIL-HDBK United States Military Handbook
MIL-STD United States Military Standard
MIMIR The Maintenance Requirements Analysis software produced by RailCorp and
named after the giant in Norse mythology who guards the Highest Well of Wisdom
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
On Condition Task Scheduled task to detect potential failures, or to meet calibration
requirements
Operator Person who uses or operates equipment as part of their allocated duties during
its normal usage.
Operational Checks Scheduled tasks to detect the operability of a particular function in
order to check for hidden failures.
Operational Maintenance (also called " organisational" and " field" maintenance)
Maintenance which is either preventive or corrective in nature and that is undertaken on
the system irrespective of whether it is operating or shut down.
Preventive Maintenance The actions performed in an attempt to retain an item in a
specified condition by providing systematic inspection, detection and prevention of
incipient failure (MIL-STD-721B).
Risk The product of conditional probability of failure and failure event consequence.
Redundancy The existence of more than one means for accomplishing a given function.
Each means of accomplishing the function need not necessarily be identical (MIL-STD-
721B).
Reliability Centred Maintenance (RCM) A process which aims to determine the
maintenance requirements of an asset in its operating environment.
Safe Life Limit A life limit imposed on an item that is subject to a critical failure
established as some fraction of the average age at which test data shows that failures will
occur.
Secondary Damage The immediate physical damage to other parts of items that result
from a specific failure mode.
Servicing The performing of any action needed to keep an item in operating condition,
(e.g. lubricating, oiling, fuelling.) but not including preventive maintenance of parts or
corrective maintenance tasks
Servicing Schedule A defined set of tasks to be undertaken on an asset or set of assets
in a defined place at a defined point in time; the result of the task aggregation process
following the RCM task analysis activity.
Significant Item An item whose failure either alone, (or if delivering a hidden function
then in conjunction with another failure), has safety, operational or major economic
consequences.
Technical Maintenance Plan A document which details:
which items are to be maintained,
what maintenance tasks are to be done, and
when and where the maintenance task is to be performed.
Total Quality Management A management approach that achieves continuous
incremental improvement in all processes, goods and services through the creative
involvement of all people.
Wear-out The process which results in an increase of the failure rate or conditional
probability of failure with the accumulation of life units
Workshop Maintenance Deepest level of maintenance undertaken on equipment or
their assemblies (also known as Depot level maintenance in the reference texts).
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
2.2 Reliability and maintenance
2.2.1 Introduction
While the concept of reliability is not new, its proper definition and introduction as a
branch of engineering is relatively recent. Thus "reliability" is related to a recently
developed body of concepts and methods which date from the 1940s. Maintainability
engineering, as the branch associated with the proactive examination of the maintenance
task, is even younger.
A concise history of reliability, maintainability and safety engineering is available in
Villemeur
8
pages 3-14. It is strongly recommended as background reading.
2.2.2 Reliability
People in all walks of life regularly use the word reliability. We all want reliability from our
assets, be it rail vehicle, high voltage switchgear or dishwasher. Few understand that for
the professional engineer "reliability" is a specialist word with an entire engineering
discipline behind it. A maintenance or systems engineer without an understanding of
reliability is like a surgeon without a scalpel. The necessary incisive tools are just not
there.
Reliability is defined as:
"the probability that an item will perform its intended function for a specified interval
under stated conditions"
9.
The theoretical and mathematical foundations for the reliability engineering discipline are
comprehensively described in Chapter 5 of MIL-HDBK-388-1A
10,
Electronic Reliability
Design Handbook. Many other commercial texts are available on the subject. The
handbook, provides detailed but practical approaches to specifying, allocating and
predicting reliability for engineering systems and equipment.
An understanding of reliability requires more than a cursory look at the primary elements
of the definition. To assist the development of a basic understanding of these elements
and their implications, they are described in further detail as follows:
Probability is a quantitative expression that follows strict mathematical rules and
can be expressed as either a fraction, a percentage, or a decimal value that lies
between zero and 1. Failures are described in probabilistic terms because they
can be expected to occur at different points in time even for identical equipment
operating under identical conditions.
The items being compared must have the same configuration to ensure that
variation in effecting factors is kept to a minimum. Different configurations
represent different populations of items, hence the mathematics of statistics, which
requires statistically homogenous groups (populations), cannot be properly applied
without high probability of erroneous results.
Satisfactory performance requires that specific and measurable criteria have been
established to determine what is satisfactory. This set of quantitative and
qualitative criteria is usually (should be) contained within the system specification.
8 Villemeur, Alain, Reliability, availability, maintainability and safety assessment, J ohn Wiley & Sons, 1992, pages 3-14.
9 US MIL-HDBK-338-1A, Electronic Reliability Design Handbook, US Department of Defence, 1988
10 US MIL-HDBK-338-1A, Electronic Reliability Design Handbook, US Department of Defence, 1988.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
Specified operating conditions include environmental conditions, operational profile
or other such factors which drive the variability of stresses to which the item is
exposed.
Time is the measure against which performance is judged, and provides the
mathematical rigour for reliability through the formulae for varying reliability
characteristics.
From the definition it is evident that the reliability of an item is an inherent attribute
dependent on the item design and its operational requirement and environment. No
amount of maintenance can increase the reliability of an item beyond its design capacity.
Given an effective maintenance regime, only a change of configuration (modification) or a
change to operational requirements and environment can improve an item's inherent
reliability.
Reliability and probability are of particular interest when examining the subject of hidden
functions and double failures. Double failures are generally associated with redundancy
and hence there is a need to understand the impact of redundancy on reliability
calculations.
2.2.3 Failure Characteristics
The failure characteristic of an item refers to the hazard rate (i.e. increasing or decreasing
failure rate with time) profile of that item over time. Until the mid 1970s items were seen
as exhibiting a common failure profile (reliability characteristic) as shown in Figure 4
consisting of three separate characteristics combining into a single composite called a
"bathtub" curve named after its general shape. The three separate characteristics are:
An infant mortality period due to quality of product failures
A useful life period with only random stress related failures
A wear out period due to increasingly rapid conditional deterioration resulting from
use or environmental degradation.
Time
Hazard
Rate
Infant
Mortality
Useful Life Wear Out
Figure 4 - Hazard Rate as a function of age
However, with the advent of increasingly complex systems and equipment, reality proved
to be not as simple as the "bathtub". Actuarial studies of aircraft equipment failure data
conducted in the mid 1960s identified a more complex relationship between age and the
conditional probability of failure. Six different failure characteristics were identified, along
with their relative percentage representation in the aircraft failure population, as shown in
Figure 5.
