Académique Documents
Professionnel Documents
Culture Documents
Summary
Various derivatives of the original aviation-oriented RCM
methodology have emerged and are currently being applied in
different industries. In order to ensure these derivatives meet the
intent of the original RCM methodology, a set of standards were
published by the Society of Automotive Engineers (SAE) in
1999 to be used as a benchmark for any RCM process. This
paper describes the RCM methodology (SRCM®) developed by
ERIN Engineering and Research, Inc. (an SKF Group Company)
and discusses how this methodology complies with the standards
set forth by SAE.
MB03017
Michael E Creecy and
Kazem Mohammadi
20 pages
October 2006
1 Introduction...............................................................................................................................3
2 Background...............................................................................................................................3
4 Conclusions.............................................................................................................................14
Appendix A....................................................................................................................................15
The SRCM methodology is primarily geared • high number of PM tasks and costs
towards the process industries. Since its • high number of corrective maintenance
inception, it has been successfully applied at and cost
facilities in the Power, Manufacturing, Pulp
and Paper, and Petrochemical industries. • large contribution to full or partial
outages/downtime/loss of throughput
Due to economies of scale, the more rigorous,
aviation-oriented, classical RCM approach is • impact on safety/environment
considered practical and cost-effective when Once systems have been selected for analysis,
applied to a large number of systems (e.g., the boundaries of each system must be
aircrafts) that are of exactly the same type. precisely defined. System boundaries should
However, in the process industries, due to encompass all subsystems and equipment that
significant variations in system design and support system functions and that are
lack of adequate operating data, application of dedicated to the system being analyzed.
the original RCM approach facility-wide is
judged to be impractical and extremely time / Boundaries should include all required
resource intensive. mechanical, electrical, and instrumentation
and control equipment, as appropriate.
The SRCM® methodology is depicted in
Figure 1. The various elements of SRCM®
and compliance with SAE JA 1011 standards
are discussed below. A tabulated comparison
of SAE JA 1011 standards and SRCM is
provided in Appendix A.
• Resource Availability
• PM/CM Cost History
• Outage/Downtim e History Select System (s)
• Safety/Environm ental • Design Information
Im pact History • Equipm ent List
Collect Pertinent Data • P&IDs, Electrical Schem atics
• Other
Identify Key Im portant Design Information
Functions and Functional (including Perform ance
Failures (FFA) Standards)
Criticality Analysis
• Operating History
Equipm ent List Failure Modes and • Design Information
Effects Analysis (FMEA) • Expert Judgment
No
At Least 1 Yes
Non-Critical Criteria
Met?
No
Task Selection
Run-to-Failure
Im plem entation
Living Program
explicitly defined, and furthermore, these “control steam flow through turbine via
functions are defined at system and/or EHC subsystem”
subsystem level and not component level.
The secondary functions are not explicitly “monitor turbine operation via supervisory
defined in SRCM but nevertheless are control subsystem”
analyzed implicitly at component level
under the primary function analysis. “provide steam at proper temperature,
pressure, and quality from main steam to
The SRCM methodology also provides turbine via steam supply subsystem”
flexibility in the level at which the primary
functions are explicitly defined and “provide for proper turbine coast-down and
analyzed. Primary functions can be ramp-up during shutdown and startup via
identified and analyzed either at the system turning gear subsystem”
level or at both the system and subsystem
levels, without affecting the analysis results. In this example, if only the system level
primary function is explicitly defined, then
For systems with no stand-alone support all support system primary functions are
subsystems, it may be more appropriate to assumed to be included and analyzed
define the primary functions at the system implicitly as part of the main system
level whereas for systems with one or more primary function. However, if the primary
stand-alone support subsystems, it may be functions are explicitly defined at both
more appropriate to define the primary system and subsystem levels, then the
functions at both system and subsystem primary functions would be analyzed
levels. The determination of which separately and explicitly. In this example,
approach is most suitable is made by the the second approach may provide more
system analyst and the asset user/owner. In clarity, although, both approaches will
either case, the analysis results are not produce the same results.
affected.
