Fault Tree Analysis FTA methode analisis pohon

8/10/2019 Fault Tree Analysis FTA methode analisis pohon

1/44

Fault Tree Analysis


2/44

Analytical Approaches

There are two generic analytical methods:induction and deduction

What is the characteristics of these

approaches?.


3/44

Inductive Approaches

constitutes reasoning from individual casesto a general conclusion

Example of the inductive approachesPreliminary Hazards Analysis (PHA), FailureMode and Effect Analysis (FMEA), FailureMode Effect and Criticality Analysis(FMECA), Fault Hazard Analysis (FHA), and

Event Tree Analysis. assume some possible component condition

or initiating event and try to determine thecorresponding effect on the overall system.


4/44

Deductive Approaches

constitutes reasoning from the general tothe specific

we assume the system/components failed

in a certain way, and attempt to find outwhat modes of system/components

behaviour contribute to this failure.

Can be considered as accidentinvestigations analyses in real life.


5/44

Deductive Approaches

For example what chain of events causedthe sinking of an "unsinkable" ship such as

the Titanic on its maiden voyage?

What failure processes, instrumentaland/or human, contributed to the crash of

a commercial airliner into a mountainside?

Example of this system is Fault TreeAnalysis


6/44

Summary

are applied to determine what systemstates(usually failed states) are possible;

deductive methods are applied to

determine how a given system state(usually a failed state) can occur.


7/44

"Parts Count" Approach

The simplest and most conservativeapproach

assumption we can make about a system isthat any single component failure will

produce complete system failure. Upper bound on the probability of system

failure is straightforward, by simply list all thecomponents along with their estimated

probabilities of failure. The individual component probabilities are

then added and this sum provides an upperbound on the probability of system failure.


8/44


The simplest and most conservativeapproach

assumption we can make about a system isthat any single component failure will

produce complete system failure. Upper bound on the probability of system

failure is straightforward, by simply list all thecomponents along with their estimated

probabilities of failure. The individual component probabilities are

then added and this sum provides an upperbound on the probability of system failure.


9/44


Component Failure

A fA

B fB

C fC

D fD

where F, the failure probability for the system, is equal to fA+ fB+ fC+ fD

The failure probabilities can be failure rates, unreliabilities, or

unavailabilities depending on the particular application


10/44


Component Failure

A fA

B fB

C fC

D fD

where F, the failure probability for the system, is equal to fA+ fB+ fC+ fD

The failure probabilities can be failure rates, unreliabilities, or

unavailabilities depending on the particular application


11/44

Failure vs. Success Models

The operation of a system can beconsidered from two standpoints:

we can enumerate various ways for

system success, or we can enumeratevarious ways for system failure


12/44


The operation of a system can beconsidered from two standpoints:

we can enumerate various ways for

system success, or we can enumeratevarious ways for system failure


13/44



14/44

Fault tree analysis

is a deductive failure analysis which focuses on one particularundesired event and which provides a method fordetermining causes of this event.

The undesired event constitutes the top event in a fault treediagram constructed for the system, and generally consists ofa complete, or catastrophic failure

Careful choice of the top event is important to the successof the analysis. If it is too general, the analysis becomeunmanageable; if it is too specific, the analysis does notprovide a sufficiently broad view of the system.

Fault tree analysis can be an expensive and time-consuming

exercise and its cost must be measured against the costassociated with the occurrence of the relevant undesiredevent.


15/44

Basic Element of Fault Tree

A fault tree analysis can be simply described as an analyticaltechnique Have to specify the undesired state of the system (usually a state

that is critical from a safety standpoint), and the system is thenanalyzed in the context of its environment and operation to findall credible ways in which the undesired event can occur.

Agraphic model of the various parallel and sequentialcombinations of faults that will result in the occurrence ofthe predefined undesired event.

Thefaults can be events that are associated with componenthardware failures, human errors, or any other pertinentevents which can lead to the undesired event.

Depicts the logical interrelationships of basic events that leadto the undesired event-on the top of the tree.


16/44


is not a model of all possible system failuresor all possible causes for system failure.

is tailored to its top event whichcorresponds to some particular systemfailure mode

Only includes those faults that contribute tothis top event.

Can not consider as exhaustive-they coveronly the most credible faults as assessed bythe analyst.


17/44


18/44


A fault tree is a complex of entities known as"gates" which serve to permit or inhibit thepassage of fault logic up the tree.

