Hazard Operability Analysis - polimi.it

Prof. Enrico Zio

Hazard Operability Analysis

Prof. Enrico Zio

Politecnico di Milano

Dipartimento di Energia

Prof. Enrico Zio

HAZOP

• Qualitative

• Deductive (search for causes)

• Inductive (consequence analysis)

AIM:

Identification of possible process anomalies and

their associated causes and consequences

Prof. Enrico Zio

HAZOP

Initially developed to analyze chemical process

systems; later extended to complex operations and

other types of systems (e.g., software)

It is a qualitative, structured and systematic

examination of a planned or existing process or

operation in order to identify and evaluate problems

that may represent risks to personnel or equipment, or

prevent efficient operation

Deductive (search for causes)

Inductive (consequence analysis)

Prof. Enrico Zio

HAZOP: When?

Design

Phase

Completeness

of HAZOP

study

Impact of

results on

Design

HAZOP as a final check

upon detailed design

HAZOP study: better later than never. It may also be

performed on an existing facility (improvement of the

operability, risk reduction)

Prof. Enrico Zio

HAZOP: Who?

HAZOP team members (multidisciplinary):

Team Leader (HAZOP experienced)

Project engineers

Process engineers

Instrument/electrical engineers

Safety engineers

Maintenance Engineers

….

Prof. Enrico Zio

HAZOP: How?

1. Clearly identify the study nodes, i.e., the locations

(e.g., on piping) at which the process parameters are

investigated

2. Identify the functionally independent process units

(pumps, vessels, heat exchangers, etc.) that are

between the nodes (which cause changes in the

parameters between nodes)

3. For each node identify its operation modes (start-up,regime, shut-down, maintenance, etc.) and thecorresponding plant configurations (valves open orclosed, pumps on or off, etc.)

4. For each node in each of its operation modes,identify the possible deviations from nominalbehavior, by compiling an HAZOP table

Prof. Enrico Zio

HAZOP: Procedure steps

1. Decompose the system in functionally independent process units

2. For each process unit identify its operation modes (start-up, regime, shut-down, maintenance, etc.) and configurations (valves open or closed, pumps on or off, etc.)

3. For each process unit in each of its operation modes, identify the possible deviations from nominal behavior, by compiling an HAZOP table

Prof. Enrico Zio

HAZOP: Procedure steps

specify unit in/out fluxes (energy, mass, control signals, etc.) and process variables (temperature, flow rate, pressure, concentrations, etc.)

write down unit functions (heating, cooling, pumping, filtering, etc.)

apply keywords (low, high, no, reverse etc.) to the unit process variables and functions => process deviations

for each process deviation (qualitatively) identify its possible causes and consequences

Prof. Enrico Zio

HAZOP TABLE

Source: IEC 61882

Prof. Enrico Zio

HAZOP: A synoptic

Taken from Rausand, M. and Høyland, A.: "System Reliability Theory: Models,

Statistical methods, and Applications" (2nd ed.), Wiley, Hoboken, 2004

Prof. Enrico Zio

HAZOP: Details of procedure steps

Specify elements: in/out fluxes (e.g., energy, mass, controlsignals, etc.), process variables (e.g., temperature, flow rate,pressure, concentrations, etc.), etc.

Flow Composition pH

Pressure Addition Sequence

Temperature Separation Signal

Mixing Time Start/stop Stirring Phase

Operate Transfer Speed

Level Maintain Particle size

Services Viscosity Measure

Communication Reaction Control

Prof. Enrico Zio



Apply Guide-Words to the unit process variables and in/outfluxes => process deviations

Guide-word Meaning Example

No (not, none) None of the design intent is achieved No flow when production is expected

More (more of, higher) Quantitative increase in a parameter Higher temperature than designed

Less (less of, lower) Quantitative decrease in a parameter Lower pressure than normal

As well as (more than) An additional activity occurs Other valves closed at the same time

(logic fault or human error)

Part of Only some of the design intention is

Achieved

Only part of the system is shut down

Reverse Logical opposite of the design intention

occurs

Back-flow when the system shuts

down

Other than

(other)

Complete substitution - another activity

takes place

Liquids in the gas piping

Early /late The timing is different from the intention

Prof. Enrico Zio



Apply keywords (low, high, no, reverse etc.) to the unit processvariables and in/out fluxes => process deviations

For each process deviation (qualitatively) identify its possiblecauses and consequences

