Hazard_Analysis_Techniques_for_System

共31个文件

pdf：31个

safety

analysis

5星 · 超过95%的资源需积分: 32 32 浏览量 2010-05-06 09:55:41 上传评论 1 收藏 2.94MB RAR 举报

资源推荐

资源详情

资源评论

收起资源包目录

Hazard_Analysis_Techniques_for_System_Safety.rar （31个子文件）

Hazard_Analysis_Techniques_for_System_Safety

Chapter 15.pdf 127KB

Appendix A.pdf 31KB

Frontmatter.pdf 101KB

Chapter 3.pdf 149KB

Chapter 1.pdf 110KB

Chapter 21.pdf 120KB

Chapter 10.pdf 99KB

Chapter 24.pdf 77KB

Chapter 9.pdf 99KB

Chapter 25.pdf 118KB

Chapter 19.pdf 144KB

Chapter 12.pdf 110KB

Appendix C.pdf 67KB

Chapter 13.pdf 166KB

Appendix B.pdf 110KB

Chapter 4.pdf 143KB

Chapter 20.pdf 95KB

Chapter 5.pdf 155KB

Chapter 6.pdf 143KB

Chapter 14.pdf 87KB

Chapter 26.pdf 87KB

Chapter 8.pdf 147KB

Chapter 17.pdf 90KB

Chapter 23.pdf 178KB

Chapter 11.pdf 288KB

Index.pdf 28KB

Chapter 7.pdf 128KB

Chapter 18.pdf 147KB

Chapter 16.pdf 130KB

Chapter 22.pdf 124KB

Chapter 2.pdf 146KB

Chapter 11

Fault Tree Analysis

11.1 INTRODUCTION

Fault tree analysis (FTA) is a systems analysis technique used to determine the root

causes and probability of occurrence of a speciﬁed undesired event. FTA is

employed to evaluate large complex dynamic systems in order to understand and

prevent potential problems. Using a rigorous and structured methodology, FTA

allows the systems analyst to model the unique combinations of fault events that

can cause an undesired event to occur. The undesired event may be a system hazard

of concern or a mishap that is under accident investigation.

A fault tree (FT) is a model that logically and graphically represents the various

combinations of possible events, both faulty and normal, occurring in a system that

lead to an undesired event or state. The analysis is deductive in that it transverses

from the general problem to the speciﬁc causes. The FT develops the logical fault

paths from a single undesired event at the top to all of the possible root causes at

the bottom. The strength of FTA is that it is easy to perform, easy to understand,

provides useful system insight, and shows all of the possible causes for a problem

under investigation.

Fault trees are graphical models using logic gates and fault events to model the

cause–effect relationships involved in causing the undesired event. The graphical

model can be translated into a mathematical model to compute failure probabilities

and system importance measures. FT development is an iterative process, where the

initial structure is continually updated to coincide with design development.

In the analysis of systems there are two applications of FTA. The most commonly

used application is the proactive FTA, performed during system development to

inﬂuence design by predicting and preventing future problems. The other

183

Hazard Analysis Techniques for System Safety, by Clifton A. Ericson, II

application is the reactive FTA, performed after an accident or mishap has occurred.

The techniques used for both applications are identical except the reactive FTA

includes the use of mishap evidence and the evid ence event gate.

When used as a system safety analysis tool, the FT results in a graphic and logical

representation of the various combinations of possible events, both faulty and

normal, occurring within a system, which can cause a predeﬁned undesired event.

An undesired event is any event that is identiﬁed as objectionable and unwanted,

such as a potential accident, hazardous condition, or undesired failure mode. This

graphic presentation exposes the interrelationships of system events and their

interdependence upon each other, which results in the occurrence of the undesired

event.

The completed FT structure can be used to determine the signiﬁcance of fault

events and their probability of occurrence. The validity of action taken to eliminate

or control fault events can be enhanced in certain circumst ances by quantifying the

FT and performing a numerical evaluation. The quantiﬁcation and numerical evalu-

ation generates three basic measurements for decision making relative to risk

acceptability and required preventive measures:

1. The proba bility of occurrence of the undesired event

2. The probability and signiﬁcance of fault events (cut sets) causing the

undesired event

3. The risk signiﬁcance or importance of components

In most circumstances a qualitative evaluation of the fault tree will yield effective

results at a reduced cost. Careful thought must be given in determining whether to

perform a qualitative or a quantitative FTA. The quantitative approach provides

more useful results, however, it requires more time and experienced personn el.

The quantitative approach also requires the gathering of component failure rate

data for input to the FT.