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
4%
Wear-In to Random to Wear Out
2%
Random then Wear Out
5%
Steadily Increasing
7%
Increasing during Wear-in and then Random
14%
Random over measurable life
68%
Wear-in then Random
Figure 5 - Age (X axis) reliability (y axis) pattern
The six age-reliability failure patterns listed above are described in detail in Nolan and
Heap
11
at Pp 46 and referenced in Moubray "RCMII"
12
at Pp 203217 and Smith
13
at Pp
45. All analysts should be thoroughly familiar with the implications of each type of failure
characteristic. These characteristic failure patterns identify those maintenance tasks that
will be applicable and effective for each identified failure mode and its associated failure
pattern.
2.2.4 Reliability Modelling
The first reliability modelling tools were used on the German V1 rocket program during
World War II. Initial unreliability (100%) was explained by a "weak link concept"
14
which
said the system was only as strong as the weakest part. This was replaced after
consultation by Von Braun with Eric Peirushka, a mathematician, who advised that the
survival probability (reliability) of a set of identical elements with individual survival
probability of 1/x would be (1/x)n (where n =number of identified elements).
The series reliability formula derived from Peirushka's response is shown in Figure 6.
11
Nolan and Heap, United Airlines, San Francisco, California, 1978
12
Moubray, J ohn, Reliability-Centred Maintenance, Butterworth Heinemann, 1992, 203217.
13
Smith, Reliability Centre Maintenance, McGraw-Hill, 1991
14
F T Pierce, Tensile Strength for Cotton Yarns Part 5 The Weakest Link, Theorems on Strength and Composite Specimens,
Textile Institute J ournal, Transactions, 1926
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
R
n
R
1
...........
R
3
R
2
Rt =R
s
=R
1
x R
2
x R
3
x ..............x R
n
Where Rt =Rs =System reliability =Total reliability
R
1
...
n
=Elemental reliability
Figure 6 - Series reliability formula
The series reliability formula is complemented by the parallel reliability formula which
reflects the reliability of a system that has redundant elements capable of maintaining the
function should one of the redundant elements fail. The most common usage of these
phenomena is as a "one in two" redundancy, although other more complex arrangements
(e.g. three in five, two in six ...) are possible. The formula for the basic one in two
redundancy is shown in Figure 7.
Redundancy arrangements in systems enable the consequences of individual item
failures to be avoided by providing a standby item or equivalent function that will fulfil the
complete function of the primary item when it fails. This redundant capability reduces the
consequence of failure to a timely repair process only, and, if there are no other
consequences other than this repair function, the item can be cost effectively run to
failure without any other consequence reducing maintenance.
R
2
R
1
R
t
=R
1
+R
2
- (R
1
x R
2
)
Where R
t
=Total reliability
R
1
...
n
=Elemental reliability
Figure 7 - Parallel reliability formula
Examples of changes in total system reliability performance through application of
redundancy are shown at Figure 8.
In a series system (Figure 6) of equal unit reliability
Rt =R
n
Where R is the unit reliability of corresponding unit and n is the number of units
In a parallel system of equal unit reliability
Rt =1-(1-R)
n
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
Number of similar
units in Series
Number of similar
units in Parallel
System Reliability System Reliability
1 0.9 0 0.9
2 0.81 1 0.99
3 0.73 2 0.999
4 0.66 3 0.9999
Figure 8 - System reliability calculations
Reliability achieved through complex redundancy arrangements of parallel units, which
may only require say 3 of 5 parallel units are known as m out of n reliability. Figure 9
depicts a system whose successful operation requires the correct functionality of m or
more of its n components (parallel configuration).
R
2
R
1
R
3
R
4
R
n
m
Figure 9 - n Parallel reliability block diagram with a minimum of m blocks operable
In situations where the failure rate is constant, the reliability R at time t for m out of n
reliability is given by:
( )
( )
+
=
1
0
)! !
!
) 1 (
1
1
m
i
i n
n
t
i n i
n
t
R
2.2.5 Maintenance Task Applicability
Maintenance activity which supports a system should be designed to protect the reliability
of that system through an understanding of the failure characteristics of the individual
elements of the system and the reliability relationships of those elements. For a
maintenance action to be applicable to a particular piece of equipment, the action must
address individual failure mode(s). A detailed description is provided in Section 4.1.3,
see Task Applicability.
Applicability is a measure of the suitability of the task to the failure mode.
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
2.2.6 Maintenance Task Effectiveness
The effectiveness of a maintenance task is a measure of its ability to achieve its objective
which is usually the ability to reduce or eliminate the effects of the failure mode to an
acceptable level. However, if the objective is to avoid all functional failures then a task
that only reduces the failure rate is inadequate. A detailed description is provided at
Section 4.1.4, see Task Effectiveness.
Effectiveness is the ability of the task to achieve the maintenance objective.
2.2.7 Suggested Readings & References
The following are suggested additional readings for this section.
Standard or Reference Name Page Numbers
Nowlan & Heap Reliability - Centred Maintenance Pp 38-45
United States Military Standard
MIL-STD-2173AS
Nil
Moubray, RCMII Nil
Smith, Reliability Centred Maintenance Pp 43-57
MSG 3 Report Nil
2.3 Maintenance, Risk and RCM
2.3.1 Introduction
The MRA methods described in this manual are based on RCM analysis techniques
developed by the commercial aircraft industry since the early 1970s.
A "brief" history of the RCM process is provided in Chapter 12 of J ohn Moubray's text,
RCM II, Reliability-Centred Maintenance
15
and the preface to Smiths text Reliability-
Centred Maintenance
16
is strongly recommended as background reading. This history
should be read at this stage of the Manual by serious users.
Briefly, the term Reliability-Centred Maintenance was derived from a report by Nolan and
Heap of United Airlines commissioned by the United States Department of Defence in
1978. The process evolved in the private airline industry primarily through the activities of
a Maintenance Steering Group of the International Air Transport Association. The report
of the Maintenance Steering Group in 1972 titled MSG-2 (updated in 1980 with MSG-3),
provided the backbone of the logic processes contained in the referenced texts and RCM
analysis. The RCM process has now been applied to a variety of military and commercial
assets using a number of variations on the original theme.
2.3.2 Maintenance
Maintenance has been defined as
"all actions necessary to retain a system or product in, or restore it to, a
serviceable condition"
17
.
15
Moubray, J ohn, Reliability-Centred Maintenance, Butterworth Heinemann, 1992, .
16
Smith, Reliability Centred Maintenance, McGraw-Hill, 1991
17
AMCP (US Army Material Command), 706-132.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
The word "serviceable" in the definition is considered to mean "fit for function" which has
a significant impact on the decision processes associated with reliability assessment.
Additionally, function should be considered as business function or capability, there being
a need for all maintenance actions to provide a return on their investment through
assured business performance.
The statement, "fit for function", includes not just performance but the level of reliability
(or probability that the item will operate as required for a future period) required and
reinforces the fact that reliability is inherent in design and cannot be increased beyond
that provided by the designer. Maintenance tasks specified in TMPs are generally aimed
at achieving this inherent design reliability by maintenance action. Assets which are
fundamentally incapable of delivering required performance must either be modified or
have their performance criteria lowered.
