formula student electric

Formula Imperial2021 - FMEA

Car Number Exx

University Inventive Thinkers State University

This template contains two of examples of how to fill out the FMEA. Furthermore, it contains a number of failure modes which are
both starting points and examples for the failures to be covered in your team's FMEA. NOTE: Not every given failure may apply
to every team's system. The given failures may also be incomplete with respect to your specific system. Add failures to
the list, if appropriate for your system.

Change the two complete examples given, i.e. No.1 and 2, to suit your system. Add missing failure modes with respect to your
car's system. Be as complete as possible, adding any failures that affect the safety of your car, the driver, or other persons. Before
submitting your FMEA please make sure it is complete. This way you will avoid unnecessary delays and queries. Please have a
look at the document "How to pass ESF&FMEA" in the "Rules&Important Document, before filling out the FMEA form.

Edit the coloured cells to your specific data and reset the cell colour to white
Only add additional failures at the end of the list to keep the numbering scheme of the original template. This makes reviewing the
document much easier and thus faster. Do not delete any failures, if they do not apply to your system. Just write "Does not apply."
or similar with a short reason why.

Do not change the template's format!

Seite 1
FMEA definitions of column headers and Key for Severity, Occurance and Detection ratings

Rating Severity (Sev) Occurrence (Occ) Detection (Det)

1 No injuries may be Failure occurrence Certain detection of
caused, but general is very unlikely the failure
safety is affected by this
failure
2 Light injuries may be Relatively few High chance of
caused by this failure failure occurrence detecting this failure
3 Medium injuries may be Occasional failure Medium chance of
caused by this failure occurrence detecting this failure
4 Heavy injuries may be Frequent failure Low chance of
caused by this failure occurrence detecting this failure
5 Fatal injuries may be Persistent failure Failure cannot be
caused by this failure occurrence detected

Component/Item The system or component that is affected

Function What the system or component does
Failure Mode The method by which the component fails
Failure Cause The root cause of the failure
Failure Effect Local What happens locally to the component as a consequence of the failure
Failure Effect Global What happens to other systems or the rest of the vehicle as a consequence of the failure
Sev The severity rating - see table above
Severity Reasoning Your reasoning for the severity rating that is given
Occ The likelihood of the occurrence - see table above
Occurrence Reasoning Your reasoning for the occurance rating that is given
Failure Detection How will the failure be detected - what are the systems on the car that detect this
Det The rating for failure detection - see table
Detection Reasoning Your reasoning for the failure detection rating
Risk Calculated automatically from Sev, Occ and Det
Failure Handling - Vehicle Once a failure has been detected, what is the immediate reaction of the ECU / BMS and the driver to
Failure Handling - Team How do you determine what has failed and what type of action is taken to remedy this? What precau
ce of the failure

ect this

CU / BMS and the driver to mitigate the risk

remedy this? What precautions do you take whilst doing this?

