1、BRITISH STANDARDBS EN 61025:2007Fault tree analysis (FTA) The European Standard EN 61025:2007 has the status of a British StandardICS 03.120.01; 03.120.99; 29.020g49g50g3g38g50g51g60g44g49g42g3g58g44g55g43g50g56g55g3g37g54g44g3g51g40g53g48g44g54g54g44g50g49g3g40g59g38g40g51g55g3g36g54g3g51g40g53g48g
2、44g55g55g40g39g3g37g60g3g38g50g51g60g53g44g42g43g55g3g47g36g58BS EN 61025:2007This British Standard was published under the authority of the Standards Policy and Strategy Committee on 28 September 2007 BSI 2007ISBN 978 0 580 54069 1National forewordThis British Standard is the UK implementation of E
3、N 61025:2007. It is identical to IEC 61025:2006. It supersedes BS 5760-7:1991 which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee DS/1, Dependability and terotechnology.A list of organizations represented on this committee can be obtained on request to its
4、 secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legal obligations.Amendments issued since publicationAmd. No. Date CommentsEUROPEAN STA
5、NDARD EN 61025 NORME EUROPENNE EUROPISCHE NORM April 2007 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Central Secretariat: rue de Stassart 35, B - 1050 Brussels 2007 CENELEC - All rig
6、hts of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 61025:2007 E ICS 03.120.01; 03.120.99 Supersedes HD 617 S1:1992English version Fault tree analysis (FTA) (IEC 61025:2006) Analyse par arbre de panne (AAP) (CEI 61025:2006) Fehlzustandsbaumanalyse (IE
7、C 61025:2006) This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bi
8、bliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibi
9、lity of a CENELEC member into its own language and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Gre
10、ece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. EN 61025:2007 2 Foreword The text of document 56/1142/FDIS, future edition 2 of IEC 61025, prepared
11、by IEC TC 56, Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as EN 61025 on 2007-03-01. This European Standard supersedes HD 617 S1:1992. The main changes with respect to HD 617 S1:1992 are as follows: added detailed explanations of fault tree methodologies
12、; added quantitative and reliability aspects of Fault Tree Analysis (FTA); expanded relationship with other dependability techniques; added examples of analyses and methods explained in this standard; updated symbols currently in use. Clause 7, dealing with analysis, has been revised to address trad
13、itional logic fault tree analysis separately from the quantitative analysis that has been used for many years already, for reliability improvement of products in their development stage. Some material included previously in the body of this standard has been transferred to Annexes A and B. The follo
14、wing dates were fixed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2007-12-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2010-03-01 Annex ZA has been a
15、dded by CENELEC. _ Endorsement notice The text of the International Standard IEC 61025:2006 was approved by CENELEC as a European Standard without any modification. _ 3 EN 61025:2007 CONTENTS INTRODUCTION H5 1 Scope . H6 2 Normative references H6 3 Terms and definitions H6 4 Symbols H9 5 General. H1
16、0 5.1 Fault tree description and structure. H10 5.2 Objectives H11 5.3 Applications H11 5.4 Combinations with other reliability analysis techniques H12 6 Development and evaluation H14 6.1 General considerations . H14 6.2 Required system information. H17 6.3 Fault tree graphical description and stru
17、cture H18 7 Fault tree development and evaluation. H19 7.1 General H19 7.2 Scope of analysis . H19 7.3 System familiarization. H19 7.4 Fault tree development . H19 7.5 Fault tree construction H20 7.6 Failure rates in fault tree analysis . H37 8 Identification and labelling in a fault tree H37 9 Repo
18、rt. H38 Annex A (informative) Symbols . H40 Annex B (informative) Detailed procedure for disjointing H47 Annex ZA (normative) Normative references to international publications with their corresponding European publications52 Bibliography H51 HFigure 1 Explanation of terms used in fault tree analyse
19、s. H9 HFigure 2 Fault tree representation of a series structure H22 HFigure 3 Fault tree representation of parallel, active redundancy H23 HFigure 4 En example of fault tree showing different gate types. H25 HFigure 5 Rectangular gate and events representation H26 HFigure 6 An example fault tree con
20、taining a repeated and a transfer event. H27 HFigure 7 Example showing common cause considerations in rectangular gate representation . H27 HFigure 8 Bridge circuit example to be analysed by a fault tree H31 HFigure 9 Fault tree representation of the bridge circuit . H32 HFigure 10 Bridge system FTA
21、, Esary-Proschan, no disjointing H34 EN 61025:2007 4 HFigure 11 Bridge system probability of failure calculated with rare-event approximation H35 HFigure 12 Probability of occurrence of the top event with disjointing. H36 HFigure A.1 Example of a PAND gate H46 HTable A.1 Frequently used symbols for
22、a fault tree H40 HTable A.2 Common symbols for events and event description H43 HTable A.3 Static gates H44 HTable A.4 Dynamic gates H45 5 EN 61025:2007 INTRODUCTION Fault tree analysis (FTA) is concerned with the identification and analysis of conditions and factors that cause or may potentially ca
23、use or contribute to the occurrence of a defined top event. With FTA this event is usually seizure or degradation of system perfomance, safety or other important operational attributes, while with STA (success tree analysis) this event is the attribute describing the success. FTA is often applied to
24、 the safety analysis of systems (such as transportation systems, power plants, or any other systems that might require evaluation of safety of their operation). Fault tree analysis can be also used for availability and maintainability analysis. However, for simplicity, in the rest of this standard t
25、he term “reliability” will be used to represent these aspects of system performance. This standard addresses two approaches to FTA. One is a qualitative approach, where the probability of events and their contributing factors, input events or their frequency of occurrence is not addressed. This appr
26、oach is a detailed analysis of events/faults and is known as a qualitative or traditional FTA. It is largely used in nuclear industry applications and many other instances where the potential causes or faults are sought out, without interest in their likelihood of occurrence. At times, some events i
27、n the traditional FTA are investigated quantitatively, but these calculations are disassociated with any overall reliability concepts, in which case, no attempt to calculate overall reliability using FTA is made. The second approach, adopted by many industries, is largely quantitative, where a detai
