Code of Federal Regulations (Last Updated: November 8, 2024) |
Title 49 - Transportation |
Subtitle B - Other Regulations Relating to Transportation |
Chapter II - Federal Railroad Administration, Department of Transportation |
Part 238 - Passenger Equipment Safety Standards |
Appendix E to Part 238 - General Principles of Reliability-Based Maintenance Programs
-
Appendix E to Part 238 - General Principles of Reliability-Based Maintenance Programs
(a) Any maintenance program has the following four basic objectives:
(1) To ensure realization of the design level of safety and reliability of the equipment;
(2) To restore safety and reliability to their design levels when deterioration has occurred;
(3) To obtain the information necessary for design improvements of those items whose design reliability proves inadequate; and
(4) To accomplish these goals at a minimum total cost, including maintenance costs and the costs of residual failures.
(b) Reliability-based maintenance programs are based on the following general principles. A failure is an unsatisfactory condition. There are two types of failures: functional and potential. Functional failures are usually reported by operating crews. Conversely, maintenance crews usually discover potential failures. A potential failure is an identifiable physical condition, which indicates that a functional failure is imminent. The consequences of a functional failure determine the priority of a maintenance effort. These consequences fall into the following general categories:
(1) Safety consequences, involving possible loss of the equipment and its occupants;
(2) Operational consequences, which involve an indirect economic loss as well as the direct cost of repair;
(3) Non-operational consequences, which involve only the direct cost of repair; or
(4) Hidden failure consequences, which involve exposure to a possible multiple failure as a result of the undetected failure of a hidden function.
(c) In a reliability-based maintenance program, scheduled maintenance is required for any item whose loss of function or mode of failure could have safety consequences. If preventative tasks cannot reduce the risk of such failures to an acceptable level, the item requires redesign to alter its failure consequences. Scheduled maintenance is also required for any item whose functional failure will not be evident to the operating crew, and therefore reported for corrective action. In all other cases the consequences of failure are economic, and maintenance tasks directed at preventing such failures must be justified on economic grounds. All failure consequences, including economic consequences, are established by the design characteristics of the equipment and can be altered only by basic changes in the design. Safety consequences can, in nearly all cases, be reduced to economic consequences by the use of redundancy. Hidden functions can usually be made evident by instrumentation or other design features. The feasibility and cost effectiveness of scheduled maintenance depend on the inspectablility of the component, and the cost of corrective maintenance depends on its failure modes and design reliability.
(d) The design reliability of equipment or components will only be achieved with an effective maintenance program. This level of reliability is established by the design of each component and the manufacturing processes that produced it. Scheduled maintenance can ensure that design reliability of each component is achieved, but maintenance alone cannot yield a level of reliability beyond the design reliability.
(e) When a maintenance program is developed, it includes tasks that satisfy the criteria for both applicability and effectiveness. The applicability of a task is determined by the characteristics of the component or equipment to be maintained. The effectiveness is stated in terms of the consequences that the task is designed to prevent. The basics types of tasks that are performed by maintenance personnel are each applicable under a unique set of conditions. Tasks may be directed at preventing functional failures or preventing a failure event consisting of the sequential occurrence of two or more independent failures which may have consequences that would not be produced by any of the failures occurring separately. The task types include:
(1) Inspections of an item to find and correct any potential failures;
(2) Rework/remanufacture/overhaul of an item at or before some specified time or age limit;
(3) Discard of an item (or parts of it) at or before some specified life limit; and
(4) Failure finding inspections of a hidden-function item to find and correct functional failures that have already occurred but were not evident to the operating crew.
(b) Components or systems in a reliability-based maintenance program may be defined as simple or complex. A simple component or system is one that is subject to only one or a very few failure modes. This type of component or system frequently shows decreasing reliability with increasing operating age. An age/time limit may be used to reduce the overall failure rate of simple components or systems. Here, safe-life limits, fail-safe designs, or damage tolerance-based residual life calculations may be imposed on a single component or system to play a crucial role in controlling critical failures. Complex components or systems are ones whose functional failure may result from many different failure modes and show little or no decrease in overall reliability with increasing age unless there is a dominant failure mode. Therefore, age limits imposed on complex components or systems have little or no effect on their overall failure rates.
(g) When planning the maintenance of a component or system to protect the safety and operating capability of the equipment, a number of items must be considered in the reliability assessment process:
(1) The consequences of each type of functional failure;
(2) The visibility of a functional failure to the operating crew (evidence that a failure has occurred);
(3) The visibility of reduced resistance to failure (evidence that a failure is imminent);
(4) The age-reliability characteristics of each item;
(5) The economic tradeoff between the cost of scheduled maintenance and the benefits to be derived from it;
(6) A multiple failure, resulting from a sequence of independent failures, may have consequences that would not be caused by any one of the individual failures alone. These consequences are taken into account in the definition of the failure consequences for the first failure; and
(7) A default strategy governs decision making in the absence of full information or agreement. This strategy provides for conservative initial decisions, to be revised on the basis of information derived from operating experience.
(h) A successful reliability-based maintenance program must be dynamic. Any prior-to-service program is based on limited information. As such, the operating organization must be prepared to collect and respond to real data throughout the operating life of the equipment. Management of the ongoing maintenance program requires an organized information system for surveillance and analysis of the performance of each item under actual operating conditions. This information is needed to determine the refinements and modifications to be made in the initial maintenance program (including the adjustment of task intervals) and to determine the need for product improvement. The information derived from operating experience may be considered to have the following hierarchy of importance in the reliability-based maintenance program:
(1) Failures that could affect operating safety;
(2) Failures that have operational consequences;
(3) The failure modes of units removed as a result of failures;
(4) The general condition of unfailed parts in units that have failed; and
(5) The general condition of serviceable units inspected as samples.
(i) At the time an initial maintenance program is developed, information is usually available to determine the tasks necessary to protect safety and operating capability. However, the information required to determine optimum task intervals and the applicability of age or life limits can be obtained only from age or life exploration after the equipment enters service. With any new equipment there is always the possibility of unanticipated failure modes. The first occurrence of any serious unanticipated failure should immediately set into motion the following improvement cycle:
(1) An inspection task is developed to prevent recurrences while the item is being redesigned;
(2) The operating fleet is modified to incorporate the redesigned part; and
(3) After the modification has proved successful, the special inspection task is eliminated from the maintenance program.
(j) Component improvements based on identification of the actual reliability characteristics of each item through age or life exploration, is part of the normal development cycle of all complex equipment.