Approach Tools of

Maintenance Analysis

Dr. Ir. M. Sabri

Analytical Approaches
There are two generic analytical
methods: induction and deduction
What is the characteristics of these
approaches?.

Inductive Approaches
constitutes reasoning from individual cases to
a general conclusion
Example of the inductive approaches
Preliminary Hazards Analysis (PHA), Failure
Mode and Effect Analysis (FMEA), Failure
Mode Effect and Criticality Analysis (FMECA),
Fault Hazard Analysis (FHA), and Event Tree
Analysis.
assume some possible component condition
or initiating event and try to determine the
corresponding effect on the overall system.

Deductive Approaches
constitutes reasoning from the general
to the specific
we assume the system/components
failed in a certain way, and attempt to
find out what modes of
system/components behaviour
contribute to this failure.
Can be considered as accident
investigations analyses in real life.

Deductive Approaches
For example what chain of events
caused the sinking of an "unsinkable"
ship such as the Titanic on its maiden
voyage?
What failure processes, instrumental
and/or human, contributed to the
crash of a commercial airliner into a
mountainside?
Example of this system is Fault Tree
Analysis

Summary

are applied to determine what system

states(usually failed states) are
possible; deductive methods are
applied to determine how a given
system state (usually a failed state)
can occur.

"Parts Count" Approach

The simplest and most conservative
approach
assumption we can make about a system is
that any single component failure will produce
complete system failure.
Upper bound on the probability of system
failure is straightforward, by simply list all the
components along with their estimated
probabilities of failure.
The individual component probabilities are
then added and this sum provides an upper
bound on the probability of system failure.

"Parts Count" Approach

The simplest and most conservative
approach
assumption we can make about a system is
that any single component failure will produce
complete system failure.
Upper bound on the probability of system
failure is straightforward, by simply list all the
components along with their estimated
probabilities of failure.
The individual component probabilities are
then added and this sum provides an upper
bound on the probability of system failure.

"Parts Count" Approach

Component

Failure

fA

fB

fC

fD

where F, the failure probability for the system, is equal to fA + fB + fC

+ fD
The failure probabilities can be failure rates, unreliabilities, or
unavailabilities depending on the particular application

"Parts Count" Approach

Component

Failure

fA

fB

fC

fD

where F, the failure probability for the system, is equal to fA + fB + fC

+ fD
The failure probabilities can be failure rates, unreliabilities, or
unavailabilities depending on the particular application

Failure vs. Success Models

The operation of a system can be
considered from two standpoints:
we can enumerate various ways for
system success, or we can enumerate
various ways for system failure

Failure vs. Success Models

The operation of a system can be
considered from two standpoints:
we can enumerate various ways for
system success, or we can enumerate
various ways for system failure

Failure vs. Success Models

Fault Occurrence vs. Fault

Existence
A fault may be repairable or not,
depending on the nature of the system.
Under conditions of no repair, a fault that
occurs will continue to exist.
In a repairable system a distinction must
be made between the occurrence of a
fault and its existence. Actually this
distinction is of importance only in fault
tree quantification.

Passive vs. Active Components

A passive component contributes in a

more or less static manner to the
functioning of the system.

The failure of a passive component will result

in the non-transmission (or, perhaps, partial
transmission) of its "signal."

Active component contributes in a more

dynamic manner to the functioning of its
parent system by modifying system
behaviour in some way.
active component acts as a "transfer
function,"

Passive vs. Active Components

In constructing a fault tree, the basic

concepts of failure effects, failure
modes, and failure mechanisms are
important in determining the proper
interrelationships among the events

Fault tree analysis

is a deductive failure analysis which focuses on one
particular undesired event and which provides a method
for determining causes of this event.
The undesired event constitutes the top event in a fault
tree diagram constructed for the system, and generally
consists of a complete, or catastrophic failure
Careful choice of the top event is important to the
success of the analysis. If it is too general, the analysis
become unmanageable; if it is too specific, the analysis
does not provide a sufficiently broad view of the system.
Fault tree analysis can be an expensive and timeconsuming exercise and its cost must be measured
against the cost associated with the occurrence of the
relevant undesired event.

Basic Element of Fault Tree

A fault tree analysis can be simply described as an

analytical technique
Have to specify the undesired state of the system (usually
a state that is critical from a safety standpoint), and the
system is then analyzed in the context of its environment
and operation to find all credible ways in which the
undesired event can occur.

Agraphic model of the various parallel and sequential

combinations of faults that will result in the occurrence
of the predefined undesired event.
Thefaults can be events that are associated with
component hardware failures, human errors, or any
other pertinent events which can lead to the undesired
event.
Depicts the logical interrelationships of basic events that
lead to the undesired event-on the top of the tree.

Basic Element of Fault Tree

is not a model of all possible system
failures or all possible causes for system
failure.
is tailored to its top event which
corresponds to some particular system
failure mode
Only includes those faults that contribute
to this top event.
Can not consider as exhaustive-they
cover only the most credible faults as
assessed by the analyst.

