rr901-003-03, rev. b, failure mode and effects analysis for the … · 2013-06-04 · rr901-003-03...
TRANSCRIPT
Page 1 of 29
HF Controls
Failure Mode and Effects Analysis for the High Performance Controller of
HFC-6000 Safety Platform
RR901-003-03
Rev. B
Effective Date 8/30/2012 Prepared By: Terry Roberts Reviewed By: Ivan Chow Approved By: Allen Hsu
[ ]
Copyright© 2012 Doosan HF Controls Corporation
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 2 of 29 Rev. B
Revision History
Date Revision Preparer Changes
08/29/2012 A T. Roberts Initial Revision 08/3020/12 B T. Roberts Revised for comments
TABLE OF CONTENTS Section Description Page 1.0 INTRODUCTION....................................................................................................4
2.0 INDUSTRY REFERENCES AND ACRONYMS.................................................4
2.1 Industry References ..........................................................................................4 2.2 Acronyms ..........................................................................................................4 3.0 REFERENCES .........................................................................................................6
4.0 FMEA WORKSHEET ............................................................................................7
4.1 Controllers.........................................................................................................8 4.1.1 HFC-FPC08 Redundant Controller – Table 1 ..................................................8 4.1.2 HFC-FPC08 MTP Controller – Table 2............................................................8 4.1.3 HFC-FPC08 SDL Controller – Table 3 ............................................................8 4.2 Special Cards ....................................................................................................9 4.2.1 HFC-HSIM –Table 4 ........................................................................................9 4.2.2 HFC-ILR06R –Table 5 .....................................................................................9 4.2.3 HFC-ILR06T – Table 6 ..................................................................................10 4.2.4 AFS-CSM-01 –Table 7 ...................................................................................11
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 3 of 29 Rev. B
LIST OF TABLES Table 1 – HFC-FPC08 Redundant Controller ................................................................. 12 Table 2 – HFC-FPC08 MTP Controller ........................................................................... 16 Table 3 – HFC-FPC08 SDL Controller............................................................................ 20 Table 4 – HFC-HSIM........................................................................................................ 24 Table 5 – HFC-ILR06R ..................................................................................................... 27 Table 6 – HFC-ILR06T ..................................................................................................... 28 Table 7 – AFS-CSM-01 ..................................................................................................... 29
List of Figures Figure 1: HFC-HSIM Design Diagram .............................................................................. 9 Figure 2: HFC-ILR06R Solid State DO Flow Diagram ................................................... 10 Figure 3: HFC-ILR06T DO Transmitter Flow Diagram ................................................. 10 Figure 4: AFS-CSM-01 Detailed Design Specification .................................................... 11
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 4 of 29 Rev. B
1.0 Introduction This document contains FMEA worksheets for the enhanced equipment of the HFC-6000 Safety Platform. Scope of coverage includes all major active components on the assembly; simple ICs like individual inverters, amplifiers, latches, etc. generally have been excluded. Similarly, individual passive components like resistors, capacitors, and coils have generally not been included unless they have a high failure rate. Assemblies consisting of passive hardware components only (circuit board traces, terminals, resistors, capacitors, etc.) have been excluded from this FMEA. RR901-003-04 provides the reliability and availability analyses of the enhanced equipment as listed in this document. Refer to that document for calculating the failure rate for the enhanced components. These failure rate values are based on data developed in a reliability analysis covering these assemblies. In general, the failure rate parameter is calculated for an individual hardware component; however, some entries in the FMEA table represent a combination of several parts (e.g., low pass filter network, input amplifier network, etc.). In such cases, the failure rate is calculated from the failure rate of the component parts using the principles of probability to establish the combination algorithm.
2.0 Industry References and Acronyms
2.1 Industry References IEEE Standard 352, IEEE Guide for Principles of Reliability Analysis of Nuclear Power Generating Station Protection Systems, 1987 EPRI TR-107330, Generic Requirements for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants, 1996
2.2 Acronyms ADC Analog/Digital Converter AI Analog Input AO Analog Output C-Link Communication Link CPLD Complex Programmable Logic Device CPU Central Processing Unit CRC Cyclic Redundancy Check DAC Digital/Analog Converter dc Direct Current PC B Printed Circuit Board PLC Programmable Logic Controller DI Digital Inputs DO Digital Outputs DSP Digital Signal Processor EPROM Erasable Programmable Read Only Memory FMEA Failure Modes and Effects Analysis FO Fiber Optic
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 5 of 29 Rev. B
FOT Fiber Optic Transmitter FPGA Field Programmable Gate Array HFC HF Controls Hz Hertz I&C Instrumentation and Control ICL Intercommunication Link IEEE Institute of Electrical and Electronics Engineers I/O Input /Output kHz Kilo Hertz kV kiloVolt LED Light Emitting Diode mA milli-Ampere MHz Mega Hertz MTBF Mean Time Between Failure MS Microsoft NRC Nuclear Regulatory Commission PC Personal Computer PCB Printed Circuit Board PCS Plant Control System PLC Programmable Logic Controller PROM Programmable Read-Only Memory PSM Power Supply Module QA Quality Assurance ROM Read-Only Memory RTD Resistance Thermal Detector SC System Controller SY S System CPU
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 6 of 29 Rev. B
3.0 References 3.1 40031281, AFS-CSM-01 Assembly BOM, Rev. D
3.2 40031301, AFS-CSM-01 Schematic, Rev. E
3.3 40040282, ILR06R Assembly BOM, Rev. C
3.4 40103881, FPC08 Assembly BOM, Rev. H
3.5 40103901 FPC08 Schematic Rev. D
3.9 40107081, ILR06T Assembly BOM, Rev. C
3.6 40107081, ILR06R Schematic, REV. C
3.9 40107081, ILR06T Assembly BOM, Rev. C
3.7 40108609, HFC-HSIM Assembly BOM, Rev A
3.8 40108701, HFC-HSIM Schematic Rev. A
3.11 DS901-000-81, HFC-FPC08 Hardware Design Spec, Rev A
3.12 DS901-000-85, HFC-FPC08 ICL Master FPGA Design Specification, Rev C
3.13 DS901-000-91, HFC-ILR06R Hardware Design Specification, Rev. B
3.14 DS901-001-14, HFC-ILR06T Hardware Design Specification, Rev. A
3.15 DS901-001-17, FPC08 Controller Software Design Specification, Rev D
3.16 DS901-001-20, HFC-HSIM Hardware Design Specification, Rev B
3.17 DS903-000-51, AFS-CSM-01 Design Specification, Rev. B
3.18 RS901-001-02, HFC-ILR06R Requirements Specification, Rev. A
3.19 RS901-001-06, HFC-ILR06T Requirements Specification, Rev. A
3.20 RS901-001-14, HFC-HSIM Card Requirements Specification, Rev. B
3.21 RS903-000-08, AFS-CSM-01 FPGA Requirement Specification Rev. B
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 7 of 29 Rev. B
4.0 FMEA Worksheet The FMEA worksheet provides the basic tool for conducting the analysis at each level. This worksheet consists of a table with seven columns that provide the medium for performing the FMEA. The header section provides an area for identifying the specific level, system, and reference material for entries on the current page of the worksheet. The worksheet table provides a separate row for each item to be considered; the columns contain the following information: • Item. A numeric sequence number for each row. The sequence number will permit
specific cross-referencing by subsequence documents or analyses. • Name. Nomenclature for the function, assembly, or component under consideration. • Failure Mode. Identifies the specific failure mode for this entry. If a particular device
has multiple distinct failure modes, the device is addressed a lower level of analysis. • Possible Cause(s). Identifies the cause of the particular failure mode listed.