Prof. Enrico Zio

HAZOP TABLE

UNIT :

OPERATION MODE:

Keyword Deviation Cause Consequence Hazard Actions needed

More More Temperature

Additional Thermal Resistance

Higher pressurein tank

Release due to Overpressure

Install high temperature warning and pressurerelief valve

Prof. Enrico Zio

HAZOP TABLE

Keyword Deviation Cause Consequence Hazard Actions needed

More More Temperature

Additional Thermal Resistance

Higher pressurein tank

Release due to Overpressure

Install high temperature warning and pressurerelief valve

1. Identify the deviation (install an alarm)

2. Compensate for the deviation (automatic control system)

3. Prevent the deviation from occurring

4. Prevent further escalation of the deviation (plant shut-down)

5. Relieve the process from the hazardous deviation (pressure safety valve)

UNIT :

OPERATION MODE:

Prof. Enrico Zio

EXAMPLE: SMALL EXTERNAL POOL

The water of the pool is in re-circulation through pumps that aspire the water of the

compensation tank making it pass through the treatment organs before throw it

again in the pool.

SYSTEM TO

CORRECT WATER

PH

SYSTEM TO

DISINFECT THE WATER

SYSTEM TO

FILTER

THE WATER

Prof. Enrico Zio

HAZOP TABLEThe objective of the HAZOP analysis is to identify the possible deviations to the

normal operation that can contribute to the reduction of the quality of the water.

Prof. Enrico Zio

SYSTEM: shell & tube heat exchanger

Study Node: 1

Operational Mode: Nominal Conditions

Design Intent: P= 2bar, T=20°C, Flow=1l/sec

Process fluid

Cooling water

Hazop: example

12

3

4

Prof. Enrico Zio

Solution

Guide

WordElement Deviation Causes Consequences Action

LESS FLOW Less flow of cooling

water

Pipe blockage Temperature of

process fluid remains

constant

High Temperature

Alarm

NONE FLOW No cooling water flow Failure of inlet cooling

water valve to open

Process fluid

temperature is not

lowered accordingly

Install

Temperature

indicator before

and after the

process fluid line

Install TAH

MORE FLOW More cooling flow Failure of cooling water

valve

Temperature of

process fluid decrease

Low Temperature

Alarm

REVERSE FLOW Reverse s cooling fluid

flow

Not credible Not credible Not credible

MORE PRESSURE More pressure on tube

side

Failure of process fluid

valve

Bursting of tube Install high

pressure alarm

.... ... .... …. …. ....

Prof. Enrico Zio

HAZOP results

•Improvement of system or operations

– Reduced risk and better contingency

– More efficient operations

•Improvement of procedures

– Logical order

– Completeness

•General awareness among involved parties

Prof. Enrico Zio

HAZOP: Strength

1. Simple and systematic (computer tools available)

2. Include consequence effects also on other units: domino effects.

3. Covers human errors

4. Covers safety as well as operational aspects

5. It gives good identification of cause and excellent identification of critical deviations.

6. HAZOP is an excellent well-proven method for studying large plant in a specific manner.

Prof. Enrico Zio

HAZOP: weakness

1. Very time consuming and laborious (boredom for

analysts)

2. Tends to generate many failure events with

insignificance consequences and generate many

failure events which have the same consequences

3. Does not identify all causes of deviations (it may

omit some scenarios)

4. Does not allow to consider with multiple-combination

events

5. Gives little account to the probabilities of events or

consequences (meaningfulness of deviations are

expert judgment based)

Prof. Enrico Zio

HAZOP: comments

1. Include consequence effects also on other units: domino effects.


3. Subjective (relies on analyst’s expertise)

4. Often used in support to the construction of FT and for RCM

Prof. Enrico Zio

Questions:

1. What is the different between FMEA and HAZOP?

2. Who should take the job of making FMEA and HAZOP?

3. How to improve the FMEA and HAZOP?

Prof. Enrico Zio

Failure Mode and Effects Analysis

Prof. Enrico Zio

Politecnico di Milano

Dipartimento di Energia

Prof. Enrico Zio

FMEA

• Qualitative

• Inductive

AIM:

Identification of those component failure

modes which could fail the system (reliability)

and/or become accident initiators (safety)

Prof. Enrico Zio

▪ Developed by the U.S. Military (MIL-P-1629 “Procedures for

performing a failure mode, effects and criticality analysis” 1949)

