top - download
⟦3ee8cae6e⟧ Wang Wps File
Length: 21455 (0x53cf)
Types: Wang Wps File
Notes: R & M PROGRAM PLNA
Names: »0533A «
Derivation
└─⟦6f17b967f⟧ Bits:30006000 8" Wang WCS floppy, CR 0035A
└─ ⟦this⟧ »0533A «
WangText
9…05…9…06…8…09…8…0b…8…0d…8…86…1
…02…
…02…
…02…
…02…CPS/PLN/004
…02…LP/810123…02……02…#
R & M
PROGRAM
PLAN
…02……02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
5 R & M ANALYSIS ...............................
2
5.1 INTRODUCTION ...............................
2
5 R̲ ̲&̲ ̲M̲ ̲A̲N̲A̲L̲Y̲S̲I̲S̲
5.1 I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
This section summarizes all activities which have to
be performed to realise the specific requirements mentioned
in sec. 3.1.2.
5.2 RELIABILITY REPORTS ........................
5.2.1 Introduction ...........................
4
5.2.2 Reliability Model (Parts Count) ........
5.2.3 Tabular Presentation of Component
Failure Rates Under Required Conditions
5.2.5 MTBF Calculation Method ................
5.2.6 Mathematical Model .....................
5.2.7 Failure Analysis Reports (System
Level Only) ............................
5.2.9 Reliability Test Report (For Specified
Modules Only) ..........................
5.2.10 Final Report .........................
5.2.1 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
These reports are conducted to verify and improve the
reliability on module level and system level as well.
The predicted values are compared with experience by
test data and carefully calculated values using stress
parameter techniques and FMECA tools.
TA̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
6 FAILURE REPORTING AND CONTROL ..................
6.1 INTRODUCTION ...............................
6
6.2 DESCRIPTION OF FAILURE REPORTING SYSTEM ....
6
6.3 COLLECTION OF FAILURE DATA .................
6
6.4 HANDLING OF FAILURE DATA ...................
6.1 I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
A deliberate failure reporting and control system is
of great importance during implementation of the project
and in the operational phase as well. This section
describes all action items to be taken to establish
and run such a system.
6.2 D̲E̲S̲C̲R̲I̲P̲T̲I̲O̲N̲ ̲O̲F̲ ̲F̲A̲I̲L̲U̲R̲E̲ ̲R̲E̲P̲O̲R̲T̲I̲N̲G̲ ̲S̲Y̲S̲T̲E̲M̲
For each CR80 module in CAMPS, a log book shall be
established. Together with a complete technical manual,
including reliability analysis report, possibly FMECA
analyse report, and design analysis report, it shall
contain all facts considering the specific module.
All failures shall be registrated in time and the operating
or test conditions under which the module failed shall
be specified. Every failure and its consequences in
module level and effect on overall performance shall
be thoroughly described.
Besides, reference to the Maintainability plan which
provides information of corrective actions, MTTR-values
etc.
6.3 C̲O̲L̲L̲E̲C̲T̲I̲O̲N̲ ̲O̲F̲ ̲F̲A̲I̲L̲U̲R̲E̲ ̲D̲A̲T̲A̲ ̲(̲c̲.̲f̲.̲d̲)̲
The schemes given in MIL-STD-781 B fig. 7 will be used
in c.f.d.
Strictly speaking, handling the subject of reliability
failure data, the guidelines in the mentioned standard
will be followed as close as possible.
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
7 FAILURE ANALYSIS .............................
7.1 INTRODUCTION ...............................
8
7.2 FAILURE ANALYSIS ...........................
7.3 STRESS PARAMETERS ..........................
7.4 RELIABILITY TESTS ..........................
7.5 TEST AND REPORTING IN MODULE LEVEL .........
7.6 TEST AND REPORTING IN SYSTEM LEVEL .........
7.7 MAINTENANCE ENGINEERING ....................
7.1 I̲N̲T̲R̲O̲D̲U̲C̲T̲I̲O̲N̲
The present section contains the action items which
have to be performed to obtain the requirements mentioned
in section 3.1.4.
