– Fault Tree Analysis –
Introduction to Fault Tree Analysis (FTA)
Engineers are tasked with anticipating failure well in advance of a product making it to the consumer. Potential failure must be identified early in the product development cycle to successfully mitigate the risk. This failure prevention activity is intended to protect the consumer from an unacceptable experience. There are many tools used to identify potential failures and their causes / mechanisms. One of these tools is Fault Tree Analysis (FTA). FTA is a deductive analysis depicting a visual path of failure. As product and process technology becomes more complex, the visual FTA approach has proven to be invaluable as a stand-alone risk technique or a supplement to Failure Mode and Effects Analysis (FMEA).
What is Fault Tree Analysis (FTA)
Fault Tree Analysis is a top-down, deductive analysis which visually depicts a failure path or failure chain. FTA follows the concept of Boolean logic, which permits the creation of a series of statements based on True / False. When linked in a chain, these statements form a logic diagram of failure. Events are arranged in sequences of series relationships (the “ors”) or parallel relationships (the “ands”). Results for each event are presented in a tree-like diagram using logic symbols to show dependencies among events.
Events are related to mechanical components, software and / or electronics used in the design of the product. Top-level, undesired events are the primary topic being studied in FTA. The severity classification of the Top-level event is often determined in a Systems-level Hazard Analysis.
Fault Tree Analysis also provides valuable troubleshooting information when applied to problem solving. The FTA diagram often utilizes failure probabilities at each level, from components and software to the undesirable Top-level event.
Why Perform Fault Tree Analysis (FTA)
FTA depicts the risk-based path to a root cause or Base-level event. The identified risks drive actions which are intended to mitigate the risk prior to program launch. Alternatively, when investigating a failure, the chain of events depicted by FTA allows the problem solver to see the events leading to a root cause(s) or Base-level event. The Fault Tree Analysis is applied when:
- A Hazard Analysis previously indicated a safety concern
- There is a new design with new content
- There is a current design with modifications, which may include changes due to past failure
- There is a current design being used in a new environment or change in duty cycle (no physical change made to design)
- Investigation of a safety or regulatory concern
- A picture of the failure would be more beneficial than a written inductive analysis
How to Perform Fault Tree Analysis (FTA)
As previously mentioned, the FTA is a logical breakdown from the Top-level undesired event, cascaded to the Base-level event (root cause). Each path has a probability assigned. The paths related to the highest severity / highest probability combinations are identified and will require mitigation. Starting at the Base-level event (at the bottom of the FTA) and working the path up to the undesirable Top-level event is called a Cut Set. There are many cut sets within the FTA. Each has an individual probability assigned to it. The Base-level event is often color coded to identify the risk level indicated.
The 5 basic steps to perform a Fault Tree Analysis are as follows:
- Identify the Hazard
- Obtain Understanding of the System Being Analyzed
- Create the Fault Tree
- Identify the Cut Sets
- Mitigate the Risk
Step 1: Identify the Hazard
Knowing the consequence of the failure is useful in defining the Top-level event of the Fault Tree. The Top-level event, or Hazard, should be defined as precisely as possible:
- How much?
- How long (duration)?
- What is the safety impact?
- What is the environmental impact?
- What is the regulatory impact?
Step 2: Obtain Understanding of the System Being Analyzed
- Create or acquire appropriate support information:
- List of components (Bill of Material)
- Boundary Diagram
- Code Requirements
- Engineering Noises and Environments
- Examples of similar products or failures
- List the potential causes of the hazard to the next level. This is similar to the 5 Why process, except development of a Fault Tree should be focused on a single level before progressing to the next.
- Include system design engineers, who have full knowledge of the system and its functions, in the higher levels of the Fault Tree Analysis. This knowledge is very important for cause selection.
- Include Reliability Engineers who can assist in developing the relationships of causes to a failure or fault.
- Estimate probability of the causes at the Base-level event
- Label all causes with codes (optional)
- Prioritize or sequence causes in the order of occurrence or probability
Step 3: Create the Fault Tree
In the FTA example to the right, the team would stop the analysis on “Air Present” because Oxygen presence is outside of the control of the team developing the FTA.
Analysis continues down to the next level on “Fuel Leak”. The team performing the FTA is brought together to focus on the potential causes of fuel leaks. The analysis is not limited to mechanical failures alone. The inclusion of electronics and software in complex design brings both the opportunity to create or mitigate failures. The risks may be prevented through engineering choices or controlled through Quality Control.
The example tree continues to additional, more detailed levels. The Base-level event (depicted as a circle or oval) is the point at which the team can address the risk.
The Base-level event is typically color coded as follows:
- Red: Critical Risk
- Orange: High Risk
- Yellow: Minor Risk
- Green: Acceptable / Very Low Risk
Step 4: Identify the Cut Sets
- Risk is estimated for each event
- When available, the failure rate data can be used to calculate the risk of a single chain or the many chains
- If there is no data, an estimate is established based on subjective guidelines similar to those used in FMEA development
- The Cut Sets with risk greater than the system can tolerate (i.e. safety or inoperative conditions) are selected for mitigation
- Actions are required for Critical (red) and High Risks (orange)
Step 5: Mitigate the Risk
Risk Mitigation can take many forms. A popular method is to use the criticality method. Other techniques require a level of mitigation calculated to Defects per Million Opportunities (DPMO). Safety systems may require resulting risk to be mitigated to:
- Error Proofing (cannot Occur)
- 1 in 10 million (1 X 10 to the minus 7)
Action logs and revision records are kept for follow-up and closure of each undesirable risk. Any risk not mitigated to an acceptable level is a candidate for Mistake Proofing or Quality Control, which protects the consumer from the risk.
Examples of Mitigation Strategies
When a risk is unacceptable the team may have several options available. The following are a few examples of the options available:
- Design change
- Selection of a component with a higher reliability to replace the Base-level event component
- This is often expensive unless identified early in Product Development
- Physical Redundancy of the Component
- This option places the redundant component in parallel to the other. Both must fail simultaneously for the hazard to be experienced. If a safety issue exists, this option may require non-identical components.
- Software Redundancy
- The addition of a sensing circuit, which can change the state of the product, often reduces the severity of the event by protecting components through duty cycle changes and reducing input stresses when identified.
- Warning System
- The circuit may just warn of an event. This requires action by an operator or analyst. It is important to note that if this course of action is taken, Human Factors Reliability must also enter the evaluation.
- Quality Control
- This may include removal of the potential failure through testing or inspection. The inspection effectiveness must match the level of severity that the hazard may impose on the consumer.
Fault Tree Analysis (FTA) Services
The FTA Services available from Quality-One are FTA Consulting, FTA Training and FTA Support, which may include Facilitation, Auditing or Contract Services. Our experienced team of highly trained professionals will provide a customized approach for developing your people and processes based on your unique FTA needs. Whether you need Consulting to assist with a plan to deploy FTA, Training to help understand and drive improvement or hands-on Project Support for building and implementing your FTA process, Quality-One can support you! By utilizing our experienced Subject Matter Experts (SME) to work with your teams, Quality-One can help you appreciate the value of FTA in your organization.
Learn More About Fault Tree Analysis (FTA)
Quality-One offers Quality and Reliability Support for Product and Process Development through Consulting, Training and Project Support. Quality-One provides Knowledge, Guidance and Direction in Quality and Reliability activities, tailored to your unique wants, needs and desires. Let us help you Discover the Value of FTA Consulting, FTA Training or FTA Project Support.