See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/369927957

Smart Failure Mode and Effects Analysis (FMEA) for the Safety-Critical
Systems in the Context of Industry 4.0

Chapter · April 2023

DOI: 10.1007/978-981-19-9909-3_7

CITATIONS READS

2 1,939

2 authors, including:

Hamzeh Soltanali
Imam Hossein University
39 PUBLICATIONS 393 CITATIONS

SEE PROFILE

All content following this page was uploaded by Hamzeh Soltanali on 11 April 2023.

The user has requested enhancement of the downloaded file.

Chapter 7
Smart Failure Mode and Effects Analysis
(FMEA) for Safety–Critical Systems
in the Context of Industry 4.0

Hamzeh Soltanali and Saeed Ramezani

Abstract In digitalized environments, advanced fault diagnosis and prognosis

approaches are widely used for system safety and reliability assessments. As a
proactive diagnosis approach, Failure Mode and Effects Analysis (FMEA) plays
a critical role in identifying system bottlenecks and mitigating the adverse conse-
quences within high-risk industries. Therefore, this chapter deals with the different
types of FMEAs, FMEA in safety–critical systems, current drawbacks, and limi-
tations of classical-FMEA theories, as well as supporting the classical form by
introducing hybrid-FMEA models that performs the uncertainty quantification and
machine learning techniques, MCDM methods, and other complementary failure
analysis approaches. Finally, it discusses about smart-FMEA platform in modern
industries and its improvements in the context of Industry 4.0.

Abbreviations

Notation Main acronyms

FMEA Failure mode and effects analysis
MCDM Multiple-criteria decision-making
FTA Fault tree analysis
HACCP Hazard analysis, critical control points
RCA Root cause analysis deployment
QSR Quality system requirements
IATF International automotive task force
AIAG Automotive industry action group
QMS International quality management system

H. Soltanali (B)
Department of Biosystems Engineering, Ferdowsi University of Mashhad, 9177948974 Mashhad,
Iran
e-mail: [email protected]
H. Soltanali · S. Ramezani
Department of Industrial Engineering, Faculty of Engineering, Imam Hossein University,
1698715461 Tehran, Iran

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2023 151
H. Garg (ed.), Advances in Reliability, Failure and Risk Analysis, Industrial and Applied
Mathematics, https://doi.org/10.1007/978-981-19-9909-3_7
152 H. Soltanali and S. Ramezani

ETA Event tree analysis

RCM Reliability centered maintenance
BWM Best-worst method
RAMS Reliability, availability, maintainability, and safety
RPN Risk priority number
S Severity
O Occurrence
D Detectability
QFD Quality function deployment
IoT Internet of Things
FM Failure mode
DEA Data envelopment analysis
HAZOP Hazard and operability analysis
QRA Quantitative risk assessment
PSA Probabilistic safety assessment
ANP Analytic network process
BOFM Brake oil filling machine

7.1 Introduction

Ensuring system safety and reliability is increasingly becoming an essential dilemma

in the digital transformation paradigm, also known as Industry 4.0, with the introduc-
tion of new technologies and a growth in system complexity [1–3]. Indeed, concerns
about reliability and safety are developing across a range of industries that play a
significant role in satisfying demand and enhancing productivity and availability
at the lowest possible cost and with the fewest possible unexpected failures [4–
6]. In order to identify and reduce process bottlenecks, proactive approaches for
analyzing the reliability and safety within high-risk sectors are critical. To achieve
this, advanced fault diagnosis and prognostic methods are extensively employed for
safety management activities, with hardware and software solutions being provided
[7–9].
In general, such advanced methods are divided into two categories: knowledge-
based and data-driven approaches to risk and reliability analysis and prediction in
a variety of settings [10–12]. Fault Tree Analysis (FTA), Hazard Analysis, Critical
Control Points (HACCP), Root Cause Analysis (RCA), and other knowledge-based
methodologies can be used for reliability and risk analysis [13–16]. The Failure Mode
and Effects Analysis (FMEA) approach is one of them, and it is extensively used in a
variety of sectors to analyze and prevent the effects of unexpected events/failures [17–
19]. FMEA technique was introduced in 1949 by the U.S. Armed Forces (Military
Procedures document MIL-P-1629) to analyze the failures according to their impact
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 153

on mission success and equipment safety. From the Apollo space program in the
1960s through the semiconductor industry, foodservice, software, and the automobile
sector, the application of the FMEA has risen dramatically since then (1980s) [20].
FMEA is one of the most fundamental methods for evaluating the level of risk as
a prelude to risk reduction, according to the Quality System Requirements (QSR)-
9000.1 This approach tries to avoid defects rather than discover them, and compa-
nies should complete FMEA assessment and approval prior to production stages.
For the IATF2 16949:2016 standard, industrial businesses must record methods for
managing product safety-related products and manufacturing processes, including
FMEA. Given the importance of effective product testing and manufacturing process
controls in product development, FMEA is also used to enhance test plans and process
controls [20]. Furthermore, FMEA has been a well-established process for improving
production quality and minimizing the severity and occurrence of failure through the
use of corrective actions [21]. In theory, FMEA is a bottom-up risk analysis tech-
nique dominated by expert knowledge, with the following steps: identifying failure
modes, evaluating their causes and consequences, assessing the risk of failure modes,
and lastly prescribing maintenance tasks for high-risk failures [22]. A Risk Priority
Number (RPN) is widely used in an FMEA to assess a process’s risk level and rank
failures and prioritize maintenance activities [23, 24]. The RPN value is computed
by multiplying three parameters, namely Occurrence (O), Severity (S), and Detec-
tion (D). On a discrete ordinal scale, they are rated from 1 to 10. Finally, the most
significant failures may be found by sorting the RPNs in ascending order [25]. As a
proactive diagnosis approach, FMEA plays a critical role in identifying system bottle-
necks and mitigating the adverse consequences within high-risk industries. With the
growth of digitalization and automation, the major aspects of FMEAs, particularly
for safety–critical systems, have received less attention in previous research. Hence,
the following are the current chapter’s main objectives:
• Defining the primary concept and types of FMEAs
• Investigating the FMEAs in safety–critical systems
• Introducing hybrid-FMEA models to overcome current uncertain issues using
machine learning techniques, Multi-criteria decision-making (MCDM) methods,
etc.
• Proposing a smart-FMEA platform for the needs of Industry 4.0 digital transfor-
mation.

