Safety engineering
Improve dark mode display
| ← Previous revision | Revision as of 10:17, 21 April 2026 | ||
| Line 24: | Line 24: | ||
Fault tree analysis (FTA) is a top-down, [[deductive reasoning|deductive]] analytical method. In FTA, initiating primary events such as component failures, human errors, and external events are traced through [[Boolean logic]] gates to an undesired top event such as an aircraft crash or nuclear reactor core melt. The intent is to identify ways to make top events less probable, and verify that safety goals have been achieved. |
Fault tree analysis (FTA) is a top-down, [[deductive reasoning|deductive]] analytical method. In FTA, initiating primary events such as component failures, human errors, and external events are traced through [[Boolean logic]] gates to an undesired top event such as an aircraft crash or nuclear reactor core melt. The intent is to identify ways to make top events less probable, and verify that safety goals have been achieved. |
||
[[File:Fault tree.svg|thumb|A fault tree diagram]] |
[[File:Fault tree.svg|class=skin-invert-image|thumb|A fault tree diagram]] |
||
Fault trees are a logical inverse of success trees, and may be obtained by applying [[de Morgan's laws|de Morgan's theorem]] to success trees (which are directly related to [[reliability block diagram]]s). |
Fault trees are a logical inverse of success trees, and may be obtained by applying [[de Morgan's laws|de Morgan's theorem]] to success trees (which are directly related to [[reliability block diagram]]s). |
||
| Line 70: | Line 70: | ||
|} |
|} |
||
[[File:Vessel level instrumentation.jpg|thumb|Vessel level instrumentation]] |
[[File:Vessel level instrumentation.jpg|class=skin-invert-image|thumb|Vessel level instrumentation]] |
||
Once the events, causes and detectable conditions have been identified the next stage of the methodology uses a Safety Analysis Checklist (SAC) for each component.API RP 14C p.57 This lists the safety devices that may be required or factors that negate the need for such a device. For example, for the case of liquid overflow from a vessel (as above) the SAC identifies:API RP 14C p.29 |
Once the events, causes and detectable conditions have been identified the next stage of the methodology uses a Safety Analysis Checklist (SAC) for each component.API RP 14C p.57 This lists the safety devices that may be required or factors that negate the need for such a device. For example, for the case of liquid overflow from a vessel (as above) the SAC identifies:API RP 14C p.29 |
||
| Line 77: | Line 77: | ||
** 3. Vessel function does not require handling of separate fluid phases. |
** 3. Vessel function does not require handling of separate fluid phases. |
||
** 4. Vessel is a small trap from which liquids are manually drained. |
** 4. Vessel is a small trap from which liquids are manually drained. |
||
[[File:Vessel pressure instrumentation.jpg|thumb|Vessel pressure instrumentation]] |
[[File:Vessel pressure instrumentation.jpg|class=skin-invert-image|thumb|Vessel pressure instrumentation]] |
||
The analysis ensures that two levels of protection are provided to mitigate each undesirable event. For example, for a pressure vessel subjected to over-pressure the primary protection would be a PSH (pressure switch high) to shut off inflow to the vessel, secondary protection would be provided by a [[Safety valve|pressure safety valve]] (PSV) on the vessel.API RP 14C p.10 |
The analysis ensures that two levels of protection are provided to mitigate each undesirable event. For example, for a pressure vessel subjected to over-pressure the primary protection would be a PSH (pressure switch high) to shut off inflow to the vessel, secondary protection would be provided by a [[Safety valve|pressure safety valve]] (PSV) on the vessel.API RP 14C p.10 |
||
| Line 155: | Line 155: | ||
==Preventing failure== |
==Preventing failure== |
||
[[File:Survival redundancy.svg|thumbnail|A [[NASA]] graph shows the relationship between the survival of a crew of astronauts and the amount of [[redundancy (engineering)|redundant]] equipment in their spacecraft (the "MM", Mission Module).]] |
[[File:Survival redundancy.svg|class=skin-invert-image|thumbnail|A [[NASA]] graph shows the relationship between the survival of a crew of astronauts and the amount of [[redundancy (engineering)|redundant]] equipment in their spacecraft (the "MM", Mission Module).]] |
||
Once a failure mode is identified, it can usually be mitigated by adding extra or redundant equipment to the system. For example, nuclear reactors contain dangerous [[radiation]], and nuclear reactions can cause so much [[heat]] that no substance might contain them. Therefore, reactors have emergency core cooling systems to keep the temperature down, shielding to contain the radiation, and engineered barriers (usually several, nested, surmounted by a [[containment building]]) to prevent accidental leakage. [[Safety-critical system]]s are commonly required to permit no [[single point of failure|single event or component failure]] to result in a catastrophic failure mode. |
Once a failure mode is identified, it can usually be mitigated by adding extra or redundant equipment to the system. For example, nuclear reactors contain dangerous [[radiation]], and nuclear reactions can cause so much [[heat]] that no substance might contain them. Therefore, reactors have emergency core cooling systems to keep the temperature down, shielding to contain the radiation, and engineered barriers (usually several, nested, surmounted by a [[containment building]]) to prevent accidental leakage. [[Safety-critical system]]s are commonly required to permit no [[single point of failure|single event or component failure]] to result in a catastrophic failure mode. |
||
