曝光台 注意防骗
网曝天猫店富美金盛家居专营店坑蒙拐骗欺诈消费者
flow and carburetor failures. For example, fuel flow failures can be caused by either a failed fuel pump or
a blocked fuel filter. An "AND" gate is used for the ignition failure illustrating that the ignition systems are
redundant. That is both must fail for the engine to fail. These logic gates are called Boolean gates or
operators. Boolean algebra is used for the quantitative approach. The "AND" and "OR" gates are
numbered sequentially A# or O# respectively in Figure 9-1.
As previously stated, the FTA is built through a deductive "top down" process. It is a deductive process in
that it considers combinations of events in the "cause" path as opposed to the inductive approach, which
does not. The process is asking a series of logical questions such as "What could cause the engine to fail?"
When all causes are identified, the series of questions is repeated at the next lower level, i.e., "What would
prevent fuel flow?" Interdependent relationships are established in the same manner.
When a quantitative analysis is performed, probabilities of occurrences are assigned to each event. The
values are determined through analytical processes such as reliability predictions, engineering estimates, or
the reduction of field data (when available). A completed tree is called a Boolean model. The probability of
occurrence of the top level hazard is calculated by generating a Boolean equation. It expresses the chain of
events required for the hazard to occur. Such an equation may reflect several alternative paths. Boolean
equations rapidly become very complex for simple looking trees. They usually require computer modeling
for solution.
In addition to evaluating the significance of a risk and the likelihood of occurrence, FTAs facilitate
presentations of the hazards, causes, and discussions of safety issues. They can contribute to the
generation of the Master Minimum Equipment List (MMEL).
The FTA's graphical format is superior to the tabular or matrix format in that the inter-relationships are
obvious. The FTA graphic format is a good tool for the analyst not knowledgeable of the system being
examined. The matrix format is still necessary for a hazard analysis to pick up severity, criticality, family
tree, probability of event, cause of event, and other information. Being a top-down approach, in contrast to
the fault hazard and FMECA, the FTA may miss some non-obvious top level hazards.
9.4 Common Cause Failure Analysis
Common Cause Failure Analysis (CCFA) is an extension of FTA to identify "coupling factors" that can
cause component failures to be potentially interdependent. Primary events of minimal cut sets from the
FAA System Safety Handbook, Chapter 9: Analysis Techniques
December 30, 2000
9 - 8
FTA are examined through the development of matrices to determine if failures are linked to some common
cause relating to environment, location, secondary causes, human error, or quality control. A cut set is a
set of basic events (e.g., a set of component failures) whose occurrence causes the system to fail. A
minimum cut set is one that has been reduced to eliminate all redundant "fault paths." CCFA provides a
better understanding of the interdependent relationship between FTA events and their causes. It analyzes
safety systems for "real" redundancy. This analysis provides additional insight into system failures after
development of a detailed FTA when data on components, physical layout, operators, and inspectors are
available.
The procedural steps for a CCA are:
1. Establish "Critical Tree Groups." This often accomplished utilizing FMECAs, FTA, and Sneak
Circuit Analyses (SCA) to limit the scope of analysis to the critical components or functions. THE
FTA identifies critical functions, the FMECA critical components, and the SCA "hidden" interrelationships.
2. Identify common components within the groups of "1." above. These might be redundant
processors sharing a common power source or redundant hydraulic lines/systems being fed by a
common hydraulic pump. Alternatively, it might be totally redundant hydraulic lines placed
physically adjacent to each other.
3. Identify credible failure modes such as shorts, fluid leaks, defective operational procedures, etc.
4. Identify common cause credible failure modes. This requires understanding of the system/hardware
involved, the use of "lessons learned", and historical data.
5. Summarize analysis results including identification of corrective action.
9.5 Sneak Circuit Analysis
Sneak Circuit Analysis (SCA) is a unique method of evaluating electrical circuits. SCA employs
recognition of topological patterns that are characteristic of all circuits and systems. The purpose of this
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:
System Safety Handbook系统安全手册下(48)