1 International quality management system (QMS) standard for the automotive industry originally
developed by the American auto industry (Daimler Chrysler Corporation, Ford Motor Company,
and General Motors Corporation).
2 IATF 16949 is a global Quality Management System Standard for the Automotive industry. It was

developed by the International Automotive Task Force (IATF) with support from the Automotive
Industry Action Group (AIAG).
154 H. Soltanali and S. Ramezani

7.1.1 Types of FMEA

FMEA can also be used to establish numerous options (e.g., system, design, process,
and service), provide opportunities for fundamental diversity, improve the company’s
image and competitiveness, and increase customer satisfaction [26]. According to
the most basic and widely used handbooks, FMEA is divided into three categories:
system-FMEA, design-FMEA, and process-FMEA [27–29]. As indicated in Fig. 7.1,
several sorts of FMEAs are utilized to aid in the product development process [26,
30–32]. To analyze a collection of subsystems, system-FMEAs are used. They are
used to identify system flaws such as integration, interactions, and interfaces between
subsystems; interactions with the immediate or adjacent environment; interactions
with workers; and system safety considerations. System functions are in charge of
them. A system is a collection of parts or subsystems that work together to perform
one or more functions.
Besides, design-FMEA, which is typically managed by product/design engineers,
aims to identify and demonstrate engineering solutions that are compliant with
system-FMEA requirements and customer specifications. It is used to improve the
design of a product in order to ensure its reliability. Another goal of a design-FMEA
is to find potential product design failures that could result in product malfunctions,
shortened product life, or safety hazards while using the product. Design-FMEAs
should be used throughout the design process, from the initial concept to the final
product. Furthermore, process-FMEA is concerned with manufacturing processes.
The goal is to define how manufacturing and assembly processes can be developed to
ensure that products or technologies are built to design specifications while also maxi-
mizing the quality, reliability, productivity, and efficiency of the various processes

Fig. 7.1 Relationship of system, design, and process FMEAs (Adapted from [20])
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 155

[20]. Process-FMEAs reveal potential failures that may have an impact on product
quality, reduce process reliability, cause customer dissatisfaction, pose a safety or
environmental risk, and so on. Process-FMEAs should ideally be performed prior to
the start-up of a new process, but they can also be performed on existing processes.

7.2 FMEA Methodology

7.2.1 Classical-FMEA

The FMEA methodology is based on presenting data in a systematic configuration.

The results of the analysis are represented in Fig. 7.2. Three main steps should
be considered when implementing the FMEA methodology, which is based on
some well-known industrial handbooks [26–28]: (1) functions, potential failures,
and effects analysis; (2) cause and detection analysis; and (3) improvement actions.

Fig. 7.2 Generic FMEA worksheet [20]

156 H. Soltanali and S. Ramezani

7.2.1.1 Step 1: Functions, Potential Failures, and Effects Analysis

• Identifying functions: The purpose of this activity is to identify, clarify, and

understand the functions, requirements, and specifications that are relevant to the
specified scope. A functional block diagram for the system- and design-FMEA,
as well as a process flowchart, are advised in this case. The task that the system,
design, or process must fulfill is referred to as a function. When describing a
function, an active verb is generally employed [20].
• Identifying potential failure modes: The goal of this step is to create a list of every
possible failure mode connected with the specific function. Failure is assumed to
be a possibility but not a requirement. There are four possible failure models: (1) no
function (system is completely nonfunctional); (2) partial/over function/degraded
over time (degraded performance); (3) intermittent function (complies but loses
some functionality or becomes inoperative frequently due to external factors);
and (4) unintended function (system is completely nonfunctional) (interaction of
several elements whose independent performance is correct adversely affects the
product or process). Conducting a review of previous things that have gone wrong,
concerns, and reports, as well as using the brainstorming approach, storytelling
method, and cause-and-effect diagram, is one way to begin [20].
• Identifying potential effects of failure: The problem is to list and characterize the
effects/consequences of the failure on the system for each of the failure scenarios.
The investigation of the severity of the consequences is part of determining poten-
tial effects. The outcome and consequence of the failure on the system, design,
and process are referred to as a possible effect. This is what happens when some-
thing goes wrong. Failure’s potential consequences must be examined from two
angles: local and global ramifications. Local effects denote that the failure can be
separated from the rest of the system. The failure can have global effects, which
means it can influence other functions [20].

7.2.1.2 Step 2: Cause and Detection Analysis

• Identifying potential causes: This phase’s goal is to figure out every possible
cause of failure for each failure mode. Each failure mode may have one or more
causes, and by definition, if a cause happens, the corresponding failure mode will
as well. The occurrence ranking, or the likelihood that a certain cause will occur
during the design life, is one factor to consider when determining prospective
causes [20].
• Identifying current controls (prevention and detection): The problem is deter-
mining the design or process controls for each cause. The operations that prevent or
detect the cause of probable failures are referred to as design or process controls.
Controls for prevention define how a cause, failure mode, or effect is avoided
based on present or planned actions. The goal is to lessen the likelihood of the
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 157

problem occurring. Detection controls define how a failure mode or cause is iden-
tified before the product design is put into production. The goal is to maximize
the possibility of detecting an issue before it reaches the end-user [20].

7.2.1.3 Step 3: Improvement Actions

The goal of improvement actions is to provide engineering evaluations that will lower
overall risk and the possibility of a failure mode occurring. This can be accomplished
by estimating the Risk Priority Number (RPN) values based on three parameters:
severity (S), occurrence (O), and detectability (D). These factors are combined to
calculate the RPN, as in the following expression [33]:

RPN = D ∗ O ∗ S ∗ (7.1)

where,
• The possibility of a failure mode occurring is known as occurrence, and it is
closely tied to the equipment’s failure rate. It can take integer values in the range
[1; 10], with 10 being the most likely failure mode. The details of these scenarios
are provided in Table 7.1 [34].
• Severity of a failure’s influence on the system is measured in terms of its impact.
It can take integer values in the range [1; 10], with 10 representing the worst-case
scenario. The details of these scenarios are given in Table 7.2 [34].
• The possibility of identifying the failure mode before its effects show in the system
is indicated by detection. It can take integer values in the range [1; 10], with 10
being the least diagnosable event. The details of these scenarios are illustrated in
Table 7.3 [34].

Table 7.1 Traditional ratings

Rating Probability of failure Possible failure rate
for occurrence of a failure
mode 10 Extremely high: failure almost ≥1 in 2
inevitable
9 Extremely high: failure almost 1 in 3
inevitable
8 Repeated failures 1 in 8
7 High 1 in 20
6 Moderately high 1 in 80
5 Moderate 1 in 400
4 Relatively low 1 in 2000
3 Low 1 in 15,000
2 Remote 1 in 15,000
1 Nearly impossible ≤1 in 1,500,000
158 H. Soltanali and S. Ramezani

Table 7.2 Traditional ratings for severity of a failure mode

Rating Effect Severity of effect
10 Hazardous without warning Highest severity ranking of a failure mode, occurring
without warning, and consequence is hazardous
9 Hazardous with warning Higher severity ranking of a failure mode, occurring
with warning, and consequence is hazardous
8 Very high Operation of system or product is broken down
without compromising safe
7 High Operation of system or product may be continued, but
performance of system or product is affected
6 Moderate Operation of system or product is continued, and
performance of system or product is degraded
5 Low Performance of system or product is affected seriously,
and the maintenance is needed
4 Very low Performance of system or product is less affected, and
the maintenance may not be needed
3 Minor System performance and satisfaction with minor effect
2 Very minor System performance and satisfaction with slight effect
1 None No effect