Potentially, any single failure mode could result from several different specific causes. Each entry lists the most likely cause or causes anticipated.
• Method of Detection. Identifies the method by which a system operator can identify
both the existence of a failure condition and the specific source of the fault. Any postulated failure mode whose existence cannot be detected shall be identified.
• Effect of Failure on System. Lists the effects that a specified failure mode will have
on overall operation of the control remote. The design engineer should consider the basic control system architectures separately (single loop control remote, distributed control architecture, redundant/non-redundant), because failure effects will vary.
• Remarks/Comments This entry provide actions or comments for the failed state.
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 8 of 29 Rev. B
4.1 Controllers
4.1.1 HFC-FPC08 Redundant Controller – Table 1 [
]
4.1.2 HFC-FPC08 MTP Controller – Table 2 [
]
4.1.3 HFC-FPC08 SDL Controller – Table 3 [
]
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 9 of 29 Rev. B
4.2 Special Cards
4.2.1 HFC-HSIM –Table 4 [
]
Figure 1: HFC-HSIM Design Diagram
4.2.2 HFC-ILR06R –Table 5 [
]
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 10 of 29 Rev. B
Figure 2: HFC-ILR06R Solid State DO Flow Diagram
[
]
4.2.3 HFC-ILR06T – Table 6 [
]
Figure 3: HFC-ILR06T DO Transmitter Flow Diagram
FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform
RR901-003-03 Page 11 of 29 Rev. B
4.2.4 AFS-CSM-01 –Table 7
[
]
Figure 4: AFS-CSM-01 Detailed Design Specification
[
]
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 12 of 29 Rev. B
Table 1 – HFC-FPC08 Redundant Controller Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 1 DDR SRAM U2 Memory cell corrupted Random hardware failure Memory access may be
partially or completely disabled.
Controller affected cannot be reset. (Loss of redundancy)
Affected controller needs to be replaced.
2 DDR SRAM U3 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.
Controller affected cannot be reset. (Loss of redundancy)
Affected controller needs to be replaced.
3 DDR SRAM U4 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.
Controller affected cannot be reset. (Loss of redundancy)
Affected controller needs to be replaced.
4 DDR SRAM U5 Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations
Controller affected cannot be reset. (Loss of redundancy)
Affected controller needs to be replaced.
5 Crystal Oscillator Y1 14.31818 MHZ
Frequency Drift Higher Aging effect Drift higher frequency, CPU over clocked and over heat.
Change in frequency of internal controller errors (Redundant systems continue to run)
Affected controller needs to be replaced.
6 Crystal Oscillator Y1 14.31818 MHZ
Frequency Drift Lower Aging effect Drift lower frequency, CPU under clocked , Mailbox drift
Change in frequency of internal controller errors (Redundant systems continue to run)
Affected controller needs to be replaced.
7 Z11 VGA ROM U14 Memory cell corrupted Random hardware failure Lack of response from the VGA monitor
No impact to system operation. Affected controller needs to be replaced.
8 Dual stack led DS1-4 Fail open Random component failure Local status display does not correspond to actual operation
Incorrect Ethernet traffic activity / will not impact functional operation
Affected controller needs to be replaced.
9 Dual stack led DS5-8 Fail open Random component failure Local status display does not correspond to actual operation
Incorrect CPU run time status / will not impact functional operation
Affected controller needs to be replaced.
10 OPTO Coupler U32 Fail open or Fail close Random hardware failure Incorrect data due to missing sync
Unable to deliver scanned cards information board fails (Loss of redundancy)
Affected controller needs to be replaced.
11 POWER MOSFET U61 Fail open
Random hardware failure; Transient surge
Module dead Removes all power from onboard logic. (Loss of redundancy)
Affected controller needs to be replaced.
12 POWER MOSFET U61 Fail close Random hardware failure; Transient surge
Module dead Removes all power from onboard logic. (Loss of redundancy)
Affected controller needs to be replaced.
13 128 x 16 EEPROM U22 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface (Loss of redundancy)
Affected controller needs to be replaced.
14 128 x 16 EEPROM U23 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface (Loss of redundancy)
Affected controller needs to be replaced.
15 128 x 16 EEPROM U24 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface (Loss of redundancy)
Affected controller needs to be replaced.
16 AGL600 FPGA U13 ICL Link Section
I/O port fail Random hardware failure ICL communication degraded or disabled for both channels of affected controller. Expect mailbox timeout.
If primary, expect failover to secondary; control function not impacted. If secondary, no indication.
Runtime test will detect failure. If failover occurs, backup controller enables continued normal operation. Replace failed controller.
17 AGL600 FPGA U13 ICL Link Section
Synchronization fault Internal link failure Periodic disruption in ICL operation
If primary, random temporary disruptions may cause failover; if secondary, no indication.
Runtime test will detect failure. If failover occurs, backup controller enables continued normal operation. Replace failed controller.
18 AGL600 FPGA U13 ICL Link Section
Memory cell fault Random hardware failure Surveillance of controller operation.
Frequency of system error occurrences increases. (Loss of redundancy)
Runtime test will detect failure.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 13 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 19 AGL600 FPGA U13
ISA Interface Section I/O port fail Random hardware failure ISA communication degraded
or disabled Loss of data and system status (Loss of redundancy)
Runtime test will detect failure. If failover occurs, backup controller enables continued normal operation. Replace failed controller.
20 AGL600 FPGA U13 ISA Interface Section
Synchronization fault Internal link failure Periodic disruption in ISA bus operation
If primary, random temporary disruptions may cause failover; if secondary, no indication.
Runtime test will detect failure. If failover occurs, backup controller enables continued normal operation. Replace failed controller.
21 AGL600 FPGA U13 ISA Interface Section
Memory cell fault Random hardware failure ISA communication degraded or disabled
Loss of data and system status Runtime test will detect failure.
22 USB AP2196 L26 Power limit switch
Fail open External device unable to connect CPU reboots while connected to External USB device
No impact to system Affected controller needs to be replaced.
23 USB AP2196 L26 Power limit switch
Fail close External device unable to connect CPU reboots while connected to External USB device
No impact to system Affected controller needs to be replaced.
