AS IEC 62502:2011 pdf free download – Analysis techniques for dependability – Event tree analysis (ETA)
In the LESF approach, the states of all systems that support the system being analysed, hereafter referred to as support systems, appear explicitly in the event trees. The top events of the fault trees have associated boundary conditions which include the assumption that the support systems are in the particular state appropriate to the event sequence being evaluated. Separate fault trees are used for a given system for each set of boundary conditions. These separate fault trees can be produced from a single fault tree that includes the support systems and that, before being associated with a particular sequence, is “conditioned” on the support system state associated with this sequence. This approach generates LESF that explicitly represents the existing dependences. Since they are associated with smaller fault trees, they are less demanding in terms of computer resources and computer program sophistication. However, the complexity of the event trees increases rapidly due to the combinatorial mathematics with the number of support systems and the number of support system states that are explicitly depicted in the tree. Furthermore, the quantification process is more cumbersome and subject to possible omissions. An additional consideration is that the LESF approach does not explicitly identify what specific combinations of support system failures lead to system (also referred to as front line system) failures. A simplified example of such a large event tree is presented in Figure B.1 . See [31 ] for more details.
In the SELF approach, event trees with the initiating event and the mitigating functions, performed by the various mitigating system as headings, are first developed and then expanded to event trees with the status of front line systems as headings. The front line system fault tree models are developed down to suitable boundaries with support systems. The support system fault trees may be developed separately and integrated at a later stage into the models for the front line system . This approach generates event trees that are concise and that allow for a synthesized view of an accident sequence. Furthermore, subject to the availability of computer programs, the small event trees may be more readily computerized. However, dependencies and the corresponding importance of support systems are not explicitly apparent. A theoretical example of such a small event tree is presented in Figure B.3. See [4] for more details.
6.2 Layer of protection analysis (LOPA)
LOPA is a particular standardized form of ETA, which is used as a simplified means for risk analysis tailored for a particular application environment. LOPA is organized in the form of a worksheet similar to the failure mode and effects analysis (FMEA); initiating events are recorded in rows and the different protection layers (representing the standardized mitigating factors) in columns. This means that any event sequence of a LOPA can also be treated as an ETA. For risk analysis purposes, severity (or damage) levels are also integrated into the worksheet.