Fault tree analysis documentation

Fault tree analysis (FTA) and event tree analysis (ETA) are the methods most commonly applied quantitatively. Since they only address the likelihood of undesired events, these methods are often combined with consequence severity calculations in a quantitative risk analysis, as described by CCPS (1999b). Layer of protection analysis (LOPA) uses a semiquantitative, order-of-magnitude approach. It is documented with worked examples in CCPS (2001b). 

The Process Hazards Analysis team takes a systematic approach to identify potential process hazards and to document them [51]. The Hazardous-Operation Analysis (Haz-Op) is a method by which the process procedures, process and instrument diagrams, and process flow diagrams are evaluated for operability and safety. Fault-Tree Analysis (FTA) is also a method, which investigates the assessment of what-if scenarios and failure conditions. The outcomes of this analysis are recommendations for the col-... 

EVALUATING THE FAULT TREE. After a fault tree is constructed, it can be input to a fault tree analysis computer program, such as FTAP, IRRAS, or WAM. The output from the computer program is a list of MCSs which cause the top event to occur. For each of the MCSs, the analysts describe the consequences associated with that cut set. Table 4.25 shows a typical worksheet used to document the consequences associated with MCSs. 

Analytical trees can be used in a variety of ways in the system safety effort. The most common application of analytical trees in current system safety programs is probably the use of fault trees for fault tree analysis (FTA). However, analytical trees can also be used as planning tools, project description documents, status charts, and feeder documents for several hazard analysis techniques (including fault tree analysis). Analytical trees can be multipurpose, life cycle documents and represent one of the most useful tools available to managers, engineers, and safety professionals. 

Analytical trees are also very useful as feeder documents for several hazard analysis techniques, for example, failure mode and effects analysis (Chapter 14), fault tree analysis (Chapter 15), energy trace and barrier analysis (Chapter 13), and project evaluation tree analysis (Chapter 16), the primary hazard analysis tools for many projects. Virtually any analytical technique or any type of analysis can be simplified by starting with the analytical tree as a base document. 

The first step in performing a fault tree analysis is to collect the appropriate project description documents, existing hazard analyses, and guidance documents and carefully review them to determine the limits, scope, and ground rules for the FTA.This review includes defining the system to be analyzed, the depth or indenture levels to be included in the effort, and, of course, the nature of the undesired event or failure to be studied. 

The predominant method of evaluation in these studies has been fault tree analysis. The Reactor Safety Study also utilized event tree analysis to conveniently document accident sequences and to link the subsystem fault trees into a plant analysis. Failure Mode and Effects Analysis, used extensively in fast reactor safety, is the recommended method for preliminary analysis. All of these methods have application to the analysis of the fuel cycle Including the problems of safe arding special nuclear material. ... 

Fault tree analysis (FTA) An iterative documented process of a systematic nature performed to identify basic faults, determine their causes and effects, and establish their probabilities of occurrence. 

C.A. Erison II, Fault Tree Analysis, September 2000. Internet document, http //www. thecourse-pm.com/Library/FaultTreeAnalysis2.pdf. 

Assessment of random hardware failures and defenses against systematic failures Appendices included HAZOP, FMEA, and fault tree analysis. The document has 98 pages. 

Here, H2 fta doc is documentation that describes the fault tree analysis performed and justifies the claim that this estabUshes the given probability similarly, H2 integrity doc is documentation that justifies the claim that the software satisfies the requirements for integrity level 5 (in some scale). 

Used in conjunction with ISA-TR84.00.04-2005 Part 1, the example set forth in this technical report is provided to illustrate howto apply ANSI/ISA-84.00.01-2004 Parts 1-3 (lEC 61511 Mod). It is intended to demonstrate one method to meet the requirements of the standards. The reader should be aware that ANSI/ISA-84.00.01-2004 Parts 1-3 (lEC 61511 Mod) is performance based, and that many approaches can be used to achieve compliance. Some of the methods applied in this example include what-if and HAZOP techniques for hazard and risk analysis, LOPA for allocation of safety functions to protection layers, fault tree analysis for SIL verification, and ladder logic to document the application software requirements. Other techniques and tools could be utilized at each of these steps in the safety lifecycle to meet the requirements of the standards. 