…02……02…7.3 FAILURE MODE ANALYSIS (FMA) ................ 10
7.3.1 Introduction ...........................
10
7.3.2 Relations to Reliability Calculations ..
10
7.3.3 Extent of the Analysis .................
11
7.3.4 FMA ....................................
11
7.3.5 FEA ....................................
12
7.3.6 Graduation of Failure Effects ..........
12
7.3.7 Critical Items List ....................
13
7.3.8 FTA ....................................
15
7.3 F̲A̲I̲L̲U̲R̲E̲ ̲A̲N̲A̲L̲Y̲S̲I̲S̲
7.3.1 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
The analysis serves to locate and illuminate effects
of single failures in component level especially to
find those components, which may cause critical and
catastrophical circuit failures.
Two techniques are used:
a) Failure mode, effects and criticality analysis
(FMECA).
b) Fault tree analysis (FTA).
FMECA represents a "bottom-up" approach which finds
the effect of single component failure in a circuit
function.
FTA represents a "top-down" approach which finds who
of the components or combinations that will cause a
postulated circuit malfunction.
7.3.2 R̲e̲l̲a̲t̲i̲o̲n̲s̲h̲i̲p̲ ̲t̲o̲ ̲R̲e̲l̲i̲a̲b̲i̲l̲i̲t̲y̲ ̲C̲a̲l̲c̲u̲l̲a̲t̲i̲o̲n̲s̲
The calculated R-value is the probability of the device
survive without any failure in a given period of time.
The probability of a single failure arises in a given
periods of mission time:
100 x Q = (1-R) x 100 = (1-e…0e… - ept…0f…) x 100
Q = Quality factor in %
= Failure Rate (Failures per mill hours)
e = environmental factor
p = mathematical distribution of the failure
t = time of mission
7.3.3 E̲x̲t̲e̲n̲t̲ ̲o̲f̲ ̲t̲h̲e̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲
These are three distinguis modes of analysis:
Failure Mode Analysis (FMA)
Failure Effect Analysis (FEA) and
Critically Analysis (CA) where the effect of the failure
is graduated.
One use to compress these analyses into a single expression:
Failure Mode Effects and Critical analysis i.e. FMECA.
To complete the analysis, there ought to be done a
calculation of the probability of the arising of the
singular failure.
7.3.4 F̲a̲i̲l̲u̲r̲e̲ ̲M̲o̲d̲e̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲ ̲(̲F̲M̲A̲)̲
The analysis of electronic circuits is based on four
failure modes which are defined here:
a) The part is short-circuited (s/c).
b) The part is open-circuited (o/c).
c) The part is drifting (d) i.e. the component is
beyond its tolerance limits.
d) The part is failing and the mode is secondary.
This failure mode is designated as "any" (a).
The components are investigated one by one for the
defined failure modes and effects of these errors are
analyzed.
7.3.5 F̲a̲i̲l̲u̲r̲e̲ ̲E̲f̲f̲e̲c̲t̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲ ̲(̲F̲E̲A̲)̲
The consequence of influences, by the in 7.3.4 mentioned
failure modes, onto the circuit wherein they execute
their primary function is investigated in detail.
For instance, if the failure has an immediate influence
upon destruction of other components and/or up to which
amount the circuit is still functioning. On system
level: What consequences will the failure bring about
onto other modules or onto the system performance as
a whole?
7.3.6 C̲r̲i̲t̲i̲c̲a̲l̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲ ̲(̲C̲A̲)̲
It is of course too comprehensive and needless to carry
out failure analysis on every single component.
Our goal is to look out and evaluate consequences of
component errors which may cause serious circuit failures.
Therefore in Critical Analysis, the failure effect
is graduated in the following categories:
a) Catastrophic i.e. failures that are both sudden
and complete.
b) Critical i.e. failure that causes less of a unit
or module.
c) Non critical failures which are divided in major
and minor breakdown.
Major breakdown causes loss of redundance. Minor breakdown
causes degradation of output.
Minor breakdowns can't normally be detected and are
not concerned in the present case.
