Professional Documents
Culture Documents
Guide
Version 1.0
Important Warning
This document is one of a set of standards developed solely and specifically for use on public transport assets which are vested in or
owned, managed, controlled, commissioned or funded by the NSW Government, a NSW Government agency or a Transport Agency
(as defined in the Asset Standards Authority Charter). It is not suitable for any other purpose.
You must not use or adapt it or rely upon it in any way unless you are authorised in writing to do so by a relevant NSW Government
agency. If this document forms part of a contract with, or is a condition of approval by a NSW Government agency, use of the document
is subject to the terms of the contract or approval.
This document may not be current. Current standards are available for download from the Asset Standards Authority website at
www.asa.transport.nsw.gov.au.
© State of NSW through Transport for NSW
T MU AM 06002 GU
AEO Guide to Reliability, Availability and Maintainability
Version 1.0
Issued date: 27 July 2015
Standard governance
Owner: Manager Systems Engineering Process, Asset Standards Authority
Authoriser: Principal Manager Authorisation and Audit, Asset Standards Authority
Approver: Director, Asset Standards Authority on behalf of the ASA Configuration Control Board
Document history
Version Summary of Changes
1.0 First issue.
Preface
The Asset Standards Authority (ASA) is an independent unit within Transport for NSW (TfNSW)
and is the network design and standards authority for defined NSW transport assets.
The ASA is responsible for developing engineering governance frameworks to support industry
delivery in the assurance of design, safety, integrity, construction, and commissioning of
transport assets for the whole asset life cycle. In order to achieve this, the ASA effectively
discharges obligations as the authority for various technical, process, and planning matters
across the asset life cycle.
The ASA collaborates with industry using stakeholder engagement activities to assist in
achieving its mission. These activities help align the ASA to broader government expectations
of making it clearer, simpler, and more attractive to do business within the NSW transport
industry, allowing the supply chain to deliver safe, efficient, and competent transport services.
The ASA develops, maintains, controls, and publishes a suite of standards and other
documentation for transport assets of TfNSW. Further, the ASA ensures that these standards
are performance-based to create opportunities for innovation and improve access to a broader
competitive supply chain.
This AEO Guide to Reliability, Availability and Maintainability has been developed on the
technical processes of ISO/IEC 15288:2008 by the ASA; reviewed by a consultative group
containing members from TfNSW stakeholder groups and approved by the ASA.
This guide aims to provide supplier organisations with guidance in managing engineering
activities involving systems that are required to be reliable, available and maintainable.
This guide has been approved by the ASA Configuration Control Board and is the first issue.
Table of contents
1. Introduction.............................................................................................................................................. 5
5.1. Plan reliability, availability and maintainability management activities ................................................ 12
5.5. Development of reliability, availability and maintainability acceptance criteria ................................... 15
5.6. Reliability, availability and maintainability analysis and modelling ...................................................... 15
1. Introduction
An Authorised Engineering Organisation (AEO) engaged by TfNSW to undertake engineering
activities is required to have reliability, availability and maintainability (RAM) management
arrangements in place that are relevant to the engineering services or products that the AEO
provides to TfNSW. These arrangements should enable the planning, execution, and reporting
of all RAM management activities for a system and documented in a RAM management plan
and related progress report(s).
This guide further elaborates the guidance described in TS 10504 AEO Guide to Engineering
Management.
AEOs should ensure that RAM management documentation meets the level required for the
complexity of engineering services provided and incorporate RAMS requirements in the design
and development of systems they are contracted to deliver.
2. Purpose
This document is intended to provide guidance to AEOs applying RAM management during
engineering specification and asset life cycle stages and activities involving systems that are
required to operate dependably.
This ensures that AEOs are able to demonstrate sufficient control over RAM-related risks. This
guidance is of particular relevance to suppliers who provide reliability-critical or safety-critical
engineering specification and design, in addition to systems engineering, integration and
maintenance services.
