7th IFAC Conference on Manufacturing Modelling, Management,

and Control
International Federation of Automatic Control
June 19-21, 2013. Saint Petersburg, Russia

Safety Analysis of Combined FMEA and FTA with Computer Software

Assistance ± Take Photovoltaic Plant for Example
Chi-Tang Liu*, Sheue-Ling Hwang*, I-K. Lin**

*Institute of Industrial Engineering and Engineering Management, National Tsing Hua University,
Hsinchu, Taiwan, ROC (e-mail: lililu525@gmail.com)
**
School of Occupational Safety and Health, Chung Shan Medical University, Taichung, Taiwan, ROC

Abstract: Failure mode and effects analysis (FMEA) is one of the most widely used method for safety
analysis which can find out the effects of failure modes in components and system. Generally, the result
of FMEA can be the foundation for more detailed safety analysis like fault tree analysis (FTA), and
some computer software is released to assist the data linking, calculating, and documentation. However,
with the larger scope and higher demand of hazard analysis in the emerging industry such as
semiconductor or photovoltaic (PV) industry, it is difficult and time-consuming to go through the
traditional analysis way by manual work to catch the critical element which may play an important role
in safety and system, especially in early. The modified safety design and management after analysis are
also major topics that can prevent potential risk to happen, but the inspection and modification of
documents and data linking are also difficult without automation. This paper introduces the combination
way of FMEA and FTA with computer software assistance to solve the problems as listed, and this
proposed method is also applied into a manufacture process in a PV plant for case study.
Keywords: Safety analysis; Failure mode and effects analysis; Fault tree analysis; Software assistance; photovoltaic

1. INTRODUCTION
Safety and reliability are the most important issues in
chemical and semiconductor plant, especially when the
material, such as chemical gas, acid and alkaline liquid, are
flammable or toxic. In the past, safety management and
reliability analysis of most solar cell manufactories are
similar to those of semiconductor plants because of the
similarities between their processes and equipment.
However, green industry grows rapidly nowadays, more
and more new material and complex processes are involved
in producing higher solar photovoltaic conversion efficiency.
This trend accelerates the complexity and potential risk of
solar cell production, so the safety management and
reliability analysis become the first concerned topics day by
day. In addition, the requirement of safety and reliability
analysis is increasing quickly, and traditional safety and
reliability analysis such as FMEA and hazard and operability
analysis (HAZOP) are no longer able to support it because its
time-consuming, high requirement of analysis group and
difficult to modify smoothly.
In this study, we tried using and combining two risk
analyses ± FMEA and FTA step by step and taking
computer-aided software to assist analysis. In this approach,
we applied preliminary FTA first to establish the top-event
and fault tree to find out the minimal cutsets (MCS), and then
determined and discussed the basic events from MCS by
preliminary FMEA, including failure mode, effects and other
possible failure situation; meanwhile, we used computer
software to input data into FMEA and FTA individually and
deliver data automatically. Thus, we modular the fault tree
which is constructed in Pre. FTA by the result of FMEA and
identify the MCS to calculate the probability of top-event
and the critical part (the one has a high rate to fail). Finally
we completed the FMEA table of the basic events; especially
those were involved in critical part, and discussed solutions
to enhance the safety and reliability management of the target
process and machine in a case solar cell plant.
2. BACKGROUND
2.1 FMEA and FTA
FMEA is a widely used safety analysis for evaluating the
effects cause by different failure modes in elements or
components. FMEA, traditionally, is a time-consuming and
dull method by manual work as Hughes et al. (1999) and
Pentti and Helminen (2002) pointed, and some research for
automatically FMEA analysis are posted to solve the
problems such that Teoh and Case (2004) referred to a
minimum information concept for data linking automatically
to avoid data missing, and this method also allow the
combination of FMEA and other analysis approach. FTA is a
risk assessment tool which is systemic, deductive and logical.
As facing the analogous problems, Ferdous et al. (2007)
indicated that running FTA automatically is Inevitable due to
the heavy demand of probability calculation and fault tree
modulation. Majdara and Wakabayashi (2009) presented a
component-oriented method to automate fault tree generation.
The result of FMEA is typically used as the foundation of
more detailed safety analysis such as FTA and event tree
analysis, but it is tedious, time-consuming, and hard to grasp
the critical points or elements because the large scope and
complex manufacturing process without automation.
Papadopoulos et al. (2004) proposed a method that can
promote the result of individual component to the
construction of fault tree. However, any inspection and revise

