FAULT TREE ANALYSIS
I. CONCEPT DISCUSSION
Fault tree analysis (FTA) is a top down, deductive failure analysis in which an undesired state of
a system is analyzed using Boolean logic to combine a series of lower-level events. This
analysis method is mainly used in the fields of safety engineering and reliability engineering to
understand how systems can fail, to identify the best ways to reduce risk or to determine (or get
a feeling for) event rates of a safety accident or a particular system level (functional) failure. FTA
is used in the aerospace, nuclear power, chemical and process, pharmaceutical, petrochemical
and other high-hazard industries; but is also used in fields as diverse as risk factor identification
relating to social service system failure. FTA is also used in software engineering for debugging
purposes and is closely related to cause-elimination technique used to detect bugs.
In aerospace, the more general term "system Failure Condition" is used for the "undesired
state" which is the top event of the fault tree. These conditions are classified by the severity of
their effects. The most severe conditions require the most extensive fault tree analysis. These
"system Failure Conditions" and their classification are often previously determined in the
functional hazard analysis.
USAGE:
            Understand the logic leading to the top event/undesired state.
            Show compliance with the (input) system safety/reliability requirements
            Prioritize the contributors leading to the top event- creating the critical
             equipment/parts/events lists for different important measures
            Monitor and control the safety performance of the complex system (e.g. is a
             particular aircraft safe to fly when fuel valve x malfunctions? For how long is it
             allowed to fly with the valve malfunction?)
            Minimize and optimize resources
            Assist in designing a system. The FTA can be used as a design tool that helps to
             create (output/ lower level) requirements
            Function as a diagnostic tool to identify and correct causes of the top event. It
             can help with the creation of diagnostic manuals/processes
GRAPHIC SYMBOLS:
The basic symbols used in FTA are grouped as events, gates, and transfer symbols.
                        Figure 1: Graphic Symbols used in Fault Tree Analysis
EVENT SYMBOLS
These are used for primary and intermediate events. Primary events are not further developed
on the fault tree. Intermediate events are found at the output of a gate. The event symbols are
shown below:
                         Figure 2: Event Symbols used in Fault Tree Analysis
The primary event symbols are typically used as follows:
            Basic Event  failure or error in a system component or element (example: stick
               stuck in open position)
            External Event  normally expected to occur (not of itself a fault)
            Undeveloped Event  an event about which insufficient information is available,
               or which is of no consequence.
            Conditioning Event - conditions that restrict or affect logic gates (example: mode
               of operation in effect)
An intermediate event gate can be used immediately above a primary event to provide more
room to type the event description. FTA is top to bottom approach
GATE SYMBOLS:
Gate symbols describe the relationship between input and output events. The symbols are
derived from Boolean logic symbols:
                          Figure 3: Gate Symbols used in Fault Tree Analysis
The gates work as follows:
           OR gate - the output occurs if any input occurs
           AND gate - the output occurs only if all inputs occur (inputs are independent)
           Exclusive OR gate - the output occurs if exactly one input occurs
           Priority AND gate - the output occurs if the inputs occur in a specific sequence
             specified by a conditioning event
           Inhibit gate - the output occurs if the input occurs under an enabling condition
             specified by a conditioning event
TRANSFER SYMBOLS:
Transfer symbols are used to connect the inputs and outputs of related fault trees, such as the
fault tree of a subsystem to its system. NASA prepared a complete document about FTA
through practical incidents.
                        Figure 4: Transfer Symbols used in Fault Tree Analysis
BASIC MATHEMATICAL FOUNDATION
Events in a fault tree are associated with statistical probabilities. For example, component
failures may typically occur at some constant failure rate  (a constant hazard function). In this
simplest case, failure probability depends on the rate  and the exposure time t:
        P = 1 - exp(-t)
        P  t, t < 0.1
A fault tree is often normalized to a given time interval, such as a flight hour or an average
mission time. Event probabilities depend on the relationship of the event hazard function to this
interval.
Unlike conventional logic gate diagrams in which inputs and outputs hold the binary values of
TRUE (1) or FALSE (0), the gates in a fault tree output probabilities related to the set operations
of Boolean logic. The probability of a gate's output event depends on the input event
probabilities.