Table 7.3 Traditional ratings for detection of a failure mode

Rating Detection Criteria
10 Absolutely impossible Design control does not detect a potential cause of failure or
subsequent failure mode, or there is no design control
9 Very remote Very remote chance the design control will detect a potential
cause of failure or subsequent failure mode
8 Remote Remote chance the design control will detect a potential
cause of failure or subsequent failure mode
7 Very low Very low chance the design control will detect a potential
cause of failure or subsequent failure mode
6 Low Low chance the design control will detect a potential cause of
failure or subsequent failure mode
5 Moderate Moderate chance the design control will detect a potential
cause of failure or subsequent failure mode
4 Moderately high Moderately high chance the design control will detect a
potential cause of failure or subsequent failure mode
3 High High chance the design control will detect a potential cause
of failure or subsequent failure mode
2 Very high Very high chance the design control will detect a potential
cause of failure or subsequent failure mode
1 Almost certain Design control will almost certainly detect a potential cause
of
failure or subsequent failure mode
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 159

Following that, it is necessary to address corrective activities to decrease or elimi-

nate probable failure modes, as well as detective actions to aid in the identification of
a weakness, based on the greatest value of RPN for each failure mode. The first two
steps of an FMEA process (prospective failures and effects analysis (identification
of potential failures and effects) and cause and detection analysis (identification of
potential causes and controls) are critical [20].

7.2.2 Hybrid-FMEA Model

Despite the widespread use of classical-FMEAs (Sect. 7.2.1) in numerous fields, they
are still subject to a variety of uncertainties and variabilities in real-world situations,
limiting their ability to be used in a reliable and accurate manner, particularly in risk
(safety) and assessment applications. According to the literature [19, 20, 34–36], the
following are the key shortcomings and limitations of classical-FMEAs:
(1) The assumption that three failure variables contribute equally to an event’s risk
factor (RPN). In practice, this is unlikely to be the case, at least in the majority
of cases. Because the Severity (S) failure factor is often more critical than
other failure factors, practitioners will often examine the occurrence (O) and
severity (S) columns of the FMEA separately from the overall RPN. Further-
more, the study does not take into consideration the participants’ experience
and competence; they are all presumed to have the same level of experience and
skills.
(2) The RPN values produced by different combinations of O, S, and D rankings may
be identical. This could lead to a false conclusion, claiming that these hazards
have the same priority when, in fact, they may have very different priorities. If
two events have O, S, and D values of 5, 1, and 10 and 5, 10, and 1, respectively,
they will both have an RPN of 50. This suggests that, despite their differences,
both hazards require the same level of attention to be mitigated. This may result
in inefficient use of limited resources and/or the omission of a high-risk failure
mode.
(3) On a discrete ordinal scale, the three risk variables O, S, and D are rated. On
the ordinal scale, however, the multiplication is meaningless. As a result, the
resulting results are not only meaningless, but also misleading.
(4) It is controversial whether the RPN is a product of O, S, and D. Some scholars
dispute why the RPN is calculated by multiplying the numerical numbers of the
failure factors.
(5) The rating transitions for the three failure mode components are distinct.
The probability table for O and O has a nonlinear relationship, whereas the
probability table for D(S) and D(S) has a linear relationship.
(6) It can be difficult to precisely determine the three risk factors. In the absence of
data for a comprehensive quantitative analysis, or when the number of failure
modes is such that a quantitative analysis is impossible, the procedure relies on
160 H. Soltanali and S. Ramezani

the subjective judgment of the team members. There is no systematic technique

to deal such subjectivity within the analysis at the moment.
(7) In the absence of quantitative data, the existing measure of utilizing numer-
ical rankings to grade failure O, S, and D might be erroneous and difficult to
award. Natural language usage may be desirable for practitioners and opera-
tives, particularly in poor nations where field operating employees are unlikely
to be numerate and would struggle to connect an arbitrary number to the state
of a piece of equipment’s probable failure O, S, or D.
Such major fluctuations in the real world may have an impact not only on the accu-
racy of predicted risk and reliability values, but also on the suggested maintenance
and safety functions. These are the primary reasons why hybrid-FMEA has attracted
the most attention from scientists in recent years. To put it another way, a modified
FMEA approach that overcomes some of the limits is required to adapt, regulate,
and reduce the existing uncertainty and variability issues of the process and ensure
that the classical-FMEA remains appropriate for future applications. According to
Fig. 7.3, the hybrid-FMEAs have been applied in four different ways to supplement
the classical models in risk (safety), reliability, and maintenance decisions:

(A) Combination with failure/event analysis approaches: Using classical-FMEA

in conjunction with other related failure and event analysis techniques (i.e., Root
Cause Analysis (RCA), Fault Tree Analysis (FTA), Event Tree Analysis (ETA),
Quantitative Risk Assessment (QRA), Probabilistic Safety Assessment (PSA),
Probabilistic Risk Analysis (PRA), Brainstorming, Hazard Analysis Critical
Control Point (HACCP), Hazard and Operability Analysis (HAZOP), Relia-
bility Centered Maintenance (RCM), etc.) would help present the connections
and relationships between various failures more effectively.

MCDM techniques
Fault/failure analysis techniques (RCA, FTA, (TOPSIS, AHP,ANP, BWM, VIKOR, MOORA,
ETA, PRA/QRA, Brainstorming, HACCP, HAZOP, WASPAS, DEMATEL, etc.)
RCM, etc.)

(A)
(B)
Hybrid FMEA
model

(D)
(C)
Fuzzy theory, Rough set theory,
Dempster-Shafer theory,Petri-nets, Markov, Other integrated methods
Bayesian, GRA, Machine Learning, etc.) (DEA, QFD, SWOT,
Ishikawa Six Sigma, A3 etc.)

Fig. 7.3 Type of hybrid-FMEA models under various uncertainty and variability issues
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 161

(B) Multi-criteria decision-making (MCDM) techniques: The use of MCDM tech-

niques such as TOPSIS, AHP, ANP, BWM, VIKOR, MOORA, WASPAS,
and DEMATEL in integrated FMEA models is extremely advantageous for
overcoming the uncertain concerns connected to weighting problems of three
elements (S, O, D) for risk and reliability analysis, as well as their discrete
ordinal scale issue, which results in meaningless and misleading results.
(C) Artificial/computational intelligence techniques: The use of uncertainty quan-
tification models (fuzzy theory, rough set theory, Shafer theory, Petri-nets,
Markov, Bayesian) and other machine learning models, among others, is another
option for mitigating the uncertainties of classical-FMEA, particularly deter-
mining accurately the risk parameters due to different types of assessment infor-
mation from the same risk factor, time constraints, inexperience, and insufficient
data.
(D) Other integrated models: To support classical-FMEAs in production and
service areas and improve their efficiency while estimating RPN that only
consider safety and ignore other important factors such as quality and cost,
their combination with other systematic approaches such as DEA, QFD, SWOT,
Ishikawa Six Sigma, A3, and so on is recommended.

