fault lt tre ree an analysis lysis f fta a
play

Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler - PowerPoint PPT Presentation

Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler KSU ECE February 2013 Pu Purp rpose se for r FTA A In the face of potential failures, determine if design must change to improve: Reliability Safety


  1. Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler KSU ECE February 2013

  2. Pu Purp rpose se for r FTA A  In the face of potential failures, determine if design must change to improve:  Reliability  Safety  Operation  Secondary purposes:  educate designers to potential problems  perform root cause analysis when a fault occurs February 2013 2

  3. Ba Basic sic Descrip scriptio ion  Determines sources, or root causes, of potential faults  Qualitative and quantitative  Graphical, top-down approach  Uses Boolean algebra, logic, and probability  Can handle multiple failures  Can support probabilistic risk assessment  Part of system design hazard analysis type (SD-HAT) February 2013 3

  4. Goals ls of FTA A  Assess system safety  Top-down analysis focused on system design  Identifies potential root causes of failures  Provides a basis for reducing safety risks  Documentation of safety considerations  What does it tell developer? – help find potential risks during design  What does it tell regulator? – designers used a measure of discipline and rigor February 2013 4

  5. Hist istory ry of FTA A  Developed at Bell Labs for the guidance system of the U.S. Minuteman missile during the 1960s  Used by  Boeing for Minuteman Weapon System  Regularly used by:  Commercial aircraft industry  Nuclear power industry February 2013 5

  6. FTA A An Answ swers rs these se Quest stio ions s  What are the root causes of failures?  What are the combinations and probabilities of causal factors in undesired events?  What are the mechanisms and fault paths of undesired events? February 2013 6

  7. FTA A Symb Symbols ls February 2013 7

  8. FTA A Symb Symbolic lic Eve Event Me Meanin ings s February 2013 8

  9. FTA A Simp Simple le Logic ic February 2013 9

  10. FTA A Exclu Exclusive sive and Inhib ibit it Logic ic February 2013 10

  11. FTA A Me Methodolo logy y February 2013 11

  12. St Step1: Defin ine the Syst System m  Collect design  Requirements  Source Code  Models  Schematics  Layout concept of operations or CONOPs  Understand the system behavior February 2013 12

  13. St Step 2: Defin ine Undesire sired Eve Event  Identify the final outcome of the undesired event  Identify sub-events that lead to final event  Begin to structure the connections  - - but - -  Do Step 3 before completing structure of connections February 2013 13

  14. St Step 3: Est Establish lish Rule les s  Define analysis ground rules boundaries  Concepts that you can (should) use:  I-N-S:  “What is immediate (I), necessary (N), and sufficient (S) to cause the event?”  Helps focus on event chain  Helps analyst from jumping ahead  SS-SC: “What is the source of the fault?”  If component failure – classify as SC (state-of February 2013 14

  15. St Step 3: (co (contin inued) )  P-S-C: (Ericson, Fig. 11.8, p. 194)  “What are the primary (P), secondary (S), and command (C) causes of the event?”  Helps focus on specific causal factors  SS-SC:  If component failure – classify as SC (state-of-the- component) fault  If not component failure – classify as SS (state-of-the- system) fault  If fault is SC, then event ORs P-S-C inputs  If fault is SS, then develop event further with using I- N-S logic February 2013 15

  16. St Step 4: Bu Build ildin ing Tre ree  Repetitive process  Ericson, Fig. 11.9, p. 195  At each level determine  Cause  Effect  Logical combination using logic symbols  Construction rules (see Ericson, pp. 196 – 197), these are almost self-evident but still good, disciplined techniques February 2013 16

  17. St Step 5: Est Establish lish Cut Se Sets s  Cut set – critical path(s) of sub-event combinations that cause the undesirable final state event  Ericson provides in-depth mathematical treatment of cut sets and probabilities on pp. 199 – 206  Often, mere inspection will reveal the weak links that indicate the most important cut set(s) that lead to the event February 2013 17

  18. EXAMPL EXAMPLE E OF INCUBAT BATOR ISO SOLET ETTE E February 2013 18

  19. Exa Examp mple le – – Incu cubator r Iso sole lette http://www.worldbiomedsource.com/images/products/pimage/Air%20Shield%20C550.jpg February 2013 19

