1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationAnalysis techniques for dependability Event tree analysis (ETA)BS EN 62502:2011National forewordThis British Standard is the UK implementation of EN 62502:2011. It is identical t
2、o IEC 62502:2010.The UK participation in its preparation was entrusted to Technical Committee DS/1, Dependability and value management.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary prov
3、isions of a contract. Users are responsible for its correct application. BSI 2011ISBN 978 0 580 59962 0 ICS 21.020; 29.020Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Comm
4、ittee on 30 June 2011.Amendments issued since publication Amd. No. Date Text affectedBRITISH STANDARDBS EN 62502:2011EUROPEAN STANDARD EN 62502 NORME EUROPENNE EUROPISCHE NORM November 2010 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechniqu
5、e Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marnix 17, B - 1000 Brussels 2010 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 62502:2010 E ICS 21.020 English version Analysis techniques for dependa
6、bility - Event tree analysis (ETA) (IEC 62502:2010) Techniques danalyse de la sret de fonctionnement - Analyse par arbre dvnement (AAE) (CEI 62502:2010) Verfahren zur Analyse der Zuverlssigkeit - Ereignisbaumanalyse (ETA) (IEC 62502:2010) This European Standard was approved by CENELEC on 2010-11-01.
7、 CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained
8、 on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central
9、Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembou
10、rg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. BS EN 62502:2011EN 62502:2010 - 2 - Foreword The text of document 56/1380/FDIS, future edition 1 of IEC 62502, prepared by IEC TC 56, Dependability, was submitted to
11、the IEC-CENELEC parallel vote and was approved by CENELEC as EN 62502 on 2010-11-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The
12、following dates were fixed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-08-01 latest date by which the national standards conflicting with the EN have to be withdrawn (dow) 2013-11-01 Annex ZA has b
13、een added by CENELEC. _ Endorsement notice The text of the International Standard IEC 62502:2010 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: 12 ISO/IEC 31010 NOTE
14、 Harmonized as EN 31010. 13 IEC 60300-3-1:2003 NOTE Harmonized as EN 60300-3-1:2004 (not modified). 15 IEC 60812:2006 NOTE Harmonized as EN 60812:2006 (not modified) 16 IEC 61078:2006 17 IEC 61165:2006 18 IEC 61508 series 19 IEC 61511-3:2003 20 IEC 61703:2001 22 IEC 62429:2007 23 IEC 62508:2010 24 I
15、EC 625511)NOTE Harmonized as EN 61078:2006 (not modified) NOTE Harmonized as EN 61165:2006 (not modified) NOTE Harmonized in EN 61508 series (not modified) NOTE Harmonized as EN 61511-3:2004 (not modified) NOTE Harmonized as EN 61703:2002 (not modified) NOTE Harmonized as EN 62429:2008 (not modified
16、) NOTE Harmonized as EN 62508:2010 (not modified) NOTE Harmonized as EN 625512)(not modified) _ 1)To be published. 2)At draft stage. BS EN 62502:2011- 3 - EN 62502:2010 Annex ZA (normative) Normative references to international publications with their corresponding European publications The followin
17、g referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. NOTE When an international publication has been modified by c
18、ommon modifications, indicated by (mod), the relevant EN/HD applies. Publication Year Title EN/HDYearIEC 60050-191 1990 International Electrotechnical Vocabulary (IEV) - Chapter 191: Dependability and quality of service - - IEC 61025 2006 Fault Tree Analysis (FTA) EN 61025 2007 BS EN 62502:2011 2 62
19、502 IEC:2010 CONTENTS INTRODUCTION.6 1 Scope.7 2 Normative references .7 3 Terms, definitions, abbreviations and symbols7 3.1 Terms and definitions 7 3.2 Abbreviations and symbols8 3.2.1 Abbreviations 8 3.2.2 Symbols 9 4 General description 9 5 Benefits and limitations of ETA.11 5.1 Benefits.11 5.2
20、Limitations.11 6 Relationship with other analysis techniques12 6.1 Combination of ETA and FTA 12 6.2 Layer of protection analysis (LOPA) 13 6.3 Combination with other techniques 13 7 Development of event trees 14 7.1 General .14 7.2 Steps in ETA .14 7.2.1 Procedure14 7.2.2 Step 1: Definition of the
