曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
process goes on. Care must be taken to make sure that the probability represents that of the
particular failure mode being evaluated. A single failure rate is often provided to cover all of a
component's failure modes rather than separate ones for each. For example, MIL-HBK-217, a
common source of failure rates, does not provide a failure rate for capacitor shorts, another for
opens, and a third for changes in value. It simply provides a single failure for each operating
condition (temperature, electrical stress, and so forth).
11. A preliminary criticality analysis may be performed as a final step.
The Fault Hazard analysis has some serious limitations. They include:
1. A subsystem is likely to have failures that do not result in accidents. Tracking all of these in the
System Safety Program (SSP) is a costly, inefficient process. If this is the approach to be used,
combining it with an FMEA (or FMECA) performed by the reliability program can save some
costs.
2. This approach concentrates usually on hardware failures, to a lesser extent on software failures,
and often inadequate, attention is given to human factors. For example, a switch with an extremely
low failure rate may be dropped from consideration, but the wrong placement of the switch may
lead to an accident. The adjacent placement of a power switch and a light switch, especially of
similar designs, will lead to operator errors.
3. Environmental conditions are usually considered, but the probability of occurrence of these
conditions is rarely considered. This may result in applying controls for unrealistic events.
4. Probability of failure leading to hardware related hazards ignores latent defects introduced through
substandard manufacturing processes. Thus some hazards may be missed.
5. One of the greatest pitfalls in fault hazard analysis (and in other techniques) is over precision in
mathematical analysis. Too often, analysts try to obtain "exact" numbers from "inexact" data, and
too much time may be spent on improving preciseness of the analysis rather than on eliminating the
hazards.
9.3 Fault Tree Analysis
Fault Tree Analysis (FTA) is a popular and productive hazard identification tool. It provides a
standardized discipline to evaluate and control hazards. The FTA process is used to solve a wide variety of
problems ranging from safety to management issues.
This tool is used by the professional safety and reliability community to both prevent and resolve hazards
and failures. Both qualitative and quantitative methods are used to identify areas in a system that are most
critical to safe operation. Either approach is effective. The output is a graphical presentation providing
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
9 - 5
technical and administrative personnel with a map of "failure or hazard" paths. FTA symbols may be
found in Figure 8- 5. The reviewer and the analyst must develop an insight into system behavior,
particularly those aspects that might lead to the hazard under investigation.
Qualitative FTAs are cost effective and invaluable safety engineering tools. The generation of a qualitative
fault tree is always the first step. Quantitative approaches multiply the usefulness of the FTA but are more
expensive and often very difficult to perform.
An FTA (similar to a logic diagram) is a "deductive" analytical tool used to study a specific undesired
event such as "engine failure." The "deductive" approach begins with a defined undesired event, usually a
postulated accident condition, and systematically considers all known events, faults, and occurrences that
could cause or contribute to the occurrence of the undesired event. Top level events may be identified
through any safety analysis approach, through operational experience, or through a "Could it happen?"
hypotheses. The procedural steps of performing a FTA are:
1. Assume a system state and identify and clearly document state the top level undesired event(s).
This is often accomplished by using the PHL or PHA. Alternatively, design documentation such as
schematics, flow diagrams, level B & C documentation may reviewed.
2. Develop the upper levels of the trees via a top down process. That is determine the intermediate
failures and combinations of failures or events that are the minimum to cause the next higher level
event to occur. The logical relationships are graphically generated as described below using
standardized FTA logic symbols.
3. Continue the top down process until the root causes for each branch is identified and/or until
further decomposition is not considered necessary.
4. Assign probabilities of failure to the lowest level event in each branch of the tree. This may be
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(46)