2.1. Scope
This document provides guidance to AEOs for reliability, availability and maintainability
management related, in particular, to the system specification, design and maintenance
services. It also provides guidance on RAM management principles, methods, techniques and
processes used to analyse and deliver RAM requirements from stakeholders including
operational, maintenance and interfacing targets. AEOs are assumed to have business-level
policies addressing quality, performance and safety.
For this guide, the term reliability, availability, maintainability and safety (RAMS) is used to
define an integrated management approach. However, this guide is limited to RAM and not the
safety element of RAMS management, as safety assurance is addressed in TS 20001 System
Safety Standard for New or Altered Assets. Refer to this document for guidance on safety
management.
The specific evidence required to demonstrate RAM management processes will depend on the
scope and nature of the work. For that reason, this document does not outline the evidence
required to be an AEO, rather it provides an outline of the processes that AEOs need to
demonstrate.
2.2. Application
This document applies to the member Transport agencies and AEOs, and applies specifically to
the management of system and element level reliability, availability and maintainability for new
or altered NSW transport assets.
The level of application of RAM management principles should be scalable and tailored
according to the degree to which novelty or complexity is employed, the use of unique or
non-standard configurations and the associated level of safety risk.
The application of RAM analysis in support of design may be negligible or zero for some
projects where type approved products are used in standard, repeatable system configurations.
This should be reflected in contractual requirements to avoid unnecessary and excessive effort,
resources, time and cost.
The need for and application of RAM management has different meaning to different disciplines.
The impact of RAM management on planning and acquisition of new or altered systems and the
specific disciplines that support the system design should be understood.
3. Reference documents
The following documents are either cited in the text or may provide further information. For
dated references, only the cited edition applies. For undated references, the latest edition of the
referenced document applies.
International standards
ISO/IEC 15288:2008 Systems and software engineering - System life cycle processes
IEC/TR 62380:2004 Reliability data handbook - Universal model for reliability prediction of
electronics components, PCBs and equipment
Australian standards
programme management
AS IEC 60812:2008 Analysis techniques for system reliability - Procedure for failure mode and
AS IEC 61078-2008 Analysis techniques for system reliability - Reliability block diagram and
Boolean methods
Other references
Williams, J.C., HEART – A proposed method for achieving high reliability in process operation
by means of human factors engineering technology in Proceedings of a Symposium on the
Achievement of Reliability in Operating Plant, Safety and Reliability Society,1985, NEC,
Birmingham
Swain, A.D. and Guttmann, H.E., Handbook of Human Reliability Analysis with Emphasis on
Nuclear Power Plant Applications. 1983, NUREG/CR-1278, USNRC
Shappell, S.A. and Wiegmann, D.A., The Human Factors Analysis and Classification System—
HFACS, February 2000, DOT/FAA/AM-00/7
Stanton, N. A., Salmon P. M. et al, Human Factors Methods A practical guide for Engineering
and Design, 2nd Edition, 2013, Ashgate, Aldershot, ISBN 978-1-4094-5754-1
ETCS Application Level 1 - Safety Analysis Part 1 - Functional Fault Tree, SUBSET-088-1 Part
1, Issue 2.3.0
ASA Authorisation means an authorisation issued by the ASA to a legal entity (which may
include a Transport Agency as applicable) which verifies that it has the relevant systems in
place to carry out the class of Asset life cycle work specified in the authorisation, subject to any
conditions of the authorisation. The issue of ASA Authorisation confers the status of 'authorised
engineering organisation' or AEO on the entity.
