MSR Form explanation to the column: „System Response“

Contents:

  1. General
  2. Using the MSR Form on an existing FMEA with structure and nets
  3. MSR Form: entering data directly

1. General

The AIAG/VDA Form (MSR) – or simply MSR Form – is drafted in the new alignment of 2019. It is divided into the two sections “Risk Analysis (step 5)”  i.e. representation of the actual status of the FMEA and “Optimization (step 6)” i.e. representation of the planned FMEA status. The AIAG/VDA 2019 manual uses the example of a Window Lift System to demonstrate FMEA-MSR and APIS has used the same example to explain certain aspects here when using the IQ-Software. Furthermore, an .fme file has been programmed. For the sake of clarity, only the structure from the manual with a hybrid net is used. This file can be downloaded here.

2. Using the MSR Form on an existing FMEA with structure and nets

You are currently in the “System Response” cell of the MSR Form and thus in the “Optimization (step 6)” phase of the FMEA according to the AIAG/VDA manual. In order to complete step 6 of the FMEA-MSR, step 5 must already have been performed. The following image, the Window Lift System example, is ready to be optimized. The images are from the Structure Editor, Failure Net Editor and the AIAG/VDA Form (MSR). To understand more about how data flows from the Structure Editor or Failure Net into the MSR Form, right-click on the icon info icon - link to website in the cells “Current Diagnostic Monitoring” and “Current System Response” within the IQ-Software, or click here

System Response: image 1

System Response: image 2

Extending the structure of the AIAG/VDA Window Lift System example into step 6 (optimization) gives the following images in both the Structure Editor and Failure Net Editor. The new additions are highlighted in turquoise:

System Response: image 3

System Response: image 4

Switching to the MSR Form, you will see that the new safety mechanisms and their failure effects were arranged in step 5 (Risk Analysis) as an extension to the existing safety mechanism path instead of being added to step 6 (Optimization). The expected position of error detection and error response in step 6 remains empty.

System Response: image 5

The same applies if the actions in Customer operation are derived from the two new safety mechanisms. The two cells, “Diagnostic Monitoring Action” and “System Response”, in Optimization remain unfilled. The only changes are to the Structure Editor list and the icons that appear above the two cells in step 6. See the following images:

System Response: image 6

It is only possible to fill the two cells “Diagnostic Monitoring Action“ und “System Response”, by entering the data directly into the cells in the MSR Form.

In some cases, you may see the following icon also appear in the cell:special_situation. This indicates a special situation, which is not obvious when simply viewing the MSR Form, whereby the IQ-Software has recognised a certain data constellation in the document. Right-click on the iconspecial_situationto learn more about the case.

3. Direct entry of data into the MSR Form 

The following image gives a general overview of how data flows from the MSR Form, when data is entered into the cell “System Response“, to e.g. the Structure Editor of an existing FMEA.

System Response: image 7

A preventive action must be entered into the cell “System Response“, from which an error response can be derived that can be linked in a failure net. In this example, the preventive action is “Comfort closing mode disabled”. In order for actions to have different attributes (e.g. responsibles, deadlines etc.), action states (initial/revision) are created, to which the actions are anchored and their attributes are listed. For the MSR Form, it is essential that the preventive action is anchored in an action state with an action group “Customer operation”. This is because an error response of the same name can then be generated using the context menu-command “Derive actions for customer operation” in the MSR Form. This error response is ultimately necessary for the failure net, together with the error detection and failure effect, in order to document the secured path of the failure cause “Signal of Hall effect sensor to ECU is not transmitted”. The IQ-Software automatically creates an action state with the action group “Customer operation” for the failure cause, as soon as an entry is made into the cell “System Response.

When you create a new safety mechanism in the MSR Form (here: “Comfort closing mode disabled”), the IQ-Software must anchor this new element. This is because it gets linked to other IQ-objects, which are automatically created if required. More can be read about this here when clicking on the info icon - link to website icon in the cell “Current Diagnostic Monitoring” and “Current System Response” or click here.

In the Window Lift System example, and for the safety mechanism “Comfort closing mode disabled“, the structure element (SE) “System-generated anchor: Error response” must be created. In this SE, a function “SR: Comfort closing mode disabled” as well as an error response with the same name is stored. The “SR indicates that this IQ-object is assigned in the MSR Form cell “System Response”. The SE is generated because the IQ-Software does not know where the error response should be anchored. The IQ-Software does not know that in this case an SE for the error response already exists. However, it knows that the newly generated error response must secure the failure “Signal of Hall effect sensor to ECU is not transmitted“. As such, the error response is automatically linked to the failure cause in the failure net. The following image shows the relationships of the objects. The MSR Form part of the image is limited to just the cell “System Response”. The icon above the cell indicates that an error response has already been derived from the preventive action entered here.

System Response: image 8

The structure created (and failure net) can be used when further expanding your FMEA using the IQ-Software. Multiple editors are available to you to view and edit your data in various ways.  You can also work directly with the MSR Form. Note here that by entering data here in other columns, further automatic creations of elements may occur.

The following images depict an FMEA-MSR, whereby a detection action has been applied to the cell “Diagnostic Monitoring Action” (and an error detection derived from it) and then, in the optimization phase, a preventive action has been applied to the cell “System Response“.

System Response: image 9

System Response: image 10

As you can see from the Structure Editor list, the failure “Function “Comfort closing” lost; window only moves in manual mode” is not yet linked in a failure net. The AIAG/VDA Window Lift System FMEA identifies this failure as an effect for the secured failure path of the failure “Signal of Hall effect sensor to ECU is not transmitted”. In the MSR Form, this failure effect must be anchored to the cell “Most Severe Failure Effect after System Response”. This can be done in two ways:

a) Integrating the failure effect directly into the MSR Form

By entering the failure effect “Comfort closing” lost; window only moves in manual mode” directly into the cell “Most Severe Failure Effect after System Response”, the MSR Form, Structure Editor and Failure Net look as follows:

System Response: image 11

System Response: image 12

System Response: image 13

Directly entering the effect into the MSR Form means that this failure is automatically linked in the failure net in the right place. However, the IQ-Software will then create an anchoring function “Function for effects” and locate this function in the SE “Window Lift System”. The software also assigns this effect with the highest S rating possible, as it is not yet known which S rating will be assigned to this failure. As such, some clean up of the FMEA document is needed when taking the approach of a).

b) Integrating the failure effect directly into the failure net

Entering the failure effect “Function ‘Comfort closing’ lost; window only moves in manual mode” correctly into the failure net, as well as moving the system-generated safety mechanisms (initially created in the MSR Form) to their corresponding system elements (SE): “Error Detections” and “Error Responses”, the Window Lift System example looks as follows in the MSR Form, Structure Editor and Failure Net Editor:

System Response: image 14

System Response: image 15

System Response: image 16

If you compare the above failure net with that from section 2 of this article, both nets show the same FMEA but are not completely identical. This is because section 2 shows a structure created without using the MSR Form. The two safety mechanisms “Plausibility check between motor current and Hall effect sensor” and “Comfort closing mode disabled” in section 2 were entered using the Failure Net Editor. In section 3, the safety mechanisms were generated in the MSR Form, Optimization (step 6), by deriving actions and then they were integrated into the failure net. If a safety mechanism is generated using the MSR Form, you can recognise this by the naming of the IQ-object, whereby a “DM” or “SR” precede the elements name.