FAULT & EVENT TREE ANALYSIS

BY

NITESH M. DONGARE
FAULT TREE ANALYSIS
 DEFINITION

• Fault Tree Analysis (FTA) is one of the most important

logic and probabilistic techniques used in Probabilistic
Risk Assessment (PRA) and system reliability assessment.

• Fault Trees are deductive method for identifying ways in

which hazards can lead to accident.

• The approach starts with a well defined accident ,or top

event, and works backwards towards the various
scenarios that can cause the accident.
 STEPS IN CARRYING OUT A FAULT TREE ANALYSIS

• Identify the objective for the FTA.

2. Define the top event of the FT.

• Define the scope of the FTA.

4. Define the resolution of the FTA.

• Define ground rules for the FTA.

* The first five steps involve the problem formulation for an FTA.

6. Construct the FT.

7. Evaluate the FT.
• Interpret and present the results.

• The remaining steps involve the actual construction of the FT, the evaluation
of the FT, and the interpretation of the FT results.
SYMBOL REPRESENTATIONS

Circle – it means that basic failure

Diamond – it means that basic fault

Rectangle – it means that resultant event

Double diamond – represents an event

House – represents the basic event

 FAULT TREE CONSTRUCTION`

 Consider the following block diagram. Let I/P and O/P be the input
And output terminals. There are two sub-systems A and B that are connected in series.

X1 X3
INPUT OUTPUT

X2 X4

SUB - SYSTEM (A) SUB - SYSTEM (B)

For this the fault tree analysis diagram shown in next slide
 F (S) Top event

OR

F (A) F (B) intermediate event

AND AND

F( X 1) F( X 2) F( X 3) F( X 4)
Basic event
 CONTINUE…..
Here F(x1) , F(x2) , F(x3), F(x4) Are Events Fail…

F (A) = SUB – SYSTEM (A) FAILS

F(B) = SUB – SYSTEM (B) FAILS

THEN F(A) = F(X1) AND F(X2)

AND F(B) = F(X3) AND F(X4)

FINALLY THE FAILURE OF THE SYSTEM

F(S) = F(A) OR F(B)

 CALCULATION OF RELIABILITY
FROM FAULT TREE
CONSIDER THE EARLIER BLOCK DIAGRAM
The probability of failure of sub – system (A) is indicated as shown in below,
P(A) = P (X 1 and X 2)
P(A) = P( X1) * P( X 2)
Similarly for sub – system (B)
P(B) = P( X 3 and X 4)
P(B) = P( X 3) * P( X 4)
FAILURE OCCURS WHEN SUB – SYSTEM (A) or (B) FAIL..,
F (S) = P(A) or P(B) THEN F(S) = P(A) + P(B) – ( P(A) * P(B) )
IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4
THEN
P( Xi ) = 1 – Ri
RELIABILITY OF SYSTEM R(S) = 1 - F(S)
• For an emergency operation theatre in a hospital, the power is obtained from
the main city supply through a transformer connected in series. To ensure an
uninterrupted supply, an auxiliary generator is also used with a suitable switch-
over. The probability of failure of the city supply is 0.01 and the transformer
reliability is 0.996. the auxiliary power generator has a reliability factor of 0.99.
draw the block diagram for the system. Construct the fault tree and, based on
this, calculate the reliability of the system.

mains

transformer Operation
theatre

generator
 BLOCK DIAGRAM

INPUT
X1 X2

OUTPUT
X3
 Fault tree for problem

F (S)

AND

OR

A Generator
B C
fails
Main fails Transformer fails
 SOLUTION
FAILURE OF THE SYSTEM

F (S) = ( P ( X1 ) or P(X 2) ) and P( X 3 )

P ( X 1) = 0.01

P ( X 2) = 1 – 0.996 = 0.004

P ( X 3) = 1 – 0.99 = 0.001

F (S) = ( P (X 1) + P (X 2 ) – ( P (X1 ) * P(X2) ) ) * ( P (X 3 ) )

= ( 0.01 + 0.004 – ( 0.01 * 0.004) ) * (0.001)

F(S) = 0.0001396

FOR RELIABILITY
R(S) = 1- F(S)

= 1- 0.0001396

R(S) = 0.99986
 USES
• Use of FTA to understand of the logic leading to the top event.

• Use of FTA to prioritize the contributors leading to the top event.

• Use of FTA as a proactive tool to prevent the top event.

• Use of FTA to monitor the performance of the system.

• Use of FTA to minimize and optimize resources.

• Use of FTA to assist in designing a system.

• Use of FTA as a diagnostic tool to identify and correct causes of the top event.
 ADVANTAGES

• Begins with top event.

• Use to determine the minimal cut sets.

 DISADVANTAGES

• Complicated process.

• Require considerable amount of time to complete.

EVENT TREE ANALYSIS
 DEFINITION

• Event trees begin with an initiating event & work

towards the final result.

• This method provides information on how a failure can

occur & the probability of occurrence.
 STEPS INVOLVED IN AN ETA

1. Identify an initiating event of interest.

2. Identify the safety functions designed

to deal with the initiating event.