Basic Element of Fault Tree

is not a quantitative model. It is a
qualitative model that can be
evaluated quantitatively
Can be used for all virtually varieties
of system models.
fact that a fault tree is a particularly
convenient model to quantify does not
change the qualitative nature of the
model itself.

Basic Element of Fault Tree

A fault tree is a complex of entities known as
"gates" which serve to permit or inhibit the
passage of fault logic up the tree.
The gates show the relationships of events
needed for the occurrence of a "higher" event.
The "higher" event is the "output" of the gate; the
"lower" events are the "inputs" to the gate.
The gate symbol denotes the type of relationship
of the input events required for the output event.
Gates are somewhat analogous to switches in an
electrical circuit or two valves in a piping layout.

Basic Element of Fault Tree

A typical fault tree is composed of a

number of symbols which are
described in detail in in the following
slides

Primary event
The primary events of a fault tree are those events, which,
not further developed.
The probabilities have to be provided if the fault tree is to
be used for computing the probability of the top event.
There are four types of primary events:

BASIC
A basic initiating fault requiring no further development

CONDITIONING
Specific conditions or restrictions that apply to any logic gate

UNDEVELOPED
An event which is not further developed either because it is of
insufficient consequence or because information is unavailable

EXTERNAL
An event which is normally expected to occur

Building Blocks of the FTA

Symbol

Event
BASIC

CONDITIONING
record any conditions or
restrictions
UNDEVELOPED
specific fault event that is not
further developed

EXTERNAL
used to signify an event that is
normally expected

Building Blocks of the FTA

Symbol

Event
INTERMEDIATE EVENT

A fault event that occurs because

of one or more antecedent causes
acting through logic gates

Building Blocks of the FTA

Symbol

Gate
AND
Output fault occurs if all of the
input faults occur

OR
Output fault occurs if at least one
of the input faults occurs
EXCLUSIVE OR
Output fault occurs if exactly one
of the input faults occurs
PRIORITY AND

INHIBIT
Output fault occurs if the (single)
input fault occurs in the presence
of an enabling condition

Building Blocks of the FTA

Event Q occurs if A occurs, B occurs, or both A and B

occur

Building Blocks of the FTA

Building Blocks of the FTA

Building Blocks of the FTA

Event Q occurs if A occurs and B

occurs

Building Blocks of the FTA

Building Blocks of the FTA

Building Blocks of the FTA

Event Q occurs only if input A occurs under the condition specified by

input B

Building Blocks of the FTA

Building Blocks of the FTA

Building Blocks of the FTA

The primary events of a fault tree are those events, which,
not further developed.
The probabilities have to be provided if the fault tree is to
be used for computing the probability of the top event.
There are four types of primary events:

BASIC
A basic initiating fault requiring no further development

CONDITIONING
Specific conditions or restrictions that apply to any logic gate

UNDEVELOPED
An event which is not further developed either because it is of
insufficient consequence or because information is unavailable

EXTERNAL
An event which is normally expected to occur

Example of FTA
a vehicle headlamp.
The electric circuit is very simple and includes
the battery, the switch, the lamp itself, and the
wire harness (Figure 1).
For simplicity, we will assume that the latter is
reliable enough to be excluded from our study.
We will also assume certain failure probabilities
for some components.
For a given time period, the probability of
failureon the figure
or the unreliability for the assigned distribution of
failures (not necessarily normal). Such
probabilities can be estimated from warranty

Example of FTA
A vehicle headlamp.
The electric circuit is very simple and includes
the battery, the switch, the lamp itself, and the
wire harness.
For simplicity, we will assume that the latter is
reliable enough to be excluded from our study.
We will also assume certain failure probabilities
for some components.
For a given time period, the probability of
failureon the figure
or the unreliability for the assigned distribution of
failures (not necessarily normal). Such
probabilities can be estimated from warranty

Example of FTA

Example of FTA

Example of FTA
P1 = 0.01, P2 = 0.01, P3=0.001, and P5=
0.02
P4 =P1+P2 - P1x P2
= 0.0199
P6 = P3+P4+P5-P3xP4-P3xP5P4xP5+P3xP4 xP5
= 0.04046

Faults vs. Failures

Word failure and the more general
word fault.
Consider a relay. If the relay closes
properly when a voltage is impressed
across its terminals, we call this a
relay "success." If, however, the relay
fails to close under these
circumstances, we call this a relay
"failure."

Faults vs. Failures

Another possibility is that the relay
closes at the wrong time due to the
improper functioning of some
upstream component.
This is clearly not a relay failure;
however, untimely relay operation may
well cause the entire circuit to enter an
unsatisfactory state

Faults vs. Failures

We shall call an occurrence like this a
"fault.
What can you say about failure and
fault, all failures are faults but not all
faults are failures.