RR901-003-03, Rev. B, Failure Mode and Effects Analysis for the … · 2013-06-04 · RR901-003-03 Page 7 of 29 Rev. B 4.0 FMEA Worksheet The FMEA worksheet provides the basic tool

Page 1 of 29

HF Controls

Failure Mode and Effects Analysis for the High Performance Controller of

HFC-6000 Safety Platform

RR901-003-03

Rev. B

Effective Date 8/30/2012 Prepared By: Terry Roberts Reviewed By: Ivan Chow Approved By: Allen Hsu

[ ]

Copyright© 2012 Doosan HF Controls Corporation

FMEA for the HFC-FPC08 Controller of HFC-6000 Safety Platform

RR901-003-03 Page 2 of 29 Rev. B

Revision History

Date Revision Preparer Changes

08/29/2012 A T. Roberts Initial Revision 08/3020/12 B T. Roberts Revised for comments

TABLE OF CONTENTS Section Description Page 1.0 INTRODUCTION....................................................................................................4

2.0 INDUSTRY REFERENCES AND ACRONYMS.................................................4

2.1 Industry References ..........................................................................................4 2.2 Acronyms ..........................................................................................................4 3.0 REFERENCES .........................................................................................................6

4.0 FMEA WORKSHEET ............................................................................................7

4.1 Controllers.........................................................................................................8 4.1.1 HFC-FPC08 Redundant Controller – Table 1 ..................................................8 4.1.2 HFC-FPC08 MTP Controller – Table 2............................................................8 4.1.3 HFC-FPC08 SDL Controller – Table 3 ............................................................8 4.2 Special Cards ....................................................................................................9 4.2.1 HFC-HSIM –Table 4 ........................................................................................9 4.2.2 HFC-ILR06R –Table 5 .....................................................................................9 4.2.3 HFC-ILR06T – Table 6 ..................................................................................10 4.2.4 AFS-CSM-01 –Table 7 ...................................................................................11


RR901-003-03 Page 3 of 29 Rev. B

LIST OF TABLES Table 1 – HFC-FPC08 Redundant Controller ................................................................. 12 Table 2 – HFC-FPC08 MTP Controller ........................................................................... 16 Table 3 – HFC-FPC08 SDL Controller............................................................................ 20 Table 4 – HFC-HSIM........................................................................................................ 24 Table 5 – HFC-ILR06R ..................................................................................................... 27 Table 6 – HFC-ILR06T ..................................................................................................... 28 Table 7 – AFS-CSM-01 ..................................................................................................... 29

List of Figures Figure 1: HFC-HSIM Design Diagram .............................................................................. 9 Figure 2: HFC-ILR06R Solid State DO Flow Diagram ................................................... 10 Figure 3: HFC-ILR06T DO Transmitter Flow Diagram ................................................. 10 Figure 4: AFS-CSM-01 Detailed Design Specification .................................................... 11


RR901-003-03 Page 4 of 29 Rev. B

1.0 Introduction This document contains FMEA worksheets for the enhanced equipment of the HFC-6000 Safety Platform. Scope of coverage includes all major active components on the assembly; simple ICs like individual inverters, amplifiers, latches, etc. generally have been excluded. Similarly, individual passive components like resistors, capacitors, and coils have generally not been included unless they have a high failure rate. Assemblies consisting of passive hardware components only (circuit board traces, terminals, resistors, capacitors, etc.) have been excluded from this FMEA. RR901-003-04 provides the reliability and availability analyses of the enhanced equipment as listed in this document. Refer to that document for calculating the failure rate for the enhanced components. These failure rate values are based on data developed in a reliability analysis covering these assemblies. In general, the failure rate parameter is calculated for an individual hardware component; however, some entries in the FMEA table represent a combination of several parts (e.g., low pass filter network, input amplifier network, etc.). In such cases, the failure rate is calculated from the failure rate of the component parts using the principles of probability to establish the combination algorithm.

2.0 Industry References and Acronyms

2.1 Industry References IEEE Standard 352, IEEE Guide for Principles of Reliability Analysis of Nuclear Power Generating Station Protection Systems, 1987 EPRI TR-107330, Generic Requirements for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants, 1996

2.2 Acronyms ADC Analog/Digital Converter AI Analog Input AO Analog Output C-Link Communication Link CPLD Complex Programmable Logic Device CPU Central Processing Unit CRC Cyclic Redundancy Check DAC Digital/Analog Converter dc Direct Current PC B Printed Circuit Board PLC Programmable Logic Controller DI Digital Inputs DO Digital Outputs DSP Digital Signal Processor EPROM Erasable Programmable Read Only Memory FMEA Failure Modes and Effects Analysis FO Fiber Optic


RR901-003-03 Page 5 of 29 Rev. B

FOT Fiber Optic Transmitter FPGA Field Programmable Gate Array HFC HF Controls Hz Hertz I&C Instrumentation and Control ICL Intercommunication Link IEEE Institute of Electrical and Electronics Engineers I/O Input /Output kHz Kilo Hertz kV kiloVolt LED Light Emitting Diode mA milli-Ampere MHz Mega Hertz MTBF Mean Time Between Failure MS Microsoft NRC Nuclear Regulatory Commission PC Personal Computer PCB Printed Circuit Board PCS Plant Control System PLC Programmable Logic Controller PROM Programmable Read-Only Memory PSM Power Supply Module QA Quality Assurance ROM Read-Only Memory RTD Resistance Thermal Detector SC System Controller SY S System CPU