Achieving an asset's inherent level of reliability requires the identification of what
maintenance is necessary to address the various ways in which the asset fails to deliver
its intended function. It should be noted that for some assets, overdesign or changed
operational circumstances may have reduced its required level of performance. Assets
whose performance requirements are reduced from original design level may have their
maintenance requirements reduced to achieve their reduced level of operational and
associated business performance. This is shown in Figure 10.
PERFORMANCE
PARAMETER
Designed in Capability
Maintenance requirements
reduced to match lower
performance requirements
Increased performance requirements
Reduced performance requirements
Maintenance cannot
increase performance
beyond design capability
Maintenance at best can
only achieve this design
level of performance
Figure 10 - Maintenance Performance
2.3.3 Risk
There has been a tendency in the past for organisations to believe that the equipment
failure process is deterministic and flows from inadequate maintenance; "if you engineers
maintained it properly then it wouldn't fail". This approach completely misunderstands the
probabilistic nature of engineering and in particular the failure process. The "risk" of
failure cannot be totally eliminated but its size can be reduced by an effective approach to
designing-in reliability and responding to the design with applicable and effective
preventive maintenance requirements.
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
2.3.3.1 Risk Assessment
In this regard, risk as it applies to maintained systems can be modelled as the product of
event probability, event consequence and control effectiveness. This model is shown at
Figure 11.
Without a logical and structured approach to determining maintenance requirements that
are based on the mathematics of reliability and risk, a maintenance program will result in
one of two possible outcomes:
The program will not address the inherent failure mechanisms and their
consequences resulting in inefficient reactive maintenance producing occasional
high consequence outcomes such as personal injury or death and secondary
damage to assets.
The program will be conservative in nature and over prescriptive resulting in
excessive maintenance costs and a reduced asset reliability due to inevitable
increases in the levels of infant mortality.
Failure
Mode
Mechanism
and
Cause
Risk Effects
Control
Risk
Event
Consequence
Control
Effectiveness Probability
Event
Figure 11 - Risk quantification with maintenance as control
2.3.3.2 New Acquisitions Risk
Without the RCM approach, the maintenance program for new equipment will usually
progress from an inadequate program to an overly prescriptive one as actual failures are
responded to on a piecemeal basis. Each reactive decision becomes locked in, as time
progresses and the reasons for including tasks is either not documented and forgotten or
if documented, become lost in the archives.
The RCM program manages the risks associated with asset support by ensuring that the
activities necessary to operate the equipment at defined levels of safety and service are
achieved at minimum lifecycle cost. Additionally, the structured and documented
approach ensures the program will remain viable in the long term through an ability to
respond readily and promptly to changes in the operating or maintenance environment.
2.3.4 RCM Process
The determination of maintenance requirements is based on three key analytical
techniques which are:
Failure Modes and Effects Analysis (FMEA)
Reliability-Centred Maintenance (RCM)
Level of Repair Analysis (LORA).
The 7 step RCM process at Unit 1 asks eight basic questions as follows:
which assets (significant items) are to be subject to the analysis process
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
what are the functions and associated performance criteria (accept/reject
boundaries) of each asset in its particular operating environment
how does it fail to fulfil its listed functions (failure modes) FMEA
what failure mechanism causes each loss of function (failure cause) FMEA
what is the outcome and impact (criticality) of each failure (failure effect) FMECA
what maintenance tasks can be applied to prevent each significant/critical failure
(preventive maintenance)
what action should be taken if effective maintenance tasks cannot be identified
(default action).
This process is detailed in Section 4 of this publication.
2.3.5 Other Users of RCM
RCM has been applied extensively to the commercial airline industry since the late 1960s
when the International Air Transportation Association, Maintenance Steering Group
report MSG-1 was developed for and applied to the Boeing 747 aircraft. This initial work
was followed by improvements embodied in the MSG-2 report in 1972 and the MSG-3
report of 1980.
The RAAF applied a variation of the MSG-2 process to its aircraft from 1975 under the
RAAF Analytical Maintenance Philosophy (RAMP) project. The US Navy applied the
MSG-2 logic to a number of aircraft commencing in 1978 with the P-3 Orion maritime
aircraft. Since then the logic has been applied to a number of high value and
operationally critical commercial sites such as oil platforms and nuclear power stations.
A listing of types of industries known to be using RCM analysis around mid 1992 are
listed in Moubray's book "RCMII"
18
page 268. In Australia, the RCM process is now used
in the following industries:
Rail
Power
Military
Mining
Water Supply
Manufacturing
2.3.6 Benefits
The benefits of applying RCM will vary between organisations and will depend on the
effectiveness of current maintenance practices. However, application of the process can
generally be expected to result in:
Increased safety and environmental integrity due to prioritisation in the logic chart,
reduction in double failure probabilities and reduced exposure to unnecessary
maintenance.
Improved system effectiveness where effectiveness is defined as the product of
availability, operating efficiency and quality of output or yield. This results from
reduced hard time maintenance tasks, improved repair times and improved
reliability flowing from removal of unnecessary items found redundant by the
analysis.
18
Moubray, J ohn, 1992, Op Cit, 268.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
Improved maintenance cost effectiveness resulting from increased levels of
planned maintenance, improved contract maintenance performance and reduced
need for expensive field service representation.
Extended asset lives by ensuring best balance between being over-maintained,
which wears and damages key interfaces such as connectors and fasteners, and
being under-maintained which allows significant degradation, each of which may
not be economically recoverable requiring premature replacement.
Improved engineering knowledge flowing from the application of the analysis
process and the availability of a maintenance database which clearly describes the
origin of maintenance requirements which can be used to support change. This
reduces an organisations susceptibility to loss of knowledge through personnel
movements.
2.3.7 The RCM Model
Maintenance requirements analysis described in this Manual has been drawn from
experience in the Australian aircraft, rail, power and water industries. These
organisations have used a variety of resources to undertake RCM analysis of equipment
which has generally been in operation for at least five or more years.
The general structure of the model to be applied in determining the maintenance policies
for equipment and systems (tasks and frequencies) is shown at Figure 12.
New assets will require analysis to be done in accordance with a single standard
generally applied through an interactive computer data base to improve development
efficiency and facilitate ease of access by responsible systems engineers. The
requirement for RCM analysis data should be a deliverable in future significant asset
acquisition projects.
2.3.8 Process Steps
Whether conducted by hand or done on a spreadsheet or interactive database, RCM
analysis follows the process flow chart in Figure 13 and Figure 14.
Three standard RCM task analysis logic diagrams were examined to create the logic
process defined in this publication. These logic charts were drawn from:
MSG-3 Report (Used for new commercial aircraft)
US MIL-STD-2173(AS) (Used for new and in service military aircraft)
RAAF Analytical Maintenance Philosophy (Used for new and in service military and
transport aircraft).
