System Hazard Analysis Fault Tree Analysis Developed originally in 1961 for Minuteman Means of analyzing hazards, not identifying them Top-down search method Based on converging chains-of-events accident model Tree is simply a record of results; analysis done in head FT can be written as boolean expression and simplified to show specific combinations of identified basic events sufficient to cause the undesired top event(hazard If want quantified analysis and individual probabilities for all basic events are known, frequency of top event can be calculated Fault Tree Example System Hazard Anal Explosion Relief valve 1 Relief valve 2 Pressure does not open does not open too high Valve Computer does Valve Operator does not know to Operato failure not open failure inattentive alve 1 open valve 2 Sensor/ computer Computer Valve 1 Failure[output/does not issue Position/ Indicator too late command to Indicator/ Light fails open valve 1 fails onyLeveson − 139 System Hazard Analysis c Fault Tree Analysis Developed originally in 1961 for Minuteman. Means of analyzing hazards, not identifying them. Top−down search method. Based on converging chains−of−events accident model. Tree is simply a record of results; analysis done in head. FT can be written as Boolean expression and simplified to show specific combinations of identified basic events sufficient to cause the undesired top event (hazard). If want quantified analysis and individual probabilities for all basic events are known, frequency of top event can be calculated. Leveson − 140 System Hazard Analysis Fault Tree Example c valve 1 too high Pressure fails on Position Indicator Valve 1 Light fails on Indicator Open too late output Computer not open does not open Relief valve 2 does not open Sensor Failure Operator does not know to open valve 2 Operator inattentive Valve failure failure Computer does Computer does not issue command to open valve 1 or and and or or Relief valve 1 Valve Explosion