Fault Tree Analysis (FTA) Kim R. Fowler KSU ECE February 2013

Similar documents
Guidance Notes on the Investigation of Marine Incidents

Crane Bashes Pipes. Lessons Learned. Volume 03 Issue USW

Defective Backhoe Breaks Line

Worker s Arm Pulled Into Belt and Pulley

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Fluorine Gas Mist Pot Fails

First Announcement/Call For Papers

Baler Gone Wild! Lessons Learned. Volume 03 Issue USW

Safe medication practice what can we learn from root cause analysis and related methods?

Gasket Failure Causes Leak

Effective Root Cause Analysis A Process

Quick Guide to A3 Problem Solving

Root Cause Analysis. Chris Bills Compliance Enforcement Attorney

HYDROELECTRIC COMMUNICATION TECHNICIAN I HYDROELECTRIC COMMUNICATION TECHNICIAN II Range B55/B75 BOD 7/12/2017

TAHOE CITY PUBLIC UTILITY DISTRICT Job Description

DISTRIBUTION STATEMENT A

Wrong PSV Found Installed in Field

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

Recommended Work Keys Scores for Law Enforcement

PROMPR22 Carrying out fault diagnosis on mechanical equipment

GRADUATE PROGRAM IN PUBLIC HEALTH

SEMEM3-05 Carrying out fault diagnosis on mechanical equipment

Lessons Learned with the Application of MIL-STD-882D at the Weapon System Explosives Safety Review Board

Nicolas H. Malloy Systems Engineer

CanSat Competition PDR and CDR Guide

Recommendation 029 E Best Practice for Investigation and Inquiry into HSE Incidents

EFFECTIVE ROOT CAUSE ANALYSIS AND CORRECTIVE ACTION PROCESS

New Maintenance Requirements from CMS. Intermountain Clinical Instrumentation Society

Executive Summary. Northern Virginia District (NOVA) Smart Travel Program. Virginia Department of Transportation. December 1999

CWE TM COMPATIBILITY ENFORCEMENT

Near-miss Injury Security Officer Hit by Vehicle

Health Management Information Systems: Computerized Provider Order Entry

Army Ground-Based Sense and Avoid for Unmanned Aircraft

The APL Coordinated Engagement Simulation (ACES)

ACCIDENT AND ILLNESS PREVENTION PROGRAM (AIPP)

Research on Application of FMECA in Missile Equipment Maintenance Decision

Department of the Army *ATEC Regulation United States Army Test and Evaluation Command 4501 Ford Avenue Alexandria, VA August 2004

The Four-Element Framework: An Integrated Test and Evaluation Strategy

Goals of System Modeling:

5Ways to. Leverage Data-driven Patient Care

AADL Isolette Example!

Root Cause Analysis (Part I) event/rca_assisttool.doc

Service Manual. WorkCentre Multifunction Printer. WC5016 WC5020 Black-and-white. Multifunction Printer

Higher Fidelity Operational Metrics. LTC Tom Henthorn Chief, Small Arms Branch SRD, USAIC

Math 120 Winter Recitation Handout 4: Introduction to Related Rates

Reviewing Methods Used in Patient Safety Research: Advantages and Disadvantages. This SPSRN work is funded by

System Safety in a System of Systems Environment

Using CAST for Adverse Event Investigation in Hospitals

RELIABILITY CONSIDERATIONS FOR LAUNCH VEHICLE COMMAND DESTRUCT SYSTEMS

Computer System. Computer hardware. Application software: Time-Sharing Environment. Introduction to Computer and C++ Programming.

Level 5 Diploma in Occupational Health and Safety Practice ( )

NORTHWESTERN UNIVERSITY PROJECT NAME JOB # ISSUED: 03/29/2017

Networked Medical Devices And The IEC80001 Standard: Are You Ready?