RR901-003-03 Page 6 of 29 Rev. B

3.0 References 3.1 40031281, AFS-CSM-01 Assembly BOM, Rev. D

3.2 40031301, AFS-CSM-01 Schematic, Rev. E

3.3 40040282, ILR06R Assembly BOM, Rev. C

3.4 40103881, FPC08 Assembly BOM, Rev. H

3.5 40103901 FPC08 Schematic Rev. D

3.9 40107081, ILR06T Assembly BOM, Rev. C

3.6 40107081, ILR06R Schematic, REV. C

3.9 40107081, ILR06T Assembly BOM, Rev. C

3.7 40108609, HFC-HSIM Assembly BOM, Rev A

3.8 40108701, HFC-HSIM Schematic Rev. A

3.11 DS901-000-81, HFC-FPC08 Hardware Design Spec, Rev A

3.12 DS901-000-85, HFC-FPC08 ICL Master FPGA Design Specification, Rev C

3.13 DS901-000-91, HFC-ILR06R Hardware Design Specification, Rev. B

3.14 DS901-001-14, HFC-ILR06T Hardware Design Specification, Rev. A

3.15 DS901-001-17, FPC08 Controller Software Design Specification, Rev D

3.16 DS901-001-20, HFC-HSIM Hardware Design Specification, Rev B

3.17 DS903-000-51, AFS-CSM-01 Design Specification, Rev. B

3.18 RS901-001-02, HFC-ILR06R Requirements Specification, Rev. A

3.19 RS901-001-06, HFC-ILR06T Requirements Specification, Rev. A

3.20 RS901-001-14, HFC-HSIM Card Requirements Specification, Rev. B

3.21 RS903-000-08, AFS-CSM-01 FPGA Requirement Specification Rev. B


RR901-003-03 Page 7 of 29 Rev. B

4.0 FMEA Worksheet The FMEA worksheet provides the basic tool for conducting the analysis at each level. This worksheet consists of a table with seven columns that provide the medium for performing the FMEA. The header section provides an area for identifying the specific level, system, and reference material for entries on the current page of the worksheet. The worksheet table provides a separate row for each item to be considered; the columns contain the following information: • Item. A numeric sequence number for each row. The sequence number will permit

specific cross-referencing by subsequence documents or analyses. • Name. Nomenclature for the function, assembly, or component under consideration. • Failure Mode. Identifies the specific failure mode for this entry. If a particular device

has multiple distinct failure modes, the device is addressed a lower level of analysis. • Possible Cause(s). Identifies the cause of the particular failure mode listed.

Potentially, any single failure mode could result from several different specific causes. Each entry lists the most likely cause or causes anticipated.

• Method of Detection. Identifies the method by which a system operator can identify

both the existence of a failure condition and the specific source of the fault. Any postulated failure mode whose existence cannot be detected shall be identified.

• Effect of Failure on System. Lists the effects that a specified failure mode will have

on overall operation of the control remote. The design engineer should consider the basic control system architectures separately (single loop control remote, distributed control architecture, redundant/non-redundant), because failure effects will vary.

• Remarks/Comments This entry provide actions or comments for the failed state.


RR901-003-03 Page 8 of 29 Rev. B

4.1 Controllers

4.1.1 HFC-FPC08 Redundant Controller – Table 1 [

]

4.1.2 HFC-FPC08 MTP Controller – Table 2 [

]

4.1.3 HFC-FPC08 SDL Controller – Table 3 [

]


RR901-003-03 Page 9 of 29 Rev. B

4.2 Special Cards

4.2.1 HFC-HSIM –Table 4 [

]

Figure 1: HFC-HSIM Design Diagram

4.2.2 HFC-ILR06R –Table 5 [

]


RR901-003-03 Page 10 of 29 Rev. B

Figure 2: HFC-ILR06R Solid State DO Flow Diagram

[

]

4.2.3 HFC-ILR06T – Table 6 [

]

Figure 3: HFC-ILR06T DO Transmitter Flow Diagram


RR901-003-03 Page 11 of 29 Rev. B

4.2.4 AFS-CSM-01 –Table 7

[

]

Figure 4: AFS-CSM-01 Detailed Design Specification

[

]

FMEA Report for HFC-FPC08 Controllers and Other Equipment of HFC-6000 Safety Platform FMEA Worksheet

RR901-003-03 Page 12 of 29 Rev. B

Table 1 – HFC-FPC08 Redundant Controller Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 1 DDR SRAM U2 Memory cell corrupted Random hardware failure Memory access may be

partially or completely disabled.

Controller affected cannot be reset. (Loss of redundancy)

Affected controller needs to be replaced.

2 DDR SRAM U3 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.



3 DDR SRAM U4 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.



4 DDR SRAM U5 Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations



5 Crystal Oscillator Y1 14.31818 MHZ

Frequency Drift Higher Aging effect Drift higher frequency, CPU over clocked and over heat.

Change in frequency of internal controller errors (Redundant systems continue to run)



Frequency Drift Lower Aging effect Drift lower frequency, CPU under clocked , Mailbox drift

Change in frequency of internal controller errors (Redundant systems continue to run)


7 Z11 VGA ROM U14 Memory cell corrupted Random hardware failure Lack of response from the VGA monitor

No impact to system operation. Affected controller needs to be replaced.