978-3-902823-35-9/2013 © IFAC 2151 10.3182/20130619-3-RU-3018.00370

2013 IFAC MIM
June 19-21, 2013. Saint Petersburg, Russia
of the result of FMEA is tough, especially when the
frequency of reuse is much high. Additionally, how to link
data of failure mode and effects in a complex process with
FTA is a problem in actual situation, too.
39¶V HQYLURQPHQWDO KHDOWK DQG VDIHW\ (+6 LVVXH DQG
safety analysis
Green industry grows vigorously in recent years, and solar
industry has been growing rapidly too; expansions are seen
in both the number of factories and the increase in plant scale
as Wang et al. (2008) reported. Fthenakis and Moskowitz
(2000) and Cullen et al. (2002) pointed that PV industry
usually get to use more various and risky chemicals that
would cause lots of losses in case of carelessness. Due to this
growing speed, Wang et al. (2008) proposed the management
of risk in PV factory is more and more important. Fthenakis
(2003) mentioned the potential hazards in different types of
solar cell manufacturing process. Process hazard analysis is
required in law for PV plant in several countries in Europe
and the analysis demand is getting lager. Fthenakis (2003)
also suggested using Hazard and operability Analysis
(HAZOP), FMEA or FTA for more detailed safety analysis if
the target system is large and complex. Wild-Scholten and
Alsema (2005) described the impact of safety and
environment that might happen in the life cycle of crystalline
silicon solar cell. Thus, safety analysis is important in each
process stage.
3. METHOD
The method we used is referring to the iterative application
of FTA and FMEA carried out by Maskuniitty and Pulkkinen
(1994) and Bi-directional Analysis (BDA) method proposed
by Lutz and Woodhouse (1997, 1999b). We combined FTA
and FMEA stepwise in this study to establish a hybrid
approach; it was supposed to analyse the appropriateness of a
system safety design and management to prevent major
potential risk happened. In addition, we use computer-aided
software Reliability Workbench (Ver. 11.0) to assist the
analysis and data linking getting faster and automatically.
3.1 On-site interview
The nature of the chemical substances that used in the case
plant, the potential hazard factors, and the events were
collected from academic literature, government information,
internal data and environmental regulations to determine the
target material and the primary concern hazardous events,
and to establish the direction and framework of follow-up
research. The on-site interview was quite important and
necessary for analyst to understand the machine and
chemical substances that were used in actual situation,
including the P&ID, information of subsystem and
distinguish of module, also the function and specification of
components. Table 1 is an example of interview items.
Table 1. Partial of interview items
Function &
Subsystem Module Component
Specifications
Gas Box DEZ
Level sensor Detect the level of DEZ
LS-1 in buffer tank
2152
3.2 Combination of FMEA and FTA
The first step in this hybrid approach model was the
determination of the analysing range and initial process
condition of the target system, and then the top event was
discussed and highlighted to construct the preliminary fault
tree model. As being the foundation of beginning analysis,
we focused on top event to avoid excessive deviation in
further analysis. After defining a top event, the middle and
basic event, which had strong links with it were discussed by
experienced engineers and safety analysis team.
The relationship between the top event and basic events
was presented by logic symbol such as AND-gate, OR-gate
and Inhibit-gate. To prevent the fault tree structure being
large and complex, the modularization of fault tree was
considered to shorten the analysing time by using software.
The modularization of initial fault tree (if necessary) was
then transformed into Boolean algebra to determine the
minimal cutsets so that we can grasp the risk level of the
target system by the number of MCSs. In this step, we were
making efforts in building up a fault tree which is well-
constructed and has a correct logic relationship among the
top event and the basic events because the accuracy and
required time of fault tree analysis depend on those important
factors.
When the fault tree has been established, we focused on
finding out the components or equipment which were
involved in basic events and use FMEA to keep analysing it.
The discussion was including the failure modes and efforts of
those components, and we investigated the other failure
modes that would happened probably on it to gather the data
for expanding the fault tree in future, too. The collection of
failure rate of the basic events was also carried on upon the
historical data of those components and the failure rate
database. Afterwards, the preliminary FMEA on the basic
events were conducted and collect the failure rate of those
components. These actions made the analysis team paying
more attention on the components which are the key roles of
