IEC 60812 is the international standard for Failure Mode and Effects Analysis. The 2018 edition is industry-agnostic — it applies to hardware, software, processes, and human factors across any domain, from aerospace and medical devices to automotive and industrial machinery. Unlike the automotive-specific AIAG/VDA handbook or SAE J1739, it does not prescribe specific rating scales or an Action Priority table: teams define their own criteria to suit the context.
KF's four-column format (item, event, action, risk) covers the core structure of IEC 60812 with no extra configuration required for basic compliance.
IEC 60812 requires the FMEA to draw on historical failure data — past field problems, test results, and lessons from similar systems. The standard does not prescribe how this is done; it requires only that known failure history informs the analysis.
In KF, this is handled structurally by the type system. A type item accumulates failure modes, causes, and corrective actions from past projects. When a new FMEA is started, the item is created as an instance of the relevant type, inheriting all historical failure information automatically. When a project surfaces new failures, the inverted checklist shows which of them have not yet been generalized to the type — identifying the gaps that should be promoted so future analyses inherit them. No separate lessons-learned register is needed.
IEC 60812 requires the analysis to document, for each item: its function, potential failure modes, the local and end effects of each failure, the causes, the detection method, a risk evaluation, and recommended actions. KF maps these to its four-column format:
| IEC 60812 element | KF equivalent |
|---|---|
| Item under analysis | Item, with hierarchy and component tree giving system context |
| Function | Item description |
| Failure mode | Event title |
| Local effect / End effect / Cause | Stacked vertically in the event (failure mode, cause, and effect in a single structured view) |
| Detection method | Detection action linked to the event; description documents the method |
| S, O (probability), D (detectability) | Native fields on each event |
| Risk evaluation | Calculated automatically from S-O-D; risk class and matrix view |
| Recommended action / action taken | Action item linked to the event, with status (pending → done) and before/after S-O-D |
The standard allows grouping cause, failure mode, and effects in a compact format as long as the relationships are clear — KF's vertical stacking satisfies this requirement.
IEC 60812 is deliberately flexible on risk evaluation method. It allows:
The qualitative criticality matrix is structurally identical to KF's risk matrix: severity class on one axis, occurrence class on the other, H/M/L cells as output. KF's risk matrix view satisfies this requirement directly.
The semi-quantitative approach (S-O-D ratings, RPN, AP) is also fully supported — KF calculates all three automatically. The Action Priority table from AIAG/VDA (also in SAE J1739) provides a more refined prioritisation than a simple RPN and can be used for any domain, not only automotive.
Quantitative FMECA uses Cm = λ × β × α × t, where λ is the item failure rate, α is the fraction of the item's failures attributed to this mode, β is the conditional probability that the mode causes the postulated end effect, and t is the operating time. The product λ × α × t is the failure mode rate — exactly what KF's O field represents when set in FIT, ppm, or per-hour units. Three of the four factors are therefore already covered. The remaining factor, β, can either be assumed to be 1 (conservative: the failure mode always leads to the worst-case effect), absorbed into the O value, or noted in the event description. With β folded into O, the criticality ranking becomes proportional to S × O — what AIAG/VDA calls the SO number — which KF calculates automatically. The practical gap is that β has no dedicated field and Cm is not displayed as a named output; the S × O risk value provides equivalent prioritisation.
Because IEC 60812 does not mandate specific rating scales, teams define their own S, O, and D criteria. KF does not enforce a scale type; the configured scales should be documented in the item or in the system configuration.
Detection in IEC 60812 addresses two distinct things: the detectability rating (D) — how likely it is that the failure or its cause will be detected before reaching the end user — and the detection method — the specific mechanism (test, inspection, sensor, diagnostic algorithm) that catches it.
KF handles both:
Before/after D is preserved: when a detection control is added or improved as an action, the action carries the updated D value alongside the updated S and O, so the improvement in detectability is visible in the record.
| IEC 60812 element | KF support | Status |
|---|---|---|
| Item under analysis with system context | Item with component hierarchy | ✅ |
| Failure modes | Event title | ✅ |
| Causes and effects | Vertical grouping in event | ✅ |
| Detection method | Detection action linked to event | ✅ |
| Severity, Occurrence, Detection fields | Native on each event | ✅ |
| Qualitative risk class (S × O matrix) | Risk matrix view | ✅ |
| FMECA — qualitative criticality matrix | Same as risk matrix; severity class × occurrence class | ✅ |
| Semi-quantitative risk (RPN, AP) | Native, automatic | ✅ |
| Before/after S-O-D | Original values preserved; actions carry updated values | ✅ |
| Recommended actions with status and traceability | First-class action items | ✅ |
| Historical failure data / lessons learned | Type hierarchy with inherited failure modes | ✅ |
| FMECA — quantitative criticality (Cm = λ × β × α × t) | O expressed in FIT/ppm covers λ × α × t; β folded into O or assumed 1; S × O gives equivalent ranking | ⚠ |