8 Dual stack led DS1-4 Fail open Random component failure Local status display does not correspond to actual operation

Incorrect Ethernet traffic activity / will not impact functional operation



Incorrect CPU run time status / will not impact functional operation


10 OPTO Coupler U32 Fail open or Fail close Random hardware failure Incorrect data due to missing sync

Unable to deliver scanned cards information board fails (Loss of redundancy)


11 POWER MOSFET U61 Fail open

Random hardware failure; Transient surge

Module dead Removes all power from onboard logic. (Loss of redundancy)


12 POWER MOSFET U61 Fail close Random hardware failure; Transient surge

Module dead Removes all power from onboard logic. (Loss of redundancy)


13 128 x 16 EEPROM U22 Memory cell corrupted Random hardware failure Lack of response from computer

Loss of connectivity and computer interface (Loss of redundancy)








16 AGL600 FPGA U13 ICL Link Section

I/O port fail Random hardware failure ICL communication degraded or disabled for both channels of affected controller. Expect mailbox timeout.

If primary, expect failover to secondary; control function not impacted. If secondary, no indication.

Runtime test will detect failure. If failover occurs, backup controller enables continued normal operation. Replace failed controller.


Synchronization fault Internal link failure Periodic disruption in ICL operation

If primary, random temporary disruptions may cause failover; if secondary, no indication.



Memory cell fault Random hardware failure Surveillance of controller operation.

Frequency of system error occurrences increases. (Loss of redundancy)

Runtime test will detect failure.


RR901-003-03 Page 13 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 19 AGL600 FPGA U13

ISA Interface Section I/O port fail Random hardware failure ISA communication degraded

or disabled Loss of data and system status (Loss of redundancy)


20 AGL600 FPGA U13 ISA Interface Section

Synchronization fault Internal link failure Periodic disruption in ISA bus operation

If primary, random temporary disruptions may cause failover; if secondary, no indication.



Memory cell fault Random hardware failure ISA communication degraded or disabled

Loss of data and system status Runtime test will detect failure.

22 USB AP2196 L26 Power limit switch

Fail open External device unable to connect CPU reboots while connected to External USB device

No impact to system Affected controller needs to be replaced.


Fail close External device unable to connect CPU reboots while connected to External USB device


23 Oscillator Y4 TCXO 25 MHz

Frequency Drift Aging effect Surveillance of controller operation

Change in frequency of Watchdog timer. Internal controller errors


24 Oscillator Y3 11.0592MHz


Change in frequency of UART baud clock. Internal controller errors


25 Transient suppressor D6 TPN3021RL

Fail open Mechanical damage – not susceptible to aging.

Module Dead Removes all power from onboard logic (Loss of redundancy)




Module Dead Removes all power from onboard logic (Loss of redundancy)


27 Diode CR2 thru CR5 BAS-70

Fail open Overload; random hardware failure

Main controller cannot communicate with loop controller

Affected signal line is pulled high regardless of proper signal level. (Loss of redundancy)


28 Diode D1 BAT54C

Fail open Overload; power surge; transient Module Dead System fails. (Loss of redundancy)


29 Capacitive line filters Capacitor has a low resistance path to ground plane

Component hardware failure; fabrication error

Periodic surveillance detects indication of localized overheating.

If controller actually fails during operation, it will failover to redundant controller.


30 Capacitive line filters Capacitor has bad solder joint or comes off board.

Fabrication error; physical damage during storage

Operator surveillance of controller operation.

Periodic errors in functional operation (Loss of redundancy)


31 Pull-up/pull-down resistor on data line

Resistor has bad soldier joint or comes off board.

Fabrication error; physical damage during storage.


Periodic errors in functional operation (Loss of redundancy)


32 Clock buffer U26 Fail open or Close Random hardware failure Surveillance of controller operation.

Controller fails (Loss of redundancy)


33 Crystal VY1 14.31818

Frequency Drift Higher or Lower

Aging effect Surveillance of controller operation

Change in frequency of internal controller errors (Loss of redundancy)


34 Diode Schottky VQ3 BAT54s

Fail open / Fail close Mechanical damage – not susceptible to aging.

Visual interface corrupted No impact to the system (Redundant system continues to operate.)











Fail open/ Fail close Mechanical damage – not susceptible to aging.




Fail open/Fail close Mechanical damage – not susceptible to aging.




RR901-003-03 Page 14 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 39 Diode D2, D4, D7, D8

MBRS340 Fail open Transient power surge Redundant power supply

enables continued normal operation.

One power supply disconnected from I/O module (Redundant system continues to operate.)


40 Fuse F1, RF1 Fail open Transient surge; Overload Affected portion of assembly is inoperable

Operating power removed from all or some portion of assembly (Loss of redundancy)


41 Transformer module T1-3 H1102

Coil fail open Transient surge Increase in error count for affected channel

TX or RX function fails or significantly attenuated for affected channel (Redundant system continues to operate.)



Coil windings short Transient surge; insulation failure Increase in error count for affected channel

Isolation defeated for affected channel (Redundant system continues to operate.)


43 Voltage monitor U18,U36 LTC2912

Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation (Loss of redundancy)


44 DC/DC converter U19 LTC3251

Fail open Random hardware failure Disruptive communication on ICL and ISA bus

Loss of system data and controller operation (Redundant system continues to operate.)


