on faults, fault tree analysis is the leading method for demonstrating
In contrast to FMEA, fault tree analysis is not limited to single and independent failures. Instead, fault tree analysis can handle complex fault scenarios and special system behavior.
Most safety related systems are either fault tolerant, or require a specific sequence of faults in order to become potentially dangerous. For such systems, fault tree analysis is the method of choice because it is designed for handling such specific dependencies.
Like in earlier paragraphs, the twin engine aircraft example may give sufficient insight.
Twin engine aircraft are designed to fly safely with only one engine. Upon engine failure, the aircraft must fly directly to the nearest eligible alternate airport with its remaining engine.
The fault tree on the right doesn't account for the fact that flying on one engine would increase the failure rate of that engine. Depending on the power of the fault tree software, fault tree analysis basically could potentially handle that, however with some difficulties.
Over all, the right fault tree example with its three AND gates (red symbols) demonstrates that this method is way more specific than FMEA (which is basically just a collection of single and independent failures).
The downside of fault tree analysis is that, e.g. it there are 10 different fault scenarios, 10 individual fault trees have to be created (while just one FMEA for the whole system would be sufficient)
Although there are fault tree standards available (e.g. NUREG-0492, free in the www), the fault tree methodology itself tends to be self explaining.