Fta

Chapter 3
System Analysis
Fault Tree Analysis
Marvin Rausand
Department of Production and Quality Engineering
Norwegian University of Science and Technology
marvin.rausand@ntnu.no
Marvin Rausand, October 7, 2005 System Reliability Theory (2nd ed), Wiley, 2004 – 1 / 32
Introduction
What is...?
History
Main steps
Preparation
Construction
Assessment
Quantification
Input Data
Introduction
What is fault tree analysis?
Introduction
What is...?
❑ Fault tree analysis (FTA) is a top-down approach to failure
History analysis, starting with a potential undesirable event
Main steps
Preparation
(accident) called a TOP event, and then determining all the
Construction ways it can happen.
Assessment ❑ The analysis proceeds by determining how the TOP event can
Quantification be caused by individual or combined lower level failures or
Input Data events.
❑ The causes of the TOP event are “connected” through logic
gates
❑ In this book we only consider AND-gates and OR-gates
❑ FTA is the most commonly used technique for causal analysis
in risk and reliability studies.
History
Introduction
What is...?
❑ FTA was first used by Bell Telephone Laboratories in
History connection with the safety analysis of the Minuteman missile
Main steps
Preparation
launch control system in 1962
Construction ❑ Technique improved by Boeing Company
Assessment ❑ Extensively used and extended during the Reactor safety
Quantification study (WASH 1400)
Input Data
FTA main steps
Introduction
What is...?
❑ Definition of the system, the TOP event (the potential
History accident), and the boundary conditions
Main steps
Preparation
❑ Construction of the fault tree
Construction ❑ Identification of the minimal cut sets
Assessment ❑ Qualitative analysis of the fault tree
Quantification ❑ Quantitative analysis of the fault tree
Input Data ❑ Reporting of results
Preparation for FTA
Introduction
What is...?
❑ The starting point of an FTA is often an existing FMECA and
History a system block diagram
Main steps
Preparation
❑ The FMECA is an essential first step in understanding the
Construction system
Assessment ❑ The design, operation, and environment of the system must
Quantification be evaluated
Input Data ❑ The cause and effect relationships leading to the TOP event
must be identified and understood
Preparation for FTA
Introduction
What is...?
System block diagram
History
Main steps
FMECA
Preparation
Construction
Assessment
Quantification
Input Data
Fault tree
Boundary conditions
Introduction
What is...?
❑ The physical boundaries of the system (Which parts of the
History system are included in the analysis, and which parts are not?)
Main steps
Preparation
Construction ❑ The initial conditions (What is the operational stat of the

Assessment system when the TOP event is occurring?)
Quantification ❑ Boundary conditions with respect to external stresses (What
Input Data type of external stresses should be included in the analysis –
war, sabotage, earthquake, lightning, etc?)
❑ The level of resolution (How detailed should the analysis be?)
Introduction
Construction
Construction
Symbols
Example
Assessment
Quantification
Input Data
Fault tree construction
Fault tree construction
Introduction
❑ Define the TOP event in a clear and unambiguous way.
Construction
Construction
Should always answer:
Symbols
What e.g., “Fire”
Example
Where e.g., “in the process oxidation reactor”
Assessment
When e.g., “during normal operation”
Quantification
Input Data ❑ What are the immediate, necessary, and sufficient events and
conditions causing the TOP event?
❑ Connect via AND- or OR-gate
❑ Proceed in this way to an appropriate level (= basic events)
❑ Appropriate level:
✦ Independent basic events
✦ Events for which we have failure data
Fault tree symbols
Introduction The OR-gate indicates that the output event

Construction occurs if any of the input events occur
Construction OR-gate
Logic
Symbols gates
Example
The AND-gate indicates that the output event
Assessment occurs only if all the input events occur
at the same time
Quantification
AND-gate
Input Data
The basic event represents a basic equipment
failure that requires no further development of
Input failure causes
events
(states) The undeveloped event represents an event that
is not examined further because information is
unavailable or because its consequences are
insignificant
Description The comment rectangle is for supplementary

of state information
Transfer
The transfer-out symbol indicates that the fault
Transfer out
tree is developed further at the occurrence of the
symbols
Transfer corresponding transfer-in symbol
in
Example: Redundant fire pumps
Introduction
Construction
Construction
Symbols Valve
Example
Assessment
TOP event = No water from fire wa-
Quantification
ter system
Fire pump 1 Fire pump 2
Input Data
FP1 FP2
Engine Causes for TOP event:
VF = Valve failure
G1 = No output from any of the fire
pumps
G2 = No water from FP1 G3 = No
water from FP2
FP1 = failure of FP1
EF = Failure of engine
FP2 = Failure of FP2
Example: Redundant fire pumps (2)
Introduction No water from

fire pump system
Construction
Construction TOP
Symbols
Example
Valve blocked, or No water from
fail to open the two pumps
Assessment
Valve VF
Quantification G1
Input Data
No water from No water from
pump 1 pump 2
Fire pump 1 Fire pump 2 G2 G3

