ANSI AIAA S-102.2.18-2009 Performance-Based Fault Tree Analysis Requirements.pdf

1、 Standard ANSI/AIA S-102.2.18-209 Performance-Based Fault Tre Analysis Requirements AIA standards are copyrighted by the American Institute of Aeronautics and Astronautics (AIA), 1801 Alexander Bel Drive, Reston, VA 20191-434 USA. Al rights reserved. AIA grants you a license as folows: The right to

2、download an electronic file of this AIA standard for storage on one computer for purposes of viewing, and/or printing one copy of the AIA standard for individual use. Neither the electronic file nor the hard copy print may be reproduced in any way. In adition, the electronic file may not be distribu

3、ted elsewhere over computer networks or otherwise. The hard copy print may only be distributed to other employees for their internal use within your organization. ANSI/AIA S-102.2.18-209 American National Standard Performance-Based Fault Tre Analysis Requirements Sponsored by American Institute of A

4、eronautics and Astronautics Approved 17 November 208 American National Standards Institute Abstract This standard provides the basis for developing the performance-based fault tre analysis (FTA) to review and analyticaly examine a system or equipment in such a way as to emphasize the lower-level fau

5、lt ocurences that directly or indirectly contribute to the system-level fault or undesired event. The requirements for contractors, planing and reporting neds, and analytical tols are established. The linkage of this standard to the other standards in the new family of performance-based reliability

6、and maintainability (R limit of fault tre resolution capability level measure of the ability of an R b) the FTA requirements as neded to suport the project, including milestones for developing the fault tres or modifying existing fault tres; b) scope, level of resolution, and ground rules of the FTA

7、; c) detailed procedures for selecting the set of system-level faults of concern; d) detailed procedures for establishing the component-level to which each system-level fault is examined; e) detailed FTA proces flow diagrams and samples of fault tres; f) detailed procedures for constructing the faul

8、t tre, such as the aproach for determining the imediate causes for each fault at progresively lower levels until a component-level fault is reached; g) detailed procedures for documenting and reporting the FTA data/results in a timely maner; and h) definitions of FTA data atributes, i.e., data chara

9、cteristics and format, that acomodate the neds of other project functions, including those of the FMECA, event tre analysis (ETA), system reliability modeling, system safety, maintainability, and risk management. The minimum tasks that shal be prescribed in the FTA plan shal be based on the required

10、 capability level, as defined in Anex B. The description of the specified capability level shal include, at a minimum, al activities described for that capability level and al lower capability levels in this standard. The contractor shal consider the aplicability of capability level growth over the

11、life cycle of a project when planing the FTA proces. ANSI/AIA S-102.2.18-2009 7 4.3 FTA Report The contractor shal document the results of the FTA in a timely maner and shal provide the most curent version of the documentation to the acquisition activity upon request. The FTA report shal include a c

12、omplete FT dataset for each top event and suficient information to alow independent verification of the analysis results within the ground rules established for the project. The FTA shal be kept updated at al times with an apropriate revision number asigned. 5 Detailed Requirements The folowing deta

13、iled requirements pertain to the performance-based FTA tasks defined in Anex B. 5.1 System Design Data Colection Prior to begining the evaluation of the undesired event causes, the contractor shal colect suficient system design information to identify al posible functional and physical dependencies

14、in the system, within analytical ground rules to be specified by the contractor. The system design information shal include al system levels, mision phases, and environments, and al normal, degraded, and contingency system modes that are aplicable to each mision phase. If a Capability Level 3 or hig

15、her FTA is required, this information shal be entered into the FTA database to alow cros-referencing of identified failure causes against oficial design drawings. 5.2 FTA Procedures The contractor shal perform the FTA in an orderly fashion with the folowing steps incorporated as apropriate: Define t

16、he objective of the FTA. Identify the top event of the fault tre (FT). Define the scope of the analysis. Define the FTA resolution (the failure causes level of detail). Define the ground rules for the FTA. Construct the FT. Evaluate the FT qualitatively. If a Capability Level 3 FTA is required, eval

