Académique Documents
Professionnel Documents
Culture Documents
Section
Introduction
to Reliability
Warwick Manufacturing Group
AN INTRODUCTION TO RELIABILITY
ENGINEERING
Contents
Introduction
Measuring reliability
12
Reliability management
34
Summary
35
Page 1
RELIABILITY ENGINEERING
1 Introduction
1.1 Definition
Most people will have some concept of what reliability is from everyday life, for example,
people may discuss how reliable their washing machine has been over the length of time they
have owned it. Similarly, a car that doesnt need to go to the garage for repairs often, during
its lifetime, would be said to have been reliable. It can be said that reliability is quality over
time. Quality is associated with workmanship and manufacturing and therefore if a product
doesnt work or breaks as soon as you buy it you would consider the product to have poor
quality. However if over time parts of the product wear-out before you expect them to then
this would be termed poor reliability. The difference therefore between quality and reliability
is concerned with time and more specifically product life time.
Reliability engineering has both quantitative and qualitative aspects; measurements of
reliability are necessary for customer requirements compliance. However measuring
reliability does not make a product reliable, only by designing in reliability can a product
achieve its reliability targets. These lecture notes will therefore introduce some of the
terminology used in reliability engineering. It will provide information about measuring
reliability as well as designing for reliability. Moreover it will emphasise the importance of
good engineering principles to ensure product reliability. By identifying possible causes of
failure and elimination will obviously help to improve product reliability.
The formal definition of reliability is as follows: The ability of an item to perform a required
function under stated conditions for a stated period of time. BS4778
Another definition concerns the probabilistic nature of measuring reliability, i.e. the
probability of an item to perform a required function under specified conditions for a stated
period of time. It is therefore a measure of engineering uncertainty and to quantify reliability
involves the use of statistics and more specifically probability theory. These notes will also
describe some useful probability distributions that can describe the lifetime behaviour of
products.
The product is not fit for purpose or more specifically the design is inherently
incapable.
Page 2
Items are designed for a specific operating environment and if they are then used
outside this environment then failure can occur.
There are many reasons for failure in items the list above is a generic list.
Probability
The load and strength of an item may be generally known, however there will always be an
element of uncertainty. The actual strength values of any population of components will vary;
there will be some that are relatively strong, others that are relatively weak, but most will be
of nearly average strength. Similarly there will be some loads greater than others but mostly
they will be average. Figure 1, below shows the load strength relationship with no overlaps.
Load
Strength
However if, as shown in figure 2, there is an overlap of the two distributions then failures will
occur. There therefore needs to be a safety margin to ensure that there is no overlap of these
distributions.
Probability
Failure
Load
Strength
Page 3
It is clear that to ensure good reliability the causes of failure need to be identified and
eliminated. Indeed the objectives of reliability engineering are:
To apply methods of estimating the likely reliability of new designs, and for analysing
reliability data.
These notes will discuss some of the techniques that can be used to identify failures as well as
the statistical techniques for analysing reliability data.
Safety
Competitiveness
Profit margins
Reputation
Good will
KEY POINTS
Page 4
2 Measuring reliability
2.1 Requirements
Many customers will produce a statement of the reliability requirements that is included in the
specification of the product. This statement should include the following:
The definition of failure related to the products function and should cover all failure
modes relevant to the function;
A full description of the environments in which the product will be stored, transported,
operated and maintained;
Care must be given in defining failure to ensure that the failure criteria are unambiguous.
Failure should always relate to a measurable parameter or to a clear indication. For example,
a definition of failure could include failure of a function to operate. To be able to design for
the load of the product the design team must have accurate information concerning the
environment of the product. If an item must fully operate at high altitude with extreme
changes in temperature then the design must be robust enough to withstand such
environmental factors. Similarly if a product is stored in extreme conditions prior to use then
the design must accommodate for the storage conditions.
The reliability requirement should be stated in a way which can be verified, and which makes
sense relative to the use of the product. The simplest requirement is to state that no failure
will occur under stated conditions. Reliability requirements based on life parameters (see
section 2.3) must be based on the corresponding life distributions. A common parameter used
is MTBF, when a constant failure rate is assumed.
