1、 EIA STANDARD Fault Tree Analysis EIA 61025 (IEC 61025:2006 Ed.2.0, IDT) May 2017 EIA 61025 ANSI/EIA 61025-2017 Approved: May 11, 2017 NOTICE EIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchaser
2、s, facilitating interchangeability and improvement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for his particular need. Existence of such Standards and Publications shall not in any respect preclude any member or nonmember of ECIA from ma
3、nufacturing or selling products not conforming to such Standards and Publications, nor shall the existence of such Standards and Publications preclude their voluntary use by those other than ECIA members, whether the standard is to be used either domestically or internationally. Standards and Public
4、ations are adopted by ECIA in accordance with the American National Standards Institute (ANSI) patent policy. By such action, ECIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This EIA Standard is ident
5、ical (IDT) with the International Standard IEC Publication 61025:2006: Fault Tree Analysis. This document is the EIA Standard EIA 61025 Edition 2.0: Fault Tree Analysis. The text, figures and tables of IEC 61025:2006 are used in this Standard with the consent of the IEC and the American National Sta
6、ndards Institute (ANSI). The IEC copyrighted material has been reproduced with permission from ANSI. The IEC Foreword and Introduction are not part of the requirements of this standard but are included for information purposes only. This Standard does not purport to address all safety problems assoc
7、iated with its use or all applicable regulatory requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Standards Proposal No. 5372.02, formulated under
8、 the cognizance of the EIA Dependability Standards Committee). Published by Electronic Components Industry Association 2017 Standards any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizatio
9、ns liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters
10、 express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National C
11、ommittees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC Na
12、tional Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC provides
13、no marking procedure to indicate its approval and cannot be rendered responsible for any equipment declared to be in conformity with an IEC Publication. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees,
14、servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publi
15、cation, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibi
16、lity that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 61025 has been prepared by IEC technical committee 56: Dependability. The text of this standard is b
17、ased on the following documents: FDIS Report on voting 56/1142/FDIS 56/1162/RVD Full information on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This second edition cancels and replaces the first edition, published in 1990, and const
18、itutes a technical revision. EIA 61025 Page 2 The main changes with respect to the previous edition are as follows: added detailed explanations of fault tree methodologies added quantitative and reliability aspects of Fault Tree Analysis (FTA) expanded relationship with other dependability technique
19、s added examples of analyses and methods explained in this standard updated symbols currently in use Clause 7, dealing with analysis, has been revised to address traditional logic fault tree analysis separately from the quantitative analysis that has been used for many years already, for reliability
20、 improvement of products in their development stage. Some material included previously in the body of this standard has been transferred to Annexes A and B. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. The committee has decided that the contents of this public
21、ation will remain unchanged until the maintenance result date indicated on the IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. EIA 61025 Page 3 INTRODU
22、CTION Fault tree analysis (FTA) is concerned with the identification and analysis of conditions and factors that cause or may potentially cause or contribute to the occurrence of a defined top event. With FTA this event is usually seizure or degradation of system perfomance, safety or other importan
23、t operational attributes, while with STA (success tree analysis) this event is the attribute describing the success. FTA is often applied to the safety analysis of systems (such as transportation systems, power plants, or any other systems that might require evaluation of safety of their operation).
24、 Fault tree analysis can be also used for availability and maintainability analysis. However, for simplicity, in the rest of this standard the term “reliability” will be used to represent these aspects of system performance. This standard addresses two approaches to FTA. One is a qualitative approac
25、h, where the probability of events and their contributing factors, input events or their frequency of occurrence is not addressed. This approach is a detailed analysis of events/faults and is known as a qualitative or traditional FTA. It is largely used in nuclear industry applications and many othe
26、r instances where the potential causes or faults are sought out, without interest in their likelihood of occurrence. At times, some events in the traditional FTA are investigated quantitatively, but these calculations are disassociated with any overall reliability concepts, in which case, no attempt
27、 to calculate overall reliability using FTA is made. The second approach, adopted by many industries, is largely quantitative, where a detailed FTA models an entire product, process or system, and the vast majority of the basic events, whether faults or events, has a probability of occurrence determ
28、ined by analysis or test. In this case, the final result is the probability of occurrence of a top event representing reliability or probability of fault or a failure. EIA 61025 Page 4 FAULT TREE ANALYSIS (FTA) 1 Scope This International Standard describes fault tree analysis and provides guidance o
29、n its application as follows: definition of basic principles; - describing and explaining the associated mathematical modelling; - explaining the relationships of FTA to other reliability modelling techniques; description of the steps involved in performing the FTA; identification of appropriate ass
