Fault Tree
-
Upload
rusticrage2883 -
Category
Documents
-
view
83 -
download
5
description
Transcript of Fault Tree
-
5/25/2018 Fault Tree
1/45
L09 Fault Tree Analysis
Quantitative Risk Analysis L09
Fall 2013
Fault Tree Analysis
1
-
5/25/2018 Fault Tree
2/45L09 Fault Tree Analysis
Logic Diagram Analysis
Risk assessment includes frequencies or probability
estimates of scenario outcome events.
Values of Pr (system failure|c1, c2, ) usually are not
known and must be estimated from simpler or base
events: Pr (unit failure|c1, c2,) Quantification of outcome events are based on primary
or base events or components for which occurrence data
(specific, generic, expert opinion) exist.
Logic diagrams link base and intermediate events and
units that occur in event sequences or scenarios for
quantification of outcome events.
2
-
5/25/2018 Fault Tree
3/45L09 Fault Tree Analysis
Fault Tree Analysis
Fault tree analysis (FTA) is a logic diagram approach to analyze
system failures.
A fault tree (FT) begins with a potential upset (top event), and
diagrams through deduction how the top event can result from
lower level events or failures.
An event tree (ET) diagram events that are initiated by and resultthrough induction from a FT top event.
A FT top event is connected to lower level events through logic
gates such as: OR (union operation,), AND (intersection
operation, ). FT and ET events are analyzed and quantified based on fail-
success (binary).
3
-
5/25/2018 Fault Tree
4/45L09 Fault Tree Analysis
FTA Purpose
FTA requires an understanding of the system and potential failures
aided by a system block diagram or functional diagram and asystem hazard analysis of potential failure causes.
FTA can help to analyze system design, component and system
operation, human actions, and effects of the external environmenton the system
Cause and effect relationships leading to the top event are
identified, analyzed, and represented in the FT.
4
-
5/25/2018 Fault Tree
5/45L09 Fault Tree Analysis
FTA Requirements
Identify the physical boundaries of the system to be
included in the FTA
System conditions at start of top event
External conditions at start of top event
Decide on the depth and resolution of the deductiveanalysis from top event to lower level events.
FTA team tasks
5
-
5/25/2018 Fault Tree
6/45L09 Fault Tree Analysis
FTA Construction
Define the top event, example:
What, Fire
Where, in the process oxidation reactor
When, during normal operation
Identify necessary and sufficient events, conditions, and
units to cause the top event.
6
-
5/25/2018 Fault Tree
7/45L09 Fault Tree Analysis
FTA Construction
Connect events and conditions via logic gates
such as AND, OR
Continue with underlying events to an appropriate event
level called primary or base events to include
components or human actions Connection to base events:
Simple, independent events
Events for which sufficient data exist (such as failure data) to
explain and quantify top event of FT
7
-
5/25/2018 Fault Tree
8/45L09 Fault Tree Analysis
AND-Gate
Independent basic events E1 and E2 at time t The TOP event failure probability, QT, at time t is
QT = P(E1E2) = P(E1|E2)P(E2) = P(E1)P( E2)
With a single AND-gate and n independent basic events occurring
at time t,
8
TOP
E 1 E 2
(independent)
-
5/25/2018 Fault Tree
9/45L09 Fault Tree Analysis
OR-Gate
Independent basic events E1 and E2 at time t The TOP event probability at time t is
QT = P(E1E2) = P(E1) + P(E2)P(E1E2)
= Q1 + Q2Q1Q2
With a single OR-gate and n basic independent events occurring at
time t,
9
TOP
E 1 E 2
(independent)
-
5/25/2018 Fault Tree
10/45L09 Fault Tree Analysis
Combining OR with AND Gates
with Logic
10
-
5/25/2018 Fault Tree
11/45L09 Fault Tree Analysis
Analysis of Logic Trees
Logical (qualitative) evaluation:
Find cut sets (for failure) or path sets (for success)
by Boolean manipulations, or use logical information to
rearrange the tree for easy computation.