45 DC/DC regulator U11 LTC3407-3

Output voltage drift Random component failure Periodic disruption in ICL operation

Loss of SOE synchronization (Redundant system continues to operate.)


46 Voltage regulator U12 Output voltage drift Random component failure incorrect VCORE voltage to Processor

Controller fails (Redundant system continues to operate.)


47 Voltage Regulator U20 MCP 1826S

Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails (Redundant system continues to operate.)



Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor (Redundant system continues to operate.)


49 Diode VD1 MMMZ5226B

Fail open Random component failure Unable to detect connector No communication through DVI2 (Redundant system continues to operate.)


50 CLK P2781A U16 Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.

51 Graphic driver DVI Fails to operate Random hardware failure Loss of video signals or unreadable video signals

Controller cannot operate and results in loss of redundancy for the redundant FPC08 controller system.


52 IC U27-30 TXRX RS485

Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response (Redundant system continues to operate.)


53 Switch Toggle S1 Fails to open Random hardware failure Surveillance of controller operation.

Controller cannot power up. (Redundant system continues to operate.)


54 Switch Toggle S1 Fails to close Random hardware failure Surveillance of controller operation.

Controller cannot power down. (Redundant system continues to operate.)


55 TI U62, U63 Switch Power Regulator

Fails to operate Random hardware failure System status shows failure when both U62 and U63 fail. Otherwise, there will be no indications.

U62 and U63 are redundant. Failure of one regulator still allows controller to operate. Failures of both regulators will fail the controller and loss of redundancy is resulted.


56 Transistor NPN Q 1-4 Fails to operate Random hardware failure System status shows failure.

Controller cannot operate and results in loss of redundancy for the redundant FPC08 controller system.


57 PCI VGA Display U7 Fails to operate Random hardware failure Loss of video signals or unreadable video signals



RR901-003-03 Page 15 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System (Redundancy) Remarks/Comments 58 Vortex86DX SOC at U1 Fails to operate Random hardware failure Controller fails to operate

and dual stack led DS5-8 show no activities

Controller cannot operate. (Redundant system continues to operate.)


59 Crystal Y2 32.768 kHz

Fails to provide accurate clock signals

Random hardware failure High error rate in communications.

No impact to system operation. (Redundant system continues to operate.)


60 Battery Lithium Coin 3V Fails to operate or not enough battery

Random hardware failure System status shows failure and dual stack led DS5-8 show no activities

Controller cannot operate. (Redundant system continues to operate.)


61 Vortex86DX SOC PC BIOS at U1

Fails to operate Corrupted BIOS storage area System status shows failure and dual stack led DS5-8 show no activities

Controller cannot operate. (Loss of redundancy)


62 Hard Disk connected at J1 Fails to operate Random hardware failure System status shows failure and dual stack led DS5-8 show no activities

Controller cannot operate. (Loss of redundancy)



RR901-003-03 Page 16 of 29 Rev. B

Table 2 – HFC-FPC08 MTP Controller

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 DDR SRAM U2 Memory cell corrupted Random hardware failure Memory access may be


Controller affected cannot be reset.


2 DDR SRAM U3 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.



3 DDR SRAM U4 Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.



4 DDR SRAM U5 Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations





Change in frequency of internal controller errors






7 Z11 VGA ROM U14 Memory cell corrupted Random hardware failure Lack of response from the VGA monitor

No video Affected controller needs to be replaced.







10 OPTO Coupler U32 Fail open or Fail close Random hardware failure Incorrect data due to missing sync

Unable to deliver scanned cards information board fails


11 POWER MOSFET U61 Fail open Random hardware failure; Transient surge

Module dead Removes all power from onboard logic.


12 POWER MOSFET U61 Fail close Random hardware failure; Transient surge




Loss of connectivity and computer interface









I/O port fail Random hardware failure ICL communication degraded or disabled for both channels / Expect mailbox timeout.

random temporary disruptions may cause failover Affected controller needs to be replaced.






Frequency of system error occurrences increases.



I/O port fail Random hardware failure ISA communication degraded or disabled

Loss of data and system status









RR901-003-03 Page 17 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 22 USB AP2196 L26

Power limit switch Fail open External device unable to connect CPU reboots while connected

to External USB device No impact to system Affected controller needs to be

replaced. 23 USB AP2196 L26

Power limit switch Fail close External device unable to connect CPU reboots while connected

to External USB device No impact to system Affected controller needs to be

replaced. 23 Oscillator Y4

TCXO 25 MHz Frequency Drift Aging effect Surveillance of controller

operation Change in frequency of Watchdog timer. Internal controller errors








Module Dead Removes all power from onboard logic






27 Diode CR2 thru CR5 BAS-70



Affected signal line is pulled high regardless of proper signal level.


28 Diode D1 BAT54C

Fail open Overload; power surge; transient Module Dead System fails.





Periodic errors in functional operation Affected controller needs to be replaced.




Periodic errors in functional operation








32 Clock buffer U26 Fail open Random hardware failure Surveillance of controller operation.

Controller fails


33 Crystal VY1 14.31818







Visual interface corrupted No impact to the system


















39 Diode D2, D4, D7, D8 MBRS340

Fail open Transient power surge Redundant power supply enables continued normal operation.