7.3 FMEA for Safety–Critical Systems

7.3.1 Basic Concept and Definition

A safety–critical system, often known as a life-critical system, is one whose failure

or malfunction might result in one (or more) deaths or major injuries to people,
loss or severe damage to equipment/property, economic loss, or environmental harm
[33, 37]. Some failures may have immediate negative repercussions, while others
may increase the risk of damage. The potential consequences of a system’s failure
determine whether it is considered safety–critical. The system is said to be safety–
critical if a malfunction can result in consequences that are deemed unacceptable [37,
38]. A safety-related system consists of hardware, software, and human components
that work together to perform one or more safety functions, and the failure of which
would result in a significant increase in the risk of harm to people or the environment.
However, safety-related systems are those that do not have complete control over risks
such as loss of life, serious injury, or severe environmental damage. A malfunction
of a safety-related system would be dangerous only when combined with the failure
of other systems or human error [38, 39].
162 H. Soltanali and S. Ramezani

7.3.2 Functional Safety Standards

7.3.2.1 The Generic lEC 61508 Standards

Significant material and financial assets are lost, people are wounded and killed, and
the environment is poisoned as a result of failures of safety–critical systems and a
lack of functional safety. Functional safety is often defined as a situation in which the
risk has been decreased to, and is maintained at, a level as low as reasonably practical,
and the residual risk is widely accepted. The phrase “functional safety” appears in
the title of the major standard IEC 61508, and it is therefore used to refer to the part
of total system safety that is dependent on the proper operation of active control and
safety systems [37, 40]. IEC 61508 standards aim to guarantee that safety–critical
systems are specified, designed, produced, installed, and operated in such a way that
they fulfill their intended safety duties reliably. The purpose of these standards is to
provide broad criteria and to act as a foundation for the creation of specific standards.
The IEC 61508 standard is divided into five major stages [37, 39]:
1. Risk assessment: The result is the formulation of the needed safety functions as
well as the related reliability objectives.
2. Design and construction: The end result is a safety–critical system made up of
hardware and software components.
3. Planning for integration: The main tasks include validation, operation, and
maintenance.
4. Operation and maintenance: When a modification is proposed, any change to
the safety–critical systems should prompt a return to the most suitable life cycle
phase.
5. Disposal: It represents the end-of-life status of safety–critical systems.

7.3.2.2 Specific Standards

Specific standards have been established and tested using the IEC 61508 standard
in a variety of industries, including process industry, mechanical systems, nuclear
power plants, railway applications, and the automobile industry, among others [37,
39, 41]:
• Process industry: Safety–critical systems in the process industry, including the oil
and gas industry, are covered by IEC 61511, which is based on IEC 61508. When a
safety–critical system is based on proven technology or technology whose design
has been confirmed against the standards of IEC 61508, IEC 61511 is used. IEC
61511 does not cover the development of new technologies. As a result, IEC 61511
is often referred to as the end-user and system integrator standard, whereas IEC
61508 is referred to as the manufacturer’s standard. To make the implementation
of IEC 61508 and IEC 61511 easier, guidelines have been prepared. The following
are two important guidelines [37]:
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 163

– Guidelines for Safe and Reliable Instrumented Protective Systems published

by the Center for Chemical Process Safety
– Application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry
published by the Norwegian Oil and Gas Association.
• Machinery systems: The EU Machinery Directive (EU-2006/42/EC, 2006)
concerns machinery safety in Europe, with the first version being passed in 1989.
The EU Machinery Directive specifies the basic health and safety criteria for
the design and operation of machinery, allowing the particular aspects to be
determined by harmonized standards. More information on various standards for
Machinery systems could be found in Rausand’s book [37].
• Nuclear industry: Based on IEC 61508, the standard [42] was developed as a
sector-specific standard for the nuclear power industry. An instrumentation and
control (I&C) system is described in IEC 61513 as a “system, based on electrical
and/or electronic and/or programmable electronic technology, performing I&C
functions as well as servicing and monitoring activities connected to the system’s
operation.”
• Automotive industry: Under IEC 61508, ISO 26262 [43] was designed for the
safety of road vehicle applications. It was also developed for electric and/or elec-
tronic systems in vehicles with a gross vehicle mass of up to 3500 kg. The standard
consists of nine normative elements and a use guideline for ISO 26262.
• Railway transport: Three European standards, EN 50126, EN 50128, and EN
50129, have been produced for railway transport with a scope equivalent to IEC
61508. Later, the three EN-norms were included in IEC-standards [37]:
– IEC 62278 (EN 50126): Railway applications—The specification and demon-
stration of Reliability, Availability, Maintainability, and Safety (RAMS).
– IEC 62279 (EN 50128): Railway applications—Communications, signaling,
and processing systems—Software for railway control and protection systems.
– IEC 62425 (EN 50129): Railway applications-Communication, signaling, and
processing systems—safety-related electronic systems for signaling.

7.3.3 Safety Barrier and Life Cycle

Most risk studies use the phrase “safety barrier,” which somewhat overlaps with
our description of a safety–critical system. A safety barrier system can be either a
technological technology or a concerted human and organizational effort. As a result,
a safety barrier is not the same as a safety–critical system. A safety barrier, such as an
emergency procedure, is not a safety–critical system. Safety barriers are frequently
referred to as layers of protection or protective layers in the process industry, as
shown in Fig. 7.4 [37]:
(a) Process design: Applying design concepts that are fundamentally safe.
(b) Control: Keeping the system in a normal (stable) condition by employing
fundamental control functions, alerts, and operator reactions.
164 H. Soltanali and S. Ramezani

COMMUNIY PLANT FIRE AND

PHYSICAL PREVENTI PROCESS
EMERGENC EMERGENC GAS MITIGATION CONTROL
BARRIERS N
Y RESPONSE Y RESPONSE SYSTEMS DESIGN

Deluge Safety- Basic

Pressure
systems, critical process
relief
ire process control
valves
sprinklers, alarms system
Barricade,
Inherently
dikes
safe
design
Process
toxic gas Safety
Rupture alarms,
detection instrument
disc operator
and alarm d system
procedure

Fig. 7.4 Protection layers (safety barrier) for process plants (Adapted from [37])

(c) Prevention: Using safety-instrumented systems and safety–critical alarms to

react to departures from the usual condition and thereby avoid an unwanted
incident.
(d) Mitigation: The use of safety-instrumented systems or functions provided by
other technologies to lessen the effects of the undesirable event.
(e) Physical protection: To improve mitigation, use permanent safety obstacles.
Examples include the protection provided by dikes and barriers.
(f) Fire and gas detection and distinguishing: As a third technique for mitigating
the consequences of explosive gases and mixtures by preventing ignition and
hence an accident.
(g) Emergency response: Using a variety of methods to lessen the impact of the
disaster, both locally and throughout the community.

