What the heck is a DP FMEA, What Are They Used For, and Why Do We Need Them?

A quick, tongue-in-cheek guide:

An FMEA is fancy speak for figuring out how things work, and how they can go wrong and come round and bite ya. It’s meant to be done by big brain folks, who have spent their time wrassling with the issues, both book learning and experience, and who have dug deep into the systems, and understand them and their operation real well. They are then supposed to write it up, real clear like, so everyone can understand and know what to do to protect themselves. The idea is to fix problems before they show up in operation. Knowing what can go wrong, what to look out for, how to avoid trouble, and how to solve it, is dead practical. It’s real useful if you build or rent or own or operate or approve something dangerous. It’s so useful that it’s required for all kinds of stuff, and has been done for a long time on all kinds of different things. It’s normally done for situations where there is a lot at stake, but ain’t a bad idea for life in general. It’s a real good idea and handy when done right, but hardly ever done proper.

Now, DP is just a vessel being where it is supposed to be in the water, despite wind, waves, or water current pushing at it, or something going wrong. Sometimes it’s supposed to stay in one place, sometimes it’s meant to follow something else, and sometimes it’s meant to follow a pattern or track. Doing this can be unimportant and safe, or real important and downright dangerous, depending on the work being done. A vessel that’s sitting around waiting, all by itself, can’t cause much harm, but one that leaves a man deep underwater or smashes into stuff is causing trouble, so DP vessels that can cause trouble are required to have FMEAs to make them safer. Ones that don’t, aren’t.

Ideally, these DP FMEAs should look at the vessels, the vessel systems, the work it’s gonna do, and the operators, but the DP industry doesn’t like being looked at too much, so it’s normally limited to the vessel systems. There is still a lot of good stuff that a limited FMEA can find and trouble it can avoid, but it’s now got some blind spots that are assumed to be taken care of by others. Different DP vessels have different concerns, depending on their tasks & risks, but the most common one is that no single thing going wrong should cause the vessel to not be where it belongs. This seems strange, as lots of things can go bad at the same time in real life, but it makes it easier to read and understand, so you can put the different random combinations together in your head. The single thing gone wrong could be an accidental operator mistake, a computer fault, loss of power, wiring crosstalk, or any other active fault, but needs to be detectable by the operator. Things like the hull cracking in half aren’t covered, but a burst pipe might be and a fuel tank sure is. Hidden failures need to be considered in combination with other faults by the FMEA. This is called a DP2 FMEA, and a DP3 FMEA includes that but also considers everything in an area not working, so it looks at systems being separated, so the vessel still works after loss of an area. It is possible to do DP1 (independent joystick) and DP0 FMEAs, but there ain’t much call for it, because everyone wrongly assumes that a higher number is better.

That’s it pretty much it, but you can see how it can go wrong, so let’s have a quick look:

• FMEAs done by people who don’t understand the systems, how they all interact, their operation, or the work being done, or FMEAs done by people who are inexperienced, rushed, or optimists, won’t do the job. No paperwork can guarantee this, but some groups sell cheap and easy certification which confuses things more.
• The big brains talk to each other and don’t keep things simple. After doing complex and thorough analysis, the next step is to clearly and effectively communicate the important findings. This isn’t normally done. An FMEA report can consist of hundreds of pages of raw, undigested analysis that are full of impressive ten dollar words and acronyms. They think that they are showing their work, and protecting themselves from other big brains, by doing so, but what they are really doing is failing to make the report useful. The report shouldn’t be the detailed analysis notes, but a clear and concise summary of the vital findings that people need to know. They need enough detail to be useful, but summarized clearly enough that it can be easily understood and used. Many people would rather get clear, poor analysis, than useless good analysis. 
• FMEAs are supposed to be part of an improvement process. They are supposed to be done early enough in design and again in construction to catch problems, so they can be solved, and not bug operators and endanger operations. In the same way, crew should be part of the process, and the document adapted to their needs and insights. A dead piece of paper is cheap, but an active improvement process is valuable. The big brains’ writing sure needs the feedback. In a more proactive era, some crews used to take over, and fix their vessels’ FMEAs.
• We’ve talked about what an FMEA is supposed to do, but that’s not usually why it is done. Instead of safety, it might be done as a sales document, or as a hurdle to get minimum classification. A vessel might not be meant to do dangerous work, and businesses are there to make money. So, if a vessel takes too high a DP class, because customers specify too high a DP class, then FMEAs are an obstacle to working. This results in all FMEAs getting cheapened, as many FMEAs are bare bones to meet minimum requirements (usually less), and the people who write them and approve them are often selected for looking the other way. This works well for people who don’t need to worry about risk, but people who need high safety then need to filter out bad FMEAs, risky vessels, crews used to working to lower standards, and providers used to doing poor FMEAs. This DP class inflation causes a mismatch between requirements and operating needs. This causes conflict, as some bad things are certified, class approved, and become normal. Everyone doesn’t need DP3 or DP2, and a properly run DP1 vessel could be safer and cheaper than an over-classed catastrophe. A real DP1 can be better than a fake DP3. On the other hand, safety focused people sometimes expect that their particular obscure operation requirements should be covered in all FMEAs, but also can’t force the overall industry to shape up and meet basic DP safety requirements, as most operators and clients didn’t want that level of safety to start with. There’s no free lunch either way. FMEAs are a problem area because of economic incentives. There are no technical solutions to human nature, as people can always outplay the system, but incentives can be aligned. In the meantime, operators and clients need to be careful.

So, FMEAs are a valuable tool and can make life a lot easier and safer, but the usual conflicting human requirements often reduces this usefulness. Knowing what a DP FMEA can do, what you need it to do, and the human obstacles to achieving that, can help you direct FMEAs, so they can help you achieve your goals. For operators, the FMEA is usually the only description of system interactions and faults, and well worth understanding, so we have to make them clearer. FMEAs are meant to be part of a closed loop continual improvement process, and getting the crews involved again would help solve some of the current problems.

I ended less tongue-in-cheek than I started, and that’s appropriate, as lives can be on the line.

P.S. This topic was suggested by reader. Are there any topics or questions that you would like to see covered?