Reliability and Maintainability case
The UK MOD has recently moved away from prescriptive reliability requirements and now
requests a reliability case from their suppliers. The reliability and maintainability (R&M)
case is defines as A reasoned, auditable argument created to support the contention that a
defined system satisfies the R&M requirements . DEF STAN 0042 part 3 is a document
produced by the UK MOD that gives guidance on what goes into an R&M case.
Page 5
Hazard function
period of time represents the burn-in or debugging period where weak items are weeded out.
After the initial phase when the weak components have been weeded out and mistakes
corrected, the remaining population reaches a relatively constant hazard function period,
known as the useful life period. From figure 3 you can see that the hazard function is
constant, this shape can be modelled by the exponential distribution (see section 2.3) when
failure are occurring randomly through time. The final portion of the bath-tub curve is called
the wear-out phase, this is when the hazard function increases with time.
Useful Life
Time
Infant
Mortality
Wear Out
Figure 3 The bath-tub curve
f ( x)dx = 1
Page 6
The probability of a value falling between any two values x1 and x2 is the area bounded by
this interval, i.e.
p ( x1 < x < x2 ) =
x2
f ( x)dx
Frequency f(x)
x1
values
Figure 4 Probability density function
In reliability since we are usual discussing time we will change x to t, i.e. f(t). The
cumulative distribution function or CDF, F(t), gives the probability that a measured value will
fall between - and t, i.e.
t
F (t ) =
f (t )dt
CDF,
F re
q uF(t)
ency (
1 .2
1
0 .8
0 .6
0 .4
0 .2
V a lu e
Page 7
In reliability engineering we are concerned with the probability that an item will survive for a
stated interval of time (or cycles or distance etc.) i.e. there is no failure in the interval (0 to t).
This is known as the survival function and is given by R(t). From the definition:
R (t ) = 1 F (t ) =
f (t )dt = 1 f (t )dt
1.2
Frequency
(%)
R(t)
1
0.8
0.6
0.4
0.2
0
Value
Another important function in reliability is the hazard function h(t); it is the conditional
probability of failure in the interval t to (t+dt), given that no failure has occurred by t:
h(t ) =
f (t )
R (t )
f (t )
= 1 F (t )
The bath tub curve, shown in figure 3, shows 3 different hazard functions, one decreasing, one
constant and one increasing hazard function.
Page 8
h(t ) =
e t
e t
Notice that the hazard function is not a function of time and is in fact a constant equal to ..
For repaired items, , is called the failure rate and 1/ is called the mean time between failures
(MTBF), sometimes denoted as . An important point to note is that 63.2% of items will have
failed by time t=.
The failure rate can be calculated as the total number of failures divided by the total operating
time.
The exponential distribution is the most commonly used distribution in reliability engineering
and models the useful life portion of the bath-tub curve.
R (t ) = e
( t )
where is the shape parameter and is the scale parameter or characteristic life. The
characteristic life is the life at which 63.2% of the population will have failed.
When = 1, the hazard function is constant and therefore the data can be modelled by an
exponential distribution with =1/ .
When <1, we get a decreasing hazard function and
When >1, we get a increasing hazard function
Figure 7, below, shows the Weibull shape parameters superimposed on the bath-tub curve.
Hazard function
Page 9
Useful Life
=1
<1
>1
Time
Infant
Mortality
Wear Out
When >3.5, the Weibull distribution is an approximation for the Normal distribution.
There is also a three parameter version of the Weibull distribution and this is called the
location parameter. It is sometimes called the failure free time or the minimum life.
Other notation often used with the Weibull distribution is the Bn-life, this is the time by which
n% of the population can be expected to fail. (n is the proportion failing).
Page 10
RS = e At * e B t * .... * e Z t
The Failure rate of the system is calculated as by adding the failure rates together, i.e.
S = A + B + .......... + Z
2.4.2 Active redundancy
One of the most common forms of redundancy is the parallel reliability model where two
independent items are operating but the system can successfully operate as long as one of
them is working, diagrammatically:
Page 11
A
B
Figure 9 dual redundant system
The reliability of the system is equal to the probability of item 1 or item 2 surviving, e.g.
