Editing Fault tree analysis (section)

==Methodology==
FTA [[methodology]] is described in several industry and government standards, including NRC NUREG&ndash;0492 for the nuclear power industry, an aerospace-oriented revision to NUREG&ndash;0492 for use by [[NASA]],<ref name=fthbaa /> [[Society of Automotive Engineers|SAE]] [[ARP4761]] for civil aerospace, MIL&ndash;HDBK&ndash;338 for military systems, [[International Electrotechnical Commission|IEC]] standard IEC&nbsp;61025<ref>{{cite book 
 |       title = Fault Tree Analysis
 |     version = Edition 2.0
 |   publisher = [[International Electrotechnical Commission]]
 |        year = 2006
 |          id = IEC&nbsp;61025
 |        isbn = 978-2-8318-8918-4
 }}
</ref> is intended for cross-industry use and has been adopted as European Norm EN&nbsp;61025.

Any sufficiently complex system is subject to failure as a result of one or more subsystems failing.  The likelihood of failure, however, can often be reduced through improved system design. Fault tree analysis maps the relationship between faults, subsystems, and redundant safety design elements by creating a logic diagram of the overall system.

The undesired outcome is taken as the root ('top event') of a tree of logic. For instance, the undesired outcome of a metal stamping press operation being considered might be a human appendage being stamped.  Working backward from this top event it might be determined that there are two ways this could happen: during normal operation or during maintenance operation. This condition is a logical OR. Considering the branch of the hazard occurring during normal operation, perhaps it is determined that there are two ways this could happen: the press cycles and harms the operator, or the press cycles and harms another person. This is another logical OR.  A design improvement can be made by requiring the operator to press two separate buttons to cycle the machine—this is a safety feature in the form of a logical AND. The button may have an intrinsic failure rate—this becomes a fault stimulus that can be analyzed.  

When fault trees are labeled with actual numbers for failure probabilities, [[computer programs]] can calculate failure probabilities from fault trees. When a specific event is found to have more than one effect event, i.e. it has impact on several subsystems, it is called a common cause or common mode. Graphically speaking, it means this event will appear at several locations in the tree. Common causes introduce dependency relations between events. The probability computations of a tree which contains some common causes are much more complicated than regular trees where all events are considered as independent. Not all software tools available on the market provide such capability.

The tree is usually written out using conventional [[logic gate]] symbols. A cut set is a combination of events, typically component failures, causing the top event. If no event can be removed from a cut set without failing to cause the top event, then it is called a minimal cut set.

Some industries use both fault trees and [[event tree]]s (see [[Probabilistic Risk Assessment]]). An event tree starts from an undesired initiator (loss of critical supply, component failure etc.) and follows possible further system events through to a series of final consequences. As each new event is considered, a new node on the tree is added with a split of probabilities of taking either branch. The probabilities of a range of 'top events' arising from the initial event can then be seen.

Classic programs include the [[Electric Power Research Institute]]'s (EPRI) CAFTA software, which is used by many of the US nuclear power plants and by a majority of US and international aerospace manufacturers, and the [[Idaho National Laboratory]]'s [[SAPHIRE]], which is used by the U.S. Government to evaluate the safety and [[Reliability engineering|reliability]] of [[nuclear reactor]]s, the [[Space Shuttle]], and the [[International Space Station]]. Outside the US, the software [http://www.RiskSpectrum.com RiskSpectrum] is a popular tool for fault tree and event tree analysis, and is licensed for use at more than 60% of the world's nuclear power plants for probabilistic safety assessment. Professional-grade [[free software]] is also widely available; SCRAM<ref>{{cite web |url=https://scram-pra.org/ |title=SCRAM 0.11.4 — SCRAM 0.11.4 documentation |website=scram-pra.org |access-date=13 January 2022 |archive-url=https://web.archive.org/web/20161123011255/https://scram-pra.org/ |archive-date=23 November 2016 |url-status=dead}}</ref> is an open-source tool that implements the Open-PSA Model Exchange Format<ref>{{Cite web|url=https://open-psa.github.io/mef/|title=The Open-PSA Model Exchange Format — The Open-PSA Model Exchange Format 2.0|website=open-psa.github.io}}</ref> open standard for probabilistic safety assessment applications.