17、uate the FT quantitatively. Interpret and present the results. 5.2.1 Define Objectives of the FTA The contractor shal define the objective of the FTA in terms of functionality of the system to be analyzed, definitions of system or mision failure, highest number of events in a cut set, precision of p

18、robability estimates, etc. 5.2.2 Identify Top Event of the FT The contractor shal identify the top event for which the failure causes wil be analyzed and resolved. 5.2.3 Define Scope of the Analysis The contractor shal define the FTA scope in terms of 1) which particular system design version and mi

19、sion time period(s) wil be analyzed; and 2) which of the system failure events and contributors wil be included and which wil not be included. ANSI/AIA S-102.2.18-2009 8 5.2.4 Define FTA Resolution The contractor shal typicaly resolve each failure event, i.e., the top event, to the major components

20、in the system. If quantification is required, the FT shal be developed to a level of detail where the best failure probability data are available. 5.2.5 Define FTA Ground Rules The contractor shal define the FTA ground rules that include: 1) selecting the FT data sources and data procesing methods4;

21、 2) describing how consistency wil be achieved among independently constructed FT; 3) defining the procedures and nomenclature by which events and gates are named in the FT; and 4) describing how external system interfaces and influences, e.g., human erors, operating environments, etc. are going to

22、be modeled. 4This is a proces-validation activity when it includes evaluation of the apropriatenes of the FTA proces prior to its use. ANSI/AIA S-102.2.18-2009 9 5.2.6 Construct FT The contractor shal construct the FT based on the system element relationships and functional logic derived from the sy

23、stem schematics and functional descriptions. The symbols that are used in the FT shal represent the relationships betwen events. The contractor shal chose from the typical logical symbols used as the building blocks to construct the FT, e.g.: If a Capability Level 2 FTA is required, the fault tre sh

24、al include human eror modes. If a Capability Level 3 FTA is required, the fault tre shal include software components, functional lops/fedback, phase and time dependent failure, and comon cause failure modes. 5.2.7 Qualitatively evaluate FT The contractor shal derive the minimal cut sets, by aplying

25、the Bolean reduction laws. The type and number of basic events in the combined minimal cut sets shal be documented in the FT dataset for each general event an event results from a combination of other events basic event (primary) an event that requires no further development undeveloped event an eve

26、nt that is not developed further either because unecesary or no information house event an event that is expected to ocur normaly transfer (used to link tres) AND gate OR gate ANSI/AIA S-102.2.18-2009 10 of the top events. The minimum cut sets shal be sorted by order, i.e., the lowest to highest num

27、ber of events in a cut set. If a Capability Level 4 FTA is required, the FT shal be validated for configuration acuracy by using one of the folowing methods: 1) Use the system schematics or functional flow diagrams to verify that minimum cut sets are inded valid failure paths to the top event. If va

28、lidating the top event directly is to dificult, e.g., the smalest order cut sets contain a large number of basic events that are dificult to check, then identify lower order faults (i.e., intermediate events) in the FT and validate the cut sets for these faults. 2) Identify the smalest suces paths o

29、f the FT and use the system schematics or functional flow diagrams to validate that these are inded suces paths. 5.2.8 Quantitatively Evaluate FT If a Capability Level 3 FTA is required, the contractor shal calculate the top event and contributing events probabilities and the importance measure of e

30、ach basic event established. The importance measures shal be used to establish the significance for al the events in the fault tre in terms of their contributions to the top event probability. Both intermediate events (gate events) as wel as basic events shal be prioritized acording to their importa

31、nce. If a Capability Level 4 FTA is required, an uncertainty analysis shal be performed for each basic event. This analysis shal consist of asigning an uncertainty distribution to each data parameter to describe the posible values that the data parameter may have. The contractor shal identify the me

32、an value, median value, standard deviation, 5thpercentile and 95thpercentile for each probability distribution. Also, the contractor shal check if failures and basic events identified in the FT have ocured previously in heritage systems, and if so, evaluate the probabilities of the minimum cut sets

33、and their relative contributions to determine if the results are reasonable. If there is no failure history of similar systems, then the contractor shal check the history of similar subsystems or asemblies for field data that can be used to evaluate probabilities of intermediate faults. 5.2.9 Interp

