FMEA & FTA

Dr.M.D. Jaybhaye
Associate Professor
Dept. of Mfg. Engg. & Industrial Management
College of Engineering, Pune
System safety analysis
Failure Modes and Effects Analysis
The procedures:
Information included in FMECA:
Even Tree Analysis
 General Description
•Fault Tree Analysis (FTA) is a deductive reasoning technique that
focuses on one particular accident event.
•The fault tree itself is a graphic model that displays the various
combinations of equipment faults and failures that can result in the
accident event.
•The solution of the fault tree is a list of the sets of equipment
failures and human/operator errors that are sufficient to result in
the accident event of interest.
•The strength of FTA as a qualitative tool is its ability to break
down an accident into basic equipment failures and human errors.
This allows the safety analyst to focus preventive measures on
these basic causes to reduce the probability of an accident.
Purpose: Identify combinations of equipment failures
and human errors that can result in an accident event.

When to Use:

a. Design: FTA can be used in the design phase of

the plant to uncover hidden failure modes that
result from combinations of equipment failures.
b. Operation: FTA including operator and procedure
characteristics can be used to study an operating
plant to identify potential combinations of failures
for specific accidents.
Type of Results: A listing of sets of equipment and/or
operator failures that can result in a specific accident.
These sets can be qualitatively ranked by importance.

Nature of Results: Qualitative, with quantitative

potential. The fault tree can be evaluated quantitatively
when probabilistic data are available.
Data Requirements:

a. A complete understanding of how the plant/system

functions.
b. Knowledge of the plant/system equipment failure
modes and their effects on the plant/system.
Fault Tree Analysis Procedure
 Gate Symbol Gate Name Causal Relation

Output event occurs if all input events occur

1 AND gate
simultaneously.

Output event occurs if any one of the input events

2 OR gate
occurs.

Input produces output when conditional event

3 Inhibit gate
occurs.
 Gate Symbol Gate Name Causal Relation

Priority Output event occurs if all input events occur in the

4 AND gate order from left to right.

Exclusive Output event occurs if one,but not both, of the

5
OR gate input events occurs.

m
Out of
m n gate Output event occurs if m out of n input events
6 (voting or occur.
n inputs
sample gate)
 Event Symbol Meaning of Symbols

1 Basic event with sufficient data

Circle

2 Undeveloped event

Diamond

3 Event represented by a gate

Rectangle

Event Symbols
 Event Symbol Meaning of Symbols

4 Conditional event used with inhibit gate

Oval

5 House event. Either occurring or not occurring

House

6 Transfer symbol

Triangles

Table Event Symbols

Classification of Failures
Sudden versus gradual failures
Hidden versus evident failures
According to effects (critical, degraded or
incipient)
According to severity (catastrophic, critical,
marginal or negligible)
Primary failure, secondary failure and
command fault
Component Failure
Characteristics
Primary failure: component within design
envelope (natural aging)
Secondary failure: excessive stresses
(neighboring components, environment,
plant personnel)
Command fault: inadvertent control signals
or noises (neighboring components,
environment, plant personnel)
COMPONENT FAILURE CHARACTERISTICS

Primary Faults and Failures

Primary faults and failures are equipment malfunctions that occur in the
environment for which the equipment was intended. These faults or failures are
the responsibility of the equipment that failed and cannot be attributed to some
external force or condition.

Secondary Faults and Failures

Secondary faults and Failures are equipment malfunctions that occur in an
environment for which the equipment was not intended. These faults or failures
can be attributed to some external force or condition.
COMPONENT FAILURE CHARACTERISTICS

Command Faults and Failures

•Command faults and failures are equipment malfunctions in which the component
operates properly but at the wrong time or in the wrong place. These faults or
failures can be attributed to the source of the incorrect command.

•when the exact failure mode for a primary or secondary failure is identified, and
failure data are obtained, primary and secondary failure events are the same as
basic failures and are shown as circles in a fault tree.
[ EXAMPLE ]
1) Primary
• Tank rupture due to metal fatigue

2) Secondary
• Fuse is opened by excessive current
• Earth quake cracks storage tanks
• Pressure vessel rupture because some faults external to the vessel
causes the internal pressure to exceed the design limits.

3)Command
• Power is applied inadvertently to relay coil.
• Noisy input to safety monitor randomly generate spurious shutdown
signals.
Boolean Algebra

A A
AND
AND
=
B C C B

AND: all the inputs are required to cause

the output.
Boolean Algebra

A A
OR
OR
=
B C C B

Inclusive OR: any input or combination

of inputs will cause the output.
Boolean Algebra

A
EOR
Exclusive OR: B or C
B C
but not both cause the
the output A.
Boolean Algebra

A A A

EOR = OR =

B B B
Boolean Algebra

A A
AND
AND
=
B AND B C D

C D
Boolean Algebra

A A
OR
OR
=
B OR B C D

C D
Boolean Algebra

A A
“EOR”
EOR
=
B EOR B C D

C ODD COMBINATIONS
D
Boolean Algebra

A A
OR
AND
=
B OR AND AND

B C B D
C D
Boolean Algebra

A A
OR
OR
=
B L B

(very low
probability)
Boolean Algebra

A (very low
A probability)
AND
AND
=
B L C L
(very low
(very low probability)
probability)
Boolean Algebra

A A
OR
OR
=
B AND B

C L
(very low
probability)
Boolean Algebra

A A

AND
=
B H B

(very high
probability)
Boolean Algebra

A A (very high
probability)
OR
OR
=
B H C H
(very high
(very high probability)
probability)
Boolean Algebra