30、umptions, events and failure modes; identification and description of commonly used symbols. 2 Normative references The following referenced documents are indispensable for the application of this document. For the references, only the edition cited applies. For undated references, the latest editio
31、n of the referenced document (including any amendments) applies. IEC 60050(191), International Electrotechnical Vocabulary (IEV) Chapter 191: Dependability and quality of service IEC 61165, Application of Markov techniques 3 Terms and definitions For the purposes of this document, the terms and defi
32、nitions given in IEC 60050(191) apply. In fault tree methodology and applications, many terms are used to better explain the intent of analysis or the thought process behind such analysis. There are terms used also as synonyms to those that are considered analytically correct by various authors. The
33、 following additional terms are used in this standard. 3.1 outcome result of an action or other input; a consequence of a cause NOTE 1 An outcome can be an event or a state. Within a fault tree, an outcome from a combination of corresponding input events represented by a gate may be either an interm
34、ediate event or a top event. NOTE 2 Within a fault tree, an outcome may also be an input to an intermediate event, or it can be the top event. 3.2 top event outcome of combinations of all input events NOTE 1 It is the event of interest under which a fault tree is developed. The top event is often re
35、ferred to as the final event, or as the top outcome. EIA 61025 Page 5 NOTE 2 It is pre-defined and is a starting point of a fault tree. It has the top position in the hierarchy of events. 3.3 final event final result of combinations of all of the input, intermediate and basic events NOTE It is a res
36、ult of input events or states (see 3.2). 3.4 top outcome outcome that is investigated by building the fault tree NOTE Final result of combinations of all of the input, intermediate and basic events; it is a result of input events or states (see 3.2). 3.5 gate symbol which is used to establish symbol
37、ic link between the output event and the corresponding inputs NOTE A given gate symbol reflects the type of relationship required between the input events for the output event to occur. 3.6 cut set group of events that, if all occur, would cause occurrence of the top event 3.7 minimal cut set minimu
38、m, or the smallest set of events needed to occur to cause the top event NOTE The non-occurrence of any one of the events in the set would prevent the occurrence of the top event. 3.8 event occurrence of a condition or an action 3.9 basic event event or state that cannot be further developed 3.10 pri
39、mary event event that is at the bottom of the fault tree NOTE In this standard, primary event can mean a basic event that need not be developed any more, or it can be an event that, although a product of groups of events and gates, may be developed elsewhere, or may not be developed at all (undevelo
40、ped event). 3.11 intermediate event event that is neither a top event nor a primary event NOTE It is usually a result of one or more primary and/or other intermediate events. EIA 61025 Page 6 3.12 undeveloped event event that does not have any input events NOTE It is not developed in the analysis fo
41、r various possible reasons, such as lack of more detailed information, or it is developed in another analysis and then annotated in the current analysis as undeveloped. An example of undeveloped gates could be Commercial Off The Shelf Items (or COTS). 3.13 single point failure (event) failure event
42、which, if it occurs, would cause overall system failure or would, by itself regardless of other events or their combinations, cause the top unfavourable event (outcome) 3.14 common cause events different events in a system or a fault tree that have the same cause for their occurrence NOTE An example
43、 of such an event would be shorting of ceramic capacitors due to flexing of the printed circuit board; thus, even though these might be different capacitors having different functions in their design, their shorting would have the same cause the same input event. 3.15 common cause cause of occurrenc
44、e of multiple events NOTE In the above example it would be board flexing that itself can be an intermediate event resulting from multiple events such as environmental shock, vibrations or manual printing circuit board break during product manufacturing. 3.16 replicated or repeated event event that i
45、s an input to more than one higher level event NOTE This event can be a common cause or a failure mode of a component, shared by more than one part of a design. Figure 1 illustrates some of the above definitions. This figure contains annotations and description of events to better explain the practi
46、cal application of a fault tree. Omitted from Figure 1 are the graphical explanations of cut sets or minimal cut sets, for simplicity of the graphical representation of other pertinent terms. The symbols in Figure 1 and all of the subsequent figures appear somewhat different to those in Tables A.1,
47、A.2, A.3, and A.4 because of the added box above the gate symbol for description of individual events. EIA 61025 Page 7 Figure 1 Explanation of terms used in fault tree analyses NOTE Symbols in Figure 1 and all other figures might slightly differ from the symbols shown in Annex A. This is because de
48、scription blocks are added to better explain the relationship of various events 4 Symbols The graphical representation of a fault tree requires that symbols, identifiers and labels be used in a consistent manner. Symbols describing fault tree events vary with user preferences and software packages,
49、when used. General guidance is given in Clause 8 and in Annex A. Other symbols used in this standard are standard dependability symbols such as F(t) or just probability of an event occurring F. For that reason, a separate list of symbols is not provided. IEC 2118/06 EIA 61025 Page 8 5 General 5.1 Fault tree description and structure Several analytical methods of dependability analysis are available, of which fault tree analysis (FTA) is one. The purpose of each method and their individual or combined applicability in evaluating the flow of events or states