In IEC 61508, a safety life cycle model was created, and by the time, various
specialized standards had modified versions of this safety life cycle. There are six
major phases in the safety life cycle model: (a) Preparation, (b) Analysis, (c) Planning
and development, (d) Installation, (e) Operation and maintenance, and (f) Decom-
missioning [37]. This chapter focuses on the analysis phase of the safety life cycle
model. IEC 61508 and IEC 61511 include information on further phases. The IEC
61508 describes a risk-based strategy to meeting the following objectives during the
analysis phase [40]:
1. To recognize the undesirable occurrences that may affect the control systems
2. To identify the reasons and event sequences that can result in each undesirable
occurrence
3. To determine the chain of events and the risk associated with each undesirable
outcome
4. To define the requirements for risk reduction
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 165

5. To identify the safety functions required to accomplish the requisite risk reduction
6. To decide which of the safety functions should be used as a safety-instrumented
function.
In addition to the previously described safety standards for risk analysis, numerous
approaches for identifying and controlling hazards and undesirable occurrences can
be applied, such as [40, 44, 45] hazard identification (HAZID), preliminary hazard
analysis (PHA), hazard and operability analysis (HAZOP), structured what-if tech-
nique (SWIFT), failure modes, effects, analysis (FMEA), fault hazard assessment
(FHA), fault tree analysis (FTA), and process hazard analysis (PHA). This chapter
has focused on the FMEA approach for safety–critical systems, with the theory
addressed in Sect. 7.3 and its application for safety–critical systems depicted in the
following section for Automotive safety–critical systems (Sect. 7.3.4).

7.3.4 FMEA Implementation: Automotive Safety–Critical

Systems

FMEA procedures are used by many products and industries for their safety–critical
systems. The systems discussed in this chapter are technical systems that may or may
not require human operator intervention. The concepts and methods in this chapter
can be used to examine the following safety–critical systems:
– Automotive industry: Airbag systems, brakes, steering, electronic stability
program systems.
– Process industry: Emergency systems, fire and gas systems, gas burner manage-
ment systems.
– Machinery systems: Guard interlocking systems, emergency stop systems.
– Railway transport: Signaling systems, automatic train stop systems.
– Nuclear power industry: Turbine control systems, fire prevention systems.
– Medical devices: Heart pacemakers, insulin pumps, electronic equipment used in
surgery.
In order to implement the FMEA methodology, this chapter focuses on Automo-
tive safety–critical systems, specifically Brake Oil Filling Machines (BOFMs) within
assembly lines. The FMEA model’s basic information for BOFMs was acquired from
Soltanali et al. [15]. In fact, BOFMs are one of the safety–critical systems with semi-
automatic capabilities. BOFMs ought to be reliable and safe from both operational
and non-operational perspectives. First, because of the importance of speed rates in
various operations, low reliability leads to an increase in operational costs, equipment
breakdown, and, ultimately, assembly line downtime. According to the records, these
systems are responsible for more than 43 percent of assembly line failures, which
166 H. Soltanali and S. Ramezani

have been trending upward in recent years. Second, effective inspection and mainte-
nance programs can improve the safety of operators and vehicle drivers by reducing
the risk of unexpected events [12, 25]. A BOFM performs leakage tests by producing
pressure and vacuum, as well as filling/charging and leveling various fluids in vehicle
paths and pipes.
The process description (a) and outer and inner views (b) of a BOFM are depicted
in Fig. 7.5. As shown in Fig. 7.5a, the system is comprised of six critical blocks:
initialization, ready, pressure and vacuum, filling, process end, and lubrication [46].
The pressure supplement is handled by the initialization block; if the filling system
tank is under pressure, the process will equalize/release the pressure. After that, the
system is ready to begin the filling process (Ready block). The pressure block is used
to inject air into the system and then check the pressure to make sure there are no
leaks in the filing system. The vacuum block then performs the system’s evacuation
and checks for any vacuum leaks in order to maintain a proper vacuum level in the
filling system. The filling block performs the fillings with various liquids and their
leveling after setting the vacuum and pressure. Lubrication is performed during the
filling process, which is provided through a lubrication tank, for continued operation
of the rotary equipment, particularly pumps. Finally, the operator can unclamp the
filling head and remove it from the vehicle (Process end block).
The results of FMEA for BOFM in automobile assembly line are displayed in
Table 7.4 based on the worksheet in Fig. 7.2 and Tables 7.1, 7.2, and 7.3 and formula
(7.1). According to the Geometric mean of four experts’ judgments (one mechanical
engineer, one electrical engineer, one process engineer, and one safety engineer),
the total values of risk parameters (S, O, D) and RPN for the entire BOFM are
8.51, 6.27, 4.89, and 256.84, respectively, confirming that the Severity (S) parameter
has the most effects on safety analysis in BOFM. As seen, the failure mode (Fm1 )
of “Bearing failure affected by corrosive cause” related to filling pump, the failure

Fig. 7.5 Process description (a) and outer and inner views (b) of BOFM in an Iranian automotive
production line [15]
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 167

mode (Fm12 ) of “Spring fails of pressure control valve” and “Failure and abrasion of
activator” (Fm13 ) related to breaker pressure set in Hydraulic-pneumatic, the failure
mode (Fm20 ) of “Leakage of head pipes” (Fm17 ) related to head pipes and the failure
mode of “Failure and leakage of Couplings” related to couplings in Filling headset,
and the failure mode (Fm21 ) of “Sensor’s failure affected by more function and circuit
confusion” related to sensors in Electronic circuit with more than (9 > ) rate have
the highest Severity (S) values. It indicates that the most severe operational and non-
operational consequences are associated with that of other components in BOFM.
According to the RPN column in Table 7.4, the failure mode (Fm19 ) “Failure of O-
rings & seals affected by more function” associated to seals in filling head set with
RPN = 632.49 has the highest risk potential of all BOFM breakdowns. Following
that, the failure mode (Fm6 ) of “Rotor fail impacted by more function” and the failure
mode (Fm9 ) of “Blade fail affected by more function” relate to vacuum pump circuit
in the Hydraulic-pneumatic circuit with RPNs of 400.89 and 379.47 were assigned
the highest RPN in BOFM. Furthermore, the failure modes (Fm15 ) of “Valves failure
effected by more function” and (Fm16 ) of “Failure and abrasion of activator” related to
valves in Hydraulic-pneumatic circuit, as well as the failure mode (Fm17 ) of “Failure
and leakage of Couplings” related to couplings in filling headset, had the highest RPN
values. Based on the technical findings, it is possible to deduce that the majority
of failures with the greatest FRPN value are associated with the filling head set
and the hydraulic-pneumatic circuit. According to the filling headset, the operator’s
error might be attributed to maintenance staff’s deficiencies in servicing and daily
checks, as well as a failure to provide enough operator training. As a result, various
training courses for maintenance personnel and fluid filling system operators should
be considered in order to improve their performance and expand their experiences and
skills. Furthermore, enhancing the technical components of the filing headset, such
as employing a lighter head, may reduce personal mistakes and the ergonomic aspect
would be barred from muscle and joint stresses. To decrease personal flaws, the G3
Blue filling headset has been built with ergonomic advancement and weight reduction
of up to 20% in mind. The key activities from the hydraulic-pneumatic circuit, notably
for filling and vacuum pumps owing to high operations, are well-timed inspection
and service.

