Information Technology Reference
In-Depth Information
10.4 Analyzing Errors
There are many techniques available for analyzing errors, and any of them will
usually provide some useful insights to help you understand what happened. Here
we briefly discuss four techniques. Two have been widely used for several years in
the safety systems engineering community. The others are more recent, and are
less widely used, but offer interesting (and useful) perspectives for analyzing
errors. Irrespective of which technique you choose (including those not covered
here), you should make sure that it can be applied systematically.
10.4.1 Event Trees
Event trees are a bottom-up (inductive) technique for analyzing errors. They show
the sequences of events that lead to all the possible outcomes. The trees are based
on simple binary logic: at each node in the tree there are two possible branches
based on whether an event does or does not happen (or whether a component failed
or did not fail). The trees start with an initiating event, and are generated by thinking
of all the possible consequences at each node in the tree. Each of the events can be
assigned a probability (the sum of the probabilities for each of the two branches for
a single node must add up to 1). The probability of all the identified outcomes can
be calculated by multiplying together (ANDing) all the event probabilities along the
path that leads from the initiating event to the outcome.
Figure
10.3
shows a quantified event tree for the case where a fire breaks out in
an office block. The initiating event (shown at the left of the tree) is the fact that
the fire starts, and the estimated frequency of this occurrence is one per year. The
likelihood of the various resultant events (outcomes) is calculated by multiplying
the appropriate probabilities together. The probability of multiple fatalities for this
scenario, for example, is 0.015 (i.e., 0.1 9 0.3 9 0.5).
10.4.2 Fault Trees
Fault trees are similar to event trees, although they are generated in a top down
(deductive) manner, starting with the outcome and working backwards in time to
try to find all the things that could have caused that particular outcome. Fault trees
do not have to be binary trees, and an outcome can be determined by ANDing and
ORing together a set of causal factors, as appropriate. Fault trees are normally only
concerned with immediate effects, rather than the creation of latent conditions that
can lie dormant within a system until some particular trigger activates them.
Fault trees can be either qualitative or quantified. To quantify a fault tree, a
probability of occurrence is allocated to each of the lowest level leaf nodes in the
Search WWH ::
Custom Search