  20. Simp Simple le Iso sole lette Dia iagra ram m February 2013 20

  21. St Step 1: Defin ine the Syst System m  For simplicity, use the previous diagram as the system model  Recognize several different subsystems:  Controls  Display  Heater with closed loop thermal sensor  Airflow fan and ductwork  Independent thermal safety interlock  Medical staff operating controls and display  Patient receiving output (warmed air) February 2013 21

  22. St Step 2: Defin ine Undesire sired Eve Event  Undesired event: “Air is not warmed.”  Sub-events:  Operations error  Heater fault or failure  Air handling system fault or failure  Thermal safety system fault or failure February 2013 22

  23. St Step 3: An Analysis lysis Gro round Rule les s  Understand process concepts:  I-N-S  P-S-C  SS-SC February 2013 23

  24. St Step 4: Const stru ruct ct Fault lt Tre ree  (from Step 2, collect events) These are SS faults, so OR them together  Proceed to next level  Determine underlying events  Apply process concepts:  I-N-S  P-S-C  SS-SC  Connect them together with logical linkages  Repeat process for lower levels February 2013 24

  25. St Steps s 5-7 -7: Fin ind Fault lt Pa Paths s  Inspect paths for possible faults  Generate the cut sets  (for simplicity in this introduction, we are using inspection)  Ericson gives detailed instructions for  automating the selection of cut sets  calculating probabilities of occurrence February 2013 25

  26. Ex. Ex. – – Iso sole lette Warm rm Air Air Fault lt, Colle llect ctin ing Eve Event and Su Sub-e -eve vents s February 2013 26

  27. Ex. Ex. – – Iso sole lette Warm rm Air Air Fault lt, Deve velo lop Fault lt Pa Paths s for r Su Sub-e -eve vents, s, Pa Part rt 1 February 2013 27

  28. Ex. Ex. – – Iso sole lette Warm rm Air Air Fault lt, Deve velo lop Fault lt Pa Paths s for r Su Sub-e -eve vents, s, Pa Part rt 2 February 2013 28

  29. Ex. Ex. – – Iso sole lette Warm rm Air Air Fault lt, Deve velo lop Fault lt Pa Paths s for r Su Sub-e -eve vents, s, Pa Part rt 3 February 2013 29

  30. Ex. Ex. – – Iso sole lette Warm rm Air Air Fault lt, Pa Part rt 4: Fin inal l Ve Versio rsion of Fault lt Tre ree February 2013 30

  31. Ex. Ex. – – What do yo you do now?  For design purposes:  Review each path  Can you eliminate that path?  If not, can it be made more fault resistant?  Does fault tree represent the scope of possible paths (and reasonable – a meteor falling out of the sky and hitting it is not)?  For root cause analysis:  Does the evidence point to any fault path?  If so, fix the problem.  If not, revise the diagram. February 2013 31

  32. CLASS ASS EXER EXERCISES SES – – PR PROBL BLEM EM #1 February 2013 32

  33. St Step 1: Defin ine the Syst System m (d (done)  For simplicity, use the previous diagram as the system model  Recognize several different subsystems (done already) February 2013 33

  34. St Step 2: Defin ine Undesire sired Eve Event  Undesired event: “No airflow.”  Sub-events:  Operations error  Air handling system fault or failure  Eliminate sub-events and subsystems that do not interact or control the air handling system:  Heater fault or failure  Thermal safety system fault or failure February 2013 34

  35. St Step 3: An Analysis lysis Gro round Rule les s  Understand process concepts:  I-N-S  P-S-C  SS-SC February 2013 35

  36. St Step 4: Const stru ruct ct Fault lt Tre ree  These are SS faults, so OR them together  Proceed to next level  Determine underlying events - Operations  Assume that medical staff does not directly control airflow from interface panel  Blocking air inlet  Malicious  Isolette inlet up against wall or obstruction  ________________(hint – ignorance) February 2013 36

  37. St Step 4: (co (contin inued) )  Determine underlying events – air handling  ________________________(hint – fan)  ________________________(hint – what directs airflow?)  ________________________(hint – problem with control signal  ________________________(hint – electrical current into subsystem)  Apply process concepts  Connect them together with logical linkages February 2013 37

  38. Exe Exercise rcise – – Iso sole lette Airf Airflo low Fault lt February 2013 38

Recommend


More recommend