Toolbox for the collection and use of OSH data

Computer Science Undergraduate Scholarship

The 123 Assessment Businesses and Organizations

A RATIONALE FOR ESTABLISHING SURVIVABILITY REQUIREMENTS FOR OBJECTIVE FORCE UNMANNED ARMY PLATFORMS AND SYSTEMS

Health Management Information Systems

SEMEMI SQA Unit Code H2AK 04 Carrying out fault location on mechanical equipment

Four Safety Truths that Reduce Workplace Injuries. Llanne Jocson Concepcion OSH Practitioner

NURSING RESEARCH (NURS 412) MODULE 1

Department of Defense DIRECTIVE

Gloucester County Sheriff's Office Policy and Procedure Manual Gloucester County Sheriff's Office

MODEL OF TECHNOPRENEURSHIP DEVELOPMENT IN SEPULUH NOPEMBER INSTITUTE OF TECHNOLOGY INDUSTRIAL INCUBATOR

Exhibit R-2, RDT&E Budget Item Justification

The Verification for Mission Planning System

Isolette TI500 Neonatal Transport

The Concept of C2 Communication and Information Support

Diagram 1. Starting, charging and ignition (except fuel injection). Models up to Wiring diagrams

NUCLEAR SAFETY PROGRAM

Human Systems Integration (HSI)

Safety Innovations FOUNDATIONHTSI. Healthcare Alarm Safety What We Can Learn From Military Alarm Management Strategies

ADMINISTRATIVE POLICY & PROCEDURE PATIENT SAFETY PLAN

3. Does the institution have a dedicated hospital-wide committee geared towards the improvement of laboratory test stewardship? a. Yes b.

Montrouge, July 26 th Addressees at end,

Sources of value from healthcare IT

Challenges in Vertical Collaboration Among Warfighters for Missile Defense C2

Inventory Management Practices for Biomedical Equipment in Public Hospitals : An Evaluative Study

Brachytherapy-Radiopharmaceutical Therapy Quality Management Program. Rev Date: Feb

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Kill Vehicle Work Breakdown Structure

Risk Assessment Tool Training Manual

EPSC s activities are directed towards four principal objectives:

Application of systems and control theory-based hazard analysis to radiation oncology

Health Literacy Environment Review

MOTOR CONTROL WIRING DIAGRAMS EPUB

STARTUP INTELLIGENCE STARTUP ACCELERATION

WESTERN TECHNICAL COLLEGE

Lincoln County Position Description. Date: January 2015 Reports To: Board of Health

Tomahawk Deconfliction: An Exercise in System Engineering

WARFIGHTER FOCUSED. Training Systems

LABORATORY TECHNICIAN Series Specification

Office of the Inspector General Department of Defense

Fire Control Systems.

ARMY TM AIR FORCE TO 35C MARINE CORPS TM 10155A-13/1

Briefing for Industry

RTLS and the Built Environment by Nelson E. Lee 10 December 2010

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Joint Commission Laboratory Accreditation: Why It Is Right For Your Organization

Instructions for the Incident/Accident Investigation Form

Transcription:

Fault Tree Analysis (FTA) Kim R. Fowler KSU ECE February 2013

Purpose for FTA In the face of potential failures, determine if design must change to improve: Reliability Safety Operation Secondary purposes: educate designers to potential problems perform root cause analysis when a fault occurs February 2013 2

Basic Description Determines sources, or root causes, of potential faults Qualitative and quantitative Graphical, top-down approach Uses Boolean algebra, logic, and probability Can handle multiple failures Can support probabilistic risk assessment Part of system design hazard analysis type (SD-HAT) February 2013 3

Goals of FTA Assess system safety Top-down analysis focused on system design Identifies potential root causes of failures Provides a basis for reducing safety risks Documentation of safety considerations What does it tell developer? help find potential risks during design What does it tell regulator? designers used a measure of discipline and rigor February 2013 4

History of FTA Developed at Bell Labs for the guidance system of the U.S. Minuteman missile during the 1960s Used by Boeing for Minuteman Weapon System Regularly used by: Commercial aircraft industry Nuclear power industry February 2013 5

FTA Answers these Questions What are the root causes of failures? What are the combinations and probabilities of causal factors in undesired events? What are the mechanisms and fault paths of undesired events? February 2013 6