Car No.:
FMEA No.: Component/Item
1 Tractive System Wiring
2 Tractive System Wiring
3 Tractive System Wiring
4 HVD / Tractive System
Connectors
5 Tractive System Fusing
6 Accumulator
7 Accumulator
8 Accumulator
9 Accumulator
10 Accumulator
11 Accumulator
12 Accumulator
13 Accumulator
14 Torque Encoder
15 Torque Encoder
16 Torque Encoder
17 Torque Encoder
18 Torque Encoder
19 Torque Encoder
20 Torque Encoder
21 Accumulator Insulation
Relay(s)
22 Accumulator Insulation
Relay(s)
formula student electric
Formula Imperial 2018 FMEA
Exx University: Inventive Thinkers State University Contact: Electra Watt, [email protected]
Function Failure Mode Failure Cause Failure Effect Sev Severity Reasoning Occ Occurrence Reasoning Failure Detection Det Detection Reasoning Risk Failure Handling - Vehicle Failure Handling - Team Comments
Local Global
Energy transfer Positive pole lost isolation to Wiring insulation Potentially dangerous Possible chassis reference 4 Burns by electric arc, bruises 2 All wire insulations chosen with Insulation resistance 1 IMD detects every isolation 8 Isolation Lost Alarm enabled. Appropriate procedure to be
GLVS degradation condition if operator voltage potential change and fractures caused by respect to the environment, monitoring system. failure to the chassis, since the IMD opens the AIRs through the executed once the car back in
touches the negative pole uncontrolled muscle additional thermal oder chassis is connected to control Shutdown Circuit the PIT to restore the isolation.
of the battery and the movement due to the electric mechanical protection attached system ground Fault to be identified and
chassis shock. Ventricular fibrillation where needed, all wires are rectified before enabling the
not likely with DC voltages securely attached and AIRs. Insulating gloves to be
up to 600V, therefore not professionaly built to lower the used
severity 5 risk of damages by vibrations
Energy transfer Negative pole lost isolation Wiring insulation Potentially dangerous Possible chassis reference 4 Burns by electric arc, bruises 2 All wire insulations chosen with Insulation resistance 1 IMD detects every isolation 8 Isolation Lost Alarm enabled. Appropriate procedure to be
to the GLVS degradation condition if operator voltage potential change and fractures caused by respect to the environment, monitoring system. failure to the chassis, since the IMD opens the AIRs through the executed once the car back in
touches the positive pole of uncontrolled muscle additional thermal oder chassis is connected to control Shutdown Circuit the PIT to restore the isolation.
the battery and the chassis movement due to the electric mechanical protection attached system ground Fault to be identified and
shock. Ventricular fibrillation where needed, all wires are rectified before enabling the
not likely with DC voltages securely attached and AIRs. Insulating gloves to be
up to 600V, therefore not professionaly built to lower the used
severity 5 risk of damages by vibrations
Energy transfer Open/live tractive system
connections when switching
on the tractive system
Energy transfer HVD / Tractive System
Connectors become lose
while driving and eventually
open up, exposing live
contacts
Protection of tractive system Overcurrent is higher than
wiring the maximum switch off
current of the used fuse
Energy Storage Cell temperature above data
sheet specification for
discharging
Energy Storage Cell temperature above data
sheet specification for
charging
Energy Storage Cell voltage above data
sheet specification
Energy Storage Cell voltage below data
sheet specification
Energy Storage Cell current above data
sheet specification for
discharging
Energy Storage Cell current above data
sheet specification for
charging
Energy Storage Cooling system (water, air,
oil) fails
Energy Storage Accumulator is crushed /
cells are mechanically
damaged
Signaling the pedal position Sensor 1 and Sensor 2
deliver different position
values
Signaling the pedal position Sensor 1 or Sensor 2 signal
(analog or digital) not
plausible
Signaling the pedal position Sensor 1 or Sensor 2
broken
Signaling the pedal position Signal connection (analog
or digital) to Sensor 1 or
Sensor 2 broken
Signaling the pedal position Pedal stuck at maximum
torque position
Signaling the pedal position Digital communication
between sensors and
receiving ECU is corrupted
(e.g. bits change due to
EMI)
Signaling the pedal position Signal connection (analog
or digital) between
implausibility check ECU
and inverter is broken
Disconnecting the Single Accumulator
accumulator Insulation Relay short-circuit
Disconnecting the Both Accumulator Insulation
accumulator Relay short-circuit
FMEA: Page 4+1
 formula student electric
23 Accumulator Insulation Disconnecting the Single Accumulator
Relay(s) accumulator Insulation Relay control
connection lost

24 Accumulator Insulation Disconnecting the Both Accumulator Insulation

Relay(s) accumulator Relay control connection
lost

25 Pre-Charge Relay Pre-Charging the Pre-Charge Relay short

intermediate circuit circuit
26 Pre-Charge Relay Pre-Charging the Pre-Charge Relay control
intermediate circuit connection lost
27 Pre-Charge Resistor Pre-Charging the Pre-Charge Resistor broken
intermediate circuit / open circuit
28 Discharge Relay Discharging the intermediate Discharge Relay short
circuit circuit
29 Discharge Relay Discharging the intermediate Discharge Relay control
circuit connection lost
30 Discharge Resistor Discharging the intermediate Discharge Resistor broken /
circuit open circuit
31 Motor Controller / Inverter Controlling the motor power Motor Controller output
stage short-circuit
32 Motor Controller / Inverter Controlling the motor power Motor Controller control
connection lost
33 Motor Controller / Inverter Controlling the motor power Motor Controller does not
react plausible to control
input

