AIAG & VDA FMEA

This section is the library reference for the Derisker AIAG & VDA FMEA SysML v2 library, based on the AIAG & VDA FMEA Handbook (1st Edition 2019, 2nd Printing 2022). The library currently supports Design FMEA (DFMEA). Process FMEA (PFMEA) and FMEA-MSR support is planned.

The AIAG & VDA FMEA Handbook harmonises the previously separate AIAG (USA) and VDA (Germany) approaches into a single, globally accepted automotive risk analysis methodology. It introduces a structured 7-step process (System Analysis → Failure Analysis & Risk Mitigation → Risk Communication) and replaces the Risk Priority Number (RPN) with Action Priority (AP), a three-level system (H, M, L) derived from Severity, Occurrence, and Detection ratings.

For step-by-step modelling guidance, see AIAG & VDA FMEA: Design FMEA. For a complete worked example, see Electric Vehicle DFMEA.

Quick Reference

Library Types

Type	Package	Purpose
`FMEA_Design`	`DFMEA`	Analysis def for a DFMEA (7-step process); use as `analysis myDFMEA : FMEA_Design`
`DFMEA_Header`	`DFMEA`	Header metadata (company, dates, team, FMEA ID, etc.)
`FailureMode`	`DFMEA`	Occurrence def for a failure mode at any hierarchy level; includes `FEs`, `S`, `FCs`, `O`, `D`, `AP`, prevention controls (control methods that reduce occurrence), detection controls, and Step 6 fields
`Causation_FM_FC`	`DFMEA`	Connection linking a lower-level cause FM to an enclosing effect FM
`#failureMode`	`DFMEA`	Metadata keyword — declares a `FailureMode` inside a function; auto-collects into `FMs`
`#failureCause`	`DFMEA`	Metadata keyword — declares a `Causation_FM_FC` inside a failure mode
`Pdiagram`	`DFMEA`	Metadata def for P-diagram annotation on functions (control factors, noise factors)
`Function_AIAG_VDA_FMEA`	`DFMEA`	Abstract action def that provides the `FMs` collection; every function used in a DFMEA must specialize this

Rating Enumerations

Type	Package	Purpose
`SR`	`DFMEA`	Severity rating enum (`S1_VeryLow` – `S10_VeryHigh`, `Sx_Inherited`)
`OR`	`DFMEA`	Occurrence rating enum (`O1_ExtremelLow` – `O10_ExtremelyHigh`, `Ox_Inherited`)
`DR`	`DFMEA`	Detection rating enum (`D1_VeryHigh` – `D10_VeryLow`, `Dx_Inherited`)
`APR`	`DFMEA`	Action Priority enum (`H`, `M`, `L`, `TBD`)
`FMType`	`DFMEA`	Failure mode type enum (see below)
`Status`	`DFMEA`	Optimization status enum (`open`, `decisionPending`, `implementationPending`, `completed`, `notImplemented`)
`Confidentiality`	`DFMEA`	Confidentiality level enum for the DFMEA header

Calculation Functions

Calc Def	Purpose
`CalcAP`	Computes Action Priority (AP) from S, O, D; called automatically
`InheritSeverityRating`	Returns `Sx_Inherited` — severity inherited from `FEs.S.value`
`InheritOccurrenceRating`	Returns worst-case O from all failure causes; used on non-leaf FMs
`InheritDetectionRating`	Returns worst-case D from all failure causes; used on non-leaf FMs
`InheritOccurrenceRatingOfFC`	Returns inherited O for a `Causation_FM_FC` connection; applied automatically
`InheritDetectionRatingOfFC`	Returns inherited D for a `Causation_FM_FC` connection; applied automatically

File Layout

models/aiag_vda_fmea/
├── lib/
│   └── Derisker_AIAG_VDA_FMEA.sysml          # Core library (ratings, FM defs, AP calc)
├── examples/
│   └── dfmea/
│       └── Example_DFMEA_ElectricVeh.sysml    # Electric Vehicle DFMEA example
└── README.md

Severity Ratings (S)

Enum	Level	Effect on End User
`S10_VeryHigh`	Very High	Affects safe operation of vehicle; potential injury
`S9_VeryHigh`	Very High	Noncompliance with regulation / legislation
`S8_High`	High	Loss of primary function during service life
`S7_High`	High	Degradation of primary function during service life
`S6_Moderate`	Moderate	Loss of secondary function during service life
`S5_Moderate`	Moderate	Degradation of secondary function during service life
`S4_Moderate`	Moderate	Very objectionable NVH (Noise, Vibration, Harshness)
`S3_Low`	Low	Moderately objectionable NVH
`S2_Low`	Low	Slightly objectionable NVH
`S1_VeryLow`	Very Low	No discernible effect on vehicle operation
`Sx_Inherited`	—	Marker for inherited severity; do not set manually — use `InheritSeverityRating`

Occurrence Ratings (O)

