Fault tree analysis (FTA)

Describes fault tree analysis and provides guidance on its application to perform an analysis, identifies appropriate assumptions, events and failure modes, and provides identification rules and symbols.

Fehlzustandsbaumanalyse

Analyse par arbre de panne (AAP)

Décrit l'analyse par arbre de panne et donne des lignes directrices sur son application indique la procédure à suivre pour effectuer une analyse en spécifiant les hypothèses voulues, les événements et les modes de défaillance et donne les règles de repérage et les symboles à utiliser.

Analiza drevesa okvar (FTA) (IEC 61025:2006)

General Information

Status
Published
Publication Date
02-Apr-2007
Technical Committee
Drafting Committee
Parallel Committee
Current Stage
6060 - Document made available
Due Date
03-Apr-2007
Completion Date
03-Apr-2007

RELATIONS

Effective Date
13-May-2010
Effective Date
06-May-2014

Buy Standard

Standard
EN 61025:2008
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN 61025:2008
01-januar-2008
1DGRPHãþD
SIST HD 617 S1:2004
Analiza drevesa okvar (FTA) (IEC 61025:2006)
Fault tree analysis (FTA)
Fehlzustandsbaumanalyse
Analyse par arbre de panne (AAP)
Ta slovenski standard je istoveten z: EN 61025:2007
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
SIST EN 61025:2008 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 61025:2008
---------------------- Page: 2 ----------------------
SIST EN 61025:2008
EUROPEAN STANDARD
EN 61025
NORME EUROPÉENNE
April 2007
EUROPÄISCHE NORM
ICS 03.120.01; 03.120.99 Supersedes HD 617 S1:1992
English version
Fault tree analysis (FTA)
(IEC 61025:2006)
Analyse par arbre de panne (AAP) Fehlzustandsbaumanalyse
(CEI 61025:2006) (IEC 61025:2006)

This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply

with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard

the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on

application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other

language made by translation under the responsibility of a CENELEC member into its own language and notified

to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the

Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,

Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,

Sweden, Switzerland and the United Kingdom.
CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.

Ref. No. EN 61025:2007 E
---------------------- Page: 3 ----------------------
SIST EN 61025:2008
EN 61025:2007 - 2 -
Foreword

The text of document 56/1142/FDIS, future edition 2 of IEC 61025, prepared by IEC TC 56,

Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as

EN 61025 on 2007-03-01.
This European Standard supersedes HD 617 S1:1992.
The main changes with respect to HD 617 S1:1992 are as follows:
– added detailed explanations of fault tree methodologies;
– added quantitative and reliability aspects of Fault Tree Analysis (FTA);
– expanded relationship with other dependability techniques;
– added examples of analyses and methods explained in this standard;
– updated symbols currently in use.

Clause 7, dealing with analysis, has been revised to address traditional logic fault tree analysis separately

from the quantitative analysis that has been used for many years already, for reliability improvement of

products in their development stage.

Some material included previously in the body of this standard has been transferred to Annexes A and B.

The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2007-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2010-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice

The text of the International Standard IEC 61025:2006 was approved by CENELEC as a European

Standard without any modification.

In the official version, for Bibliography, the following notes have to be added for the standards indicated:

IEC 60300-3-1 NOTE Harmonized as EN 60300-3-1:2004 (not modified).
IEC 60812 NOTE Harmonized as EN 60812:2006 (not modified).
IEC 61078 NOTE Harmonized as EN 61078:2006 (not modified).
__________
---------------------- Page: 4 ----------------------
SIST EN 61025:2008
- 3 - EN 61025:2007
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.

NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD

applies.
Publication Year Title EN/HD Year
IEC 60050-191 - International Electrotechnical Vocabulary - -
(IEV) -
Chapter 191: Dependability and quality of
service
1) 2)
IEC 61165 - Application of Markov techniques EN 61165 2006
Undated reference.
Valid edition at date of issue.
---------------------- Page: 5 ----------------------
SIST EN 61025:2008
---------------------- Page: 6 ----------------------
SIST EN 61025:2008
IEC 61025
Edition 2.0 2006-12
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Fault tree analysis (FTA)
Analyse par arbre de panne (AAP)
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
CODE PRIX
ICS 03.120.01; 03.120.99 ISBN 2-8318-8918-9
---------------------- Page: 7 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 2 – 3 – 61025 © IEC:2006
CONTENTS

FOREWORD...........................................................................................................................4

INTRODUCTION....................................................................................................................6

1 Scope..............................................................................................................................7

2 Normative references ......................................................................................................7

