Figure 23.4 Data collection sheet for Failure Mode and Effect Analysis (FMEA).

tion of any two failure modes in the matrix represents a double failure in the system. The criticality of that double failure is listed at the intersection. Critical and catastrophic failures are explored further to identify corrective actions or alternative designs. The diagonal along the grid is the intersection of a component failure with itself. This is the set of single mode failures. It can be used as a first cut analysis and later expanded to encompass the entire set of two component failures if desired. This method becomes quite cumbersome or prohibitively difficult with large or complex systems.

Event Tree Analysis is an exhaustive methodology that considers every possible combination of failed components. It is known as a tree because the pictorial illustration branches like a tree every time another component is included. The tree begins with a fully operational system that represents the trunk of the tree. The first component is added and the tree branches in two directions. One branch represents the normal operational state of the component and the other represents the failed state. The second component is considered next. A branch representing the operational and failed states is