Probabilistic (quantitative) evaluation:
Use estimates of probabilities or frequencies for event
occurrences.
11
-
5/25/2018 Fault Tree
12/45L09 Fault Tree Analysis
Fault Trees Identification
Fault trees help to identify how a system can fail through
one or more of component failures or human failures.
FT help to analyze the causes of failures in complex
systems from sequence of failure/success events.
Minimum cut sets determined from a reduced FT show
the scenarios of minimum failures that lead to failureindicated by the top event occurrence, T.
12
-
5/25/2018 Fault Tree
13/45L09 Fault Tree Analysis
FTAMain Symbols
Basic Event A basic initiating fault (component failure)
Intermediate or top
Event
Occurs as a result of events at a lower
level acting through logic gates
And Gate Output occurs if all input events occur
Or Gate Output occurs if at least one input eventoccurs
-
5/25/2018 Fault Tree
14/45L09 Fault Tree Analysis
Flashlight
Fault Tree for a Flashlight
Switch
Bulb
+-+- Battery Battery
Event: No light
-
5/25/2018 Fault Tree
15/45L09 Fault Tree Analysis
Fault Tree for a Flashlight
Battery Switch BulbBasic Event
No lightTop Event
Or Gate
-
5/25/2018 Fault Tree
16/45L09 Fault Tree Analysis
Symbols
-
5/25/2018 Fault Tree
17/45L09 Fault Tree Analysis 17
FE, flow transducer
FC, flow controller
FS, flow switchFAL, low flow alarm
SV, solenoid valve
FCV, flow control
TE, T transducer
TC, T controller
TSH, high T switch
GIV, gas isolation valveMBV, manual bypass valve
TCV, T control valve
Hot Oil Heating System
H Oil H i S
-
5/25/2018 Fault Tree
18/45L09 Fault Tree Analysis
Hot Oil Heating System
scope
Supply hot oil plus solvent to bitumen (asphalt solution)
tanks
Flow through heater must be maintained or heater coilsmay overheat, rupture, and cause a fire.
Flow control valve, FCV, opens progressively if flow toheater drops, e.g., flow to a bitumen tank reduced, and
returns oil back to pump.
Manual bypass valve, MBV, for FCV maintenance.
18
H Oil H i S
-
5/25/2018 Fault Tree
19/45L09 Fault Tree Analysis
Hot Oil Heating System
HAZID
What are hazards of this oil heating system?
19
H t Oil H ti S t
-
5/25/2018 Fault Tree
20/45L09 Fault Tree Analysis
Hot Oil Heating System
FTA for Heater Coil Burn Out
For heater coil burn out as an upset event, identify initial
triggering events or system demands, each to be
analyzed separately.
20
H t Oil H ti S t
-
5/25/2018 Fault Tree
21/45L09 Fault Tree Analysis
Hot Oil Heating System
FTA for Heater Coil Burn Out
events or demands:
No or low oil flow demands
Pump failure
Flow control system failure
Oil leak (large) Pipeline blockage
Valve closed
Excess gas flow (e.g. at a time of low oil flow)
Fuel gas control
21
H t Oil H ti S t
-
5/25/2018 Fault Tree
22/45L09 Fault Tree Analysis
Hot Oil Heating System
Heater Coil Burn Out -Frequency
each of this demands should be analyzed separately
Frequency of coil burn out is based on frequencies from
each of the demands:
Pump failure OR
flow control system failure OR oil leak OR
pipeline blockage OR
valve closed OR
Can pump failure by itself cause top event?
22
P F il D d
-
5/25/2018 Fault Tree
23/45
L09 Fault Tree Analysis
Pump Failure Demand
Fault Tree, 1
The heater coils burn out if both the pump fails AND the
protective response fails.
The protective response fails if both the automatic response
fails AND the manual response fails.
Causes of automatic response failure: either FE fails OR FSfails OR SV fails OR TCV fails.
Causes of manual response failure: either FE fails OR FS
fails OR FAL fails OR the operator fails OR GIV fails.
For this system, construct a fault tree based on your knowledgeof the system operation.
