Phase Dependent and Time Dependent Analyses

A simple fault tree quantification provides one value for the probability of the top event along with the associated uncertainty. This top event probability is not partitioned into contributions over different phases or different time intervals. If the mission under consideration has different phases and these are reflected in the fault tree then the top event probability obtained is the total probability for the mission. Similarly, if a system failure is modeled over a time interval then the top probability obtained is the total system failure probability over the time interval. In this case, individual probabilities for different segments of the time interval are not obtainable. Most FT software cannot produce phase-dependent or time-dependent results. This is not the limitation of the fault tree model itself but a limitation of the available software. Different phase contributions can be modeled in an FT. Also, individual failure rates and time intervals can be provided for each component. However, typical FT software calculates the total probability only and does not have the capability of breaking the probability into more detailed contributions.

This limitation of FT software is not generally a problem because for most applications a total probability is all that is desired. If phase-dependent or time-dependent results are desired then there are two options. Specialized software can be used that has the capability to perform these calculations. Most of the more specialized software use the minimal cut sets of the fault tree as input and then carry out more detailed quantifications using these cut sets. Alternatively, the fault tree model can be modified to allow phase-dependent or time-dependent calculations to be accomplished with standard FT software. Usually it is more resource effective to use specialized software since the fault tree modifications can be both extensive and intensive. However, the fault tree modifications which would be required will be treated briefly here since they can be useful in cases where only a relatively few events are involved. In the following, the term “time- dependent” calculations will be used to cover both “phase-dependent” and “time-interval- dependent” calculations since the techniques are similar for both types of calculations.

∗

The actual number of samples required can be formally estimated by a number of techniques. However all of these relate to providing enough samples to allow all failure events of interest to occur. One simple rule of thumb is to sample at a factor of 10 greater then the largest denominator given by the lowest point value of interest. For example if the lowest probability were 1×10-3

, or 1 in 1000, then 10,000 samples would be chosen. Another technique is to increase the sample size until the results stabilize.

One method of modeling time dependence in the fault tree is to divide (partition) the occurrence of a given basic event into occurrences in smaller time segments. The event is divided into time interval events using an OR gate. This modeling is illustrated below. In this case the event occurrence is divided into two interval occurrences.

EVEN T OCCU RS G0 0 1 EVEN T OCCU RS IN IN TERVAL 1 B 0 0 1 EVEN T OCCU RS IN IN TERVAL 2 B 0 0 2

In the above model, the basic event occurrence, such as a component failure, has been separated into two more specific events, the event occurrence in Interval 1 or the event occurrence in Interval 2. These two intervals divide the total interval into two smaller sub-intervals. If mission phases were being modeled then the two intervals would be two separate phases. For more intervals or phases there would be more inputs. The OR gate is more correctly a mutually exclusive OR gate since the event cannot occur in both Interval 1 and Interval 2. If the FT software cannot address mutually exclusive OR gates then the simple OR gate can be used provided the minimal cut sets can be scanned to remove any minimal cut sets that contain both of the events.

Data is then be provided for each of the basic events. Specifically, the failure rate or occurrence rate would be provided for each interval, as well as the length of the specific interval. When the minimal cut sets are obtained they are divided into two sets, those containing the Interval 1 event; and those containing the Interval 2 event. The sum of the minimal cut sets in a given set would then be the probability of the top event for that interval (using the standard rare event, or sum of products, approximation).

If there are multiple events in the fault tree that are to be divided into intervals, the same partitioning would be carried for each basic event in the fault tree. When the minimal cut sets are sorted they would be sorted according to the last interval in the minimal cut set. For example, if a minimal cut set contained the basic events “Event A occurs in Interval 1” and “Event B occurs in Interval 2” that cut set would be placed into the set of cut sets for Interval 2. The occurrence of Event A in the earlier interval did not cause the top event. It was the later occurrence of Event B that caused the top event to occur in Interval 2. This same sorting procedure applies to any number of intervals which may be modeled.

be used for each interval, for example to reflect different environments or stresses. The problem with the approach is that it causes the number of basic events on the fault tree to be expanded and hence can greatly expand the number of minimal cut sets that are generated and then must be evaluated.

The number of basic events can be reduced by only expanding particular events and not expanding others. When this is done the top event probability is divided into the intervals in which only particular events have occurred. For other events no differentiation is made as to their interval of occurrence. This approach provides a partial time-dependent answer but even this partial answer can be useful if the focus is on the dominant events or on the events of particular interest. However, for a large fault tree and for many time intervals it is better to use more specialized time dependent software.

Instead of modeling the time dependency in the basic events in the fault tree, separate quantifications can be carried out for each interval. However to allow this to be performed correctly, the FT software must be able to accept initial probabilities for basic events as boundary conditions. In this case, the initial probability for an event is the probability that the event would have occurred prior to the beginning of the calculation. The probability for the first interval is then calculated from the interval length and failure rate for the first interval first. Then the probabilities for each basic event and the top event probability for the first interval are calculated. For the second interval, the first interval basic event probabilities are input along with the failure rates and the interval length for the second interval. This is repeated for each of the intervals in the evaluation. When the minimal cut sets are evaluated for an interval only those contributions for the minimal cut set occurring in the interval are included, i.e., at least one of the basic events in the minimal cut set must occur in the interval for there to be any contribution. This approach can also account for different success criteria or different configurations by using a different fault tree structure in each case. The approach in which repeated calculations are carried out is basically a “Markov” analysis. However, as was mentioned, repeated application of the process can be tedious and most standard FT software does not allow initial probabilities to be provided for events. Therefore, in these cases, it is better to use more specialized software that incorporates the necessary modifications directly as will be addressed in subsequent sections. (The previous approach for modeling the time dependency in the fault tree can also accommodate different fault tree structures for each interval by house events at appropriate points in the fault tree.)

7.8 References

1. W. Vesely et al., Measures of Risk Importance and their Applications, NUREG/CR- 3385, U.S. Nuclear Regulatory Commission, 1983.

2. T. Bedford and R. Cooke, Probabilistic Risk Analysis: Foundations and Methods, Cambridge University Press, 2001.