availability the measure of the percentage of time that an item or system is available to perform
its designated function
failure the inability of a system or asset to perform its intended function or satisfy some
predetermined conditional attribute (for example, rail head profile or gap size)
fault tree logic diagram showing the faults of sub items, external events, or combinations
thereof, which cause a predefined, undesired event
maintainability (as defined in IEC 60050-191)the probability that a given active maintenance
action, for an item under given conditions of use can be carried out within a stated time interval
when the maintenance is performed under stated conditions and using stated procedures and
resources
RBD reliability block diagram a diagrammatic method for demonstrating the contribution of
component reliability to the success or failure of a complex system
reliability the probability that a specified item will perform a specified function, within a defined
environment, for a specified length of time
SME subject matter expert a person assessed or recognised as having the highest level of
competence (including knowledge, skills and practical experience) in a particular field or
discipline
supplier a supplier of services or products. Defined as an 'applicant' until such time as it has
been granted AEO status, after which it is referred to as an AEO.
system safety the concurrent application of a systems based approach to safety engineering
and of a risk management strategy covering the identification and analysis of hazards and the
elimination, control or management of those hazards throughout the life cycle of a system or
asset
Transport Agencies Transport for NSW (and each of its divisions), Rail Corporation NSW,
Sydney Trains and NSW Trains
Transport Assets those assets listed in Schedule 1 (of ASA Charter) which are vested in or
owned, managed, controlled, commissioned or funded by the NSW Government, a NSW
Government agency or Transport agency
"A project shall implement management arrangements that define the reliability,
availability, maintainability and safety (RAMS) process, responsibilities, structure, tools
and deliverables"
The introduction of new or altered assets results in complexity and RAM implications.
Implementation decisions should be made based on trade-offs between implementation costs
and the subsequent operation and maintenance.
Consideration should be given to the total impact on the existing network, existing maintenance
The introduction of new assets that simplify the network should generate RAM improvements.
However the introduction of new assets that do not simplify the network may not generate RAM
improvements.
optimum system effectiveness, safety and availability. RAM engineering is a whole of system
life cycle philosophy that is applied during plan, acquire, operate/maintain, and dispose stages.
RAM management activities which include planning and producing deliverables should be
carried out by suitably qualified and experienced individuals. Deliverables for RAM management
should be appropriate and sufficient such as to provide assurance to stakeholders that the
system can satisfy the high level performance targets as required. TfNSW should provide the
performance targets. For example, the availability performance target of 92% on-time running of
trains.
The following RAM activities should be undertaken but not limited to:
System failure recording and analysis is undertaken using a range of tools and processes.
“A project shall consider sustainable operation and maintenance of the new or altered
system over the full system life cycle”
At the beginning of the project, before undertaking any asset life cycle stages and activities
related work, AEOs should prepare a RAM management plan. Depending on the level of
complexity the plan may be combined with other asset related plans to demonstrate how the
system RAM requirements will be achieved.
The RAM management plan should focus on managing RAM across the asset life cycle stages
and the activities rules and principles that are required to be adopted including the following:
reliability
o use of systems that are applicable to the conditions (systems proven in other countries
may not be suitable to NSW)
o human factors
availability
o maintenance scheduling
o service recovery
maintainability
o condition inspections
o obsolescence
o human factors
o resources
o maintenance scheduling
o preventative maintenance
o corrective maintenance
The RAM management plan should also include details on the roles and responsibilities
required within the organisation to achieve the RAM objectives.
Where there are proposed changes to an existing system the RAM management plan should
consider the resulting impact to the system RAM from these changes. The RAM management
plan should, where practical, include an assessment of the existing system RAM and the
changes to the RAM resulting from the new or altered assets.
An example of an impact to the reliability is the addition of a platform display to an existing light
rail system. The light rail operating contract specifies a maximum of three isolations of the line
per year. The platform display system needs to have reliability to work within this limitation.
An example of impact to the maintainability is the addition of two extra railway running lines to
an existing double running line system. These two additional running lines alter the
maintainability of the combined services route and sub-stations adjacent to the original two
lines. These assets transition from a safe place location to a danger zone location and
additional safety procedures will be required to maintain these assets.
The system architecture may need to change, based on the inability to satisfy system RAM
requirements.