▪ FMEA/FMECA is the most widely used risk analysis technique

▪ Qualitative

▪ Inductive (consequence analysis)

▪FMEA is often used as a synonym for FMECA. The distinction

between the two terms has become blurred. In this presentation, the

two terms are used indifferently

▪Letter ‘C’ in FMECA indicates that a Criticality Analysis (CA) is

performed with the aim of ranking the various failure modes

FMEA/FMECA

Prof. Enrico Zio

FMEA

▪FMEA is usually carried out by a team of

members with diverse skills (multidisciplinary)

▪If performed as a timely, iterative activity, it is

an effective tool in the decision making process

Design

FMECA Criticalities

Revise

DesignFMECA

LOOP

Prof. Enrico Zio

FMEA

▪Late implementation or restricted

application of the FMEA dramatically limits

its effectiveness in improving the design or

process

▪When any product or process changes are

made, the FMEA is updated and the effects of

new failure modes introduced by the

changes carefully assessed

Prof. Enrico Zio

FMEA: Procedure steps

1. Decompose the system in functionally independent subsystems;

2. For each subsystem identify its mission phases (start-up, regime, shut-down, maintenance, etc.) and configurations (valves open or closed, pumps on or off, etc.);

3. For each subsystem in each of its operation modes, compile a FMEA table

Prof. Enrico Zio

1. Decompose the system in functionally independent subsystems


Prof. Enrico Zio

1. Decompose the system in functionally independent

subsystems

2. Define the mission phases (e.g., start-up, shut-

down, maintenance, etc.) and their expected

durations


Prof. Enrico Zio


subsystems

2. Define the mission phases (e.g., start-up, shut-down,

maintenance, etc.) and their expected durations

3. For every mission phase, define each of the

independent units in terms of:

▪ required functions and outputs

▪ internal and interface functions

▪ expected equipment utilization and performance

▪ Internal and external restraints


Prof. Enrico Zio


subsystems









4. Construct block diagrams (evidence the

relationships between the items)


Prof. Enrico Zio

Motor

subsystem

Electric

subsystem

EXAMPLE: car

Prof. Enrico Zio


subsystems









4. Construct block diagrams (highlight the

relationships between the items)

5. Compile the FMEA table


Prof. Enrico Zio

FMEA TABLE

SUBSYSTEM:

OPERATION MODE:

component

Failuremode

Effects on other

components

Effects on

subsystem

Effects on plant

Probability* Criticality+

Detection

methods

Protections and

mitigation

Remarks

Description

Failure modes

relevant for the

operational mode

indicated

Effects of failure

mode on adjacent

components and

surrounding environmen

t

Effects on the

functionality of the

subsystem

Effects on the

functionality and

availability of the

entire plant

Probability of failure

occurrence(sometimes qualitative)

Criticality rank of

the failure mode on the basis

of its effects

and probabilit

y (qualitativ

e estimation of risk)

Methods of

detection of the

occurrence of the failure event

Protections and

measures to avoid the

failure occurrence

Remarks and

suggestions on the need to consider

the failure mode as accident initiator

Probability: negligible, rare, likely, very likely

Criticality: safe, marginal, critical, catastrophic

Prof. Enrico Zio

Failure mode: The manner by which a failure is

observed. Generally, it describes the observable

effect of the mechanism through which the failure

occurs (e.g., short-circuit, open-circuit, fracture,

excessive wear)

component Failuremode

Effects on other

components

Effects on subsystem

Effects on plant

Probability* Severity + Criticality Detection methods

Protection and

mitigation

Description Failure modes

relevant for the

operational mode

indicated

Effects of failure mode on adjacent components

and surrounding environment

Effects on the


subsystem

Effects on the

functionality and

availability of the entire

plant



Worst potential consequences

(qualitative)

Criticality rank of the

failure mode on

the basis of its effects

and probability (qualitative estimation

of risk)

Methods of detection of

the occurrence of the failure

event

Protections and


failure occurrence

FMEA TABLE

Prof. Enrico Zio


Effects on other

components


Effects on plant


Protection and

mitigation


relevant for the

operational mode

indicated



Effects on the


subsystem

Effects on the

functionality and


plant




(qualitative)


failure mode on



of risk)



event

Protections and


failure occurrence

Failure effect: the consequence(s) a failure mode has

on the Operation, Function or Status (OFS) of an item

In some contexts, the effects are distinguished in:

•Local effects: on the OFS of the specific item being

analyzed

•Next higher level: on the OFS of the next higher

indenture level

•End effects: on the OFS of the highest indenture level

FMEA TABLE

Prof. Enrico Zio


Effects on other

components


Effects on plant


Protection and

mitigation


relevant for the

operational mode

indicated



Effects on the


subsystem

Effects on the

functionality and


plant




(qualitative)


failure mode on



of risk)



event

Protections and


failure occurrence

OUTPUT: suggestions to improve the design and/or remarks of

barriers already considered in the current design

Corrective actions: A documented design, process, procedure, or

materials change implemented and validated to correct the cause of

failure or design deficiency

Compensating provisions: Actions that are available or can be taken

to negate or mitigate the effect of a failure on a system

FMEA TABLE

Prof. Enrico Zio


Effects on other

components


Effects on plant


Protection and

mitigation


relevant for the

operational mode

indicated



Effects on the


subsystem

Effects on the

functionality and


plant




(qualitative)


failure mode on



of risk)



event

Protections and


failure occurrence

Criticality Analysis (CA): a procedure by which each

potential failure mode is ranked according to the

considered criticality index.

The objective of CA is to identify the most importantcomponents from the safety/performance point of view

There are different approaches to CA, which depend onthe type of FMECA

FMEA TABLE

Prof. Enrico Zio

EXAMPLE: SMALL EXTERNAL POOL

The water of the pool is in re-circulation through pumps that aspire the water of the

compensation tank making it pass through the treatment organs before throw it

again in the pool.

SYSTEM TO

CORRECT WATER

PH

SYSTEM TO

DISINFECT THE WATER

SYSTEM TO

FILTER

THE WATER

Prof. Enrico Zio

Ex. 1: FMECA

The objective of the FMECA analysis is to identify the possible failure modes

of the different components and their effect to the normal operation that can

contribute to the reduction of the quality of the water.

Criticality

classFrequency

Marginal Reasonably

probable

Marginal Remote

Marginal Probable

Critical Reasonably

probable

Marginal Remote

Prof. Enrico Zio

FMEA: comments

1. Only single failures, except for standby and protection components

2. No common cause failures

3. At system design phase, no components but functions


5. Subjective (relies on analyst’s expertise)

6. Often used in support to the construction of FT and for RCM

Prof. Enrico Zio

DIFFERENT TYPES OF FMECA

Prof. Enrico Zio

The way in which the FMEA study is performedstrongly depends on:

▪The objective (Design-FMEA, Process-FMEA)

Causes of the Failure Modes Indenture levels

D-FMEA Due to the concepts of the

design of the product

•System

•Subsystems

•Components

•…

P-FMEA Due to the manufacturing

of the product

•Process

•Process Phase

•Elementary operation

FMECA

Prof. Enrico Zio

Design-FMEAs

The primary objective of a D-FMEA is to uncover

potential failures associated with the current

design of the product that could cause:

▪Product malfunctions.

▪Shortened product life.

▪Safety hazards while using the product.

Design-FMEAs should be used throughout the

design process, from preliminary design until

the product goes into production.

D-FMEA: Improve the design

Prof. Enrico Zio

Process-FMEAsProcess-FMEAs uncover potential failures that can:

▪Impact product quality.

▪Reduce process reliability.

▪Cause customer dissatisfaction.

▪Create safety or environmental hazards.

Ideally, P-FMEAs should be conducted prior to start-up of a new

process, but they can be conducted on existing processes as well.

The focus is the

performance of

the process

Severity ranking

D-FMEA: Improve the process

Prof. Enrico Zio



▪The industrial field (Aerospace, Military, Nuclear,Automotive, Oil & Gas, etc.)

FMEA

Prof. Enrico Zio

▪MIL-STD-1629: “Procedures for performing a failure mode, effects andcriticality analysis”

▪IEC 60812: “Procedures for failure mode and effect analysis (FMEA)”

▪BS 5760-5: “Guide to failure modes, effects and criticality analysis

(FMEA and FMECA)”

▪ECSS-Q-30-02A: Failure Mode and Effect and Criticality Analysis

(FMECA)

▪SAE ARP 5580: “Recommended failure modes and effects analysis

(FMEA) practices for non-automobile applications”

▪SAE J1739: “Potential Failure Mode and Effects Analysis in Design

(Design FMEA) and Potential Failure Mode and Effects Analysis in

Manufacturing and Assembly Processes (Process FMEA) and Effects

Analysis for Machinery (Machinery FMEA)”