23 Oscillator Y4 TCXO 25 MHz
Frequency Drift Aging effect Surveillance of controller operation
Change in frequency of Watchdog timer. Internal controller errors
Affected controller needs to be replaced.
24 Oscillator Y3 11.0592MHz
Frequency Drift Aging effect Surveillance of controller operation
Change in frequency of UART baud clock. Internal controller errors
Affected controller needs to be replaced.
25 Transient suppressor D6 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic (Loss of redundancy)
Affected controller needs to be replaced.
26 Transient suppressor D17 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic (Loss of redundancy)
Affected controller needs to be replaced.
27 Diode CR2 thru CR5 BAS-70
Fail open Overload; random hardware failure
Main controller cannot communicate with loop controller
Affected signal line is pulled high regardless of proper signal level. (Loss of redundancy)
Affected controller needs to be replaced.
28 Diode D1 BAT54C
Fail open Overload; power surge; transient Module Dead System fails. (Loss of redundancy)
Affected controller needs to be replaced.
29 Capacitive line filters Capacitor has a low resistance path to ground plane
Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
If controller actually fails during operation, it will failover to redundant controller.
Affected controller needs to be replaced.
30 Capacitive line filters Capacitor has bad solder joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation (Loss of redundancy)
Affected controller needs to be replaced.
31 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation (Loss of redundancy)
Affected controller needs to be replaced.
32 Clock buffer U26 Fail open or Close Random hardware failure Surveillance of controller operation.
Controller fails (Loss of redundancy)
Affected controller needs to be replaced.
33 Crystal VY1 14.31818
Frequency Drift Higher or Lower
Aging effect Surveillance of controller operation
Change in frequency of internal controller errors (Loss of redundancy)
Affected controller needs to be replaced.
34 Diode Schottky VQ3 BAT54s
Fail open / Fail close Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system (Redundant system continues to operate.)
Affected controller needs to be replaced.
35 Diode Schottky VQ4 BAT54s
Fail open / Fail close Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system (Redundant system continues to operate.)
Affected controller needs to be replaced.
36 Diode Schottky VQ5 BAT54s
Fail open / Fail close Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system (Redundant system continues to operate.)
Affected controller needs to be replaced.
37 Diode Schottky VQ6 BAT54s
Fail open/ Fail close Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system (Redundant system continues to operate.)
Affected controller needs to be replaced.
38 Diode Schottky VQ7 BAT54s
Fail open/Fail close Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system (Redundant system continues to operate.)
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 14 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 39 Diode D2, D4, D7, D8
MBRS340 Fail open Transient power surge Redundant power supply
enables continued normal operation.
One power supply disconnected from I/O module (Redundant system continues to operate.)
Affected controller needs to be replaced.
40 Fuse F1, RF1 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Operating power removed from all or some portion of assembly (Loss of redundancy)
Affected controller needs to be replaced.
41 Transformer module T1-3 H1102
Coil fail open Transient surge Increase in error count for affected channel
TX or RX function fails or significantly attenuated for affected channel (Redundant system continues to operate.)
Affected controller needs to be replaced.
42 Transformer module T1-3 H1102
Coil windings short Transient surge; insulation failure Increase in error count for affected channel
Isolation defeated for affected channel (Redundant system continues to operate.)
Affected controller needs to be replaced.
43 Voltage monitor U18,U36 LTC2912
Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation (Loss of redundancy)
Affected controller needs to be replaced.
44 DC/DC converter U19 LTC3251
Fail open Random hardware failure Disruptive communication on ICL and ISA bus
Loss of system data and controller operation (Redundant system continues to operate.)
Affected controller needs to be replaced.
45 DC/DC regulator U11 LTC3407-3
Output voltage drift Random component failure Periodic disruption in ICL operation
Loss of SOE synchronization (Redundant system continues to operate.)
Affected controller needs to be replaced.
46 Voltage regulator U12 Output voltage drift Random component failure incorrect VCORE voltage to Processor
Controller fails (Redundant system continues to operate.)
Affected controller needs to be replaced.
47 Voltage Regulator U20 MCP 1826S
Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails (Redundant system continues to operate.)
Affected controller needs to be replaced.
48 Voltage Regulator U20 MCP 1826S
Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor (Redundant system continues to operate.)
Affected controller needs to be replaced.
49 Diode VD1 MMMZ5226B
Fail open Random component failure Unable to detect connector No communication through DVI2 (Redundant system continues to operate.)
Affected controller needs to be replaced.
50 CLK P2781A U16 Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.
51 Graphic driver DVI Fails to operate Random hardware failure Loss of video signals or unreadable video signals
Controller cannot operate and results in loss of redundancy for the redundant FPC08 controller system.
Affected controller needs to be replaced.
52 IC U27-30 TXRX RS485
Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response (Redundant system continues to operate.)
Affected controller needs to be replaced.
53 Switch Toggle S1 Fails to open Random hardware failure Surveillance of controller operation.
Controller cannot power up. (Redundant system continues to operate.)
Affected controller needs to be replaced.
54 Switch Toggle S1 Fails to close Random hardware failure Surveillance of controller operation.
Controller cannot power down. (Redundant system continues to operate.)
Affected controller needs to be replaced.
55 TI U62, U63 Switch Power Regulator
Fails to operate Random hardware failure System status shows failure when both U62 and U63 fail. Otherwise, there will be no indications.
U62 and U63 are redundant. Failure of one regulator still allows controller to operate. Failures of both regulators will fail the controller and loss of redundancy is resulted.
Affected controller needs to be replaced.
56 Transistor NPN Q 1-4 Fails to operate Random hardware failure System status shows failure.
Controller cannot operate and results in loss of redundancy for the redundant FPC08 controller system.
Affected controller needs to be replaced.
57 PCI VGA Display U7 Fails to operate Random hardware failure Loss of video signals or unreadable video signals
No impact to system operation. Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 15 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 58 Vortex86DX SOC at U1 Fails to operate Random hardware failure Controller fails to operate
and dual stack led DS5-8 show no activities
Controller cannot operate. (Redundant system continues to operate.)
Affected controller needs to be replaced.
59 Crystal Y2 32.768 kHz
Fails to provide accurate clock signals
Random hardware failure High error rate in communications.
No impact to system operation. (Redundant system continues to operate.)
Affected controller needs to be replaced.
60 Battery Lithium Coin 3V Fails to operate or not enough battery
Random hardware failure System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate. (Redundant system continues to operate.)
Affected controller needs to be replaced.
61 Vortex86DX SOC PC BIOS at U1
Fails to operate Corrupted BIOS storage area System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate. (Loss of redundancy)
Affected controller needs to be replaced.
62 Hard Disk connected at J1 Fails to operate Random hardware failure System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate. (Loss of redundancy)
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 16 of 29 Rev. B
Table 2 – HFC-FPC08 MTP Controller
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 DDR SRAM U2 Memory cell corrupted Random hardware failure Memory access may be
partially or completely disabled.
