Fault Tree Analysis

An Overview of Basic Concepts

This quick subject guide provides an overview of the basic concepts in Fault Tree Analysis (FTA, system analysis) as it applies to system reliability and a directory of some other resources on the subject.

History of Fault Tree Analysis (FTA)

Fault Tree Analysis (FTA) is another technique for reliability and safety analysis. Bell Telephone Laboratories developed the concept in 1962 for the US Air Force for use with the Minuteman system. It was later adopted and extensively applied by the Boeing Company. Fault tree analysis is one of many symbolic "analytical logic techniques" found in operations research and in system reliability. Other techniques include Reliability Block Diagrams (RBDs).

What is a Fault Tree Diagram (FTD)?

Fault tree diagrams (or negative analytical trees) are logic block diagrams that display the state of a system (top event) in terms of the states of its components (basic events). Like reliability block diagrams (RBDs), fault tree diagrams are also a graphical design technique, and as such provide an alternative to methodology to RBDs.

An FTD is built top-down and in term of events rather than blocks. It uses a graphic "model" of the pathways within a system that can lead to a foreseeable, undesirable loss event (or a failure). The pathways interconnect contributory events and conditions, using standard logic symbols (AND, OR etc). The basic constructs in a fault tree diagram are gates and events, where the events have an identical meaning as a block in an RBD and the gates are the conditions.

Fault Trees and Reliability Block Diagrams

The most fundamental difference between FTDs and RBDs is that in an RBD one is working in the "success space", and thus looks at system successes combinations, while in a fault tree one works in the "failure space" and looks at system failure combinations. Traditionally, fault trees have been used to access fixed probabilities (i.e. each event that comprises the tree has a fixed probability of occurring) while RBDs may have included time-varying distributions for the success (reliability equation) and other properties, such as repair/restoration distributions.  

Drawing Fault Trees: Gates and Events

Fault trees are built using gates and events (blocks). The two most commonly used gates in a fault tree are the AND and OR gates. As an example, consider two events (or blocks) comprising a Top Event (or a system). If occurrence of either event causes the top event to occur, then these events (blocks) are connected using an OR gate. Alternatively, if both events need to occur to cause the top event to occur, they are connected by an AND gate. As a visualization example, consider the simple case of a system comprised of two components, A and B, and where a failure of either component causes system failure. The system RBD is made up of two blocks in series (see RBD configurations), as shown next:

The fault tree diagram for this system includes two basic events connected to an OR gate (which is the "Top Event"). For the "Top Event" to occur, either A or B must happen. In other words, failure of A OR B causes the system to fail.

Relationships Between Fault Trees and RBDs

In general (and with some specific exceptions), a fault tree can be easily converted to an RBD. However, it is generally more difficult to convert an RBD into a fault tree, especially if one allows for highly complex configurations. The following table shows gate symbols commonly used in fault tree diagrams and describes their relationship to an RBD. (The term "Classic Fault Tree" refers to the definitions as used in the Fault Tree Handbook (NUREG-0492) by the  US Nuclear Regulatory Commission).

Table 1: Classic Fault Tree Gates and their
Traditional RBD Equivalents

Name of Gate Classic FTA Symbol Description RBD Equivalent
AND AND Gate The output event occurs if all input events occur. Simple Parallel Configuration

[See Example]

OR OR Gate The output event occurs if at least one of the input events occurs. Series Configuration

[See Example]

Voting OR (k-out-of-n) Voting OR Gate The output event occurs if k or more of the input events occur. k-out-of-n Parallel Configuration

[See Example]

Inhibit Inhibit Gate The input event occurs if all input events occur and an additional conditional event occurs. Simple Parallel Configuration of all the events plus the condition

[See Example]

Priority AND Priority AND Gate The output event occurs if all input events occur in a specific sequence. Standby Parallel Configuration (without a quiescent failure distribution)
Dependency AND Not used in classic FTA. Gate defined by ReliaSoft. The output event occurs if all input events occur, however the events are dependent, i.e. the occurrence of each event affects the probability of occurrence of the other events. Load Sharing Parallel Configuration
XOR XOR Gate The output event occurs if exactly one input event occurs. 
Cannot be represented and does not apply in terms of system reliability. In system reliability, this would imply that a two-component system would function even if both components have failed.

 

Table 2: RBD Constructs without a Traditional Fault Tree Equivalent

Function FTA Equivalent Description RBD Equivalent
Dependency (Load Sharing) Not used in classic FTA. Allows for modeling event dependency (or load sharing). The output event occurs if all input events occur, however the events are dependent, i.e. the occurrence of each event affects the probability of occurrence of the other events. Load Sharing Parallel Configuration
True Standby with a quiescent failure distribution A Priority AND gate can be used. However, this does not account for quiescent failure probabilities. Standby redundancy configurations consist of items that are inactive and available to be called into service when/if the active item fails (i.e. on standby). Items on standby can also fail (quiescent) while waiting to switch. Standby Parallel Configuration

 

Table 3: Traditional Fault Tree Gates without an RBD Equivalent

Name of Gate Classic FTA Symbol Description RBD Equivalent
XOR XOR Gate The output event occurs if exactly one input event occurs. In a two component system the event does not occur if both or none of the inputs occur.   

When modeling system reliability, this implies that the system is successful if none of the components fail or if all of the components fail.

Cannot be represented and does not apply in terms of system reliability. In system reliability, this would imply that a two-component system would function even if both components have failed.

Events

The gates in a fault tree are the logic symbols that interconnect contributory events and conditions. An event (or a condition) block in a fault tree is the same as a standard block in an RBD, in that it can have a probability of occurrence (or a distribution function). However, unlike traditional RBDs, where a single graphical representation is utilized to represent the block (or event), fault trees use several graphical block representations. Table 4 discusses these graphical representations.

Table 4: Traditional Fault Tree Event Symbols and their RBD Equivalents

Primary Event Block Classic FTA Symbol Description RBD Equivalent
Basic Event A basic initiating fault (or failure event).   Block
External Event (House Event) An event that is normally expected to occur.

In general, these events can be set to occur or not occur, i.e. they have a fixed probability of 0 or 1.

Block that cannot fail or that is in a failed state.

 

Undeveloped Event An event which is no further developed. It is a basic event that does not need further resolution. Block
Conditioning Event A specific condition or restriction that can apply to any gate. Block: Placement of the block will vary depending on the gate applied to.

 

Table 5: Additional Fault Tree Constructs and their RBD Equivalents

Primary Event Block Classic FTA Symbol Description RBD Equivalent
Transfer Indicates a transfer continuation to a sub tree.    Subdiagram Block

Example 1

A fault tree diagram with a Voting Gate and the RBD equivalent.

FTA with Voting Gate and RBD Equivalent

Example 2

Fault Trees and Complex RBDs: The best example of a complex reliability block diagram is the so called "bridge." The following RBD represents such a bridge.

RBD Bridge

Representation of this bridge as a fault tree diagram requires the utilization of duplicate events, since gates can only represent components in series and parallel. An inspection of this system reveals that any of the following failures will cause the system to fail:

  • Failure of components 1 and 2.

  • Failure of components 3 and 4.

  • Failure of components 1 and 5 and 4.

  • Failure of components 2 and 5 and 3.

 In probability terminology, we have:

  • (1 And 2) Or (3 And 4) Or (1 And 5 And 4) Or (2 And 5 And 3).

These sets of events are also called minimal cut sets.  It can now be seen how the fault tree can be created by representing the above set of events in the following fault tree.

Conversion of the above fault tree to an RBD (note that components with same name are mirrored blocks).

Additional Resources and Publications on this site

Additional Resources and Publications on other sites