▪SEMATECH: “Failure Modes and Effects Analysis(FMEA): A Guide for

Continuous Improvement for the Semiconductor Equipment Industry”

FMEA: the industrial fields

Prof. Enrico Zio

The main difference between the different standards lies in theway in which the Criticality Analysis is performed

In general, the greater the criticality and the more urgent the

need for implementing corrective action

Qualitative Methods: Risk Matrix

Likelihood

Severity

Negligibl

e

Minor Medium Major Severe

Almost Certain M H H VH VH

Likely M M H H VH

Possible L M M H VH

Unlikely L M M M H

Rare L L M M H

LEGEND:

L=Low

M=Medium

H=High

VH=Very High

ALARP: As Low

As Reasonably

Practicable

FMEA: the industrial fields

Prof. Enrico Zio

Quantitative Methods

•RPN=Severity x Probability x Detectability

•Criticality Number (CN): Severity x Probability

•Criticality Index Ic= Σi=1:n λ x αi x βi x t

•λ = failure rate of the item

•αi = portion of the item’s unreliability due to the i-th failure mode

•βi = probability that the i-th failure mode leads to the considered loss (or

severity)

•t = Operating time

•n = number of failure modes of the item

threshold

severity

Rank

Compare to a

threshold

FMEA/FMECA: the industrial fields

Prof. Enrico Zio

The way in which the FMEA study is performed stronglydepends on:


▪The industrial field (Aerospace, Military, Nuclear,Automotive, etc.)

▪The design phase (Functional-FMEA, Hardware-FMEA)

FMEA

Prof. Enrico Zio

Variations in design complexity and available data will

generally dictate the analysis approach to be used

Hardware Approach: lists individual hardware items and

analyzes their possible failure modes. It is normally used when

hardware items can be uniquely identified from schematics,

drawings, and other engineering and design data

Functional approach: recognizes that every item is designed

to perform a number of functions that can be classified as

outputs. It is normally used when hardware items cannot be

uniquely identified or when system complexity requires

analysis from the initial indenture level downward. The

outputs are listed and their failure modes analyzed

For complex systems, a combination of the functional and

hardware approaches may be considered

FMEA: the design phase

Prof. Enrico Zio

Functional approach

FMEA: the design phase

Prof. Enrico Zio


▪1. The objective (Design-FMEA, Process-FMEA)

▪2. The industrial field (Aerospace, Military, Nuclear,Automotive, etc.)

▪3. The design phase (Functional-FMEA, Hardware-FMEA)

▪4. The indenture level (Component-FMEA, System-FMEA)

FMEA

Prof. Enrico Zio

A complex system is made up of a number ofsubsystems and items

In general, the design of a complex system defines therequirements of its subsystems, which are designed bysuppliers according to the corresponding requirements

Each of the suppliers provides a component FMEA,which is used to carry out the System FMEA

FMEA: the indenture levels

Prof. Enrico Zio

Component FMECA:

Example: on-board battery of an aerospace system

FMEA

Prof. Enrico Zio

Component FMECA:

Example: on-board battery of an aerospace system

Fault TreeNeutralization

system

FMEA

Prof. Enrico Zio

▪Ensure that all conceivable failure modes and their effects on

system operational success have been considered

▪FMECA is an essential reliability task, which provides information

to:

1. Assist in selecting design alternatives with high reliability

and high safety potential (early design phases)

2. Develop early criteria for test planning and requirements for

test equipment

3. Provide historical documentation for future reference to aid

in analysis of field failures and consideration of design

changes

4. Provide a basis for maintenance planning

5. Provide a basis for quantitative reliability and availability

analyses

6. Provide a basis for survivability and vulnerability analyses

FMEA: Strength

Prof. Enrico Zio

▪Often used in support to the construction of FT and for

RCM

▪The concept and application are easy to learn, even by a

novice

▪The approach makes evaluating even complex systems

easy to do

▪Computer tools available

FMEA: Strength

Prof. Enrico Zio

▪ No common cause failures

▪ Subjective (relies on analyst’s expertise)

▪ Inadequate attention given to human errors

▪ The approach is not suitable for multiple failures

▪ The FMECA process may be time-consuming and

expensive

FMEA: Weakness

Prof. Enrico Zio

FMEA Example

Consider a ball valve, which is made up of the following subsystems:

Body

Closure

Ball

Stem

Splined Shaft

Miscellaneous parts (Studs,

Keys, etc.)

