Component

Product Function What is the process step?

Potential Failure Mode

Potential Failure Effects

S E V How Severe is effect to Safety?

Potential Causes

O C C How frequent is cause likely to Occur?

Current Process Controls

D E T How probable is Detection of cause?

R P N Risk Priority # to rank order concerns

Actions Recommended What are the actions for reducing the Occurrence of the cause, or improving Detection? Should have actions on high RPN's or EASY FIXES

Resp.& Target Date Who's Responsible for the recommended action? What date?

Actions Taken

S E V

O C C

D E T

R P N

What is the impact on Safety? In what ways can the Component, Subsystem or System potentially fail and cause a safety risk?

List every conceivable failure and/or failure mechanism for each failure mode

What are the Existing Controls, Procedures or Specifacations that prevent either the cause or the failure mode

What were the actions implemented? Include completion month/year. (Then recalculate resulting RPN.)

LH2 Storage (Dewar)

Contain LH2 @~30psi

Leakage/Rupture

Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2

8

H2 Embrittlement

4 3 3 2 6

Specification: Supplier Specification: Supplier Specification: Supplier Design: Barrier Procedure: Restricted Access

4 4 4 6 10

160 120 120 120 600 Restricted vehicle access, ensure structure can withstand impact. 500 600 Seismic Evaluation and certification. 160 72 216

10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (collision) Mechanical damage (impact)

Mechanical damage (attack) Mechanical damage (structural) Operator Error Vacuum Jacket Failure Mechanical damage (impact)

5 6 4 3 6 Procedure: Operator Training Control: Vent to Stack Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training Specification: Supplier Design: Rupture Disk - Vent to Stack Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training Specification: Supplier Design: Rupture Disk - Vent to Stack Specification: Supplier Control: Shutdown

10 10 4 4 6

Isolate LH2 from Environment

Allow Excess Heat Conduction

Excess Vapour Pressure

6 6

Vent Excessive Vapour PRD Fails Pressure

Excess Pressure Buildup

7

H2 Embrittlement

4

3

84

7 7

Corrosion Mechanical damage (impact)

3 6

4 6

84 252

Vent Line Blockage

Excess Pressure Buildup

7 7

Debris H2 Embrittlement

7 4

10 3

490 84

Provide Vapour Pressure Signal to Controller

No signal

System Fault

7 7 3

Corrosion Debris Electrical Damage (shock)

3 7 6

4 10 7

84 490 126

3 3 3 Signal Bias High Signal Bias Low Excess Vapour Pressure 6 6 3 3 3 3 7 7 3 3 Printed:08/06/2011

Out of Range Power Failure Calibration Error Electrical Damage (shock) Calibration Error Electrical Damage (shock) Calibration Error Mechanical Wear H2 Embrittlement Corrosion Control Malfunction Incorrect Design Specifications Control Malfunction Mechanical Wear H2 Embrittlement

5 4 7 6 7 6 7 2 4 3 4 2 4 2 4

Specification: Supplier Procedure: Supplier Calibration Procedure: Supplier Calibration Design: Rupture Disk - Vent to Stack Procedure: Supplier Calibration Control: Shutdown Specification: Supplier Specification: Supplier Control: Vent to Stack Control: Shutdown Specification: Supplier