Controller affected cannot be reset.
Affected controller needs to be replaced.
2 DDR SRAM U3 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.
Controller affected cannot be reset.
Affected controller needs to be replaced.
3 DDR SRAM U4 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.
Controller affected cannot be reset.
Affected controller needs to be replaced.
4 DDR SRAM U5 Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations
Controller affected cannot be reset.
Affected controller needs to be replaced.
5 Crystal Oscillator Y1 14.31818 MHZ
Frequency Drift Higher Aging effect Drift higher frequency, CPU over clocked and over heat.
Change in frequency of internal controller errors
Affected controller needs to be replaced.
6 Crystal Oscillator Y1 14.31818 MHZ
Frequency Drift Lower Aging effect Drift lower frequency, CPU under clocked , Mailbox drift
Change in frequency of internal controller errors
Affected controller needs to be replaced.
7 Z11 VGA ROM U14 Memory cell corrupted Random hardware failure Lack of response from the VGA monitor
No video Affected controller needs to be replaced.
8 Dual stack led DS1-4 Fail open Random component failure Local status display does not correspond to actual operation
Incorrect Ethernet traffic activity / will not impact functional operation
Affected controller needs to be replaced.
9 Dual stack led DS5-8 Fail open Random component failure Local status display does not correspond to actual operation
Incorrect CPU run time status / will not impact functional operation
Affected controller needs to be replaced.
10 OPTO Coupler U32 Fail open or Fail close Random hardware failure Incorrect data due to missing sync
Unable to deliver scanned cards information board fails
Affected controller needs to be replaced.
11 POWER MOSFET U61 Fail open Random hardware failure; Transient surge
Module dead Removes all power from onboard logic.
Affected controller needs to be replaced.
12 POWER MOSFET U61 Fail close Random hardware failure; Transient surge
Module dead Removes all power from onboard logic.
Affected controller needs to be replaced.
13 128 x 16 EEPROM U22 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
14 128 x 16 EEPROM U23 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
15 128 x 16 EEPROM U24 Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
16 AGL600 FPGA U13 ICL Link Section
I/O port fail Random hardware failure ICL communication degraded or disabled for both channels / Expect mailbox timeout.
random temporary disruptions may cause failover Affected controller needs to be replaced.
17 AGL600 FPGA U13 ICL Link Section
Synchronization fault Internal link failure Periodic disruption in ICL operation
random temporary disruptions may cause failover Affected controller needs to be replaced.
18 AGL600 FPGA U13 ICL Link Section
Memory cell fault Random hardware failure Surveillance of controller operation.
Frequency of system error occurrences increases.
Runtime test will detect failure.
19 AGL600 FPGA U13 ISA Interface Section
I/O port fail Random hardware failure ISA communication degraded or disabled
Loss of data and system status
Affected controller needs to be replaced.
20 AGL600 FPGA U13 ISA Interface Section
Synchronization fault Internal link failure Periodic disruption in ISA bus operation
random temporary disruptions may cause failover Affected controller needs to be replaced.
21 AGL600 FPGA U13 ISA Interface Section
Memory cell fault Random hardware failure ISA communication degraded or disabled
Loss of data and system status Runtime test will detect failure.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 17 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 22 USB AP2196 L26
Power limit switch Fail open External device unable to connect CPU reboots while connected
to External USB device No impact to system Affected controller needs to be
replaced. 23 USB AP2196 L26
Power limit switch Fail close External device unable to connect CPU reboots while connected
to External USB device No impact to system Affected controller needs to be
replaced. 23 Oscillator Y4
TCXO 25 MHz Frequency Drift Aging effect Surveillance of controller
operation Change in frequency of Watchdog timer. Internal controller errors
Affected controller needs to be replaced.
24 Oscillator Y3 11.0592MHz
Frequency Drift Aging effect Surveillance of controller operation
Change in frequency of UART baud clock. Internal controller errors
Affected controller needs to be replaced.
25 Transient suppressor D6 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic
Affected controller needs to be replaced.
26 Transient suppressor D17 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic
Affected controller needs to be replaced.
27 Diode CR2 thru CR5 BAS-70
Fail open Overload; random hardware failure
Main controller cannot communicate with loop controller
Affected signal line is pulled high regardless of proper signal level.
Affected controller needs to be replaced.
28 Diode D1 BAT54C
Fail open Overload; power surge; transient Module Dead System fails.
Affected controller needs to be replaced.
29 Capacitive line filters Capacitor has a low resistance path to ground plane
Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
Periodic errors in functional operation Affected controller needs to be replaced.
30 Capacitive line filters Capacitor has bad solder joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
31 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
32 Clock buffer U26 Fail open Random hardware failure Surveillance of controller operation.
Controller fails
Affected controller needs to be replaced.
33 Crystal VY1 14.31818
Frequency Drift Higher or Lower
Aging effect Surveillance of controller operation
Change in frequency of internal controller errors
Affected controller needs to be replaced.
34 Diode Schottky VQ3 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
35 Diode Schottky VQ4 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
36 Diode Schottky VQ5 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
37 Diode Schottky VQ6 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
38 Diode Schottky VQ7 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
39 Diode D2, D4, D7, D8 MBRS340
Fail open Transient power surge Redundant power supply enables continued normal operation.
One power supply disconnected from I/O module
Affected controller needs to be replaced.
40 Fuse F1, RF1 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Operating power removed from all or some portion of assembly
Affected controller needs to be replaced.
41 Transformer module T1-3 H1102
Coil fail open Transient surge Increase in error count for affected channel
TX or RX function fails or significantly attenuated for affected channel
Affected controller needs to be replaced.
42 Transformer module T1-3 H1102
Coil windings short Transient surge; insulation failure Increase in error count for affected channel
Isolation defeated for affected channel
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 18 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 43 Voltage monitor U18,U36
LTC2912 Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation
Affected controller needs to be replaced.
44 DC/DC converter U19 LTC3251
Fail open Random hardware failure Disruptive communication on ICL and ISA bus
Loss of system data and controller operation
Affected controller needs to be replaced.
45 DC/DC regulator U11 LTC3407-3
Output voltage drift Random component failure Periodic disruption in ICL operation
Loss of SOE synchronization
Affected controller needs to be replaced.
46 Voltage regulator U12 Output voltage drift Random component failure incorrect VCORE voltage to Processor
Controller fails
Affected controller needs to be replaced.
47 Voltage Regulator U20 MCP 1826S
Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails
Affected controller needs to be replaced.
48 Voltage Regulator U20 MCP 1826S
Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor
Affected controller needs to be replaced.
49 Diode VD1 MMMZ5226B
Fail open Random component failure Unable to detect connector No communication through DVI2
Affected controller needs to be replaced.