fault tree.
Once the preliminary FMEA was done, the fault tree
should be revised through the result of FMEA. Some new
basic events that probably occur can also be added into the
fault tree. Then the determination of MCSs and probability
analysis of basic and top event were done to find out those
importance, the probability of occurrence of basic events
were referred to the failure rate and event data for use within
risk assessment from the HSE (2012). The importance of
each basic event depended on its probability, the number of
its occurrences in other MCSs, and the product of the
probability of other basic events. After the calculation of
probability, we made the importance analysis by sorting the
probability of MCSs to discover which MCS had a high
contribution to the top event.
The final step of the analysis is to complete the rest of
FMEA, especially for those components in the critical MCSs.
There are more discussions about the perfectibility of current
safety design and management such as the detection, alarm
and reaction when each failure mode happens to strengthen
the safety. In the end, the documentation of the entire FMEA
table should be carried on by software for quick inspection
and modification. The overall framework is shown in Fig.1.
2013 IFAC MIM
June 19-21, 2013. Saint Petersburg, Russia
Fig. 1 The combination framework of FMEA and FTA.
3.2 Computer software-aided FMEA and FTA
The two main purpose of using computer-aided software is
to assist two safety analyses and the faster data sending
among FMEA and FTA. Reliability Workbench has some
powerful features 1) help analysts to get the data faster from
database to each analysis, 2) avoid the message lost by
human error when the delivery between FMEA and FTA, 3)
provide a graphical interface to construct fault tree, 4) supply
an efficient MCS generation algorithm to analyze FTA and
calculate the probability analysis automatically which can
reduce the load of staff and, 5) the documentation of all the
analysis data automatically is easy for revising in the future.
Fig. 2 shows how the software helping analysis.
Fig. 2. The linking way of FMEA and FTA with software
assistance.
2153
4. CASE STUDY
This case study was a safety assessment of a Metal-organic
Chemical Vapor Deposition (MOCVD) gas box and chamber
in a CIGS PV plant by using the methodology which has
been discussed before. In this case study we tried to
determine the critical components in the target system,
calculate the probability of top event from the result of FTA,
and discussed the better safety design and management ways
of those components by using FMEA. Additionally, we also
showed how the Reliability Workbench software has been
used.
The main chemical materials that used in this MOCVD
system are Diethylzinc (DEZn) and H2O. DEZn is easy to
ignite violently in air, especially with water. It would be
dangerous if any leakage happened in either gas box or
chamber, so the main chemical material that we focused on is
DEZn, and the top event we selected is any fire or explosion
due to any component fail or rupture of MOCVD gas box
and chamber. The components we discuss first were
including manual valve, pneumatic valve, DEZn level sensor,
pressure detector, and heating plate. A simplified piping
instrument diagram of DEZn and its chamber is shown in Fig.
3. Firstly, DEZn was transported to manual valve (MV-1)
form supply-side, and going into buffer tank through a
pneumatic valve (PV-1, 2, 3), and then it was shipped into
gas mixing and MOCVD chamber. The other components
such as level sensor (LS-1) and pressure detector (PT-1, 2,
3,4) were used to detect the DEZn level in tank and pressure
in piping and chambers.
PT-3 PT-4
LS-1 PT-1 PT-2
P
PV-1 PV-2 PV-3
P
P
Heating
Chamber
Mixing plate
MV-1
Chamber MOCVD
DEZn tank Chamber
Fig. 3. Simplified piping instrument diagram of DEZn gas
box and MOCVD chamber.
In the beginning of this safety assessment, we should
confirm that the top event in this fault tree was fire or
explosion in gas box or chamber due to DEZn leakage, and
the basic events in gas box and chamber subsystem were also
listed respectively. The relation between top event and basic
event were determined to be AND-gate and OR-gate. Then
we used Reliability Workbench software which can modular
fault tree automatically to establish a fault tree diagram base
on the top event and other components that we have selected
and explained as shown in Fig. 4. Note this fault tree,
however, is a preliminary model without any specific failure
rate, and it will be modified after FMEA is done.
FMEA was performed after the construction of fault tree to
help analyst knowing which components should be followed
closely. The content must be discussed includes the failure
modes and effects of those components, and specifically the
other failure modes that might possibly cause the same effect
but have been lost or did not be listed early, such as manual
2013 IFAC MIM
June 19-21, 2013. Saint Petersburg, Russia