4 10 5 10 5 10 5 7 4 4 10 2 10 7 4

60 120 105 0 0 360 210 42 48 36 120 28 280 42 48 Page 1 of 10

Cryo Pump

Boost LH2 Pressure

Low Pressure

System Fault

High Pressure Provide Flow Control (On/Off, Variable) Insufficient Flow

Excess Liquid Pressure System Fault

Process FMEA Template

LH2 to Low Pressure -30C with Air @Varying Ambient Temperature System fault 3 Mechanical damage (collision) Mechanical Damage (attack) Incorrect Design Specifications Ambient temperature too low 2 5 2 10 Control: Shutdown 10 10 10 7 200 500 200 210 3 Freezing/ice reducing heat conduction 10 Control: Shutdown 7 210 Printed:08/06/2011 Process FMEA Template Page 2 of 10 .Contain LH2 @10000psi? High Flow Leakage/Rupture Low Process Gas Temp Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 3 3 3 1 8 Corrosion Control Malfunction Incorrect Design Specifications Control Malfunction H2 Embrittlement 3 4 2 4 4 3 3 6 Specification: Supplier 4 10 10 4 4 4 6 Control: System warning Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training 36 120 60 0 160 120 120 360 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Thermally Isolate LH2 from Environment Allow Excess Heat Conduction Excess Vapour Pressure 6 6 Incorrect Design Specifications Control Malfunction Vacuum Jacket Failure Mechanical Damage Mechanical Damage 2 4 3 6 6 Control: Vent to Stack Procedure: Restricted Access Procedure: Operator Training Control: Vent to Stack 10 10 2 10 2 200 400 36 360 84 Pressure Regulator Reduce LH2 Pressure from 10000psi to 7200psi Pressure Too High Excess Liquid Pressure 7 Pressure Too Low System Fault Thermally Isolate LH2 Allow Excess Heat from Environment Conduction Provide LH2 Flow Path Flow Blocked Insufficient Flow Capability Contain LH2 @10000psi Leakage/Rupture Excess Vapour Pressure Excess Liquid Pressure Decreased Pressure 7 3 3 3 6 7 7 3 3 8 Debris Debris Mechanical Wear Incorrect Design Specifications Debris Mechanical Damage Incorrect Design Specifications Debris H2 Embrittlement 6 6 8 2 6 6 6 6 4 3 3 6 Control: Vent to Stack Control: Shutdown Control: Shutdown Control: Shutdown Control: Vent to Stack Control: Vent to Stack Control: Shutdown 2 7 7 7 2 2 10 7 10 4 4 4 6 84 126 168 0 24 84 420 126 180 160 120 120 360 Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Vapourizor Flow Path: LH2-CH2 Flow Blocked Excess Liquid Pressure Excess Vapour Pressure 7 6 6 3 3 3 3 8 Mechanical damage (collision) Mechanical Damage (attack) Incorrect Design Specifications Debris Corrosion Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement 2 5 2 7 3 6 7 3 6 2 4 3 3 6 Control: Vent to Stack Control: Vent to Stack Specification: Supplier Control: Shutdown Specification: Supplier 10 10 10 2 4 10 7 4 10 10 4 4 4 6 200 500 200 98 72 360 147 36 180 60 160 120 120 360 Excessive Pressure Drop Insufficient Process Pressure Contain LH2 @72000psi? Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Heat Exchange.

7200psi Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour 10 Corrosion Stress Cycling/Fatigue Mechanical damage (impact) Procedure/Design: Restricted Access Procedure: Operator Training Flow Path: CH2 to Dispensor Flow Blocked Excess Vapour Pressure 6 6 6 3 3 3 3 9 Mechanical damage (collision) Mechanical Damage (attack) Incorrect Design Specifications Debris Corrosion Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement 2 5 2 7 3 6 7 3 6 2 4 3 Control: Vent to Stack Specification: Supplier Control: Shutdown Specification: Supplier 10 10 10 2 4 10 7 4 10 10 4 4 200 500 200 84 72 360 147 36 180 60 160 120 Excessive Pressure Drop Low Process Pressure Dispensor Contain CH2 @6000psi Leakage/Rupture Release into Occupied Area and Dissipation of H2 Release into Occupied Area and Combustion of Vapour Specification: Supplier Specification: Supplier 10 Corrosion Printed:08/06/2011 Process FMEA Template Page 3 of 10 .High Pressure Excess Vapour Pressure Output Stream Too Cold System Fault 6 1 1 6 6 8 Ambient temperature too high Incorrect Design Specifications Ambient Temperature too Low Ambient Temperature too Hot Incorrect Design Specifications H2 Embrittlement 10 Control: Vent to Stack 2 Control: Warning 10 10 Control: Vent to Stack 2 4 3 3 6 2 2 10 2 10 4 4 4 6 120 4 100 120 120 160 120 120 360 Output Stream Too Hot Excess Vapour Pressure Contain CH2 @7200psi Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training 10 Corrosion Stress Cycling/Fatigue Mechanical damage (impact) Temperature Too High Excess Vapour Pressure Regenerator Moderate CH2 Thermal Storage Temperature Variations 6 Mechanical damage (collision) Mechanical Damage (attack) Incorrect Design Specifications Incorrect Design Specifications 2 5 2 2 Control: Vent to Stack 10 10 10 2 200 500 200 24 Temperature Too Low System Fault Contain CH2 @7200psi Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour 6 6 6 1 1 1 1 8 Corrosion Mechanical Damage Debris Incorrect Design Specifications Corrosion Mechanical Damage Debris H2 Embrittlement 3 6 7 2 3 6 7 4 3 3 6 Specification: Supplier Specification: Supplier Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training 4 10 10 10 4 10 10 4 4 4 6 72 360 420 20 12 60 70 160 120 120 360 10 Corrosion Stress Cycling/Fatigue Mechanical damage (impact) Low Pressure Drop Flow Path Excessive Pressure Drop System fault 3 3 3 3 6 6 6 8 Mechanical damage (collision) Mechanical Damage (attack) Incorrect Design Specifications Debris Corrosion Mechanical Damage Incorrect Design Specifications Debris Corrosion Mechanical Damage H2 Embrittlement 2 5 2 7 3 6 2 7 3 6 4 3 3 6 Control: Shutdown Specification: Supplier 10 10 10 7 4 10 10 2 4 10 4 4 10 6 200 500 200 147 36 180 60 84 72 360 160 120 300 360 Flow Blocked Excess Vapour Pressure Control: Vent to Stack Specification: Supplier Specification: Supplier Specification: Supplier Buffer Storage Contain CH2 @-25C.

