|
|
|
|
An Introduction to Tools and Techniques
|
 |
This table summarises some of the Safety Assessment Tools and Techniques available to the safety assessor. Each of these tools has its own advantages and disadvantages and the extent to which these can be used during various phases of the product lifecycle, and the degree to which they can be applied to safety assessments, vary. For a list of Advantages and Limitations of each, see Appendix A to Aircraft System Safety: Military and Civil Aeronautical Applications.
It is extremely important to note that as the complexity of the tool increases so does the degree of training required for the user and/or the need for an experienced evaluation team to conduct the evaluation. On the plus side, the data derived from the more complex methodologies may be more supportable. Unfortunately, the primary disadvantage of such tools is that "trained subject matter experts" may have limited experience in the actual operational environment and, therefore, their evaluations may not be entirely applicable to the certification process.
To hide this text and give you more room to view the table of tools and techniques, click the "minus" sign symbol at the top right of the container surrounding this introduction.
|
|
 |
|
|
Tools and Techniques
|
|
| | Name | Description |
|
| Extended Master Plan Logic Diagram (MPLD*) | Extended from MPLD to include the additional category of couplings which originate common cause failures [A logic diagram that shows how functional, equipment and component failure combine to cause a system malfunction. These are represented in fault-tree-like structure, except that basic event are not represented as leaf event but are listed in the lower left part of the tree and connected to gates though a sort of matrix [Mauri, 2000] |
|
| External Events Analysis | The purpose of External Events Analysis is to focus attention on those adverse events that are outside of the system under study. It is to further hypothesize the range of events that may have an effect on the system being examined. The occurrence of an external event such as an earthquake is evaluated and affects on structures, systems, and components in a facility are analysed. [Tarrents, 1980] |
|
| Facility System Safety Analysis | System safety analysis techniques are applied to facilities and its operations. Facilities are analysed to identify hazards and potential accidents associated with the facility and systems, components, equipment, or structures. [Tarrents, 1980] |
|
| Failure Logic Analysis for System Hierarchies (FLASH) | Developed to enable the assessment of a hierarchically described system from the functional level down to the low levels of its hardware and software implementation. Each module of the architecture (i.e. sub-system or basic component) is systematically examined for potential failure modes and how those failure modes relate/propagate to other modules in the system hierarchy. [Mauri, 2000] |
|
| Failure Mode and Effects Analysis (FMEA) and Failure Modes, Effects and Criticality Analysis (FMECA) | A systematic, hardware (i.e. bottom-up) approach of identifying failure modes of a system or item, and determining the effects on a higher level. It answers the question "if this part fails, what will be the next result?"
The FMEA is performed at a certain level (System, Subsystem, Module, Part/Item, etc) by postulating the ways the chosen level's specific implementation may fail.
Can be developed to the level of the smallest replaceable item (i.e. piece part FMEA) or functional level (i.e. Functional FMEA, which could be the same as an FHA). Piece part FMEA is useful to determine the theoretical failure probability of the Part being considered, whilst a function FMEA uses predetermined probabilities as an input. Failure effects leading to the same system condition can be identified and grouped together in a FMES.
Does not have to be quantitative. Best suited to mechanical and electrical hardware systems. Although very extensive, the "devil is in the details".
It is generated to support the Safety Assessment, so it is important to understand the expectations and requirements on the FMEA before any work on it commences (e.g. its sole purpose may be to support verification of the FTA through a comparison of FMEA failure modes with the basic events of the fault tree). Coordinate required scope of FMEA with the user requesting it. If the failure rates from a Functional FMEA allow the PSSA targets to be met, then a Piece Part FMEA may not be necessary.
See MIL-STD-1629 and BS 5760 Part 5 and SAE ARP4761.
For useful software tools, see Byteworx FMEA Software. |
|
| Failure Mode and Effects Summary (FMES) | Summary of lower level FMEA failure modes with the same effect. The failure rate for each failure mode is the sum of the failure rates coming from the individual FMEAs See SAE ARP4761. |
|
| Failure Propagation and Transformation Notation (FPTN) | Hierarchical graphical notation that represents system behaviour. It represents a system as a set of interconnected moduels; these might represent anything form a complete system to a few lines of program code. The connections between these modules are failure modes, which propagate between them [Mauri, 2000]. |
|
| Fault Hazard Analysis | A system safety technique that is an offshoot from FMEA. Similar to FMEA above however failures that could present hazards are evaluated. Hazards and failure are not the same. Hazards are the potential for harm, they are unsafe acts or conditions. When a failure results in an unsafe condition it is considered a hazard. Many hazards contribute to a particular risk. Any electrical, electronics, avionics, or hardware system, sub-system can be analyzed to identify failures, malfunctions, anomalies, faults, that can result is hazards. [Tarrents, 1980] |
|
| Fault Isolation Methodology | The method is used to determine and locate faults in large-scale ground based systems. Examples of specific methods applied are; Half-Step Search, Sequential Removal/Replacement, Mass replacement, and Lambda Search, and Point of Maximum Signal Concentration.
Determine faults in any large-scale ground based system that is computer controlled. [Tarrents, 1980] |
|
| Fault Tree Analysis (FTA) | A graphical model (developed in the 1960's) for illustrating: - logical relationships between a particular failure condition and the failures or other causes leading to a particular undesired event.
- the pathways within a system that can lead to a foreseeable, undesirable loss event. The pathways interconnect contributory events and conditions, using standard logic symbols.
It is a top-down (deductive) analysis proceeding through successively more detailed (i.e. lower) levels of the design until the risk of occurrence of the top event (the feared event) can be predicted.
It is the opposite process to the FMECA: The FTA goes down to a Primary Event (i.e. an event which does not need to be broken down any further).
The primary events can be hardware failures, human errors, software faults or external factors like the weather.
Developed in the 1960's and has since then been readily adopted by a range of engineering disciplines as one of the primary methods of predicting system reliability and availability parameters.
FTA is essentially a systematic qualitative technique to which a quantitative analysis can usually be applied if suitable failure data exists. Even in situations where failure data does not exist, it may still be useful to perform an FTA due to the insight it yields concerning a system's potential failure behavior.
FTA provides valuable information through qualitative analysis but can also be quantified with event probabilities or rates to give an estimate of how often the top event will occur.
Computerised FTA provides good graphic output, quick evaluation of changes, more sophisticated algorithm, BUT can lead to less understanding by analyst and a temptation to become overly complex.
 |
|
|
|
|
|