In the case of standby systems and in particular, safety and mission-oriented systems, theEvent Tree Analysis (ETA) is used to identify the various possible outcomes of the system following a given initiating event which is generally an unsatisfactory operating event or situation. In the case of continuously operated systems, these events can occur (i.e. components can fail) inany arbitrary order. In the ETA, the components can be considered in any order since they do not operate chronologically with respect to each other. ETA provides a systematic and logicalapproach to identify possible consequences and to assess the occurrence probability ofeach possible resulting sequence caused by the initiating failure event (Henley and Kumamoto (1992), Villemuer (1992)).
A simple example of an event tree is shown in Figure 3.8. In the event tree, the initiating event is "major overheats" in an engine room of a ship. It can be seen that when the initiating event "major overheats" takes place and if there is no fuel present, the consequences will be negligible in terms of fire risks. If there is fuel present, then it is required to look at if the detection fails. If the answer is no, then the consequences are minor damage, otherwise it isrequired to investigate if the sprinkler fails. If the sprinkler works, then the consequences will be smoke, otherwise it is required to see if the alarm system works. If the alarm systemworks, hen the consequences will be major damage, otherwise injuries/deaths will be caused.
ETA has proved to be a useful tool for major accident risk assessments. Such ananalysis can be effectively integrated into the hazard identification and estimation phases of a safety assessmentprogramme. However, an event tree grows in width exponentially and as a result itcan only be applied effectively to small sets of components.
Markov methods are useful for evaluating components with multiple states, for example, normal, degraded and critical states (Norris (1998)). Consider the system in Figure 3.9 withthree possible states, 0, 1 and 2 with failure rate 2L and repair rate Ix. In the Markovian model, each transition between states is characterised by a transition rate, which could beexpressed as failure rate, repair rate, etc. If it is defined that.
If a differential equation is written for each state and the resulting set of differential equation (1993)). Markov chains are mainly a quantitative technique, however, using the stateand transition diagrams, qualitative information about the system can be gathered. The process of conducting a Failure Mode, Effects and Critical Analysis (FMECA) can be examined in two levels of detail. Failure Mode and Effects Analysis (FMEA) is the first level of analysis, which consists of the identification of potential failure modes of the constituent items (components or sub-systems) and the effects on system performance by identifying thepotential severity of the effect. The second level of analysis is Criticality Analysis for criticality ranking of the items under investigation. Both of these methods are intended to provide information for making risk management decisions.
FMEA is an inductive process that examines the effect of a single point failure on the overall performance of a system through a "bottom-up approach" (Andrews and Moss (2002)).This analysis should be performed iteratively in all stages of design and operation of a system. The first step in performing an FMEA is to organise as much information as possible about the system concept, design and operational requirements. By organising the system model, a rational, repeatable, and systematic means to analyse the system can be achieved. One method of system modelling is the system breakdown structure model - a top down division of a system (e.g. ship, submarine, propulsion control) into functions, subsystems and components. Block diagrams and fault-tree diagrams provide additional modelling techniques fordescribing the component/function relationships.