abort fueling Specification: Supplier 120 0 200 500 160 200 400 84 72 360 0 12 60 20 4 8 98 196 294 245 126 Excessive Pressure Drop Low Fueling Pressure Provide CH2 @6000psi Low Pressure @xxpsi High Pressure Low Fueling Pressure Control: Abort Fueling Control: Abort Fueling Control: Vent to Stack Control: Vent to Stack Control: Vent to Stack Control: Vent to Stack Control: Shutdown 4 10 10 2 2 7 7 7 7 7 Excess Pressure Buildup Monitor Fueling Status & Communicate with Controller No Signal System fault Temp Bias Low Excess Tank Pressure: Potential Rupture Decreased tank Pressure: Incomplete Fueling Excess Tank Pressure: Potential Rupture Decreased tank Pressure: Incomplete Fueling Potential Gas Leakage 3 3 3 10 Out of Range Power Failure Calibration Error Electrical Damage (shock) 5 4 7 6 7 6 7 6 7 6 7 6 4 4 3 3 6 2 7 3 6 7 3 6 2 2 6 4 3 6 4 Procedure: Supplier Calibration Control: Shutdown Procedure: Supplier Calibration Control: Shutdown Procedure: Supplier Calibration Control: Shutdown Procedure: Supplier Calibration Control: Shutdown Procedure: Supplier Calibration Control: Shutdown 10 10 5 7 5 7 5 7 5 7 5 7 10 4 4 4 6 10 2 4 10 7 4 10 10 2 10 4 4 6 10 150 120 105 420 350 42 35 420 350 42 35 420 400 160 120 120 360 200 98 84 420 147 36 180 60 24 360 80 60 180 200 Temp Bias High 10 Calibration Error 1 Electrical Damage (shock) 1 Calibration Error 10 Electrical Damage (shock) 10 Calibration Error 1 Electrical Damage (shock) 1 Calibration Error 10 Electrical Damage (shock) 10 Power Failure 8 H2 Embrittlement 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Incorrect Design Specifications Debris Corrosion Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications Incorrect Design Specifications Mechanical Damage H2 Embrittlement Corrosion Mechanical damage (impact) Control Malfunction Pressure Bias Low Pressure Bais High Provide User Emergency Shutdown LH2 Valve Contain LH2 @10000psi? No Shutdown Initiated Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Vent to Stack Control: Shutdown Specification: Supplier System Flow path Flow Blocked Excess Liquid Pressure Excess Pressure Buildup 7 7 7 3 3 3 3 6 6 5 5 5 5 Excessive Pressure Drop Low System Pressure Thermaly Isolate LH2 from Environment Isolate Flowpath (Open/Close) Allow Excess Heat Conduction Fails Open Excess Vapour Pressure Control: Vent to Stack Cannot Isolate System Components: Specification: Supplier Specification: Supplier Design: Restricted Access Printed:08/06/2011 Process FMEA Template Page 4 of 10 .Flow Path: Vehicle CH2 Flow Blocked Supply @6000psi Excess Vapour Pressure 6 6 6 1 1 1 1 1 1 7 7 7 7 3 Stress Cycling/Fatigue Mechanical damage (impact) Mechanical damage (collision) Mechanical Damage (attack) Operator Error Incorrect Design Specifications Control Malfunction Debris Corrosion Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications Incorrect Design Specifications Control Malfunction Incorrect Design Specifications Control Malfunction Fueling Rate Too High Inlet Gas Too Warm Electrical Damage (shock) 3 6 2 5 4 2 4 7 3 6 7 3 6 2 2 4 2 4 6 5 6 Specification: Supplier 4 10 10 4 10 10 2 4 10 Procedure: Operator Training Control: Vent to Stack Specification: Supplier Control: System Fault .