50 CLK P2781A U16 Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.
51 Graphic driver DVI Fails to operate Random hardware failure Loss of video signals or unreadable video signals
Controller cannot operate Affected controller needs to be replaced.
52 IC U27-30 TXRX RS485
Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response
Affected controller needs to be replaced.
53 Switch Toggle S1 Fails to open Random hardware failure Surveillance of controller operation.
Controller cannot power up.
Affected controller needs to be replaced.
54 Switch Toggle S1 Fails to close Random hardware failure Surveillance of controller operation.
Controller cannot power down.
Affected controller needs to be replaced.
55 TI U62, U63 Switch Power Regulator
Fails to operate Random hardware failure System status shows failure when both U62 and U63 fail. Otherwise, there will be no indications.
U62 and U63 are redundant. Failure of one regulator still allows controller to operate. Failures of both regulators will fail the controller and loss of redundancy is resulted.
Affected controller needs to be replaced.
56 Transistor NPN Q 1-4 Fails to operate Random hardware failure System status shows failure.
Controller cannot operate Affected controller needs to be replaced.
57 PCI VGA Display U7 Fails to operate Random hardware failure Loss of video signals or unreadable video signals
No impact to system operation. Affected controller needs to be replaced.
58 Vortex86DX SOC at U1 Fails to operate Random hardware failure Controller fails to operate and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
59 Crystal Y2 32.768 kHz
Fails to provide accurate clock signals
Random hardware failure High error rate in communications.
Loss of synchronization Affected controller needs to be replaced.
60 Battery Lithium Coin 3V Fails to operate or not enough battery
Random hardware failure System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate. Affected controller needs to be replaced.
61 Vortex86DX SOC PC BIOS at U1
Fails to operate Corrupted BIOS storage area System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 19 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 62 Hard Disk connected at J1 Fails to operate Random hardware failure System status shows failure
and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 20 of 29 Rev. B
Table 3 – HFC-FPC08 SDL Controller
-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 DDR SRAM
U2 Memory cell corrupted Random hardware failure Memory access may be
partially or completely disabled.
Controller affected cannot be reset.
Affected controller needs to be replaced.
2 DDR SRAM U3
Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.
Controller affected cannot be reset.
Affected controller needs to be replaced.
3 DDR SRAM U4
Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.
Controller affected cannot be reset.
Affected controller needs to be replaced.
4 DDR SRAM U5
Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations
Controller affected cannot be reset.
Affected controller needs to be replaced.
5 Crystal Oscillator Y1
14.31818 MHZ
Frequency Drift Higher Aging effect Drift higher frequency, CPU over clocked and over heat.
Change in frequency of internal controller errors
Affected controller needs to be replaced.
6 Crystal Oscillator Y1
14.31818 MHZ
Frequency Drift Lower Aging effect Drift lower frequency, CPU under clocked , Mailbox drift
Change in frequency of internal controller errors
Affected controller needs to be replaced.
7 Z11 VGA ROM U14
Memory cell corrupted Random hardware failure Lack of response from the VGA monitor
No impact to system operation. Affected controller needs to be replaced.
8 Dual stack led DS1-4
Fail open Random component failure Local status display does not correspond to actual operation
Incorrect Ethernet traffic activity / will not impact functional operation
Affected controller needs to be replaced.
9 Dual stack led DS5-8
Fail open Random component failure Local status display does not correspond to actual operation
Incorrect CPU run time status / will not impact functional operation
Affected controller needs to be replaced.
10 OPTO Coupler U32
Fail open or Fail close Random hardware failure Incorrect data due to missing sync
Unable to deliver scanned cards information board fails
Affected controller needs to be replaced.
11 POWER MOSFET U61
Fail open Random hardware failure; Transient surge
Module dead Removes all power from onboard logic.
Affected controller needs to be replaced.
12 POWER MOSFET U61
Fail close Random hardware failure; Transient surge
Module dead Removes all power from onboard logic.
Affected controller needs to be replaced.
13 128 x 16 EEPROM U22
Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
14 128 x 16 EEPROM U23
Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
15 128 x 16 EEPROM U24
Memory cell corrupted Random hardware failure Lack of response from computer
Loss of connectivity and computer interface
Affected controller needs to be replaced.
16 AGL600 FPGA U13 ICL Link Section
I/O port fail Random hardware failure ICL communication degraded or disabled for both channels / Expect mailbox timeout.
random temporary disruptions may cause failover Affected controller needs to be replaced.
17 AGL600 FPGA U13
ICL Link Section
Synchronization fault Internal link failure Periodic disruption in ICL operation
random temporary disruptions may cause failover Affected controller needs to be replaced.
18 AGL600 FPGA U13
ICL Link Section
Memory cell fault Random hardware failure Surveillance of controller operation.
Frequency of system error occurrences increases.
Runtime test will detect failure.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 21 of 29 Rev. B
-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 19 AGL600 FPGA
U13 ISA Interface Section
I/O port fail Random hardware failure ISA communication degraded or disabled
Loss of data and system status
Affected controller needs to be replaced.
20 AGL600 FPGA U13
ISA Interface Section
Synchronization fault Internal link failure Periodic disruption in ISA bus operation
random temporary disruptions may cause failover Affected controller needs to be replaced.
21 AGL600 FPGA U13
ISA Interface Section
Memory cell fault Random hardware failure ISA communication degraded or disabled
Loss of data and system status Runtime test will detect failure.
22 USB AP2196 L26 Power limit switch
Fail open External device unable to connect CPU reboots while connected to External USB device
No impact to system Affected controller needs to be replaced.
23 USB AP2196 L26 Power limit switch
Fail close External device unable to connect CPU reboots while connected to External USB device
No impact to system Affected controller needs to be replaced.
23 Oscillator Y4 TCXO 25 MHz
Frequency Drift Aging effect Surveillance of controller operation
Change in frequency of Watchdog timer. Internal controller errors
Affected controller needs to be replaced.
24 Oscillator Y3 11.0592MHz
Frequency Drift Aging effect Surveillance of controller operation
Change in frequency of UART baud clock. Internal controller errors
Affected controller needs to be replaced.
25 Transient suppressor D6 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic
Affected controller needs to be replaced.
26 Transient suppressor D17 TPN3021RL
Fail open Mechanical damage – not susceptible to aging.
Module Dead Removes all power from onboard logic
Affected controller needs to be replaced.
27 Diode CR2 thru CR5
BAS-70
Fail open Overload; random hardware failure
Main controller cannot communicate with loop controller
Affected signal line is pulled high regardless of proper signal level.
Affected controller needs to be replaced.
28 Diode D1 BAT54C
Fail open Overload; power surge; transient Module Dead System fails.
Affected controller needs to be replaced.
29 Capacitive line filters Capacitor has a low resistance path to ground plane
Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
Periodic errors in functional operation Affected controller needs to be replaced.
30 Capacitive line filters Capacitor has bad solder joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
31 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
32 Clock buffer U26
Fail open Random hardware failure Surveillance of controller operation.