23
P F il D d
-
5/25/2018 Fault Tree
24/45
L09 Fault Tree Analysis
T = A[(BCDE)(BCFGH)]
Automatic response Manual response
State the logic expression in words.
Initial FT and Logic Based on Understanding of System
Pump Failure Demand
Fault Tree, 1
24
Represent the mishap or top event
by T.
Events leading to T are represented
by letters for system components
P F il D d
-
5/25/2018 Fault Tree
25/45
L09 Fault Tree Analysis
T = A[(B+C+D+E)(B+C+F+G+H)]
Automatic Manual
Boolean Algebra Logic
Pump Failure Demand
Fault Tree, 1
25
which makes what assumptions?
P mp Fail re Demand
-
5/25/2018 Fault Tree
26/45
L09 Fault Tree Analysis
Pump Failure Demand
Fault Tree, 1 comments
Over-temperature protection system, (TSH, SV) does not
operate if pump stops, because there is no flow to the
TSH sensor. (auto response system failure)
But the oil in the heater can overheat and cause heatercoil burn out if pump stops, and FS fails, or FAL fails, or
operator, OP, fails to cut off fuel to the heater.
26
Pump Failure Demand
-
5/25/2018 Fault Tree
27/45
L09 Fault Tree Analysis
Pump Failure Demand
Fault Tree, 1
27
Pump Failure Demand
-
5/25/2018 Fault Tree
28/45
L09 Fault Tree Analysis
Pump Failure Demand
Fault Tree, 1 comments
From the initial fault tree construction, there are two
components, FE and FS, that appear more than in one
branch of the tree.
As discussed, the initial fault tree is based on our
understanding of how the system works. An initial fault tree should be therefore reduced to avoid
repetitions, which can lead to over counting of failures
and inaccurate top event frequency or probability
calculation.
From the initial FT prepare a reduced fault tree.
28
FT Reduction with
-
5/25/2018 Fault Tree
29/45
L09 Fault Tree Analysis
FT Reduction with
Boolean Algebra,
To simplify, the logic expression is expanded and
reduced:
T = A (B+C+D+E) (B+C+F+G+H) =
= A(BB+BC+BF+BG+BH+CB+CC+CF+CG+CH+DB+DC+DF+DG+DH+
EB+EC+EF+EG+EH)
29
FT Reduction with
-
5/25/2018 Fault Tree
30/45
L09 Fault Tree Analysis
FT Reduction with
Boolean Algebra
Boolean Identities (Idempotent, Absorption)
A A = A A AND A = A
A A = A A OR A = A
A (A B) = A A OR (A AND B) = A
B
30
FT Reduction
-
5/25/2018 Fault Tree
31/45
L09 Fault Tree Analysis
FT Reduction
with Approximations
Boolean Identities (Idempotent, Absorption)
Fill in spaces to quantify , and identify approximation
used (RE rare event, or SI independent).
Exact Approximate
A A = A A A = A
A A = A A + A = A
A (A B) = A A + (A B) = A
31
-
5/25/2018 Fault Tree
32/45
L09 Fault Tree Analysis
Fault Tree Reduction
T = A
(BB + BC + BF + BG + BH
+ CB + CC + CF + CG + CH
+ DB + DC + DF + DG + DH
+ EB + EC + EF + EG + EH)
32
based on the previous assumptions and identities
simplify the equality
-
5/25/2018 Fault Tree
33/45
L09 Fault Tree Analysis
Fault Tree Reduction
T = A(B+C+DF+DG+DH+EF+EG+EH)
Factor and categorize this logic expression of T to
highlight system functions
T = A{B + C + (D + E)(F + G + H)}
State the logic expression in words.
33
auto auto manual
Pump Failure Demand
-
5/25/2018 Fault Tree
34/45
L09 Fault Tree Analysis
A
D E F G H
ManualAuto
Auto
B C
State the logic of the
reduced FT using the
same assumptions as
for the initial FT:
Pump Failure Demand
Fault Tree after reduction, 2
34
T = A{B+C+(D+E)(F+G+H)}
protective response
Pump Failure Demand
-
5/25/2018 Fault Tree
35/45
L09 Fault Tree Analysis
Pump Failure Demand
Fault Tree after reduction, 2
The heater coils will burn out if both the pump fails
AND the protective response fails.
