Transcription

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 18Hydrogen Station Equipment Performance DeviceHyStEPSummary of Failure Modes and Effects AnalysisRevision 0TR00742-03-R00January 2016Prepared for:Powertech Labs Inc.12388 88th AvenueSurrey, BC, V3W 7R7www.powertechlabs.comPowertech Project Number: PL-00742Page 1

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 181 Executive SummaryThe Failure Modes and Effects Analysis (FMEA) of the Hydrogen Station EquipmentPerformance Device (HyStEP) was carried out to examine the system for potential failure modesand their associated effects. The FMEA was facilitated by Intertek Consulting and wasundertaken by Powertech Labs and the HyStEP Project Team. Results from this analysis wereused to assist in finalizing and improving the system design and associated handling and testingprocedures.Assumptions made in the development of this FMEA include: No distinction was made for each item’s maturity of design; each item was modeledbased on its intended function.The system analyzed included the H2 receiving system, sequencing system, tank system,defuel system, purge system, control system, and data report.The FMEA followed the model defined by the Design FMEA section of SAE J1739:2009as per the FMEA worksheet provided by Intertek ConsultingThe FMEA emphasized analysis at the functional level, based on the defined componentfunctions.The failure modes were generally defined as the negative of the function.The FMEA focused on potential end effects only.The FMEA results indicate the following: 7 functional blocks were analyzed44 functions were defined202 failure modes and effects were identifiedEach effect was assigned severity, occurrence, and detection/prevention ratings47 failure mode effects had severity of 9 or 10 indicating a safety hazard20 failure mode effects had a Risk Priority Number (RPN severity*occurrence*detection) greater than 100Page 2

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 18Table of Contents1 EXECUTIVE SUMMARY.22 INTRODUCTION .43 FAILURE MODES AND EFFECTS ANALYSIS .43.1 FMEA OVERVIEW .43.1.1 System Model .53.1.1.1 Boundary Conditions . 63.1.2 FMEA Type .63.2 ANALYSIS DEFINITIONS.73.2.1 Function Definition .73.2.2 Failure Mode Identification Criteria .93.2.3 Failure Effects .93.2.4 Severity Classifications .93.2.5 Occurrence Classifications . 113.2.6 Detection Classifications . 123.2.7 Causes . 133.3.1 Risk Priority Number . 133.4 FMEA ASSUMPTIONS . 134 RESULTS AND DISCUSSION . 144.1 RISK PRIORITY NUMBER RESULTS. 154.4 SUMMARY . 175 RECOMMENDATIONS . 176 APPENDIX A: FMEA WORKSHEET . 18Page 3

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 182 IntroductionThe Design Failure Modes and Effects Analysis (DFMEA) of the Hydrogen Station EquipmentPerformance Device (HyStEP Device) was carried out to examine the system for potential failuremodes and their associated effects. Results from this analysis were used to assist in finalizing andimproving the system design and associated handling and testing procedures.3 Failure Modes and Effects AnalysisA Failure Modes and Effects Analysis (FMEA) is an analysis procedure that documents allpotential failures of a system within specified ground rules. The FMEA is a procedure thatdetermines what can fail and how it can fail (failure mode) and the effects of the failure on thesystem (effects).The objectives and benefits of performing a FMEA include: Enhancing system safety by discovering potential failure modes that could result inhazardous conditionsAnalyzing the effects of severe, undetectable, and highly occurring failuresInfluencing the design to mitigate the impact of failuresSeveral cautions should be observed in the application and interpretation of a FMEA. First, aFMEA considers only non-simultaneous failure modes. Each failure mode is consideredindividually, assuming that all other components of the system function as designed. Thisprovides limited insight into the effects of multiple component failures on system functions andinto latent failures such as issues of timing or sequencing.Secondly, the cause-effect relationship is not adequately represented in many FMEA models. Ingeneral, there is no representation for the likelihood that a cause will result in a particular effect.Some analysts address the issue by assuming that all potential effects will result, given that acause of failure mode has occurred. This generally leads to an overestimation of risk.A third weakness is the ambiguity of the Risk Priority Number (RPN), a primary output of theanalysis. The RPN is calculated as the product of qualitative severity, occurrence, and detectionvalues. This approach attempts to quantify risk, through the RPN, without adequatelyquantifying the factors that contribute to the RPN.3.1 FMEA OverviewAn effective and efficient FMEA requires some preliminary planning on how to approach theanalysis. It also requires the establishment of various ground rules to guide the development andanalysis of the failure modes and their effects. Details on the preliminary planning and theground rules established for this FMEA are contained in the following sections.Page 4

