7/25/2019 W5INSE6320

1/8

1

INSE 6320 --Week 5

Risk Analysis for Information and Systems Engineering

F-N Curves Fault Trees

Event Trees

Dr. A. Ben Hamza Concordia University

2

F-N curves

Risk acceptability is mostly defined on the basis of F-N curves

F-N curves show the number of Fatalities against annual frequency.

Usually used to express societal risk.

Important to define acceptable / tolerable risk

3

How to generate F-N curves

The frequency of events which causes at least N fatalities is plottedagainst the number N on log log scales

The difference between the frequency of events with N or morefatalities, F(N), and that with N+1 or more, F(N+1), is the frequency of

events with exactly N fatalities, usually represented by f(N), with lower-case f. This means f N = F N-F N+1

Because f(N) must be non-negative, it follows that F(N) F(N+1) for allN, so that FN-curves never rise from left to right, but are always falling

or flat

The lower an FN curve is located on the F-N graph, the safer is thesystem it represents, because lower FN curves represent lower

frequencies of fatal events than higher curves.

4

Societal risk

The value F(1) is the frequency of accidents with 1 or morefatalities, or in other words the overall frequency of fatal accidents.

This is the left-hand point on FN-curves, where the curve meets

the vertical axis (usually located at N = 1 with logarithmic scales).

of number of events (floods, landslides, etc) and related fatalities

They can also be based on different future risk scenarios, in whichfor a number of events with different magnitudes the number of

casualties is estimated

7/25/2019 W5INSE6320

2/8

5

How to calculate F-N curves

In this exercise you will calculate F-N curves for accidents that have occurred inEurope in the period 1967 to 2001 (i.e., 35 years).

Three different types of accident data area available: for roads, railroad and aviation.

The analysis is based on empirical data, collected from historical accidents records.

6

How to calculate F-N curves

First calculate the total number of fatalities for road, railroad and aviation accidents by multiplyingthe number of events with the fatality class. Also calculate the average number of fatalities per

year..

Then calculate the cumulative number of events, starting with the lowest one in the table (relatedto 146 fatalities) and summing them up upwards.

Then calculate the cumulative frequency of events per year, by dividing the cumulative number bythe number of years.

7

How to calculate F-N curves

Plot these values in the graph indicated at the bottom of the spreadsheet in a log-log manner,with Fatalities (N) or the X-axis, and the cumulative frequency per year on the Y-Axis.

Compare the results. What can you conclude on the: Severity of the accident type

Frequency of the accident type

8

Probabilistic Risk Assessment

Probabilistic Risk Assessment usually answers three basic questions:

1) What can go wrong with the studied technological entity, or what are the initiatorsor initiating events (undesirable starting events) that lead to adverse

consequence(s)?

2) What and how severe are the potential adverse consequences that thetechnolo ical entit ma be eventuall subected to as a result of the occurrence

of the initiator?

3) How likely to occur are these undesirable consequences, or what are theirprobabilities or frequencies?

Two common methods of answering this last question are Fault Tree Analysisand Event Tree Analysis .

A fault tree is an event tree, where failures are emphasized rather thansuccesses

7/25/2019 W5INSE6320

3/8

9

Fault Tree Analysis

Fault Tree Analysis (FTA) is one of the most important logic and probabilistictechniques used in Probabilistic Risk Assessment (PRA) and system reliability

assessment.

Fault Tree Analysis is a deductive method for identifying ways in which hazardscan lead to accident.

, ,backwards towards the various scenarios that can cause the accident.

Fault trees are used to determine the probability of a top event (e.g., coredamage).

Top event defines the failure or success of a system or component

Fault trees use a structure of logical operations to calculate the probability of thetop event as a result of basic events inputs

10

Fault tree analysis is a graphical representation of the combination of faults

that will result in the occurrence of some (undesired) top event.

In the construction of a fault tree, successive subordinate failure events are

identified and logically linked to the top event.

The linked events form a tree structure connected by symbols called gates.