One power supply disconnected from I/O module


40 Fuse F1, RF1 Fail open Transient surge; Overload Affected portion of assembly is inoperable

Operating power removed from all or some portion of assembly




TX or RX function fails or significantly attenuated for affected channel




Isolation defeated for affected channel



RR901-003-03 Page 18 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 43 Voltage monitor U18,U36

LTC2912 Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation




Loss of system data and controller operation




Loss of SOE synchronization


46 Voltage regulator U12 Output voltage drift Random component failure incorrect VCORE voltage to Processor

Controller fails



Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails



Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor



Fail open Random component failure Unable to detect connector No communication through DVI2


50 CLK P2781A U16 Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.

51 Graphic driver DVI Fails to operate Random hardware failure Loss of video signals or unreadable video signals

Controller cannot operate Affected controller needs to be replaced.

52 IC U27-30 TXRX RS485

Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response


53 Switch Toggle S1 Fails to open Random hardware failure Surveillance of controller operation.

Controller cannot power up.


54 Switch Toggle S1 Fails to close Random hardware failure Surveillance of controller operation.

Controller cannot power down.






56 Transistor NPN Q 1-4 Fails to operate Random hardware failure System status shows failure.


57 PCI VGA Display U7 Fails to operate Random hardware failure Loss of video signals or unreadable video signals


58 Vortex86DX SOC at U1 Fails to operate Random hardware failure Controller fails to operate and dual stack led DS5-8 show no activities

Controller cannot operate.


59 Crystal Y2 32.768 kHz

Fails to provide accurate clock signals


Loss of synchronization Affected controller needs to be replaced.

60 Battery Lithium Coin 3V Fails to operate or not enough battery


Controller cannot operate. Affected controller needs to be replaced.






RR901-003-03 Page 19 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 62 Hard Disk connected at J1 Fails to operate Random hardware failure System status shows failure

and dual stack led DS5-8 show no activities




RR901-003-03 Page 20 of 29 Rev. B

Table 3 – HFC-FPC08 SDL Controller

-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 DDR SRAM

U2 Memory cell corrupted Random hardware failure Memory access may be




2 DDR SRAM U3

Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop running.



3 DDR SRAM U4

Memory cell corrupted Random hardware failure If failure occurs during operation, application will stop processing inputs.



4 DDR SRAM U5

Memory cell corrupted Random hardware failure If failure occurs during operation, application will produce periodic invalid operations



5 Crystal Oscillator Y1

14.31818 MHZ




6 Crystal Oscillator Y1

14.31818 MHZ




7 Z11 VGA ROM U14

Memory cell corrupted Random hardware failure Lack of response from the VGA monitor


8 Dual stack led DS1-4

Fail open Random component failure Local status display does not correspond to actual operation



9 Dual stack led DS5-8

Fail open Random component failure Local status display does not correspond to actual operation



10 OPTO Coupler U32

Fail open or Fail close Random hardware failure Incorrect data due to missing sync

Unable to deliver scanned cards information board fails


11 POWER MOSFET U61

Fail open Random hardware failure; Transient surge



12 POWER MOSFET U61

Fail close Random hardware failure; Transient surge



13 128 x 16 EEPROM U22

Memory cell corrupted Random hardware failure Lack of response from computer



14 128 x 16 EEPROM U23




15 128 x 16 EEPROM U24





I/O port fail Random hardware failure ICL communication degraded or disabled for both channels / Expect mailbox timeout.


17 AGL600 FPGA U13

ICL Link Section



18 AGL600 FPGA U13

ICL Link Section


Frequency of system error occurrences increases.



RR901-003-03 Page 21 of 29 Rev. B

-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 19 AGL600 FPGA

U13 ISA Interface Section

I/O port fail Random hardware failure ISA communication degraded or disabled

Loss of data and system status


20 AGL600 FPGA U13

ISA Interface Section



21 AGL600 FPGA U13

ISA Interface Section




Fail open External device unable to connect CPU reboots while connected to External USB device



Fail close External device unable to connect CPU reboots while connected to External USB device


23 Oscillator Y4 TCXO 25 MHz


Change in frequency of Watchdog timer. Internal controller errors














27 Diode CR2 thru CR5

BAS-70



Affected signal line is pulled high regardless of proper signal level.


28 Diode D1 BAT54C

Fail open Overload; power surge; transient Module Dead System fails.

















32 Clock buffer U26

Fail open Random hardware failure Surveillance of controller operation.

Controller fails


33 Crystal VY1 14.31818

























39 Diode D2, D4, D7, D8 MBRS340

Fail open Transient power surge Redundant power supply enables continued normal operation.

One power supply disconnected from I/O module



RR901-003-03 Page 22 of 29 Rev. B

-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 40 Fuse F1,

RF1 Fail open Transient surge; Overload Affected portion of assembly

is inoperable Operating power removed from all or some portion of assembly




TX or RX function fails or significantly attenuated for affected channel




Isolation defeated for affected channel


43 Voltage monitor U18,U36 LTC2912

Frequency drift / short Random hardware failure Over / under voltage errors Loss of power or degenerative system operation




Loss of system data and controller operation




Loss of SOE synchronization


46 Voltage regulator U12

Output voltage drift Random component failure incorrect VCORE voltage to Processor

Controller fails



Output voltage fails Random hardware failure Surveillance testing Data transfer from processor fails



Output voltage drift Component aging Surveillance testing No indication until voltage outside operating tolerance of processor



Fail open Random component failure Unable to detect connector No communication through DVI2


50 CLK P2781A U16

Frequency drift Component aging Surveillance testing Periodic Electromagnetic interference errors Affected controller needs to be replaced.