Since a FT is both a graphic and a logical representation of the causes or system

faults leading to the undesired event, it can be used in communicating and support-

ing decisions to expend resources to mitigate hazards. As such, it provides the

required validity in a simple and highly visible form to support decisions of risk

acceptability and preventive measure requirements.

The FT process can be applied during any lifecycle phase of a system—from

concept to usage. However, FTA should be used as early in the design process as

possible since the earlier necessary design changes are made, the less they cost.

An important time- and cost-saving feature of the FT technique is that only those

system elements that cont ribute to the occurrence of the undesired event need to be

analyzed. During the analysis, noncontributing elements are ruled out and are, thus,

not included in the analysis. This means that a majority of the effort is directed

toward the elimination or control of the source or sources of the problem area.

However, system elements not involved with the occurrence of one undesired

event may be involved with the occurrence of another undesired event.

184 FAULT TREE ANALYSIS

In summary, the FT is used to investigate the system of concern, in an orderly and

concise manner, to identify and depict the relationships and causes of the undesired

event. A quantitative evaluation may be performed in addition to a qualitative evalu-

ation to provide a measure of the probability of the occurrence of the top-level event

and the major faults contributing to the top-level event. Th e analyst may use the

results of a FTA as follows:

1. Veriﬁcation of design compliance with established safety requirements

2. Identiﬁcation of design safety deﬁciencies (subtle or obvious) that have devel-

oped in spite of existing requirements

3. Identiﬁcation of common mode failures

4. Establishment of preventive measures to eliminate or mitigate identiﬁed

design safety deﬁciencies

5. Evaluation of the adequacy of the established preventive measures

6. Establishment or modiﬁcation of safety requirements suitable for the next

design phase

11.2 BACKGROUND

This analysis technique falls under the system design hazard analysis type

(SD-HAT). Refer to Chapter 3 for a description of the analysis types. The FTA tech-

nique has been referred to as logic tree analysis and logic diagram analysis.

Fault tree analysi s has several basic purposes, which include the following:

1. Find the root causes of a hazard or undesired event during design development

in order that they can be eliminated or mitigated.

2. Establish the root causes of a mishap that has occurred and prevent them from

recurring.

3. Identify the undesired event causal factor combinations and their relative

probability.

4. Determine high-risk fault paths and their mechani sms.

5. Identify risk importance measures for components and fault events.

6. Support a probabilistic risk assessment (PRA) of system designs.

The FTA technique can be used to model an entire system, with analysis coverage

given to subsystems, assemblies, components, software, procedures, environment,

and human error. FTA can be conducted at different abstraction levels, such as

conceptual design, top-level design, and detailed component design. FTA has

been successfully applied to a wide range of systems, such as missiles, ships, space-

craft, trains, nuclear power plants, aircraft, torpedoe s, medical equipment, and

chemical plants. The technique can be applied to a system very early in desi gn

development and thereby identify safety issues early in the design process. Early

11.2 BACKGROUND 185

application helps system developers to design in safety of a system during early

development rather than having to take corrective action after a test failure or a

mishap.

A basic understanding of FTA theory is essential to developing FTs of sma ll and

noncomplex systems. In addition it is crucial for the analyst to have a detailed under-

standing of the system regardless of complexity. As system complexity increases,

increased knowledge and experience in FTA is also required. Overall, FTA is

very easy to learn and understand. Proper application depends on the complexity

of the system and the skill of the analyst.

Applying FTA to the analysis of a system design is not a difﬁcult process. It is

more difﬁcult than an analysis technique such as a PHA, primarily because it

requires a logical thought process, an understanding of FTA construction method-

ology, and a detailed knowledge of system design and o peration. FTA does not

require knowledge of high-level mathematics compared to Markov or Petri net

analyses.

The FTA technique enjoys a favorable reputation among system safety

analysts in all industries utilizing the technique. In some industries it is the

only tool that can provide the necessary probability calculations for veriﬁcation

that numerical requirements are being met. Many commercial computer programs

are available to assist the analyst in building, editing, and mathematically

evaluating FTs.

Some analysts criticize the FTA tool because it does not always provide probabil-

ities to six-decimal-place accuracy when modeling certain designs. However, com-

parison of FT model results to those of other tools, such as Markov analysis (MA)

show that FTA provides very comparable results with much greater simplicity in

modeling difﬁculty. In addition, six-digit accuracy is sometime meaningless when

the input data is not precise.

Although FTA is classiﬁed as a hazard analysis, it is primarily used as a root

cause analysis tool to identify and evaluate the causal factors of a hazard. In

addition, it can provide a probability risk assessment.

