iTeh Standards logo
EURUSD
Your shopping cart is empty.
CLC

EN 61025:2007

(Main)

Fault tree analysis (FTA)

Fault tree analysis (FTA)

Describes fault tree analysis and provides guidance on its application to perform an analysis, identifies appropriate assumptions, events and failure modes, and provides identification rules and symbols.

Fehlzustandsbaumanalyse

Analyse par arbre de panne (AAP)

Décrit l'analyse par arbre de panne et donne des lignes directrices sur son application indique la procédure à suivre pour effectuer une analyse en spécifiant les hypothèses voulues, les événements et les modes de défaillance et donne les règles de repérage et les symboles à utiliser.

Analiza drevesa okvar (FTA) (IEC 61025:2006)

General Information

Status
Published
Publication Date
02-Apr-2007
Withdrawal Date
28-Feb-2010
ICS
03.120.01 - Quality in general
03.120.99 - Other standards related to quality
Technical Committee
CLC/SR 56 - Dependability
Drafting Committee
IEC/TC 56 - IEC_TC_56
Parallel Committee
IEC/TC 56 - IEC_TC_56
Current Stage
6060 - Document made available - Publishing
Start Date
03-Apr-2007
Completion Date
03-Apr-2007
Ref Project
SIST EN 61025:2008 - Fault tree analysis (FTA)

Relations

Replaces
HD 617 S1:1992 - Fault tree analysis (FTA)
Effective Date
29-Jan-2023
Revised
prEN IEC 61025:2023 - Fault tree analysis (FTA)
Effective Date
24-Jan-2023
EN 61025:2008EN 61025:2008
PreviousNext
Standard
EN 61025:2008
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-januar-2008
1DGRPHãþD
SIST HD 617 S1:2004
Analiza drevesa okvar (FTA) (IEC 61025:2006)
Fault tree analysis (FTA)
Fehlzustandsbaumanalyse
Analyse par arbre de panne (AAP)
Ta slovenski standard je istoveten z: EN 61025:2007
ICS:
03.120.01 Kakovost na splošno Quality in general
21.020 =QDþLOQRVWLLQQDþUWRYDQMH Characteristics and design of
VWURMHYDSDUDWRYRSUHPH machines, apparatus,
equipment
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD
EN 61025
NORME EUROPÉENNE
April 2007
EUROPÄISCHE NORM
ICS 03.120.01; 03.120.99 Supersedes HD 617 S1:1992

English version
Fault tree analysis (FTA)
(IEC 61025:2006)
Analyse par arbre de panne (AAP) Fehlzustandsbaumanalyse
(CEI 61025:2006) (IEC 61025:2006)

This European Standard was approved by CENELEC on 2007-03-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Central Secretariat: rue de Stassart 35, B - 1050 Brussels

© 2007 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 61025:2007 E
Foreword
The text of document 56/1142/FDIS, future edition 2 of IEC 61025, prepared by IEC TC 56,
Dependability, was submitted to the IEC-CENELEC parallel vote and was approved by CENELEC as
EN 61025 on 2007-03-01.
This European Standard supersedes HD 617 S1:1992.
The main changes with respect to HD 617 S1:1992 are as follows:
– added detailed explanations of fault tree methodologies;
– added quantitative and reliability aspects of Fault Tree Analysis (FTA);
– expanded relationship with other dependability techniques;
– added examples of analyses and methods explained in this standard;
– updated symbols currently in use.
Clause 7, dealing with analysis, has been revised to address traditional logic fault tree analysis separately
from the quantitative analysis that has been used for many years already, for reliability improvement of
products in their development stage.
Some material included previously in the body of this standard has been transferred to Annexes A and B.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2007-12-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2010-03-01
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 61025:2006 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60300-3-1 NOTE  Harmonized as EN 60300-3-1:2004 (not modified).
IEC 60812 NOTE  Harmonized as EN 60812:2006 (not modified).
IEC 61078 NOTE  Harmonized as EN 61078:2006 (not modified).
__________
- 3 - EN 61025:2007
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year

1)
IEC 60050-191 - International Electrotechnical Vocabulary - -
(IEV) -
Chapter 191: Dependability and quality of
service
1) 2)
IEC 61165 - Application of Markov techniques EN 61165 2006

1)
Undated reference.
2)
Valid edition at date of issue.

