Fault Tree Analysis
An Overview of Basic Concepts
This quick subject guide provides an overview of the basic concepts in Fault Tree Analysis (FTA, system analysis) as it applies to system reliability and a directory of some other resources on the subject.
History of Fault Tree Analysis (FTA)
Fault Tree Analysis (FTA) is another technique for reliability and safety analysis. Bell Telephone Laboratories developed the concept in 1962 for the U.S. Air Force for use with the Minuteman system. It was later adopted and extensively applied by the Boeing Company. Fault tree analysis is one of many symbolic "analytical logic techniques" found in operations research and in system reliability. Other techniques include Reliability Block Diagrams (RBDs).
What is a Fault Tree Diagram (FTD)?
Fault tree diagrams (or negative analytical trees) are logic block diagrams that display the state of a system (top event) in terms of the states of its components (basic events). Like reliability block diagrams (RBDs), fault tree diagrams are also a graphical design technique, and as such provide an alternative to methodology to RBDs.
An FTD is built top-down and in term of events rather than blocks. It uses a graphic "model" of the pathways within a system that can lead to a foreseeable, undesirable loss event (or a failure). The pathways interconnect contributory events and conditions, using standard logic symbols (AND, OR etc). The basic constructs in a fault tree diagram are gates and events, where the events have an identical meaning as a block in an RBD and the gates are the conditions.
Fault Trees and Reliability Block Diagrams
The most fundamental difference between FTDs and RBDs is that in an RBD one is working in the "success space", and thus looks at system successes combinations, while in a fault tree one works in the "failure space" and looks at system failure combinations. Traditionally, fault trees have been used to access fixed probabilities (i.e. each event that comprises the tree has a fixed probability of occurring) while RBDs may have included time-varying distributions for the success (reliability equation) and other properties, such as repair/restoration distributions.
Drawing Fault Trees: Gates and Events
Fault trees are built using gates and events (blocks). The two most commonly used gates in a fault tree are the AND and OR gates. As an example, consider two events (or blocks) comprising a Top Event (or a system). If occurrence of either event causes the top event to occur, then these events (blocks) are connected using an OR gate. Alternatively, if both events need to occur to cause the top event to occur, they are connected by an AND gate. As a visualization example, consider the simple case of a system comprised of two components, A and B, and where a failure of either component causes system failure. The system RBD is made up of two blocks in series (see RBD configurations), as shown next:
The fault tree diagram for this system includes two basic events connected to an OR gate (which is the "Top Event"). For the "Top Event" to occur, either A or B must happen. In other words, failure of A OR B causes the system to fail.
Relationships Between Fault Trees and RBDs
In general (and with some specific exceptions), a fault tree can be easily converted to an RBD. However, it is generally more difficult to convert an RBD into a fault tree, especially if one allows for highly complex configurations. The following table shows gate symbols commonly used in fault tree diagrams and describes their relationship to an RBD. (The term "Classic Fault Tree" refers to the definitions as used in the Fault Tree Handbook (NUREG-0492) by the U.S. Nuclear Regulatory Commission).
|
Table 1: Classic
Fault Tree Gates and their |
|||
| Name of Gate | Classic FTA Symbol | Description | RBD Equivalent |
| AND |
 |
The output event occurs if all input events occur. | Simple Parallel Configuration |
| OR |
 |
The output event occurs if at least one of the input events occurs. | Series Configuration |
| Voting OR (k-out-of-n) |
 |
The output event occurs if k or more of the input events occur. | k-out-of-n Parallel Configuration |
| Inhibit |
 |
The input event occurs if all input events occur and an additional conditional event occurs. | Simple Parallel Configuration of all the events plus the condition |
| Priority AND |
 |
The output event occurs if all input events occur in a specific sequence. | Standby Parallel Configuration (without a quiescent failure distribution) |
| Dependency AND | Not used in classic FTA. Gate defined by ReliaSoft. | The output event occurs if all input events occur, however the events are dependent, i.e. the occurrence of each event affects the probability of occurrence of the other events. | Load Sharing Parallel Configuration |
| XOR |
 |
The
output event occurs if exactly one input event occurs.