34 Motor Controller / Inverter Controlling the motor power Cooling system (water, air,
oil) fails
35 Motor Resolver Measures angular motor Motor position resolver
position failed
36 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device
Device the tractive system lost connection to reference
ground

37 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device

Device the tractive system lost connection to HV+

38 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device

Device the tractive system lost connection to HV-

39 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device

Device the tractive system lost power supply

40 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device

Device the tractive system has a general fault

41 Insulation Monitoring Monitoring the insulation of Connection between

Device the tractive system Insulation Monitoring Device
and powerstage to open the
shutdown circuit is broken

42 Insulation Monitoring Monitoring the insulation of Powerstage

Device the tractive system (relay/transistor) to open the
shutdown circuit is broken

43 Insulation Monitoring Monitoring the insulation of Insulation Monitoring Device

Device the tractive system not installed
44 Accumulator Monitoring the accumulator AMS Master has a general
Management System condition fault (CPU/Software
erroneous)

45 Accumulator Monitoring the accumulator AMS Slave has a general

Management System condition fault (CPU/Software
erroneous)

46 Accumulator Monitoring the accumulator Temperature Sensor is

Management System condition faulty
47 Accumulator Monitoring the accumulator Signal connection to
Management System condition temperature sensor is
broken

48 Accumulator Monitoring the accumulator Voltage sense input is

Management System condition broken
49 Accumulator Monitoring the accumulator Voltage sense wire is
Management System condition broken
50 Accumulator Monitoring the accumulator Overcurrent in the voltage
Management System condition sense wire
51 Accumulator Monitoring the accumulator Signal Connection between
Management System condition AMS Master and Slave is
broken

52 Accumulator Monitoring the accumulator Powerstage

Management System condition (relay/transistor) to open the
shutdown circuit is broken

53 Accumulator Monitoring the accumulator Connection between AMS

Management System condition and powerstage to open the
shutdown circuit is broken

54 Accumulator Monitoring the accumulator AMS lost power supply

Management System condition
55 Accumulator Monitoring the accumulator Cell balancing powerstage
Management System condition has a short circuit

FMEA: Page 5+1


56 Accumulator Monitoring the accumulator
Management System condition
57 Accumulator Monitoring the accumulator
Management System condition
58 Tractive System Active Displaying the status of the
Light tractive system
59 Tractive System Active Displaying the status of the
Light tractive system
60 Tractive System Active Displaying the status of the
Light tractive system
61 Tractive System Active Displaying the status of the
Light tractive system
62 Accumulator Indicator Shows, if more than 60VDC
exist behind the AIRs
63 Accumulator Indicator Shows, if more than 60VDC
exist behind the AIRs
64 Accumulator Indicator Shows, if more than 60VDC
exist behind the AIRs
65 Ready-To-Drive-Sound Indicating that the vehicle is
ready-to-drive
66 Ready-To-Drive-Sound Indicating that the vehicle is
ready-to-drive
67 Ready-To-Drive-Sound Indicating that the vehicle is
ready-to-drive
68 Ready-To-Drive-Sound Indicating that the vehicle is
ready-to-drive
69 Ready-To-Drive-Sound Indicating that the vehicle is
ready-to-drive
70 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
71 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
72 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
73 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
74 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
75 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
76 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
77 Brake System Plausibility Checking for implausibility
Device between brake pedal sensor
and power delivered to the
motor(s)
78 Brake-Over-Travel- Detecting an over-travelling
Switch brake pedal
79 Brake-Over-Travel- Detecting an over-travelling
Switch brake pedal
80 ShutDown Button Opening the shutdown
circuit, when pushed
81 ShutDown Button Opening the shutdown
circuit, when pushed
82 Cockpit-mounted Opening the shutdown
ShutDown Button circuit, when pushed
83 Cockpit-mounted Opening the shutdown
ShutDown Button circuit, when pushed
84 Tractive System Master Switches off the tractive
Switch system
85 Grounded Low-Voltage Switches off the GLVS
System Master Switch
86 Inertia Switch Opens the shut down circuit
in case of a crash
87 Inertia Switch Opens the shut down circuit
in case of a crash
formula student electric
Digital communication
between AMS master and
slave is corrupted (e.g. bits
change due to EMI)
AMS not installed
Light emitting device broken
Circuitry erroneos
Voltage sense connection to
HV+ or HV- broken
Tractive system active light
lost power supply
Signal connection to HV+ or
HV- lost
Lost power supply
Circuitry erroneos
Speaker/noise producing
device broken
Circuitry erroneos
Signal connection to ECU
indicating ready-to-drive-
mode broken
Ready-To-Drive-Sound
module not installed
Ready-To-Drive-Sound
module lost power supply
Brake Pedal Sensor broken
Signal connection (analog
or digital) to Brake Pedal
Sensor broken
Motor current sensor broken
Signal connection (analog
or digital) to motor current
sensor broken
Brake system plausibility
device lost power supply
Powerstage
(relay/transistor) to open the
shutdown circuit is broken
Connection to powerstage
to open the shutdown circuit
is broken
Brake system plausibility
device not installed
Electrical Connection to
shut-down circuit broken
Switch broken / does not
switch
Electrical Connection to
shut-down circuit broken
Button broken / does not
switch
Electrical Connection to
shut-down circuit broken
Button broken / does not
switch
Switch broken / does not
switch
Switch broken / does not
switch
Electrical Connection to
shut-down circuit broken
Switch broken / does not
switch
FMEA: Page 6+1