3. Construct the event tree.

4. Describe the resulting accident event

sequences
 EXAMPLE
• Oxidation reactor high temp. Alarm alerts operator at
temp T1.
• Operator reestablish cooling water flow to the oxidation
reactor.
• Automatic shutdown system stops reaction at temp. T2.
( T2 > T1)

These safety functions are listed in the order in which they

are intended to occur.
 Reactor Feed Cooling Coils

Cooling Water Out

Cooling
Water In

Reactor
TIC
Temperature
Controller TIA
Alarm Figure 11-8 Reactor with
at Thermocouple high temperature alarm and
T > TA High Temperature Alarm temperature controller.
 Step 1 - Identify the initiating event

• system or equipment failure

• human error
• process upset

[Example]

“Loss of Cooling Water”

to an Oxidation Reactor
Step 2 - Identify the Safety Functions Designed to Deal with
the Initiating Event

• Safety system that automatically respond to the initiating event.

• Alarms that alert the operator when the initiating event occurs and operator actions
designed to be performed in response to alarms or required by procedures.

• Barriers or Containment methods that are intended to limit the effects of the
initiating event.
Step 3: Construct the Event Tree
a. Enter the initiating event and safety functions.

Oxidation reactor Operator Automatic

SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

FIRST STEP IN CONSTRUCTING EVENT TREE

Step 3: Construct the Event Tree
b. Evaluate the safety functions
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s

Failure

REPRESENTATION OF THE FIRST SAFETY FUNCTION

Step 3: Construct the Event Tree
b. Evaluate the safety functions
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s
If the safety function does not affect the course of the
accident, the accident path proceeds with no branch pt
Failure to the next safety function.

REPRESENTATION OF THE SECOND SAFETY FUNCTION

Step 3: b. Evaluate safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator to oxidation temperature T2
at temperature T1 reactor

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Succes
s
Completed !

Failure

COMPLETED EVENT TREE

Step 4: Describe the Accident Sequence
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation temperature T2
at temperature T1 reactor

B C D
A Safe condition,
return to normal
operation
AC Safe condition,
process shutdown
INITIATING EVENT:
ACD Unsafe condition,
Loss of cooling water runaway reaction,
to oxidation reactor operator aware of
A problem
AB Unstable condition,
process shutdown

ABD Unsafe condition,

runaway reaction,
Succes operator unaware
s of problem

Failure

ACCIDENT SEQUENCES
 High Temp Operator Operator Operator
Safety Function:Alarm Alerts Notices Re-starts Shuts Down
Operator High Temp Cooling Reactor Result

Identifier: B C D E
Failures/Demand: 0.01 0.25 0.25 0.1
A Continue Operation
0.7425
AD
0.99 Shut Down
0.2227
0.247 ADE
Runaway
5 0.02475
A
AB
1 Continue Operation
0.00562
5
ABD
Initiating Event:
0.007 Shut Down
Loss of Cooling 0.00168
5 8
ABDE
0.00187
1 Occurrence/yr. Runaway
5 0.0001875
0.01 ABC
Continue Operation
0.00187
5
ABCD
0.002 Shut Down
0.000562
5 5
ABCDE
0.000625
Shutdown = 0.2227 + 0.001688 + 0.005625 = 0.2250 occurrences/yr. 0.0000625 Runaway
Runaway = 0.02475 + 0.0001875 + 0.0000625 = 0.02500 occurrences/yr.
Figure 11-9 Event tree for a loss of coolant accident for the reactor of Figure 11-8.
 Safety Function
0.01 Failures/Demand

Initiating Success of Safety Function

Event (1-0.01)*0.5 = 0.495 Occurrence/yr.
0.5 Occurrences/yr.

Failure of Safety Function

0.01*0.5 = 0.005 Occurrence/yr.

Figure 11-10 The computational sequence across a safety function

in an event tree.
 High Temp Operator Operator Operator Operator
Alarm
Safety Function: Alerts Notices Re-starts Shuts Down Shuts Down
Operator High Temp Cooling Reactor Result
Identifier: B C D E F
Failures/Demand: 0.01 0.25 0.25 0.01 0.1
A
0.7425 Continue Operation
AD
0.99 0.2450 Shut Down
ADE
0.2475 0.002228 Shut Down
ADEF
0.002475 0.0002475 Runaway
A AB
1 0.005625 Continue Operation
Initiating Event: ABD
0.001856 Shut Down
Loss of Cooling 0.00750
ABDE
1 Occurrence/yr. 0.001875 0.00001688 Shut Down
ABDEF
0.00001875 0.00000187 Runaway
5
0.01 ABC
0.001875 Continue Operation
ABCD
0.0006187 Shut Down
0.0025
ABCDE
0.000625 0.00000563 Shut Down
ABCDEF
0.00000675 0.00000062 Runaway
5
Shutdown = 0.2450 + 0.001856 + 0.00001688 + 0.0006187 = 0.2475 occurrences/yr.
Runaway = 0.0002475 + 0.000001875 + 0.000000625 = 0.0002500 occurrences/yr.
Figure 11-11 Event tree for the reactor of Figure 11-8. This includes a high temperature shutdown
 ADVANTAGES

• Structured, rigorous, and methodical approach.

• Can be effectively performed on varying levels of design detail.

• Permits probability assessment.

 DISADVANTAGES
• An ETA can only have one initiating event, therefore multiple ETAs will be
required to evaluate the consequence of multiple initiating events.

• Partial successes/failures are not distinguishable.

• Requires an analyst with some training and practical experience.