To illustrate the analysis treatment of the
Figure 2 can be used as an example to secondary functions, let’s look at the turbine
illustrate the points discussed above. This lube oil subsystem. Let’s assume that this
figure shows a simplified functional block subsystem consists of a lube oil tank, a main
diagram for a turbine system. The block (AC) lube oil pump, a standby (DC)
diagram consists of the main turbine itself emergency lube oil pump, a safety relief
and the associated support systems. In this valve, two 100% capacity lube oil coolers,
case, the system-level primary function can and a lube oil filter.
be defined as:
As stated above, the primary function of this
“convert thermodynamic energy of main subsystem is to “provide lube oil to turbine
and re-heat steam supply into mechanical bearings at the proper pressure and
energy per design specifications” temperature.” To accomplish this, the
suction path, pump, pump motor (and
Similarly, the subsystem-level primary breaker), discharge path, lube oil filter, and
functions can be defined as: one lube oil cooler must work in concert, as
designed.
“provide lube oil to turbine bearings at
proper temperature and pressure via lube
oil subsystem”
© 2006 SKF Reliability Systems All Rights Reserved 7
SRCM® Methodology
However, note that the function statement determined set-point in order to prevent
for the primary function does not include the system over-pressurization and damage.
secondary functions of equipment that are
part of the lube oil subsystem. These The main pump motor circuit breaker must
secondary functions include: remain in the closed position in order to
satisfy the lube oil subsystem primary
• auto start of emergency (DC) pump on function; however, this circuit breaker has a
main lube oil pump failure or low header secondary function of opening on situations
pressure (a protective function) like over-current in order to protect the
motor and circuitry from being damaged.
• lifting of safety relief valve on demand
(a protective function) Within the context of the analysis, these
functions are considered secondary
• opening of main pump motor breaker on
functions and are analyzed implicitly under
demand (a protective function)
the umbrella of the primary function (i.e.,
• oil containment (containment function) provide lube oil to turbine bearings at proper
temperature and pressure) for the lube oil
The design function of the emergency (DC) subsystem.
pump is to auto start on main pump failure
or low header pressure in order to prevent Therefore, when analyzing the emergency
turbine bearing damage by allowing the (DC) pump or the safety relief valve under
system to coast-down and allow for a the lube oil subsystem primary function, the
controlled shutdown. pump and safety relief valve are analyzed
with respect to their intended design
Similarly, the design function of the safety function (i.e., protection) and not with
relief valve is to lift and relieve pressure respect to the primary function of providing
when system pressure reaches a pre- lube oil to turbine bearings.
© 2006 SKF Reliability Systems All Rights Reserved 8
SRCM® Methodology
The main pump motor circuit breaker has a bearings at proper temperature and
dual function. It must remain closed in pressure.”
order to satisfy the lube oil subsystem
primary function (i.e., provide lube oil flow) Failure of a secondary function in SRCM
and it must open when required in order to would have no impact on the associated
satisfy the secondary function (i.e., primary function. However, the impact of
protection). this failure is properly captured when
evaluating failure effects and consequences
Therefore, when analyzing this circuit in Criticality Analysis.
breaker under the lube oil subsystem
primary function, the function of circuit Total and partial failures are identified and
breaker to remain closed is analyzed with captured in SRCM as part of a Failure
respect to the primary function (i.e., provide Modes and Effects Analysis (FMEA). This
lube oil flow) whereas the function of circuit is discussed below under Criticality
breaker to open, when required, is analyzed Analysis.
with respect to the secondary function (i.e.,
protection). The above discussion touches on specific
points identified in Sections 5.1 and 5.2 of
Proper treatment of the secondary functions SAE JA 1011. Based on the above
in a manner consistent with the way the discussions, it can therefore be concluded
primary functions are treated is implied in that the function and functional failure
SRCM. As such, application of SRCM approach used in SRCM meets the intent of
requires a knowledgeable, experienced, Sections 5.1 and 5.2 of SAE JA 1011 [2].
practitioner, as does the original RCM
approach for similar reasons.