Controller fails
Affected controller needs to be replaced.
33 Crystal VY1 14.31818
Frequency Drift Higher or Lower
Aging effect Surveillance of controller operation
Change in frequency of internal controller errors
Affected controller needs to be replaced.
34 Diode Schottky VQ3 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
35 Diode Schottky VQ4 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
36 Diode Schottky VQ5 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
37 Diode Schottky VQ6 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
38 Diode Schottky VQ7 BAT54s
Fail open Mechanical damage – not susceptible to aging.
Visual interface corrupted No impact to the system
Affected controller needs to be replaced.
39 Diode D2, D4, D7, D8 MBRS340
Fail open Transient power surge Redundant power supply enables continued normal operation.
One power supply disconnected from I/O module
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 22 of 29 Rev. B
-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 40 Fuse F1,
RF1 Fail open Transient surge; Overload Affected portion of assembly
is inoperable Operating power removed from all or some portion of assembly
Affected controller needs to be replaced.
41 Transformer module T1-3 H1102
Coil fail open Transient surge Increase in error count for affected channel
TX or RX function fails or significantly attenuated for affected channel
Affected controller needs to be replaced.
42 Transformer module T1-3 H1102
Coil windings short Transient surge; insulation failure Increase in error count for affected channel
Isolation defeated for affected channel
Affected controller needs to be replaced.
43 Voltage monitor U18,U36 LTC2912
Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation
Affected controller needs to be replaced.
44 DC/DC converter U19 LTC3251
Fail open Random hardware failure Disruptive communication on ICL and ISA bus
Loss of system data and controller operation
Affected controller needs to be replaced.
45 DC/DC regulator U11 LTC3407-3
Output voltage drift Random component failure Periodic disruption in ICL operation
Loss of SOE synchronization
Affected controller needs to be replaced.
46 Voltage regulator U12
Output voltage drift Random component failure incorrect VCORE voltage to Processor
Controller fails
Affected controller needs to be replaced.
47 Voltage Regulator U20 MCP 1826S
Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails
Affected controller needs to be replaced.
48 Voltage Regulator U20 MCP 1826S
Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor
Affected controller needs to be replaced.
49 Diode VD1 MMMZ5226B
Fail open Random component failure Unable to detect connector No communication through DVI2
Affected controller needs to be replaced.
50 CLK P2781A U16
Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.
51 Graphic driver DVI
Fails to operate Random hardware failure Loss of video signals or unreadable video signals
Controller cannot operate Affected controller needs to be replaced.
52 IC U27-30 TXRX RS485
Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response
Affected controller needs to be replaced.
53 Switch Toggle S1
Fails to open Random hardware failure Surveillance of controller operation.
Controller cannot power up.
Affected controller needs to be replaced.
54 Switch Toggle S1
Fails to close Random hardware failure Surveillance of controller operation.
Controller cannot power down.
Affected controller needs to be replaced.
55 TI U62, U63 Switch Power Regulator
Fails to operate Random hardware failure System status shows failure when both U62 and U63 fail. Otherwise, there will be no indications.
U62 and U63 are redundant. Failure of one regulator still allows controller to operate. Failures of both regulators will fail the controller and loss of redundancy is resulted.
Affected controller needs to be replaced.
56 Transistor NPN Q 1-4
Fails to operate Random hardware failure System status shows failure.
Controller cannot operate Affected controller needs to be replaced.
57 PCI VGA Display U7
Fails to operate Random hardware failure Loss of video signals or unreadable video signals
No impact to system operation. Affected controller needs to be replaced.
58 Vortex86DX SOC at U1
Fails to operate Random hardware failure Controller fails to operate and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 23 of 29 Rev. B
-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 59 Crystal
Y2 32.768 kHz Fails to provide accurate clock signals
Random hardware failure High error rate in communications.
Loss of synchronization Affected controller needs to be replaced.
60 Battery Lithium Coin 3V
Fails to operate or not enough battery
Random hardware failure System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate. Affected controller needs to be replaced.
61 Vortex86DX SOC PC BIOS at U1
Fails to operate Corrupted BIOS storage area System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
62 Hard Disk connected at J1
Fails to operate Random hardware failure System status shows failure and dual stack led DS5-8 show no activities
Controller cannot operate.
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 24 of 29 Rev. B
Table 4 – HFC-HSIM Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 AGL600 U1 I/O
Control Section I/O port fail Random hardware failure Communication is degraded Loss of I/O communication Affected controller needs to be
replaced. 2 AGL600 U1 I/O
Control Section Synchronization fault Internal link failure Intermittent data failure Loss of fiber link Affected controller needs to be
replaced. 3 AGL600 U1 I/O
Control Section Memory cell fault Random hardware failure Surveillance of controller
operation. Missing instruction sets / data corrupted Affected controller needs to be
replaced. 4 AGL600 U1
ICL Slave Section I/O port fail Random hardware failure ICL link communication is
loss Missing diagnostic / status data resulting in I/O fault Affected controller needs to be
replaced. 5 AGL600 U1
ICL Slave Section Synchronization fault Internal link failure Degraded operation Loss of communication Affected controller needs to be
replaced. 6 AGL600 U1
ICL Slave Section Memory cell fault Random hardware failure Surveillance of controller
operation. Corrupted data stream Affected controller needs to be
replaced. 7 AGL600 U1
Clock Generator Section I/O port fail Random hardware failure Timing of data latches
incorrect System will exhibit periodic instability Affected controller needs to be
replaced. 8 AGL600 U1
Clock Generator Section Synchronization fault Internal link failure Drift of clock frequency Loss of system clock reliability Affected controller needs to be
replaced. 9 AGL600 U1
Clock Generator Section Memory cell fault Random hardware failure Missing system clock System hung / board dead Affected controller needs to be
replaced. 10 AGL 060 U2 Component failure Random hardware failure Missing diagnostics data to
the front panel / led Loss of primary monitoring and DMT Affected controller needs to be
replaced. 11 IRF9640SPbF U3
Power MOSFET Component failure Random hardware failure Board fails Loss of 3.3v and 5 v regulators Affected controller needs to be
replaced. 12 TPS5430 U4
DC / DC Regulator Output voltage drift Random component failure Loss of 3.3 VDC reset Unable to reset the HSIM FPGA logic when depressed Affected controller needs to be
replaced. 13 TPS5430 U5
DC / DC Regulator Output voltage drift Random component failure Loss of 5 v / fiber optic fails 5 volt regulator provides voltage to components on the board
and the fiber optic / board would be inoperable Affected controller needs to be replaced.
14 74LV06 U6 Inverter - E
Fail Open Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.
15 74LV06 U6 Inverter - F
Fail Open Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.
16 LTC3251E U7 Step down DC / DC conv
Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be replaced.
17 SN74LV166 U8 8-bit shift register
Fail open Random hardware failure LED display erratic Baud rate not selectable / ICL communication is affected Affected controller needs to be replaced.