RS = RA + RB (RA* RB)
And for the constant hazard function case:
RS = e At + e B t e ( A + B )t
This example assumes each item is not repaired after failure i.e. non-maintained system.
m 1
R = 1 n Ci R i (1 R ) n i
i =0
There are other system reliability models including the standby redundancy situation but those
above are the simplest.
Page 12
Assuming all the parts in a system are independently exponentially distributed, i.e. one part
does not cause the other to fail then the overall system failure rate can be calculated using the
series system model shown above. For example, the failure rate of a printed circuit board is
the sum of the failure rates of each of the components.
For example:
Component type
Quantity
Failure rate
Quantity*failure rate
Ceramic capacitor
30
0.00001 * 10-6
0.0003 * 10-6
Tantalum capacitor
10
0.0003 * 10-6
0.003 * 10-6
Carbon resistor
30
0.00001 * 10-6
0.0003 * 10-6
Diodes
10
0.0002 * 10-6
0.002 * 10-6
Transistors
15
0.0005 * 10-6
0.0075 * 10-6
Logic IC
20
0.001 * 10-6
0.020 * 10-6
The failure rates for components can be estimated from company in-service databases or can
be attained from published handbooks and published data.
KEY POINTS
Weibull with shape parameter, can model decreasing and increasing hazard function.
When Beta =1 is equal to exponential. Characteristic life is the 63rd percentile
Series systems modelling used for estimating system reliability by using parts count
method
Page 13
rules should be followed. However there are a few general principles that should observed,
these include:
Consider the load-strength relationship and ensure there is an adequate safety margin.
Minimum complexity
Identify any single point failures and either mitigate or design them out.
Use lessons learned from previous products to design out any known weaknesses.
Page 14
Design
FMECA, FTA, PoF,RBD
FE,accelerated life test
Development
Development Test
Use
Field data analysis
FRACAS
Test
Manufacture
ESS, Burn-in
SPC
Development testing is used to investigate the robustness of the product and to identify any
design weaknesses with respect to the load. Development testing incorporates environmental
testing and is used for fitness of purpose of the product.
When the product has been developed, the design closed and ready for production, statistical
process control and other quality engineering tools are imperative for ensuring a good quality
product.
Environmental stress screening or burn-in is sometimes used to test all manufactured units
prior to release to the customer. The purpose of ESS is to identify any manufacturing
weaknesses in individual items.
When in-service, product performance data should be collected to check the product
reliability and also to feed forward to new product design in the form of lessons learned.
More discussion on some of these tools and techniques is given in later sections.
Page 15
Undesirable single event or system success at the highest level of interest (the top event)
should be defined.
Contributory causes of that event at all levels are then identified and analysed.
Event-oriented method
Used for evaluating multiple failures including sequentially related failures and commoncause events
Some examples of top-down methods include: Fault tree analysis (FTA); Reliability block
diagram (RBD) and Markov analysis
Fault tree analysis
Fault tree analysis is a systematic way of identifying all possible faults that could lead to
system fail-danger failure. The FTA provides a concise description of the various
combinations of possible occurrences within the system that can result in predetermined
critical output events. The FTA helps identify and evaluate critical components, fault paths,
and possible errors. It is both a reliability and safety engineering task, and it is a critical data
item that is submitted to the customer for their approval and their use in their higher-level
FTA and safety analysis. The key elements of a FTA include:
Cut sets are groups of events that would cause a system to fail
The following diagram shows the flowchart symbols that are used in fault tree analysis in
order to aid with the correct reading of the fault tree.
FTA can be done qualitatively by drawing the tree and identifying all the basic events.
However to identify the probability of the top event then probabilities or reliability figures
must be input for the basic events. Using logic the probabilities are worked up to given a
probability that the top event will occur. Often the data from an FMEA are used in
conjunction with an FTA.
Page 16
Circle signifies a primary failure or basic fault that requires no further development
Diamond denotes a secondary failure or undesired event but not developed further
And gate denotes that a failure will occur if all inputs fail (parallel redundancy)
Or gate denotes a failure will occur if any input fails (series reliability)
Transfer event
The RBD is discussed and shown in section 2.4 above. It is however among the first tasks to
be completed. It model system success and gives results for the total system. As shown in
section 2.4, it deals with different system configuration, including, parallel, redundant,
standby and alternative functional paths. It doesnt provide any fault analysis and uses
probabilistic measures to calculate system reliability.