FTA Symbols February 2013 7

FTA Symbolic Event Meanings February 2013 8

FTA Simple Logic February 2013 9

FTA Exclusive and Inhibit Logic February 2013 10

FTA Methodology February 2013 11

Step1: Define the System Collect design Requirements Source Code Models Schematics Layout concept of operations or CONOPs Understand the system behavior February 2013 12

Step 2: Define Undesired Event Identify the final outcome of the undesired event Identify sub-events that lead to final event Begin to structure the connections - - but - - Do Step 3 before completing structure of connections February 2013 13

Step 3: Establish Rules Define analysis ground rules boundaries Concepts that you can (should) use: I-N-S: What is immediate (I), necessary (N), and sufficient (S) to cause the event? Helps focus on event chain Helps analyst from jumping ahead SS-SC: What is the source of the fault? If component failure classify as SC (state-of February 2013 14

Step 3: (continued) P-S-C: (Ericson, Fig. 11.8, p. 194) What are the primary (P), secondary (S), and command (C) causes of the event? Helps focus on specific causal factors SS-SC: If component failure classify as SC (state-of-thecomponent) fault If not component failure classify as SS (state-of-thesystem) fault If fault is SC, then event ORs P-S-C inputs If fault is SS, then develop event further with using I- N-S logic February 2013 15

Step 4: Building Tree Repetitive process Ericson, Fig. 11.9, p. 195 At each level determine Cause Effect Logical combination using logic symbols Construction rules (see Ericson, pp. 196 197), these are almost self-evident but still good, disciplined techniques February 2013 16

Step 5: Establish Cut Sets Cut set critical path(s) of sub-event combinations that cause the undesirable final state event Ericson provides in-depth mathematical treatment of cut sets and probabilities on pp. 199 206 Often, mere inspection will reveal the weak links that indicate the most important cut set(s) that lead to the event February 2013 17

EXAMPLE OF INCUBATOR ISOLETTE February 2013 18

Example Incubator Isolette http://www.worldbiomedsource.com/images/products/pimage/air%20shield%20c550.jpg February 2013 19

Simple Isolette Diagram February 2013 20

Step 1: Define the System For simplicity, use the previous diagram as the system model Recognize several different subsystems: Controls Display Heater with closed loop thermal sensor Airflow fan and ductwork Independent thermal safety interlock Medical staff operating controls and display Patient receiving output (warmed air) February 2013 21

Step 2: Define Undesired Event Undesired event: Air is not warmed. Sub-events: Operations error Heater fault or failure Air handling system fault or failure Thermal safety system fault or failure February 2013 22

Step 3: Analysis Ground Rules Understand process concepts: I-N-S P-S-C SS-SC February 2013 23

Step 4: Construct Fault Tree (from Step 2, collect events) These are SS faults, so OR them together Proceed to next level Determine underlying events Apply process concepts: I-N-S P-S-C SS-SC Connect them together with logical linkages Repeat process for lower levels February 2013 24

Steps 5-7: Find Fault Paths Inspect paths for possible faults Generate the cut sets (for simplicity in this introduction, we are using inspection) Ericson gives detailed instructions for automating the selection of cut sets calculating probabilities of occurrence February 2013 25

Ex. Isolette Warm Air Fault, Collecting Event and Sub-events February 2013 26

Ex. Isolette Warm Air Fault, Develop Fault Paths for Sub-events, Part 1 February 2013 27

Ex. Isolette Warm Air Fault, Develop Fault Paths for Sub-events, Part 2 February 2013 28

Ex. Isolette Warm Air Fault, Develop Fault Paths for Sub-events, Part 3 February 2013 29

Ex. Isolette Warm Air Fault, Part 4: Final Version of Fault Tree February 2013 30

Ex. What do you do now? For design purposes: Review each path Can you eliminate that path? If not, can it be made more fault resistant? Does fault tree represent the scope of possible paths (and reasonable a meteor falling out of the sky and hitting it is not)? For root cause analysis: Does the evidence point to any fault path? If so, fix the problem. If not, revise the diagram. February 2013 31