Refer to T MU AM 06001 GU AEO Guide to Systems Architectural Design for more information.
To ensure realistic allocation, system and element RAM requirements should be compared to
empirical data for identical or similar systems whenever possible. The empirical data should be
validated for its relevance considering factors such as the modes of operation, the operating
environment and any fine-tuning or adjustments that have been used. If allocated values are not
achievable, design options analysis across systems and elements should be performed to
reallocate system RAM requirements. The process of allocation, comparison with empirical
data, trade-offs and iteration as required should result in system and element RAM
requirements being defined.
The allocation of a RAM target to each system and element should be specific, measurable and
attainable, taking into account the criticality and risks involved in the design, development and
installation.
Systems and elements that are critical to performance should have RAM targets set higher than
other non-critical systems, based on the system level reliability or redundancy employed. When
allocating RAM targets, the number and complexity of the system interfaces and the extent to
which the system will be affected by external factors including the operating environment needs
to be considered.
This should include, but not limited to, the RAM validation principles to be applied and the tests
and analysis to be carried out for the validation. Acceptance criteria should be agreed and
documented through the requirements allocation process starting with the BRS and then the
SRS. Consideration should be given to the cost of implementing the acceptance criteria.
"A project shall use RAMS modelling to appropriately support option selection and
development and preliminary system design, to ensure that the new or altered system
will meet the stated operational capability and provide value for money over the
designed system lifetime"
During the plan and acquire stages of a project, reliability predictions should be used to assess
whether the allocated RAM requirements are achievable. An iterative process of comparing
predictions with allocations which combined with trade-off studies, eventually results in an
efficient design that achieves whole of life performance targets.
Predictions combine lower level component or unit level reliability data through reliability
modelling and the operating and environmental conditions to estimate the integrated system
reliability. The validity of the reliability predictions is highly dependent upon the quality of
reliability data and assumptions made.
Whenever possible, reliability predictions should be based on data from similar components or
equipment already in use in service, in similar operational environments. For electronic
equipment, parts count prediction methods based on MIL-HDBK-217F Notice 2 can be used to
obtain reliability predictions. Where this is not possible, reliability data may be extrapolated from
tests or trials conducted by the supplier or manufacturer. In all cases the sources of the data
should be cited to maintain an audit trail. Suppliers of original equipment and systems should
provide evidence that they satisfy all RAM requirements and that they are suitable for the
intended application.
Reliability prediction should use reliability modelling where practicable for novel, high complexity
systems, such as a reliability block diagram, fault tree or a computerised simulation model, to
describe the reliability behaviour of the system and reliability data of the constituent elements.
reliability
availability
o to evaluate outage times and service disruptions against economic, community and
quality criteria
maintainability
o to optimise maintenance facilities, diagnostic and training tools, spares holdings and
manning levels
Reliability block diagrams (RBD) and fault tree analysis (FTA) are systematic top-down reliability
modelling and analysis techniques, and are usually best applied when introducing novel, highly
complex new or altered systems.
In addition to RAM modelling, complimentary analysis techniques should be used during design
to concentrate on areas which are critical to the system reliability, such as failure mode, effects,
and criticality analysis (FMECA).
There are numerous sources of international good practice in reliability and maintainability
validation. These include MIL-HDBK 781, EN 60300-3 and EN 60706.
A RAM report including results from the analysis and verification and validation activities should
be prepared and then issued to stakeholders. Refer to TS 10506 AEO Guide to Verification and
Validation for more information. The RAM report should clearly display all verification and
validation failures against RAM acceptance criteria. Corrective action should then be
undertaken to rectify these failures. Validation and verification activities should be repeated and
the RAM report re-issued.
RAM report including results from the analysis, modelling, verification and validation
activities
These tools and techniques may provide different RAM results as the system definition
progresses. These progressive RAM results should be recorded in the RAM report during the
asset life cycle stages.
