370 likes | 673 Views
Fault Tree Analysis. Part 1: Introduction. 失誤樹分析沿革 (1) 在 1961~1962 年間,由 Bell Telephone Lab. 的 H. A. Watson 開始發展。為 空軍義勇兵飛彈的控制系統 的一項研究計畫。 (2) 第一篇發表之論文 : 1963 年在由 U. Of Washington 與波音公司聯合主辦之 safety Symposium 上發表。 (3) 於 70 年代初期開始被廣泛地應用。
E N D
Fault Tree Analysis Part 1: Introduction
失誤樹分析沿革 (1)在1961~1962年間,由Bell Telephone Lab.的H. A. Watson開始發展。為空軍義勇兵飛彈的控制系統的一項研究計畫。 (2)第一篇發表之論文:1963年在由U. Of Washington與波音公司聯合主辦之safety Symposium上發表。 (3)於70年代初期開始被廣泛地應用。 (4)於1972年“Reactor Safety Study”,WASH-1400計畫中,首次為核工界所應用。 (5)亦被用於分析大型化工廠之安全分析及液化天然氣(LNG)工廠之安全分析。 (6)大部分之PRA計畫均採用Fault Tree Analysis (與Event Tree Analysis配合使用)。
General Description • Fault Tree Analysis (FTA) is a deductive reasoning technique that focuses on one particular accident event. • The fault tree itself is a graphic model that displays the various combinations of equipment faults and failures that can result in the accident event. • The solution of the fault tree is a list of the sets of equipment failures and human/operator errors that are sufficient to result in the accident event of interest. • The strength of FTA as a qualitative tool is its ability to break down an accident into basic equipment failures and human errors. This allows the safety analyst to focus preventive measures on these basic causes to reduce the probability of an accident.
Purpose: Identify combinations of equipment failures and human errors that can result in an accident event. When to Use: a. Design: FTA can be used in the design phase of the plant to uncover hidden failure modes that result from combinations of equipment failures. b. Operation: FTA including operator and procedure characteristics can be used to study an operating plant to identify potential combinations of failures for specific accidents.
Type of Results: A listing of sets of equipment and/or operator failures that can result in a specific accident. These sets can be qualitatively ranked by importance. Nature of Results: Qualitative, with quantitative potential. The fault tree can be evaluated quantitatively when probabilistic data are available.
Data Requirements: a. A complete understanding of how the plant/system functions. b. Knowledge of the plant/system equipment failure modes and their effects on the plant/system.
Staffing Requirements • One analyst should be responsible for a single fault tree, with frequent consultation with the engineers, operators, and other personal who have experience with the systems/equipment that are included in the analysis. • A team approach is desirable if multiple fault trees are needed, with each team member concentrating on one individual fault tree. Interactions between team members and other experienced personnel are necessary for completeness in the analysis process.
Time and Cost Requirements: Time and cost requirements for FTA are highly dependent on the complexity of the systems involved. Modeling a small process unit could require a day or less with an experienced team. Large problems, with many potential accident events and complex systems, could require several weeks even with an experienced analysis team.
