Fault Tree Analysis

An Overview of Basic Concepts

This quick subject guide provides an overview of the basic concepts in Fault Tree Analysis
(FTA, system analysis) as it applies to system reliability and a directory of some other
resources on the subject.

History of Fault Tree Analysis (FTA)

Fault Tree Analysis (FTA) is another technique for reliability and safety analysis. Bell
Telephone Laboratories developed the concept in 1962 for the U.S. Air Force for use with
the Minuteman system. It was later adopted and extensively applied by the Boeing
Company. Fault tree analysis is one of many symbolic "analytical logic techniques" found in
operations research and in system reliability. Other techniques include Reliability Block
Diagrams (RBDs).

What is a Fault Tree Diagram (FTD)?

Fault tree diagrams (or negative analytical trees) are logic block diagrams that display the
state of a system (top event) in terms of the states of its components (basic events). Like
reliability block diagrams (RBDs), fault tree diagrams are also a graphical design technique,
and as such provide an alternative to methodology to RBDs.

An FTD is built top-down and in term of events rather than blocks. It uses a graphic "model"
of the pathways within a system that can lead to a foreseeable, undesirable loss event (or a
failure). The pathways interconnect contributory events and conditions, using standard logic
symbols (AND, OR etc). The basic constructs in a fault tree diagram are gates and events,
where the events have an identical meaning as a block in an RBD and the gates are the
conditions.

Fault Trees and Reliability Block Diagrams

The most fundamental difference between FTDs and RBDs is that in an RBD one is working
in the "success space", and thus looks at system successes combinations, while in a fault
tree one works in the "failure space" and looks at system failure combinations. Traditionally,
fault trees have been used to access fixed probabilities (i.e. each event that comprises the
tree has a fixed probability of occurring) while RBDs may have included time-varying
distributions for the success (reliability equation) and other properties, such as
repair/restoration distributions.

Drawing Fault Trees: Gates and Events

Fault trees are built using gates and events (blocks). The two most commonly used gates in
a fault tree are the AND and OR gates. As an example, consider two events (or blocks)
comprising a Top Event (or a system). If occurrence of either event causes the top event to
occur, then these events (blocks) are connected using an OR gate. Alternatively, if both
events need to occur to cause the top event to occur, they are connected by an AND gate.
As a visualization example, consider the simple case of a system comprised of two
components, A and B, and where a failure of either component causes system failure. The
system RBD is made up of two blocks in series (see RBD configurations), as shown next:

The fault tree diagram for this system includes two basic events connected to an OR gate
(which is the "Top Event"). For the "Top Event" to occur, either A or B must happen. In
other words, failure of A OR B causes the system to fail.

Relationships between Fault Trees and RBDs

In general (and with some specific exceptions), a fault tree can be easily converted to an
RBD. However, it is generally more difficult to convert an RBD into a fault tree, especially if
one allows for highly complex configurations. The following table shows gate symbols
commonly used in fault tree diagrams and describes their relationship to an RBD. (The term
"Classic Fault Tree" refers to the definitions as used in the Fault Tree Handbook (NUREG-
0492) by the U.S. Nuclear Regulatory Commission).

Table 1: Classic Fault Tree Gates and their

Traditional RBD Equivalents

Classic FTA
Name of Gate Description RBD Equivalent
Symbol

Simple Parallel
Configuration
The output event occurs if all input
AND
events occur.
[See Example]

Series Configuration
The output event occurs if at least
OR
one of the input events occurs. [See Example]

k-out-of-n Parallel
Configuration
Voting OR (k-out- The output event occurs if k or more
of-n) of the input events occur.
[See Example]

Simple Parallel
Configuration of all the
The input event occurs if all input
events plus the condition
Inhibit events occur and an additional
conditional event occurs.
[See Example]

Standby Parallel
The output event occurs if all input
Configuration (without a
Priority AND events occur in a specific
quiescent failure
sequence.
distribution)

The output event occurs if all input

Not used in classic events occur, however the events
Load Sharing Parallel
Dependency AND FTA. Gate defined are dependent, i.e. the occurrence
Configuration
by ReliaSoft. of each event affects the probability
of occurrence of the other events.