Page 17
For each fault mode the corresponding effect on performance is deduced for the next
higher system level
The resulting fault effect becomes the fault mode at the next higher system level, and
so on
Successive iterations result in the eventual identification of the fault effects at all
functional levels up to the system level.
Some examples of bottom-up methods include: Event tree analysis (ETA); FMEA and Hazard
and operability study (HAZOP).
Event tree analysis
used when it is essential to investigate all possible paths of consequent events their
sequence
analysis can become very involved and complicated when analysing larger
systems
Example:
A PA1 = 0.5
C
C1 Pc1 = 0.5
C2 Pc2 = 0.4
C3 Pc3 = 0.6
C4 Pc4 = 0.2
C5 Pc5 = 0.8
B
PB1 = 0.3
A
PA2 = 0.5
C
B
PB2 = 0.7 C
A no property damage or injury
B property damage, no injury
C damage to the car only, no other property damage
Page 18
Page 19
Page 20
Page 21
This speeds up testing, and if an interactive vibration/temperature failure mode is present, this
combined testing may be the only way to find it. Other stresses used may be power stepstress, power cycling, package preconditioning with infrared (IR) reflow, electrostaticdischarge (ESD) simulation, and so forth. The choice depends on the intended type of unit
under test and the units potential failure modes.
HALT is primarily for assemblies and subassemblies. The HALT test method utilizes a
HALT chamber. Today, these multi-stress environmental systems are produced by a large
number of suppliers. The chamber is unique and can perform both temperature and vibration
step-stress testing.
Extremely costly
It is an acceptance test
It has been shown that a well managed reliability growth programme as discussed earlier
would avoid the need for demonstration testing as they concentrate on how to improve
products. It is has also been argued that the benefit to the product in terms of improved
reliability is sometimes questionable having used PRST methods.
Page 22
material problems have been resolved. Once this occurs, a monitoring program can ensure
that the process has not changed and that any deviations have been stabilized. Here, the term
screening implies 100% product testing while monitoring indicates a sample test. Screens
are based upon a products potential failure modes. Screening may be simple, such as on-off
cycling of the unit, or it may be more involved, requiring one or more powered environmental
stress screens. Usually, screens that power up the unit, compared with non-powered screens,
provide the best opportunity to precipitate failure-mode problems. Screens are constantly
reviewed and may be modified based on screening yield results. For example, if field returns
are low and the screen yields are high (near 100 percent), the screen should be changed to find
all the field issues. If yields are high with acceptable part per million (PPM) field returns, then
a monitoring program will replace the screen. In general, monitoring is preferred for lowcost/high-volume jobs. A major caution for selecting the correct screening program is to
ensure that the process of screening out early life failures does not remove too much of a
products useful life. Manufacturers have noted that, in the attempt to drive out early life
failure, the useful life of some products can become reduced. If this occurs, customers will
find wear-out failure mechanisms during early field use.
The information obtained when a product is first introduced to the Development Phase in the
HALT process enables the development of a HASS test. HALT, is a highly accelerated
reliability growth Test-Analyze-And-Fix (TAAF) process. In HASS, failures are analyzed,
and corrective actions are implemented. The test is repeated until the observed failure modes
have been fixed, and the environmental technology limits of the part are understood. This
information is used for the Production Phase. At this stage, one either develops a traditional
ESS or a HASS test. HASS test combines thermal cycling, vibration, and power stress
simultaneously. The testing range is within the operating limits that are known from prior
HALT testing performed. Similar to HALT, HASS is an aggressive screening program to
help weed out failure modes and implement corrective actions as soon as possible. This
process enables products to be moved quickly into a monitoring program. The HASS process
typically helps to reduce screen time (30 percent to 80 percent) and move a product more
quickly into the Monitoring Phase. For example, a common screen uses 168-hour burn-in, 20hour thermal shock, and a 60-minute vibration test. Since this is a fairly lengthy screen, it is
advantageous to work with a HASS program. In the HASS process, this test is quickly
reduced to a monitoring program. Since faster test results help in implementing product
improvements and moving to a monitoring test, cost savings can be passed onto the customer.
