Safety of missile systems
Engineers developed FTA to improve the safety of missile systems. They reasoned most accidents/incidents result from failures or malfunctions within a system. A system consists of people, equipment, material, and environmental factors. This system performs specific tasks using prescribed methods. The components of a system and its environment are interrelated, and a failure in any part can affect the other parts. A negative event can be a near miss or an incident that could have resulted in personal injury to an employee or equipment/property damage.
Analytical trees are graphic representations or pictures of a project or event. They use deductive reasoning in that they start with a general top event or output event and develop down through the branches to specific input events that must occur in order for the output to be generated. Analytical trees are called trees because their structure resembles a tree, narrow at the top with a single event symbol and then branching out as the tree is developed.
Negative analytical trees or fault trees are excellent trouble shooting tools. They can be used to prevent or identify failures prior to their occurrence, but are more frequently used to analyze accidents or as investigative tools to pinpoint failures. When an accident or failure occurs, the root cause of the negative event can be identified. Each event is analyzed by asking, "How could this happen?" In answering this question, the primary causes and how they interact to produce an undesired event are identified. This logic process continues until all potential causes have been identified. Throughout this process, a tree diagram is used to record the events as they are identified. Tree branches stop when all events leading to the negative event are complete.
Event Tree Analysis
An event tree analysis (ETA) is a visual representation of all the events which can occur in a system. As the number of events increases, the picture fans out like the branches of a tree.
Event trees can be used to analyze systems in which all components are continuously operating, or for systems in which some or all of the components are in standby mode - those that involve sequential operation logic and switching. The starting point (referred to as the initiating event) disrupts normal system operation. The event tree displays the sequences of events involving success and/or failure of the system components. The goal of an event tree is to determine the probability of an event based on the outcomes of each event in the chronological sequence of events leading up to it. By analyzing all possible outcomes using event tree analysis, you can determine the percentage of outcomes which lead to the desired result.
Probabilistic Risk Assessment:
Risk is a term used across governments and industries to classify the likelihood and outcome of events. Phrases such as "highly probable" or "catastrophic" may be sufficient classifications for many applications. However in cases where consequences could mean loss of human life or millions of dollars in assets, decision-makers look for numbers as a more solid basis on which to quantify risky decisions and the uncertainty of these decisions. Thus arose the concept of Probabilistic Risk Assessment (PRA), which may also be called Quantitative Risk Assessment (QRA) or Probabilistic Safety Assessment (PSA). Historically, PRA has been applied in the nuclear, Chemical, and aerospace industries. More recently, it has been emerging in construction, transportation, financing, and management planning. PRA is a well-established technique for integrating various reliability modeling tools, such as Fault Tree, Event Tree, and even Reliability Block Diagram (RBD), and FMEA to numerically quantify risks. The PRA sets out to determine what hazardous scenarios can occur, what is the likelihood they can occur, and what are the consequences given they occur. It uses statistical reliability data for basic events to answer these questions. The first step of a Probabilistic Risk Assessment is to identify an undesired top event, such as "loss of life" or "loss of mission," and trace out all the hazards that could lead to this event.
This is usually conducted through the use of event trees, in which the hazards become the initiating events. For the initiating events and all subsequent intermediate events, fault trees are developed. At the lowest level, the basic events of the fault trees are assigned probabilities. These probabilities are propagated up the logic to reach a probability (and uncertainty) of the undesired top event. PRA is a key tool in safety management. Software to implement PRA is necessary for any large-scale system due to the large, complex logic chains that must be analyzed. Using Relex Fault Tree/Event Tree, the analyst can allow the software to do the logic calculations automatically and can concentrate on the safety engineering. Software links between fault tree top events and the events in event tree can be easily associated. Thus Relax proves to be a valuable safety software tool for any PRA program.
Fault Tree Analysis
Fault tree analysis (FTA) is a failure analysis in which an undesired state of a system is analyzed using Boolean logic to combine a series of lower-level events. This analysis method is mainly used in the field of safety engineering to quantitatively determine the probability of a safety hazard.
To define the top event the type of failure to be investigated must be identified. This could be whatever the end result of an incident may have been, such as a forklift overturning. Determine all the undesired events in operating a system .Separate this list into groups having common characteristics. Several FTAs may be necessary to study a system completely. Finally, one event should be established representing all events within each group. This event becomes the undesired event to study. Know the system. All available information about the system and its environment should be studied. A job analysis may prove helpful in determining the necessary information. because only the few symbols are involved and the actual construction is pretty straightforward. Principles of construction Principles of construction. The tree must be constructed using the event symbols listed above. It should be kept simple. Maintain a logical, uniform, and consistent format from tier to tier. Use clear, concise titles when writing in the event symbols. The logic gates used should be restricted to the and gate and or gate with constraint symbols used only when necessary. An example would be the use of the oval constraint symbol to illustrate a necessary order of events that must happen to have an event occur. The transfer triangle should be used sparingly if at all.