2.3.9 Analysis Team
RCM analysis has been performed both during the design of an asset and after its
acquisition. As stated, analysis during design is the most effective method, however, for
a variety of reasons the analysis of existing systems often becomes necessary.
Irrespective of whether the analysis is pre or post acquisition, a team effort will be
necessary to get the best results.
The selection of the analysis team depends on the alternatives being satisfied. However,
the important principle to be followed is that no one person has all the information
necessary to undertake an effective RCM analysis. Participation of staff at all levels in
the organisation is essential, not just for technical reasons but for the acceptance of the
output of the process.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
Design characteristics
Functional Breakdown
Significant systems
FMEA
RCM Analysis Logic
and items
Re-Design
Maintenance
Program
Preventive
Package tasks
Determine task period
Figure 12 - RCM analysis process chart
RailCorp Page 28 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
ering Manual Integrated Support
quirements Analysis Manual AM 9995 PM
RailCorp Page 29 of 114
Issued J uly 2010 Version 5.0
Figure 13 - RCM analysis logic chart
UNCONTROLLED WHEN PRINTED
RailCorp Engine
Maintenance Re
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
Operator
Monitoring
Assess
Criticality
Redesign
Safety
Environment
Economic
Group Tasks
On-System
Group Tasks
Off-System
Assemble
TMP
Legend:
Task analysis
Logic diagrams see Section 8.8
Structured
Breakdown
Select
Candidates
Identify
Functions
New
Configuration
Collect
Data
Identify
Failure Modes,
Causes and Effects
YES NO
EVIDENT EVIDENT HIDDEN
Safety
Environment
HIDDEN
Economic
Figure 14 - Analysis process chart
2.3.10 Post Acquisition Analysis
When analysis is performed after an item has been acquired and been operating for
some time, the following team selection process is recommended:
The team must have an identified facilitator to provide encouragement, direction,
referee functions and allocation of follow-up tasks.
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
Team size should be between three and six staff, including the facilitator, to
provide a balance between knowledge needs and the complexity of communication
between participants (too many cooks!).
Team knowledge must cover from "hands on" through to specialised technical aspects.
Some participants may be invited specifically for one key task. Typical participants in a
team are:
Operator
Trade maintainers / Technical Officer
Engineering specialist
Supervisor
Scribe
Where computerised analysis is conducted, a technical scribe can often be highly cost
effective in reducing analysis time and assisting facilitators who may be part time internal
staff. Scribe duties encompass such activities as:
the rapid typing of large amounts of commentaries from participants into
spreadsheets or databases
managing the configuration management aspects of an often large and complex
database of analysis files
printing out and disseminating "post analysis" actions to be completed prior to the
next analysis meeting
preparing the room for the facilitator
Latest approaches to facilitation use computer overhead displays in an intense
information retrieval and decision making process. The advantages of this process are:
Preparation work is done by scribes who assemble configuration data regarding
the functions and physical data of the systems and their items of equipment.
Data is collected in structured manner with all relevant comments from participants
captured on a permanent record.
Decisions are quickly obtained and signed off in a visible manner
Delays to the analysis due to lack of information are prevented by documenting
hold ups and allocating accountability for post meeting action.
2.3.11 New Acquisitions
For new acquisitions, the conduct of the RCM analysis should be the responsibility of the
Prime Contractor and should be a deliverable under the contract. The procedures used
should satisfy the approach in this document and be delivered in a form which will
interleave smoothly with operating systems data. Project design reviews (e.g.
Preliminary Design Review, Critical Design Review) in accordance with the principles
contained in the Asset Management Policy Manual will require the assembly of an audit
team to examine progress in FMECA and RCM activity.
This subject is dealt with in greater detail at Section 4.
2.3.12 Data Collection
Maintenance requirements analysis cannot be undertaken in an information vacuum and
certain data will be necessary to start the process.
This process of collecting data represents the first step in the analysis flow chart at Figure
14. The data, which would include failure summaries and key diagrams such as
functional, physical and reliability block diagrams, not only supports the maintenance
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
analysis but may become invaluable in the future as a set of resource data managed
under configuration control.
Typically the collected data should, where possible, include the following:
System and equipment drawings
Electrical and hydraulic circuit diagrams
System plans
Operations and maintenance manuals
System and equipment failure data
System functional and physical block diagrams
2.3.13 Suggested Readings & References
The following are suggested additional readings for this Section.
Standard or Reference Name Page Numbers
Asset Management Policy Manual
Nowlan & Heap Reliability - centred Maintenance
United States Military Standard
MIL-STD-2173AS
Foreword Pp 1-33
Moubray, RCMII Pp 1-20
Smith, Reliability Centred Maintenance Foreword and
Preface Pp 1-26
MSG 3 Report Preface
3 System Breakdown
3.1 Introduction
System breakdown provides the most important first step of structuring the system into
logical blocks to enable the application of a structured approach to the analysis activity
and to provide the list of significant items for analysis. The process also establishes the
boundaries for the:
collection of data to support the continual improvement process and
allocation of certain management accountabilities.
Not all items that make up a system justify the detailed analysis required by the RCM
techniques described in the texts. Only those items whose failure results in potential
safety, environmental or economic consequences should be considered for analysis.
A detailed description of the formal process used in establishing a system breakdown
structure is contained in US MIL-STD-1629A (FMECA)
19
pages 101-1 to 101-4. Where
FMECA is undertaken as a requirement of the design process, the output of the FMECA
is a set of failure modes and effects with established criticalities.
Those failure modes not removed during the iterative design process will have a
remaining criticality assigned which may be expressed either quantitatively or
qualitatively. These remaining failure modes must have an assigned compensating
provision or management mechanism. Operator monitoring and preventive maintenance
are two such compensating provisions.
The primary elements of the system breakdown process are shown at Figure 15.
19 US MIL-STD-1629A A Procedure For a Failure Mode, Effects and Criticality Analysis, 101-1 to 101-4
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
BOUNDARIES
BREAKDOWN
COMPLETE
FUNCTION
DIAGRAM
SIGNIFICANT
ITEMS
PRIORITISE
DETERMINE DEVELOP
ESTABLISH
Figure 15 - System breakdown process
3.1.1 Establishing Boundaries
Each system identified in the system breakdown will have a number of interconnects
(interfaces) with adjacent interactive systems. These boundaries need to be defined in a
clear and unequivocal manner to ensure that there are no accountability gaps or
overlaps.
The objectives of establishing data collection arrangements and the allocation of
accountabilities should be carefully considered during the breakdown process. General
rules for establishing effective system boundaries are that the boundary should:
Contain a clearly defined function.
Commence at an identifiable point where system interface requirements are clear
and, where possible, physical separation is achievable.
Not cross areas of defined managerial accountability.
The drawings at Figure 16 and Figure 17 show an example of a boundary established
between a bulk oil supply and individual client units. Systems 1, 2 and 3 have different
management accountabilities therefore boundaries are established which clearly identify
the division between the common service function of bulk oil supply and the individual
clients of system 1 and system 2. The boundary is set at the input end of the shut off
valve as this valve protects the client systems and is functionally unlinked to any third
system.
