One of the essential safety requirements concerning protection and monitoring systems refers to the behaviour in case of failure conditions. It is required, that failures in the control as well as in the peripheral should not lead to a failure of the defined safety functions. A possible method to prove, that failures cannot react critical to safety, is the Failure Mode and Effects Analysis (FMEA). 

Starting point of a FMEA is the determination of the assumed failures, resp. failure models, as especially concerning complex components not all single failures can be named and therefore models of failure are determined to describe the failure of a component or a function (functional failure model).

The assumed failures for electric/electronic components as well as for components including other thechnologies (for example pneumatics, hydraulics) are listed in several standards. These lists can be found for instance in EN 954-2, IEC 61496-1 Annex B, IEC 61508-2.

These lists also name the conditions under which the origin of certain failures can be excluded resp. are viewed as adaquate improbable. In this case one refers to "failure exclusions".

The FMEA is carried out according to the requirements of the applied standards for the required safety level. There are flow charts, which describe the evaluation of measuring and performance of the FMEA.

The FMEA examines the behaviour of a product during development or existance of internal or external faults. This is done by the detailled analysis of the circuit diagram and documents and/or by practical simulations of fault and examination of the behaviour of the device (component, unit). The possible instant indicating the occurrence of failure and the temporal requirements for fault detection always have to be considered and respected.

By means of FMEA the proof can be presented, that even in case of failure a control can carry out the safety function according to the standard's requirements.