Vent to Stack Control: Shutdown Specification: Supplier Fails Closed Excess Liquid Pressure Excess Pressure Buildup 7 7 7 7 Corrosion Mechanical damage (impact) Control Malfunction Corrosion 3 6 4 3 4 6 10 3 84 252 280 63 Thermaly Isolate LH2 from Environment Check Valve Allow Excess Heat Conduction Excess Vapour Pressure 7 7 6 6 7 7 Mechanical damage (impact) Control Malfunction Incorrect Design Specifications Mechanical damage (impact) Debris Corrosion 6 4 2 6 10 2 6 2 3 252 280 24 0 98 63 Provide Single Direction Flow Blocked Flow Path Excess Liquid Pressure Excess Pressure Buildup 7 3 Excessive Pressure Drop Low System Pressure 7 3 3 3 3 10 10 10 10 8 Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement Corrosion Mechanical damage (impact) Incorrect Design Specifications H2 Embrittlement 6 7 3 6 2 4 3 6 2 4 3 3 6 2 10 7 4 10 10 4 4 6 10 4 4 4 6 10 420 147 36 180 60 160 120 360 200 160 120 120 360 0 Page 5 of 10 Fails to Check Backflow of Process Gases: Potential Rupture? Specification: Supplier Specification: Supplier Design: Restricted Access Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access Contain CH2 @7200psi Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour Release into Occupied Area and Dissipation of H2 Release into Occupied Area and Combustion of Vapour 10 Corrosion 9 Stress Cycling/Fatigue 10 Mechanical damage (impact) Incorrect Design Specifications Printed:08/06/2011 Process FMEA Template .Vent to Stack Design: Restricted Access Control: Vent to Stack Design: Restricted Access Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Fails Closed Excess Liquid Pressure 7 H2 Embrittlement 4 Control: Vent to Stack Specification: Supplier Specification: Supplier Design: Rupture Disk .Vent to Stack Control: Shutdown Specification: Supplier Excessive Pressure Drop Low System Pressure 7 3 3 3 3 5 5 5 5 7 Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement Corrosion Mechanical damage (impact) Control Malfunction H2 Embrittlement 6 7 3 6 2 4 3 6 4 4 10 7 4 10 10 4 4 6 10 4 420 147 36 180 60 80 60 180 200 112 Isolate Flowpath (Open/Close) Fails Open Cannot Isolate System Components: Specification: Supplier Specification: Supplier Design: Restricted Access Control: Vent to Stack Specification: Supplier Specification: Supplier Design: Restricted Access Specification: Supplier Design: Rupture Disk .Vent to Stack Design: Restricted Access Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access 4 112 Excess Pressure Buildup 7 Corrosion 3 3 63 CH2 Valve Contain CH2 @7200psi Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour Release into Occupied Area and Dissipation of H2 Release into Occupied Area and Combustion of Vapour Excess Liquid Pressure Excess Pressure Buildup 7 7 8 Mechanical damage (impact) Control Malfunction H2 Embrittlement 6 4 4 3 3 6 2 7 3 6 10 4 4 4 6 10 2 3 252 280 160 120 120 360 200 98 63 10 Corrosion 9 Stress Cycling/Fatigue 10 Mechanical damage (impact) Incorrect Design Specifications Debris Corrosion System Flow path Flow Blocked 7 7 Control: Vent to Stack Specification: Supplier Design: Rupture Disk .

