ChE/MEE 124 (W2009)
An Example of Fault Tree
Fault Tree Analysis (FTA) is a popular tool used by system engineers to improve the safety of systems .Fault trees are used to anticipate system failures, identify weak links, and balance costs against system safety.
Let’s consider the pressure vessel in Figure 1. The safety system consists of 4 valves, which are connected to the tank. The valves will open if the pressure in the tank exceeds a certain level, for example P. The content in the tank will be release to the environment 0
if both valves A and A on line 1 or both valves A and A on line 2 are open. 1234
Figure 1. Arrangement of pressure tank and valves.
a) What is the probability that the safety system fails to function when needed, i.e.
the valves do not open when the pressure in the tank exceeds P ? 0
The first step is to define the Top Event. The Top Event in this case is that the safety
system fails to release the content in the tank when the pressure is more than P. 0
The second step is to construct a logic diagram (the Fault Tree) showing the necessary conditions or events that must occur in order for the top event to occur. First, the Intermediate Events are identified and their logical relationships to the top-level event are determined.
For the safety system of the pressure tank to fail to work, the following two events must occur simultaneously:
; Line (1) fails to open
; Line (2) fails to open
Note that the failure could not occur if either one of these two events does not occur. This is known as an "AND" logical relationship in the Fault Tree terminology. In an "AND"
relationship, all input events must be satisfied concurrently for the higher level event to occur.
Construction of the Fault Tree continues by identifying the appropriate events at lower levels and their logical relationship to the higher-level events. This process is continued until basic failure events are identified. Basic failures are those which are not analyzed further. The basic failures (or root causes) are placed at the bottom of the tree.
The basic failures we choose for the present case are:
; Valve 1 fails to open
; Valve 2 fails to open
; Valve 3 fails to open
; Valve 4 fails to open
The fault tree is shown in Figure 2.
The objective of FTA is to compute the probability of the top event based on the probability of the basic failures. The probability of bottom events can be determined through direct experimentation, historical experience, or estimation. For example, from past data, we know that the probability that the valve will fail open when the pressure is more than P is p(A fails to open) = p(A fails to open)= p(A fails to open)= p(A fails 01234
to open) = 0.001.
Once the probabilities of the basic events are known the fault tree is solved from the bottom up using Boolean logic and mathematics. We assume for now that the basic failures are considered to be independent events. The probability associated with an AND
gate is easy to solve. To compute the probability of any event, simply multiply the probability of all sub-events. For the OR gate, the probability of the output event is determined by adding the probabilities of all sub-events (usually these are small so that intersections involving higher order terms are negligible).
So the probability of the top event is
P(failure to danger mode) =( p(A fails to open) + p(A fails to open)) x ( p(A fails to 121
open) + p(A fails to open)) 2
A complete fault tree analysis must take into account common-cause failures. Significant environmental events (e.g., earthquake, lightning strikes, terrorist attacks, etc.) may simultaneously cause failures of multiple components or subsystems.
The safety system fails to
release the content in the
tank when the pressure is
more than P0
(1) fails to open(2) fails to open
A fails to A fails to A fails to A fails to 1234
open open open open
Figure 2 Fault tree for fail-to danger mode.
b) What is the probability that the safety system releases the contents in the tank
when the pressure is less than P? 0
In this we consider the case that the valves open spuriously even when the pressure in the tank is less than P. This is the fail-to-safe mode, i.e. the safety system acts spuriously 0
under normal operational condition. This is important because the contents in the tank will be released to environment unnecessarily. .
In the fail-to-safe mode we are concerned with the valves opening spuriously during a certain period of time. This is like a Poisson process. For example, suppose an estimate of -4the probability that a valve will open spuriously under normal working condition is 10
per year. This data is usually provided by the manufacturer.
Let consider the probability of fail-to-safe over a period of 1 year ( for example this may be a maintenance interval). The probability that valve A will open spuriously during one 1-4year is 10. This is the same for A, A and A. 234
Figure 3 shows the fault tree for the fail-to-safe mode. The calculation of the probability
of the top event is trivial. The final result is
p(fail-to-safe) = p(A opens spuriously) x p(A opens spuriously) 12
+ p(A opens spuriously) x p(A opens spuriously) 34
The safety system acts
spuriously to release the
content in the tank when
the pressure is less than P0
(1) opens spuriously(2) opens spuriously
A opens A opens A opens A opens 1234spuriously spuriously spuriously spuriously
Figure 3 Fault tree for fail-safe mode.