If HASS precipitates a failure, an immediate failure analysis is performed to determine the
root cause. A 100 percent screen is maintained until the process is in control. At that point,
monitoring can be performed. The monitoring also includes a HALT at given intervals to
ensure that the product safety margins have not deteriorated from those obtained in the
Evaluation Phase. Thus, knowledge of the HALT and HASS environmental limits, relative to
a customer specification, is very helpful in providing engineering confidence in the proper
design of the screening and the subsequent monitoring test. Such sound practices are
important for providing a highly reliable product.
Page 23
costly. A program manager must know if Reliability Growth can be achieved under required
time and cost constraints. A plan of attack is required for each major subsystem so that
system-level reliability goals can be met. However Reliability Growth planning is
recommended for all new platforms, whether they are complex subsystems or simple
components. In a commercial environment with numerous product types, the emphasis must
be on platforms rather than products. Often there may be little time to validate, let alone
assess, reliability. Yet, without some method of assessment, platforms could be jeopardized.
Accelerated testing is, without question, the featured Reliability Growth tool for industry. It is
important to devise reliability planning during development that incorporates the most timeand cost effective testing techniques available.
Reliability growth can occur at the design and development stage of a project but most of the
growth should occur in the first accelerated testing stage, early in design. Generally, there are
two basic kinds of Reliability Growth test methods used: constant stress testing and stepstress testing. Constant stress testing applies to an elevated stress maintained at a particular
level over time, such as isothermal aging, in which parts are subjected to the same
temperature for the entire test (similar to a burn-in). Step-stress testing can apply to such
stresses as temperature, shock, vibration, and Highly Accelerated Life Test (HALT). These
tests stimulate potential failure modes, and Reliability Growth occurs when failure modes are
fixed. No matter what the method, Reliability Growth planning is essential to avoid wasting
time and money when accelerated testing is attempted without an organized program plan.
Todays competitive market requires thorough planning, especially since platform complexity
has increased dramatically as competition and technological advances have driven down size
and costs. Traditional methodology provides us with many valuable tools, such as test
planning, growth tracking and assessment, fix-effectiveness factor estimation, corrective
action review team operations, and Test-Analyze-And-Fix (TAAF) strategies. All methods
use a FRACAS type approach to audit corrective actions.
There are numerous types of accelerated tests including HALT, Step-Stress, Highly
Accelerated Stress Screening (HASS), Environmental Stress Screening (ESS), failure-free
accelerated testing, Reliability Growth and accelerated reliability growth. These practices are
all important, since each has been used today in both commercial and industrial applications
for ensuring product reliability. The methods have not been without confusion. Confusion
exists as to when and which test method should be used and the Reliability Growth that can
be achieved with any one method. The methods should be to integrating and implemented
throughout the product development cycle using Table 1 summarizes the approach and how
these tests fit into the product life cycle.
Accelerated test or
methods
Reliability Growth or
Reliability Enhancement
Page 24
Understanding Customer
Requirements
Proposal
concept design
and
HALT (Highly
Accelerated Life Test)
Design
development
and
Step-Stress Test
Design
and
development of units
or components
Failure-Free Test or
demonstration test
Post design
ESS (Environmental
Stress Screening)
production
HASS (Highly
Accelerated
Stress Screen)
production
Page 25
The basic methodology in Reliability Growth planning should minimally consist of the
following
The design of appropriate accelerated tests to stress expected or unexpected failure
modes of the subsystems. These tests should be chosen and designed to stimulate
failures at a faster rate. An effective program will include a streamlined root-cause
corrective action plan. Without a complete plan, accelerated testing will be wasted
and Reliability Growth opportunities lost.
The correct use of historical acceleration factors and Reliability Growth parameters.
This will enable estimates of accelerated Reliability Growth over the programs
testing phases to be generated.
The accurate tracking and assessment of Reliability Growth during and after each test
phase and corrective action. This helps with correct assessment techniques for fix
effectiveness to properly evaluate compliance of growth goals/milestones. Planning
Reliability Growth is not enough; periodic assessments of reliability are also essential
so that management is assured that their achievement of the planned Reliability
Growth goals is realistic.
