FMEDA vs. FMEA: What's the Difference?
FMEA (Failure Mode and Effects Analysis) is a qualitative tool. You identify failure modes, their effects, and their causes — but you don't necessarily quantify failure rates or diagnostic coverage.
FMEDA (Failure Mode Effects and Diagnostic Analysis) goes further. It adds:
- Failure rate data (from FIT databases like SN 29500, IEC 62380, or manufacturer-specific data)
- Diagnostic coverage (DC) of each safety mechanism for each failure mode
- Quantitative safety metrics: SPFM, LFM, and PMHF
Under ISO 26262, hardware evaluation at ASIL B, C, and D requires FMEDA — not just FMEA.
The Three Hardware Safety Metrics
1. Single Point Fault Metric (SPFM)
SPFM measures the fraction of single-point faults that are covered by safety mechanisms.
Target (ISO 26262 Part 5, Table 4):
- ASIL B: ≥ 90%
- ASIL C: ≥ 97%
- ASIL D: ≥ 99%
2. Latent Fault Metric (LFM)
LFM measures coverage of latent faults — faults that don't immediately violate a safety goal but could do so in combination with a second fault.
Target:
- ASIL B: ≥ 60%
- ASIL C: ≥ 80%
- ASIL D: ≥ 90%
3. Probabilistic Metric for Hardware Failures (PMHF)
PMHF is the total rate (in FIT) at which residual hardware failures could cause a safety goal violation, integrated over the vehicle lifetime.
Target:
- ASIL B: < 100 FIT
- ASIL C: < 10 FIT
- ASIL D: < 1 FIT
Worked Example: Hall Sensor in an EPS System
Let's say your EPS system uses a Hall-effect position sensor with a total failure rate of 50 FIT. The sensor has two relevant failure modes:
Failure Mode 1: Output stuck at zero
- Failure rate: 25 FIT
- Effect: Loss of position feedback → ASIL D single-point fault
- Safety mechanism: Cross-comparison with a second sensor channel
- DC: 99%
- Residual single-point FIT: 25 × 0.01 = 0.25 FIT
Failure Mode 2: Drift (gradual accuracy degradation)
- Failure rate: 15 FIT
- Effect: Position error builds slowly → latent fault
- Safety mechanism: Periodic plausibility check
- DC: 80%
- Residual latent FIT: 15 × 0.20 = 3 FIT
Failure Mode 3: Supply pin short to ground
- Failure rate: 10 FIT
- Effect: Immediately detectable — system transitions to safe state
- Classification: Safe fault
- Residual PMHF contribution: 0 FIT
This sensor's contribution to PMHF: 0.25 FIT — well within the ASIL D target of <1 FIT for this single element.
Diagnostic Coverage — Where Teams Get It Wrong
DC values are not arbitrary. ISO 26262 Part 5 Table B.1 provides guidance:
| Safety Mechanism | Typical DC Range |
|---|---|
| Dual-channel with comparison | 99% |
| CRC on serial data | 90–99% |
| Range check / plausibility | 60–90% |
| Watchdog (simple) | 60% |
| Watchdog (with time-window challenge) | 90% |
The key rule: DC must be justified, not assumed. Unjustified 99% claims on simple mechanisms are the most common FMEDA finding.
How ISO WIZ Handles FMEDA
ISO WIZ includes a structured FMEDA workflow where failure rates, diagnostic coverage, fault classifications, and metric calculations are all connected to the same data model as your HARA, safety goals, and safety case. When you update a DC value, PMHF recalculates automatically. When a metric falls below the ASIL target, the platform flags it immediately — not at document export time.
ISO 26262 · SOTIF · ISO 21434 · ASPICE — one platform
ISO WIZ harmonizes all four standards into a single workflow with shared traceability, cross-standard gap detection, and no spreadsheet maintenance.
Try ISO WIZ Free →