& Quality Management
on faults, fault tree analysis is the leading method for demonstrating
In contrast to FMEA, fault tree analysis is not limited to single and
independent failures. Instead, fault tree analysis can handle complex
fault scenarios and special system behavior.
Most safety related systems are either fault tolerant, or require a
specific sequence of faults in order to become potentially dangerous.
For such systems, fault tree analysis is the method of choice because
it is designed for handling such specific dependencies.
Like in earlier paragraphs, the twin engine aircraft example may give
Twin engine aircraft are designed to fly safely with only one engine.
Upon engine failure, the aircraft must fly directly to the nearest
eligible alternate airport with its remaining engine.
The fault tree on the right doesn't account for the fact that flying on
one engine would increase the failure rate of that engine. Depending on
the power of the fault tree software, fault tree analysis basically
could potentially handle that, however with some difficulties.
Over all, the right fault tree example with its three AND gates (red
symbols) demonstrates that this method is way more specific than FMEA
(which is basically just a collection of single and independent
The downside of fault tree analysis is that, e.g. it there are 10
different fault scenarios, 10 individual fault trees have to be created
(while just one FMEA for the whole system would be sufficient)
Although there are fault tree standards available (e.g. NUREG-0492,
free in the www), the fault tree methodology itself tends to be self
above example has only AND gates in order to demonstrate the difference
to FMEA: Fault tree analysis can handle AND-ed events, but FMEA can
not. In practice however, fault trees normally have more OR gates than
AND gates. .
Fault tree analysis begins on the top
with the so called top event. The wording of the top event must be as
precise as possible. During analysis, the fault tree grows downwards
towards the so called basic events. Basic events are such events that
cannot or need not be divided any more. The basic events and the top
connected via lboolean operators, basically AND and
In most safety analyses, input data
for the basic events comes either from FMEA or MTBF calculation.
The main difficulties with fault tree analysis are:
- Top event wording not precise. This
provides unneccesary room for interpretation.
- Logical tree diagram not correct.
This is not a mathematical problem, but rather a consequence when the
system behavior is not understood properly.
Fault tree diagram being too
detailed, and/or counter-intuitive.
- The same problem exists in FMEA, too,
fault tree analysis it is a prevailing issue.
tree diagrams shouldn't be too comprehensive. Instead of OR-ing many
"atomic" events, it is more practical to keep the sum of these events
in a single event. This keeps fault tree diagrams slim without
sacrificing any information.