28、led FTA models an entire product, process or system, and the vast majority of the basic events, whether faults or events, has a probability of occurrence determined by analysis or test. In this case, the final result is the probability of occurrence of a top event representing reliability or probabi
29、lity of fault or a failure. EN 61025:2007 6 FAULT TREE ANALYSIS (FTA) 1 Scope This International Standard describes fault tree analysis and provides guidance on its application as follows: definition of basic principles; - describing and explaining the associated mathematical modelling; - explaining
30、 the relationships of FTA to other reliability modelling techniques; description of the steps involved in performing the FTA; identification of appropriate assumptions, events and failure modes; identification and description of commonly used symbols. 2 Normative references The following referenced
31、documents are indispensable for the application of this document. For the references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 60050(191), International Electrotechnical Vocabulary (IEV) Chapter 191:
32、 Dependability and quality of service IEC 61165, Application of Markov techniques 3 Terms and definitions For the purposes of this document, the terms and definitions given in IEC 60050(191) apply. In fault tree methodology and applications, many terms are used to better explain the intent of analys
33、is or the thought process behind such analysis. There are terms used also as synonyms to those that are considered analytically correct by various authors. The following additional terms are used in this standard. 3.1 outcome result of an action or other input; a consequence of a cause NOTE 1 An out
34、come can be an event or a state. Within a fault tree, an outcome from a combination of corresponding input events represented by a gate may be either an intermediate event or a top event. NOTE 2 Within a fault tree, an outcome may also be an input to an intermediate event, or it can be the top event
35、. 3.2 top event outcome of combinations of all input events NOTE 1 It is the event of interest under which a fault tree is developed. The top event is often referred to as the final event, or as the top outcome. 7 EN 61025:2007 NOTE 2 It is pre-defined and is a starting point of a fault tree. It has
36、 the top position in the hierarchy of events. 3.3 final event final result of combinations of all of the input, intermediate and basic events NOTE It is a result of input events or states (see 3.2). 3.4 top outcome outcome that is investigated by building the fault tree NOTE Final result of combinat
37、ions of all of the input, intermediate and basic events; it is a result of input events or states (see 3.2). 3.5 gate symbol which is used to establish symbolic link between the output event and the corresponding inputs NOTE A given gate symbol reflects the type of relationship required between the
38、input events for the output event to occur. 3.6 cut set group of events that, if all occur, would cause occurrence of the top event 3.7 minimal cut set minimum, or the smallest set of events needed to occur to cause the top event NOTE The non-occurrence of any one of the events in the set would prev
39、ent the occurrence of the top event. 3.8 event occurrence of a condition or an action 3.9 basic event event or state that cannot be further developed 3.10 primary event event that is at the bottom of the fault tree NOTE In this standard, primary event can mean a basic event that need not be develope
40、d any more, or it can be an event that, although a product of groups of events and gates, may be developed elsewhere, or may not be developed at all (undeveloped event). 3.11 intermediate event event that is neither a top event nor a primary event NOTE It is usually a result of one or more primary a
41、nd/or other intermediate events. EN 61025:2007 8 3.12 undeveloped event event that does not have any input events NOTE It is not developed in the analysis for various possible reasons, such as lack of more detailed information, or it is developed in another analysis and then annotated in the current
42、 analysis as undeveloped. An example of undeveloped gates could be Commercial Off The Shelf Items (or COTS). 3.13 single point failure (event) failure event which, if it occurs, would cause overall system failure or would, by itself regardless of other events or their combinations, cause the top unf
43、avourable event (outcome) 3.14 common cause events different events in a system or a fault tree that have the same cause for their occurrence NOTE An example of such an event would be shorting of ceramic capacitors due to flexing of the printed circuit board; thus, even though these might be differe
44、nt capacitors having different functions in their design, their shorting would have the same cause the same input event. 3.15 common cause cause of occurrence of multiple events NOTE In the above example it would be board flexing that itself can be an intermediate event resulting from multiple event
45、s such as environmental shock, vibrations or manual printing circuit board break during product manufacturing. 3.16 replicated or repeated event event that is an input to more than one higher level event NOTE This event can be a common cause or a failure mode of a component, shared by more than one
46、part of a design. Figure 1 illustrates some of the above definitions. This figure contains annotations and description of events to better explain the practical application of a fault tree. Omitted from Figure 1 are the graphical explanations of cut sets or minimal cut sets, for simplicity of the gr
47、aphical representation of other pertinent terms. The symbols in Figure 1 and all of the subsequent figures appear somewhat different to those in Tables A.1, A.2, A.3, and A.4 because of the added box above the gate symbol for description of individual events. 9 EN 61025:2007 Figure 1 Explanation of
48、terms used in fault tree analyses NOTE Symbols in Figure 1 and all other figures might slightly differ from the symbols shown in Annex A. This is because description blocks are added to better explain the relationship of various events 4 Symbols The graphical representation of a fault tree requires
49、that symbols, identifiers and labels be used in a consistent manner. Symbols describing fault tree events vary with user preferences and software packages, when used. General guidance is given in Clause 8 and in Annex A. Other symbols used in this standard are standard dependability symbols such as F(t) or just probability of an event occurring F. For that reason, a separate list of symbols is not provided. IEC 2118/06 EN 61025: