Fault tree analysis sufficient cause

Fault tree analysis is a technique by which the system safety engineer can rigorously evaluate specific hazardous events. It is a type of logic tree that is developed by deductive logic from a top undesired event to all subevents that must occur to cause it. It is primarily used as a qualitative technique for studying hazardous events in systems, subsystems, components, or operations involving command paths. It can also be used for quantitatively evaluating the probability of the top event and all subevent occurrences when sufficient and accurate data are available. Quantitative analyses shall be performed only when it is reasonably certain that the data for part/component failures and human errors for the operational environment exist. 

Having identified a number of initiating events, the demand tree can be used as an input to other analysis techniques to carry out a more detailed risk assessment. This further stage would typically use either a fault-tree analysis or a layer of protection analysis (so long as the LOPA methodology used has sufficient flexibility to treat each cause separately and then combine them when assessing the frequency of the hazardous event). 

Fault Tree Analysis employs an analytical tree to display the results of an analysis (Suokas and Rouhiainen, 1993). It starts with the top event (injury or damage). The analysis proceeds backwards in order to identify all events and conditions that have caused the injury or damage. Logical relations (necessary and/or sufficient conditions) are estabhshed. Fault-tree analysis is not an accident model per se and gives limited support in the identification of causal factors. 

CONSTRUCTING THE FAULT TREE. Fault tree construction begins at the top event and proceeds, level by level, until all fault events have been traced to their basic contributing events or basic events. The analysis starts with a review of system requirements, function, design, environment, and other factors to determine the conditions, events, and failures that could contribute to an occurrence of the undesired top event. The top event is then defined in terms of sub-top events, i.e., events that describe the specific "whens and wheres" of the hazard in the top event. Next, the analysts examine the sub-top events and determine the immediate, necessary, and sufficient causes that result in each of these events. Normally, these are not basic causes, but are intermediate faults that require further development. For each intermediate fault, the causes are determined and shown on the fault tree with the appropriate logic gate. The analysts follow this process until all intermediate faults have... 

The Circle Used to depict a basic event in the FTA process. It can be a primary fault event (i.e., the first in the process to have occurred) and, therefore will require no further development. Use of the circle symbol offers the analyst some flexibility. A causal chain could conceivably become quite extensive. Many times, the analyst will obtain sufficient casual information from analysis of higher level events in the chain. Therefore, in order not to waste valuable time and resources analyzing a single event to its lowest possible level, the analyst can label a particular event as basic, using the circle symbol indicating that no further development is required. For this reason, the symbols of the fault tree places the circle at the base of the tree (i.e., a basic event). The basic event is also often referred to as a root event or root cause, for obvious reasons. 

Once the hazard scenarios have been identified, you will need to understand how those hazards came about. If the hazard analysis is not sufficient to understand the underlying causes of the hazard scenario, then further analysis will be necessary. A fault tree is particularly useful because it gives a good sequence of events that lead... 

The system safety case of corrrse varies from sector to sector. The core of a nuclear system safety case is (i) a deterministic analysis of the hazards and farrlts which could arise and cause injury, disability or loss of life fiom the plarrt either on or off the site, and (ii) a demonstration of the sufficiency and adequacy of the provisions (engineering and procedural) for ensuring that the combined frequencies of such events will be acceptably low. Safety systems will feature amongst the risk reducing provisions comprised in this demonstration, which will thus include qualitative substantiations of compliance with appropriate safety engineering standards supplemented (where practicable) by probabihstic analyses of their reliabilities. Other techniques which may be used for stracturing the safety case include fault and event tree analysis, failure mode and effects analysis (FMEA) and hazard and operability studies (HAZOPS). 

---