3 Terms and definitions ......................................................................................................7

4 Symbols .........................................................................................................................10

5 General ..........................................................................................................................11

5.1 Fault tree description and structure .......................................................................11

5.2 Objectives .............................................................................................................12

5.3 Applications...........................................................................................................12

5.4 Combinations with other reliability analysis techniques..........................................13

6 Development and evaluation ..........................................................................................15

6.1 General considerations..........................................................................................15

6.2 Required system information .................................................................................18

6.3 Fault tree graphical description and structure ........................................................19

7 Fault tree development and evaluation ...........................................................................20

7.1 General .................................................................................................................20

7.2 Scope of analysis ..................................................................................................20

7.3 System familiarization ...........................................................................................20

7.4 Fault tree development..........................................................................................20

7.5 Fault tree construction...........................................................................................21

7.6 Failure rates in fault tree analysis..........................................................................38

8 Identification and labelling in a fault tree ........................................................................38

9 Report ............................................................................................................................39

Annex A (informative) Symbols ............................................................................................41

Annex B (informative) Detailed procedure for disjointing ......................................................48

Bibliography.........................................................................................................................52

Figure 1 – Explanation of terms used in fault tree analyses...................................................10

Figure 2 – Fault tree representation of a series structure ......................................................23

Figure 3 – Fault tree representation of parallel, active redundancy .......................................24

Figure 4 – En example of fault tree showing different gate types...........................................26

Figure 5 – Rectangular gate and events representation ........................................................27

Figure 6 – An example fault tree containing a repeated and a transfer event ........................28

Figure 7 – Example showing common cause considerations in rectangular gate

representation.......................................................................................................................28

Figure 8 – Bridge circuit example to be analysed by a fault tree............................................32

Figure 9 – Fault tree representation of the bridge circuit .......................................................33

Figure 10 – Bridge system FTA, Esary-Proschan, no disjointing............................................35

---------------------- Page: 8 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 61025 © IEC:2006 –– 3 – 5 –
Figure 11 – Bridge system probability of failure calculated with rare-event

approximation .......................................................................................................................36

Figure 12 – Probability of occurrence of the top event with disjointing...................................37

Figure A.1 – Example of a PAND gate ..................................................................................47

Table A.1 – Frequently used symbols for a fault tree.............................................................41

Table A.2 – Common symbols for events and event description ............................................44

Table A.3 – Static gates........................................................................................................45

Table A.4 – Dynamic gates ...................................................................................................46

---------------------- Page: 9 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 4 – 7 – 61025 © IEC:2006
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
FAULT TREE ANALYSIS (FTA)
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any

equipment declared to be in conformity with an IEC Publication.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

International Standard IEC 61025 has been prepared by IEC technical committee 56:

Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1142/FDIS 56/1162/RVD

Full information on the voting for the approval of this standard can be found in the report on

voting indicated in the above table.

This second edition cancels and replaces the first edition, published in 1990, and constitutes

a technical revision.
---------------------- Page: 10 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 61025 © IEC:2006 –– 5 – 9 –
The main changes with respect to the previous edition are as follows:
– added detailed explanations of fault tree methodologies
– added quantitative and reliability aspects of Fault Tree Analysis (FTA)
– expanded relationship with other dependability techniques
– added examples of analyses and methods explained in this standard
– updated symbols currently in use

Clause 7, dealing with analysis, has been revised to address traditional logic fault tree

analysis separately from the quantitative analysis that has been used for many years already,

for reliability improvement of products in their development stage.

Some material included previously in the body of this standard has been transferred to

Annexes A and B.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The committee has decided that the contents of this publication will remain unchanged until

the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in

the data related to the specific publication. At this date, the publication will be

• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 6 – 11 – 61025 © IEC:2006
INTRODUCTION

Fault tree analysis (FTA) is concerned with the identification and analysis of conditions and

factors that cause or may potentially cause or contribute to the occurrence of a defined top

event. With FTA this event is usually seizure or degradation of system perfomance, safety or

other important operational attributes, while with STA (success tree analysis) this event is the

attribute describing the success.

FTA is often applied to the safety analysis of systems (such as transportation systems, power

plants, or any other systems that might require evaluation of safety of their operation). Fault

tree analysis can be also used for availability and maintainability analysis. However, for

simplicity, in the rest of this standard the term “reliability” will be used to represent these

aspects of system performance.

