1、UDC 62.004.64(084.21) : 62-192 : 621 .O39 : 001.4 : 003.62 DEUTSCHE NORM September 1981 Fehlerbaumanalyse; Methode und Bildzeichen Supersedes DIN 25 42406.77 Fault tree analysis as considered here must be distinguished from the incident sequence analysis (see DIN 25 41 9 Part 1). In the incident seq
2、uence analysis the object is to find the undesired events that result from a particular cause, whilst fault tree analysis starts with the undesired event and the object is then to find all the causes that can lead to this event. Where possible the definitions have been made consistent with those in
3、DIN 40042 (preliminary standard). The graphical symbols used are as far as possible based on DIN 40700 Part 14 and the American IEEE Standard 352-1975 published by the Institute of Electrical and Electronics Engineers *). Contents Page 1 Field of application . 2 2 Purpose . 2 4 Method . 3 3 concepts
4、 2 4.1 Model and graphical symbols 3 4.2 Steps in analysis 4 4.3 Notes on systems analysis 4 4.4 Undesired event and failure criteria 5 4.5 Relevant reliability parameters and time intervals. 5 4.6 Modes of failure of components 5 4.8 Analysis of common mode failures 6 4.9 Notes on evaluating the fa
5、ult tree . 6 Appendix A Example of a fault tree . 7 4.7 Drawing up the fault tree 5 *) Obtainable from Auslandsnormenvermittlung (foreign standardsservice) of DIN Deutsches Institut fr Normung e.V., Burggrafenstrasse 4-1 O, D-I O00 Berlin 30. Continued on pages 2 to 8 iesalerightsof German Stan such
6、 a failure is therefore represented as a standard input. A secondary failure or a controlled failure are not necessarily present in all cases. If they are, step f) follows. Once the particular branch of the tree has been completed, it is necessary to consider the next failure from step c) onwards. I
7、f there are no further failures to develop, the fault tree is complete. The failure is not a failure of a functional element. The description of the failure given in the comments rectangle must be regarded as the undesired event of the fault tree to be developed below it: Step b) then follows. COPYR
8、IGHT DIN DEUTSCHES Institut Fur Normung E.V.- EnglishLicensed by Information Handling ServicesPage 6 DIN 25424 Part 1 a) Undesired event I I 7 I b. c. d) Secondary Controlled failure failure Failure 0 Functional element Failure A Failure B Secondary flp$i?-l o (3 Figure 1. Example of procedure for d
9、rawing up a fault tree Note: At the broken lines the fault tree has been left without tracing any further branches. The letters along the left hand edge of the figure show the steps in the analysis in accordance with sub- clause 4.7. 4.9 Notes on evaluating the fault tree The main results obtained f
10、rom fault tree analysis are: a) systematic determination of combinations of failures that result in the undesired event, IA I Figure 2. Example showing representation of common mode failures b) the frequency of occurrence of these combinations c) the frequency of occurrence of the undesired event, d
11、) the least combination of failures that result in the undesired event. At this point it is useful to draw attention to the effect of common mode failures (see subclause 4.8). Both analytic methods and simulation methods (Monte Carlo method) are available for systematic evaluation of a fault tree. A
12、nalytical methods for example consist of modifying the system structure given by the fault tree so that it is possible to evaluate it on the basis of a probability calculation. Fault trees containing only NOT, OR or AND logic functions can in many cases be evaluated with a simple computing procedure
13、 (a standard is being pre- pared giving examples of these). Simulation methods consist of simulating the time behaviour of the fault tree inputs by the use of random numbers. These methods are particularly useful for assessing the operational and fault behaviour of a technical system over a period o
14、f time. However, direct simulation methods require a high expenditure of computing time for analysis of events of low probability. To overcome this difficulty, methods of variance reduction are used. Apart from purely analytic methods and pure simulation methods, programmes combining both methods ar
15、e also used. In addition to the quantitative evaluation, the fault tree may also be used for a qualitative analysis, e.g. for determining single or double faults that result in the undesired event. of failures, COPYRIGHT DIN DEUTSCHES Institut Fur Normung E.V.- EnglishLicensed by Information Handlin
16、g ServicesExample of a fault tree The rules as described in subclause 4.7 are illustrated here using the example of a compressed air system (figure A.l). The system is started up by operating key switch S 2. Relay K 1 operates as a self-locking relay. K 2 closes. This starts the motor. When maximum
17、pressure is reached, pressure switch P opens and K 2 drops out. This stops the motor. The problem for analysis is: What is the frequency of occurrence of a pressure vessel burst within a year ? Figure A.2 shows the fault tree for the undesired event “bursting of pressure vessel“. This fault tree can
18、 be drawn out in accordance with the procedure described in sub- clause 4.7. a) The undesired event is “bursting of the pressure vessel“. b) The undesired event is a mode of failure of the component pressure vessel. Step e) follows. e) An OR logic function follows. The inputs are labelled primary fa
19、ilure (“failure of pressure vessel“) and secondary failure (“exceeding the conditions of DIN 25424 Part 1 Page 7 Appendix A Safety valve ,w - ,/- Bleed valve Pressure vessel R- I Pressure gauge Compressor MP - service of the pressure vessel“). There is no controlled failure. It remains only to inves
20、tigate the secondary failure. Step f) follows. f) The failure is not a failure of a functional element. Steps b) and c) follow. c) Two failures are identified: “bursting of pressure vessel due to overpressure“ or “bursting of pressure vessel as a result of unallowable ambient conditions“. The failur
21、e “bursting of pressure vessel as a result of unallowable ambient conditions“ can similarly be developed further. Step d) follows. d) There is no mode of failure of a component. Step f) follows. f) The failure is not a failure of a functional element. Step b) follows in accordance with subclause 4.7
22、. The complete example is then worked through in this manner. “ F2 SI t I-. c 52 1 Figure A.1. Compressed air system COPYRIGHT DIN DEUTSCHES Institut Fur Normung E.V.- EnglishLicensed by Information Handling ServicesPage 8 DIN 25424 Part 1 m Bursting of pressure vessel 1 Failure I of I I Excessive s
23、e;e;conditions for the vessel cause pressure vessel Bursting of pressure vessel due to unallowable ambient conditions Bursting of pressure vessel +- Safety valve False valve Pressure switch Compressor does not open o n Figure A.2. .Example of a fault tree for the undesired event “bursting of pressur
24、e vessel“ Standards and documents referred to DIN 25419 Part 1 DIN 40 042 DIN 40700 Part 14 Graphical symbols; digital data processing IEEE Standard 352-1 975 Further standards DIN 25448 Previous issues DIN 25424: 06.77 Incident sequence ana1ysis;event tree; method and graphical symbols Reliability
25、of electrical instruments, plant and systems; concepts IEEE Guide for General Principles of Reliability Analysis of Nuclear Power Generating Station Protection Systems Analysis of effects of failure Amendments Compared with the June 1977 edition the following amendments have been made: a) Extension
26、of the DIN number by an appended number DIN 25 424 being changed to DIN 25 424 Part 1. b) Editorial amendments. Explanations This edition has been editorially revised in comparison with the June 1977 edition and published using the abridged procedure. COPYRIGHT DIN DEUTSCHES Institut Fur Normung E.V.- EnglishLicensed by Information Handling Services
