System Reliability Theory. Marvin Rausand

System Reliability Theory

defines failure as “loss of the ability to perform as required.”

This chapter is concerned with failures of single items only. Aspects related to interactions between several items in a system are treated in Chapter 4. Before continuing the discussion of failures, the concepts of states, transitions, and operational modes need to be introduced.

3.1.1 States and Transitions

At a given time, an item may be in one out of several states. The functions performed in one state may be different from the functions performed in other states. The item changes state by a transition. The transition may be automatic or manual and may occur at a random time or as a result of a command. Complicated items may have a high number of states and transitions.

Example 3.1 (Safety valve)

Consider a safety valve with a hydraulic fail‐safe‐close actuator. The valve is held open by hydraulic pressure during normal operation. When a specific critical situation occurs, a closing signal is sent to the safety valve and the valve closes by the force of the fail‐safe actuator. The valve has two functioning states: open and closed. Transitions between these two states are facilitated by the actuator. The states and transitions are shown in Figure 3.1.

Schematic illustration of the states and transitions for a safety valve.

Figure 3.1 States and transitions for a safety valve.

The essential function in state “open” is to provide a conduct for the medium/fluid through the valve, and the essential function in state “closed” is to stop the flow through the valve. An auxiliary function for both states is to contain the fluid and thereby to prevent leakage to the environment.

Remark 3.1 (States and transition)

The difference between states and transitions is clear and intuitive for many items, but may be confusing for some items. The concepts of states and transition should therefore be used with care.

3.1.2 Operational Modes

A complicated item may have many operational modes, and one or more functions for each operational mode. Operational modes may include normal operating modes, test modes, transition modes, and contingency modes induced by failures or operator errors. The establishment of the different operational modes is recommended for two reasons:

1 It reveals functions that might be overlooked when focusing too much on the essential functions.

2 It provides a structured basis for identifying failure modes that are connected to, and dependent on, the given operational mode.

Operational modes are therefore an aid in identifying both functions and failure modes. Failure modes are discussed in Section 3.4.

3.2 Failures

Even if we are able to identify all the required functions of an item, we may not be able to identify all the potential failures. This is because each function may fail in several different ways. No formal procedure seems to exist that help us to identify and classify all the potential failures.

In this section, we consider a specific item within its boundary in its intended operating context. Failure is, in many applications, a complicated and confusing concept. We try to shed some light on this concept and start by defining failure of an item as:

Definition 3.1 (Failure of an item)

The termination of the ability of an item to perform as required.

The following comments to Definition 3.1 may be given:

1 Definition 3.1 is mainly a rephrasing of IEV's definition of a failure: “loss of ability to perform as required” (IEV 192‐03‐01), but the expression “loss of ” is replaced with the expression “the termination of” to make it even more clear that a failure is an event that takes place at a certain point in time (e.g. at time ).

2 In the context of reliability, the expression “ability to perform as required” does not imply that all aspects of the item are perfect, but that the item must be able to perform the functions that are required for a given purpose.

3 The item may deteriorate as a slow process. Failure occurs when a required function no longer fulfills its performance requirements, and it may not be any significant change in performance when the threshold is passed, as shown in Example 3.2.

4 One user may interpret “as required” different from another user. A failure that is important (and costly) in a warranty context may, for example, be irrelevant in a risk assessment context.The performance requirements for an item are usually available in the item specification document and partly in the user's manuals, but users seldom read the specifications and the complete user's manual.

5 We use the verb fail to express that a failure occurs. When a failure occurs at time , the item fails at time .

A failure may be interpreted as a transition from a functioning state to a failed state, as shown in Figure 3.2. Example 3.2 illustrates that we may not always be able to observe the failure event and the time images of the failure.

Schematic illustration of the failure as a transition from a functioning state to a failed state.

Figure 3.2 Failure as a transition from a functioning state to a failed state.

Example 3.2 (Car tires)

When a car is used, the tires wear and the tire tread depth is continuously reduced and thereby the performance of the tires is degrading. When the depth becomes smaller than a certain legal limit images (may be different in the different countries), the tires have to be replaced. A failure occurs when the tread depth passes images . In this case, it is not possible to determine exactly the time of failure, and there is no dramatic change of performance when the failure occurs, but the risk of water planning and of puncture is considered to be unacceptable with a smaller depth than images .

3.2.1 Failures in a State

It is sometimes useful to distinguish between failures that occur

Скачать книгу