The more the transfer triangle is used, the more complicated the tree becomes. The purpose of the tree is to keep the procedure as simple as possible. Validate the tree. This requires allowing a person knowledgeable in the process to review the tree for completeness and accuracy. Evaluate the fault tree. The tree should then be scrutinized for those areas where improvements in the analysis can be made or where there may be an opportunity to utilize alternative proce Validate the tree. This requires allowing a person knowledgeable in the process to review the tree for completeness and accuracy evaluate the fault tree.
The tree should then be scrutinized for those areas where improvements in the analysis can be made or where there may be an opportunity to utilize alternative procedures or materials to decrease the hazard.
FTA methodology is described in several industry and government standards, including NRC NUREG-0492 for the nuclear power industry, an aerospace-oriented revision to NUREG-0492 for use by NASA, SAE ARP4761 for civil aerospace, MIL-HDBK-338 for military systems for military systems. IEC standard IEC61025 is intended for cross-industry use and has been adopted as European Norme EN61025.Since no system is perfect, dealing with a subsystem fault is a necessity, and any working system eventually will have a fault in some place. However, the probability for a complete or partial success is greater than the probability of a complete failure or partial failure. Assembling a FTA is thus not as tedious as assembling a success tree which can turn out to be very time consuming. Because assembling a FTA can be a costly and cumbersome experience, the perfect method is to consider subsystems. In this way dealing with smaller systems can assure less error work probability, less system analysis. Afterward, the subsystems integrate to form the well analyzed big system.
An undesired effect is taken as the root ('top event') of a tree of logic. There should be only one Top Event and all concerns must tree down from it. Then, each situation that could cause that effect is added to the tree as a series of logic expressions. When fault trees are labeled with actual numbers about failure probabilities (which are often in practice unavailable because of the expense of testing), computer programs can calculate failure probabilities from fault trees.
A fault tree diagram
The Tree is usually written out using conventional logic gate symbols. The route through a tree between an event and an initiator in the tree is called a Cut Set. The shortest credible way through the tree from fault to initiating event is called a Minimal Cut Set.
Some industries use both Fault Trees and Event Trees (see Probabilistic Risk Assessment). An Event Tree starts from an undesired initiator (loss of critical supply, component failure etc.) and follows possible further system events through to a series of final consequences. As each new event is considered, a new node on the tree is added with a split of probabilities of taking either branch. The probabilities of a range of 'top events' arising from the initial event can then be seen.
Classic programs include the Electric Power Research Institute's (EPRI) CAFTA software, which is used by many of the US nuclear power plants and by a majority of US and international aerospace manufacturers, and the Idaho National Laboratory's SAPHIRE, which is used by the U.S. Government to evaluate the safety and reliability of nuclear reactors, the Space Shuttle, and the International Space Station. Outside the US, the software Risk Spectrum is a popular tool for Fault Tree and Event Tree analysis and is licensed for use at almost half of the world's nuclear power plants for Probabilistic Safety Assessment.
Many different approaches can be used to model a FTA, but the most common and popular way can be summarized in a few steps. Remember that a fault tree is used to analyze a single fault event, and that one and only one event can be analyzed during a single fault tree. Even though the "fault" may vary dramatically, a FTA follows the same procedure for an event, be it a delay of 0.25 msec for the generation of electrical power, or the random, unintended launch of an ICBM.
Fault Tree Analysis is a well-established methodology that relies on solid theories such as Boolean logic and Probability Theory. Boolean logic is used to reduce the Fault Tree structure into the combinations of events leading to failure of the system, generally referred to as Minimal Cut Sets, many of which are typically found. Probability Theory is then used to determine probabilities that the system will fail during a particular mission, or is unavailable at a particular point in time, given the probability of the individual events. Additionally, probabilities are computed for individual Minimal Cut Sets, forming the basis for their ranking by importance with respect to their reliability and safety impact.
Using this detailed information, efforts to improve system safety and reliability can be highly focused, and tailored to your individual system. Possible design changes and other risk-mitigating actions can be evaluated for their impact on safety and reliability, allowing for a better-informed decision making process and improved system reliability. This type of analysis is especially useful when analyzing large and complex systems where manual methods of fault isolation and analysis are not viable.
Fault Trees are composed of events and logical event connectors (OR-gates, AND-gates, etc.). Each event node's sub-events (or children) are the necessary pre-conditions that could cause this event to occur. These conditions can be combined in any number of ways using logical gates. Events in a Fault Tree are continually expanded until basic events are created for which you can assign a probability.
