Blog

The importance of DFMEAs

It’s been a week since my Gardena Smart Pump 5000/5E blew up in my face in a high pressure cloud of steam and hot boiling water, and the mix of first and second degree burns I got as a result are already starting to heal nicely. I got lucky.

Wednesday last week when I got home from work just after 18:00, I heard the pump running. And judging by the high pitched sound it was running dry – not good. I opened the Gardena app on my phone to see what was going on, as I did not turn on the pump, nor was there a scheduled start. Oddly enough the Gardena app indicated the pump was not running even though the wireless connection was working perfectly, so I could not turn it off. I decided to pull the power plug instead.

Being so near the pump I felt the heat coming from the pump, and gave it some time to cool down. In the mean time I prepared a watering can to fill up the pump to be able to run it again, and to remove any residual heat in the process.

However, I badly underestimated the severity of the failure (or series of failures, as it turns out). When I tried to turn the filling cap, it immediately blew off due to the high pressure. The cap hit my forehead (missing my left eye narrowly) and flew about 10 to 15 meters into the sky. A cloud of steam and boiling water covered the left side of my face, and my lower left arm. The pain was instant, as was the regret, and the watering can I prepared was used to cool down the burns rather than to get the pump going again.

Running to the shower to further cool the burns, it felt bad. I felt how the skin on my cheek and my arm came peeling off, and boy at that moment did I wish I stayed well clear of the pump. What followed was a trip to hospital, which I left with a bunch of painkillers, various stuff to put on the burns, and compliments on cooling down the burns which prevented worse.

So what happened? I never expected the system to fail so catastrophically, nor this build up of pressure. Of course in retrospect because it was obviously not a planned action, no valves were open for the water to travel. Those valves can hold the pressure quite well as it turns out!

The Gardena Smart Pump 5000/5E in question supposedly has the following safety features:

  • If medium is present, but there is a blockage in the pipes, the pump should go in standby mode.
  • If no medium is present, the pump should turn off (dry-run protection).
  • If the pump overheats, the pump should turn off (thermal safety).

Not to mention the pump should only be able to turn on via the app: either by schedule or by ordering it to start. Instead the pump started on its own, with the app having no record of that action. From the data of our electricity meter I could gather that the pump had been running dry for at least 2 hours prior to the incident. And all three safety measures failed miserably.

The pump I sent back for a root cause analysis. Gardena has been so kind as to offer me a replacement pump, however the series of failures has me quite concerned. I don’t know the design of course, but one would expect some fail-safe hardware based protection. For example a resettable thermal fuse would’ve done the trick to prevent this whole issue. Safety features should never be software based.

I am curious to read Gardena’s design documentation to be honest: the DFMEA in particular. With such a catastrophic potential outcome as a result of design failure I suspect that DFMEA could use some work.

Blog

My blog describes events from my life related to design and engineering. Hopefully it will give you more insight into my work processes and personal interests.

If you want to stay up-to-date with the events described on this rather infrequently updated blog, you can subscribe here.

on Google+