3.4 Criticality Analysis
Consistent with SAE JA 1011, Sections Once the primary functions are defined, the
5.1.3 and 5.1.4, the system or subsystem components within function boundary are
primary function statement in SRCM subjected to a Criticality Analysis. The
contains a verb, an object, and a Criticality Analysis performed in SRCM is a
performance standard. The performance combination of an FMEA and Consequence
standards incorporated into function Analysis.
statements represent performance desired by
asset user/owner. These standards can be The objective of the Criticality Analysis is
qualifiers such as “proper”, “sufficient”, to determine component criticality (i.e.,
“adequate” or can be specific values and whether the component is critical or non-
thresholds, depending on the situation, and critical with respect to asset user/owner
what is acceptable to the asset user/owner. business objectives). This in turn is used to
determine the level of resources that should
In SRCM, failure to meet the standards be allocated to each component
defined in a primary function would commensurate with its criticality. A
constitute functional failure of the primary component that is determined to be critical
function. For example, for the lube oil would command more attention and
subsystem discussed above, functional resources in maintaining it than one that is
failure of the primary function would be determined to be non-critical.
“failure to provide lube oil to turbine
basis based on predictive and condition- check of the analysis to assure validity of
monitoring results. assumptions and completeness.
The above discussion touches on specific • determining the degree of difficulty for
points identified in Sections 5.7 and 5.8 of implementing changes
SAE JA 1011. Based on the above • developing proper work packages
discussion, it can therefore be concluded including job plans that describe the
that the task selection approach used in detailed steps of each task
SRCM meets the intent of Sections 5.7 and
5.8 of SAE JA 1011 [2]. • identifying potential constraints
Implementation may also include the
3.6 Task Comparison purchase of new technology, incorporating
design changes, and training.
Upon assignment of applicable and cost-
effective tasks, the recommended tasks are No specific guidance regarding
compared against the existing tasks. The implementation is provided in SAE JA
purpose of this comparison is to identify the 1011. However, implementation is
needed changes in the existing program, discussed in Section 18.9 of SAE JA 1012
facilitate implementation of the task [3]. The approach used in SRCM is judged
recommendations, and to provide additional to be consistent SAE JA 1012.
© 2006 SKF Reliability Systems All Rights Reserved 13
SRCM® Methodology
4 Conclusions
Although SRCM is an optimized version of
the original RCM process, the SRCM
methodology does not exclude any of the
main elements of the original RCM
approach.
5 References &
Acknowledgements
[1] Nowlan, F. Stanley, and Howard F.
Heap, “Reliability-Centered
Maintenance,” Department of Defense,
Washington, D.C. 1978. Report Number
AD-A066579.
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
5.1.1 Operating context of asset shall be 9 Operating context defined based on review of system
defined description, operating manual, design documents, etc.
5.1.2 All functions of asset/system 9 Primary functions identified explicitly at system and
(primary and secondary) shall be subsystem level; secondary functions identified and
identified analyzed implicitly at component level under primary
functions.
5.1.3 All function statements shall 9 Performance standards are defined for primary
contain a verb, an object, and a functions at system and/or subsystem level to the
performance standard satisfaction of asset user/owner; performance
standards are not explicitly defined for secondary
functions.
5.2 Functional Failures – all failed 9 Failure to meet required standards as defined for
states associated with each primary functions would result in functional failure of
function shall be identified primary function; functional failure of secondary
functions defined implicitly and analyzed with respect
to failure effects and consequences.
5.3 Failure Modes 9 See 5.3.1, 5.3.2, 5.3.3, 5.3.4, and 5.3.5.
5.3.1 All failure modes reasonably likely 9 All credible (reasonably likely) failure modes are
to cause each functional failure identified and analyzed.
shall be identified
5.3.2 Method used to decide what 9 Credible failure modes are identified by the analyst to
constitutes a “reasonably likely” the satisfaction of asset owner/user.
failure mode shall be acceptable to
asset owner/user
5.3.3 Failure modes shall be identified at 9 Failure causes identified for all Critical components and
a level of causation that makes it are identified at a level that would allow for
possible to identify an appropriate identification of appropriate tasks that would preclude
failure management policy those failure causes; failure causes not identified for
Non-Critical components. (see Criticality Analysis
below)
5.3.4 Failure modes should include 9 Historical data is reviewed to identify failure modes that
those that have happened before, have happened in the past; discussion with asset
those that are currently being user/owner is used to determine what failure modes
prevented, and those that have not are being prevented; and those failure modes that have
happened but are likely not yet happened but are likely are identified by the
analyst in FMEA.
5.3.5 Failure modes should include any 9 In certain instances failure modes are characterized by
event or process that is likely to equipment degradation and not total failure; errors of
cause a functional failure including omission and commission are addressed separately;
deterioration, design defects, and this is acceptable per SAE JA 1012, 8.5.
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
human error
5.4.1 Failure effects shall describe what 9 Done as part of FMEA in Criticality Analysis.
would happen if no specific task is
done to anticipate, prevent, or
detect failure
5.4.2 Failure effects shall include all 9 Done as part of FMEA in Criticality Analysis.
information needed to support
evaluation of consequences of
failure
5.5 Failure consequence categories 9 See 5.5.1, 5.5.1.1, 5.5.1.2, and 5.5.2.
5.5.1.1 Consequence categorization 9 Hidden and evident failure modes are not explicitly
process shall separate hidden defined; all equipment analyzed based on their
from evident failure modes intended design function; as such, hidden and evident
failures are properly captured in the analysis.
5.6 Failure Management Policy 9 See 5.6.1, 5.6.2, 5.6.3, and 5.6.4.
Selection
5.6.1 Failure management selection 9 Effect of component age is captured through condition
process shall take into account monitoring for equipment that are monitored in this
impact of age on conditional manner; impact of equipment age is also assessed
probability of failure mode when determining task frequency.
5.6.2 All scheduled tasks shall be 9 All scheduled tasks are devised to eliminate failure
technically feasible and worth causes for the associated failure modes; applicable
doing (applicable and effective) and most cost-effective tasks are selected.
5.6.3 If two or more proposed failure 9 Most cost-effective tasks are always selected.
management policies are
technically feasible, the most cost-
effective shall be selected
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
no specific task is currently being failure; intent of task selection is to come up with the
done to anticipate, prevent, or most cost-effective and applicable tasks w/o
detect failure considering current tasks.
5.7 Failure Management Policies – 9 See 5.7.1, 5.7.1.1, 5.7.1.2, 5.7.1.3, 5.7.1.4, 5.7.2,
Scheduled Tasks 5.7.2.1, 5.7.2.2, 5.7.2.3, 5.7.2.4, 5.7.2.5, 5.7.3, 5.7.3.1,
5.7.3.2, 5.7.4, 5.7.4.1, 5.7.4.2, 5.7.4.3, 5.7.5, 5.7.5.1,
5.7.5.2, 5.7.5.3, and 5.7.5.4.
5.7.1 All scheduled tasks shall comply 9 See 5.7.1.1, 5.7.1.2, 5.7.1.3, and 5.7.1.4.
with 5.7.1.1, 5.7.1.2, 5.7.1.3, and
5.7.1.4
5.7.1.1 For evident failure modes with 9 Done during task selection; for evident failures with
safety or environmental safety or environmental consequences, tasks are
consequences, task shall reduce assigned to eliminate failure causes and thus reduce
probability of failure mode to a probability of failure to an acceptable level.
level tolerable by asset user/owner
5.7.1.2 For hidden failure modes with 9 Done during task selection; for hidden failures with
safety or environmental safety or environmental consequences, tasks are
consequences, task shall reduce assigned to eliminate failure causes and thus reduce
probability of failure mode to a probability of failure to an acceptable level.
level tolerable by asset user/owner
5.7.1.3 For evident failure modes w/o 9 Done during task selection; for evident failures w/o
safety or environmental safety or environmental consequences cost-effective
consequences, direct and indirect tasks are assigned.
