Fault Tree Analysis (FTA)
DAU GLOSSARY DEFINITION
FTA is a method used to analyze the potential for system or machine failure by graphically and mathematically representing the system itself. It is a top-down approach that delineates how a failure moves through a system. It creates a graphical model of how component failures lead to system-wide failures. The analytical graphs used to model FTA’s look like trees; hence the word tree in the title. The fault tree diagram (FTD) helps to convey how one or more small failure events could lead to a catastrophic failure.
FTA is part of a wide range of Product Support Analyses (PSA) that are conducted within the systems engineering (SE) process as required by DoD Instruction (DoDI) 5000.91, Product Support Management for the Adaptive Acquisition Framework. As addressed in MIL-HDBK-502A, the overall goals of PSAs are to ensure that supportability is included as a system performance requirement and to ensure the system is concurrently developed or acquired with the optimal support system and infrastructure.
Bell Telephone Laboratories initially created the FTA method in 1962. They did so while designing safeguards for the US Air Force's Minuteman intercontinental ballistic missile (ICBM) system in order to improve their reliability analysis for such a complex and dangerous technology. This new methodology added a graphical element that helped visualize the concepts of Failure Modes and Effects Analysis (FMEA) and Failure Modes Effects and Criticality Analysis (FMECA) — similar but related methods of preventing failure. Later on, other industry and Government organizations adopted the FTA, making it a popular analysis method widely used today to analyze failure potential of critical systems.
FTD are logic block diagrams that display the state of a system in the state of its components. It uses a graphic model of pathways within a system that leads to foreseeable and undesired loss events. The pathways connect contributory events and conditions using standard logic symbols. The basic constructs in a FTD are 'gates' and 'events' where the events are captured as blocks and the gates capture the conditions.
An open source tool available for FTA using FTDs can be found at Carnegie Mellon's Software Engineering Institute (SEI) and their Eclipse Modeling Framework (EMF) tool. Other sources called out in MIL-HDBK-502A to assist with these efforts include the American Institute of Aeronautics and Astronautics Standard AIAA) S-102.2.18, Performance-Based Fault Tree Analysis Requirements, and the International Electrotechnical Commission (IEC) Standard 61025, Fault tree analysis (FTA).
When To Perform FTA
The FTA is useful during the initial product design phase as a tool for driving the design through an evaluation of both reliability and fault probability perspectives. From a reliability perspective, the FTA can be used to estimate a system’s performance reliability requirements. The probability evaluation determines the likelihood of the occurrence of the undesired event, which can be used to quantify risk or safety hazards.
Fault tree methods of analysis are particularly useful in functional paths of high complexity in which the outcome of one or more combinations of noncritical events may produce an undesirable critical event. Typical candidates for FTA are functional paths or interfaces which could have critical impact on flight safety, munitions handling safety, safety of operating and maintenance personnel, and probability of error free command in automated systems in which a multiplicity of redundant and overlapping outputs may be involved. The fault tree provides a concise and orderly description of the various combinations of possible occurrences within the system which can result in a predetermined critical output event.
FMECA vs. FTA
A FMECA is considered a "bottoms up" analysis, whereas an FTA is considered a "top down" analysis. FMECAs and FTAs are compatible methods of risk analysis, with the choice of method dependent on the nature of the risk to be evaluated. There are some differences. For example, because FTA is a top down analysis there is a higher probability of misinterpretation at the lowest level. On the other hand, with the FMECA starting at the lowest level, it will probably result in a better method of risk analysis - assuming lowest level data is available. Also, the FMECA considers only single failures while FTA considers multiple failures which will impact accuracy.
FTA and Supportability
FTA is particularly useful in providing insight into the following supportability analysis areas:
- Functional analysis of highly complex systems
- Observation of combined effects of simultaneous, non-critical events on the highest level event
- Evaluation of safety requirements and specifications
- Evaluation of system reliability
- Evaluation of human interfaces
- Evaluations of software interfaces
- Identification of potential design defects and safety hazards
- Evaluation of corrective actions
- Identification and simplification of maintenance requirements and troubleshooting procedures
- Elimination of causes for observed failures
Executing FTAs can be quite complex, but the time spent on this type of problem-solving effort can be time well spent. It can help in the deductive analysis, understanding and improvement of your system design by fostering:
- A systematic assessment of one fault at a time
- The assessment of several systems and their relationships with one another
- Root cause failure analyses
- Prioritization of repairs based on the assessment of failure rates and issues that lead to catastrophic failures
- Future maintenance planning in alignment with the failure probability of each system