Fig. 4. Preliminary fault tree of DEZn leakage.

valve (MV-1) was failure to open during maintenance or Table 2. The probability of basic events
there was any leakage of the follow-up components in
process. The fault tree diagram had been revised, and the Probability
probabilities of each basic event are listed in Table 2. Middle event Basic event
(per demand)
In addition, the collection of the failure rate from data
Rupture 8.76E-5
bank was also carried on to be the foundation of next detailed
FTA. As inputting the failure models into Reliability MV-1 failed Failure to open 3E-3
Workbench software database, it is efficient to link the data Can¶t close 1E-4
among FMEA and the basic event of FTA. More basic events Rupture 1.6E-5
are discovered from the result of FMEA and added into the PV-1,2.3
Failure to open 3E-3
fault tree model to modify it. When modifying the fault tree, failed
it is easy to recall the failure modes and its specific data such Can¶t close 3E-3
as failure UDWH E\ XVLQJ WKH ³OLEUDU\´ function of Reliability Safety Smoke detector failure 6.4E-3
Workbench software that can shorten the working time and equipment Gas detector failure 4.5E-3
avoiding data missing. Also, the determination of minimal failed Pressure detector failure 5E-4
cutsets and calculation of probability of top event and cut set
Pressure
both can be conducted automatically by using the software
detector Rupture 1.3E-5
which is shown in Table 3. The probability of top event (fire ruptured
or explosion) is 6.816E-8, and there were two minimal
cutsets: GT3EV6EV7 and EV6EV8GT6. GT3EV6EV7 has a
higher probability and importance obviously that shows the Table 3. The probability of FTA result
components included in GT3EV6EV7 should be the first
concerned points for safety manager; especially the one has Type Code Probability
more failure modes in it. Top event TP1 6.816E-8
The final step in this case study was to complete the GT3 0.02102
FMEA table consisting the detection, alarm, and safety EV6 6.4E-3
management of those components which are in the minimal
cutsets or within a high importance. An example of the rest Cut set EV7 5E-4
of FMEA content is shown in Table 4. EV8 4.5E-3
Although it seems not straightforward to conduct the GT6 3.9E-5
analysis follow this method, it can help the analyst to catch GT3EV6EV7 6.705E-8
the main components in the very first rather than carry on Minimal cutsets
EV6EV8GT6 1.117E-9
FMEA of entire components in the target system by
determining the top event and the basic events, and the 5. CONCLUSION
computer software can also be used to eliminate the human
errors such as data missing and calculation error. The safety One major problem in safety analysis is how to determine
manager will find the critical components readily after the important components in target system in the beginning;
reviewing the report of FTA and modify the FMEA easily in the analysis procedure we proposed is useful to find the
the future. critical ones and construct a fault tree based on a top event

2154
2013 IFAC MIM
June 19-21, 2013. Saint Petersburg, Russia

Table 4. A Safety management example of FMEA

Module & DEZn

Subsystem Gas Box Function Control valve for DEZn getting into gas box by manual
Component MV-1