costs of task shall be less than
direct and indirect costs of failure
mode over comparable time
periods
5.7.1.4 For hidden failure modes w/o 9 Done during task selection; for hidden failures w/o
safety or environmental safety or environmental consequences cost-effective
consequences, direct and indirect tasks are assigned.
costs of tasks shall be less than
direct and indirect costs of failure
plus repair cost over comparable
time periods
5.7.2 On-condition tasks shall satisfy 9 See 5.7.2.1, 5.7.2.2, 5.7.2.3, 5.7.2.4, and 5.7.2.5.
additional criteria in 5.7.2.1,
5.7.2.2, 5.7.2.3, 5.7.2.4, and
5.7.2.5
5.7.2.1 There shall exist a clearly defined 9 Done during task selection; on-condition tasks are
potential failure assigned at proper frequency to detect the onset of
equipment failure.
5.7.2.2 There shall exist an identifiable 9 Task frequencies for on-condition tasks are determined
qualitatively based on historical data, engineering
P-F interval judgment, and user/owner experience; frequencies are
set to allows for detection of deterioration and time to
take action before equipment reaches a failed state
(frequency < P-F interval).
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
5.7.2.4 It shall be physically possible to do 9 This assessment is made during task and frequency
task at intervals less than P-F selection.
interval
5.7.2.5 Shortest time between discovery 9 This assessment is made during task and frequency
of a potential failure and selection.
occurrence of functional failure
shall be long enough for pre-
determined action to be taken to
avoid, eliminate, or minimize
consequences of failure mode
5.7.3 Any scheduled discard task shall 9 See 5.7.3.1 and 5.7.3.2.
satisfy additional criteria in 5.7.3.1
and 5.7.3.2
5.7.3.1 There shall be a clearly defined 9 Effects of age on conditional probability of failure
age at which there is an increase modes assessed qualitatively as part of task selection
in conditional probability of failure and frequency assignment.
mode
5.7.4 Any scheduled restoration task 9 See 5.7.4.1, 5.7.4.2, and 5.7.4.3.
selected shall satisfy additional
criteria in 5.7.4.1, 5.7.4.2, and
5.7.4.3
5.7.4.1 There shall be a clearly defined 9 Effects of age on conditional probability of failure
age at which there is an increase modes assessed qualitatively as part of task selection
in conditional probability of failure and frequency assignment.
mode
5.7.5 Any failure-finding task selected 9 See 5.7.5.1, 5.7.5.2, 5.7.5.3, and 5.7.5.4.
shall satisfy additional criteria in
5.7.5.1, 5.7.5.2, 5.7.5.3, and
5.7.5.4
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
5.7.5.1 Basis upon which task interval is 9 Task intervals for failure-finding tasks are determined
selected shall take into account based on historical data, operating experience, and
the need to reduce probability of best engineering judgment; they are devised to reduce
multiple failure of associated probability of failure to a level tolerable by asset
protected system to a level that is user/owner.
tolerable to asset user/owner
5.7.5.2 Task shall confirm that all 9 The intent of assigned failure finding tasks is to verify
components covered by failure functionality of component/asset in its entirety.
mode description are functional
5.7.5.3 Failure-finding task and associated 9 Task frequency is balanced against the potential
interval selection process should adverse effects of task during task selection.
take into account any probability
that task itself might leave the
hidden function in a failed state
5.7.5.4 It shall be physically possible to do 9 This determination is made during task selection; if
task at the specified intervals failure-finding task cannot be performed due to
inadequate access or w/o disturbing process or w/o
damaging equipment, task is considered not
applicable; other more applicable tasks are then
considered.
5.8.1.2 In cases where such tasks cannot 9 Done as part of task selection.
be found, one-time changes to
asset or system may be necessary
subject to criteria in 5.8.1.2.1,
5.8.1.2.2, 5.8.1.2.3, and 5.8.1.2.4
Appendix A
SAE JA 1011 and 1012 Standards and SRCM Compliance Matrix
SAE JA 1011 Description SRCM Complies? Method of Compliance
Section
Yes No
5.9.2 Any RCM process shall provide for 9 Done as part of established living program.
a review of information used to
support decisions and decisions
themselves