Vent to Stack Control: Shutdown Specification: Supplier 10 6 120 0 Contain LH2 @1000psi Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 8 H2 Embrittlement 4 4 4 6 160 120 120 360 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Provide Flow Path A-B Flow Blocked Excess Liquid Pressure Excess Pressure Buildup 7 7 Operator Error Incorrect Design Specifications Debris Corrosion 4 2 7 3 4 10 2 3 160 200 98 63 Excessive Pressure Drop Low System Pressure 7 3 3 3 3 8 Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement 6 7 3 6 2 4 3 3 6 2 7 6 7 10 7 4 10 10 4 4 4 6 10 5 10 5 420 147 36 180 60 160 120 120 360 200 0 0 245 Pressure Sensor (LH2) Contain LH2 Under Pressure Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access Procedure: Supplier Calibration 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Incorrect Design Specifications Calibration Error Electrical Damage (shock) Calibration Error Output Pressure Signal High Pressure Bias Low Pressure Bias Excess Liquid Pressure 7 Procedure: Supplier Calibration Design: Rupture Disk .Thermaly Isolate LH2 from Environment Vacuum Jacket Thermally Isolate LH2 Lines (LH2) from Environment Allow Excess Heat Conduction Allow Excess Heat Conduction Excess Vapour Pressure 6 6 6 Incorrect Design Specifications Mechanical damage (impact) Vacuum Jacket Failure 2 Control: Vent to Stack Design: Restricted Access Control: Vent to Stack 2 6 2 24 0 36 Excess Vapour Pressure 3 6 6 Incorrect Design Specifications Mechanical damage (impact) 2 Procedure/Design: Restricted Access Procedure: Operator Training 4 3 3 6 Specification: Supplier Specification: Supplier Specification: Supplier Procedure/Design: Restricted Access Procedure: Operator Training Procedure: Operator Training Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Vent to Stack Control: Shutdown Control: Shutdown Control: Shutdown Control: Shutdown Procedure: Supplier Calibration No Signal System fault 7 3 3 3 3 Electrical Damage (shock) Electrical Damage (shock) Out of Range Power Failure Calibration Error 6 6 5 4 7 7 7 7 7 5 294 126 105 84 105 Page 6 of 10 Printed:08/06/2011 Process FMEA Template .Vent to Stack Control: Shutdown Control: Shutdown Control: Shutdown Procedure: Supplier Calibration Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access 7 Electrical Damage (shock) 6 10 420 No Signal System fault Pressure Contain CH2 Under Sensor (CH2) Pressure Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour Release into Occupied Area and Dissipation of H2 Release into Occupied Area and Combustion of Vapour 3 3 3 3 8 Electrical Damage (shock) Out of Range Power Failure Calibration Error H2 Embrittlement 6 5 4 7 4 3 3 6 2 7 6 7 7 7 7 5 4 4 4 6 10 5 10 5 126 105 84 105 160 120 120 360 200 35 60 245 10 Corrosion 9 Stress Cycling/Fatigue 10 Mechanical damage (impact) Incorrect Design Specifications Calibration Error Electrical Damage (shock) Calibration Error Output Pressure Signal High Pressure Bias 1 1 7 Procedure: Supplier Calibration Low Pressure Bias Excess Vapour Pressure Procedure: Supplier Calibration Design: Rupture Disk .Vent to Stack Procedure: Supplier Calibration Design: Rupture Disk .