Different asset types may have different approaches and tools for RAM modelling and analysis.
Communications, signalling and electrical designers may use reliability block diagram (RBD)
analysis, failure mode, effects, and criticality analysis (FMECA) or fault tree analysis (FTA)
tools, whereas bridge and structural designers may use finite element analysis (FEA) tools.
The reliability, availability and maintainability tools and techniques are explained in Section 6.1
through to Section 6.6.
Reliability block diagrams are used to calculate the reliability of each element and the
contributory effect on the reliability of the system. This assists in the identification of single
points of failure in the system.
Examples of where a reliability block diagram would be used are for the development of a
station announcement system and a blue light emergency station provided in Appendix A.
Each system is broken down into its elements, usually down to line replaceable unit level where
each element is then analysed uniquely to identify functional failures and relevant modes of
failure, and their escalated effect on the next higher level of the system.
This process is employed to identify those elements of a system which have a significant impact
on system reliability, availability and safety. This analysis is further used to promote mitigation
measures leading to improved system reliability and availability.
FMECA is typically used for high level analysis of system reliability through the following
process:
An output of the FMECA should be a reliability critical items list (RCIL). This is a list of items
which have at least one failure mode classified as critical according to its criticality analysis.
Consideration should also be given to common-mode failure where an event causes multiple
systems to fail. For example an explosion in a room causes both transformers in the room to fail
at the same time.
An example of where a FMECA would be used is for the development of a bogie system for a
train provided in Appendix B.
Fault tree analysis should be done during the initial stage of the project and updated as more
details become available during subsequent stages of the project.
AS IEC 61025 describes fault tree analysis as a top down deductive failure analysis. An
undesired state of a system is analysed using Boolean logic to combine a series of lower-level
events. This analysis method is used to determine the probability of a safety accident or a
particular system level (functional) failure.
The basic symbols used in fault tree analysis are grouped as events, gates, and transfer
symbols. Event symbols are used for primary events and intermediate events. Primary events
are not further developed on the fault tree. Intermediate events are found at the output of a
gate. Events in a fault tree are associated with statistical probabilities. Gate symbols describe
the relationship between input and output events. The gate symbols are derived from Boolean
logic symbols. Transfer symbols are used to connect the inputs and outputs of related fault
trees, such as the fault tree of a subsystem to its system.
construction of the Boolean fault tree from top event down to base events
Examples of where fault tree analysis would be used are the risk of a rail vehicle collision and
exceed safe speed (ETCS). The contributory factors that lead to these system top events are
provided in Appendix C.
"A project shall consider human reliability factors as part of the overall reliability of the
system"
The purpose of conducting human reliability analysis (HRA) is to ensure that the actual
performance of the system is in line with its designed requirements. Humans are an integral part
of designed systems, playing important roles in operation, accidents prevention and
maintenance activities.
Operators and maintainers should be trained and competent; however ‘trained and competent
people’ is not a way of preventing human error. Human error is a normal part of human
performance, and should be appropriately assessed to create resilient systems. Early,
appropriate HRA is essential to ensure the exploration of the appropriate hierarchy of controls.
Delayed or ineffective assessments tend to create dependencies on administrative risk control
which can create latent system weaknesses.
Therefore, analysing and predicting the reliability of a system without assessing human
reliability may result in an over estimation of system performance.
Although there are many ways in which a human can positively impact on system performance,
the focus within a RAM assessment is usually to identify the following:
These measures can relate to the design of the equipment or the task, or may warrant
additional redundancy or diversity to be incorporated within the overall system design.
In order to be able to identify the errors that can be made and what their likely effect on the
performance of the system would be it is necessary to identify but not limited to the following:
the tasks that are required to be carried out by operators and maintainers
With many other aspects of the design in the early stages, information may be at a relatively
high level and should be used to identify those areas of the system where a more detailed
assessment is of most value.