51 Graphic driver DVI

Fails to operate Random hardware failure Loss of video signals or unreadable video signals


52 IC U27-30 TXRX RS485

Fails to operate Random hardware failure Loss of communications ICL unable to sync request / response


53 Switch Toggle S1

Fails to open Random hardware failure Surveillance of controller operation.

Controller cannot power up.


54 Switch Toggle S1

Fails to close Random hardware failure Surveillance of controller operation.

Controller cannot power down.






56 Transistor NPN Q 1-4

Fails to operate Random hardware failure System status shows failure.


57 PCI VGA Display U7

Fails to operate Random hardware failure Loss of video signals or unreadable video signals


58 Vortex86DX SOC at U1

Fails to operate Random hardware failure Controller fails to operate and dual stack led DS5-8 show no activities




RR901-003-03 Page 23 of 29 Rev. B

-Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 59 Crystal

Y2 32.768 kHz Fails to provide accurate clock signals


Loss of synchronization Affected controller needs to be replaced.

60 Battery Lithium Coin 3V

Fails to operate or not enough battery


Controller cannot operate. Affected controller needs to be replaced.





62 Hard Disk connected at J1

Fails to operate Random hardware failure System status shows failure and dual stack led DS5-8 show no activities




RR901-003-03 Page 24 of 29 Rev. B

Table 4 – HFC-HSIM Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 AGL600 U1 I/O

Control Section I/O port fail Random hardware failure Communication is degraded Loss of I/O communication Affected controller needs to be

replaced. 2 AGL600 U1 I/O

Control Section Synchronization fault Internal link failure Intermittent data failure Loss of fiber link Affected controller needs to be

replaced. 3 AGL600 U1 I/O

Control Section Memory cell fault Random hardware failure Surveillance of controller

operation. Missing instruction sets / data corrupted Affected controller needs to be

replaced. 4 AGL600 U1

ICL Slave Section I/O port fail Random hardware failure ICL link communication is

loss Missing diagnostic / status data resulting in I/O fault Affected controller needs to be


ICL Slave Section Synchronization fault Internal link failure Degraded operation Loss of communication Affected controller needs to be


ICL Slave Section Memory cell fault Random hardware failure Surveillance of controller

operation. Corrupted data stream Affected controller needs to be


Clock Generator Section I/O port fail Random hardware failure Timing of data latches

incorrect System will exhibit periodic instability Affected controller needs to be


Clock Generator Section Synchronization fault Internal link failure Drift of clock frequency Loss of system clock reliability Affected controller needs to be


Clock Generator Section Memory cell fault Random hardware failure Missing system clock System hung / board dead Affected controller needs to be

replaced. 10 AGL 060 U2 Component failure Random hardware failure Missing diagnostics data to

the front panel / led Loss of primary monitoring and DMT Affected controller needs to be

replaced. 11 IRF9640SPbF U3

Power MOSFET Component failure Random hardware failure Board fails Loss of 3.3v and 5 v regulators Affected controller needs to be

replaced. 12 TPS5430 U4

DC / DC Regulator Output voltage drift Random component failure Loss of 3.3 VDC reset Unable to reset the HSIM FPGA logic when depressed Affected controller needs to be


DC / DC Regulator Output voltage drift Random component failure Loss of 5 v / fiber optic fails 5 volt regulator provides voltage to components on the board

and the fiber optic / board would be inoperable Affected controller needs to be replaced.

14 74LV06 U6 Inverter - E

Fail Open Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.

15 74LV06 U6 Inverter - F

Fail Open Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.

16 LTC3251E U7 Step down DC / DC conv

Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be replaced.

17 SN74LV166 U8 8-bit shift register

Fail open Random hardware failure LED display erratic Baud rate not selectable / ICL communication is affected Affected controller needs to be replaced.
















21 ADM 3485E U9 485 Transceiver

Component failure Random hardware failure LED Display Loss of ICL Control Affected controller needs to be replaced.

22 SN74LV166 U10 8-bit shift register

Component failure Random hardware failure Unable to select card error on panel

Card Select fails Affected controller needs to be replaced.


RR901-003-03 Page 25 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 23 ADM 3485E U11

485 Transceiver Component failure Random hardware failure LED Display Loss of ICL Control Affected controller needs to be

replaced. 24 SN74AHC1G08DBV U12

AND GATE Component failure Random hardware failure Missing clear pulse to

multivibrator led display Watchdog timing is loss / Board does not operate Affected controller needs to be

replaced. 25 ADM3485E U13

RS485 Transceiver Component failure Random hardware failure LED display Loss of Channel 1 Affected controller needs to be

replaced. 26 6N139 U14

Photo coupler Component failure Random component failure board loses reference voltage

to FPGA Board would fail to operate Affected controller needs to be

replaced. 27 SN74AHC1G08DBV U15

AND GATE Component failure Random hardware failure LED display Loss of Channel 1 Affected controller needs to be





replaced. 31 SN75472 U20

Peripheral Driver Component failure Random component failure Loss of data transfer Data unable to be Transmitted through Fiber optic Affected controller needs to be

replaced. 32 74LS04 U21f

Inverter Component failure Random component failure Loss of data transfer Data unable to be Transmitted through Fiber optic Affected controller needs to be

replaced. 33 74LS04 U21a

Inverter Component failure Random component failure Loss of data transfer Unable to receive data through fiber optic Affected controller needs to be

replaced. 34 PESD3V3S5UD U24

Diode array Component failure Random hardware failure Diagnostics fail to run Loss of Diagnostics Affected controller needs to be

replaced. 35 PESD3V3S5UD U25

Diode array Component failure Random hardware failure Diagnostics fail to run Loss of Diagnostics Affected controller needs to be

replaced. 36 IRF9640SPbF U27

Power MOSFET Component failure Random hardware failure board loses reference

voltage to FPGA Board would fail to operate Affected controller needs to be

replaced. 37 SN74LV123A U28

Mono-stable Multivibrator

Component failure Random hardware failure Loss of Watchdog timing to the FPGA / led display