CLASS EXERCISES PROBLEM #1 February 2013 32

Step 1: Define the System (done) For simplicity, use the previous diagram as the system model Recognize several different subsystems (done already) February 2013 33

Step 2: Define Undesired Event Undesired event: No airflow. Sub-events: Operations error Air handling system fault or failure Eliminate sub-events and subsystems that do not interact or control the air handling system: Heater fault or failure Thermal safety system fault or failure February 2013 34

Step 3: Analysis Ground Rules Understand process concepts: I-N-S P-S-C SS-SC February 2013 35

Step 4: Construct Fault Tree These are SS faults, so OR them together Proceed to next level Determine underlying events - Operations Assume that medical staff does not directly control airflow from interface panel Blocking air inlet Malicious Isolette inlet up against wall or obstruction (hint ignorance) February 2013 36

Step 4: (continued) Determine underlying events air handling (hint fan) (hint what directs airflow?) (hint problem with control signal (hint electrical current into subsystem) Apply process concepts Connect them together with logical linkages February 2013 37

Exercise Isolette Airflow Fault February 2013 38

Ex. What do you do now? For design purposes: Review each path Can you eliminate that path? If not, can it be made more fault resistant? Does fault tree represent the scope of possible paths (and reasonable a meteor falling out of the sky and hitting it is not)? For root cause analysis: Does the evidence point to any fault path? If so, fix the problem. If not, revise the diagram. February 2013 39

Solution Isolette Airflow Fault February 2013 40

CLASS EXERCISES PROBLEM #2 February 2013 41

Step 1: Define the System (done) For simplicity, use the previous diagram as the system model Recognize several different subsystems (done already) February 2013 42

Step 2: Define Undesired Event Undesired event: Failure alarm sounds. Sub-events: Operations error Air handling system fault or failure Heater fault or failure Thermal safety system fault or failure Diagnostic subsystem fault or failure February 2013 43

Step 3: Analysis Ground Rules Understand process concepts: I-N-S P-S-C SS-SC February 2013 44

Step 4: Construct Fault Tree These are SS faults, so OR them together Proceed to next level down: Determine operation faults or failures February 2013 45

Step 4: (continued) Determine heater subsystem faults or failures Determine air handling subsystem faults February 2013 46

Step 4: (continued) Determine thermosafety switch faults Determine alarm subsystem faults February 2013 47

Step 4: (continued) Apply process concepts Connect them together with logical linkages February 2013 48

Exercise Isolette Alarm Sounds February 2013 49

Ex. What do you do now? For design purposes: Review each path Can you eliminate that path? If not, can it be made more fault resistant? Does fault tree represent the scope of possible paths (and reasonable a meteor falling out of the sky and hitting it is not)? For root cause analysis: Does the evidence point to any fault path? If so, fix the problem. If not, revise the diagram. February 2013 50

Solution Isolette Alarm Sounds February 2013 51

From satellite imaging systems, blank screen on ground support equipment. FINAL EXAMPLE February 2013 52

Example FTA (from aerospace) February 2013 53

Ericson example FTA February 2013 54

FINAL THOUGHTS ON FTA February 2013 55

FTA Advantages Structured and rigorous Easily understood via visual format Combines hardware, software, environment, and human operations Can do probability assessment Commercial software available February 2013 56

FTA Disadvantages Can be very time consuming Limitations Almost impossible to model: timing and scheduling intermittent faults or injected noise Does not identify hazards unrelated to failure Limited examination of software Requires system/product expertise February 2013 57

Parting Comments FTA should be used in combination with other analytical tools, not as sole tool for hazard analysis FTA only models fault paths, not all events This introduction did not cover all the probability assessments or the processes for cut sets February 2013 58

Reference Clifton A. Ericson II, Hazard Analysis Techniques for System Safety, Wiley- Interscience, A John Wiley & Sons, Inc., Publication, 2005, pp. 183 221. Based on MIL. STD. 882. February 2013 59

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback