Fault tree analysis

from Wikipedia, the free encyclopedia
Logo of the German Institute for Standardization DIN 25424
Area probability calculation
title Fault tree analysis, part 1: method and symbols, part 2: manual calculation method for evaluating a fault tree
Brief description: Probability of failure
Latest edition 1981-09, 1990-04

The fault tree analysis , English Fault Tree Analysis (FTA) is a method for reliability analysis of technical equipment and systems. It is based on Boolean algebra and is used to determine the probability of a failure of a plant or the entire system. It is a type of system analysis and, depending on the area of ​​application, is part of the ARP4761 from SAE International in various specifications such as the NUREG – 0492 in the nuclear industry and at NASA and in the aerospace sector . As the international standard IEC 61025 ( EN 61025), the method is described by the International Electrotechnical Commission under the term fault state tree analysis . In Germany, the fault tree analysis is part of the national DIN 25424.

As part of the fault tree analysis, the logical links between subsystem failures are determined on all critical paths that lead to an overall system failure. The overall system is divided into minimal sections within the framework of the analysis; these are combinations of events that can lead to a total failure. Depending on the application, the number of minimal cuts can include up to a few million event combinations; the creation of complex fault trees and their evaluation is carried out using special software packages. Aerospace engineering and probabilistic safety analysis in nuclear power plant technology are exemplary areas of application for fault tree analysis .


Developed fault tree analysis was in the early 1960s by HA Watson at the Bell Laboratories to assess the safety of the launch control system of Boeing produced ICBM type LGM-30 Minuteman . In the years that followed, Boeing also used fault tree analysis in the design of commercial aircraft. In the 1970s and 1980s, fault tree analysis was used, among other things, in the planning of nuclear power plants; the first commercial software packages for FTA were also created in this period. Subsequently, areas of application were added by automobile manufacturers and their suppliers. The latest developments concern dynamic fault tree analysis , within the framework of which the temporal sequence of failures and dependencies on basic events can be modeled.


So-called negative logic is used as part of the fault tree analysis , i. H. the fault tree describes a failure function, which expresses a failure in the logical 1 state , and a functional system in the logical 0 state . Since the fault tree analysis of Boolean algebra operated, the overall system or subsystems may as components only in the two states Functional (logic- 0 ) or Unusual (logic- 1 are located).

A system analysis is based on a single undesired event, which is at the top of the fault tree, the so-called top event, which describes, for example, the overall failure of the system under consideration and is determined as part of a hazard analysis. Depending on the task, this top event can be restricted to certain boundary conditions, in aviation technology, for example, to catastrophic conditions in which the uncontrollable crash of the aircraft is the result.

Simple fault tree with the logical links shown as gates and eight different basic events that lead to a failure of subsystem A.

Based on this top event, the fault tree is created in a top-down analysis down to the individual failure states of the components. In the case of more complex systems, the division into subsystems takes place, which are further subdivided in the same way until the complete system is mapped in the form of minimal sections that can no longer be further subdivided in the form of basic events. The failure combinations in the fault tree are logically linked with Boolean algebra and its symbols, in particular the and and or .

In the simplest case, components of a system which depend on one another in terms of their functionality are linked by the logical OR function. In this case, the failure of just one component leads to the failure of the entire system. Components that can replace each other in terms of their function ( redundancy ) are linked by the AND function in the fault tree. In complex systems, cross-redundancy errors can also occur; these are sources of error that occur in several places in the error tree and cannot be directly summarized in a minimal section due to the system structure. These so-called "common cause failure" (GVA) English Common Cause Failure (CCF) complicate the analysis.

In the fault tree, system components are usually divided into three fault categories, which are linked via an OR gate:

  1. Primary failure: failure of the system component due to technical failure under otherwise permissible operating conditions, for example material failure of the system component.
  2. Secondary failure: failure of the system component due to impermissible usage and / or ambient conditions, e.g. operation at impermissible ambient temperatures.
  3. Commanded failure: a functional system component which is activated or deactivated at the wrong time or in the wrong place, for example due to the failure of an auxiliary power supply or a faulty control via an interface.


After the creation of the fault tree, each base event is assigned a certain probability of occurrence for the failure in the quantitative fault tree analysis. Data for specific failure rates can come from our own test series for the individual basic components, or free databases such as MIL-HDBK-217F or commercial databases such as 217Plus are used for commercially available components and components . Ambient conditions such as special temperature ranges, planned operating times, maintenance intervals and the like can also be included in the determination of the probability of occurrence.