An AND gate represents a combination of independent events. That is, the probability of any
input event to an AND gate is unaffected by any other input event to the same gate. In set
theoretic terms, this is equivalent to the intersection of the input event sets, and the probability
of the AND gate output is given by:
      P (A and B) = P (A  B) = P(A) P(B)
An OR gate, on the other hand, corresponds to set union:
       P (A or B) = P (A  B) = P(A) + P(B) - P (A  B)
Since failure probabilities on fault trees tend to be small (less than .01), P (A  B) usually
becomes a very small error term, and the output of an OR gate may be conservatively
approximated by using an assumption that the inputs are mutually exclusive events:
       P (A or B)  P(A) + P(B), P (A  B)  0
An exclusive OR gate with two inputs represents the probability that one or the other input, but
not both, occurs:
        P (A xor B) = P(A) + P(B) - 2P (A  B)
Again, since P (A  B) usually becomes a very small error term, the exclusive OR gate has
limited value in a fault tree.
II. FTA PROCEDURE
A single fault tree is used to analyze one and only one undesired event or top event, which may
be subsequently fed into another fault tree as a basic event. Though the nature of the undesired
event may vary dramatically, a FTA follows the same procedure for any undesired event; be it a
delay of 0.25 ms for the generation of electrical power, an undetected cargo bay fire, or the
random, unintended launch of an ICBM. Due to labor cost, FTA is normally only performed for
more serious undesired events.
It involves five steps:
         1. Define the undesired event to study
                  Definition of the undesired event can be very hard to catch, although some of
                     the events are very easy and obvious to observe. An engineer with a wide
                     knowledge of the design of the system or a system analyst with an
                     engineering background is the best person who can help define and number
                     the undesired events. Undesired events are used then to make the FTA, one
                     event for one FTA; no two events will be used to make one FTA.
         2. Obtain an understanding of the system
             Once the undesired event is selected, all causes with probabilities of affecting
                the undesired event of 0 or more are studied and analyzed. Getting exact
                numbers for the probabilities leading to the event is usually impossible for the
                reason that it may be very costly and time consuming to do so. Computer
                software is used to study probabilities; this may lead to less costly system
                analysis.
             System analysts can help with understanding the overall system. System
                designers have full knowledge of the system and this knowledge is very
                important for not missing any cause affecting the undesired event. For the
                selected event all causes are then numbered and sequenced in the order of
                occurrence and then are used for the next step which is drawing or
                constructing the fault tree.
      3. Construct the fault tree
             After selecting the undesired event and having analyzed the system so that
                we know all the causing effects (and if possible their probabilities) we can
                now construct the fault tree. Fault tree is based on AND and OR gates which
                define the major characteristics of the fault tree.
      4. Evaluate the fault tree
             After the fault tree has been assembled for a specific undesired event, it is
                evaluated and analyzed for any possible improvement or in other words study
                the risk management and find ways for system improvement. This step is as
                an introduction for the final step which will be to control the hazards identified.
                In short, in this step we identify all possible hazards affecting in a direct or
                indirect way the system.
      5. Control the hazards identified
             This step is very specific and differs largely from one system to another, but
                the main point will always be that after identifying the hazards all possible
                methods are pursued to decrease the probability of occurrence.
COMPARISON WITH OTHER ANALYTICAL METHODS
            Fault Tree Analysis           Failure Mode and Effects Analysis
                                           Inductive
    Deductive                             Bottom-up Analysis Method
    Top-down Method                       Aimed at analyzing the effects of a
    Aimed at analyzing the effects of
                                            single component or function failures
     initiating faults and events on a
                                            on equipment or subsystems
     complex system                        Good at exhaustively cataloging
    Very good at showing how resistant a
                                            initiating faults, and identifying their
     system is to single or multiple
                                            local effects.
     initiating faults                     Not good at examining multiple
    Not good at finding all possible
                                            failures or their effects at a system
     initiating faults
    Considers external effects             level.
                                           Does not consider external effects
BENEFITS OF FAULT TREES
     A fault tree creates a visual record of a system that shows the logical relationships
     between events and causes lead that lead to failure. It helps others quickly understand
     the results of your analysis and pinpoint weaknesses in the design and identify errors.
     A fault tree diagram will help prioritize issues to fix that contribute to a failure.
     In many ways, the fault tree diagram creates the foundation for any further analysis and
     evaluation.
     For example, when changes or upgrades are made to the system, you already have a
     set of steps to evaluate for possible effects and changes.
     You can use a fault tree diagram to help you design quality tests and maintenance
     procedures.
III. EXAMPLES OF FAULT TREES
                                   Figure4: Fault Tree Example 1
Figure 5: Fault Tree Example 2