Dealing adequately with technical uncertainties

Statistics, RAMS & Quality Management
Search this site:
Sitemap

Fault Tree Analysis

Focused on faults, fault tree analysis is the leading method for demonstrating safety.
In contrast to FMEA, fault tree analysis is not limited to single and independent failures. Instead, fault tree analysis can handle complex fault scenarios and special system behavior.
Most safety related systems are either fault tolerant, or require a specific sequence of faults in order to become potentially dangerous. For such systems, fault tree analysis is the method of choice because it is designed for handling such specific dependencies.
Like in earlier paragraphs, the twin engine aircraft example may give sufficient insight.
Twin engine aircraft are designed to fly safely with only one engine. Upon engine failure, the aircraft must fly directly to the nearest eligible alternate airport with its remaining engine.


The fault tree on the right doesn't account for the fact that flying on one engine would increase the failure rate of that engine. Depending on the power of the fault tree software, fault tree analysis basically could potentially handle that, however with some difficulties.

Over all, the right fault tree example with its three AND gates (red symbols) demonstrates that this method is way more specific than FMEA (which is basically just a collection of single and independent failures).
The downside of fault tree analysis is that, e.g. it there are 10 different fault scenarios, 10 individual fault trees have to be created (while just one FMEA for the whole system would be sufficient)

Although there are fault tree standards available (e.g. NUREG-0492, free in the www), the fault tree methodology itself tends to be self explaining.



Fehlerbaum Zweistrahliges Flugzeug
Fault tree analysis begins on the top with the so called top event. The wording of the top event must be as precise as possible. During analysis, the fault tree grows downwards towards the so called basic events. Basic events are such events that cannot or need not be divided any more. The basic events and the top event are connected via logical dependencies like boolean operators (AND, OR,...).
In most safety analyses, input data for the basic events comes either from FMEA or MTBF calculation.

The main difficulties with fault tree analysis are:
  1. Top event wording not precise. This provides room for interpretation.
  2. Logical tree diagram not correct. This is not a mathematical problem, but rather a consequence of not having understood the system behavior completely.
  3. Fault tree diagram being too detailed, and/or contra-intuitive.
Next


Privacy Policy