The failure rates λ assigned to the individual basic components can be expressed in the simple case of an exponential distribution - this corresponds to an assumed failure rate that is constant over time - with the failure probability as:

what an approximation for sufficiently small values ​​of λt <0.1

corresponds. The values ​​in the fault tree are normally related to a specific, fixed time interval. This interval for the normalization can be selected differently depending on the system, for example in the case of an airplane it can be related to an hour of flight. The probabilities of occurrence are therefore dependent on the choice of this time interval.

The failure probabilities are related to one another in the fault tree analysis using the symbols of logic gates. An AND gate links two statistically independent events at its two inputs and and at its output it forms the probability that both systems have failed:

An OR gate corresponds to the function in the fault tree:

and forms the probability if one of the two or both basic components has failed. This allows iteratively to calculate the individual failure probabilities in the tree up to the top event. Special cases such as "Commonly Caused Errors" (GVA) require extended models. As a rule, especially with complex systems, various simplifications are made in the calculation. Among other things, due to the generally small probability of occurrence, it is assumed that a system failure does not result from the simultaneous failure of several minimum cuts, which means that the higher-order terms are negligible when calculating the overall failure probability. Special software is available for the evaluation of complex fault trees, which facilitates the graphic creation, calculation and evaluation.


  • Expert working group Probabilistic Safety Analysis for Nuclear Power Plants, Methods for Probabilistic Safety Analysis for Nuclear Power Plants (PDF; 2.72 MB), Dec. 1996, BfS-KT-16-97
  • Data to quantify event flow diagrams and fault trees. March 1997, BfS-KT-18/97
  • Reinhard Böhnert: Component and system safety. Vogel, Würzburg 1992, ISBN 3-8023-0468-3
  • Andreas Thums: Formal fault tree analysis (PDF; 1.86 MB), dissertation at the University of Augsburg, 2004
  • Siegfried Altmann : Evaluation of electrical safety - An introduction to the theory of electrical safety. Scientific reports of the TH Leipzig 1988, issue 9, 105 pages, ISSN  0138-3809
  • Siegfried Altmann: Safety of electrical equipment - a decision aid for a quantitative evaluation. VDE-Fachbericht 50. VDE-Verlag Berlin / Offenbach 1996, pp. 43–64
  • Siegfried Altmann: Electrical Safety - Quantitative Evaluation Methods. Self-published 2013 and 2014, ISBN 978-3-00-035816-6 , abstracts (German and English) with 105 pages, appendix volume with 56 own publications, specialization volume (electrical protection quality - applied qualimetry) with 115 pages and 26 appendices (content: http: //profaltmann.24.eu)/

Individual evidence

  1. W. Vesely et al. a .: " Fault Tree Handbook. " (PDF; 9.49 MB) NUREG-0492, US Nuclear Regulatory Commission, Washington DC 1981 (English)
  2. International Electrotechnical Commission [IEC] (Ed.): Fault Tree Analysis, IEC 61025 . 2nd Edition. 2006, ISBN 2-8318-8918-9 .
  3. DIN 25424 Fault Tree Analysis , Edition 1981-09, Beuth Verlag Berlin
  4. ^ Clifton A. Ericson: Fault Tree Analysis - A History. (PDF) A History from the Proceedings of The 17th International System Safety Conference. (No longer available online.) The Boeing Company; Seattle WA, 1999, archived from the original on July 23, 2011 ; Retrieved December 25, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.  @1@ 2Template: Webachiv / IABot / www.fault-tree.net
  5. Simon J. Schilling: Contribution to dynamic fault tree analysis without module formation and state-based extensions . Dissertation at the Bergische Universität Wuppertal, 2009 ( uni-wuppertal.de [PDF]).
  6. W. Vesely et al. a .: Fault Tree Handbook. (PDF; 9.49 MB) NUREG-0492 Page V-3: Component Fault Categories , US Nuclear Regulatory Commission, Washington DC 1981 (English)
  7. Military Handbook 217F: Reliability Prediction of Electronic Equipment. (PDF) Retrieved March 14, 2019 .
  8. ^ Reliability Information Analysis Center: 217Plus. Retrieved December 4, 2017 .

Web links

  • APIS IQ - commercial tool for fault tree analysis (demo version available)
  • Arbre Analyste - Free software for fault tree analysis
  • BlockSim - Commercial tool for fault tree analysis
  • EDRAW - Commercial visualization tool (no calculation function)
  • ITEM TOOLkit - Commercial tool (English language site, demo version available)
  • Visual-XSel - commercial tool for fault tree analysis (test version available)