System 1
System 2
System 3
Bulk Oil Supply
Turbine A
Turbine B
Figure 16 - Boundary block diagram
Figure 18 shows how the boundary is established at the detailed level allowing for
allocation of asset management accountabilities. Thus although the interface
specification or description defines the physical separation point, the accountabilities,
shown by a circle at Figure 17, absorb this connection arrangement into a total
accountability to ensure clear ownership of the interface. Most systemic problems occur
at interfaces due to unclear accountability; this allocation of total accountability reduces
that risk.
A difference in engineering discipline is not a valid reason for establishing a boundary.
For example, although a chimney may be a civil engineered concrete structure it should
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
be included as an integral part of the exhaust system much of which may include
scrubbers and other mechanical plant. This concept encourages the application of a
systems approach to the management of the defined assets rather than a constrained
discipline approach which may be insensitive to systems wide interactions.
System 1 System 2
Analyse and
maintain as
single entity
Figure 17 - Boundary detail
Examples of other boundaries similar to that described in Figure 17 above are:
Primary machine and supporting plinth
Primary item and cable connectors
A further example shown at Figure 18 develops the concept of separation of supply,
distribution and user where the supply function is distributed to a variety of users. The
idea of suppliers and customers is encouraged in that each asset manager is both a
customer of some and a supplier to other customers that is each asset manager should
ensure that they receive required services from suppliers and provide required services to
their customers.
Boiler
Storage
Tank
Steam
Pipes
SUPPLIER
DISTRIBUTER
USER
Figure 18 - Steam heating supply
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
Clear ownership boundaries for indication and control systems are often difficult to
establish. In most instances, sensors take inputs from the prime equipment (and are
often buried inside that equipment), convert this to a transmittable signal that is passed
along metal wire to a central control room. Control mechanisms can also be embedded
in the prime equipment and follow similar rules regarding asset ownership.
The following general rules are usually effective in allocating functional boundaries for
control and indicating equipment accountability:
Sensor and associated indicating equipment attached to the prime equipment
belongs to the control and indications system owner.
Remote indicating and control equipment (clustered in a control room for example)
and the associated cabling belongs to the control and indications system owner.
Sensors embedded in or removed with the prime equipment belong to the prime
equipment owner.
Sensors and controls that remain attached to their cabling when the prime
equipment is removed belong to the control and indications system owner.
3.1.2 Develop Functional Block Diagrams
Functional block diagrams describe the operation, interrelationships and
interdependencies of functional entities in a system. They are constructed in terms of
engineering data and schematics to enable failure modes and effects to be traced
through the various levels of a system.
These diagrams are essential to a clear understanding of the total system and its
interactions when preparing for the failure modes and effects analysis.
A system level diagram is also essential to the description of the Application in the
preface to the Technical Maintenance Plan. A typical electrical network assets
application block diagram is provided below for each asset class.
ER
Earthing
SU
Substation
General
TX
Transformers
OH
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
Overhead lines
UG
Underground Cables
SL
Street Lighting
SC
SCADA
CM
Communications
PR
Protection
AU
Auxiliary Equipment
AF
Audio Freq Load Ctrl
DC
DC Power System
VR
Voltage Regulation
SW
Switchgear
Figure 19 - Typical Electrical Application Block Diagram
The detailed procedure for developing and numbering a functional block diagram are
available in MIL-STD-2169A Pp101-3 to 4 and 9.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
3.1.3 Significant Items
Not every item in a system is significant and justifies the expense of a comprehensive
RCM analysis. The basic approach to be applied in establishing the significant item list is
shown in Figure 20. The system plans, drawings and diagrams are used to compile a list
of functional items in the system. This list is then processed to determine those items
whose failures have some significant impact on the business objectives of the
organisation.
The significant item analysis process undertakes a comprehensive review of the system
design features to limit the size of the analysis task by a quick, but conservative,
identification of the set of functionally significant, structurally significant and hidden
function items. The results of applying the process are shown in Figure 21 and Figure
23.
SYSTEM
OR EQUIPMENT
FUNCTIONAL
BREAKDOWN
MAJOR LOAD
CARRYING
ELEMENT
ADVERSE EFFECT
ON SAFETY, THE
ENVIRONMENT
OR SERVICE
IS FAILURE RATE
OR COST HIGH
STRUCTURALLY
SIGNIFICANT
ITEM
YES
NO
YES
YES
NO
DOES THE ITEM
HAVE EXISTING
SCHEDULED
MAINTENANCE
FUNCTIONALLY
SIGNIFICANT
ITEM (FSI)
NON SIGNIF-
CANT ITEM
YES
NO
NO
DOES ITEM PROVIDE
EMERGENCY FUNCTION
YES
NO
Figure 20 - Selecting significant items
Figure 21 displays the items in a system as a descending hierarchy. Not all these items
will be classified as "significant" as their failure may have little impact on the operation of
the system other than the cost of repair. As a guide, significant items are considered to
be those:
Whose failure modes threaten safety or breach known environmental standards.
RailCorp
Issued J uly 2010 UNCONTROLLED WHEN PRINTED
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual
RailCorp
Issued J uly 2010
The spreadsheet at Figure 22 identifies the system equipment from the example shown in
Figure 16 that are candidates for assessment. Only those that are considered significant
in accordance with the logic chart will be subject to analysis. Spreadsheets provide a
convenient mechanism for storing information and automating some simple activities
when conducting item significance analysis.
UNCONTROLLED WHEN PRINTED
Whose failures modes have significant operational or economic consequences
Which contain a hidden function whose failure exposes the system to a significant
double failure consequence
Are part of an emergency system.
APPLICATION
Parts
Systems
Sub Systems
Assemblies
Figure 21 - All elements listed
ering Manual Integrated Support
quirements Analysis Manual AM 9995 PM
RailCorp Page 38 of 114
Issued J uly 2010 Version 5.0 UNCONTROLLED WHEN PRINTED
System Code TR-01-00-00
System Name Emergency Pumping System
Asset Code Equipment Name MLC Saf Env Serv HFR HRC Exist Emerg Sign
TR010100 Pump n n n y n n y n Y
TR010200 Level sensor n n n n n n n y Y
TR010300 Control Unit n n n y n n n y Y
TR010400 Auto Shut off valve n n n n y n n y Y
TR010500 Isolating Valve n n n n n n n n N
TR010600 Pipework n n n n n n y n Y
Abbreviated column headings for the criticality assessment are:
MLC main load carrying structure
Saf failure of the equipment has safety implications
Env failure of the equipment has environmental implications
Serv failure of the equipment has service implications
HFR high failure rate equipment
HRC high resource consumption
Exist there is an existing preventive task
Emerg the equipment is part of an emergency system
Sign the equipment is significant, yes (Y) or no (N). Only if all the above questions result in a no answer does the system qualify as not
significant.