The bubble diagrams were then utilized to develop a fault tree for each SIF using commercially available software. The output of the fault tree analysis software documents the SIF PFD (see Figures 5, 7, and 9). At this point, the calculated PFD was compared to the required PFD (see Table 7, column 10) where the calculated PFD failed to meet Table 7 requirements, the conceptual design was altered accordingly. 

Eliminate other distractions from the room if possible. Do not allow the witness to see any documents, such as causal factor charts, fault trees, showing the incident investigation team analysis of the occurrence. This may he appropriate for later interviews when only specific information is needed or a specific time gap is being filled in. 

There are various types of analyses that are used for a process hazard analysis (PHA) of the equipment design and test procedures, including the effects of human error. Qualitative methods include checklists, What-If, and Hazard and Operability (HAZOP) studies. Quantitative methods include Event Trees, Fault Trees, and Failure Modes and Effect Analysis (FMEA). All of these methods require rigorous documentation and implementation to ensure that all potential safety problems are identified and the associated recommendations are addressed. The review should also consider what personal protective equipment (PPE) is needed to protect workers from injuries. 

In 1985, the American Institute of Chemical Engineers (AIChE) initiated a project to produce the Guidelines for Hazard Evaluation Procedures. This document, prepared by Battelle, includes many system safety analysis tools. Even though frequently identified as hazard and operability (HazOp) programs, the methods being developed by the petrochemical industry to use preliminary hazard analyses, fault trees, failure modes, effects, and criticality analyses, as well as similar techniques to identify, analyze, and control risks systematically, look very much like system safety efforts tailored for the petrochemical industry (Goldwaite 1985). 

Are there documents that provide comprehensive analysis of all potential safety and health hazards of the worksite Are there documents that provide both the analysis of potential safety and health hazards for each new facility, equipment, material, or process and the means for eliminating or controlling snch hazards Does documentation exist outlining the step-by-step analysis of hazards in each part of each job, so that yon can clearly discern the evolution of decisions on safe work procedures If complicated processes exist, with a potential for catastrophic impact from an accident but low probability of such accident (as in nnclear power or chemical production), are there documents analyzing the potential hazards in each part of the process and the means to prevent or control them If there are processes with a potential for catastrophic impact from an accident but low probability of an accident, have analyses such as fault tree or what if been documented to ensure sufficient backup systems for worker protection in the event of multiple control failures ... 

Bow tie analysis is a tool that has become very popular in the last few years, especially because of the ease in which it can display cause-consequence of a particular hazardous condition. It is a qualitative tool that combines the fault tree to determine the causes and how the fault could occur, with the event tree, which documents the consequence of the hazardous condition. It became much better known in the mid-1990s when Royal Dutch/Shell used it to better understand the Piper Alpha disaster. The process industry uses it not only to assess the hazards and risks but also as a very effective communication tool to illustrate the cause-consequence-control and how it can impact a hazardous condition. In reality, it really isn t a new analytical tool, but rather, a very good visualization tool. 

The first step of safety verification is to verify that the software requirements are consistent with or satisfy safety constraints. Safety verification exists to provide evidence that associated risk has been reduced or eliminated [1]. Safety verification is not the same as functional verification. Functional verification assures that the software fully satisfies its specifications, while safety verification uses the results of the safety analysis process to assure that the software meets the safety requirements [20]. The safety verification can be done in two ways [1] (1) static analysis which looks over the code and design documents of the system (e.g. fault tree, formal verification) and (2) dynamic analysis requires the execution of the software to check all of the systems safety features. Static analysis is the same as a structured code review. Systems can be proven to match requirements, but it will not catch any safety states that the requirements miss [Ij. The dynamic analysis has the ability to catch unanticipated safety problems, but it cannot prove that a system is safe (e.g. software testing). 

---