The protective response fails if either FE fails OR FS
fails OR a combination of failures occurs.
A combination of failures leading to failure of the
protective response occurs if there is (a failure of either
SV OR TCV) AND (a failure of either FAL OR the
operator OR GIV).
35
Pump Failure Demand
-
5/25/2018 Fault Tree
36/45
L09 Fault Tree Analysis
A
D E F G H
ManualAuto
Auto
B C
Pump Failure Demand
Fault Tree after reduction, 2
36
T = A{B+C+(D+E)(F+G+H)}
What are the
minimum failures
that result in T?
-
5/25/2018 Fault Tree
37/45
L09 Fault Tree Analysis
Fault Tree Success Paths
A FT success path is a component or group of
components that prevents the FT top event fromoccurring.
A FT can exhibit one or more success paths. Success paths form a success tree ST, which is the
complement of a FT with all events and operations
changed to their logical complements (fail/success,
/).
37
-
5/25/2018 Fault Tree
38/45
L09 Fault Tree Analysis
Success Trees
Shows how a system can perform without failure based
on performance of components and human actions
Facilitate understanding of minimum success
requirements, with minimal path sets leading to systemperformance, for system designers, operators, and
managers.
38
-
5/25/2018 Fault Tree
39/45
L09 Fault Tree Analysis
FT Cut Sets
A fault tree cut set is an event or set of basic failure
events, the simultaneous occurrence of which causes thetop event to occur.
Each cut set inactivates or cuts all success paths.
A minimum cut set is a set that cannot be reduced in size(number of components).
Minimum cut sets are determined directly from the
reduced fault tree.
A minimal cut set fails (cuts all success paths) when all
components of the cut set fail simultaneously or co-fail
within a short time period.
39
h
-
5/25/2018 Fault Tree
40/45
L09 Fault Tree Analysis
Cut Sets, Path Sets
Success Path Components
1 PU
2 FE, FS, SV, TCV
3 FE, FS, FAL, OP, GIV
Single component to inactivate all paths?
Two-component combinations:
are minimal cut sets with 2 components that by co-failure cut all success paths.
How many are there?
40
C S h S
-
5/25/2018 Fault Tree
41/45
L09 Fault Tree Analysis
Cut Sets Path Sets
Success Path Components
1 PU
2 FE, FS, SV, TCV
3 FE, FS, FAL, OP, GIV
Three-component cut sets: How many?
Four-component cut sets: How many?
41
FT C S d ST P h S
-
5/25/2018 Fault Tree
42/45
L09 Fault Tree Analysis
FT, Cut Sets, and ST, Path Sets
42
( ), (B,C)Acut sets
Input Output
A+B C=A (B +C) =A B +A C[Independent, REA]
Logic:
path sets( , ), ( , )A B A C
C S E l i
-
5/25/2018 Fault Tree
43/45
L09 Fault Tree Analysis
Cut Set Evaluation
43
Cut set fails
E2 ErE1 . . .
A minimal cut set fails if (and only if) all the
basic events in the set simultaneously fail.
The probability that cut set s, with rindependent events, fails at time t is
TOP E P b bili
-
5/25/2018 Fault Tree
44/45
L09 Fault Tree Analysis
TOP Event Probability
44
The TOP event occurs if at least one of the k
minimal cut sets, SI, fails. The upper bound
approximation of the TOP event probability is
TOP
CS2 CSkCS1 . . .
for independent events
(Rausand, 2004)
REA approximation
failure scenarios:
Cut sets are not
mutually exclusive!
T E t A t
-
5/25/2018 Fault Tree
45/45
Top Event Assessment
How can events and paths leading to the top event, i.e.,
cut sets, be assessed with regard to their quantitativecontribution to the top event frequency or probability?
This risk source quantification is needed to identify costeffective direction of resources to lower risk and manage
risk within acceptable ranges.