[ISO 26262] #9. AIAG-VDA FMEA

AIAG-VDA FMEA

In the Safety Analysis of the ISO 26262 functional safety standard, Inductive Analysis is required for all ASILs (A, B, C, D). Deductive Analysis usually performs FMEA.

Recently, FMEA is performed by AIAG-VDA FMEA, which consists of a total of 7 steps.


  1. Planning & Preparation
    1. Ascertain at what level the FMEA is developed
    2. Clarify the what is included and excluded
    3. FMEA Project Plan
    4. Clarity on Roles and Responsibilities
  2. Structure Analysis
    1. Breakdown the design into systems, sub-systems and components
    2. Understand the system better
  3. Function Analysis
    1. Allocate functions and requirements of customers & other stakeholders are mapped to system elements
  4. Failure Analysis
    1. Identify the failure causes, modes and effects and explore their relationships
  5. Risk Analysis
    1. Estimate the risk by estimating Sev, Occ and Det Ratings.
    2. Assign Action Priority needed to prioritize actions
  6. Optimization
    1. Take actions to mitigate the risks
    2. Assess the effectiveness the actions taken
  7. Results Documentation
    1. Communication results of DFMEA to management and drive adoption and continuous improvement

For reference, steps 1 to 3 are classified as System Analysis, steps 4 to 6 are classified as Failure Analysis & Risk Mitigation, and step 7 is classified as Risk Communication.


In this section, we will explain the procedure and examples of each step of AIAG-VDA.

1. Planning & Preparation

  • Plan Team, Timing, Intent, Tool, Taks, etc.
  • This section contains the following contents:
image 33


2. Structure Analysis

In the Structure Analysis stage,

  • By writing the System Context Diagram (ibd), the subsystems, assemblies, subassemblies, and components that make up the system to be analyzed are derived (In-Scope), and the interfaces between these system components and the system peripheral elements (Out-Scope) are derived.
This image show system context diagram for structure analysis of AIAG-VDA-FMEA
  • Based on the Context Diagram, a Structural Diagram is created that represents the hierarchy of the system components. The figure below was created using the SysML Internal Block Definition Diagram, and only the Starting Motor component is emphasized.
image 36
image 37


3. Function Analysis

The purpose of Functional Analysis is to It is to assign functions or requirements to each derived system component. In order to analyze the functions of each component analyzed in the Structure Analysis, let’s first create a Functional Analysis Diagram. The Functional Analysis Diagram is a method of decomposing functions in a top-down manner to determine what functions the components must perform in order to perform the highest function, as in the Activity Diagram below.

image 39

After completing the functions of each system component performed in the Structure Analysis of FMEA through the Functional Analysis Diagram, add the following to the Function Analysis of the FMEA Template. (In the following Template, cells of the same color represent the same system component-function pair. For example, Crank the combustion engine is a function of the Electric Starter System.)

image 40

Add rows to add the functions of each system component to the Template based on the System Structure Analysis. Note that multiple Focus Elements and Next Lower Level functions can be created for the same 1. Next Higher Level function.


4. Failure Analysis

In the Failure Anaysis step, the cause that prevents each function derived from the Function Analysis step from operating normally is derived. In other words, the reason why the system element of STEP 2 cannot perform the function of STEP 3 (i.e., the failure mode) is written in STEP 4.

image 41

For example, the failure mode that prevents the Electric Starter System from implementing the Start the Engine function is No Crank. Or, the failure mode that prevents the Start Motor from implementing the “Converts electrical energy to mechanical energy to rotate the pinion gear” function is “Water Entry through Terminal Cover into the starter motor resulting moisture in coil.”

In this way, for all system elements and functions, the failure modes that prevent each function from operating properly are written in the Failure Analysis. For reference, since the current focus of FMEA is the Focus Element of Structure Analysis, the Failure Mode of the Focus Element is written in the Failure Mode of the Template, the Failure Mode of the Next Higher Level element becomes the Failure Effect (i.e., the result of the failure), and the Next Lower Failure Mode becomes the Failure Cause (i.e., the cause of the failure).

For reference, there can be multiple Failure Modes for one Failure Effect. Similarly, there can be multiple Failure Causes for one Failure Mode.


5. Risk Analysis

After completing the derivation of the function and failure mode of each system element, the Severity, Occurance, and Detection Value of each Failure Cause are rated. In general, Rating is based on the Sev, Occ, and Detect Rating Tables held by each organization, as shown in the following tables.

image 42
image 43
image 44

Before rating Occurrence and Detection, establish Prevention Control and Detection Control. Based on each Control, Occurrence and Detection Value are rated based on the Table.

  • Prevention Controls: Provide information or guidance used as input to design (Ex: Design & Material Standards, Performance Specifications, Error Proofing, Design Process Standards Documentation). It is associated with Occurrence value.
  • Detection Controls: Established verification and validation process to detect the failure, when it occurs. (Ex: Various Lab & field Tests, FEA, Performance Data Collection, Observation, DOE). It is associated with Detection value.

In previous versions of FMEA, Severity, Occurrence, and Detection Value were all rated, and then the Risk value (RPN) was calculated by multiplying the three values, and actions were taken for the Risk with a large value. However, starting with the AIAG-VDA FMEA version, the method of prioritizing Risk was changed to prioritizing Actions according to the importance of Risk reduction. In this method, Severity is given a large weight to prioritize. (That is, if Severity is 9 – 10, Action Priority is at least 9 – 10.)

Action Priority is rated in three levels: High, Medium, and Low, and the meaning of each level is as follows:

  1. High : The team must either identify an appropriate action to improve prevention and / or detection controls or justify and document why current controls are adequate
  2. Medium : The team should identify appropriate actions to improve prevention and / or detection controls, or, at the discretion of the company, justify and document why controls are adequate
  3. Low : The team could identify actions to improve prevention or detection controls

The following table is used as a reference for assigning Action Priority.

image 46

The table after completing the Risk Analysis is as shown in the image below.

image 48


6. Optimization

STEP 6 In the Optimization stage, for Failure Causes with Action Prority of High and Medium, establish Actions to mitigate Risk, and enter who will do it by when and the current Status. (Status can be classified as Open, Decision Pending, Implementation Pending, Completed, Discarded.)

Then, when the Actions are completed, the evidence for completion, the completion date, and finally the Severity, Occurrence, and Detection Value are re-rated, and finally, the Action Priority is checked to see if it becomes Low. This step can be repeated multiple times if necessary.

image 49


7. Results Documentation

The final step is to create a report document that summarizes the FMEA results and reports them to Management. This report document can include a summary of the Pending or Highlighted Key Action Items.


[ISO 26262] #1. Part4-6 Technical Safety Concept (TSC)

[ISO 26262] #2. Safety Mechanisms for Electrical and Electronic

[ISO 26262] #3. Safety Mechanism for Processing Unit

[ISO 26262] #4. Safety Mechanisms for IO units and Interfaces

[ISO 26262] #5. Safety Mechanisms for Communication Bus

[ISO 26262] #6. Safety Mechanisms for Power Supply

[ISO 26262] #7. Safety Mechanisms for Temporal monitoring and logical programme sequence monitoring

[ISO 26262] #8. Safety Mechanism for Sensors and Actuators

Leave a Comment