7.3.7 C̲r̲i̲t̲i̲c̲a̲l̲ ̲I̲t̲e̲m̲s̲ ̲L̲i̲s̲t̲
Use of "Critical Levels" make it possible to obtain
a quick over-view of the failure functions in modules
and system. The failures are listed by category in
"Critical Items List" i.e. a table which contains the
following:
Item Description
Nature of Criticality
Critical Failure Mode
Failure Effect
FMECA page no
Critical Category
Detection
Remedy
and issued by:
reviewed by:
date:
Fig. 2-1…01…FMECA WORKSHEET
7.3.8 F̲a̲u̲l̲t̲ ̲T̲r̲e̲e̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲ ̲(̲F̲T̲A̲)̲
Based on the preceding FMECA analysis, a logical model
of every relevant failure category is build up to identify
which components and/or combinations that create malfunctions.
Notice that we are concerning postulated malfunctions
and FTA is to be used both in circuit level and system
level as well.
The FTA procedure with the steps involved and diagrammatic
elements on symbols used together with methods of calculation
are shown in fig. 7.3.8-1.
Fig. 7.3.8-1…01…Fault Tree Analysis
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
7.4 Stress Parameters ........................
7.4.1 Introduction ...........................
18
7.4.2 Environmental Conditions ...............
18
7.4.3 Temperature and Humidity ...............
18
7.4.4 Power Input ............................
19
7.4.5 Dust, Fumes ............................
20
7.4.6 Stress Analysis ........................
20
7.4.2 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
This section just enumerates the required environmental
conditions which are taken in consideration during
reliability design fabrication and testing. A brief
description of Stress Analysis is given in 7.4.7.
7.4.3…02…E̲n̲v̲i̲r̲o̲n̲m̲e̲n̲t̲a̲l̲ ̲C̲o̲n̲d̲i̲t̲i̲o̲n̲s̲
In designing the equipment to meet the specified requirements
no account need be taken of catastrophic events such
as fire, flood, explosion, etc., which are beyond the
control of an equipment manufacturer.
The equipment will normally operate within accomodation
suitable for the operation of similar equipment produced
for commercial use.
After initial adjustments have been made, the equipment
shall maintain normal operation under all specified
environmental and power supply conditions.
7.4.4 …02…T̲e̲m̲p̲e̲r̲a̲t̲u̲r̲e̲ ̲a̲n̲d̲ ̲H̲u̲m̲i̲d̲i̲t̲y̲
The equipment shall continue to function when the humidity
and temperature of its environment are within the ranges
and cycling specified below.
The equipment shall continue to operate in a fully
satisfactory manner even under the worst conditions
specified below.
…02…a) Temperature:
…02……02……02…Range : 10 to 40 deg.C
…02……02……02…Change: max 10 deg. C per hour
…02…b) Humidity : Relative Humidity = RH):
…02……02……02…Range : 40 to 90% RH, non-condensing
…02……02……02…Change: max. 6% RH per hour, non-condensing
…02…c) Altitude :
…02……02……02…Range : Sea level to 2000 meter
The equipment shall be so designed that the loss of
site air conditioning or heating will not cause a catastrophic
failure within 15 minutes after the loss.
An alarm indication shall be given, when the environmental
temperature reaches a value which will require intervention
of supervisory personnel.
7.4.5 P̲o̲w̲e̲r̲ ̲I̲n̲p̲u̲t̲
The equipments shall be capable of satisfying the specified
performance requirements when operating with following
power input:
a) Phases: 3-phase plus zero and ground
(i.e. 5 wires)
b) Voltage: Nominal value 380/220 V AC
Tolerances: +6%/-10%
c) Frequency: Nominal value: 50 Hz
Tolerances: +0.5/-1.0 Hz.
d) Harmonic distortion: max. 5%
Degraded performance without permanently damage will
be accepted during those periods of system operation
where the input power tolerances are:
a) voltage: +/- 15%, frequency: +/- 5% for a period
not to exceed 3 secs.
b) impulsive interference with a magnitude not to
exceed 500 volts, pulse rise and fall times not
faster than 10 microseconds and a total duration
of maximum 1 millisec. The available impulse energy
at the equipment power inlet shall not exceed 5
J.