HIGH TEMP INTERLOCK EMERGENCY SHUT-OFF VALVE BURSTING DISC TIS FLOW CONTROLLER ) FRC FLOW CONTROL VALVE MATERIAL B MATERIAL A 圖1 批式反應系統
REACTOR EXPLOSION 3.6 10-4 F/YR RUNAWAY REACTION BURSTING DISC FAILS 0.02 Probability of failure on demand 1.8 10-2 F/YR FLOW CONTROL LOOP FAILS TEMPERATURE INTERLOCK FAILS 0.06 0.3 F/YR FLOW CONTROLLER FAILS VALVE STICKS OPEN THERMO - COUPLE & RELAY FAIL VALVE FAILS TO CLOSE 0.05 Probability of failure on demand 0.01 Probability of failure on demand 0.2 F/YR 0.1 F/YR 圖2 批式反應器爆炸失誤樹分析
Gate Symbol Gate Name Causal Relation Output event occurs if all input events occur simultaneously. AND gate 1 Output event occurs if any one of the input events occurs. 2 OR gate Input produces output when conditional event occurs. Inhibit gate 3 Table 2.1 Gate Symbols
Gate Symbol Gate Name Causal Relation Priority AND gate Output event occurs if all input events occur in the order from left to right. 4 Output event occurs if one,but not both, of the input events occurs. Exclusive OR gate 5 m Out of n gate (voting or sample gate) Output event occurs if m out of n input events occur. m 6 n inputs Table 2.1 Gate Symbols(續)
Event Symbol Meaning of Symbols Basic event with sufficient data 1 Circle 2 Undeveloped event Diamond 3 Event represented by a gate Rectangle Table 2.2 Event Symbols
Event Symbol Meaning of Symbols Conditional event used with inhibit gate 4 Oval 5 House event. Either occurring or not occurring House 6 Transfer symbol Triangles Table 2.2 Event Symbols
Classification of Failures • Sudden versus gradual failures • Hidden versus evident failures • According to effects (critical, degraded or incipient) • According to severity (catastrophic, critical, marginal or negligible) • Primary failure, secondary failure and command fault
Component Failure Characteristics • Primary failure: component within design envelope (natural aging) • Secondary failure: excessive stresses (neighboring components, environment, plant personnel) • Command fault: inadvertent control signals or noises (neighboring components, environment, plant personnel)
COMPONENT FAILURE CHARACTERISTICS Primary Faults and Failures Primary faults and failures are equipment malfunctions that occur in the environment for which the equipment was intended. These faults or failures are the responsibility of the equipment that failed and cannot be attributed to some external force or condition. •本身毛病 • 沒有超出負荷 • 需修理 Secondary Faults and Failures Secondary faults and Failures are equipment malfunctions that occur in an environment for which the equipment was not intended. These faults or failures can be attributed to some external force or condition. •非本身毛病 •超出設計負荷 •需修理
COMPONENT FAILURE CHARACTERISTICS Command Faults and Failures Command faults and failures are equipment malfunctions in which the component operates properly but at the wrong time or in the wrong place. These faults or failures can be attributed to the source of the incorrect command. •非本身毛病 •沒有超出設計負荷 •不需修理 when the exact failure mode for a primary or secondary failure is identified, and failure data are obtained, primary and secondary failure events are the same as basic failures and are shown as circles in a fault tree.
[ EXAMPLE ] 1) Primary 2) Secondary 3)Command • Tank rupture due to metal fatigue • Fuse is opened by excessive current • Earth quake cracks storage tanks • Pressure vessel rupture because some faults external to the vessel • causes the internal pressure to exceed the design limits. • Power is applied inadvertently to relay coil. • Noisy input to safety monitor randomly generate spurious shutdown • signals.
AND: all the inputs are required to cause the output. Boolean Algebra A A AND AND = C B B C
Inclusive OR: any input or combination of inputs will cause the output. Boolean Algebra A A OR OR = C B B C
Boolean Algebra A EOR Exclusive OR: B or C but not both cause the the output A. B C
Boolean Algebra A A A EOR OR = = B B B
Boolean Algebra A A AND AND = C B D B AND C D
Boolean Algebra A A OR OR = C B D B OR C D
Boolean Algebra A A “EOR” EOR = C B D B EOR ODD COMBINATIONS C D
Boolean Algebra A A OR AND = AND AND B OR B B D C C D
Boolean Algebra A A OR OR = B B L (very low probability)
Boolean Algebra (very low probability) A A AND AND = C L B L (very low probability) (very low probability)
Boolean Algebra A A OR OR = B B AND C L (very low probability)
Boolean Algebra A A AND = B B H (very high probability)
Boolean Algebra (very high probability) A A OR OR = C H B H (very high probability) (very high probability)
Boolean Algebra A A AND = B B OR C H (very high probability)