曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
needs to be performed simultaneously with the performance of maintenance. Early test programs are a
significant source of operating and support hazards not previously identified. An observant safety
monitor might notice that, for example, the proximity of an aircraft fuel vent outlet and hot engines.
Corrective action would be to relocate the vent to remove fuel vapors from the vicinity of the hot engines.
To benefit from test programs, and identify these "expanded operations", O&SHAs can be required to
include data from by contract to use test experience as an input to the analysis.
8.10 Evaluating a Fault Tree Analysis
FTA is a technique that can be used for any formal program analysis (PHA, SSHA, O&SHA).
The FTA is one of several deductive logic model techniques, and is by far the most common. The FTA
begins with a stated top-level hazardous/undesired event and uses logic diagrams to identify single events
and combinations of events that could cause the top event. The logic diagram can then be analyzed to
identify single and multiple events that can cause the top event. Probability of occurrence values are
assigned to the lowest events in the tree. FTA utilizes Boolean Algebra to determine the probability of
occurrence of the top (and intermediate) events. When properly done, the FTA shows all the problem
areas and makes the critical areas stand out. The FTA has two drawbacks:
· Depending on the complexity of the system being analyzed, it can be time consuming, and
therefore very expensive.
· It does not identify all system hazards, it only identifies failures associated with the
predetermined top event being analyzed. For example, an FTA will not identify "ruptured
tank" as a hazard in a home water heater. It will show all failures that lead to that event. In
other words, the analyst needs to identify all hazards that cannot be identified by use of a
fault tree.
The graphic symbols used in a FTA are provided in Figure 8-6.
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 32
Figure 8-6 Fault Tree Symbols
The first area for evaluation (and probably the most difficult) is the top event. This top event should be
very carefully defined and stated. If it is too broad (e.g., aircraft crashes), the resulting FTA will be overly
large. On the other hand, if the top event is too narrow (e.g., aircraft crashes due to pitch-down caused by
broken bellcrank pin), then the time and expense for the FTA may not yield significant results. The top
event should specify the exact hazard and define the limits of the FTA. In this example, a good top event
would be "uncommanded aircraft pitch-down," which would center the fault tree around the aircraft flight
control system, but would draw in other factors, such as pilot inputs and engine failures. In some cases, a
broad top event may be useful to organize and tie together several fault trees. In the example, the top
event would be "aircraft crash." This event would be connected to an OR-gate having several detailed top
events as shown in Figure 8-5. Some fault trees do not lend themselves to quantification because the
factors that tie the occurrence of a second level event to the top event are normally outside the
control/influence of the operator (e.g., an aircraft that experiences loss of engine power may or may not
crash depending on altitude at which the loss occurs).
An event that results
far ocomm bination of
tehvreonutgs h a logical
gate
A basic fault event
trheaqtu ires no
fduervtheleorp men
t
A fault event that is
dnoevt eloped further,
ebietchaeur se the event is
cnoont sequential or
iandfeoqrumaateti on is
anvoat ilable
event
AND gate (Output
foanullyt occurs if all
fianuplutst occur)
OR gate (Output
iffa ualntys input
faults
INHIBIT gate
(FOauulttpsu itf
ecnoanbdliintigo n
exists
- shown
By conditioning
event)
Events Gates
Transfer
in out
An external
event
a condition that must be
present to produce the output
of the gate
FAA System Safety Handbook, Chapter 8: Safety Analysis/Hazard Analysis Tasks
December 30, 2000
8- 33
Airplane
Crashes
Propulsion
Flight
Controls
Electrical
Power
Pilot Error
Hydraulic
Power
decompose decompose decompose
Inadequate
Response
Extraneous
Input
Electrical
Power
Instrument
Displays
Figure 8-6: Sample Top Level Fault Tree
A quick evaluation of a fault tree may be possible by looking at the logic gates. Most fault trees will have
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(42)