It shall be possible to resume normal operation by
following the specified recovery procedure (refer 3.2.8).
7.4.6 D̲u̲s̲t̲,̲ ̲F̲u̲m̲e̲s̲
The equipment shall be able to operate continuously
and with normal scheduled preventive maintenance in
the following air environment:
a) Ai̲r̲ ̲c̲l̲e̲a̲n̲i̲n̲e̲s̲s̲
particle size max. allowable number
(̲m̲i̲c̲r̲o̲n̲s̲)̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲(̲p̲a̲r̲t̲i̲c̲l̲e̲s̲/̲c̲u̲b̲i̲c̲m̲e̲t̲e̲r̲)̲
greater than 5 4* (10 5)
greater than 1.5 4* (10 6)
greater than 1 4* (10 7)
b) F̲u̲m̲e̲s̲
sulphur dioxide max. 14 ppm.
7.4.7 S̲t̲r̲e̲s̲s̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲
The stress analysis technique involves the same basic
steps as the partscount technique used in prediction
of the reliability model. That is count the number
of each part type, multiply this number by a generie
failure rate for each part type and sum up the products
to obtain the failure rate of each functional circuit,
module and/or block depicted in the system block diagram.
Each part is evaluated in its electrical circuit and
mechanical assembly application based on an electrical
and thermal stress analysis. This procedure is carried
our during the design phase of the modules.
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
7.5 RELIABILITY TESTS ..........................
22
7.5.1 Introduction ...........................
22
7.5.2 Reliability Requirements ...............
7.5.3 Test Requirements ......................
7.5.4 Preparation of Test ....................
7.5.5 Test Procedures and Descriptions .......
23
7.5.6 Statistical Test Plans .................
7.5.7 Test Conditions ........................
7.5.8 Test Activities ........................
7.5.9 Repair .................................
7.5.10 Failure Analysis .....................
7.5.11 Log Book, Failure Reports and Test
Reports ..............................
7.5.12 Interpretation of Test Results .......
7.5.13 Failure Classification ...............
7.5.14 Statistical Treatment ................
7.5.15 Conclusion ...........................
7.5.16 Acceptance ...........................
7.5.17 Conditional Acceptance ...............
7.5.18 Rejection ............................
7.5 R̲E̲L̲I̲A̲B̲I̲L̲I̲T̲Y̲ ̲T̲E̲S̲T̲S̲ ̲
7.5.1 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
This section describes reliability test and verification
methods.
Reliability testing of electronic equipment serves
2 purposes:
1) Estimation of absolute reliability value of a device.
2) Verification of, with statistical confidence, that
a device meets specific requirements.
7.5.6 P̲r̲e̲p̲a̲r̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲R̲e̲l̲i̲a̲b̲i̲l̲i̲t̲y̲ ̲T̲e̲s̲t̲s̲
Before running the tests, a number of important information
has to be established and an outline for these items
is given below:
7.5.5.1 Selection and identification of test items.
7.5.5.2 A detailed specification for each item shall be worked
out concerning verification of measured reliability.
7.5.5.3 The guidelines in MIL-STD-781 B sec. 5.1.3 shall be
used.
7.5.5.4 Relevant reliability value which may be considered
satisfactory for the individual item shall be calculated
for comparison.
7.5.5.5 The statistical test model used for verification.
7.5.5.6 Functional and environmental conditions, loading and
supply ratios included and relevant operating manuals.
7.5.5.7 Description of preventive maintenance which has to
be carried out during the test.
7.5.5.8 General considerations related to selection of test
conditions. Here some of the most important are mentioned
as hints:
7.5.5.9 The basic cause to requirements for reliability testing.
7.5.5.10 Expected changes in application conditions for the
equipment.
7.5.5.11 The test equipment and time available.
7.5.5.12 The relative costs due to different test conditions.
7.5.5.13 The probability for the different load factors which
are present during user conditions should be failure
accelerating.
7.5.5.14 The estimated reliability qualities as function of
the test conditions.
7.5.5.15 Functional parameters which have to be watched during
the test phase and criteria to whom they must be designated
as failure in the test/item.