Vent to Stack Control: Shutdown Control: Shutdown Specification: Supplier Control: Shutdown Control: Shutdown Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access System Fault: Shutdown Procedure: Supplier Calibration Design: Rupture Disk .Vent to Stack Control: Vent to Stack Procedure: Supplier Calibration Control: Shutdown Control: Shutdown Control: Shutdown Procedure: Supplier Calibration Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Flow Meter (LH2) Contain LH2 Under Pressure Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 8 H2 Embrittlement 4 3 3 6 2 7 6 6 7 6 5 4 7 7 3 Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access System Fault: Shutdown Procedure: Supplier Calibration Design: Rupture Disk .Vent to Stack Procedure: Supplier Calibration Control: Shutdown Control: Shutdown Control: Shutdown Procedure: Supplier Calibration Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Vent to Stack Printed:08/06/2011 Process FMEA Template Page 7 of 10 .Vent to Stack Control: Vent to Stack Control: Shutdown Specification: Supplier Control: Shutdown Control: Shutdown Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access 4 4 4 6 10 7 7 10 5 7 7 7 5 2 3 160 120 120 360 200 147 126 360 210 126 105 84 105 98 63 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Incorrect Design Specifications Calibration Error Electrical Damage (shock) Electrical Damage (shock) Calibration Error Electrical Damage (shock) Out of Range Power Failure Calibration Error Debris Corrosion Output FLow Signal High Flow Bias Decreased Process Flow 3 3 6 6 3 3 3 3 7 7 Low Flow Bias Excess System Pressure Flow No Signal System fault Flow Path: Low Restriction Flow Blocked Excess Liquid Pressure Excess Pressure Buildup Excessive Pressure Drop Low System Pressure 7 3 3 3 3 8 Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement 6 7 3 6 2 4 3 3 6 2 6 7 7 7 4 7 7 4 4 4 6 10 5 294 147 36 126 42 160 120 120 360 200 0 210 Flow Meter (CH2) Contain CH2 Under Pressure Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour 10 Corrosion Stress Cycling/Fatigue Mechanical damage (impact) Incorrect Design Specifications Electrical Damage (shock) Calibration Error Output FLow Signal High Flow Bias Decreased Process Flow Excess System Pressure Flow 3 6 Low Flow Bias No Signal Excess Liquid Pressure System fault Flow Path: Low Restriction Flow Blocked Excess Liquid Pressure Excess Pressure Buildup 7 7 3 3 3 3 7 7 Electrical Damage (shock) Calibration Error Electrical Damage (shock) Out of Range Power Failure Calibration Error Debris Corrosion 6 7 6 5 4 7 7 3 2 5 7 7 7 5 2 3 84 245 126 105 84 105 98 63 Excessive Pressure Drop Low System Pressure 7 3 3 3 3 8 Mechanical Damage Debris Corrosion Mechanical Damage Incorrect Design Specifications H2 Embrittlement 6 7 3 6 2 4 3 3 6 2 7 3 10 7 4 10 10 4 4 4 6 10 2 3 420 147 36 180 60 160 120 120 360 200 98 63 Fittings (High Contain LH2 under Pressure) Pressure Leakage/Rupture Release to Storage Area and Dissipation of H2 Release to Storage Area and Combustion of Vapour Release into Occupied Area and Dissipation of H2 Release into Occupied Area and Combustion of Vapour 10 Corrosion 9 Stress Cycling/Fatigue 10 Mechanical damage (impact) Incorrect Design Specifications Debris Corrosion Flow Path: Low Restriction Flow Blocked Excess Liquid Pressure Excess Pressure Buildup 7 7 Control: Vent to Stack Specification: Supplier Design: Rupture Disk .

Fittings (High Pressure) Excessive Pressure Drop Low System Pressure 7 3 3 3 3 9 Mechanical damage Debris Corrosion Mechanical damage Incorrect Design Specifications H2 Embrittlement 6 7 3 6 2 4 3 3 6 2 7 3 Control: Vent to Stack Control: Shutdown Specification: Supplier Control: Shutdown Control: Shutdown Specification: Supplier Specification: Supplier Specification: Supplier Design: Restricted Access Control: Vent to Stack Specification: Supplier Design: Rupture Disk .Vent to Stack Control: Vent to Stack Control: Shutdown Specification: Supplier Control: Shutdown Control: Shutdown Control: Shutdown 3 7 4 10 10 4 4 4 6 10 3 3 126 147 36 180 60 160 120 120 360 200 147 63 Fittings (Cryogenic) Contain LH2 under Pressure Leakage/Rupture Spill to Storage Area and Dissipation of H2 Spill to Storage Area and Combustion of Vapour Spill to Storage Area and Pooling of LH2 10 Corrosion 9 Stress Cycling/Fatigue Mechanical damage (impact) Incorrect Design Specifications Debris Corrosion Flow Path: Low Restriction Flow Blocked Excess Liquid Pressure Excess Pressure Buildup 7 7 Excessive Pressure Drop Low System Pressure 7 3 3 3 3 8 Mechanical damage Debris Corrosion Mechanical damage Incorrect Design Specifications Ignition Source 6 7 3 6 2 2 3 7 4 7 7 10 126 147 36 126 42 160 Vent Stack Combustion of Gas Provide Safe Vent Stream for Process Gas Combustion Within Vent Stack Blockage Rupture Of Process Lines/Components 8 Control Malfunction 10 Corrosion 10 Mechanical damage (impact) 10 Mechanical damage (attack) 10 Mechanical damage (structural) 4 3 6 5 6 Specification: Supplier Design: Restricted Access 10 4 6 10 10 320 120 360 500 600 Structural Modifications and assesment 360 108 324 450 540 Structural Modifications and assesment Restricted Insufficient Venting 9 9 9 9 9 Debris Corrosion Mechanical damage (impact) Mechanical damage (attack) Mechanical damage (structural) 4 3 6 5 6 Specification: Supplier Design: Restricted Access 10 4 6 10 10 Printed:08/06/2011 Process FMEA Template Page 8 of 10 .