Loss of timing to the FPGA / board will fail Affected controller needs to be replaced.

38 MMBT2369A Q6 NPN Transistor

Component failure Random component failure Loss of data transfer Unable to receive data through fiber optic Affected controller needs to be replaced.

39 MMBT2369A Q7 NPN Transistor

Component failure Random component failure Display on front panel HSIM present signal missing / FPGA Affected controller needs to be replaced.

40 HFBR1414 FO1 Optical Transmitter

Fail open Random component failure Loss of data transfer Data unable to be Transmitted through Fiber Affected controller needs to be replaced.

41

HFBR-2412C FO2 Optical Receiver

Fail open Random component failure Loss of data transfer Data unable to be Received through Fiber Affected controller needs to be replaced.

42 555-4003 DS1, DS2 LED BAR-Graph

Fail open Random component failure Loss of display No action needed. No action needed.

43 FOX924B-25.0 Y1 25 MHz clock

Frequency Drift Aging effect Surveillance of controller operation; High communication error rates

Change in frequency of FPGA


44 FOX924B-25.0 Y2 44 MHz clock

Frequency Drift Aging effect Surveillance of controller operation; High communication error rates

Change in frequency of FPGA


45 BAS70 CR1-CR4 Schottky diode


Unable to select card Degraded functional capabilities Affected controller needs to be replaced.


RR901-003-03 Page 26 of 29 Rev. B

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 46 MBRS340 D1,D2

diode Fail open Mechanical damage – not

susceptible to aging. Loss of 24 volt / board is dead no led display if both diodes opens / otherwise no effect

These two diodes provide parallel 24 volt sources / if one diode fails the circuit will get voltage through the other diode, providing redundancy. However, if both fails board dead.


47 SK36-TP D3,D4 Diode


Loss of Aux volt / board loses reference voltage to FPGA / Board fails if both diodes opens / otherwise no effect

These two diodes provide parallel aux volt sources / if one diode fails the circuit will get voltage through the other diode, providing redundancy. However, if both fails board dead.


48 8330A D5 Diode


Loss of Fiber optic Loss of data tx and RX through Fiber optics Affected controller needs to be replaced.

49 8330A D6 Diode


Board fails as 3.3 volt is used for most of the components on the board and the 1.5 volt is used to power the FPGA core

The module would fail to operate Affected controller needs to be replaced.

50 SK36-TP D7 Diode


Loss of Watchdog timing to the FPGA

Loss of timing to the FPGA / board will fail Affected controller needs to be replaced.

51 BZV90-C2V4 D8 Diode


board loses reference voltage to FPGA

Board would fail to operate Affected controller needs to be replaced.

52 Fuse F1,2,3,4 Fail open Transient surge; Overload Affected portion of assembly is inoperable




RR901-003-03 Page 27 of 29 Rev. B

Table 5 – HFC-ILR06R

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Remarks/Comments 1 LTC1484 U1

Transceiver / Receiver Fail open Random component failure Loss of data received from

fiber optics Missing data from fiber optic / Loss of ICL Affected controller needs to be

replaced. 2 G3VM-61E1 U2, U7

Relay Open output Overload; random hardware

failure One or more DO channels fail; power line to CSM is dead.

Missing data from fiber optic / Loss of ICL Affected controller needs to be replaced.

3 G3VM-61E1 U2, U7 Relay

Short to ground Overload; random hardware failure

One or more DO channels fail; power line to CSM is dead.

Interface communication / DO output data absent on backplane / 0V on back plane


4 ICM7555 U3 Timer

Fail open Random component failure Red Led never turns on DO channel affected is disabled Affected controller needs to be replaced.

5 TPS5430D U4 DC converter

Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be replaced.

6 74LS04 U5-a, b inverter

Fail open Random component failure Operator surveillance Unable to transmit data over bus or optical Affected controller needs to be replaced.

7 74LS04 U5-c, d inverter

Fail open Random component failure One or more DO channels fail; power line to CSM is dead.

DO channel affected is disabled Affected controller needs to be replaced.

8 75472 U6 Peripheral Driver

Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be replaced.

9 LT1016 U8 Comparator

Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be replaced.

10

HFBR1312 FO1 1300 nm fiber optic TX


11 HFBR2316 FO2 1300 nm fiber optic RX

Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be replaced.

15 NPN BJT Q1 Fails to operate Random hardware failure System status shows failure.



16 NPN BJT Q2 Fails to operate Random hardware failure System status shows failure.



17 LED D2 Fail open Random component failure Loss of display No effect on operation No action 18 MBRS340 CR1 Fail open Mechanical damage – not

susceptible to aging. Board fails Loss of 24v DC / Missing regulated 5 VDC

(Loss of redundancy) Affected controller needs to be replaced.