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 183.1.1 System ModelAn understanding of the system to be analyzed is essential prior to the development of a FMEA.Typically, system block diagrams and many other system-modeling techniques are used tounderstand system hierarchies. A FMEA cannot succeed without first having a complete andaccurate system model.The system model used for this FMEA was developed by Powertech Labs and the HyStEPProject Team using a template prepared by Intertek Consulting. For the purposes of this FMEA,the system analyzed was split into 7 different systems: the H2 receiving system, sequencingsystem, tank system, defuel system, purge system, control system, and data report. A blockdiagram is shown in Figure 1 below that shows how each system is interconnected. A P&IDdrawing from the time the FMEA was conducted is shown in Figure 2 that identifies thecomponents in each system. In this drawing, the green circled areas denote the safety system.Figure 1: Block Diagram or Process MapPage 5

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 18Figure 2: P&ID Drawing Showing FMEA SystemsSome design features were complete with specified hardware or software, while other designfeatures were currently in conceptual or developmental stages. However, in the system modeldeveloped for this analysis, no distinction was made for each item’s maturity of design; eachitem was modeled based on its intended function.3.1.1.1 Boundary ConditionsAll the systems contained within the dotted line of the block diagram (Figure 1) are containedwithin the HyStEP device. Blocks that are shown outside of this boundary are external to thedevice and are only included to represent external inputs. The FMEA was conducted only on thesystems inside the dotted line, which represents the system boundary. There is one exception tothis, which is the “Vent to Atmosphere” which was included as part of the defuel system.3.1.2 FMEA TypeThere are several different models on which to base a FMEA. Each model is based on a differentrecognized standard. The most common FMEA types (standards) are:1. MIL-STD-1629A2. SAE ARP 55803. SAE J1739Page 6

Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 18This FMEA followed the Design FMEA (DFMEA) section of SAE J1739:2009. The DFMEAwas facilitated by Intertek Consulting and was undertaken by Powertech Labs and the HyStEPProject Team.3.2 Analysis DefinitionsThe following sections define the ground rules for the specific analysis steps used to develop thisFMEA.3.2.1 Function DefinitionComponent functions were defined in the development of the functional model for thedemonstration system and were used as defined. An important consideration is that failure todefine all of the functions is likely to result in an incomplete list of the failure modes. A list ofthe output functions and control factors for each system is shown below.Table 1: Functional AnalysisComponent /ProcessH2 Receiving SystemSequencing SystemOutput Function (yi):Control Factors (xi)12Connection to H2 dispenser nozzleUnidirectional Hydrogen Passage from Nozzle345671Temperature Measurement ( /- 1 C)Pressure Measurement (0.1% FS)Hydrogen particulate quality ( 5 µm)Hydrogen passage to Sequencing SystemContain HydrogenHydrogen passage from H2 Receiving System2Bi-direction gas flow to/from Tank System112311111123123Tank System3Gas passage to Defuel System4561Pressure Indication to control panelPrevent over pressurizationContain HydrogenGas passage to/from Sequencing System12111122Store gas (up to 70 MPa NWP, 87.5 MAWP)13Ability to test all SAE J2601 tank capacity ranges1Page 7Receptacle meets SAE J2600 (H70)Use of qualified components (ASME B31.12)H2 Receiving pressure Nozzle pressureCheck Valve in receptacleT-type thermocouplePressure Sensor (0-100 MPa range)Particulate filter with 5 µm elementUse of qualified components (ASME B31.12)Use of qualified components (ASME B31.12)Valve open from H2 Receiving SystemUse of qualified components (ASME B31.12)H2 Receiving pressure Sequencing pressureValve(s) open to/from Tank SystemUse of qualified components (ASME B31.12)Appropriate pressure differential betweensystemsValve open to Defuel SystemUse of qualified components (ASME B31.12)Pressure gauges for visual referencePRVUse of qualified components (ASME B31.12)Use of qualified components (ASME B31.12)Appropriate pressure differential betweensystemsTanks meet testing requirements (eg. NGV 2,SAE 2759)3 tanks, 3kg capacity each

45678Defuel SystemPurge System1Report: TR00742-03-R00Revision: 0HyStEP Design Failure Modes and Effects AnalysisPages: 18In-line Temperature Measurement ( /- 1 C)In-tank Temperature Measurement ( /- 1 C)Pressure Measurement (0.1% FS)Vent tanks in case of firePressure Indication to control panelUnidirectional Controlled gas exhaust toatmosphere11111T-type thermocouplesT-type thermocouples (dual element probes)Pressure Sensors (0-100 MPa range)TPRDPressure gauges for visual reference1Use of qualified components (ASME B31.12)2342Safe location for exhaust gas13451Contain HydrogenPressure IndicationPrevent over pressurizationConnection to purge gas supply tankUnidirectional purge gas passage to SequencingSystem1111Regulated gas pressureFlow rate controlled by operatorCheck Valve at ventVent stack located away from device anddispenserUse of qualified components (ASME B31.12)Pressure gauge for visual referencePRVFitting connection for nitrogen T-cylinder1Use of qualified components231212123Purge gas pressure Sequencing SystempressureCheck ValveFlow rate controlled by operatorFilterPressure gauges for visual referenceUse of qualified components (ASME B31.12)PRVTouch Screen HMI (Class 1, Div 2)Control Panel (manually operated valves)Pressure gauges for visual