Good monitoring and management of corrective actions using FRACAS
3.4 FRACAS
A Failure Reporting and corrective action system (FRACAS) is closed-loop coordinated
system that is used to manage failures throughout the product life cycle. It records
information about failures of a product and when and where they occurred but it also enforces
corrective action details are documented.
It is used from the beginning of a project until it is withdrawn from service. All personnel use
the system and are responsible for any FRACAS they own.
There will be one group who will have overall control of the FRACAS administration and
their function would be to ensure that all FRACAS raised are acted upon and closed out and
also to collect lessons learned and feed forward as appropriate.
For example: an engineer is working on the reliability growth programme and has
encountered a failure of the product during the step-stress test of the unit. The engineer
should raise a FRACAS and state the problem as well as give details of the unit number, date
of failure, what is was doing when it failed, reference to the test conditions. This FRACAS
would then be passed to an engineer to diagnose the fault and ultimately find a fix. The unit
can be fixed and the testing resumed. However the FRACAS is not closed until the fix has
been documented and implemented in the design and ultimately drawings (assuming the fault
is due to design). The owner of this FRACAS is responsible for seeing the problem through
and an engineering review of FRACAS would show all outstanding open FRACAS. This
ensures that problems are getting solved rather than stacked up.
Page 26
service performance and identifying any systematic faults that can be fixed in this and future
products.
Exploratory Data Analysis can be used on such data to look for trends or systematic failures.
To analyse such data the data recorded should include the following basic information:
Date of failure
Product type
Customer
Diagnostic information
This type of information allows the product support organisation within a company to analyse
the data to identify where the majority of failures are occurring.
For example:
Agree Categorisation
of all Unit Removals
Page 27
Determine Real Cause
of Confirmed Removals
External Fault
No Fault Found
Design
Build
Supplier
T est
Confirmed Faulty
Confirmed Not Faulty
Understand Why
Fault Isolation Fails
Troubleshooting
System Design
Fault Isolation Manual
By finding out that most confirmed failures are due to build problems the data can then be
filtered and analysed to explore what types of build failures are occurring and eventually to
investigate ways of reducing such failures.
Evolutionary
Low Risk
Moderate Risk
Revolutionary
High Risk
Very High Risk
Revolutionary technologies carry a higher risk. For example, when the first airplanes were
developed in the early 1900s, flying these early machines often resulted in injury or death.
Now that flying is a mature technology, the risks of flying are very low. Evolutionary changes
to the aircraft having similar applications today carry low risks since the technology is mature.
The goal of a risk management program is to make correct decisions at key points in the
program. Technology risk management is essential to the success of any development
program. Risk issues and their consequences concern everyone involved with a programs
success. The larger and the more undeveloped a technical program, the more important it is to
Warwick Manufacturing Group
Page 28
manage risks. In the case of a reasonably large and/or complex program, many technical
details can impact the system. The purpose of risk management is to identify, assess and
mitigate risks throughout the project.
Since component and subsystem risks are magnified at the system level, it is important that
program management becomes aware of issues early in the program. All potential risk areas
require identification and risk handling. Management can then direct resources to prioritized
risk areas and conserve valuable time and expenses. These benefits are best realized when
technical risk issues can be properly identified, assessed, quantified, and finally handled both
at the system and the subsystem level.
3.7 REMM
The REMM project developed a methodology that supports product reliability enhancement
and consequently is viewed primarily as a design for reliability tool although it could be used
by management and product support to view the reliability status of products. It is viewed as a
move away from playing the numbers game using reliability predictions towards a more
considered approach. Its purpose is to encourage design for reliability by providing engineers
with reliability information and lessons learned on previous designs as well as providing a
proactive holistic approach to design
Current reliability prediction techniques for electronics have been shown to be
unrepresentative of real situations. There is a dichotomy between the way reliability is
assessed (predicted) and the way it is actually achieved.
Many aerospace companies continue to use MIL Handbook 217 for reliability predictions.
Usually the predictions are made on a parts count basis and then the overall predicted failure
rate is factored using in-service performance of previous products. So if a prediction had
been done on a product that is now in the field then a multiplicative factor can be obtained by
comparing the in-service reliability and that prediction. Such factors are therefore used in
predictions for new designs.