7.5.5.16 Failure modes which demand immediate decision of rejecting.
7.5.5.17 Failure modes may be considered as non-relevant.
7.5.5.18 Time periods during the test, which have to be regarded
as relevant test time.
7.5.5.19 Minimum/maximum of the relevant test period or the
number of operations for each test item.
7.5.5.20 Tests, adjustments, calibrations, and burn-in time
which have to be conducted before the beginning of
the reliability test.
7.5.5.21 Maintenance procedures have to be carried out and prospective
procedures, to exchange failed parts or units, ought
to be established.
7.6 T̲E̲S̲T̲ ̲A̲N̲D̲ ̲R̲E̲P̲O̲R̲T̲I̲N̲G̲ ̲A̲T̲ ̲M̲O̲D̲U̲L̲E̲ ̲L̲E̲V̲E̲L̲
7.6.1 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
This section contains various comments concerning the
modules in general.
7.6.2 T̲e̲s̲t̲ ̲a̲n̲d̲ ̲R̲e̲p̲o̲r̲t̲i̲n̲g̲
All CR80D modules have a predicted MTBF value far beyond
3500 operating hours and they therefore don't have
to pass a Factory Acceptance Test - according to our
present knowledge.
However, to each module there shall be produced a Reliability
Report where the MTBF value will be sincerely justified
by analytical calculations.
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
7.7 TEST AND REPORTING IN SYSTEM LEVEL .........
7.7.1 Introduction ...........................
27
7.7.2 System Reliability Report ..............
27
7.7.3 Failure Mode Analysis ..................
27
7.7.4 Reliability Tests ......................
27
7.7.5 Maintainability ........................
27
7.7.6 Availability ...........................
27
7.7.1 I̲n̲t̲r̲o̲d̲u̲c̲t̲i̲o̲n̲
In system level all modules are integrated and tested
interacting with each other. This is a very important
part of the R & M Program Plan. The gained data and
experience from this issue are fundamental in the efforts
to describe, verify, and specify the system performance
of CAMPS.
7.7.2 S̲y̲s̲t̲e̲m̲ ̲R̲e̲l̲i̲a̲b̲i̲l̲i̲t̲y̲ ̲R̲e̲p̲o̲r̲t̲
This report is structured similar to those of the modules.
(See section 5).
The CAMPS Reliability Model of the Total System is
surveyed and appraised against newly gained test data
and data delivered by improved calculations and tools.
7.7.3 F̲a̲i̲l̲u̲r̲e̲ ̲M̲o̲d̲e̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲
FMECA analysis of the total system is based on the
description stated in section 7.3.
The analyses shall be conducted to secure and verify
that failure independence is obtained anywhere in the
system.
7.7.4 R̲e̲l̲i̲a̲b̲i̲l̲i̲t̲y̲ ̲T̲e̲s̲t̲s̲
In CR CAMPS test system (DSMT), which is a close copy
of the real system on a site, every single module shall
be placed in continual working mode for at least 500
operating hours. A distinct group of each module type
is selected for long time testing i.e. 2000 operating
hours continual.
The main task for the 500 hours test is to exercise
and test all possible module functions and load the
modules and the system similar to the practical application.
The purpose of the 2000 hours test is to verify long
time performance and to applicate and test diagnostic
software and firmware. From both tests all sorts of
data will currently be collected and analysed. Obsiously,
the reliability tests on the system level will be planned
and executed just as described in section 7.5.
7.7.5 M̲a̲i̲n̲t̲a̲i̲n̲a̲b̲i̲l̲i̲t̲y̲
Verification of predicted MTTR-values may be carried
out during the Reliability Test, at least up to a certain
extent. A final estimation of MTTR based on reliability
tests alone would be premature, a serial of special
test shall be provided and this subject is referenced
to in the Maintainance Plan no.
which is provided by Logistic Support.
7.7.6 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲
Based on evaluated MTTR value - inputs from Logistic
Support and the verified reliability figures from the
R & M test the System availability and for groups of
modules i.e. Processor Crate, LTUX Crate etc. Final
availability values would be released relatively late,
i.e. after the Acceptance Test.