Failure Mode Failure Effect Detection Alarm Reaction Remark

1.Failure to open 1;2 Fire or explosion 1;2;3 LS-1 and 1;2;3 Close all 1;2 Confirm and (i) Routine inspection
if during maintenance PT-1 can detect components in gas replace component is required.
or there is any leakage the DEZn level box and shut down (after combustion), (ii) Testing and
2.Cannot close in back components. and pressure. the chamber; alarm check the reading inspection 5 times per
in centre control of LS-1and PT-1. month.
room. (iii) Recoding the
lifetime and frequency
of use.
3.Leakage 3.Fire or explosion 3.Smoke detector

which is most concerned. In this paper, we showed that is
feasible to combine FMEA and FTA to conduct both the
reliability and safety analysis by Reliability Workbench. It is
necessary to use computer software to assist the analysis
because there might need a lot of data and calculation, and it
becomes a time-consuming and hard workload task when the
system is getting large and complex. Moreover, the method
we proposed can also analyse the reliability of critical
elements both in the hardware and software life cycle.
In the future work, we suggested that the combination of
other analyses can be tried for dealing with complex systems
which might include a lot of components. In addition, the
computer software can also keep helping to solve some
difficulties such as fuzzy probability calculation, data mining
of failure modes and effects on service or software systems,
others industries such as medical treatment is also suggested
to go analysing automatically.
6. ACKNOWLEDGEMENTS
Partial of this study was supported by Advanced
Manufacturing and Service Management Research Center at
National Tsing Hua University through Toward World Class
Universities Project (Project Number: 100N2071E1 &
101N2071E1).
7. REFERENCES
Cullen, N., Thornycroft, J. and Collinson, A. (2002), Risk
analysis of islanding of photovoltaic power systems
within low voltage distribution networks. Report IEA-
PVPS T5-08.
Ferdous, R., Khan, F.I., Veitch, B. and Amyotte, P. R. (2007),
Methodology for computer-aided fault tree analysis,
Trans IChemE, Part B, Process Safety and
Environmental Protection, 85(B1), pp.70-80.
Fthenakis, V. M. and Moskowitz, P. D. (2000), Photovoltaics:
Environmental, Health and Safety Issues and
Perspectives, Progress In Photovoltaics: Research And
Applications, Prog. Photovolt. Res. Appl. 8, pp.27-38.
Health and safety executive (2012), Failure rate and event
data for use within risk assessment.
Hughes, N., Chou, E., Price, C. and Lee, M. (1999),
Automating Mechanical FMEA Using Functional
Models. ; In FLAIRS Conference, pp.394-398.
Lutz, R.R. and Woodhouse, R.M. (1997, 1999b), Bi-direc-
tional Analysis for Certification of Safety-Critical
Software. Proceedings, ,6$&&¶ International
Software Assurance Certification Conference, Chantilly,
VA, Feb. 28±Mar. 2.
Majdara, A. and Wakabayashi, T. (2009), Component-based
modeling of systems for automated fault tree generation.
Reliability Engineering and System Safety. Vol.94. Issue
6. pp.1076-1086.
Maskuniitty, M. and Pulkkinen, U. (1994), Fault tree and
failure mode and effects analysis of a digital safety
function. Technical Research Centre of Finland,
AVV(94)TR2, 35 p.+app.
Papadopoulos, Y., Parker, D. and Grante, C. (2004), A
Method and Tool Support for Model-based Semi-
automated Failure Modes and Effects Analysis of
Engineering Designs the 9th Australian Workshop on
Safety Related Programmable Systems, Brisbane.
Conferences in Research and Practice in Information
Technology, Vol. 47.
Pentti, H. and Helminen, A. (2002), Failure Mode and
Effects Analysis of Software-Based Automation
Systems, STUK-YTO-TR 190, Aug..
Teoh, P.C. and Case, K. (2004), Failure modes and effects
analysis through knowledge modelling, Journal of
Materials Processing Technology, 153-154, pp.253-260.
Wang, C.H., Kung, S.K. and Zuo, Y.T. (2008), The study of
the global energy industry trend - the solar industry in
Taiwan, Web Journal of Chinese Management Review,
Vol.11, No.3. Aug..
Wang, K.S., Liu, N.Y., Peng, C.J. and Horng, J.L. (2008),
Industry status and development opportunities of
photovoltaic materials industry. Journal of Industrial
Materials, Prog 255, pp.124-135.
Wild-Scholten, M.J. de and Alsema, E.A. (2005),
Environmental life cycle inventory of crystalline silicon
photovoltaic module production, Materials Research
Society Fall 2005 Meeting, Nov., Boston, USA.

2155