19 MBRS340 CR2 Fail open Mechanical damage – not susceptible to aging.

Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy



Digital output inoperable Interface communication / DO output data absent on backplane / 0V on back plane



Digital output inoperable Interface communication / DO output data absent on backplane / 0V on back plane


22 Fuse F1,2,3,4 Fail open Transient surge; Overload Affected portion of assembly is inoperable




RR901-003-03 Page 28 of 29 Rev. B

Table 6 – HFC-ILR06T Item Name Failure Mode Failure Mechanism Method of Detection Effect of Failure on System Method of Remediation 1 LTC1484 U1

Transceiver / Receiver Fail open Random component failure Loss of data received from

fiber optics Missing data from fiber optic / Loss of ICL Affected controller needs to be

replaced. 2 HFBR1312 F01

1300 nm fiber optic TX Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be

replaced. 3 HFBR2316 F02

1300 nm fiber optic RX Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be

replaced. 4 ICM7555 U9

Timer Fail open Random component failure Missing 50 kHz signal Module inoperable / Data does not get transmitted Affected controller needs to be

replaced. 5 TPS5430D U3

DC converter Output voltage level drift Transient voltage spike Effects of component aging Missing or degraded +5VDC / board dead Affected controller needs to be

replaced. 6 74LS04 U5-a, b

inverter Fail open Random component failure Loss of data transfer Unable to transmit data over bus or optical Affected controller needs to be

replaced. 7 74LS04 U5-c

inverter Fail open Random component failure Loss of data transfer Unable to transmit data over bus or optical Affected controller needs to be

replaced. 8 75472 U6

Peripheral Driver Fail open Random component failure Loss of data transfer Data unable to be Transmitted Affected controller needs to be

replaced. 9 LT1016 U8

Comparator Fail open Random component failure Loss of data transfer Data unable to be Received Affected controller needs to be

replaced. 10 Fuse F1 Fail open Transient surge; Overload Affected portion of assembly

is inoperable Operating power removed from all or some portion of assembly


11 LED DS1 Fail open Random component failure Loss of display No effect on operation No action needed. 12 Capacitive line filters Capacitor has a low resistance

path to ground plane Component hardware failure; fabrication error















Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy)



Board fails Loss of 24v DC / Missing regulated 5 VDC (Loss of redundancy


17 6N139 U2 Photo coupler



RR901-003-03 Page 29 of 29 Rev. B

Table 7 – AFS-CSM-01

Item Name Failure Mode Possible Cause(s) Method of Detection Effect of Failure on System Method of Remediation 1 AGL060 U1 Component failure Random hardware failure No led display Loss of switch status Affected controller needs to be

replaced. 2 LM809M3 U2

Reset circuit Fail open Random component failure LEDs off and CSM is unable

to receive data Unable to reset FPGA in event of power issue Affected controller needs to be


DC /DC Converter Output voltage drift Random component failure Board dead / Looping reset Loss Switch power supply 3.3 v Affected controller needs to be

replaced. 4 LTC3251 U4 Output voltage drift Random component failure Random component failure Loss of 1.5 v regulation Affected controller needs to be

replaced. 5 SN65HVD1782 U5

RS-485 Transceivers Fail Open Random component failure LEDs off and CSM is unable

to receive data ICL 1 / unable to receive or transmit any data Affected controller needs to be

replaced. 6 SN65HVD1782 U6

RS-485 Transceivers Fail Open Random component failure LEDs off and CSM is unable

to receive data ICL2 / unable to receive or transmit any data Affected controller needs to be

replaced. 7 ULN2803 U10

Transistor array Fails to operate Random component failure No led display Loss of switch status Affected controller needs to be

replaced. 8 Capacitive line filters Capacitor has a low resistance

path to ground plane Component hardware failure; fabrication error



9 Capacitive line filters Capacitor has bad soldier joint or comes off board.









11 Diode D1 BAV70LT1


Loss of 24 VDC Board dead Affected controller needs to be replaced.

12 Diode D2 B260


Loss of 3.3 regulated voltage

Board dead Affected controller needs to be replaced.

13 Diode D3 B260


Loss of redundant 24 VDC No effect unless D4 fails then board dead No action needed.

14 Diode D4 B260


Loss of redundant 24 VDC No effect unless D4 fails then board dead No action needed.

15 Fuse .25 amp F1 Fail open Transient surge; Overload Affected portion of assembly is inoperable

Loss of 3.3 regulated voltage Affected controller needs to be replaced.

16 Fuse3 375 mA F2 Fail open Transient surge; Overload Affected portion of assembly is inoperable

Loss of 3.3 regulated voltage Affected controller needs to be replaced.

17 SPST switch S1 Fail open Mechanical damage – not susceptible to aging.

Communication may be degraded

Unable to select baud rate switch OFF (38.4 Kbaud) If selection of baud rate is required replace module affected

18 Oscillator ASFL1 Y3 Frequency Drift Aging effect Loss of clock Loss of Clock / board dead Replace module affected

Documents

RR901-003-03, Rev. B, Failure Mode and Effects Analysis for the … · 2013-06-04 · RR901-003-03 Page 7 of 29 Rev. B 4.0 FMEA Worksheet The FMEA worksheet provides the basic tool