21、system or activity of interest.15 7.2.3 Step 2: Identification of the initiating events of interest 15 7.2.4 Step 3: Identification of mitigating factors and physical phenomena.16 7.2.5 Step 4: Definition of sequences and outcomes, and their quantification.16 7.2.6 Step 5: Analysis of the outcomes.1
22、7 7.2.7 Step 6: Uses of ETA results.17 8 Evaluation 18 8.1 Preliminary remarks 18 8.2 Qualitative analysis Managing dependencies18 8.2.1 General .18 8.2.2 Functional dependencies .19 8.2.3 Structural or physical dependencies 20 8.3 Quantitative analysis .22 8.3.1 Independent sequence of events .22 8
23、.3.2 Fault tree linking and boolean reduction 23 9 Documentation .24 Annex A (informative) Graphical representation .26 Annex B (informative) Examples 27 Bibliography41 Figure 1 Process for development of event trees .10 Figure 2 Simple graphical representation of an event tree18 Figure 3 Functional
24、 dependencies in event trees .20 BS EN 62502:201162502 IEC:2010 3 Figure 4 Modelling of structural or physical dependencies21 Figure 5 Sequence of events .22 Figure 6 Fault tree linking 23 Figure A.1 Frequently used graphical representation for event trees 26 Figure B.1 Event tree for a typical fire
25、 incident in a diesel generator building.28 Figure B.2 Simplified event tree for a fire event .29 Figure B.3 Level-crossing system (LX).31 Figure B.4 ETA for the level-crossing system.33 Figure B.5 Simple example 36 Figure B.6 Fault Tree for the Failure of System 1.36 Figure B.7 Fault Tree for the F
26、ailure of System 2.37 Figure B.8 Modified event tree .38 Figure B.9 Event tree with “grouped faults“ 39 Table A.1 Graphical elements 26 Table B.1 Symbols used in Annex B 29 Table B.2 System overview31 Table B.3 Risk reduction parameters for accidents from Figure B.4 .34 BS EN 62502:2011 6 62502 IEC:
27、2010 INTRODUCTION This International Standard defines the basic principles and procedures for the dependability technique known as Event Tree Analysis (ETA). IEC 60300-3-1 explicitly lists ETA as an applicable method for general dependability assessment. It is also used in risk and safety analysis s
28、tudies. ETA is also briefly described in the IEC 60300-3-9. The basic principles of this methodology have not changed since the conception of the technique in the 1960s. ETA was first successfully used in the nuclear industry in a study by the U.S. Nuclear Regulatory Commission, the so-called WASH 1
29、400 report in the year 1975 311. Over the following years, ETA has gained widespread acceptance as a mature methodology for dependability and risk analysis and is applied in diverse industry branches ranging from the aviation industry, nuclear installations, the automotive industry, chemical process
30、ing, offshore oil and gas production, to defence industry and transportation systems. In contrast to some other dependability techniques such as Markov modelling, ETA is based on relatively elementary mathematical principles. However, as mentioned in IEC 60300-3-1, the implementation of ETA requires
31、 a high degree of expertise in the application of the technique. This is due in part to the fact that particular care has to be taken when dealing with dependent events. Furthermore, one can utilize the close relationship between Fault Tree Analysis (FTA) and the qualitative and quantitative analysi
32、s of event trees. This standard aims at defining the consolidated basic principles of the ETA and the current usage of the technique as a means for assessing the dependability and risk related measures of a system. _ 1Figures in square brackets refer to the bibliography. BS EN 62502:201162502 IEC:20
33、10 7 ANALYSIS TECHNIQUES FOR DEPENDABILITY EVENT TREE ANALYSIS (ETA) 1 Scope This International Standard specifies the consolidated basic principles of Event Tree Analysis (ETA) and provides guidance on modelling the consequences of an initiating event as well as analysing these consequences qualita
34、tively and quantitatively in the context of dependability and risk related measures. More specifically, this standard deals with the following topics in relation to event trees: a) defining the essential terms and describing the usage of symbols and ways of graphical representation; b) specifying th