The problem with this approach is that the product reliability is not really considered. The
parts count prediction is based on the number of components of each type and their
corresponding failure rates and as is widely known this is all based on the assumption of
constant failure rates. In addition there is a temptation when given an MTBF requirement to
use the prediction to show that it will be met without doing any engineering analysis. In other
words the prediction is often altered rather than the design or manufacture of the product.
The R&M case was developed by the UK MOD as a move away from prescribing reliability
methods and tools towards a more measured approach to achieving reliable products. The
definition is given as A reasoned, auditable argument created to support the contention that a
defined system satisfies the R&M requirement and is therefore concerned with providing
progressive assurance that the product will be reliable. The impetus for this move towards the
R&M case is partly driven by experience. In the past the MOD, in their contracts, prescribed
specific reliability techniques and tools to be performed. They believed that using such tools
and techniques would produce the required reliable products. However, in many cases, the
opposite occurred. Payments were made to suppliers for producing the required documents
however no evidence was necessary to show that any of the tools and techniques applied
actually affected the product design and development. In other words the focus was on
producing documents rather than showing that the product would meet the necessary
Warwick Manufacturing Group
Page 29
REMM Process
The REMM process was developed by the project team based on the philosophy of
evolutionary design of products i.e. any new product design can be based on an existing
product design. To design a new product the REMM philosophy urges the user to consider
the differences between the new product design and previous product designs. These
differences would include functionality, process (design and manufacture) and environmental
changes to enable the project team to concentrate on the risky aspects of the new product
design and development. Figure 11 below shows the simplified REMM process flow. As in
DEF STAN 00-42 part3 the REMM process starts with analysing reliability requirements and
then moves on to identifying the reliability risks. The risks are identified in REMM by
identifying the novel aspects of the product design, manufacture, application and use.
Having captured requirements a similar product is identified and its associated data is
analysed in order to inform the project team of any reliability issues. The new design is
therefore altered in light of this data analysis. For example, if a particular component used in
a previous product and likely to be used in the new product is shown from analysis to be
causing reliability problems in the field then by highlighting such issues the project team can
make informed decisions regarding the new product design.
Capture requirements
Review lessons learned
through data analysis
Service data
Reliability Case
The REMM process therefore encourages the active use of lessons learned from previous
product manufacture and performance.
A REMM tool has been developed and implemented at Goodrich engine controls to
encompass the process shown in figure 12. The tool allows the user to design a new product
based on all previous products. Obviously there will be changes to designs over time for
numerous reasons, e.g. new technology, additional functionality, different installations, new
Warwick Manufacturing Group
Page 30
environment etc. These differences between the new design and previous designs are
captured by the tool and fed into the REMM expert system. Capturing these differences
focuses the project team on the risky aspects of this new product.
The REMM expert system has been implemented at Goodrich engine controls and is a
knowledge base expert system. It has been populated with rules that were written by
interviewing chief engineers across the different disciplines, i.e. electronic, mechanical,
components, process and reliability. The rules consist of all the possible changes structured
hierarchically. So for example, Environmental changes can be due to vibration, thermal,
humidity and shock changes. Looking at vibration changes, the input fact could be, for
example:
Rules for new product design aspects have also been generated and so the differences
captured include both actual differences and novel aspects.
The REMM tool is used at the concept stage to design the new product using information on
previous designs. One of the outputs of the tool is a task list generated from the expert
system. The tasks suggested may well be tasks that are already planned but it gives a starting
point for developing the reliability plan as it focuses on the high level risk areas in the new
product design. The task list can therefore be used to develop the reliability programme and
plan
The tool developed at Goodrich establishes the skeleton of the product reliability case when
the expert system is run. The skeleton reliability case consists of the product description in
terms of functionality, installation, use, environment and technology, it lists the hardware and
provides a list of all the differences and novel aspects of the design. It also contains the task
list and provides references to guidance material or procedures related to specific tasks. When
a task has been completed the case is updated with a reference to a company report detailing
the outcome and solution. To close the loop the tool ought to be linked to the FRACAS
system to ensure that the solution found is implemented to improve the reliability of the
product.
At present the REMM tool is useful at the beginning of the project and really only identifies
fairly high level tasks but by implementing the statistical model the project team can identify
lower level, specific risks to update the skeleton reliability case document.