Engine
FP1 FP2
Failure of Failure of Failure of Failure of

pump 1 engine pump 2 engine
FP1 EF FP2 EF
Example: Redundant fire pumps (3)
Introduction No water from

fire pump system
Construction
TOP
Construction
Symbols
Valve blocked, or No water from No water from
Example fail to open the two pumps fire pump system
VF
Assessment G1 TOP
Quantification
No water from No water from Valve blocked, or No water from Failure of
pump 1 pump 2 fail to open the two pumps engine
Input Data
VF EF
G2 G3 G1
Failure of Failure of Failure of Failure of Failure of Failure of

pump 1 engine pump 2 engine pump 1 pump 2
FP1 EF FP2 EF FP1 FP2
The two fault trees above are logically identical. They give the
same information.
Introduction
Construction
Assessment
Cut Sets
Qualitative
assessment
Quantification
Input Data
Qualitative assessment
Cut Sets
Introduction
❑ A cut set in a fault tree is a set of basic events whose
Construction
(simultaneous) occurrence ensures that the TOP event
Assessment
Cut Sets occurs
Qualitative
assessment ❑ A cut set is said to be minimal if the set cannot be reduced
Quantification without loosing its status as a cut set
Input Data
The TOP event will therefore occur if all the basic events in a
minimal cut set occur at the same time.
Qualitative assessment
Introduction Qualitative assessment by investigating the minimal cut sets:

Construction ❑ Order of the cut sets
Assessment ❑ Ranking based on the type of basic events involved
Cut Sets
Qualitative
assessment
1. Human error (most critical)
Quantification
2. Failure of active equipment
Input Data
3. Failure of passive equipment
❑ Also look for “large” cut sets with dependent items
Rank Basic event 1 Basic event 2

1 Human error Human error
2 Human error Failure of active unit
3 Human error Failure of passive unit
4 Failure of active unit Failure of active unit
5 Failure of active unit Failure of passive unit
6 Failure of passive unit Failure of passive unit
Introduction
Construction
Assessment
Quantification
Notation
Single AND-gate
Single OR-gate
TOP Event Prob.
Input Data
Quantitative assessment
Notation
Introduction
Construction
Assessment
Q0 (t) = Pr(The TOP event occurs at time t)
Quantification qi (t) = Pr(Basic event i occurs at time t)
Notation
Single AND-gate Q̌j (t) = Pr(Minimal cut set j fails at time t)
Single OR-gate
TOP Event Prob.
Input Data ❑ Let Ei (t) denote that basic event i occurs at time t. Ei (t)
may, for example, be that component i is in a failed state at
time t. Note that Ei (t) does not mean that component i fails
exactly at time t, but that component i is in a failed state at
time t
❑ A minimal cut set is said to fail when all the basic events
occur (are present) at the same time.
The formulas for qi (t) will be discussed later in this presentation.
Single AND-gate
Introduction
TOP
Construction
S
Assessment
Quantification
Notation E1 E2
Single AND-gate
Event 1 Event 2
Single OR-gate
occurs occurs
TOP Event Prob.
E1 E2
Input Data
Let Ei (t) denote that event Ei occurs at time t, and let

qi (t) = Pr(Ei (t)) for i = 1, 2. When the basic events are independent,
the TOP event probability Q0 (t) is
Q0 (t) = Pr(E1 (t) ∩ E2 (t)) = Pr(E1 (t)) · Pr(E2 (t)) = q1 (t) · q2 (t)
When we have a single AND-gate with m basic events, we get

m
Y
Q0 (t) = qj (t)
j=1
Single OR-gate
Introduction
TOP
Construction
S
Assessment
Quantification
Notation E1 E2
Single AND-gate
Event 1 Event 2
Single OR-gate
occurs occurs
TOP Event Prob.
E1 E2
Input Data
When the basic events are independent, the TOP event probability
Q0 (t) is
Q0 (t) = Pr(E1 (t) ∪ E2 (t)) = Pr(E1 (t)) + Pr(E2 (t)) − Pr(E1 (t) ∩ E2 (t)
= q1 (t) + q2 (t) − q1 (t) · q2 (t) = 1 − (1 − q1 (t))(1 − q2 (t))
When we have a single OR-gate with m basic events, we get

