Appendix E to Part 238 - General Principles of Reliability-Based Maintenance Programs
49:4.1.1.1.32.11.137.1.89 : Appendix E
Appendix E to Part 238 - General Principles of Reliability-Based
Maintenance Programs
(a) Any maintenance program has the following four basic
objectives:
(1) To ensure realization of the design level of safety and
reliability of the equipment;
(2) To restore safety and reliability to their design levels
when deterioration has occurred;
(3) To obtain the information necessary for design improvements
of those items whose design reliability proves inadequate; and
(4) To accomplish these goals at a minimum total cost, including
maintenance costs and the costs of residual failures.
(b) Reliability-based maintenance programs are based on the
following general principles. A failure is an unsatisfactory
condition. There are two types of failures: functional and
potential. Functional failures are usually reported by operating
crews. Conversely, maintenance crews usually discover potential
failures. A potential failure is an identifiable physical
condition, which indicates that a functional failure is imminent.
The consequences of a functional failure determine the priority of
a maintenance effort. These consequences fall into the following
general categories:
(1) Safety consequences, involving possible loss of the
equipment and its occupants;
(2) Operational consequences, which involve an indirect economic
loss as well as the direct cost of repair;
(3) Non-operational consequences, which involve only the direct
cost of repair; or
(4) Hidden failure consequences, which involve exposure to a
possible multiple failure as a result of the undetected failure of
a hidden function.
(c) In a reliability-based maintenance program, scheduled
maintenance is required for any item whose loss of function or mode
of failure could have safety consequences. If preventative tasks
cannot reduce the risk of such failures to an acceptable level, the
item requires redesign to alter its failure consequences. Scheduled
maintenance is also required for any item whose functional failure
will not be evident to the operating crew, and therefore reported
for corrective action. In all other cases the consequences of
failure are economic, and maintenance tasks directed at preventing
such failures must be justified on economic grounds. All failure
consequences, including economic consequences, are established by
the design characteristics of the equipment and can be altered only
by basic changes in the design. Safety consequences can, in nearly
all cases, be reduced to economic consequences by the use of
redundancy. Hidden functions can usually be made evident by
instrumentation or other design features. The feasibility and cost
effectiveness of scheduled maintenance depend on the
inspectablility of the component, and the cost of corrective
maintenance depends on its failure modes and design
reliability.
(d) The design reliability of equipment or components will only
be achieved with an effective maintenance program. This level of
reliability is established by the design of each component and the
manufacturing processes that produced it. Scheduled maintenance can
ensure that design reliability of each component is achieved, but
maintenance alone cannot yield a level of reliability beyond the
design reliability.
(e) When a maintenance program is developed, it includes tasks
that satisfy the criteria for both applicability and effectiveness.
The applicability of a task is determined by the characteristics of
the component or equipment to be maintained. The effectiveness is
stated in terms of the consequences that the task is designed to
prevent. The basics types of tasks that are performed by
maintenance personnel are each applicable under a unique set of
conditions. Tasks may be directed at preventing functional failures
or preventing a failure event consisting of the sequential
occurrence of two or more independent failures which may have
consequences that would not be produced by any of the failures
occurring separately. The task types include:
(1) Inspections of an item to find and correct any potential
failures;
(2) Rework/remanufacture/overhaul of an item at or before some
specified time or age limit;
(3) Discard of an item (or parts of it) at or before some
specified life limit; and
(4) Failure finding inspections of a hidden-function item to
find and correct functional failures that have already occurred but
were not evident to the operating crew.
(b) Components or systems in a reliability-based maintenance
program may be defined as simple or complex. A simple component or
system is one that is subject to only one or a very few failure
modes. This type of component or system frequently shows decreasing
reliability with increasing operating age. An age/time limit may be
used to reduce the overall failure rate of simple components or
systems. Here, safe-life limits, fail-safe designs, or damage
tolerance-based residual life calculations may be imposed on a
single component or system to play a crucial role in controlling
critical failures. Complex components or systems are ones whose
functional failure may result from many different failure modes and
show little or no decrease in overall reliability with increasing
age unless there is a dominant failure mode. Therefore, age limits
imposed on complex components or systems have little or no effect
on their overall failure rates.
(g) When planning the maintenance of a component or system to
protect the safety and operating capability of the equipment, a
number of items must be considered in the reliability assessment
process:
(1) The consequences of each type of functional failure;
(2) The visibility of a functional failure to the operating crew
(evidence that a failure has occurred);
(3) The visibility of reduced resistance to failure (evidence
that a failure is imminent);
(4) The age-reliability characteristics of each item;
(5) The economic tradeoff between the cost of scheduled
maintenance and the benefits to be derived from it;
(6) A multiple failure, resulting from a sequence of independent
failures, may have consequences that would not be caused by any one
of the individual failures alone. These consequences are taken into
account in the definition of the failure consequences for the first
failure; and
(7) A default strategy governs decision making in the absence of
full information or agreement. This strategy provides for
conservative initial decisions, to be revised on the basis of
information derived from operating experience.
(h) A successful reliability-based maintenance program must be
dynamic. Any prior-to-service program is based on limited
information. As such, the operating organization must be prepared
to collect and respond to real data throughout the operating life
of the equipment. Management of the ongoing maintenance program
requires an organized information system for surveillance and
analysis of the performance of each item under actual operating
conditions. This information is needed to determine the refinements
and modifications to be made in the initial maintenance program
(including the adjustment of task intervals) and to determine the
need for product improvement. The information derived from
operating experience may be considered to have the following
hierarchy of importance in the reliability-based maintenance
program:
(1) Failures that could affect operating safety;
(2) Failures that have operational consequences;
(3) The failure modes of units removed as a result of
failures;
(4) The general condition of unfailed parts in units that have
failed; and
(5) The general condition of serviceable units inspected as
samples.
(i) At the time an initial maintenance program is developed,
information is usually available to determine the tasks necessary
to protect safety and operating capability. However, the
information required to determine optimum task intervals and the
applicability of age or life limits can be obtained only from age
or life exploration after the equipment enters service. With any
new equipment there is always the possibility of unanticipated
failure modes. The first occurrence of any serious unanticipated
failure should immediately set into motion the following
improvement cycle:
(1) An inspection task is developed to prevent recurrences while
the item is being redesigned;
(2) The operating fleet is modified to incorporate the
redesigned part; and
(3) After the modification has proved successful, the special
inspection task is eliminated from the maintenance program.
(j) Component improvements based on identification of the actual
reliability characteristics of each item through age or life
exploration, is part of the normal development cycle of all complex
equipment.