A A

AND
=
B OR B

C H
(very high
probability)
Fault Tree Analysis: Introduction
Top-down approach to failure analysis:
Start at the top (tree root) with an undesirable event called a “top event”
and then determine all the possible ways that the top event can occur
Analysis proceeds by determining how the top event can be caused by
individual or combined lower-level undesirable events

Example:
Top event is “being late for work”
Clock radio not turning on, family emergency, bus not running on time
Clock radio won’t turn on if there is a power failure and battery is dead

Quick guide to fault trees: http://www.weibull.com/basics/fault-tree/index.htm

Fault-tree tutorial: http://www.fault-tree.net/papers/dugan-comp-sys-fta-tutor.pdf
Fault tree handbook:
http://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr0492/sr0492.pdf
Fault Tree Analysis: The Process
1. Identify “top event”

AND gate 2. Identify 1st-level contributors to top event

3. Use logic gate to connect 1st level to top

4. Identify 2nd-level contributors

OR gate
5. Link 2nd level to 1st level

6. Repeat until done

Basic events (leaf, atomic) Composite events

XOR Enabling External

Other k/n k-out-of-n condition
(not used event
symbols in reliability gate Inhibit
analysis) gate
Fault Tree Analysis: Cut Set
A cut set is any set of initiators so that the
failure of all of them induces the top event
Minimal cut set: A cut set for which
no subset is also a cut set
Minimal cut sets for this example:
{a, b}, {a, d}, {b, c}
Just as logic circuits can be transformed to
different (simpler) ones, fault trees can be
manipulated to obtain equivalent forms
a b d
Path set: Any set of initiators so that if all
are failure-free, the top event is inhibited
(to derive path sets, exchange AND gates
and OR gates and then find cut sets)
b c What are the path sets for this example?
Converting Fault Trees to Reliability Block
Diagrams
Minimal cut sets for this example:
{a, b}, {a, d}, {b, c}

b d b

a c

Another example:
Minimal cut set {a, b}, {a, c}, {a, d}, {c, d, e, f}
Construct a fault tree for the above
a b d Derive a reliability block diagram
What are the path sets for this example?
Applications of cut sets:
1. Evaluation of reliability
2. Common-cause failure assessment
b c 3. Small cut set  high vulnerability
 HIGH TEMP
EMERGENCY INTERLOCK
SHUT-OFF
VALVE BURSTING
FLOW TIS DISC
CONTROLLER )

FRC

FLOW
CONTROL
VALVE

MATERIAL
B

MATERIAL
A
 REACTOR EXPLOSION
3.6  10-4 F/YR

RUNAWAY BURSTING
REACTION DISC FAILS
0.02
Probability
1.8  10-2 F/YR of failure
on demand
FLOW CONTROL TEMPERATURE
LOOP FAILS INTERLOCK FAILS

0.3 F/YR 0.06

FLOW VALVE THERMO -

VALVE FAILS
CONTROLLER STICKS COUPLE &
TO CLOSE
FAILS OPEN RELAY FAIL
0.2 F/YR 0.1 F/YR 0.05 0.01
Probability Probability
of failure of failure
on demand on demand
Minimal Cut Set
Probability of the TOP event
Power
input Shaft 1
FAULT TREE ANALYSIS FOR PROBLEM SOLVING

 VISION
We can solve problems efficiently if we learn to see complexity
in simple things and simplicity in complex things. The fault Tree
Analysis (FTA) is such a tool.

FAULT TREE CONSTRUCTION

Fault tree is a technique to breakdown a problem into its

causes. It was developed by Boeing. It uses some symbols to
express the thought process.
 PROBLEM SOLVING CRITERIA

Most of the FMEA done in industry are useless. They try to use
inspection or testing as a recommended control. Adding inspection or
100% testing, does not improve the product. They only add to the
cost. Our paradigm is that we want high quality at lower price.
Therefore, inspection and testing are the least desirable choices.
Following are the correct choices, in order of their importance.

First Choice: ELIMINATE the need for the problem by changing the
product design.

Second Choice: Design to TOLERATE the fault with a back up

component.

Third Choice: If nothing can be done, make it FAIL-SAFE.

Fourth Choice: Install EARLY WARNING System in the machine.

Fault / Success Tree Analysis
Fig. Examples of fault tree symbols. a, AND gate; b, OR
gate; c, EOR gate; d, NOT gate; e, m-out-of-n gate; f,
basic event; g, incomplete event; h, intermediate event;
i, j, transfers IN, OUT
 AND gate. An output event is produced if all the input
events occur simultaneously.
 OR gate. An output event is produced if any one or
more of the input events occurs.
 INHIBIT gate. Input produces output only when a
certain condition is satisfied. It is used in a pair with
the conditional event symbol. An INHIBIT gate is a
special type of AND gate.
 EXCLUSIVE OR gate. Input events cause an output
event if only one of the input events occurs. The
output event will not occur if more than one input
event occurs. This gate can be replaced with the
combination of AND gates and OR gates.
 VOTING gate. Input events produce an output event
if at least k of n input events occur.
 Role of FTA in Decision-Making
FTA has numerous uses in enhancing product
reliability:
• To understand the logic leading to the top event
• To prioritize the contributors leading to the top
event
• As a proactive tool to prevent the top event
• To monitor the performance of the system
• To minimize and optimize resources
• To assist in designing a system
• As a diagnostic tool to identify and correct causes
of the top event.
 Steps of Fault Tree Analysis
A successful FTA requires the following steps be
carried out:
1. Identify the objective for the FTA.
2. Define the top event of the FT.
3. Define the scope of the FTA.
4. Define the resolution of the FTA.
5. Define ground rules for the FTA.
6. Construct the FT.
7. Evaluate the FT.
8. Interpret and present the results.
100