Risk Analysis Techniques  91
















                   Figure 12.8 Integral Systems—System D/PFMEA to RACT Flow.
















                   Figure 12.9 Distributed Systems—System DFMEA to RACT Flow

                      In Fig. 12.8 integral Systems are modeled (see Section 3.3 for the description of
                   System types). For integral Systems, Hazards can come from product-design, or
                   manufacturing-process failures. Failure Modes whose End Effects at the System level
                   are Hazards are captured in the RACT as Hazards. Note that all System Hazards must
                   be found in the CHL.
                      The initial Cause and sequence of events in the RACT are captured from the
                   System FMEAs Causes, and Failure-Modes columns. Essentially, the Initial Cause and
                   Sequence of Events tell the story of how a Hazard can be realized.
                      In Fig. 12.9 distributed Systems are modeled, where the relationship between the
                   System DFMEA and the RACT is shown. The final assembly of distributed Systems
                   is done by the user. Therefore there is no System-PFMEA. Errors by the user in the
                   assembly of the System are captured in the UMFMEA (see Fig. 12.10). For distributed
                   Systems PFMEAs are carried out up to Level 2, which are the highest integral com-
                   ponents of the System (see Fig. 12.5 for a depiction leveling numbers).
                      A similar relationship exists between the UMFMEA and the RACT. Some of
                   the End Effects of use-failures lead into Hazards. The End Effects which are
                   Hazards, are captured in the RACT. Similarly, the initial Cause and sequence of
                   events are captured from the UMFMEA Causes and Failure-Mode columns.
                   The Initial Cause and Sequence of Events tell the story of how a Hazard can be