35、e procedural steps involved in the construction of the event tree; c) elaborating on the assumptions, limitations and benefits of performing the analysis; d) identifying relationships with other dependability and risk-related techniques and elucidating suitable fields of applications; e) giving guid
36、elines for the qualitative and quantitative aspects of the evaluation; f) providing practical examples. This standard is applicable to all industries where the dependability and risk-related measures for the consequences of an initiating event have to be assessed. 2 Normative references The followin
37、g referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 60050-191:1990, International Electrotechnical Vocabulary
38、 Chapter 191: Dependability and quality of service IEC 61025:2006, Fault tree analysis (FTA) 3 Terms, definitions, abbreviations and symbols For the purposes of this document, the following terms and definitions, as well as those given in IEC 60050-191, apply. 3.1 Terms and definitions 3.1.1 node po
39、int in the graphical representation of the event tree depicting two or more possible outcomes for the mitigating factor NOTE The top event of the corresponding fault tree can directly be linked to a node. 3.1.2 common cause cause of occurrence of multiple events IEC 61025:2006, 3.15 BS EN 62502:2011
40、 8 62502 IEC:2010 NOTE Under particular circumstances the timeframe should be specified in which the multiple events occur, such as “occurrence of multiple events occurring simultaneously or within a very short time of each other”. EXAMPLES Particular natural dangers (e.g. fire, flood), failures of
41、an engineered system, biological infections or human acts. 3.1.3 event occurrence of a condition or an action IEC 61025:2006, 3.8 3.1.4 headings listed mitigating factors in a line above the depiction of the event tree 3.1.5 initiating event event which is the starting point of the event tree and th
42、e sequence of events that may lead to different possible outcomes 3.1.6 mitigating factor system, function or other circumstantial factor mitigating the consequences of the initiating event NOTE Many industries have specific equivalent terms, e.g. lines of defense, protection lines, protection syste
43、ms, safety barriers, lines of assurance, risk reduction factor, etc. 3.1.7 outcome possible result of the sequence of events after all reactions of relevant mitigating factors have been considered and no further development of the event tree is required 3.1.8 sequence chain of events, from the initi
44、ating event, through subsequent events, leading to a specific outcome 3.1.9 top event predefined undesired event which is the starting point of the fault tree analysis, and is of primary interest in the analysis. It has the top position in the hierarchy of events in the fault tree NOTE It is the out
45、come of combinations of all input events. 3.1.10 branch graphical representation of one out of two or more possible outcomes originating from a node 3.2 Abbreviations and symbols 3.2.1 Abbreviations CCA Cause-Consequence Analysis ETA Event Tree Analysis FMEA Failure Mode and Effects Analysis FTA Fau
46、lt Tree Analysis IRF Individual Risk of Fatality BS EN 62502:201162502 IEC:2010 9 LESF Combination of two dependability techniques: Large Event Trees (LE) with connected Small Fault Trees (SF) LOPA Layers Of Protection Analysis RBD Reliability Block Diagrams PRA Probabilistic Risk Assessment PRA/PSA
47、 Probabilistic Risk/Safety Analysis SELF Combination of two dependability techniques: Small Event Trees (SE) with connected Large Fault Trees (LF) 3.2.2 Symbols A Whenused intalics, anuper case ltr indcates hate vnt Ahas occurred. A Whnusdintalics witha br,an uper case ltr indcates hate vnt A has no
48、t occurred. EI Weuedintalics,this ndicates hate intaing evnt hasocured. BAIEO,This denotes the outcome which results, if all of the events in the subscript (with upper case letters in italics separated by commas) have occurred in the order of the events stated in the subscript (see an example in Fig
49、ure 3). ,K Lower case Grek letrs denote particular outcomes ofthe vent re. “+” This symbol denotes a logical “OR”. “.” This symbol denotes a logical “AND”. ( )AP Probability of an event A. P(A) is a real number in the closed interval 0,1 assigned to an event, see 25. ( )CBAIPEProbability that the initiating event IEhas occurred and event A has occurred and event B has not occurred and event C has n