This standard addresses two approaches to FTA. One is a qualitative approach, where the

probability of events and their contributing factors, – input events – or their frequency of

occurrence is not addressed. This approach is a detailed analysis of events/faults and is

known as a qualitative or traditional FTA. It is largely used in nuclear industry applications

and many other instances where the potential causes or faults are sought out, without interest

in their likelihood of occurrence. At times, some events in the traditional FTA are investigated

quantitatively, but these calculations are disassociated with any overall reliability concepts, in

which case, no attempt to calculate overall reliability using FTA is made. The second

approach, adopted by many industries, is largely quantitative, where a detailed FTA models

an entire product, process or system, and the vast majority of the basic events, whether faults

or events, has a probability of occurrence determined by analysis or test. In this case, the

final result is the probability of occurrence of a top event representing reliability or probability

of fault or a failure.
---------------------- Page: 12 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 61025 © IEC:2006 –– 7 – 13 –
FAULT TREE ANALYSIS (FTA)
1 Scope

This International Standard describes fault tree analysis and provides guidance on its

application as follows:
– definition of basic principles;
- describing and explaining the associated mathematical modelling;
- explaining the relationships of FTA to other reliability modelling techniques;
– description of the steps involved in performing the FTA;
– identification of appropriate assumptions, events and failure modes;
– identification and description of commonly used symbols.
2 Normative references

The following referenced documents are indispensable for the application of this document.

For the references, only the edition cited applies. For undated references, the latest edition of

the referenced document (including any amendments) applies.

IEC 60050(191), International Electrotechnical Vocabulary (IEV) – Chapter 191: Dependability

and quality of service
IEC 61165, Application of Markov techniques
3 Terms and definitions

For the purposes of this document, the terms and definitions given in IEC 60050(191) apply.

In fault tree methodology and applications, many terms are used to better explain the intent of

analysis or the thought process behind such analysis. There are terms used also as

synonyms to those that are considered analytically correct by various authors. The following

additional terms are used in this standard.
3.1
outcome
result of an action or other input; a consequence of a cause

NOTE 1 An outcome can be an event or a state. Within a fault tree, an outcome from a combination of

corresponding input events represented by a gate may be either an intermediate event or a top event.

NOTE 2 Within a fault tree, an outcome may also be an input to an intermediate event, or it can be the top event.

3.2
top event
outcome of combinations of all input events

NOTE 1 It is the event of interest under which a fault tree is developed. The top event is often referred to as the

final event, or as the top outcome.
---------------------- Page: 13 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 8 – 15 – 61025 © IEC:2006

NOTE 2 It is pre-defined and is a starting point of a fault tree. It has the top position in the hierarchy of events.

3.3
final event
final result of combinations of all of the input, intermediate and basic events
NOTE It is a result of input events or states (see 3.2).
3.4
top outcome
outcome that is investigated by building the fault tree

NOTE Final result of combinations of all of the input, intermediate and basic events; it is a result of input events

or states (see 3.2).
3.5
gate
symbol which is used to establish symbolic link between the output event and the
corresponding inputs

NOTE A given gate symbol reflects the type of relationship required between the input events for the output event

to occur.
3.6
cut set
group of events that, if all occur, would cause occurrence of the top event
3.7
minimal cut set
minimum, or the smallest set of events needed to occur to cause the top event

NOTE The non-occurrence of any one of the events in the set would prevent the occurrence of the top event.

3.8
event
occurrence of a condition or an action
3.9
basic event
event or state that cannot be further developed
3.10
primary event
event that is at the bottom of the fault tree

NOTE In this standard, primary event can mean a basic event that need not be developed any more, or it can be

an event that, although a product of groups of events and gates, may be developed elsewhere, or may not be

developed at all (undeveloped event).
3.11
intermediate event
event that is neither a top event nor a primary event

NOTE It is usually a result of one or more primary and/or other intermediate events.

---------------------- Page: 14 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 61025 © IEC:2006 –– 9 – 17 –
3.12
undeveloped event
event that does not have any input events

NOTE It is not developed in the analysis for various possible reasons, such as lack of more detailed information,

or it is developed in another analysis and then annotated in the current analysis as undeveloped. An example of

undeveloped gates could be Commercial Off The Shelf Items (or COTS).
3.13
single point failure (event)

failure event which, if it occurs, would cause overall system failure or would, by itself

regardless of other events or their combinations, cause the top unfavourable event (outcome)

3.14
common cause events

different events in a system or a fault tree that have the same cause for their occurrence

NOTE An example of such an event would be shorting of ceramic capacitors due to flexing of the printed circuit

board; thus, even though these might be different capacitors having different functions in their design, their

shorting would have the same cause – the same input event.
3.15
common cause
cause of occurrence of multiple events

NOTE In the above example it would be board flexing that itself can be an intermediate event resulting from

multiple events such as environmental shock, vibrations or manual printing circuit board break during product

manufacturing.
3.16
replicated or repeated event
event that is an input to more than one higher level event

NOTE This event can be a common cause or a failure mode of a component, shared by more than one part of a

design.