There are a number of methods available for identifying human errors ranging from utilising past
experience through to the application of structured processes based on guidewords or
checklists. Human error should be built into existing analysis techniques such as FMECA or
FTA.
In those cases where a quantitative assessment is required, techniques for human error rate
prediction may be employed for evaluating the probability of a human error occurring and
impacting on system performance. This should then be incorporated into the system models to
assess the impact on the overall system performance.
Techniques to evaluate the probability of human errors fall into the following three general
categories:
Examples of where a human reliability analysis would be used are for a ticketing system and a
door release system provided in Appendix D.
Refer to T MU HF 00001 GU AEO Guide to Human Factors Integration for more information on
HRA.
Note: Manufacturer's data generally does not include human errors and so it will be
indicative of performance based on 100% reliability of people.
Alternatively, subjective data may be sought through consultation with users or their opinions
and may be used to modify existing data.
HEART method is based upon the principle that every time a task is performed there is a
possibility of failure and that the probability of failure is effected by one or more error
producing conditions to varying degrees. Error producing conditions include topics such as
training, poor procedures, poor system feedback and so on.
Factors which have a significant effect on performance are of greatest interest. These
conditions are applied to a ‘best-case-scenario’ estimate of the failure probability under
ideal conditions to then obtain a final error probability. By forcing consideration of the error
producing conditions potentially affecting a given procedure, the application of HEART also
enables the user to identify a range of potential improvements to system performance.
THERP models human error probabilities using an event tree approach, in a similar way to
an engineering risk assessment, but also considers performance shaping factors that may
influence these probabilities. The probabilities for the human reliability analysis event tree,
which is the primary tool for assessment, are nominally calculated from historic databases,
local data including simulated data or from accident reports. The resultant tree portrays a
step by step account of the stages involved in a task in a logical order. The technique is
described as a total human reliability assessment methodology as it simultaneously
manages a number of different activities including task analysis, error identification and
human error quantification.
Identify the items to be maintained at system, element, assembly, unit, component level as
part of the asset breakdown structure.
Identify and analyse all possible failures to or deviations from the specified functionality
associated with the maintenance item. Analyse their escalation effects from component
level to unit level to assembly level to subsystem level to system level.
recognise failure
Identify the means by which each failure is detected and communicated to the maintainer.
Identify how each maintenance item should be repaired or replaced (both preventative and
corrective maintenance tasks).
An example of where maintenance requirements analysis would be used is for the development
of a station escalator provided in Appendix E.
The FRACAS is a closed loop process incorporating data reporting, collecting, recording,
analysing, investigating and timely corrective action for all failure incidents. The objective of the
system is to aid design, identify corrective action tasks and evaluate test results in order to
provide confidence in the results of the safety analysis activities in addition to the correct
operation of the safety features.
The effectiveness of FRACAS is dependent upon accurate input data in the form of reports
which should document all the conditions relating to the incident.
Incident reviews should be undertaken to ensure that the impact on the safety and reliability
characteristics of the product or service are quickly assessed, with any corrective actions
requiring design changes, quickly approved.
the incident is reviewed - if the incident is a new hazard it is recorded as such in the hazard
log
information concerning the incident is communicated to those that need to know, in order to
control risk
if no corrective action is required, the database is updated and the process ends
the corrective action is authorised and implemented then assessed for success
if the corrective action is unsuccessful, the incident is re-reviewed, corrective actions are
modified as required, details are updated in the database and the action returns for further
authorisation to proceed
if the corrective action is successful, the database is updated and the process ends
Incident raised
and recorded
Search for
related events
Review incident
Communicate
information as
necessary
Corrective
action
necessary?
No Yes
Authorise,
implement and
assess plan
No
Corrective
action
successful?