The REMM statistical model aims to estimate reliability of a new design at specified times in
the product lifecycle to aid engineering understanding of performance and to help inform
downstream processes that will support enhancement. The model will support what if
Warwick Manufacturing Group
Page 31
analysis. This means that alternative scenarios can be investigated and the impact on
reliability estimated. Therefore the REMM statistical model provides a tracking system to
help analyse how reliability will and does evolve throughout the lifecycle by integrating the
numerical estimates with the engineering understanding of reliability. This is a deliberate
move to a proactive approach to design for reliability.
The REMM statistical model requires engineering concerns about potential faults in the item
of equipment to be identified and estimates when they are likely to occur as failures under
different scenarios. This model is therefore a Bayesian type statistical model.
Two basic types of input are required to populate the model.
Engineering concerns with the new design and an estimate of their probability of
occurrence in service assuming no actions taken
The data therefore comes from two sources structured engineering judgement and historical
event data.
The basic output from the REMM statistical model will be the estimated reliability function,
also known as the survival function. This provides an estimate of the probability of surviving
until a specified time. Figure 13, below shows the model formulation as the reliability of the
new design is a combination of expert judgement and event data with respect to pre-defined
categories.
Failure Class
Expert
Judgement
Design
Component
NC
ND
Event
RD(t)
Data
Build
NB
RC(t)
RB(t)
Page 32
In the individual interviews each expert was asked to concentrate on the new product and
consider the following questions:
The resulting information is used to provide a list of concerns for the project team as well as
an input to the statistical model.
The concern list on its own can be used as a risk assessment and the project team can decide
what actions to take to reduce the risk and improve the reliability. The concern list can be
added to the skeleton reliability case and updated as mitigating actions are taken and concerns
resolved. This process is an iterative process and would be implemented at key stages in the
design and development process. The reliability case would therefore be a living document
that grows as more information is gathered.
Running the model provides more information about the reliability of the product at a specific
time in the product development process. The reliability estimate can be compared with the
reliability requirement. If the estimate is lower then closer inspection of the results can help
to identify the key tasks to improve the reliability. For example, in figure 13, assuming the
overall reliability estimate is unacceptable then the data for the category contributing most to
this estimate could be investigated further. In figure 14, looking at the data for the preload
concerns can help guide the project team towards mitigating actions that may improve the
reliability. What if analysis can be done to identify those actions that would give the biggest
improvement in reliability and therefore providing guidance to the project team.
Page 33
Estimated F-Lynx
1
0.9
Cracking Crack
0.8
Lubrication
Lub (est)
0.7
R e lia b ility
(est)
0.6
Corrosion
0.5
Preload
0.4
Corr (Est)
Pre (Est)
0.3
Overall
0.2
Overall (Est)
0.1
0
0
500
1000
1500
2000
Operational Time
All the analysis undertaken can be added to the reliability case to show how the product is
being progressively improved by identifying and subsequently reducing product risks.
Reliability Measurements
From the discussion above the REMM tool is used to help build the reliability programme
plan and the skeleton reliability case and is carried out at the concept design stage. The
statistical model is implemented at key points in the design and development process. The
concerns are updated throughout as more data is gathered.
The reliability estimates can therefore be plotted at each of the key stages to show how the
reliability estimate is changing throughout the development of the product and therefore how
close the estimate is to the requirement. Figure 15, below, shows an example of reliability
changing throughout the product life cycle.
Page 34
Updated
Required
Current
estimate
Lifecycle stage
Figure 15: example of reliability varying over the lifecycle
4 Reliability management
Key aspects of reliability management include:
Management of suppliers
Page 35
Reference
OConnor (2002). Chapter 15, Reliability management, Practical Reliability Engineering,
John Wiley
5 Summary
These lecture notes provide information about why reliability is important, moreover they
give an overview of all the aspects of reliability engineering, including:
Need for planning to achieve reliability throughout the product life cycle;
Other factors that are affected by poor reliability such as safety, competitiveness,
goodwill, maintenance costs and ultimately profit.
Managing risk;
Using FRACAS;
This lecture is an overview of reliability engineering and therefore it gives an appreciation for
the topic. It is not expected to be a reliability-engineering manual but gives a flavour for the
importance of the topic and how it fits into the design, development and use of a product.