(Then recalculate resulting RPN.& Target Date Who's Responsible for the recommended action? What date? Actions Taken What were the actions implemented? Include completion month/year.) S E V O C C D E T R P N #VALU E! 9 of10 . or Key Input go wrong? (chance of not meeting requirements) Potential Failure Effects What is the impact on the Key Output Variables (customer requirements) or internal requirements? S E V How Severe is effect to the customer? Potential Causes What causes the Key Input to go wrong? (How could the failure mode occur?) O C C How frequent is cause likely to Occur? Current Process Controls What are the existing controls that either prevent the failure mode from occurring or detect it should it occur? D E T How probable is Detection of cause? R P N Risk Priority # to rank order concerns Actions Recommended What are the actions for reducing the Occurrence of the cause.Process Step or Variable or Key Input What is the process step? Potential Failure Mode In what ways can the Process Step. Variable. or improving Detection? Should have actions on high RPN's or Severity of 9 or 10. Resp.

67 1. customer dissatisfied Considerable safety and/or environmental Impact due to failure of components.33 100% 99% 95 90 85 approx. High safety risk and/or severe environmental Impact violating existing codes/standards.000 5.000 20. down supporting documentation time or significant manufacturing or assembly complaint High safety risk and/or severe environmental Impact without Relatively high failure rate with violating existing codes/standards. customer is made uncomfortable Relatively moderate failure rate with supporting documentation Moderate likelihood that the potential failure will occur before producing a safety risk Controls are unlikely to detect or prevent the potential failure during operation 6 Considerable safety and/or environmental Impact due to Moderate failure rate without continued degredation of components.0 be prevented before producing a safety < 1. customer endangered on specifications or significant DV testing 10 Absolute certainty that the current controls will not detect the potential failure 50 Severe Safety impact without warning before failure or violation of safety codes/regulations. customer will Likelihood of occurrence is not notice any adverse effects remote Safety or environmental impact is slight.0 Controls may detect or prevent the potential failure from occuring during operation Occasional failures Safety and/or environmental impact affected due to continually poor system performance. productivity impacted by high scrap or rework levels.000 500 > 1.RATING FACTORS RATING DEGREE OF SEVERITY PROBABILITY OF OCCURRENCE FREQUENCY ( 1 in … ) Cpk ABILITY TO DETECT Detection Certainty Sure that the potential failure will be found or prevented before producing a safety risk Almost certain that the potential failure will be found or prevented before producing a safety risk Low likelihood that the potential failure will risk 1 2 3 4 5 Safety or environmental impact is insignificant.000. very high degree of customer dissatisfaction High failure rate without supporting documentation 100 80 7 50 Poor likelihood that the potential failure will be detected or prevented before producing a safety risk 70 8 20 Very poor likelihood that the potential failure will be detected or prevented before producing a safety risk Current controls probably will not even detect the potential failure 60 9 Severe Safety impact with warning before failure or violation Failure is almost certain based of safety codes/regulations. warranty repair. customer will probably experience slight annoyance Safety and/or environmental impact will be affected due to the slight degradation of performance of components. High degree of customer supporting documentation dissatisfaction. 1. customer endangered 10 Assured of failure based on specifications or significant DV testing 2 < 50 Page 10 .000 2. customer will experience annoyance Low failure rate with supporting documentation Low failure rate without supporting documentation 1.