fault tree analysis
Download as PPTX, PDF5 likes7,440 views
The document provides an overview of fault tree analysis (FTA). It defines FTA as a technique used in probabilistic risk assessment to identify and analyze the causes of failures in systems. The FTA process involves defining an undesired top event, constructing a fault tree by tracing the top event to intermediate and basic causal events using logic gates, and analyzing the tree both qualitatively and quantitatively. The document outlines the key steps and considerations in performing an FTA, including defining the scope and resolution, constructing the fault tree, analyzing minimal cut sets, and quantifying failure probabilities.
fault tree analysis
- 2. Outline
- 8. Fault Tree Analysis (FTA) is one of the most important logic and probabilistic techniques used in Probabilistic Risk Assessment (PRA) and system reliability assessment. Fault Tree Analysis (FTA) attempts to model and analyze failure processes of engineering systems. FTA can be simply described as an analytical technique
- 9. FTA is a deductive analysis approach for resolving an undesired event into its causes. Logic diagrams and Boolean Algebra are used to identify the cause of the top event.
- 10. Fault tree is the logical model of the relationship of the undesired event to more basic events. The top event of the Fault tree is the undesired event. The middle events are intermediate events and the basic events are at the bottom. The logic relationship of events are shown by logic symbols or gates.
- 14. A primary fault is any fault of a component that occurs in an environment for which the component is qualified e.g., a pressure tank, designed to withstand pressures up to and including a pressure Po, ruptures at some pressure p <Po because of a defective weld. A secondary fault is any fault of a component that occurs in an environment for which it has not been qualified. In other words, the component fails in a situation which exceeds the conditions for which it was designed; e.g., a pressure tank, designed to withstand pressure up to and including a pressure Po, ruptures under a pressure p > PO. Because primary and secondary faults are generally component failures, they are usually called primary and secondary failures. A command fault in contrast, involves the proper operation of a component but at the wrong time or in the wrong place;
- 15. Basic Event: A lower most event that can not be further developed. Intermediate Event: This can be a intermediate event (or) a top event. They are a result logical combination of lower level events. Undeveloped Event: An event which has scope for further development but not done usually because of insufficient data. External Event: An event external to the system which can cause failure.
- 16. OR Gate: Either one of the bottom event results in the occurrence of the top event. AND Gate: For the top event to occur all the bottom events should occur. Inhibit Gate: The top event occurs only if the bottom event occurs and the inhibit condition is true.
- 17. Procedure for Fault Tree Analysis Define TOP event Define overall structure. Explore each branch in successive level of detail. Solve the fault tree Perform corrections if required and make decisions
- 18. 1. Define the undesired event to be analyzed (the focus of the FTA) 2. Define the boundary of the system (the scope of the FTA) 3. Define the basic causal events to be considered (the resolution of the FTA) 4. Define the initial state of the system
- 20. • Undesired top event: Motor does not start when switch is closed • Boundary of the FT: The circuit containing the motor, battery, and switch • Resolution of the FT: The basic components in the circuit excluding the wiring • Initial State of System: Switch open, normal operating conditions
- 24. • The top event should describe WHAT the event is and WHEN it happens • The top event is often a system failure but can be any other event • The top event is the specific event to be resolved into its basic causes • Defining the wrong top event will result in wrong assessments and conclusions
- 25. 1. Define the top event as a rectangle 2. Determine the immediate necessary and sufficient events which result in the top event 3. Draw the appropriate gate to describe the logic for the intermediate events resulting in the top event 4. Treat each intermediate event as an intermediate level top event 5. Determine the immediate, necessary and sufficient causes for each intermediate event 6. Determine the appropriate gate and continue the process
- 26. The system being analyzed for the undesired event needs to be studied and understood before the fault tree is constructed If an electrical or hydraulic system is being analyzed, the fault tree is constructed by tracing the causes upstream in the circuit to the basic causes For a generalized network or flow, the fault tree is similarly constructed by upstream tracing of the causes
- 27. Top Event- What specific event is being analyzed? Boundary- What is inside and outside the analysis? Resolution- What are the primary causes to be resolved to? Initial State- What is assumed for the initial conditions and states?