Cannot be represented
and does not apply in
terms of system reliability.
The output event occurs if exactly In system reliability, this
XOR
one input event occurs. would imply that a two-
component system would
function even if both
components have failed.
 Table 2: RBD Constructs without a Traditional Fault Tree Equivalent

Function FTA Equivalent Description RBD Equivalent

Allows for modeling event

dependency (or load sharing). The
output event occurs if all input
Dependency (Load Not used in classic Load Sharing Parallel
events occur, however the events
Sharing) FTA. Configuration
are dependent, i.e. the occurrence
of each event affects the probability
of occurrence of the other events.

Standby redundancy configurations

A Priority AND gate
consist of items that are inactive
can be used.
True Standby with and available to be called into
However, this does Standby Parallel
a quiescent failure service when/if the active item fails
not account for Configuration
distribution (i.e. on standby). Items on standby
quiescent failure
can also fail (quiescent) while
probabilities.
waiting to switch.

Table 3: Traditional Fault Tree Gates without an RBD Equivalent

Classic FTA
Name of Gate Description RBD Equivalent
Symbol

The output event occurs if exactly

one input event occurs. In a two
component system the event does
not occur if both or none of the
inputs occur.
When modeling system reliability,
XOR
this implies that the system is
successful if none of the
components fail or if all of the
components fail.
Cannot be represented
and does not apply in
terms of system reliability.
In system reliability, this
would imply that a two-
component system would
function even if both
components have failed.

Events

The gates in a fault tree are the logic symbols that interconnect contributory events and
conditions. An event (or a condition) block in a fault tree is the same as a standard block in
an RBD, in that it can have a probability of occurrence (or a distribution function). However,
unlike traditional RBDs, where a single graphical representation is utilized to represent the
block (or event), fault trees use several graphical block representations. Table 4 discusses
these graphical representations.

Table 4: Traditional Fault Tree Event Symbols and their RBD Equivalents

Primary Event Classic FTA

Description RBD Equivalent
Block Symbol

A basic initiating fault (or failure

Basic Event Block
event).

An event that is normally expected

to occur.
Block that cannot fail or
that is in a failed state.
External Event In general, these events can be set
(House Event)
to occur or not occur, i.e. they have
a fixed probability of 0 or 1.

An event which is no further

Undeveloped
developed. It is a basic event that Block
Event
does not need further resolution.

Block: Placement of the

Conditioning A specific condition or restriction
block will vary depending
Event that can apply to any gate.
on the gate applied to.

Table 5: Additional Fault Tree Constructs and their RBD Equivalents

Primary Event Classic FTA

Description RBD Equivalent
Block Symbol

Indicates a transfer continuation to

Transfer Subdiagram Block
a sub tree.

Example 1

A fault tree diagram with a Voting Gate and the RBD equivalent.
Example 2

Fault Trees and Complex RBDs: The best example of a complex reliability block diagram is
the so called "bridge." The following RBD represents such a bridge.

Representation of this bridge as a fault tree diagram requires the utilization of duplicate
events, since gates can only represent components in series and parallel. An inspection of
this system reveals that any of the following failures will cause the system to fail:

• Failure of components 1 and 2.

• Failure of components 3 and 4.

• Failure of components 1 and 5 and 4.

• Failure of components 2 and 5 and 3.

In probability terminology, we have:

• (1 And 2) Or (3 And 4) Or (1 And 5 And 4) Or (2 And 5 And 3).

These sets of events are also called minimal cut sets. It can now be seen how the fault tree
can be created by representing the above set of events in the following fault tree.
Conversion of the above fault tree to an RBD (note that components with same name are
mirrored blocks).