Fault tree analysis

This analysis method is mainly used in safety engineering and reliability engineering to understand how systems can fail, to identify the best ways to reduce risk and to determine (or get a feeling for) event rates of a safety accident or a particular system level (functional) failure.

FTA is used in the aerospace,[1] nuclear power, chemical and process,[2][3][4] pharmaceutical,[5] petrochemical and other high-hazard industries; but is also used in fields as diverse as risk factor identification relating to social service system failure.

[6] FTA is also used in software engineering for debugging purposes and is closely related to cause-elimination technique used to detect bugs.

In aerospace, the more general term "system failure condition" is used for the "undesired state" / top event of the fault tree.

[9][10][11][12] The use of fault trees has since gained widespread support and is often used as a failure analysis tool by reliability experts.

FTA received extensive coverage at a 1965 System Safety Symposium in Seattle sponsored by Boeing and the University of Washington.

This change adopted failure probability criteria for aircraft systems and equipment and led to widespread use of FTA in civil aviation.

In 1998, the FAA published Order 8040.4,[24] establishing risk management policy including hazard analysis in a range of critical activities beyond aircraft certification, including air traffic control and modernization of the U.S. National Airspace System.

This led to the publication of the FAA System Safety Handbook, which describes the use of FTA in various types of formal hazard analysis.

[25] Early in the Apollo program the question was asked about the probability of successfully sending astronauts to the moon and returning them safely to Earth.

A risk, or reliability, calculation of some sort was performed and the result was a mission success probability that was unacceptably low.

Instead, NASA decided to rely on the use of failure modes and effects analysis (FMEA) and other qualitative methods for system safety assessments.

After the Challenger accident, the importance of probabilistic risk assessment (PRA) and FTA in systems risk and reliability analysis was realized and its use at NASA has begun to grow and now FTA is considered as one of the most important system reliability and safety analysis techniques.

Following process industry disasters such as the 1984 Bhopal disaster and 1988 Piper Alpha explosion, in 1992 the United States Department of Labor Occupational Safety and Health Administration (OSHA) published in the Federal Register at 57 FR 6356 (1992-02-24) its Process Safety Management (PSM) standard in 19 CFR 1910.119.

[29] OSHA PSM recognizes FTA as an acceptable method for process hazard analysis (PHA).

FTA methodology is described in several industry and government standards, including NRC NUREG–0492 for the nuclear power industry, an aerospace-oriented revision to NUREG–0492 for use by NASA,[26] SAE ARP4761 for civil aerospace, MIL–HDBK–338 for military systems, IEC standard IEC 61025[30] is intended for cross-industry use and has been adopted as European Norm EN 61025.

A design improvement can be made by requiring the operator to press two separate buttons to cycle the machine—this is a safety feature in the form of a logical AND.

An event tree starts from an undesired initiator (loss of critical supply, component failure etc.)

Classic programs include the Electric Power Research Institute's (EPRI) CAFTA software, which is used by many of the US nuclear power plants and by a majority of US and international aerospace manufacturers, and the Idaho National Laboratory's SAPHIRE, which is used by the U.S. Government to evaluate the safety and reliability of nuclear reactors, the Space Shuttle, and the International Space Station.

Professional-grade free software is also widely available; SCRAM[31] is an open-source tool that implements the Open-PSA Model Exchange Format[32] open standard for probabilistic safety assessment applications.

Unlike conventional logic gate diagrams in which inputs and outputs hold the binary values of TRUE (1) or FALSE (0), the gates in a fault tree output probabilities related to the set operations of Boolean logic.

A dependence diagram is equivalent to a success tree analysis (STA), the logical inverse of an FTA, and depicts the system using paths instead of gates.