34、ret and Present the Results The contractor shal place emphasis on the interpretation of the results in the FTA report. The report shal describe al significant implications of the FTA results to the original FTA objective, to the extent that the project management understands the implications. 5.3 FT

35、A Database If a Capability Level 3 FTA is required, the contractor shal establish a FTA database that contains the FTA data products that are identified in the established systems enginering data flow schemas for al aplicable product development phases and that has data change control and tracking p

36、rocedures5. If a Capability Level 4 FTA is required, al data that are entered in or extracted from the FTA database shal be prefaced with one or more keyword data element descriptions (DED) listed in Anex C. Each keyword DED belongs to one of the folowing data types: Physical or Functional Character

37、istic Physical or Functional Dependency Aplication Failure Mode and Efects Analysis (FMEA) 5The objective here is to ensure that al identified failures/basic events are documented, the history of designed-in reliability improvements is maintained, and curent data is distinguishable from out-of-date

38、data. ANSI/AIA S-102.2.18-2009 11 Criticality Analysis Anomaly Detection and Response (ADR) Reliability, System Safety, and Maintainability Critical Item Failure Compensation Identification Maintainability Analysis Unit Reference Value Coment Atachment Database Administration The FTA database shal b

39、e structured to alow: 1) independent verification of the system-level faults for al component-level failures that are Severity Clasification 3, 4, or 5, and 2) online review of the most curent and al prior fault tres. If a Capability Level 4 FTA is required, the contractor shal establish and maintai

40、n an interface that permits data exchange betwen the FTA database, product FMECA database, and the project R Identification of one or more top events of the FTA (defines the top-level failure of the system to be analyzed); definition of the scope of the FTA (boundary conditions for the analysis); de

41、finition of the FTA lowest level of resolution (the failure causes level of detail); definitions of the ground rules. (This is a process validation activity when it includes evaluation of the appropriateness of the FTA process prior to its use); descriptions of all the mission phases; descriptions o

42、f all the system life-cycle environments; descriptions of the systems normal and degraded modes of operation; and descriptions of all the functional and physical, inherent8failure modes of each H/W component (within the analytical ground rules to be specified by the contractor). B.1.2 Timely establi

43、shment of FTA implementation technical performance metrics (TPM). B.1.3 Timely construction of a top-down fault tree, being a logical model that identifies all the lower-level events contributing to the top event (within the analytical ground rules to be specified in B.1.1); B.1.4 Timely qualitative

44、 evaluation of the fault tree, including the identification of the minimal cut sets for a top event (the basic events and their combinations that result in the top event); and B.1.5 Timely interpretation of the FTA results and their documentation in an FTA report. B.2 The Capability Level 2 Fault Tr

45、ee Analysis shall include all the tasks in the Capability Level 1 Fault Tree Analysis plus the following: B.2.1 Timely collection and evaluation of the necessary system design and performance information to identify the contributions made by component-level basic events to each specified failure con

46、dition or undesired event. The scope of the system design information that is collected and evaluated shall include the following: descriptions of each components physics-based characteristics; descriptions of the component-level environmental conditions; 8In this standard inherent failure modes are

47、 the result of characteristic weaknesses related to an items specified design and materials. ANSI/AIAA S-102.2.18-2009 16 descriptions of all the basic events that affect each component; and descriptions of all the phenomenological sequences that affect each component. B.2.2 Timely assignment of the

48、 probability of failure for each basic event (within the analytical ground rules to be specified by the contractor); B.2.3 Timely calculation of the probability of failure of each H/W component and the top event (within the analytical ground rules to be specified by the contractor); and B.2.4 Timely

49、 prioritization of risks using importance measures. B.3 The Capability Level 3 Fault Tree Analysis shall include all the tasks in the Capability Level 2 Fault Tree Analysis plus the following: B.3.1 Timely creation of a fault tree analysis plan or procedure that describes the objectives, ground rules, scope, assumptions, activities or approach, data sources, and the organizational elements responsible for generating and processing the fault tree analysis; B.3.2 Timely integration of fault tree analysis with ev