Fault tree analysis

Fault tree analysis (FTA) is a failure analysis in which an undesired state of a system is analyzed using boolean logic to combine a series of lower-level events. This analysis method is mainly used in the field of safety engineering to quantitatively determine the probability of a safety hazard.

History

FTA came out of work on the Minuteman Missile System. All the digital circuits used in the Minuteman Missile System were designed and tested extensively, the failure probabilities as well as failure modes becoming well understood and documented for each circuit. It was GTE/Sylvania, one of the prime contractors, that discovered the probability of failure for various components was easily constructed from the boolean expressions for those components. (Note: there was one complex digital system constructed by GTE/Sylvania about that time with no logic diagrams only pages of boolean expressions. These worked out nicely because logic diagrams are designed to be read left to right the way the engineer creates the design. But when they fail the technicians must read them from right to left.) In any case this analysis of hardware led to the use of the same symbology and thinking for what (with additional symbols) is now known as a Fault Tree. Note the De Morgan's dual of a fault tree is the success tree.

Methodology

In the technique known as "fault tree analysis", an undesired effect is taken as the root ('top event') of a tree of logic. There should be only one Top Event and all concerns must tree down from it. This is also a consequence of another Minuteman Missile System requirement that all analysis be top-down. By fiat there was to be no bottom-up analysis. Then, each situation that could cause that effect is added to the tree as a series of logic expressions. When fault trees are labeled with actual numbers about failure probabilities (which are often in practice unavailable because of the expense of testing), computer programs can calculate failure probabilities from fault trees.

A fault tree diagram

The Tree is usually written out using conventional logic gate symbols. The route through a tree between an event and an initiator in the tree is called a Cutset. The shortest credible way through the tree from fault to initiating event is called a Minimal Cutset.

Some industries use both Fault Trees and Event Trees (see Probabilistic Risk Assessment). An Event Tree starts from an undesired initiator (loss of critical supply, component failure etc) and follows possible further system events through to a series of final consequences. As each new event is considered, a new node on the tree is added with a split of probabilities of taking either branch. The probabilities of a range of 'top events' arising from the initial event can then be seen.

Classic programs include the Electric Power Research Institute's (EPRI) CAFTA software, which is used by almost all the US nuclear power plants and by a majority of US and international aerospace manufacturers, and the Idaho National Laboratory's SAPHIRE, which is used by the U.S. Government to evaluate the safety and reliability of nuclear reactors, the Space Shuttle, and the International Space Station.