Fault tree analysis requirements

It is important in fault tree analysis to consider only the nearest contributing event. There is always a tendency to jump immediately to the details, skipping all of the intermediate events. Some practice is required to gain experience in this technique. 

Process Hazards Analysis. Analysis of processes for unrecogni2ed or inadequately controUed ha2ards (see Hazard analysis and risk assessment) is required by OSHA (36). The principal methods of analysis, in an approximate ascending order of intensity, are what-if checklist failure modes and effects ha2ard and operabiHty (HAZOP) and fault-tree analysis. Other complementary methods include human error prediction and cost/benefit analysis. The HAZOP method is the most popular as of 1995 because it can be used to identify ha2ards, pinpoint their causes and consequences, and disclose the need for protective systems. Fault-tree analysis is the method to be used if a quantitative evaluation of operational safety is needed to justify the implementation of process improvements. 

Layer of protection analysis (LOPA) is a simplified form of event tree analysis. Instead of analyzing all accident scenarios, LOPA selects a few specific scenarios as representative, or boundary, cases. LOPA uses order-of-magnitLide estimates, rather than specific data, for the frequency of initiating events and for the probability the various layers of protection will fail on demand. In many cases, the simplified results of a LOPA provide sufficient input for deciding whether additional protection is necessary to reduce the likelihood of a given accident type. LOPAs typically require only a small fraction of the effort required for detailed event tree or fault tree analysis. 

A failure modes and effects analysis delineates components, their interaction.s ith each other, and the effects of their failures on their system. A key element of fault tree analysis is the identification of related fault events that can contribute to the top event. For a quantitative evaluation, the failure modes must be clearly defined and related to a numerical database. Component failure modes should be realistically and consistently postulated within the context of system operational requirements and environmental factors. 

The complexity of the system directly affects the time and cost requirements for tlie fault tree analysis. The larger tlie modeling processes the longer tlie time needed to detemiine a resolution of tlie analysis. Complex systems mean many potential accident events and larger problems. 

Failure sequence modeling techniques such as fault tree analysis or event tree analysis are used to estimate tlie likelihood of incidents in facilities where historical data is unai ailable, or is inadequate to accurately estimate tlie likelihood of the liazardous incidents of concern. Otlier modeling tecluiiques may be required to consider tlie impact of external events (eartliquakes, floods, etc.), common cause failures, and human factors and hmnan reliability. 

Extrapolation of historical data to larger scale operations may overlook hazards introduced by scale up to larger equipment Limitation of fault tree tlieory requires system simplification Incompleteness in fault and event hee analysis Uncertainties in data -... 

To determine maximum individual risk, generic frequency data are required for explosion events for Process Units 1 and 2. For Process Unit 1, incident data were available from the unit licenser identifying three explosions in approximately 15,000 operating years, for an explosion frequency of 2.0 x 10-4 per year. For Process Unit 2, a fault tree analysis of the nitrogen vessel brittle fracture event had been conducted as part of an unrelated project. That study concluded that the frequency of brittle fracture failure of the nitrogen vapor storage vessel was 5x10"4 per year. 

All team members should be familiar with PrHA objectives, the PrHA method to be used, and their roles in performing the PrHA. A 1- or 2-hour overview at the beginning of the first team review session is generally sufficient for this purpose. However, the more demanding PrHA methods, such as fault tree analysis (FTA), require more training and/or a greater depth of experience than less-rigorous methods, such as what-if and checklist analyses. 

Although risk analysis of new facilities is required by Ref. 39, the method of conducting the analysis is left quite open. The reference suggests fault hazard analysis, fault tree analysis, or sneak circuit analysis. Ref. 41 is an example of a thorough hazards evaluation and risk analysis for a new facility at Radford Army... 

Fault tree analysis is based on a graphical, logical description of the failure mechanisms of a system. Before construction of a fault tree can begin, a specific definition of the top event is required for example the release of propylene from a refrigeration system. A detailed understanding of the operation of the system, its component parts, and the role of operators and possible human errors is required. Refer to Guidelines for Hazard Evaluation (CCPS, 1992) and Guidelines for Chemical Process Quantitative Risk Assessment (CCPS, 2000). 

The disciplines of engineering and quality control have long recognized the principles of root cause analysis. Some process safety tools for root cause analysis have been borrowed from these disciplines. For example, fault tree analysis was developed as an engineering tool, but its logic tree structure has been adapted to meet process safety requirements. 

The estimated impact is then compared to hazard acceptance criteria to determine whether the consequences are tolerable without additional loss prevention and mitigation measures. If the identified consequences are not tolerable, the next step is to estimate the ffequency/probability of occurrence of the identified failure modes leading to loss of containment. For simple cases, frequency estimates are combined with consequences to yield a qualitative estimate of risk. For complex cases, fault tree analysis is used to estimate the frequency of the event leading to the hazard. These estimates are then combined with the consequences to yield a measure of risk. The calculated risk level is compared to a risk acceptance criterion to determine if mitigation is required for further risk reduction. 

Fault tree analysis (FTA) is a deductive method, which usually serves for quantification. Just like any method of systems analysis it requires in the first place a qualitative investigation of the system under analysis. After system failure or more generally the undesired or unwanted event (e.g. toxic release) has been defined, logic relationships with the so-called primary or basic events are identified and represented by a fault tree (vid. Fig. 9.8). The primary event may represent the failure of a technical component, an operator error or an impact from outside the plant like flooding or the spreading of a fire from neighbouring installations. 

DAL for each function, along with its associated requirements and failure conditions, if apphcable (refer to Chapters on ARP4754A System Assurance and Fault Tree Analysis). 

The fault tree analysis describes a hazardous top event and the basic event which maybe leads to such a top event in a top-down method. The methods are dev-ided in static fault tree analysis and dynamic fault tree analysis. The static fault tree analysis describes the system top event in static way. In further steps it is not possible to describe functional system redundancy with this static Fault Tree Analysis (FTA). Especially if cold and hot spares are integrated or if triggers are used, the static fault tree analysis is unsatisfying these requirements. Therefore it is more suitable to use the extended Dynamic Fault Tree Analysis. The DIFTree (Dynamic Innovative Fault Tree) software package could be a helpful tool for the system development... 

Fault tree analysis is one of the most meaningful system safety techniques available for systematically reducing the probability of an undesired event. It can also be one of the more expensive techniques because it requires a skilled and knowledgeable analyst and a considerable amount of time, especially if the project is complex and a quantitative approach is required. 

The major input requirement for a fault tree analysis is the top event. The nature of the undesired top event must be provided based on an earlier hazard analysis (formal or informal) and/or historical data. 

What are the input requirements for fault tree analysis (qualitative and quantitative) ... 

The SSHA evaluates hazardous conditions, on the subsystem level, which may affect the safe operation of the entire system. In the performance of the SSHA, it is prudent to examine previous analyses that may have been performed such as the preliminary hazard analysis (PHA) and the failure mode and effect analysis (FMEA). Ideally, the SSHA is conducted during the design phase and/or the production phase, as shown in Chapter 3, Figure 3.4. However, as discussed in the example above, an SSHA can also be done during the operation phase, as required, to assist in the identification of hazardous conditions and the analysis of specific subsystems and/or components. In the event of an actual accident or incident investigation, the completed SSHA can be used to assist in the development of a fault tree analysis by providing data on possible contributing fault factors located at the subsystem or component level. 

---