- 28. Do not assume abnormal conditions will occur to prevent a fault from propagating In particular, do not assume a failure of another component will occur to prevent a fault from propagating
- 29. Each Gate and Event on the Fault Tree needs to be named The Name should ideally identify the Event Fault and the What and When Conditions Basic events should in particular be named to identify the failure mode What is important is that the same event be given the same name if it appears at different locations
- 30. Human errors are classified into two basic types-errors of omission and errors of commission An error of omission is not doing a correct action An error of commission is doing an incorrect action Human errors are modeled as basic events in a FT, similarly to component failures Human errors need to be considered whenever a human interfaces with the component or system The failure modes need to be expanded to include failure induced by the human
- 31. Test and maintenance related errors Errors causing initiating events Procedural errors during an incident or accident Errors leading to inappropriate actions Detection and Recovery errors
- 34. • The system operates in different phases • The system configuration can change in different phases • The system success criteria can change • The basic event probabilities (e.g, component failure rates) can change
- 35. For each phase there are distinct basic event probabilities but no system logic changes Each basic event is thus resolved into individual phase events
- 36. Changes in event probabilities can alternatively be handled in the quantification stage
- 37. A minimal cutset (mcs) is a smallest combination of primary events, or basic events, causing the top event All the primary events need to occur to cause the top event Each mcs is thus a causal-combination, i.e., a combination of primary events The complete set of mcs provides the complete set of causes of the top event
- 38. The fault tree is represented as a set of logic equations Substitution is carried out until the top event is represented entirely in terms of basic events The top event equation is then expanded and simplified to obtain a ‘sum of products’ In expanding the top event equation, the Boolean distributive law and the law of absorption are used Each product in the sum of products is then a minimal cut set of the top event
- 39. A•(B + C) = A•B + A•C Distributive Law A + A = A Identity Union Law (Identity Absorption Law) A + A•B = A Subset Absorption Law A•A = A Identity Intersection Law (Idempotent Law) (A + B)’= A’•B’ Union Complementation Law (A•B)’= A’ + B’ Intersection Complementation
- 41. Applying the Distributive Law and Laws of Absorption to the Top Event Equation in terms of the Basic Events Q =C1 OR C2 C1=B1 OR B2 C2= B2 oR B3 Q =(B1+B2) •(B2+B3) Q =(B1 •B2)+(B1•B3)+(B2•B2)+(B2•B3) Q =(B1 •B2)+(B1•B3)+B2+(B2•B3)
- 42. Failure probability for a non-repairable component (or event) P = 1-exp(-λT) ~ λT λ = component failure rate T = exposure time Failure probability for a repairable component P = λτ/(1+ λτ) ~ λτ τ = repair time Constant failure probability for a component P = c c = constant probability
- 43. 1. Identify the specific component failure mode 2. Determine whether the failure is time-related or demand related 3. Determine the environment e.g., ground or air 4. Select the appropriate failure rate value 5. For a time-related failure determine the exposure time 6. For a time-related failure, if the failure is repairable determine the repair time 7. For a demand-related failure, determine the number of demands if greater than 1
- 44. FV Importance (Contribution Importance)- the relative contribution to the top event probability from an event. Risk Achievement Worth RAW (Increase Sensitivity,Birnbaum Importance)- the increase in the top event probability when an event is given to occur Risk Reduction Worth RRW (Reduction Sensitivity)- the reduction in the probability of the top event when an event is given to not occur
- 45. FV Importance = Sum of min cut cuts containing the event Sum of all min cut sets RAW =Top event probability with event probability set to 1 RRW = Top event probability with event probability set to 0
- 46. A Success Tree (ST) identifies all the ways in which the top event cannot occur The ST is the complement of the FT The ST is the mirror of the FT The ST is useful in showing the explicit ways to prevent the occurrence of the FT
- 47. Complement the top event to a NOT event Complement all intermediate events to NOT Events Complement all basic events to NOT events Change all AND gates to OR gates Change all OR gates to AND gates The minimal cut sets of the ST are now called the minimal path sets
- 48. A minimal path set is the smallest number of events which if they all do not occur then the top event will not occur If the events in one path set are prevented to occur then the top event will be guaranteed to not occur The minimal path sets are the totality of ways to prevent the top event based on the fault tree
- 49. Define the FTA – Top Event – Scope – Resolution Assemble the project Team – FT analyst – System engineering support – Data support – Software support Define the FTA Operational Framework – Assemble the as built drawings – FT naming scheme – Interfaces/Support to be modeled – Software to be used
- 50. Assemble the data – Generically applicable data – Specifically applicable data Prepare the software package – Familiarization – Test problems Keep a log on the FTA work – Operational and design assumptions – Events not modeled and why – Success and failure definitions – Special models and quantifications used
- 51. Review the work at stages – FT construction – Qualitative evaluations – Quantitative evaluations Check and validate the results – Engineering logic checks – Consistency checks with experience Prepare and disseminate the draft report – Conclusions/findings – FTA results – FTs – Software inputs/outputs Obtain feedback and modify and final report – Disseminate the report – Present findings
- 53. 1) “Fault Tree Handbook with Aerospace Applications’ Version 1.1, NASA Publication, August 2002 2) Fault Tree Analysis (FTA) ,Concepts and Applications Bill Vesely,NASA HQ 3)Tutorial fault tree analysis Dr John Andrews,1998 3) Fault tree analysis,4ᵀᴴEdition P.L.Clemens1993 4) Fault tree analysis,Clifton A.Ericson II 5) Fault Tree Handbook with Aerospace Applications Version 1.1, Prepared for NASA Office of Safety and Mission Assurance, NASA Headquarters Washington DC 20546 , August 2002