Stem

Seat Ring

O-Ring

Splined

Shaft

Ball

Body

Bearing

Closure

Stud nut

Drain

Prof. Enrico Zio

Closure

FMEA Example

Perform a FMEA for the following components: Body

Stem

Seat Ring

Severit

y level

5 Major damage to other

systems/ subsystems

4 Major damage to the

considered part

3 Major loss of

performance (intended

use not completely

fulfilled)

2 Small loss of

performance (main

functions not affected)

1 Negligible effects

Stem

Seat Ring

O-Ring

Splined

Shaft

Ball

Body

Bearing

Stud nut

Drain

Prof. Enrico Zio

Severity level

5 Major damage to other systems/ subsystems

4 Major damage to the considered part

3 Major loss of performance (intended use not completely fulfilled)

2 Small loss of performance (main functions not affected)

1 Negligible effects

Likelihood level

H High

M Medium

L Low

R Rare

5 4 3 2 1

H C C C C

M C C C

L C C

R C

Prof. Enrico Zio

Solution

Failure Modes and Effects Criticality Analysis

System: Ball Valve Date: Sheet: 1 of 1

Subsystem: Body Authors:

No FM Cause Local Effect System Effect

Seve

rity

Occ

urr

en

ce

Cri

tica

lity

Compensating Provision/ Mitigation acts

1 Breakage

Incorrect forging process; erroneous design

Pressure drop

external leakage 5 R Yes

Non-destructive tests; qualification test; material acceptance test; calculation procedure in conformity with international standard

2 Warpage

shocks due to external objects; incorrect forging process;

Pressure drop

Possible externalleakage, internal parts jammed 3 R No

Qualification test; material acceptance test

Prof. Enrico Zio

Solution



Subsystem: STEM Authors:


Seve

rity

Occ

urr

en

ce

Cri

tica

lity


1 Breakage

Incorrect forging process; erroneous design

Pressure drop; loss of open/close capability

Loss of open/close capability;external leakage 5 R yes

Non-destructive tests; qualification test; material acceptance test; calculation procedure in conformity with international standard

2 Warpage

Shocks due to external objects; incorrect forging process; Pressure drop

Possible external leakage 3 R No Qualification test; material acceptance test

3 Jamming

Excessive warpage; dirt accretion; small design tolerance; center thrown off; inadequate coating

Excessive maneuver torque

Loss of open/close capability 4 L Yes

design verification; acceptance test

4 Corrosion

dirt accretion; center thrown off; chemically harsh fluids

Excessive maneuver torque;pressure drop

Possible external leakage, internal parts jammed 4 L Yes

Analysis of customer's requirements; welding facing

Prof. Enrico Zio

Solution



Subsystem: seat ring Authors:


Seve

rity

Occ

urr

en

ce

Cri

tica

lity


1 Breakage

Mounting error; manufacturing errors; incorrect design; Pressure drop

Loss of open/close capability; 4 L Yes

Training of personnel; qualification test; material acceptance test; design verification

2 Corrosion

dirt accretion; chemically harsh fluids

Internal leakage; pressure drop

Excessive maneuver torque; 3 L No

Attention paid to material analysis during design and acceptance test;

Prof. Enrico Zio

Questions: Audi A4L

Basic version

31.200

Ultimate version

53.400

Prof. Enrico Zio

Questions

Basic version

31.200Ultimate version

53.400

Heated seat

Independent

air

conditioning

Dolby 7.1

sound

LED

headlamps

Prof. Enrico Zio

Questions

Basic version =22.200Ultimate version -

22.200

10.000

Basic version

Ultimate version

Heated seat

Independent

air

conditioning

Dolby 7.1

sound

LED

headlamps

Refit of Basic version!!

Prof. Enrico Zio

Questions

“Cheap Ultimate”

Basic version+10,000

41.200

“true Ultimate”

53.400

Two choices

Prof. Enrico Zio

Questions



41.200

“true Ultimate”

53.400

After 3 years…

Prof. Enrico Zio

Questions



41.200

“true Ultimate”

53.400

Without FMECA to the new

components bring by refit.

Unknown potential risk

and hazard!

With FMECA to the all the

components.

Price of FMECA!

53.400-41.200=12.200

Hazard Operability Analysis - polimi.it

Documents

Transcript of Hazard Operability Analysis - polimi.it