FAULT TREE ANALYSIS

8-Feb-08 1
 What is fault tree analysis?

➢ Fault tree analysis (FTA) is a top-down approach to failure

analysis, starting with a potential undesirable event
(accident) called a TOP event, and then determining all the
ways it can happen.

➢ The analysis proceeds by determining how the TOP event

can be caused by individual or combined lower level
failures or events.

➢ The causes of the TOP event are “connected” through logic

gates.

➢ FTA is the most commonly used technique for causal

analysis in risk and reliability studies.
8-Feb-08 2
 History

➢ FTA was first used by Bell Telephone Laboratories in

connection with the safety analysis of the Minuteman
missile launch control system in 1962.

➢ Technique improved by Boeing Company.

➢ Extensively used and extended during the Reactor safety

study (WASH 1400).

8-Feb-08 3
 Purpose
➢ The purpose of a FTA is to assess a system or sub-
system by identifying a postulated undesirable end event
and examining the range of potential events that could
lead to that end event using “logic tree”.

➢ The FTA is developed through deductive logic from an

undesired event to all sub-events that must occur to cause
the undesired event.

8-Feb-08 4
 Requirements of FTA

➢ Thorough knowledge of how the system works.

➢ knowledge of the logic relationships in the system
like…
interlocks,
control interfaces,
power supply feed.
➢ Thorough knowledge of how the software works.

8-Feb-08 5
 Basic Fault Tree Structure

8-Feb-08 6
 The Four Necessary Steps to
Begin a Fault Tree

1. Define the undesired event to be analyzed (the focus of the

FTA)
2. Define the boundary of the system (the scope of the FTA)
3. Define the basic causal events to be considered (the resolution
of the FTA)
4. Define the initial state of the system

8-Feb-08 7
 Illustration of the Steps of a FTA

8-Feb-08 8
 Basic Events of a Fault Tree
Top Event or
Intermediate Event

Undeveloped Event

Basic Event

8-Feb-08 9
 Basic Gates of a Fault Tree
OR gate- the above output event occurs if
either of the input lower level events occur.

AND gate- the above output event occurs if all

of the input lower level events occur.

TRANSFER gate transfer to/from another part

of the fault tree
8-Feb-08 10
 Types of Terminating Events
Basic Causal Event- treated as a primary cause with no
further resolution

Condition Event- defines a condition which needs to exist

Undeveloped Event- not further developed

House Event- an event expected to occur. Sometimes used

as a switch of True or False

Transfer Symbol- transfer out of a gate or into a gate

8-Feb-08 11
 Steps In Fault Tree Analysis
1. Select a top level event for analysis

2. Identify faults that could lead to the top level event

3. For each fault, list as many causes as possible in boxes below

the related fault

4. Draw a diagram of the “fault tree."

5. Continue identifying causes for each fault until you reach a root
cause (reactive FTA), or one that you can do something about
(proactive FTA)

6. Consider countermeasures.
8-Feb-08 12
 Construction Of Fault tree

➢ Define the TOP event in a clear and unambiguous way.

Should always answer:
What e.g., “Fire”
Where e.g., “in the process oxidation reactor”
When e.g., “during normal operation”
➢ What are the immediate, necessary, and sufficient events
and conditions causing the TOP event?
➢ Connect via AND- or OR-gate.

8-Feb-08 13
 Example: Redundant fire pumps

TOP event = No water from fire water system

Causes for TOP event:
VF = Valve failure
G1 = No output from any of the fire pumps
G2 = No water from FP1
G3 = No water from FP2
FP1 = failure of FP1
EF = Failure of engine
FP2 = Failure of FP2

8-Feb-08 14
 Example: Redundant fire pumps (2)

8-Feb-08 15
 Example: Redundant fire pumps (3)

The two fault trees above are logically identical. They give the
same information.

8-Feb-08 16
 Major Applications of FTA
➢ Numerical requirement verification.
➢ Identification of safety critical components.
➢ Product certification.
➢ Product risk assessment.
➢ Accident/incident analysis.
➢ Design change evaluation.
➢ Visual diagrams of cause-consequence events.
➢ Common cause analysis.

8-Feb-08 17
 Limitations of FTA

➢ Narrow focus.

➢ Art as well as Science.

➢ Quantification requires significant expertise

8-Feb-08 18
 Boundary Conditions
➢ The physical boundaries of the system(which parts of the
system are included in the analysis , and which parts are
not?).

➢ The initial conditions(what is the operational state of the

system, when the TOP event is occurring).

➢ Boundary conditions with respect to external stresses(what

type of external stresses should be included in the analysis
–war, sabotage, earthquake, lighting etc..).

➢ The level of resolution(How detailed should the analysis

be?)

8-Feb-08 19
 Benefits of FTA
➢ FTA identifies most of the possible causes of a specified undesired
event(TOP event).

➢ FTA is a structured Top-Down deductive analysis.

➢ FTAs are used in Safety critical systems especially where human life is
involved.

➢ FTA identify the causes of a SINGLE failure mode.

➢ FTA can be used in diagnostic work for a system failure.

8-Feb-08 20