The gates show the relationships of events

needed for the occurrence of a "higher" event.The "higher" event is the "output" of the gate; the"lower" events are the "inputs" to the gate.

The gate symbol denotes the type of relationship

of the input events required for the output event. Gates are somewhat analogous to switches in an

electrical circuit or two valves in a piping layout.


19/44


A typical fault tree is composed of anumber of symbols which are described

in detail in in the following slides


20/44

Primary event

The primary events of a fault tree are those events, which, notfurther developed.

The probabilities have to be provided if the fault tree is to beused for computing the probability of the top event.

There are four types of primary events: BASIC

A basic initiating fault requiring no further development

CONDITIONING Specific conditions or restrictions that apply to any logic gate

UNDEVELOPED An event which is not further developed either because it is of insufficient

consequence or because information is unavailable EXTERNAL

An event which is normally expected to occur


21/44

Building Blocks of the FTA

Symbol Event

BASIC

CONDITIONING

record any conditions or restrictions

UNDEVELOPED

specific fault event that is not further

developed

EXTERNAL

used to signify an event that is

normally expected


22/44


Symbol Event

INTERMEDIATE EVENT

A fault event that occurs because of

one or more antecedent causes actingthrough logic gates


23/44

Building Blocks of the FTASymbol Gate

ANDOutput fault occurs if all of the inputfaults occur

OR

Output fault occurs if at least one of

the input faults occurs

EXCLUSIVE OR

Output fault occurs if exactly one ofthe input faults occurs

PRIORITY AND

INHIBIT

Output fault occurs if the (single)

input fault occurs in the presence ofan enabling condition


24/44


Event Q occurs if A occurs, B occurs, or both A and B occur


25/44



26/44



27/44


Event Q occurs if A occurs and B occurs


28/44



29/44



30/44


Event Q occurs only if input A occurs under the condition specified by input B


31/44



32/44



33/44


The primary events of a fault tree are those events, which, notfurther developed.

The probabilities have to be provided if the fault tree is to beused for computing the probability of the top event.

There are four types of primary events: BASIC

A basic initiating fault requiring no further development

CONDITIONING Specific conditions or restrictions that apply to any logic gate

UNDEVELOPED An event which is not further developed either because it is of insufficient

consequence or because information is unavailable

EXTERNAL An event which is normally expected to occur


34/44

Example of FTA

a vehicle headlamp. The electric circuit is very simple and includes the

battery, the switch, the lamp itself, and the wireharness (Figure 1).

For simplicity, we will assume that the latter isreliable enough to be excluded from our study.We will also assume certain failure probabilitiesfor some components.

For a given time period, the probability of

failureon the figure or the unreliability for the assigned distribution of

failures (not necessarily normal). Suchprobabilities can be estimated from warranty


35/44

Example of FTA

A vehicle headlamp. The electric circuit is very simple and includes the

battery, the switch, the lamp itself, and the wireharness.

For simplicity, we will assume that the latter isreliable enough to be excluded from our study.We will also assume certain failure probabilitiesfor some components.

For a given time period, the probability of

failureon the figure or the unreliability for the assigned distribution of

failures (not necessarily normal). Suchprobabilities can be estimated from warranty


36/44

Example of FTA


37/44

Example of FTA


38/44


39/44

Faults vs. Failures

Word failure and the more general wordfault.

Consider a relay. If the relay closes

properly when a voltage is impressedacross its terminals, we call this a relay

"success." If, however, the relay fails to

close under these circumstances, we callthis a relay "failure."


40/44


41/44


42/44

Fault Occurrence vs. Fault Existence

A fault may be repairable or not,depending on the nature of the system.

Under conditions of no repair, a fault that

occurs will continue to exist. In a repairable system a distinction must

be made between the occurrence of a

fault and its existence. Actually thisdistinction is of importance only in fault

tree quantification.


43/44

Passive vs. Active Components

A passive component contributes in a moreor less static manner to the functioning ofthe system. The failure of a passive component will result in

the non-transmission (or, perhaps, partialtransmission) of its "signal."

Active component contributes in a moredynamic manner to the functioning of its

parent system by modifying systembehaviour in some way. active component acts as a "transfer function,"


44/44

Passive vs. Active Components

In constructing a fault tree, the basicconcepts of failure effects, failure modes,

and failure mechanisms are important in

determining the proper interrelationshipsamong the events

Documents

Fault Tree Analysis FTA methode analisis pohon