Fault Tree Analysis, also known as FTA, is a deductive safety analysis.  It starts with a “top level” event that represents a hazard and digs deeper, layer by layer, repeating the same basic question until the root causes are identified.

The basic question when doing a Fault Tree Analysis is “What lower-level faults or failures could cause a hazard?” The analysis starts at the top-level and digs deeper, layer by layer, repeating the same basic question until root causes are identified.

FTA appears to be a straightforward exercise. Events and logical gates linked are simply linked together in a logical structure.  But appearances can be deceiving!  Analyzing a modern electronic system in a FTA is a daunting task. The straightforward hierarchy that makes an FTA so attractive, is notoriously difficult to map onto a complex modern automotive control system.  It can be done, but it takes practice and experience.

Here are some simple notes for practitioners:

  • An “OR” gate is a combination of lower-level events, either of which could cause the higher level event.  It often reflects a collection of component failure modes, any one of which can lead to the higher-level failure.
  • An “AND” gate reflects a combination of lower level events, which together in combination cause the higher level event.  It often connects two independent failures of two different components; or one component failure and one safety mechanism problem.
  • The #1 problem with FTAs in practice is that they assume independent faults, even though not all events are independent.  When FTAs are used, they need to adequately maintain independence between events, especially when probabilities are calculated in a quantitative FTA.  If events are shown as independent but are actually dependent on each other, then the FTA idea is not valid and should be set aside or limited in scope.

Leave a Reply.