FAULT TREE ANALYSIS

Fault Tree Analysis (FTA)

A FTA is a deductive (top-down) approach that graphically and logically represents events at a lower level which can lead to a top undesirable event.

A common tool using graphics and statistics to analyze an event and predict how and how often it will fail.

Fault tree analysis is a graphical representation of the major faults or critical failures associated with a product, the causes for the faults, and potential countermeasures.

Applying Fault Tree Analysis

EVENT SYMBOLS:

Basic Event

Conditioning Event

Undeveloped Event

External Event

Primary Event SymbolsIntermediate Event Symbol

EVENTS:

The BASIC event indicates a basic initiating event at the limit of resolution; i.e. we do not wish to develop this fault any further in this particular analysis.

The UNDEVELOPED event is undeveloped because there we either lack information, or the event is of no consequence.

The EXTERNAL event is an event that is expected to happen in the course of normal operation of the system.

The INTERMEDIATE event is neither the top-most undesired event, nor a primary event. Further events are attached to the INTERMEDIATE event, usually via gates.

The final event is the CONDITIONING event. It is used primarily with the INHIBIT and PRIORITY AND gates

GATE SYMBOLS

Gate Symbols

AND

OR

Exclusive OR

Priority AND

Inhibit

GATES

The AND gate indicates that the output fault (drawn above the gate) only occurs if the two (or more) input faults (drawn below the gate) occur.

The OR gate indicates that the output fault occurs if at least one of the two (or more) input faults occur.

The EXCLUSIVE OR gate indicates that the output fault occurs if exactly one of the two (or more) input faults occur.

The PRIORITY AND gate indicates that the output fault only occurs if all the input faults occur in a specified order (left to right on the page).

GATES

The INHIBIT gate is another special case of the AND gate: The output event is caused by a single input event, but a particular condition (given by a CONDITIONING event) must be satisfied before the input can produce the output.

This condition may be probabilistic. The difference from the AND gate here is one of emphasis: the condition given is not a fault or external event as such, but something to do with the environment, e.g. a particular temperature.

FTA:

The two transfer symbols, TRANSFER IN and TRANSFER OUT allow a large tree to be broken up into multiple pages; it also allows for the analysis to be broken into more manageable parts, and for duplication to be reduced.

Transfer Symbols

Transfer IN Transfer OUT

FTA:EXAMPLE

AND OR

PSV does not relieve

Process pressure

rises

Control fails high

PSV too small

Set point too high

PSV stuck closed

Fouling inlet or outlet

Pressure rises

Process vessel over pressured

AND

PRILIMINARY STEPS

Define precisely the top event. Events such as "high reactor temperature" or "liquid level too high" are precise and appropriate. Events such as "explosion of reactor" or "fire in process" are too vague, whereas an event such as "leak in valve” is too specific.

Define the existing event. What conditions are sure to be present when the top event occurs?

Define the unallowed events. These are events that are unlikely or are not under consideration at the present. This could include wiring failures, lightning tornadoes, and hurricanes.

PRILIMINARY STEPS

Define the physical bounds of the process. What components are to be considered in the fault tree?

Define the equipment configuration. What valves are open or closed? What are the liquid levels? Is this a normal operation state?

Define the level of resolution. Will the analysis consider just a valve, or will it be necessary to consider the valve components?

PROBABILITY

Once a fault tree has been constructed, then we can consider calculating probabilities of failure.

Essentially, for each event, we attempt to assign a probability. For primary events, this probability must be derived from external information.

For all other events, their probability is calculated from their immediate descendant events and the intervening gate.

ADVANTAGES

Quantitative - defines probabilities to each event which can be used to calculate the probability of the top event

Easy to read and understand hazard profile Easily expanded to bow tie diagram by addition of

event tree. Effective way to diagram problems in a system Helps to organize possible causes of a problem in

the system.

LIMITATIONS

Time-consuming in constructing the graphs

Many systems involve many dependencies

Difficult to detect inconsistencies

Difficult to focus only on the most critical parts of the design on high

coupling systems

Not always easy to spot

Fault trees also assume that failures are "hard," that a particular item of

hardware does not fail partially. Leaking valve is a good example of a

partial failure.