Enum	Level	Typical Failure Rate
`O10_ExtremelyHigh`	Extremely High	≥ 1 in 10
`O9_VeryHigh`	Very High	1 in 20
`O8_VeryHigh`	Very High	1 in 50
`O7_High`	High	1 in 100
`O6_High`	High	1 in 500
`O5_Moderate`	Moderate	1 in 2,000
`O4_Moderate`	Moderate	1 in 10,000
`O3_Low`	Low	1 in 100,000
`O2_Low`	Low	≤ 1 in 1,000,000
`O1_ExtremelyLow`	Extremely Low	Eliminated by design
`Ox_Inherited`	—	Marker for inherited occurrence; do not set manually — use `InheritOccurrenceRating`

Detection Ratings (D)

Enum	Level	Detection Control Maturity
`D10_VeryLow`	Very Low	No detection method defined
`D9_VeryLow`	Very Low	Detection method not designed for this failure mode
`D8_Low`	Low	New, unproven detection method
`D7_Low`	Low	New method; pass/fail only, no design-improvement time
`D6_Moderate`	Moderate	Proven method; later in development cycle
`D5_Moderate`	Moderate	Proven method; degradation testing
`D4_High`	High	Proven method; sufficient time for design improvement
`D3_High`	High	Proven method; test-to-failure
`D2_High`	High	Proven method; degradation testing; early in development
`D1_VeryHigh`	Very High	Failure mode cannot physically occur as designed
`Dx_Inherited`	—	Marker for inherited detection; do not set manually — use `InheritDetectionRating`

Action Priority (AP)

AP is computed automatically from S, O, D via CalcAP. Do not set it manually. AP has only three values — there is no “N/A” (per AIAG & VDA errata, June 2020).

AP	Meaning	Action Required
`H`	High priority	Actions required — failure must be addressed before release
`M`	Medium priority	Actions recommended — engineering team should evaluate
`L`	Low priority	Actions optional — may be addressed at team discretion
`TBD`	Ratings incomplete	Complete S, O, and D ratings; AP will be calculated automatically

AP weighting: Severity dominates (a high S drives AP up regardless of O and D), then Occurrence, then Detection. This prevents low-severity items from consuming resources.

Failure Mode Type (FMType)

Enum Value	Meaning
`FMType::lossOfFunction`	Complete failure — function stops entirely
`FMType::degradationOfFunction`	Reduced performance over time
`FMType::intermittentFunction`	On/off behaviour — function works sometimes
`FMType::partialFunction`	Partial performance loss
`FMType::unintendedFunction`	Function activates when it should not
`FMType::exceeedingFunction`	Function operates above intended threshold
`FMType::delayedFunction`	Function activates after an unintended delay

S, O, D Assignment Rules

Rating inheritance is handled by library calculation functions. The rules depend on the FM’s role in the failure chain, not on a fixed level number.

FM Role	Severity (S)	Occurrence (O)	Detection (D)
Top-level (`FEs = ()`, no effects above)	Set manually, e.g. `SR::S8_High`	`InheritOccurrenceRating(FCs.O.value)`	`InheritDetectionRating(FCs.D.value)`
Intermediate (has effects above and causes below)	`InheritSeverityRating(FEs.S.value)`	`InheritOccurrenceRating(FCs.O.value)`	`InheritDetectionRating(FCs.D.value)`
Leaf (has effects above, no causes below)	`InheritSeverityRating(FEs.S.value)`	Actual rating, e.g. `OR::O4_Moderate`	Actual rating, e.g. `DR::D4_High`

Special cases:

No higher-level effect — if an FM has FEs = () and its end-user impact is negligible (e.g. S1), severity can be assigned directly at any level.
Terminal intermediate FM — an FM at any intermediate level that deliberately has no causes decomposed below it acts as a leaf; assign direct O and D ratings.
Failure cause O/D — InheritOccurrenceRatingOfFC() and InheritDetectionRatingOfFC() are applied to Causation_FM_FC connections automatically; do not set them in the model.

How the Failure Chain Works

LVL0 System FM  ──(caused by)──>  LVL1 Subsystem FM  ──(caused by)──>  LVL2 Component FM
   S set here                        S inherited (calc)                    S inherited (calc)
   O,D inherited (calc)              O,D inherited (calc)                  O,D set here

Severity propagates downward — set once at LVL0, inherited by all lower FMs via InheritSeverityRating(FEs.S.value).
O and D aggregate upward — actual values at the lowest level, worst-case propagated up via InheritOccurrenceRating() / InheritDetectionRating().
Every node is a FailureMode — whether it acts as “effect”, “mode”, or “cause” depends on perspective.
Multiple causes can feed one FM (OR logic — any cause can trigger the effect).
FEs (failureEffects) — each FM’s ref occurrence :>> FEs records the higher-level FM(s) it feeds into. LVL0 FMs use FEs = () (no higher level). Shared FMs use tuple syntax: FEs = (effectA, effectB).
FE path convention — paths always navigate from the top-level system design package qualifier (e.g. LVL0::EV::), then dot-access: LVL0::EV::function.fm for LVL1 FMs, LVL0::EV::subsystemPart.function.fm for LVL2 FMs.
Optimization updates — when a Step 6 action improves O or D at the leaf level, update the actual rating directly on the leaf FM; inheritance calculations propagate the change upward automatically.