Figure 22 - Significant items spreadsheet
RailCorp Engine
Maintenance Re
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
Figure 23 shows the non significant items removed from the tree leaving fewer individual
items to consume the resources allocated to analysis.
APPLICATION
Systems
Sub Systems
Assemblies
Parts
Figure 23 - Significant items remaining
3.1.3.1 Top down approach
The RCM analysis occurs from the top down and should be conducted at the highest
level possible in the system. Analysis at the assembly and parts level should only occur if
that part has an actual function. Performing the RCM analysis at too low a level in the
structure i.e. at parts as shown in Figure 23, unnecessarily complicates the analysis
process by focusing on detail, creating excessive paperwork and usually identifying no
additional tasks.
3.1.4 Prioritisation
RCM analysis is expensive and a return on the investment in the analysis should be
obtained as quickly as possible. This can be achieved by prioritising the equipment to be
analysed and implementing the outcome as soon as the supporting maintenance
management systems will allow.
Prioritising the conduct of the RCM analysis activity is usually only an issue for assets
already in service where the results of the analysis can be independently applied to the
asset under review. For new equipment yet to be placed in service or with equipment
where the analysis results must be developed during the procurement process, this is
usually not an issue.
An example of prioritisation of in service RCM analysis is a distributed electrical system
which may have the output of RCM analysis applied separately to specific parts of the
system. This is possible due to the ability to contain the application of RCM to finite
elements such as say the DC Circuit Breakers in an electrical supply substation.
The prioritisation process also enables evaluation or prototyping programs to be
conducted independently allowing high cost activities or equipment to be targeted for
early implementation.
RailCorp Page 39 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 40 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
The prioritisation process should reflect system and equipment criticality as determined
by the FMECA process or some other similar risk estimation method. The process must
direct the analysis at determining the preventive maintenance requirements of those
items of equipment which represent the greatest risk to organisational and/or business
objectives if proper maintenance is not undertaken.
3.1.5 Numbering Systems
There are three types of numbers that may be used to categorise data against a system.
These numbers are:
A functional system identifier that is often referred to as a technical maintenance
code (TMC) and is used to develop the maintenance requirements analysis.
A geographic identifier common to asset registers that enables the particular
functional element in a system to be found for maintenance or other purposes.
A unique item identifier that enables allocation of data against a particular item
fitted to the functional "hole" at a geographic point in the system. This data usually
contains three pieces of information, Item manufacturer, Item Part Number and
Item Serial Number.
Each number is part of the set of data controlled by a configuration management system
that:
Identifies the system configuration
Controls changes to that configuration
Accounts for status at any particular time
Audits the physical and functional configuration at key points in the system life
cycle
The system breakdown and its associated numbering should be structured to support the
"functional" thrust of the RCM analysis program. For this reason a hierarchical system
which reflects the configuration of the total system and the functional relationships
between its parts is recommended.
As a general rule, fleet type equipment and production plant will generally require a
system consisting of:
Application (Equipment type covered by the Maintenance Plan)
System
Sub-system
Assembly
Sub-assembly
Item
Distributed systems, where components are scattered and individual elements of
significantly different configuration are interchangeable, have a structure that responds to
reduced depth and greater equipment diversity:
Application (Maintenance plan coverage)
System
Item Category
Item Type
Distributed systems, often have multiple types of items capable of undertaking a
particular function in the system, particularly where procurement practices encourage a
multiplicity of models and makes.
Numbering systems should be kept simple. One system used extensively in the
Australian rail and air environment is shown at Figure 24.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
TR 01 00 00 00
where TR is the Application giving potentially 26 x 26 different maintenance plans
depending on the need to align letters with actual names.
01 is the system
00 are the remaining lower order elements or categories
Figure 24 - Numbering system structure
A possible implementation of a four level structure for typical electrical assets (shown in
Figure 19) is outlined in Figure 25 below:
RailCorp Page 41 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
NAME
1 2 3 4
SW 00 00 00
SWITCHGEAR
SW 01 00 00 BULK OIL, OUTDOOR
SW 02 00 00 MINIMUM OIL, OUTDOOR
SW 03 00 00 GAS, INDOOR
SW 04 00 00 VACUUM, OUTDOOR
SW 05 00 00 AIR, INDOOR
SW 06 00 00 BULK OIL, INDOOR
SW 07 00 00 MINIMUM OIL, INDOOR
SW 08 00 00 VACUUM, INDOOR
SW 10 00 00 LOW VOLTAGE
SW 15 00 00 RECLOSERS
SW 20 00 00 AIRBREAK SWITCH, MANUAL-not pol e s/s type
SW 21 00 00 AIRBREAK SWITCH, AIR OPERATED
SW 22 00 00 AIRBREAK SWITCH, ELEC. OPERATED
SW 23 00 00 BUSBAR, EXPOSED (WITH VT' S)
SW 24 00 00 BUSBAR, ENCLOSED (WITH VT' S)
SW 50 00 00 AIR BREAK SWITCH, DISTRIBUTION LOCATION
SW 60 00 00 Ri ng Mai n Swi tch (AIR) - metal encl osed
SW 61 00 00 Ri ng Mai n Swi tch (OIL) - metal encl osed i ncl udes bus bars
SW 62 00 00 Ri ng Mai n Swi tch (SF6) - metal encl osed i ncl udes bus bars
SW 65 00 00 Ri ng Mai n Swi tch (AIR) - Resi n encl osed
TX 00 00 00
TRANSFORMERS
TX 01 00 00 132/33/11kV
TX 02 00 00 132/11kV
TX 03 00 00 66/33 kV
TX 04 00 00 66/11kV
TX 05 00 00 33/11kV
TX 80 00 00 Auto Tap Changers - Rei nhausen
TX 82 00 00 Auto Tap Changers - Charl eri o
TX 83 00 00 Auto Tap Changers - Feranti
TX 84 00 00 Auto Tap Changers - ABB
TX 85 00 00 Auto Tap Changers - Other
OH 00 00 00
OVERHEAD LINES
UG 00 00 00
UNDERGROUND CABLES
PR 00 00 00
PROTECTION
PR 01 00 00 Current Transformers
PR 02 00 00 Vol tage Transformers
PR 10 00 00 Rel ays - Mechani cal
PR 11 00 00 Rel ays - El ectroni c
PR 20 00 00 Surge Di verters - 132kV
PR 21 00 00 Surge Di verters - 66kV
PR 22 00 00 Surge Di verters - 33kV
PR 23 00 00 Surge Di verters - 11kV
PR 24 00 00 Surge Di verters - other
DC 00 00 00
DC POWER SUPPLIES
ER 00 00 00
EARTHING
AU 00 00 00
AUXILLIARY EQUIPMENT
SU 00 00 00
SUBSTATIONS (General )
SC 00 00 00
SCADA
SL 00 00 00
STREET LIGHTING
CM 00 00 00
COMMUNICATION
AF 00 00 00
AUDIO FREQUENCY LOAD CONTROL
VR 00 00 00
VOLTAGE REGULATION
TMC code
Figure 25 - Typical 4 level TMC Outline Structure
RailCorp Page 42 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 43 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
3.1.6 Electronic Filing
Completed MIMIR
maintenance analysis databases will be kept under configuration
control to support continual improvement. Maintenance requirements analysis, even
when done cost effectively is a costly investment. Much of the return on investment
comes from the continual improvement program and hence the ongoing validity of the
analysis data should be maintained.