Yes
Update
database
Matrix Enhanced
Matrix Enhanced Network Fibre
MTBF=121354 H MTBF=163.549 H MTBF=621.960 H MTBF=183.960H MTBF=894251H MTBF=183.960H MTBF=621.960 H MTBF=163.549 H
MTTR=2hours
MTTR=2hours MTTR=24h
P1 Ethernet Switch OS6450-
P.MUX AMD II Service board STM 64 Port STM 64 Port Service board P.Mux AMD II
Switch 24
MTBF=600000H
MTTR=24h
MTTR=2hours MTTR=2hours
MTBF=87600H
MTBF=39800H MTBF=65000H MTBF=21400 H
Loudspeakers
PCAS MP50 Call MTBF=118600H MTBF=215800 H MTBF=96400 H MTBF=48681 H
VIPET
Workstation Station
MTTR=2hours
V400 Amplifier
Amplifier Module VAR 4 VIPA HOST
MTTR=4h MTTR=1h MTTR=4h Mainframe
MTBF=87600H
MTTR=2hours
Emergency
Comms
Push Button Input Relay Alarm Module Output Relay
Module
with Key Reset MTBF= 50,000 H
MTBF=600,000 H
MTTR=4 hours MTTR=1 hour MTTR=1 hour MTTR=1 hour MTTR=1 hour
240V AC Blue Light
UPS Display
MTTR=4 hours MTTR=1 hour MTTR=1 hour MTTR=1 hour MTTR=1 hour
Function General
Analysts: Fred Person, Joe Smith
1 Secure wheel bearings and wheel set
Item/Assembly Name: Bogie Assembly Drawing No: BOG-123 2 Maintain wheels to track gauge
Part No: GOB-457-631 3 Provide 1kN braking force per wheel set
Functional Description: Provides the interfacing and suspension of the 4 Permit low friction axle rotation
train body to the track
Function Part Failure Cause of Local Effect % Failure Tasks Type Period Latitude Insp Comments
Mode Failure Rate
Secure wheel Bogie Wheel Bearing Wheel 100 1/1000 Wheel bearing cradle S 6 month
bearings and frame bearing cradle bearing inspection
wheel set unsecured cracked vibration
Maintain Wheel Wheel to Axle cracks Wheel gauge 100 1/5000 Wheel set gauge S 6 month
wheels to track set track gauge mismatch to inspection
gauge lost track gauge
Provide 1kN Brake Reduced Brake pads Reduced 100 1/5000 Brake pad thickness S 6 month
braking force assembl braking worn beyond braking on inspection
per wheel set y force limits bogie set
Permit low Wheel Bearing Metal fatigue Wheel 100 1/10000 Bearing inspection and C 3 month
friction axle Bearing friction & bearing bearing replacement
rotation increase seizure overheat
Figure 4 - Fault tree failure of electrical interlocking system (sample fragment from Railtrack EE&CS Report)
Figure 5 - Fault tree for exceeding safe speed (sample fragment from ETCS Application Level 1 - Functional Fault Tree)
Select ticket type at ticket vending machine Incorrect ticket type selected Machine buttons labelled with the various ticket types
Machine visual display showing ticket type selected
Select destination at ticket vending machine Incorrect destination selected Machine buttons labelled with the various destinations
Machine visual display showing destinations
Enter coins into ticket vending machine Coins inserted into the notes reader Ticket vending machine has coin slot labelled
Enter notes into ticket vending machine Notes inserted into the coins slot Ticket vending machine has the notes reader labelled
Notes inserted upside down or back to front Machine labelled with a diagram showing the correct note
orientations
Transport the ticket Ticket bent in transit “Do not bend this ticket” marked on the ticket
Ticket made from flexible plastic to avoid damage
Ticket dropped or crushed Ticket size allows ticket to be placed in a wallet or purse
Insert ticket into ticket reader Ticket inserted upside down “Travel Card” marked on upside of the ticket
Ticket inserted back to front Direction arrow marked on the upside of the ticket
Maintenance Functions Possible Effect Escalation Failure Maintenance task Maintenance task intervals
item associated failures modes effect recognition options
Platforms Entry and exit Unable to Platform Passengers Visual Replace platform Daily cleaning, inspection
access provide entry or blocked to unable to inspections panels and testing
exit access passengers use the for 6 monthly service
escalator damage inspection and testing
Testing
Steps Support standing or Unable to Steps not Passengers Visual Replace steps Daily cleaning, inspection
