Fault hazard analysis

Although risk analysis of new facilities is required by Ref. 39, the method of conducting the analysis is left quite open. The reference suggests fault hazard analysis, fault tree analysis, or sneak circuit analysis. Ref. 41 is an example of a thorough hazards evaluation and risk analysis for a new facility at Radford Army... 

Laundry lists of analyses frequently mix types of analyses (preliminary hazard analysis, system hazard analysis, and operating hazard analysis) with the methods or techniques for performing analyses (fault tree analysis, energy trace and barrier analysis, failure modes and effects analysis, common cause analysis, change analysis, and so on). Whether fault hazard analysis is a type or a method depends upon the reference in use. For all practical purposes, fault hazard analysis and system (or subsystem) hazard analysis seem to be the same thing, which is apparently called gross hazard analysis occasionally. 

Fault hazard analysis is mentioned very frequently in system safety literature, sometimes as a type of analysis and occasionally as a technique. One NASA system safety document (NHB 1700.1-V3, System Safety) describes it as the analysis to be performed after the preliminary hazard analysis for further analysis of systems and subsystems and suggests that it can be either a separate analysis or an extension of the failure modes and effects analysis (NASA 1970). Most programs today (including NASA) refer to this analysis as the subsystem hazard analysis (SSHA) and the system hazard analysis (SHA). 

The fault hazard analysis (FHA)—also referred to as the functional hazard analysis—method follows an inductive reasoning approach to problem solving in that the analysis concentrates primarily on the specific and moves toward the general (TAI 1989). The FHA is an expansion of the FMEA (Stephenson 1991). As demonstrated in the previous chapter, the FMEA is concerned with the critical examination and documentation of the possible ways in which a system component, circuit, or piece of hardware may fail and the effect of that failure on the performance of that element. The FHA takes this evaluation a step further by determining the effect of such failures on the system, the subsystem, or personnel. In fact, when a FMEA has already been completed for a given system and information on the adverse safety effect of component or human failures is desired for that system, the safety engineer can often utilize the data from the FMEA as an input to the FHA. 

Figure 11.1 shows an example of a fault hazard analysis worksheet that can be modified to a specific system or subsystem. An explanation of each column on the worksheet is also provided. 

Figure 11.1 Sample system functional/fault hazard analysis (FHA) worksheet.

Software Fault Hazard Analysis Similar in concept and structure to the system hazard analysis (SHA), which is conducted on system hardware, the software fault hazard analysis will analyze and evaluate a computer software program to identify critical areas in the programming that may contribute to or directly cause a hazard risk. Such risks may be due to an undetected hardware failure or incorrect inputs into the operation of the system software. The software FHA will also attempt to uncover any probable errors that can possible develop in the software after system activation. 

Challenger accident, the solid-rocket boosters could be considered a subsystem. When the hot gases broke through the O-ring, a component of the subsystem, a total system breakdown began as a cascade effect that ultimately destroyed the orbiter. This analysis should be started no later than the definition phase in the system life cycle and continue until the beginning of the system production phase. Analysis techniques include Fault Hazard Analysis (FHA) and Fault Tree Analysis (FTA), discussed in more detail in the next section (Roland and Moriarty, 1990). 

Introduction Purpose and Scope Hazard Analyses Preliminary Hazard Analysis Fault Hazard Analysis Logic Diagram Analysis Procedures Analysis Requirements Verification... 

Because so much of aviation is controlled by people, human factor analysis tools are at the heart of the aviation industry. Different types of human factors analyses are used in air navigation, such as air traffic control, crew resource management in the cockpit, and even appropriate design and maintenance of aircraft systems. Fault tree analysis, fault hazard analysis, FMEA, and different probabilistic risk tools are also used in the detailed design of safety critical subsystems. 

Various extractions have been taken fiom the basic hazard analysis format. The SSHA looks only at hazards within a subsystem. Likewise, the SHA concentrates on system-level hazards. PHA looks only at the initial design of the system. Fault hazard analysis emphasizes faults in a system that can create hazards. As stated previously, these hazard analyses reaUy are all the same thing. 

Fault hazard analysis (FHA) is an analysis technique for identifying hazards arising from component failure modes. It is accomplished by examining the potential failure modes of subsystems, assemblies, or components, and determining which failure modes can form undesired states that could result in a mishap. Note that FHA deals with faults even though it looks at failure modes and is similar to an FMEA in structure. The technique was developed to allow the analyst to stop the analysis at a point where it becomes clear that a failure mode did not contribute to a hazard, whereas the FMEA requires complete evaluation of all failure modes. 

Figure 2.24 Example fault hazard analysis worksheet.

Once the hazards and their causes are identified, they can be used as top events in a fault tree or used to verify the completeness of a fault hazard analysis. Consequently, the energy trace analysis method complements but does not replace other analyses, such as fault trees, sneak circuit analyses, event trees, and FMEAs. 

---