Define the undesired event to study:
Definition of the undesired event can be very hard to catch, although some of the events are very easy and obvious to observe. An engineer with a wide knowledge of the design of the system or a system analyst with an engineering background is the best person who can help define and number the undesired events. Undesired events are used then to make the FTA, one event for one FTA; no two events will be used to make one FTA.
Obtain an understanding of the system .Once the undesired event is selected, all causes with probabilities of affecting the undesired event of 0 or more are studied and analyzed. Getting exact numbers for the probabilities leading to the event is usually impossible for the reason that it may be very costly and time consuming to do so. Computer software is used to study probabilities; this may lead to less costly system analysis.
System analysts can help with understanding the overall system. System designers have full knowledge of the system and this knowledge is very important for not missing any cause affecting the undesired event. For the selected event all causes are then numbered and sequenced in the order of occurrence and then are used for the next step which is drawing or constructing the fault tree.
Construct the fault tree
After selecting the undesired event and having analyzed the system so that we know all the causing effects (and if possible their probabilities) we can now construct the fault tree. Fault tree is based on AND and OR gates which define the major characteristics of the fault tree.
Evaluate the fault tree After the fault tree has been assembled for a specific undesired event, it is evaluated and analyzed for any possible improvement or in other words study the risk management and find ways for system improvement. This step is as an introduction for the final step which will be to control the hazards identified. In short, in this step we identify all possible hazards affecting in a direct or indirect way the system.
Control the hazards identified :
This step is very specific and differs largely from one system to another, but the main point will always be that after identifying the hazards all possible methods are pursued to decrease the probability of occurrence.
Comparison With Other Analytical Methods:
FTA is a deductive, top-down method aimed at analyzing the effects of initiating faults and events on a complex system. This contrasts with Failure Mode and Effects Analysis (FMEA), which is an inductive, bottom-up analysis method aimed at analyzing the effects of single component or function failures on equipment or subsystems. FTA is very good at showing how resistant a system is to single or multiple initiating faults. It is not good at finding all possible initiating faults. FMEA is good at exhaustively cataloging initiating faults, and identifying their local effects. It is not good at examining multiple failures or their effects at a system level. FTA considers external events, FMEA does not. In civil aerospace the usual practice is to perform both FTA and FMEA, with a Failure Mode Effects Summary (FMES) as the interface between FMEA and FTA.
Alternatives to FTA include Dependence Diagram (DD), also known as Reliability Block Diagram (RBD) and Markov Analysis. A Dependence Diagram is equivalent to a Success Tree Analysis (STA), the logical inverse of an FTA, and depicts the system using paths instead of gates. DD and STA produce probability of success (i.e., avoiding a top event) rather than probability of a top event.
A Fault Tree is a graphical representation of events in a hierarchical, tree-like structure. It is used to determine various combinations of hardware, software, and human error failures that could result in a specified risk or system failure. System failures are often referred to as top events. A deductive analysis using a Fault Tree begins with a general conclusion or hazard, which is displayed at the top of a hierarchical tree. This deductive analysis is the final event in a sequence of events for which the Fault Tree is used to determine if a failure will occur or, alternatively, can be used to stop the failure from occurring. The remainder of the Fault Tree represents parallel and sequential events that potentially could cause the conclusion or hazard to occur and the probability of this conclusion. This is often described as a "top down" approach.
- Ericson, Clifton (1999). "Fault Tree Analysis - A History" (pdf). Proceedings of the 17th International Systems Safety Conference. http://www.fault-tree.net/papers/ericson-fta-history.pdf. Retrieved 2010-01-17.
- Winter, Mathias (1995). "Software Fault Tree Analysis of an Automated Control System Device Written in ADA" (pdf). Master's Thesis (Monterey, CA: Naval Postgraduate School). ADA303377. http://handle.dtic.mil/100.2/ADA303377. Retrieved 2010-01-17.
- Benner, Ludwig (1975). "Accident Theory and Accident Investigation". Proceedings of the Society of Air Safety Investigators Annual Seminar. http://www.iprr.org/papers/75iasiatheory.html. Retrieved 2010-01-17.
- Delong, Thomas (1970). "A Fault Tree Manual" (pdf). Master's Thesis (Texas A&M University). AD739001. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=AD739001&Location=U2&doc=GetTRDoc.pdf. Retrieved 2010-03-09.
- Ekberg, C. R. (1964). Fault Tree Analysis Program Plan. Seattle, WA: The Boeing Company. D2-30207-1. http://www.dtic.mil/srch/doc?collection=t3&id=AD0299561. Retrieved 2010-01-
Need an essay? You can buy essay help from us today!