7.4 Smart-FMEA Applied for Asset Digital Transformation

In the digital transformation era, smart-FMEA concept refers to a platform that

is supported by advanced algorithms and technologies such as cloud computing,
intelligent techniques (e.g., artificial intelligence, machine learning, neural networks,
deep learning, reinforcement learning, etc.), Big data, or Internet of Things (IoT)
platforms to support risk and reliability analysis as well as safety and maintenance
management decisions. Furthermore, most previous studies have focused more on
the current FMEAs’ shortcomings and how to overcome them using uncertainty
qualification methods (refer to Sect. 7.2.2), with less attention paid to the capability
Table 7.4 FMEA worksheet for BOFM in an automotive assembly line
168

Sub-system Component Functional failure Failure modes (FM) Failure effects S O D RPN
Hydraulic-pneumatic Filling pump Fluid filling failed Fm 1 Bearing failure Breakdown of filling 9.74 2.45 7.20 171.79
circuit affected by corrosive pump and equipment
cause
Fm 2 Electromotor failure 8.49 2.45 6.70 139.27
affected by circuit
faults
Fm 3 Goring the wears 7.48 2.71 6.16 124.96
Fm 4 Seals fail affected by 6.48 4.95 5.73 183.87
more function
Vacuum pump Vacuum supply Fm 5 Filter fail affected by Breakdown of vacuum 8.49 5.73 5.48 266.43
failed more function pump and equipment
Fm 6 Rotor fail affected by 9.00 9.02 4.95 400.89
more function
Fm 7 Fatigue and strain of 8.21 6.70 5.96 327.63
spring affected by
more pressure
Fm 8 Electromotor failure 8.21 6.65 6.19 338.11
affected by circuit
faults
Fm 9 Blade fail affected by 9.21 4.47 9.21 379.47
more function
Fluid Pipes Failure in air and Fm 10 Leakage and Lead to leakage 5.18 2.71 3.13 43.95
fluid transfer corrosion of pipes increase and fault in
filling process
(continued)
H. Soltanali and S. Ramezani
Table 7.4 (continued)
Sub-system Component Functional failure Failure modes (FM) Failure effects S O D RPN
Breaker pressure set The actual Fm 11 Excessive system Do not display the 8.74 6.96 4.95 301.20
pressure is not pressure exact pressure. This
shown issue leads to damage
the pipes and valves
Pressure supply Fm 12 Spring fails of Incorrect adjustment 9.76 8.43 2.06 169.04
failed pressure control valve of circuit leads to
pressure instability
Fm 13 Failure and abrasion Incorrect adjustment 10.00 10.00 2.00 200.00
of activator of circuit pressure that
leads to pressure
instability
Valves Improper close Fm 14 Failure and abrasion In addition to 7.48 9.49 2.91 206.80
and open of spool valve displaying the values,
Fm 15 Valve failure effected it can disrupt the 7.97 9.74 4.47 347.10
by more function process
Improper Fm 16 Failure and abrasion In addition to 7.48 9.77 4.48 325.96
adjustment of activator displaying the values,
it can disrupt the
process
Filling head set Couplings Fluid filling failure Fm 17 Failure and leakage Leaks in filling head 9.49 6.65 5.48 345.74
of Couplings interfere the process
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical …

Mini-valves Fm 18 Failure or leakage of of filling and testing 8.49 7.71 4.23 276.59
mini-valves of fluid
Seals Fm 19 Failure of O-rings 9.21 9.52 7.24 632.49
and seals affected by
more function
(continued)
169
Table 7.4 (continued)
170

Sub-system Component Functional failure Failure modes (FM) Failure effects S O D RPN
Head pipes Fm 20 Leakage of head 9.75 6.48 3.94 248.45
pipes
Electronic circuit Sensors Detection of fluid, Fm 21 Sensor’s failure Resulting in 10.00 7.48 4.23 316.51
pressure failed affected by more equipment fault and
function and circuit ultimately leading to
confusion disruption of
production operations
ABS Failure in test Fm 22 Failure of conductor, There is no electronic 8.49 7.75 4.47 293.61
brake paths cables, and main connection to open the
units such as bobbin electric valves and
and cores hydraulic valves
Starter Fluid filling failed Fm 23 Starter failure There is no possibility 8.97 6.40 5.18 297.55
affected by circuit of filling through the
confusion headset
The bold values represent the maximum value of each risk parameter
H. Soltanali and S. Ramezani
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 171

Fig. 7.6 The concept of smart FMEA model

of FMEA models and how to improve them to meet the needs of modern industries
like automation and digitalization. Figure 7.6 depicts the proposed smart-FMEA
platform, which includes all potential technical, organizational, environmental, and
operational factors to make maintenance and safety decisions more reliable. Some
of these factors are covered in NASA’s risk assessment manual [47]:
• Component type: e.g., motor-operated valve including any special design or
construction
• Characteristics: component size and material, normally running, standby, etc.
• Component use: system isolation, parameter sensing, motive force, etc.
• Component manufacturer
• Component internal conditions: temperature range, normal flow rate, power
requirements

Component boundaries and system interfaces: connections with other compo-

nents, interlocks, etc.
• Component location name and/or location code
• Component external environmental conditions: e.g., temperature, radiation,
vibration
172 H. Soltanali and S. Ramezani

• Component initial conditions: normally closed, normally open, energized, etc.,

and operating
• Component testing procedures and characteristics: test configuration or lineup,
effect of test on system operation, etc.
• Component maintenance procedures and characteristics: planned, preventive
maintenance frequency, maintenance configuration or lineup, effect of mainte-
nance on system operation, etc.
Figure 7.7a displays a smart-FMEA model based on Intelligent approaches, which
consists of three layers: input variables, processing layer, and output (prediction)
layer. Input variables address all relevant technological, organizational, environ-
mental, and operational issues, as well as other uncertain variables. The processing
layer contains intelligent algorithms for pre-processing and evaluating input vari-
ables, as well as transferring them to the output part. Finally, the output layer of the
smart-FMEA model may be utilized to achieve the following goals:

– Classify failure modes/components using critical analysis of risk-based models

– Classify the failure rates of comments/parts from high to low using the reliability
analysis
– Divide the spare components into high, medium, and low levels that should be
scheduled
– Determine the safety or maintenance management techniques, i.e., corrective (re-
design, replacement, or repair) or preventative (time based or condition based).