|
Cannot be represented and does not apply in terms of system reliability. In system reliability, this would imply that a two-component system would function even if both components have failed. |
|
Table 2: RBD Constructs without a Traditional Fault Tree Equivalent |
|||
| Function | FTA Equivalent | Description | RBD Equivalent |
| Dependency (Load Sharing) | Not used in classic FTA. | Allows for modeling event dependency (or load sharing). The output event occurs if all input events occur, however the events are dependent, i.e. the occurrence of each event affects the probability of occurrence of the other events. | Load Sharing Parallel Configuration |
| True Standby with a quiescent failure distribution | A Priority AND gate can be used. However, this does not account for quiescent failure probabilities. | Standby redundancy configurations consist of items that are inactive and available to be called into service when/if the active item fails (i.e. on standby). Items on standby can also fail (quiescent) while waiting to switch. | Standby Parallel Configuration |
|
Table 3: Traditional Fault Tree Gates without an RBD Equivalent |
|||
| Name of Gate | Classic FTA Symbol | Description | RBD Equivalent |
| XOR |
|
The
output event occurs if exactly one input event occurs. In a
two component system the event does not occur if both or none
of the inputs occur. When modeling system reliability, this implies that the system is successful if none of the components fail or if all of the components fail. |
Cannot be represented and does not apply in terms of system reliability. In system reliability, this would imply that a two-component system would function even if both components have failed. |
Events
The gates in a fault tree are the logic symbols that interconnect contributory events and conditions. An event (or a condition) block in a fault tree is the same as a standard block in an RBD, in that it can have a probability of occurrence (or a distribution function). However, unlike traditional RBDs, where a single graphical representation is utilized to represent the block (or event), fault trees use several graphical block representations. Table 4 discusses these graphical representations.
|
Table 4: Traditional Fault Tree Event Symbols and their RBD Equivalents |
|||
| Primary Event Block | Classic FTA Symbol | Description | RBD Equivalent |
| Basic Event |
 |
A basic initiating fault (or failure event). | Block |
| External Event (House Event) |
 |
An
event that is normally expected to occur.
In general, these events can be set to occur or not occur, i.e. they have a fixed probability of 0 or 1. |
Block
that cannot fail or that is in a failed state.
|
| Undeveloped Event |
 |
An event which is no further developed. It is a basic event that does not need further resolution. | Block |
| Conditioning Event |
 |
A specific condition or restriction that can apply to any gate. | Block: Placement of the block will vary depending on the gate applied to. |
|
Table 5: Additional Fault Tree Constructs and their RBD Equivalents |
|||
| Primary Event Block | Classic FTA Symbol | Description | RBD Equivalent |
| Transfer |
 |
Indicates a transfer continuation to a sub tree. | Subdiagram Block |
Example 1
A fault tree diagram with a Voting Gate and the RBD equivalent.
Example 2
Fault Trees and Complex RBDs: The best example of a complex reliability
block diagram is the so called "bridge." The following RBD represents
such a bridge.
Representation of this bridge as a fault tree diagram requires the
utilization of duplicate events, since gates can only represent components
in series and parallel. An inspection of this system reveals that any
of the following failures will cause the system to fail: Failure of components 1 and 2. Failure of components 3 and 4. Failure of components 1 and 5 and 4. Failure of components 2 and 5 and 3. In probability terminology, we have: (1 And 2) Or (3 And 4) Or (1 And
5 And 4) Or (2 And 5 And 3). These sets of events are also called minimal cut sets. It can
now be seen how the fault tree can be created by representing the above
set of events in the following fault tree.
Conversion of the above fault tree to an RBD (note that components
with same name are mirrored blocks).
Additional Resources and Publications on this site
Additional Resources and Publications on other sites
-
Fault Tree Handbook (NUREG-0492)
Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001 -
FAULT TREE ANALYSIS A Special Bibliography from the NASA Scientific and Technical Information (STI) Program. http://www.sti.nasa.gov/new/fta34.pdf
