Introduction

As a design engineer - when you first put pen-on-paper, you need to consider - "what happens if [failure mode] occurs?".  As soon as you draw the circuit.  You might not be able to know if it is acceptable - but you should be able to know if it is unacceptable.  And the sooner you know 

Procedure

1. Identify list of failure effects and make determinations about the acceptablity of their occurrences.

2. Identify list of failure modes and make assumptions about the probability of their occurrences.

3. Identify risk acceptance thresholds.

4. Analyze each design element per likely failure modes, evaluating if the effect that occurs is acceptable.

History

Failure Mode Effect and Criticality Analysis was a procedure developed by the US military during the 1940s.

The procedure was readily applied by engineers designing electronics for three reasons.

1. The failure modes of electronic components in the 1940s were well known.

2. The effects of those failure modes were easy to identify.

3. It was nearly impossible to look at an electronic assembly and know if the design allowed a single-point of failure to cause a catastrophic outcome.

Imagine, you are the engineer designing the electronics that will trigger the launch of a nuclear missile.  Imagine your electronic circuit is designed where *if* one resistor fails open (i.e. very high resistance) ... the missile launch is accidentally triggered.  In other words, your electronic circuit has the risk that a single-point of failure will launch a nuclear weapon.  But it's electronics.  You can't look at the collection of vacuum tubes, wires, resistors, capacitors, switches, and buttons - and know "a single-point of failure in my design could cause world war III".  Of course, you are a good engineer, so you realize that your design has this unacceptable risk and change the design so that "no single-point of failure results in ... the self-destruction of life as you know it".

The US military created the procedure to mitigate the risk that an engineer might accidentally release designs that are unacceptable because of "what happens when it fails".

When i was first learning electronics, i thought double-pole double-throw (DPDT) switches were a funny component.  It wasn't until I was designing a switch-controlled device as an engineer, and doing an FMEA, that i realized the need to use a DPDT switch with redundant input circuits to make my design acceptable.