Furthermore, this structure may be updated/upgraded with an IoT platform

(Fig. 7.7b), which contains a cloudy layer (smart-FMEA platform, smart applica-
tion, and smart database), a connectivity layer (platform/mode connectivity), and a
physical layer (interconnection of software and hardware items).

7.5 Conclusion

Fault diagnosis and prognosis methodologies are critical in assessing system safety
and reliability in digitalized environments. This chapter focuses on FMEA approach
as a proactive diagnosis tool, as well as its advancements in identifying and miti-
gating adverse occurrences in high-risk businesses. It discusses several forms of
FMEAs, including design-FMEA, process-FMEA, and system-FMEA. Furthermore,
the notion of safety–critical systems and the use of FMEAs for risk and hazard anal-
ysis within such systems are presented. The existing disadvantages and limits of
classical-FMEA theories are also surveyed in this chapter, as well as how they might
be overcome by hybrid-FMEA models. Finally, the feasibility of developing smart-
FMEA platforms in modern sectors, as well as their enrichment through advanced
algorithms and technologies, is discussed in the context of Industry 4.0. It is worth
noting that the smart-FMEA platform proposed in this study can be useful for auto-
matically monitoring major risks and mitigating adverse consequences in high-risk
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 173

INPUT VARIABLES OUTPUT VARIABLES

Component Classifying failure
Component types locaon and Classifying modes/
and funcons environment components/parts mechanisms
Failure modes/ Classifying crical
mechanisms Design & Classifying
Classifying failure spaer parts
Failure effects/ manufacturing maintenance/
consequences effects/ repair acons
consequences
Operaon/ Classifying the
Other variables
maintenance operaonal Other opons
procedures condions

INTELIGENT SYSTEMS

Arficial Intelligence

Machine Learning

Neural Networks

Deep
Learning

Fig. 7.7 The proposed smart-FMEA based on a intelligent systems and b IoT platforms [48]

industries. As the current FMEA models struggle to meet the demands of the growing
current digital transformation, more research on our proposed smart-FMEA platform
with the capability of covering all potential operational and environmental issues in
safety–critical systems is recommended.

References

1. Farsi, M.A., Zio, E.: Industry 4.0: some challenges and opportunities for reliability engineering.
Int. J. Reliab. Risk Safety: Theor. Appl. 2(1), 23–34 (2019)
2. Lazarova-Molnar, S., Mohamed, N.: Reliability assessment in the context of industry 4.0: data
as a game changer. Proc. Comput. Sci. 151, 691–698 (2019)
174 H. Soltanali and S. Ramezani

3. Tseng, M.L., Tran, T.P.T., Ha, H.M., Bui, T.D., Lim, M.K.: Sustainable industrial and operation
engineering trends and challenges toward Industry 4.0: a data driven analysis. J. Ind. Prod. Eng.
38(8), 581–598 (2021)
4. Di Bona, G., Silvestri, A., Forcina, A., Petrillo, A.: Total efficient risk priority number (TERPN):
a new method for risk assessment. J. Risk Res. 21(11), 1384–1408 (2018)
5. Ilbahar, E., Kahraman, C., Cebi, S.: Risk assessment of renewable energy investments: a modi-
fied failure mode and effect analysis based on prospect theory and intuitionistic fuzzy AHP.
Energy 239, 121907 (2022)
6. Yazdi, M., Soltanali, H.: Knowledge acquisition development in failure diagnosis analysis as
an interactive approach. Int. J. Interactive Des. Manuf. (IJIDeM) 13(1), 193–210 (2019)
7. Das, A.K., Leung, C.K.: A fundamental method for prediction of failure of strain hardening
cementitious composites without prior information. Cement Concr. Compos. 114, 103745
(2020)
8. Djeziri, M.A., Benmoussa, S., Mouchaweh, M.S., Lughofer, E.: Fault diagnosis and prognosis
based on physical knowledge and reliability data: application to MOS field-effect transistor.
Microelectron. Reliab. 110, 113682 (2020)
9. Vogl, G.W., Weiss, B.A., Helu, M.: A review of diagnostic and prognostic capabilities and best
practices for manufacturing. J. Intell. Manuf. 30(1), 79–95 (2019)
10. Alzghoul, A., Backe, B., Löfstrand, M., Byström, A., Liljedahl, B.: Comparing a knowledge-
based and a data-driven method in querying data streams for system fault detection: a hydraulic
drive system application. Comput. Ind. 65(8), 1126–1135 (2014)
11. Jiang, Y., Yin, S.: Recursive total principle component regression-based fault detection and its
application to vehicular cyber-physical systems. IEEE Trans. Industr. Inf. 14(4), 1415–1423
(2017)
12. Soltanali, H., Rohani, A., Abbaspour-Fard, M.H., Farinha, J.T.: A comparative study of statis-
tical and soft computing techniques for reliability prediction of automotive manufacturing.
Appl. Soft Comput. 98, 106738 (2021)
13. Cho, W.I., Lee, S.J.: Fault tree analysis as a quantitative hazard analysis with a novel method
for estimating the fault probability of microbial contamination: a model food case study. Food
Control 110, 107019 (2020)
14. Jin, C., Ran, Y., Zhang, G.: Interval-valued q-rung orthopair fuzzy FMEA application to
improve risk evaluation process of tool changing manipulator. Appl. Soft Comput. 104, 107192
(2021)
15. Soltanali, H., Rohani, A., Abbaspour-Fard, M.H., Parida, A., Farinha, J.T.: Development of a
risk-based maintenance decision making approach for automotive production line. Int. J. Syst.
Assurance Eng. Manage. 11(1), 236–251 (2020)
16. Zhang, G., Thai, V.V., Yuen, K.F., Loh, H.S., Zhou, Q.: Addressing the epistemic uncertainty
in maritime accidents modelling using Bayesian network with interval probabilities. Saf. Sci.
102, 211–225 (2018)
17. Filz, M.A., Langner, J.E.B., Herrmann, C., Thiede, S.: Data-driven failure mode and effect
analysis (FMEA) to enhance maintenance planning. Comput. Ind. 129, 103451 (2021)
18. Soltanali, H., Khojastehpour, M., Torres Farinha, J.: An improved risk and reliability
framework-based maintenance planning for food processing systems. In: Quality Technology &
Quantitative Management, pp. 1–23 (2022)
19. Yazdi, M., Daneshvar, S., Setareh, H.: An extension to fuzzy developed failure mode and effects
analysis (FDFMEA) application for aircraft landing system. Saf. Sci. 98, 113–123 (2017)
20. Cabanes, B., Hubac, S., Le Masson, P., Weil, B.: Improving reliability engineering in product
development based on design theory: the case of FMEA in the semiconductor industry. Res.
Eng. Design 32(3), 309–329 (2021)
21. Huang, J., Xu, D.H., Liu, H.C., Song, M.S.: A new model for failure mode and effect analysis
integrating linguistic Z-numbers and projection method. IEEE Trans. Fuzzy Syst. 29(3), 530–
538 (2019)
22. Dağsuyu, C., Göçmen, E., Narlı, M., Kokangül, A.: Classical and fuzzy FMEA risk analysis
in a sterilization unit. Comput. Ind. Eng. 101, 286–294 (2016)
7 Smart Failure Mode and Effects Analysis (FMEA) for Safety–Critical … 175