m
Y
Q0 (t) = 1 − (1 − qj (t))
j=1
Cut set assessment
Introduction
Min. cut set j
Construction fails
Assessment
Quantification
Notation
Single AND-gate
Single OR-gate Basic event j1 Basic event j2 Basic event j,r
TOP Event Prob. occurs occurs occurs
Input Data Ej1 Ej2 Ejr
A minimal cut set fails if and only if all the basic events in the set fail
at the same time. The probability that cut set j fails at time t is
r
Y
Q̌j (t) = qj,i (t)
i=1
where we assume that all the r basic events in the minimal cut set j
are independent.
TOP event probability
Introduction
Construction TOP
Assessment
Quantification
Notation
Single AND-gate
Single OR-gate Min. cut set 1 Min. cut set 2 Min. cut set k
TOP Event Prob. fails fails fails
Input Data C1 C2 Ck
The TOP event occurs if at least one of the minimal cut sets fails. The
TOP event probability is
k
Y
Q0 (t) ≤ 1 − 1 − Q̌j (t) (1)
j=1
The reason for the inequality sign is that the minimal cut sets are not
always independent. The same basic event may be member of several
cut sets. Formula (1) is called the Upper Bound Approximation.
Introduction
Construction
Assessment
Quantification
Input Data
Types of events
Non-repairable
Repairable
Periodic testing
Input Data
Frequency
On demand
Cut Set Eval.
Conclusions
Types of events
Introduction
Five different types of events are normally used:
Construction
Assessment
Quantification
❑ Non-repairable unit
Input Data ❑ Repairable unit (repaired when failure occurs)
Types of events
❑ Periodically tested unit (hidden failures)
Non-repairable
Repairable ❑ Frequency of events
Periodic testing
Frequency
❑ On demand probability
On demand
Cut Set Eval.
Conclusions Basic event probability:
qi (t) = Pr(Basic event i occurs at time t)
Non-repairable unit
Introduction
Unit i is not repaired when a failure occurs.
Construction
Assessment
Input data:
Quantification
Input Data
Types of events
Non-repairable
❑ Failure rate λi
Repairable
Periodic testing Basic event probability:
Frequency
On demand
Cut Set Eval.
qi (t) = 1 − e−λi t ≈ λi t
Conclusions
Repairable unit
Introduction
Unit i is repaired when a failure occurs. The unit is assumed to
Construction
be “as good as new” after a repair.
Assessment
Quantification
Input Data
Input data:
Types of events
Non-repairable
Repairable ❑ Failure rate λi
Periodic testing
Frequency
❑ Mean time to repair, MTTRi
On demand
Cut Set Eval. Basic event probability:
Conclusions
qi (t) ≈ λi · MTTRi
Periodic testing
Introduction
Unit i is tested periodically with test interval τ . A failure may
Construction
occur at any time in the test interval, but the failure is only
Assessment
detected in a test or if a demand for the unit occurs. After a
Quantification
Input Data
test/repair, the unit is assumed to be “as good as new”.
Types of events This is a typical situation for many safety-critical units, like
Non-repairable
Repairable
sensors, and safety valves.
Periodic testing
Frequency
On demand Input data:
Cut Set Eval.
Conclusions
❑ Failure rate λi
❑ Test interval τi
Basic event probability:

λi · τi
qi (t) ≈
2
Frequency
Introduction
Event i occurs now and then, with no specific duration
Construction
Assessment
Input data:
Quantification
Input Data
Types of events
Non-repairable
❑ Frequency fi
Repairable
Periodic testing
Frequency ❑ If the event has a duration, use input similar to repairable
On demand unit.
Cut Set Eval.
Conclusions
On demand probability
Introduction
Unit i is not active during normal operation, but may be subject
Construction
to one or more demands
Assessment
Quantification
Input Data
Input data:
Types of events
Non-repairable
Repairable ❑ Pr(Unit i fails upon request)
Periodic testing
Frequency
On demand ❑ This is often used to model operator errors.
Cut Set Eval.
Conclusions
Cut set evaluation
Introduction
Ranking of minimal cut sets:
Construction
Assessment
Quantification ❑ Cut set unavailability

Input Data The probability that a specific cut set is in a failed state at
Types of events
Non-repairable time t
Repairable ❑ Cut set importance
Periodic testing
Frequency The conditional probability that a cut set is failed at time t,
On demand
Cut Set Eval.
given that the system is failed at time t
Conclusions
Conclusions
Introduction
❑ FTA identifies all the possible causes of a specified undesired
Construction
event (TOP event)
Assessment
❑ FTA is a structured top-down deductive analysis.
Quantification
Input Data
❑ FTA leads to improved understanding of system
Types of events characteristics. Design flaws and insufficient operational and
Non-repairable
Repairable
maintenance procedures may be revealed and corrected
Periodic testing during the fault tree construction.
Frequency
On demand ❑ FTA is not (fully) suitable for modelling dynamic scenarios
Cut Set Eval. ❑ FTA is binary (fail–success) and may therefore fail to address
Conclusions
some problems

Fta

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Fta

Hochgeladen von

Copyright:

Verfügbare Formate

Chapter 3

Construction ❑ The initial conditions (What is the operational stat of the

Introduction The OR-gate indicates that the output event

Description The comment rectangle is for supplementary

Introduction No water from

Fire pump 1 Fire pump 2 G2 G3

Failure of Failure of Failure of Failure of

Introduction No water from

Failure of Failure of Failure of Failure of Failure of Failure of

FP1 EF FP2 EF FP1 FP2

Introduction Qualitative assessment by investigating the minimal cut sets:

Rank Basic event 1 Basic event 2

The formulas for qi (t) will be discussed later in this presentation.

Let Ei (t) denote that event Ei occurs at time t, and let

When we have a single AND-gate with m basic events, we get

When we have a single OR-gate with m basic events, we get

qi (t) = Pr(Basic event i occurs at time t)

Basic event probability:

Quantification ❑ Cut set unavailability

Das könnte Ihnen auch gefallen