FAULT TREE

ANALYSIS
(FTA)
Introduction
• Engineers are tasked to mitigate risk in a design, system, or
process.
• Failure prevention activity is necessary on how to protect
the consumer’s experience about it.
• There are many tools used to identify potential failures and
their causes / mechanisms. One of these tools is Fault Tree
Analysis (FTA).
• FTA is a deductive analysis depicting a visual path of failure.
As product and process technology becomes more
complex, the visual FTA approach has proven to be
invaluable as a stand-alone risk technique or a supplement
to Failure Mode and Effects Analysis (FMEA).
 Fault Tree Analysis (FTA)
• Fault Tree Analysis is a top-down, deductive analysis
which visually depicts a failure path or failure chain.
• FTA follows the concept of Boolean logic, which permits
the creation of a series of statements based on True /
False. When linked in a chain, these statements form a
logic diagram of failure.
• Events are arranged in sequences of series relationships
(the “ors”) or parallel relationships (the “ands”). Results
for each event are presented in a tree-like diagram using
logic symbols to show dependencies among events.
 Why do is it necessary to perform FTA?
FTA depicts the risk-based path to a root cause or Base-level event.
Alternatively, when investigating a failure, the chain of events depicted by
FTA allows the problem solver to see the events leading to a root cause(s)
or Base-level event. The Fault Tree Analysis is applied when:
• A Hazard Analysis previously indicated a safety concern
• There is a new design with new content
• There is a current design with modifications, which may include changes
due to past failure
• There is a current design being used in a new environment or change in
duty cycle (no physical change made to design)
• Investigation of a safety or regulatory concern
• A picture of the failure would be more beneficial than a written inductive
analysis
 How to Perform Fault Tree Analysis

• The 5 basic steps to perform a Fault Tree

Analysis are as follows:
1. Identify the Hazard
2. Obtain Understanding of the System Being
Analyzed
3. Create the Fault Tree
4. Identify the Cut Sets
5. Mitigate the Risk
 Step 1: Identify the Hazard
Knowing the consequence of the failure is useful in
defining the Top-level event of the Fault Tree. The
Top-level event, or Hazard, should be defined as
precisely as possible:
• How much?
• How long (duration)?
• What is the safety impact?
• What is the environmental impact?
• What is the regulatory impact?
Step 2: Obtain Understanding of the System
Being Analyzed
• Create or acquire appropriate support
information:
– List of components (Bill of Material)
– Boundary Diagram
– Schematic
– Code Requirements
– Engineering Noises and Environments
– Examples of similar products or failures
Step 2: Obtain Understanding of the System
Being Analyzed
• List the potential causes of the hazard to the next level.
– Include system design engineers, who have full knowledge of
the system and its functions, in the higher levels of the Fault
Tree Analysis. This knowledge is very important for cause
selection.
– Include Reliability Engineers who can assist in developing the
relationships of causes to a failure or fault.
• Estimate probability of the causes at the Base-level event
• Label all causes with codes (optional)
• Prioritize or sequence causes in the order of occurrence
or probability
 Step 3: Create the Fault Tree
• In the FTA example above, the team would stop the analysis on “Air Present”
because Oxygen presence is outside of the control of the team developing the FTA.
• Analysis continues down to the next level on “Fuel Leak”. The team performing the
FTA is brought together to focus on the potential causes of fuel leaks. The analysis
is not limited to mechanical failures alone. The inclusion of electronics and
software in complex design brings both the opportunity to create or mitigate
failures. The risks may be prevented through engineering choices or controlled
through Quality Control.
• The example tree continues to additional, more detailed levels. The Base-level
event (depicted as a circle or oval) is the point at which the team can address the
risk.
• The Base-level event is typically color coded as follows:
– Red: Critical Risk
– Orange: High Risk
– Yellow: Minor Risk
– Green: Acceptable / Very Low Risk
 Step 4: Identify the Cut Sets

• Risk is estimated for each event

– When available, the failure rate data can be used to calculate
the risk of a single chain or the many chains
– If there is no data, an estimate is established based on
subjective guidelines similar to those used in FMEA
development
• The Cut Sets with risk greater than the system can
tolerate (i.e. safety or inoperative conditions) are
selected for mitigation
• Actions are required for Critical (red) and High Risks
(orange)
 Step 5: Mitigate the Risk
• Risk Mitigation can take many forms. A popular
method is to use the criticality method. Other
techniques require a level of mitigation calculated to
Defects per Million Opportunities (DPMO). Safety
systems may require resulting risk to be mitigated to:
– Error Proofing (cannot Occur)
– 1 in 10 million (1 X 10 to the minus 7)
– Action logs and revision records are kept for follow-up and
closure of each undesirable risk. Any risk not mitigated to an
acceptable level is a candidate forMistake Proofing
 or Quality Control, which protects the consumer from the ri
sk.
 Examples of Mitigation Strategies
When a risk is unacceptable the team may have several options
available. The following are a few examples of the options
available:
• Design change
• Selection of a component with a higher reliability to replace the
Base-level event component
– This is often expensive unless identified early in Product Development
• Physical Redundancy of the Component
– This option places the redundant component in parallel to the other.
Both must fail simultaneously for the hazard to be experienced. If a
safety issue exists, this option may require non-identical components.
 Examples of Mitigation Strategies
• Software Redundancy
– The addition of a sensing circuit, which can change the state of the
product, often reduces the severity of the event by protecting
components through duty cycle changes and reducing input stresses
when identified.
• Warning System
– The circuit may just warn of an event. This requires action by an operator
or analyst. It is important to note that if this course of action is taken,
Human Factors Reliability must also enter the evaluation.
• Quality Control
– This may include removal of the potential failure through testing or
inspection. The inspection effectiveness must match the level of severity
that the hazard may impose on the consumer.
EVENT SYMBOLS
Primary Events
Event Symbols

Primary
Events

Basic Event
failure or error in a system component or element
Event Symbols

Primary
Events

External Event
normally expected to occur
Event Symbols

Primary
Events

Undeveloped Event
an event about which insufficient information is
available, or which is of no consequence
Event Symbols

Primary
Events

Conditioning Event
conditions that restrict or affect logic gates
EVENT SYMBOLS
Intermediate Events
Event Symbols

Intermediate
Events

Intermediate Event
can be used immediately above a primary event to
provide more room to type the event description
 Event Symbols
Primary Events Intermediate Events
Basic External Intermediate

Undeveloped Conditioning
FAULT TREE DIAGRAM
GATE SYMBOLS
Fault Tree Analysis

Gate
Symbols

OR Gate
the output occurs if any input occurs.
FAULT TREE DIAGRAM
Fault Tree Analysis

Gate
Symbols

AND Gate
the output occurs only if all inputs occur
FAULT TREE DIAGRAM
Fault Tree Analysis

Gate
Symbols

Exclusive OR Gate
the output occurs if exactly one input occurs
FAULT TREE DIAGRAM
Fault Tree Analysis

Gate
Symbols

Priority AND Gate

the output occurs if the inputs occur in a specific
sequence specified by a conditioning event
FAULT TREE DIAGRAM
Fault Tree Analysis

Gate
Symbols

Inhibit Gate
the output occurs if the input occurs under an enabling
condition specified by a conditioning event