23. Bartolomé, E., Benítez, P.: Failure mode and effect analysis (FMEA) to improve collaborative
project-based learning: case study of a study and research path in mechanical engineering. Int.
J. Mech. Eng. Educ. 50(2), 291–325 (2022)
24. Silva, M.M., de Gusmão, A.P.H., Poleto, T., e Silva, L.C., Costa, A.P.C.S.: A multidimensional
approach to information security risk management using FMEA and fuzzy theory. Int. J. Inf.
Manage. 34(6), 733–740 (2014)
25. Soltanali, H., Rohani, A., Tabasizadeh, M., Abbaspour-Fard, M.H., Parida, A.: An improved
fuzzy inference system-based risk analysis approach with application to automotive production
line. Neural Comput. Appl. 32(14), 10573–10591 (2020)
26. AIAG: Potential Failure Mode and Effects Analysis (FMEA): Reference Manual, 4th edn.
AIAG, Southfield, MI (2008)
27. AIAG and VDA.: Failure Mode and Effects Analysis—FMEA Handbook: Design FMEA,
Process FMEA, Supplement FMEA for Monitoring and System Response. AIAG and VDA,
Southfield, MI (2019)
28. Ford Motor Company: Failure Mode and Effects Analysis—FMEA Handbook (with Robust-
ness Linkages). Version 4, 2 (2011)
29. Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ
Quality Press, Milwaukee (2003)
30. Bharathi, S.K., Vinodh, S., Gopi, N.: Development of software support for process FMEA: a
case study. Int. J. Services Oper. Manage. 31(4), 415–432 (2018)
31. Feng, X., Qian, Y., Li, Z., Wang, L., Wu, M.: Functional model-driven FMEA method and its
system implementation. In: 2018 12th International Conference on Reliability, Maintainability,
and Safety (ICRMS), pp. 345–350, IEEE (2018)
32. Haughey, B.: Product and process risk analysis and the impact on product safety, quality, and
reliability. In: 2019 Annual Reliability and Maintainability Symposium (RAMS), pp. 1–5,
IEEE (2019)
33. Catelani, M., Ciani, L., Galar, D., Guidi, G., Matucci, S., Patrizi, G.: FMECA assessment
for railway safety-critical systems investigating a new risk threshold method. IEEE Access 9,
86243–86253 (2021)
34. Liu, H.C.: FMEA using uncertainty theories and MCDM methods. In: FMEA using Uncertainty
Theories and MCDM Methods, pp. 13–27. Springer, Singapore (2016)
35. Hassan, S., Wang, J., Kontovas, C., Bashir, M.: Modified FMEA hazard identification for
cross-country petroleum pipeline using fuzzy rule base and approximate reasoning. J. Loss
Prev. Process Ind. 74, 104616 (2022)
36. Wu, X., Wu, J.: The risk priority number evaluation of FMEA analysis based on random
uncertainty and fuzzy uncertainty. In: Complexity (2021)
37. Rausand, M.: Reliability of Safety-Critical Systems: Theory and Applications. Wiley, Hoboken,
NJ (2014)
38. Knight, J.C.: Safety critical systems: challenges and directions. In: Proceedings of the 24th
International Conference on Software Engineering, pp. 547–550 (2002)
39. IEC 61508: Functional Safety of Electrical/Electronic/Programmable Electronic Safety-
Related Systems. Part 1-7. Geneva: International Electrotechnical Commission (2010)
40. Rausand, M.: Risk Assessment; Theory, Methods, and Applications. Wiley, Hoboken, NJ
(2011)
41. IEC 61511: Functional Safety—Safety Instrumented Systems for the Process Industry.
International Electrotechnical Commission, Geneva (2003)
42. IEC 61513: Nuclear Power Plants—Instrumentation and Control for Systems Important
to Safety—General Requirements for Systems. International Electrotechnical Commission,
Geneva (2004)
43. ISO 26262: Road Vehicles—Functional Safety. International Standardization Organization,
Geneva (2011)
44. Dabous, S.A., Zadeh, T., Ibrahim, F.: A failure mode, effects and criticality analysis-based
method for formwork assessment and selection in building construction. Int. J. Build. Pathol.
Adaptation, (ahead-of-print) (2022)
 176 H. Soltanali and S. Ramezani

45. Zhang, D., Li, Y., Li, Y., Shen, Z.: Service failure risk assessment and service improvement of
self-service electric vehicle. Sustainability 14(7), 3723 (2022)
46. AGRAMKOW Co.: Manual Instructions of Line-Side Brake Fluid Filling Equipment.
Augustenborg Landevej 19DK-6400 Sønderborg, Denmark (2014). https://www.agramkow.
com
47. Stamatelatos, M., Dezfuli, H., Apostolakis, G., Everline, C., Guarro, S., Mathias, D.,
Youngblood, R.: Probabilistic Risk Assessment Procedures Guide for NASA Managers and
Practitioners (No. HQ-STI-11-213) (2011)
48. Anandavel, S.V.: Analysis of Manufacturing Processes According to FMEA Techniques and
Implementation of IoT Systems to Prevent Process Failures (Doctoral dissertation, Politecnico
di Torino) (2021)

Hamzeh Soltanali is a faculty member at Department of Industrial Engineering, Imam Hossein

University (IHU), Iran. He was postdoctoral researcher at Ferdowsi University of Mashhad
(FUM), Iran, and received his Ph.D. degree in reliability and maintenance engineering from FUM
in early 2020. He was a Ph.D. visiting researcher at Luleå Tekniska Universitet (LTU), Divi-
sion of Operation and Maintenance, Sweden, during 2017–2018. His research focuses on mainte-
nance engineering, asset management, smart technologies, risk and failure analysis, and reliability
(RAMS) engineering. He is passionate about utilizing uncertainty qualification and AI/machine
learning techniques to overcome uncertainty and variability issues in such areas.

Saeed Ramezani is a faculty member at Department of Industrial Engineering, Imam Hossein

University (IHU), Iran. He received his Ph.D. degree in Logistics and Maintenance Engineering
from Iran University of Science and Technology (IUST), Iran. He was a Ph.D. visiting researcher
at University of Seville, Spain. His research and works focus on asset and maintenance manage-
ment, fault diagnosis and prognostics, predictive analytics, failure analysis, and reliability and
safety assessment.

View publication stats