Fault Tree Analysis

11

Fault Tree Analysis

The undesired event is stated at the top of the tree

The fault tree gates specify logical combinations ofbasic events that lead to the top event

Fault trees can be used to identify system weaknesses

Fault trees can help recognize interrelationshipsbetween fault events

Fault trees consist of logic gates and basic events asinputs to the logic gates

Logic Gates: Boolean operations (union orintersection) of the input events

Basic Events: Faults such as a hardware failure,human error, or adverse condition

AND Gate:

12

Applying Fault Tree Analysis

Postulate top event (fault)

Branch down listing faults in the system that must occur for thetop event to occur

Consider sequential and parallel or combinations of faults Use Boolean algebra to quantify fault tree with event probabilities

Determine probability of top event

Fault Tree Logic

Use logic gates to show how top event occurs

Higher gates are the outputs from lower gates in the tree Top event is output of all the input faults or events that occur

7/25/2019 W5INSE6320

4/8

13

FTA Symbols

Basic Event: A lower most event that can not be further developed.E.g. Relay failure, Switch failure etc.,

An Event / Fault: This can be a intermediate event (or) a top event. Theyare a result logical combination of lower level events.E.g. Both transmitters fail, Run away reaction

OR Gate: Either one of the bottom event results in occurrence ofthe top event.E.g. Either one of the root valve is closed, process signalto transmitter fails.

AND Gate: For the top event to occur all the bottom events shouldoccur.E.g. Fuel, Oxygen and Ignition source has to be presentfor fire.

14

Union

A=B+C

A=B Union C

B OR C must occur

for event A to occur

No CurrentA

B

Switch A

Open

Battery B

0 Volts

15

Intersection

D=E.F

D= E Intersection F

EAND F must occur

for D to occur

Over-heated

WireD

E

5mA Current

in System

Power Applied

t >1ms

16

Fault Tree Basics

A fault tree involves:

Specifying a top level event (TLE)representing an undesired state.

Find all possible chains ofbasic eventsthat may cause the TLE to occur.

Top level event

Intermediate

events

au ree:

Is a systematic representation of suchchains of events.

Uses logical gates to represent theinterrelationships between events and

TLE, e.g. AND, OR.Basic events

An examp le fault tree

Logically: (A + (B + C)).

(C + (A.

B))

7/25/2019 W5INSE6320

5/8

17

Fault Tree Basics

Logically, fault trees are equivalent if the associated logicalformulae are equivalent.

Example:

(A + (B + C)) . (C + (A . B)) C + (A . B)

18

Procedure

Procedure for Fault Tree Analysis

Define TOP

event

Define overall

structure.

Explore each

branch in

successive level

of detail.

Solve the fault

tree

Perform

corrections if

required and

make decisions

Solve the Fault Tree:

Assign probabilities of failure to the lowest level event in each branch of the tree. From this data the intermediate event frequency and the top level event frequency

can be determined using Boolean Algebra and Minimal Cut Set methods.

19

Minimal Cut Set Theory

The fault tree consists of many levels of basic and intermediate events linkedtogether by AND and OR gates. Some basic events may appear in different

places of the fault tree.

The minimal cut set analysis provides a new fault tree, logically equivalent tothe original, with an OR gate beneath the top event, whose inputs (bottom) are

minimal cut sets.

the TOP event occurs.

Minimal Cut Set: is a cut set that does not contain another cut set as asubset.

Each minimal cut set is an AND gate with a set of basic event inputsnecessary and sufficient tocause the top event.

The fault tree can be represented by the TOP structure and the minimal cutsets connected through a single OR-gate.

20

Minimal Cut Sets

This shape is of particular interest representation in terms of Minimal Cut Sets

(MCS).

Minimal cut set = smallest set of basic eventswhich, in conjunction, cause the top level event

to occur.

Logically: Disjunctive Normal Form (DNF) =disjunction of conjunctions of basic events.

The fault tree on the left has two minimal cutsets: C (single point of failure) and A.B (cut

set of order 2).

MCSs

7/25/2019 W5INSE6320

6/8

21

Procedure

Steps to get the final Boolean equation:

1.Replace AND gates with the product of their inputs.

IE1 = A.B

IE2 = C.D

2. Replace OR gates with the sum of their inputs.

TOP

IE1 IE2

TOP = IE1+IE2

= A.B+C.D

3. Continue this replacement until all intermediate event gates

have been replaced and only the basic events remain in the

equation.

