A purpose is an abstract description or characterization of any of a large number of situations


This objective is defined as the desired (intended) situation, in contrast, a threat which may challenge goal achievement may lead to an undesired situation. In this case, to maintain the temperature at 20°C is our desirable situation or our objective. If the temperature falls below 20°C, a threat may have disturbed the system.


A goal, the final purpose is a concrete description or characterization of single situation at a point in time. One can have the goal to achieve a specific purpose. Also, the goal can be decomposed into subgoals. For example, during winter, it may be cold in a house. The purpose to keep us warm in…

Operational modes

Any complex automated system has di erent operational modes, e.g. due to a start-up proce- dure required to get into the nominal operation situation, emergency modes to guarantee secure operation when shutting down, or di erent con gurations to comply with varying demands. In di erent modes components of a system can ful l di…

Control functions

Besides the system inherent functions and their combination to fulfil the overall purpose of the system, any industrial plant relies on control functions to ensure the nominal operation of specic safety- or production-relevant functions. In order to be able to model a system including its control functions, Morten Lind introduced a representation of control actions…


In MFM the word component refers to a physical object, which is typically a part of a process system. The component could e.g. be a hydraulic pump or a valve for a hydraulic press. The component relates to the processes in a part-whole abstraction level.


Definition: A threat represents an undesirable state which should be destroyed or suppressed.


Definition: An objective represents a desirable state which should be produced or maintained.


MFM distinguishes between system goals in two different categories based on the nature of the concepts. One is to achieve a certain state, while the other is to avoid an undesirable state. These two can be expressed by using only one concept of goal with different logical expressions. However, the differentiation between the two concepts is…


A barrier represents the function of a system that prevents the transfer of mass or energy between two systems or locations. Typical examples of systems which implement barrier functions are the cladding on nuclear fuel rods, heat isolating material and a trap in water systems.