18 Capacitive line filters Capacitor has a low resistance path to ground plane
Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
Periodic errors in functional operation Affected controller needs to be replaced.
19 Capacitive line filters Capacitor has bad solder joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
20 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
21 ADM 3485E U9 485 Transceiver
Component failure Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.
22 SN74LV166 U10 8-bit shift register
Component failure Random hardware failure Unable to select card error on panel
Card Select fails Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 25 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 23 ADM 3485E U11
485 Transceiver Component failure Random hardware failure LED Display Loss of ICL Control Affected controller needs to be
replaced. 24 SN74AHC1G08DBV U12
AND GATE Component failure Random hardware failure Missing clear pulse to
multivibrator led display Watchdog timing is loss / Board does not operate Affected controller needs to be
replaced. 25 ADM3485E U13
RS485 Transceiver Component failure Random hardware failure LED display Loss of Channel 1 Affected controller needs to be
replaced. 26 6N139 U14
Photo coupler Component failure Random component failure board loses reference voltage
to FPGA Board would fail to operate Affected controller needs to be
replaced. 27 SN74AHC1G08DBV U15
AND GATE Component failure Random hardware failure LED display Loss of Channel 1 Affected controller needs to be
replaced. 28 ADM3485E U16
RS485 Transceiver Component failure Random hardware failure LED display Loss of Channel 2 Affected controller needs to be
replaced. 29 ADM3485E U18
RS485 Transceiver Component failure Random hardware failure LED display Loss of Channel 2 Affected controller needs to be
replaced. 31 SN75472 U20
Peripheral Driver Component failure Random component failure Loss of data transfer Data unable to be Transmitted through Fiber optic Affected controller needs to be
replaced. 32 74LS04 U21f
Inverter Component failure Random component failure Loss of data transfer Data unable to be Transmitted through Fiber optic Affected controller needs to be
replaced. 33 74LS04 U21a
Inverter Component failure Random component failure Loss of data transfer Unable to receive data through fiber optic Affected controller needs to be
replaced. 34 PESD3V3S5UD U24
Diode array Component failure Random hardware failure Diagnostics fail to run Loss of Diagnostics Affected controller needs to be
replaced. 35 PESD3V3S5UD U25
Diode array Component failure Random hardware failure Diagnostics fail to run Loss of Diagnostics Affected controller needs to be
replaced. 36 IRF9640SPbF U27
Power MOSFET Component failure Random hardware failure board loses reference
voltage to FPGA Board would fail to operate Affected controller needs to be
replaced. 37 SN74LV123A U28
Mono-stable Multivibrator
Component failure Random hardware failure Loss of Watchdog timing to the FPGA / led display
Loss of timing to the FPGA / board will fail Affected controller needs to be replaced.
38 MMBT2369A Q6 NPN Transistor
Component failure Random component failure Loss of data transfer Unable to receive data through fiber optic Affected controller needs to be replaced.
39 MMBT2369A Q7 NPN Transistor
Component failure Random component failure Display on front panel HSIM present signal missing / FPGA Affected controller needs to be replaced.
40 HFBR1414 FO1 Optical Transmitter
Fail open Random component failure Loss of data transfer Data unable to be Transmitted through Fiber Affected controller needs to be replaced.
41
HFBR-2412C FO2 Optical Receiver
Fail open Random component failure Loss of data transfer Data unable to be Received through Fiber Affected controller needs to be replaced.
42 555-4003 DS1, DS2 LED BAR-Graph
Fail open Random component failure Loss of display No action needed. No action needed.
43 FOX924B-25.0 Y1 25 MHz clock
Frequency Drift Aging effect Surveillance of controller operation; High communication error rates
Change in frequency of FPGA
Affected controller needs to be replaced.
44 FOX924B-25.0 Y2 44 MHz clock
Frequency Drift Aging effect Surveillance of controller operation; High communication error rates
Change in frequency of FPGA
Affected controller needs to be replaced.
45 BAS70 CR1-CR4 Schottky diode
Fail open Mechanical damage – not susceptible to aging.
Unable to select card Degraded functional capabilities Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 26 of 29 Rev. B
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 46 MBRS340 D1,D2
diode Fail open Mechanical damage – not
susceptible to aging. Loss of 24 volt / board is dead no led display if both diodes opens / otherwise no effect
These two diodes provide parallel 24 volt sources / if one diode fails the circuit will get voltage through the other diode, providing redundancy. However, if both fails board dead.
Affected controller needs to be replaced.
47 SK36-TP D3,D4 Diode
Fail open Mechanical damage – not susceptible to aging.
Loss of Aux volt / board loses reference voltage to FPGA / Board fails if both diodes opens / otherwise no effect
These two diodes provide parallel aux volt sources / if one diode fails the circuit will get voltage through the other diode, providing redundancy. However, if both fails board dead.
Affected controller needs to be replaced.
48 8330A D5 Diode
Fail open Mechanical damage – not susceptible to aging.
Loss of Fiber optic Loss of data tx and RX through Fiber optics Affected controller needs to be replaced.
49 8330A D6 Diode
Fail open Mechanical damage – not susceptible to aging.
Board fails as 3.3 volt is used for most of the components on the board and the 1.5 volt is used to power the FPGA core
The module would fail to operate Affected controller needs to be replaced.
50 SK36-TP D7 Diode
Fail open Mechanical damage – not susceptible to aging.
Loss of Watchdog timing to the FPGA
Loss of timing to the FPGA / board will fail Affected controller needs to be replaced.
51 BZV90-C2V4 D8 Diode
Fail open Mechanical damage – not susceptible to aging.
board loses reference voltage to FPGA
Board would fail to operate Affected controller needs to be replaced.
52 Fuse F1,2,3,4 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Operating power removed from all or some portion of assembly
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 27 of 29 Rev. B
Table 5 – HFC-ILR06R
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 LTC1484 U1
Transceiver / Receiver Fail open Random component failure Loss of data received from
fiber optics Missing data from fiber optic / Loss of ICL Affected controller needs to be
replaced. 2 G3VM-61E1 U2, U7
Relay Open output Overload; random hardware
failure One or more DO channels fail; power line to CSM is dead.
Missing data from fiber optic / Loss of ICL Affected controller needs to be replaced.
3 G3VM-61E1 U2, U7 Relay
Short to ground Overload; random hardware failure
One or more DO channels fail; power line to CSM is dead.
Interface communication / DO output data absent on backplane / 0V on back plane
Affected controller needs to be replaced.
4 ICM7555 U3 Timer
Fail open Random component failure Red Led never turns on DO channel affected is disabled Affected controller needs to be replaced.
5 TPS5430D U4 DC converter
Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be replaced.
6 74LS04 U5-a, b inverter
Fail open Random component failure Operator surveillance Unable to transmit data over bus or optical Affected controller needs to be replaced.