walking passengers support safe for unable to inspections and testing
passengers passengers use the for 6 monthly service
escalator damage inspection and testing
Testing
Tracks Provides running Unable to Steps unable Passengers Testing Lubricate tracks Daily testing
surface for the steps provide running to move unable to Replace tracks 6 monthly service
surface for the ride on inspection and testing
steps escalator
Provides running Unable to Handrails Passengers Visual Lubricate tracks Daily testing
surface for the provide running unable to unable to inspections Replace tracks 6 monthly service
handrails surface for the move use handrail for inspection and testing
handrails for support damage
Testing
Drive gears Provides coupling Unable to No or slow Passengers Testing Lubricate gears Daily testing
and speed provide coupling movement of unable to Replace gears 6 monthly service
conversion of the and speed steps. ride on inspection and testing
motor to the steps conversion of escalator
the motor to the
Maintenance Functions Possible Effect Escalation Failure Maintenance task Maintenance task intervals
item associated failures modes effect recognition options
steps
Provides coupling Unable to No or slow Passengers Testing Lubricate gears Daily testing
and speed provide coupling movement of unable to Replace gears 6 monthly service
conversion of the and speed handrails use handrail inspection and testing
motor to handrails conversion of for support
the motor to
handrails
Hand rails Provides support Handrails No handrails Passengers Visual Replace handrails Daily cleaning, inspection
and stability to unable to unable to inspections and testing
passengers support use handrail for 6 monthly service
passengers for support damage inspection and testing
Testing
Motors Provides driving Unable to drive No or slow Passengers Testing Replace motors Daily testing
force for handrails the handrails or movement of unable to 6 monthly service
and steps steps steps or ride on inspection and testing
handrails escalator
Control Regulates speed of Unable to drive No or slow Passengers Testing Replace motors Daily testing
system steps and handrails the handrails or movement of unable to 6 monthly service
steps steps or ride on inspection and testing
handrails escalator
Emergency Halts movement of Unable to halt Steps and Passenger Testing Replace components Daily testing
stop system steps and handrails steps and handrail injuries 6 monthly service
in an emergency handrails movement inspection and testing
situation
Glass Protects passengers Unable to Exposed Passenger Visual Replace components Daily inspection
screens from moving protect moving parts injuries inspections for
components passengers from damage
moving
components
Protects passengers Unable to Passengers Passenger Visual Replace components Daily inspection
protect inspections for
© State of NSW through Transport for NSW 34 of 36
T MU AM 06002 GU
AEO Guide to Reliability, Availability and Maintainability
Version 1.0
Issued date: 27 July 2015
Maintenance Functions Possible Effect Escalation Failure Maintenance task Maintenance task intervals
item associated failures modes effect recognition options
from falling passengers from fall off steps injuries damage
falling
FRACAS No. Company name System name Part description Part number Opened by Opened Closed
date date
F-0001 Cyberdyne Systems T-101 CPU Core CPU-XXX-001 John Connor 13/05/2015 30/06/2015
Description of problem Description of failure analysis Description of corrective action taken Remarks
Central Computer Motherboard failure Visual inspection revealed solder Automate component placement and Corrective actions to be
bridging address bus tracks on soldering process to reduce human error implemented in next
central computer motherboard, Resin-coat PCB prior to component scheduled production run
leading to CPU core failure placement and soldering to reduce solder on 01 July 2015
splash impact
Increase lot inspection frequency of
motherboard PCB manufacturing process