fault tree analysis part 1: introduction. 失誤樹分析沿革 (1) 在 1961~1962 年間,由 bell...
TRANSCRIPT
Fault Tree Analysis
Part 1: Introduction
失誤樹分析沿革(1) 在 1961~1962 年間,由 Bell Telephone Lab. 的 H. A. Watson
開始發展。為空軍義勇兵飛彈的控制系統的一項研究計畫。
(2) 第一篇發表之論文: 1963 年在由 U. Of Washington 與波音公司聯合主辦之 safety Symposium 上發表。
(3) 於 70 年代初期開始被廣泛地應用。
(4) 於 1972 年“ Reactor Safety Study” , WASH-1400 計畫中,首次為核工界所應用。
(5) 亦被用於分析大型化工廠之安全分析及液化天然氣 (LNG)工廠之安全分析。
(6) 大部分之 PRA 計畫均採用 Fault Tree Analysis ( 與 Event Tree Analysis 配合使用 ) 。
General Description
•Fault Tree Analysis (FTA) is a deductive reasoning technique that focuses on one particular accident event.
•The fault tree itself is a graphic model that displays the various combinations of equipment faults and failures that can result in the accident event.
•The solution of the fault tree is a list of the sets of equipment failures and human/operator errors that are sufficient to result in the accident event of interest.
•The strength of FTA as a qualitative tool is its ability to break down an accident into basic equipment failures and human errors. This allows the safety analyst to focus preventive measures on these basic causes to reduce the probability of an accident.
Purpose: Identify combinations of equipment failures and human errors that can result in an accident event.
When to Use:
a. Design: FTA can be used in the design phase of the plant to uncover hidden failure modes that result from combinations of equipment failures. b. Operation: FTA including operator and procedure characteristics can be used to study an operating plant to identify potential combinations of failures for specific accidents.
Type of Results: A listing of sets of equipment and/or operator failures that can result in a specific accident. These sets can be qualitatively ranked by importance.
Nature of Results: Qualitative, with quantitative potential. The fault tree can be evaluated quantitatively when probabilistic data are available.
Data Requirements:
a. A complete understanding of how the plant/system functions. b. Knowledge of the plant/system equipment failure modes and their effects on the plant/system.
Staffing Requirements
• One analyst should be responsible for a single fault tree, with frequent consultation with the engineers, operators, and other personal who have experience with the systems/equipment that are included in the analysis.
• A team approach is desirable if multiple fault trees are needed, with each team member concentrating on one individual fault tree. Interactions between team members and other experienced personnel are necessary for completeness in the analysis process.
Time and Cost Requirements: Time and cost requirements for FTA are highly dependent on the complexity of the systems involved. Modeling a small process unit could require a day or less with an experienced team. Large problems, with many potential accident events and complex systems, could require several weeks even with an experienced analysis team.
FRC
TIS)
MATERIAL A
FLOW CONTROLVALVE
MATERIAL B
FLOWCONTROLLER
EMERGENCYSHUT-OFFVALVE
HIGH TEMP INTERLOCK
BURSTING DISC
圖 1 批式反應系統
REACTOR EXPLOSION
RUNAWAYREACTION
BURSTINGDISC FAILS
FLOW CONTROLLOOP FAILS
TEMPERATUREINTERLOCK FAILS
FLOWCONTROLLER
FAILS
THERMO -COUPLE &
RELAY FAIL
VALVESTICKSOPEN
VALVE FAILSTO CLOSE
圖 2 批式反應器爆炸失誤樹分析
3.6 10-4 F/YR
1.8 10-2 F/YR
0.3 F/YR
0.2 F/YR 0.1 F/YR
0.02 Probability of failure on demand
0.05 Probability of failure on demand
0.01 Probability of failure on demand
0.06
Gate Symbol Gate Name Causal Relation
1
2
3
AND gate
OR gate
Inhibit gate
Output event occurs if all input events occursimultaneously.
Output event occurs if any one of the input eventsoccurs.
Input produces output when conditional event occurs.
Table 2.1 Gate Symbols
Gate Symbol Gate Name Causal Relation
4
5
6
PriorityAND gate
ExclusiveOR gate
mOut ofn gate
(voting orsample gate)
Output event occurs if all input events occur in theorder from left to right.
Output event occurs if one,but not both, of the input events occurs.
Output event occurs if m out of n input events occur.
Table 2.1 Gate Symbols(續)
m
n inputs
Event Symbol Meaning of Symbols
1
2
3
Basic event with sufficient data
Undeveloped event
Event represented by a gate
Table 2.2 Event Symbols
Circle
Diamond
Rectangle
Event Symbol Meaning of Symbols
4
5
6
Conditional event used with inhibit gate
House event. Either occurring or not occurring
Transfer symbol
Table 2.2 Event Symbols
Oval
House
Triangles
Classification of Failures
• Sudden versus gradual failures• Hidden versus evident failures• According to effects (critical, degraded or
incipient)• According to severity (catastrophic, critical,
marginal or negligible)• Primary failure, secondary failure and
command fault
Component Failure Characteristics
• Primary failure: component within design envelope (natural aging)
• Secondary failure: excessive stresses (neighboring components, environment, plant personnel)
• Command fault: inadvertent control signals or noises (neighboring components, environment, plant personnel)
COMPONENT FAILURE CHARACTERISTICS
Primary Faults and Failures
Primary faults and failures are equipment malfunctions that occur in the environment for which the equipment was intended. These faults or failures are the responsibility of the equipment that failed and cannot be attributed to some
external force or condition. • 本身毛病 • 沒有超出負荷 • 需修理
Secondary Faults and Failures
Secondary faults and Failures are equipment malfunctions that occur in an environment for which the equipment was not intended. These faults or failures can be attributed to some external force or condition.
• 非本身毛病 • 超出設計負荷 • 需修理
COMPONENT FAILURE CHARACTERISTICS
Command Faults and Failures
Command faults and failures are equipment malfunctions in which the componentoperates properly but at the wrong time or in the wrong place. These faults orfailures can be attributed to the source of the incorrect command.
• 非本身毛病 • 沒有超出設計負荷 • 不需修理
when the exact failure mode for a primary or secondary failure is identified, and failure data are obtained, primary and secondary failure events are the same as basic failures and are shown as circles in a fault tree.
[ EXAMPLE ]
1) Primary
2) Secondary
3)Command
• Tank rupture due to metal fatigue
• Fuse is opened by excessive current
• Earth quake cracks storage tanks
• Pressure vessel rupture because some faults external to the vessel
causes the internal pressure to exceed the design limits.
• Power is applied inadvertently to relay coil.
• Noisy input to safety monitor randomly generate spurious shutdown
signals.
Boolean Algebra
• AND: all the inputs are required to cause the output.
A
AND
B C
A
AND
C B
=
Boolean Algebra
• Inclusive OR: any input or combination of inputs will cause the output.
A
OR
B C
A
OR
C B
=
Boolean Algebra
A
EOR
B CExclusive OR: B or C but not both cause the the output A.
Boolean Algebra
EOR OR= =
A
B
A
B
A
B
Boolean Algebra
A
AND
B AND
A
AND
B D
=
C D
C
Boolean Algebra
A
OR
B OR
A
OR
B D
=
C D
C
Boolean Algebra
A
EOR
B EOR
A
“EOR”
B D
=
C D
C
ODD COMBINATIONS
Boolean Algebra
A
AND
B OR
A
OR
AND AND
=
C DB C B D
Boolean Algebra
A
OR
B L
A
OR=
(very low probability)
B
Boolean Algebra
A
AND
B L
A
AND
C L
=
(very low probability)
(very low probability)
(very low probability)
Boolean Algebra
A
OR
B AND
A
OR=
C L
B
(very low probability)
Boolean Algebra
A
AND
B H
A
=
(very high probability)
B
Boolean Algebra
A
OR
B H
A
OR
C H
=
(very high probability)
(very high probability)
(very high probability)
Boolean Algebra
A
AND
B OR
A
=
C H
B
(very high probability)