7 74LS04 U5-c, d inverter
Fail open Random component failure One or more DO channels fail; power line to CSM is dead.
DO channel affected is disabled Affected controller needs to be replaced.
8 75472 U6 Peripheral Driver
Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be replaced.
9 LT1016 U8 Comparator
Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be replaced.
10
HFBR1312 FO1 1300 nm fiber optic TX
Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be replaced.
11 HFBR2316 FO2 1300 nm fiber optic RX
Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be replaced.
15 NPN BJT Q1 Fails to operate Random hardware failure System status shows failure.
Interface communication / DO output data absent on backplane / 0V on back plane
Affected controller needs to be replaced.
16 NPN BJT Q2 Fails to operate Random hardware failure System status shows failure.
Interface communication / DO output data absent on backplane / 0V on back plane
Affected controller needs to be replaced.
17 LED D2 Fail open Random component failure Loss of display No effect on operation No action 18 MBRS340 CR1 Fail open Mechanical damage – not
susceptible to aging. Board fails Loss of 24v DC / Missing regulated 5 VDC
(Loss of redundancy) Affected controller needs to be replaced.
19 MBRS340 CR2 Fail open Mechanical damage – not susceptible to aging.
Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy
Affected controller needs to be replaced.
20 MBRS340 CR3 Fail open Mechanical damage – not susceptible to aging.
Digital output inoperable Interface communication / DO output data absent on backplane / 0V on back plane
Affected controller needs to be replaced.
21 MBRS340 CR4 Fail open Mechanical damage – not susceptible to aging.
Digital output inoperable Interface communication / DO output data absent on backplane / 0V on back plane
Affected controller needs to be replaced.
22 Fuse F1,2,3,4 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Operating power removed from all or some portion of assembly
Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 28 of 29 Rev. B
Table 6 – HFC-ILR06T Item Name Failure Mode Failure Mechanism Method of Detection Effect of Failure on System Method of Remediation 1 LTC1484 U1
Transceiver / Receiver Fail open Random component failure Loss of data received from
fiber optics Missing data from fiber optic / Loss of ICL Affected controller needs to be
replaced. 2 HFBR1312 F01
1300 nm fiber optic TX Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be
replaced. 3 HFBR2316 F02
1300 nm fiber optic RX Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be
replaced. 4 ICM7555 U9
Timer Fail open Random component failure Missing 50 kHz signal Module inoperable / Data does not get transmitted Affected controller needs to be
replaced. 5 TPS5430D U3
DC converter Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be
replaced. 6 74LS04 U5-a, b
inverter Fail open Random component failure Loss of data transfer Unable to transmit data over bus or optical Affected controller needs to be
replaced. 7 74LS04 U5-c
inverter Fail open Random component failure Loss of data transfer Unable to transmit data over bus or optical Affected controller needs to be
replaced. 8 75472 U6
Peripheral Driver Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be
replaced. 9 LT1016 U8
Comparator Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be
replaced. 10 Fuse F1 Fail open Transient surge; Overload Affected portion of assembly
is inoperable Operating power removed from all or some portion of assembly
Affected controller needs to be replaced.
11 LED DS1 Fail open Random component failure Loss of display No effect on operation No action needed. 12 Capacitive line filters Capacitor has a low resistance
path to ground plane Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
Periodic errors in functional operation Affected controller needs to be replaced.
13 Capacitive line filters Capacitor has bad solder joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
14 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation
Affected controller needs to be replaced.
15 MBRS340 CR1 Fail open Mechanical damage – not susceptible to aging.
Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy)
Affected controller needs to be replaced.
16 MBRS340 CR2 Fail open Mechanical damage – not susceptible to aging.
Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy
Affected controller needs to be replaced.
17 6N139 U2 Photo coupler
Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be replaced.
FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet
RR901-003-03 Page 29 of 29 Rev. B
Table 7 – AFS-CSM-01
Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Method of Remediation 1 AGL060 U1 Component failure Random hardware failure No led display Loss of switch status Affected controller needs to be
replaced. 2 LM809M3 U2
Reset circuit Fail open Random component failure LEDs off and CSM is unable
to receive data Unable to reset FPGA in event of power issue Affected controller needs to be
replaced. 3 TPS54160 U3
DC /DC Converter Output voltage drift Random component failure Board dead / Looping reset Loss Switch power supply 3.3 v Affected controller needs to be
replaced. 4 LTC3251 U4 Output voltage drift Random component failure Random component failure Loss of 1.5 v regulation Affected controller needs to be
replaced. 5 SN65HVD1782 U5
RS-485 Transceivers Fail Open Random component failure LEDs off and CSM is unable
to receive data ICL 1 / unable to receive or transmit any data Affected controller needs to be
replaced. 6 SN65HVD1782 U6
RS-485 Transceivers Fail Open Random component failure LEDs off and CSM is unable
to receive data ICL2 / unable to receive or transmit any data Affected controller needs to be
replaced. 7 ULN2803 U10
Transistor array Fails to operate Random component failure No led display Loss of switch status Affected controller needs to be
replaced. 8 Capacitive line filters Capacitor has a low resistance
path to ground plane Component hardware failure; fabrication error
Periodic surveillance detects indication of localized overheating.
Periodic errors in functional operation Affected controller needs to be replaced.
9 Capacitive line filters Capacitor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage
Operator surveillance of controller operation.
Periodic errors in functional operation Affected controller needs to be replaced.
10 Pull-up/pull-down resistor on data line
Resistor has bad soldier joint or comes off board.
Fabrication error; physical damage during storage.
Operator surveillance of controller operation.
Periodic errors in functional operation Affected controller needs to be replaced.
11 Diode D1 BAV70LT1
Fail open Mechanical damage – not susceptible to aging.
Loss of 24 VDC Board dead Affected controller needs to be replaced.
12 Diode D2 B260
Fail open Mechanical damage – not susceptible to aging.
Loss of 3.3 regulated voltage
Board dead Affected controller needs to be replaced.
13 Diode D3 B260
Fail open Mechanical damage – not susceptible to aging.
Loss of redundant 24 VDC No effect unless D4 fails then board dead No action needed.
14 Diode D4 B260
Fail open Mechanical damage – not susceptible to aging.
Loss of redundant 24 VDC No effect unless D4 fails then board dead No action needed.
15 Fuse .25 amp F1 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Loss of 3.3 regulated voltage Affected controller needs to be replaced.
16 Fuse3 375 mA F2 Fail open Transient surge; Overload Affected portion of assembly is inoperable
Loss of 3.3 regulated voltage Affected controller needs to be replaced.
17 SPST switch S1 Fail open Mechanical damage – not susceptible to aging.
Communication may be degraded
Unable to select baud rate switch OFF (38.4 Kbaud) If selection of baud rate is required replace module affected
18 Oscillator ASFL1 Y3 Frequency Drift Aging effect Loss of clock Loss of Clock / board dead Replace module affected