Markov analysis could be utilized in place of FTA for probability calculations;

however, MA has limitations that FTA does not (refer to Chapter 18). For example,

it is difﬁcult to model large complex systems, the mathem atics are more cumber-

some, it is difﬁcult to visualize fault paths in an MA model, and an MA model

does not produce cut sets.

11.3 HISTORY

The FTA technique was invented and developed by H. Watson and Allison B.

Mearns of Bell Labs for use on the Minuteman Guidance System. Dave Haasl of

the Boeing Company recognized the power of FTA and applied it for quantitative

safety analysis of the entire Minuteman Weapon System. The analytical power

and success of the techniqu e was recognized by the commercial aircraft industry

and the nuclear power industry, and they then began using it for safety evaluations.

186 FAULT TREE ANALYSIS

Many individuals in each of these industries contributed to enhancing the sta te-of-

the-art in fault tree mathematics, graphics, and computer algorithms.

11.4 THEORY

Fault tree analysis is a robust, rigorous, and structured methodology requiring the

application of certain rules of Boolean algebra, logic, and probability theory. The

FT itself is a logic diagram of all the events (failure modes, human error, and normal

conditions) that can cause the top undesired event to occur.

When the FT is complete, it is evaluated to determine the critical cut sets (CSs)

and probability of failure. The cut sets are the combination of failure events that can

cause the top to occur. The FT evaluation provides the necessary information to sup-

port risk management decisions.

As shown in Figure 11.1 the theory behind FTA is to start with a top undesired

event (UE) (e.g., hazard) and model all of the system faults that can contribute to

this top event. The FT model is a reﬂection of the system design, from a failure

state viewpoint. In this example the UE might be “inadvertent warhead initiation

due to system faults.”

The FTs are developed in layers, levels, and branches using a repetitive analysis

process. Figure 11.2 demonstrates an FT developed in layers, with each major layer

representing signiﬁcant aspects of the system. For example, the top FT structure

usually models the system functions and phases, the intermediate FT structure

System

Causes

Undesired

Event (UE)

Design Decision Data

Fault Tree

Safety Critical Cut Set = A • B • C • Y

Probability = 1.7 ¥ 10

-5

Figure 11.1 FTA overview.

11.4 THEORY 187

评论收藏

内容反馈

zhangfy851026

2015-11-18

分值非常高，我要好好研究这个资料，好东西！
湘淮子

2017-12-18

该文对功能安全的分析方法介绍很好，适合看完ISO26262-9后深入研究。与要找的《风险评价技术及方法》为同一书籍。
wys00x

2012-07-31

安全分析的逻辑主线很是清晰！
tony_win2015

2015-07-29

分值非常高，我要好好研究这个资料，好东西！
soso1002

2016-06-02

很好的学习材料，收藏了

前往

页

csdnrobert

粉丝: 20
资源: 16

Hazard_Analysis_Techniques_for_System_Safety

SCA 涂胶信号 配合时序图.pdf

地震危险性分析的最重要基础Recommendations for Probabilistic Seismic Hazard Analysis

Battery Hazard Modes & Risk Mitigation Analysis.pdf

Hazard_project：HSE危害分析和行动完成

Extending and Automating a Systems-Theoretic Hazard Analysis for

supermarket_hazard_detection

Engineering a Safer World

a Systems-Theoretic Hazard Analysis for Requirements Generation and Analysis.pdf

Programmable User Modelling Applications

ISO26262培训视频（四）Hazard Analysis and Risk Assessment According to ISO 26262

Hazard

survival_models:生存模型的代码和资源库

Using GIS to Perform Seismic Hazard Analysis

SAE J2980-2018 Considerations for ISO 26262 ASIL Hazard Classification - 完整英文版（53页）.pdf

web_hazard

medini-analyze

snow.leopard.10.6.1.10.6.2.intel.amd.made.by.hazard.torrent

Recommendations for the quantitative analysis of landslide risk_Corominas2014

精品技术类ppt模板web_hazard012

Snow_Leopard_10.6.1-10.6.2_SSE2_SSE3_Intel_AMD_by_Hazard.iso

Qt 5实现串口调试助手 （源工程文件、0积分下载）

【SystemVerilog】路科验证V2学习笔记（全600页）.pdf

AutoSAR标准协议4.2.2

光伏-储能并网系统仿真.rar

NPPJSONViewer.zip

GD32替换STM32注意事项.pdf

XCP协议的规范文档

VS2015安装证书，JavaScript_ProjectSystem.msi，JavaScript_LanguageService.msi

CANoe通过CAPL脚本实现自动测试

最新资源

SCA 涂胶信号配合时序图.pdf

Qt 5实现串口调试助手（源工程文件、0积分下载）