Analyses collected and maintained on databases such as MIMIR
will be transferred from
the analysis PC to the Client Library which will be maintained as a master. Each system
will correspond to an equipment class, and the systems and equipment will be added to
the library when the analysis, Service Schedules and TMP entries have been approved.
Local backups of the local MIMIR database will be generated using the programmes
Backup Current Database function. The Client Library should reside on a file server
which is backed up regularly, or else on a PC where backups are generated onto storage
media after each database transfer to the Client Library.
3.1.7 Suggested Readings & References
The following are suggested additional readings for this section.
Standard or Reference Name Page Numbers
Nowlan & Heap, Reliability - centred Maintenance Pp 80-86
United States Military Standard
MIL-STD-2173AS
Pp 20-21
Moubray, RCMII Reliability- centred maintenance Pp 243-244
Smith, Reliability Centred Maintenance Pp 38-41
MSG 3 Report Nil
3.2 Failure Modes and Effects Analysis (FMEA)
3.2.1 Introduction
If equipment never failed or needed preventive maintenance then there would be no need
for the provision of any maintenance support. Maintenance plans would not be needed
nor would maintenance staff, spares, tools and the other support costs associated with
the correction and prevention of failures.
All support needs flow from the fact that systems and equipment fail.
It is equipment failure modes and their subsequent effects that are the starting point for
the determination of system support requirements.
The Failure Modes and Effects Analysis process (FMEA) is a reliability procedure which
documents all potential failures in a system design through application of a set of
specified rules. The process may be top down, similar to fault tree analysis (FTA) or
bottom up commencing at the smallest indivisible element in the system.
FMEA as an element of the complete Failure Modes Effects and Criticality Analysis
(FMECA) process is described in MIL-HDBK-338-1A Sect 7-100
20
. The specialist text
which provides the standardised methodology for both FMEA and FMECA is MIL-STD-
20
US MIL-HDBK-338-1A, Electronic Reliability Design Handbook Sect 7100
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
1629A
21
. A more general approach can also be found in IEC 60812.
22
These texts are
not appropriate for use directly in the analysis of rail systems and accordingly they have
been tailored within this text by the experience gained during past RCM analysis
programs.
The failure data derived from the FMEA provides the raw data for all subsequent analysis
associated with the provision of support needs under the generic heading of a Logistic
Support Analysis process.
These support needs include:
Maintenance Planning
Technical data
Training
Personnel
Supply support
Support and test equipment
Facilities
Packaging, handling, storage, and transport
Computer Support.
3.2.2 Process Overview
The FMEA process applied to systems design, involves the identification of the system
functions, the identification of possible failure modes and the effect of the failure mode.
The process is an iterative design tool used to reduce future failure modes in the end
product and is shown in Figure 26.
Definition of the
system its function
and components
Determination of
failure mode
inventory
Examination of
failure mode
effects
Past Failures
Similiar equipment
failures
Reliability Tests
Allocation of
failure modes
to components
and functions
Figure 26 - Failure mode and effects analysis
3.2.3 Functions, Missions and Failures
As defined earlier, the purpose of maintenance is to ensure assets are able to fulfil their
intended business function. The identification of functional requirements provides the
starting point for the analysis of identified significant items.
Functions are established in a top down manner using functional block diagrams. The
function statements must provide clear traceability from the functional requirements of the
21
US MIL-STD-1629A A Procedure For a Failure Mode, Effects, and Criticality Analysis.
22
IEC 60812 Analysis techniques for system reliability Procedure for failure mode and effects analysis
RailCorp Page 44 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
business system through to the resulting assemblage of maintenance tasks defined in a
Technical Maintenance Plan.
The relationship between business requirements, functions and preventive maintenance
tasks is shown at Figure 27. Business needs create asset solutions with system
functions and derived equipment functions that lead to the determination of maintenance
requirements that include a risk managing preventive maintenance program.
Business
Requirement
Asset
Solutions
System
Functions
Maintenance
Requirements
Preventive
Maint tasks
Equipment
Functions
Functional
Descriptions
Figure 27 - Relationship between business needs and preventive maintenance
3.2.4 Types of Functions
At the equipment level there are four types of functions used in the FMEA process and
applied as the prelude to RCM analysis of existing equipment:
Principal functions which represents the business reason for an assets
existence.
Ancillary functions which provide additional useful functions either as enhanced
capability such as reverse thrust in aircraft engines, additional capability such as
steerage with differential braking or opportunistic such as attachment points and
load carrying of adjacent equipment.
Protective functions such as alarms and automatic shutdowns.
Obsolete functions that serve no identifiable useful purpose, but whose failure
may result in adverse effects such as by passed plumbing, circuitry or unused but
dynamic infrastructure (e.g. Track embankments, bridge abutment subject to
collapse).
All listed functions of an item that are to be protected by maintenance activity should
derive from, and support, a top level business objective.
Functions are best illustrated via the creation of a logic block diagram of the entire system
which defines the functional dependencies among the elements of the system. Figure 28
provides an example of a functional block diagram. This functional block diagram, if
complex, may be supported by a data dictionary such as the example shown in Figure
29, which provides a more exacting description of each function including required values
and allowed operating envelopes or performance standards e.g. 440V 20V.
These functional block diagrams and their supporting data dictionaries provide a checklist
of the key functions that maintenance must protect in terms of extending the life of the
item with necessary service activities and preventing the consequences of failures
through the cost effective application of condition monitoring, hard time changeout (for
overhaul or throwaway) and failure finding tasks.
RailCorp Page 45 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
AC Power from Rectifier XFMR
Cool Air
Shunt
SCADA Controls
Buchholz Relay
OCB Shunt
Auxiliary Supply
AC Protection Relay Power
AC Protection Relay Output
1500V +ve
DC Power to Rectifier OCCB
600V AC to Auxiliary XFMR
Hot Air (Heat added)
Earth Current
Buchholz Relay
DCCB Power
SCADA Indication
Visual Indications
OCB Controls
DCCB Controls
DCCB Status
AC Protection
Relay
POWER CUBICLE
CONTROL CUBICLE
Figure 28 - Functional block diagram
Functional block diagrams must be available before the commencement of the failure
modes and effects analysis. These block diagrams should be drawn from available
manuals and drawings and verified where ever possible by site examination. Properly
drawn, with the extraneous material usually present in design and production drawings
removed, they provide a clear and visible checklist of items comprising the systems and
their functional relationships.