Figure 1 illustrates some of the above definitions. This figure contains annotations and

description of events to better explain the practical application of a fault tree. Omitted from

Figure 1 are the graphical explanations of cut sets or minimal cut sets, for simplicity of the

graphical representation of other pertinent terms. The symbols in Figure 1 and all of the

subsequent figures appear somewhat different to those in Tables A.1, A.2, A.3, and A.4

because of the added box above the gate symbol for description of individual events.

---------------------- Page: 15 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 10 – 19 – 61025 © IEC:2006
IEC 2118/06
Figure 1 – Explanation of terms used in fault tree analyses

NOTE Symbols in Figure 1 and all other figures might slightly differ from the symbols shown in Annex A. This is

because description blocks are added to better explain the relationship of various events

4 Symbols

The graphical representation of a fault tree requires that symbols, identifiers and labels be

used in a consistent manner. Symbols describing fault tree events vary with user preferences

and software packages, when used. General guidance is given in Clause 8 and in Annex A.

Other symbols used in this standard are standard dependability symbols such as F(t) or just

probability of an event occurring F. For that reason, a separate list of symbols is not provided.

---------------------- Page: 16 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 61025 © IEC:2006 –– 11 – 21 –
5 General
5.1 Fault tree description and structure

Several analytical methods of dependability analysis are available, of which fault tree analysis

(FTA) is one. The purpose of each method and their individual or combined applicability in

evaluating the flow of events or states that would be the cause of an outcome, or reliability

and availability of a given system or component should be examined by the analyst before

starting FTA. Consideration should be given to the advantages and disadvantages of each

method and their respective products, data required to perform the analysis, complexity of

analysis and other factors identified in this standard.

A fault tree is an organized graphical representation of the conditions or other factors causing

or contributing to the occurrence of a defined outcome, referred to as the "top event". When

the outcome is a success, then the fault tree becomes a success tree, where the input events

are those that contribute to the top success event. The representation of a fault tree is in a

form that can be clearly understood, analysed and, as necessary, rearranged to facilitate the

identification of:

– factors affecting the investigated top event as it is carried out in most of the traditional

fault tree analyses;

– factors affecting the reliability and performance characteristics of the system, when the

FTA technique is used for reliability analysis, for example design deficiencies,

environmental or operational stresses, component failure modes, operator mistakes,

software faults;

– events affecting more than one functional component, which could cancel the benefits of

specific redundancies or affect two or more parts of a product that may otherwise seem

operationally unrelated or independent (common cause events).

Fault tree analysis is a deductive (top-down) method of analysis aimed at pinpointing the

causes or combinations of causes that can lead to the defined top event. The analysis can be

qualitative or quantitative, depending on the scope of the analyses.

A fault tree can be developed as its complement, the success tree analysis, (STA), where the

top event is a success, and its inputs are contributor to the success (desired) event.

In cases where the probability of occurrence of the primary events cannot be estimated, a

qualitative FTA may be used to investigate causes of potential unfavourable outcomes with

individual primary events marked with descriptive likelihood of occurrence such as: “highly

probable”, “very probable” “medium probability”, “remote probability”, etc. The primary goal of

the qualitative FTA is to identify the minimal cut set in order to determine the ways in which

the basic or primary events influence the top event.

A quantitative FTA can be used when the probabilities of primary events are known.

Probabilities of occurrence of all intermediate events and the top event (outcome) can then be

calculated in accordance with the model. Also, the quantitative FTA is very useful in reliability

analysis of a product or a system in its development.

FTA can be used for analysis of systems with complex interactions between sub-systems

including software/hardware interactions.
---------------------- Page: 17 ----------------------
SIST EN 61025:2008
61025 © IEC:2006 –– 12 – 23 – 61025 © IEC:2006
5.2 Objectives

FTA may be undertaken independently of, or in conjunction with, other reliability analyses.

Objectives include:

– identification of the causes or combinations of causes leading to the top event;

– determination of whether a particular system reliability measure meets a stated

requirement;

– determination of which potential failure mode(s) or factor(s) would be the highest

contributor to the system probability of failure (unreliability) or unavailability, when a

system is repairable, for identifying possible system reliability improvements;
– analysis and comparison of various desig
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.