88 Inertia Switch Opens the shut down circuit
in case of a crash
89 Tractive System Carrying the current tractive
Measurement Points system voltage for easy
measurements
90 LV-DC/DC converter Converts TS voltage to
GLVS voltage
91 LV-DC/DC converter Converts TS voltage to
GLVS voltage
92 LV-DC/DC converter Converts TS voltage to
GLVS voltage
93 LV-DC/DC converter Converts TS voltage to
GLVS voltage
94 GLV System Supply Supplies the GLV with
energy
95 Vehicle Dynamics Additional influence on
Function / ECU requested motor torque
96 Vehicle Dynamics Additional influence on
Function requested motor torque
97 Vehicle Dynamics Additional influence on
Function requested motor torque
98 Vehicle Dynamics Additional influence on
Function requested motor torque
99 Vehicle Dynamics Additional influence on
Function requested motor torque
100 Vehicle Dynamics Additional influence on
Function requested motor torque
101 Vehicle Dynamics Additional influence on
Function requested motor torque
102 Vehicle Dynamics Additional influence on
Function requested motor torque
103 Regenerative Braking Controls regenerative
Function / ECU braking
104 Regenerative Braking Controls regenerative
Function / ECU braking
105 Regenerative Braking Controls regenerative
Function / ECU braking
106 Regenerative Braking Controls regenerative
Function / ECU braking
107 Charger Controls charging the
accumulator
108 Charger Controls charging the
accumulator
formula student electric
Inertia Switch not installed
Connection to HV+ or HV-
broken
DC/DC draws to much
current
DC/DC drains the HV-
battery
DC/DC overheats
GLVS short circuit
GLV System voltage
critically low
Vehicle Dynamics Function /
ECU has a general fault
Vehicle Dynamics Function /
ECU circuitry is erroneous
Vehicle Dynamics Function /
ECU signal connection to
steering wheel sensor is
broken
Steering wheel sensor is
faulty
Vehicle Dynamics Function /
ECU signal connection to
acceleration sensor is
broken
Acceleration sensor is faulty
Vehicle Dynamics Function /
ECU signal connection to
wheel speed sensor is
broken
Wheel speed sensor is
faulty
Regenerative Braking
Function / ECU has a
general fault
Associated sensors fail
Connection to associated
sensors fails
Rear wheel regenerative
braking is activated at high-
speed by mistake
Connector is live when not
connected
Accumulator fault which can
be detected by the AMS
FMEA: Page 7+1
Rev Date Name Changes
2 2/9/2015 C.Powers FMEA rows 62/63/64. 40VDC changed to 60VDC.
3 9/29/2016 D.Jones Updated for 2017 issue, replaced all instances of 2015 with 2017
4 12/20/2017 D.Jones Updated for 2018 issue, date changes only

EXAMPLES ARE STATED ABOVE

Reason
Rules definition of HV is now >60V DC
For new competition year.
For new competition year.