It is also important that, where appropriate, the various system states are properly
inventoried and characterised to ensure that the maintenance actions reflect the actual
operating environment of the equipment. Some examples of these states are:
Operating Standby Backup
Storage Testing
Functions are usually identified in the form of a desired standard of performance with
functional failure deemed to have occurred when this level of performance is not
available. The process of defining functions is described in MIL-STD-1629A
23
Page 101-
104, in Moubray's RCMII
24
, pages 37-54 and in Smith
25
at pages 78-80. These more
detailed descriptions may be read in conjunction with this section for a more complete
understanding of the importance of and possible options for clear concise functional
descriptions.
Function name Function Parameters
AC Power from Rectifier
XFMG
2 x 3 600 Vac (1 , 1>)
AC Protection Relay Output Trip
Auxiliary Supply 120 Vdc , 220 Vac (Control cubicle lamp)
Buckholz Relay Status gas surge (G31), Oil Surge (G32)
DCCB Controls Close (3,9), Open (7)
DCCB Status In Service (C4), Closed Ind (5) open Ind (6) Reverse
Current (10), ">" (14)
23
US MIL-STD-1629A, A Procedure For a Failure Mode, Effects, and Criticality Analysis., 101104.
24
Moubray, J ohn, Reliability-Centred Maintenance, Butterworth Heinemann, 1992, 3754.
25
Smith, Reliability Centred Maintenance,
RailCorp Page 46 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 47 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
Function name Function Parameters
DC Power To Rectifier
DCCB
1 x 12 Pulse Output (1500Vdc, +ve &-ve)
Manual Controls OCB Close, OCB Open, DCCB Close, Lockout,
Reset, Indication lamps ON, Supervisory/Local
OCB Controls Trip (from 5250), Trip (52T), Remote Close Control
(305), Closing Contactor, Drive (84), Closed (68),
Open (50), Closed - DCCB Control (66)
SCADA Controls Open, Close
SCADA Indications Lockout, In Service
Shunt 2 Wire Circuit from -ve shunt
Visual Indications OCB Closed, OCB Open, DCCB Closed, DCCB
Open, Local/ Supervisory, Lockout, Buckholtz Gas,
Buckholtz Oil, Reverse Current, Output Current,
Output Voltage, Trip Supply, Sequence Timing,
Frame Leakage.
Buckholtz Power BP
DCCB Power BP, BP, BN3, BN1,
Figure 29 - Functional data dictionary - Rectifier
The following is an example of a functional statement with associated performance
standards suitable for RCM analysis:
To transmit a warning signal to the control room when the gas turbine exhaust
temperature exceeds 520C or a shut down signal if the temperature exceeds 550C.
Key aspects in identifying functional failures are that:
Equipment may have more than one function
Functions are not just binary (off or on) but may involve operating envelopes or
performance standards of one or more parameters.
FMEA examines failures in relation to reliability and hence is influenced by the
particular mission phase and associated environment that establishes the reliability
performance of the equipment. Reliability is directly affected by the operating
environment of the equipment as shown in the definition statement.
Performance standards set the operating boundaries of items of equipment and
often cover the perceived needs of a number of different stakeholders with differing
priorities in regard to operating requirements.
3.2.5 Failure Modes
Failure mode is defined as "The manner by which a failure is observed and generally
describes the way the failure occurs and its impact on equipment operation"
26.
By
defining the functions intended to be performed, we clearly define what a failure mode is.
Failure modes are "the effects by which failures are observed."
Maintenance is managed at the failure mode level because each failure mode is
assessed individually and tasks appropriate to the management of that failure mode can
be determined. Care must be taken to ensure that identified failure modes are properly
connected to the causative mechanism. Some lateral thinking may be required to
prevent stating the obvious and missing the underlying cause.
26
US MIL-STD-1629A, A Procedure For a Failure Mode, Effects, and Criticality Analysis.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 48 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
For example functional failures in an air compressor may be listed as:
piston seized
bearings seized
crank failed.
This listing may lead, quite erroneously, to a proposal to check for bearing vibration or
undertake oil analysis for wear particles. Instead, the prime failure mechanism was lack
of oil from which the other failures flowed and hence the failure modes could be listed at
the top level (Air Compressor) as:
Air compressor seizes due to oil leakage from life expired seals
Air compressor seizes due to lack of oil from normal operational consumption
In MIMIR, this information would be recorded as follows:
Part Description: Air Compressor
Failure Description: Seizes
Failure Cause: Oil leakage from life expired seals.
Failure Cause: Lack of oil from normal operational consumption.
3.2.6 Types of Failures
There are two types of failure categories assigned to identified failure modes:
Functional failures where the function and its associated performance standard
can no longer be achieved
Conditional failures where the items conditional failure probability (ie probability
that the item will fail in a future time period), as assessed through some form of
condition monitoring, is no longer acceptable
The decision to undertake preventive maintenance is an expenditure that must provide a
return on investment. Clear traceability of each function to a business objective is an
essential element in reducing the likelihood of unproductive maintenance actions being
specified within a maintenance plan.
MIL-STD-1629A
27
(pages 101-105) provides the following minimum list of typical failure
conditions to assist in assuring that a complete analysis has been performed:
Premature operation
Failure to operate at a prescribed time
Intermittent operation
Failure to cease operation at a prescribed time
Loss of output or failure during operation
Degraded output or operational capability
Other unique failure conditions based on system characteristics and operational
requirements or constraints.
The provision of standard lists or inventories of failure modes which can be selected by
the analysts simplifies the decision process and saves significant time during the analysis
process. Some MIL-STD-1388-2B Logistic Support Analysis Record (LSAR) compliant
software products provide access to large databases of failure modes provided by the
Rome Air Defence Centre in the United States. A more detailed list of failure modes is
27
US MIL-STD-1629A, A Procedure For a Failure Mode, Effects, and Criticality Analysis., 101105.
RailCorp Engineering Manual Integrated Support
Maintenance Requirements Analysis Manual AM 9995 PM
RailCorp Page 49 of 114
Issued J uly 2010 UNCONTROLLED WHEN PRINTED Version 5.0
provided at Figure 31. More comprehensive lists are available, on certain asset classes,
in the MIMIR library function.
It should be noted that not every failure mode can be corrected or alleviated by a
maintenance action. Close examination may indicate that the cause of failure may flow
from a hardware (design) deficiency or from a personnel (training) deficiency. In these
cases the analysis should provide a consolidated report to the appropriate authority
indicating the deficiency and its future implications.
A database of identified failure modes drawn from the analysis of each application is
included in the attached appendices. This failure data comes from staff experience and
reported failures. Other sources of failure information are:
Manufacturers manuals
Other operators
MIL-HDBK-338-1A (Electro-mechanical)
28