TOP = A.B+C.D

A B C D

22

Procedure

Boolean Algebra Reduction Example:

TOP = IE1 + IE2

= (A.B) + (A + IE3)

= A.B + A + (C.D.IE4)

= A.B + A + (C.D.D.B)

= A + A.B + B.C.D.D (D.D = D)

= + + + =

TOP

IE1 IE2

. . . .

= A + B.C.D

So the minimal cut sets are:

CS1 = A

CS2 = B.C.D

meaning TOP event occurs ifeither A occurs OR(B.C.D) occurs.

A B A IE3

C D IE4

D B

23

Fault Tree Construction

Consider the following block diagram. Let I/P and O/P be the input and output terminals.

There are two sub-systems A and B that are connected in series.

INPUT OUTPUTX 1 X 3

SUB - SYSTEM (A) SUB - SYSTEM (B)

For this the fault tree analysis diagram show n in next slide

24

F (S)

F (A) F (B)

OR

Top event

intermediate event

Continue..

AND

F( X1) F( X 3)F( X2) F( X 4)

AND

Basic event

7/25/2019 W5INSE6320

7/8

25

Continue..

Here F(X1) , F(X2) , F(X3), F(A4) Are Events Fail

F (A) = SUB SYSTEM (A) FAILS

F(B) = SUB SYSTEM (B) FAILS

AND F(B) = F(X3) AND F(X4)

FINALLY THE FAILURE OF THE SYSTEM

F(S) = F(A) OR F(B)

26

Calculation of Reliability from Fault Tree

CONSIDER THE EARLIER BLOCK DIAGRAM

The probability of failure of sub system (A) is indicated as shown in below,

P(A) = P (X 1 and X 2)

P(A) = P( X1).

P( X 2)

Similarly for sub system (B)

P(B) = P( X 3 and X 4)

P(B) = P( X 3) . P( X 4)

FAILURE OCCURS WHEN SUB SYSTEM (A) or (B) FAIL..,

F (S) = P(A) or P(B) THEN F(S) = P(A) + P(B) ( P(A). P(B) )

IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4

THENP( Xi ) = 1 Ri

RELIABILITY OF SYSTEM R(S) = 1 -F(S)

27

Uses of FTA

Use of FTA tounderstand of the logic leadingto the top event.

Use of FTA toprioritize the contributorsleading to the top event.

Use of FTA asa proactive tool to prevent the top event.

Use of FTA tomonitor the performanceof the system.

Use of FTA tominimize and optimize resources.

Use of FTA toassist in designinga system.

Use of FTA as adiagnostic tool to identify and correct causes of the top event.

Advantages

Begins with top event.

Use to determine the minimal cut sets.

Disadvantages

Complicated process.

Require considerable amount of time to complete.

28

Event Trees

Event trees begin with an initiating event & work towards the final result.

This method provides information on how a failure can occur & theprobability of occurrence.

Event trees can be viewed as a special case of fault trees, where thebranches are all ORs weighted by their probabilities.

Event trees are generated both in the success and failure domains.

This technique explores system responses to an initiating challenge andenables assessment of the probability of an unfavorable or favorable

outcome. The system challenge may be a failure or fault, an undesirable

event, or a normal system operating command.

In constructing the event tree, one traces each path to eventual success orfailure.

7/25/2019 W5INSE6320

8/8

29

Event tree development procedure

Step 1: Identification of the initiating event

Step 2: Identification of safety function

Step 3: Construction of the event tree

Step 4: Classification of outcomes

Step 5: Estimation of the conditional probability of each branch

Step 6: Quantification of outcomes

Step 7: Evaluation

30

Event Tree Structure

31

32

ADVANTAGES

Structured, rigorous, and methodical approach.

Can be effectively performed on varying levels of design detail.

Permits probability assessment.

Event Tree Analysis

DISADVANTAGES

An ETA can only have one initiating event, therefore multiple ETAs will berequired to evaluate the consequence of multiple initiating events.

Partial successes/failures are not distinguishable.

Requires an analyst with some training and practical experience.