IEC 61025
Edition 2.0 2006-12
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Fault tree analysis (FTA)
Analyse par arbre de panne (AAP)

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
XA
CODE PRIX
ICS 03.120.01; 03.120.99 ISBN 2-8318-8918-9

61025 © IEC:2006 –– 2 – 3 – 61025 © IEC:2006
CONTENTS
FOREWORD.4
INTRODUCTION.6

1 Scope.7
2 Normative references .7
3 Terms and definitions .7
4 Symbols .10
5 General .11
5.1 Fault tree description and structure .11
5.2 Objectives .12
5.3 Applications.12
5.4 Combinations with other reliability analysis techniques.13
6 Development and evaluation .15
6.1 General considerations.15
6.2 Required system information .18
6.3 Fault tree graphical description and structure .19
7 Fault tree development and evaluation .20
7.1 General .20
7.2 Scope of analysis .20
7.3 System familiarization .20
7.4 Fault tree development.20
7.5 Fault tree construction.21
7.6 Failure rates in fault tree analysis.38
8 Identification and labelling in a fault tree .38
9 Report .39

Annex A (informative) Symbols .41
Annex B (informative) Detailed procedure for disjointing .48

Bibliography.52

Figure 1 – Explanation of terms used in fault tree analyses.10
Figure 2 – Fault tree representation of a series structure .23
Figure 3 – Fault tree representation of parallel, active redundancy .24
Figure 4 – En example of fault tree showing different gate types.26
Figure 5 – Rectangular gate and events representation .27
Figure 6 – An example fault tree containing a repeated and a transfer event .28
Figure 7 – Example showing common cause considerations in rectangular gate
representation.28
Figure 8 – Bridge circuit example to be analysed by a fault tree.32
Figure 9 – Fault tree representation of the bridge circuit .33
Figure 10 – Bridge system FTA, Esary-Proschan, no disjointing.35

61025 © IEC:2006 61025 © IEC:2006 –– 3 – 5 –
Figure 11 – Bridge system probability of failure calculated with rare-event
approximation .36
Figure 12 – Probability of occurrence of the top event with disjointing.37
Figure A.1 – Example of a PAND gate .47

Table A.1 – Frequently used symbols for a fault tree.41
Table A.2 – Common symbols for events and event description .44
Table A.3 – Static gates.45
Table A.4 – Dynamic gates .46

61025 © IEC:2006 –– 4 – 7 – 61025 © IEC:2006
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
FAULT TREE ANALYSIS (FTA)
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61025 has been prepared by IEC technical committee 56:
Dependability.
The text of this standard is based on the following documents:
FDIS Report on voting
56/1142/FDIS 56/1162/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This second edition cancels and replaces the first edition, published in 1990, and constitutes
a technical revision.
61025 © IEC:2006 61025 © IEC:2006 –– 5 – 9 –
The main changes with respect to the previous edition are as follows:
– added detailed explanations of fault tree methodologies
– added quantitative and reliability aspects of Fault Tree Analysis (FTA)
– expanded relationship with other dependability techniques
– added examples of analyses and methods explained in this standard
– updated symbols currently in use
Clause 7, dealing with analysis, has been revised to address traditional logic fault tree
analysis separately from the quantitative analysis that has been used for many years already,
for reliability improvement of products in their development stage.
Some material included previously in the body of this standard has been transferred to
Annexes A and B.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
61025 © IEC:2006 –– 6 – 11 – 61025 © IEC:2006
INTRODUCTION
Fault tree analysis (FTA) is concerned with the identification and analysis of conditions and
factors that cause or may potentially cause or contribute to the occurrence of a defined top
event. With FTA this event is usually seizure or degradation of system perfomance, safety or
other important operational attributes, while with STA (success tree analysis) this event is the
attribute describing the success.
FTA is often applied to the safety analysis of systems (such as transportation systems, power
plants, or any other systems that might require evaluation of safety of their operation). Fault
tree analysis can be also used for availability and maintainability analysis. However, for
simplicity, in the rest of this standard the term “reliability” will be used to represent these
aspects of system performance.
This standard addresses two approaches to FTA. One is a qualitative approach, where the
probability of events and their contributing factors, – input events – or their frequency of
occurrence is not addressed. This approach is a detailed analysis of events/faults and is
known as a qualitative or traditional FTA. It is largely used in nuclear industry applications
and many other instances where the potential causes or faults are sought out, without interest
in their likelihood of occurrence. At times, some events in the traditional FTA are investigated
quantitatively, but these calculations are disassociated with any overall reliability concepts, in
which case, no attempt to calculate overall reliability using FTA is made. The second
approach, adopted by many industries, is largely quantitative, where a detailed FTA models
an entire product, process or system, and the vast majority of the basic events, whether faults
or events, has a probability of occurrence determined by analysis or test. In this case, the
final result is the probability of occurrence of a top event representing reliability or probability
of fault or a failure.
61025 © IEC:2006 61025 © IEC:2006 –– 7 – 13 –
FAULT TREE ANALYSIS (FTA)
1 Scope
This International Standard describes fault tree analysis and provides guidance on its
application as follows:
– definition of basic principles;
- describing and explaining the associated mathematical modelling;
- explaining the relationships of FTA to other reliability modelling techniques;
– description of the steps involved in performing the FTA;
– identification of appropriate assumptions, events and failure modes;
– identification and description of commonly used symbols.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For the references, only the edition cited applies. For undated references, the latest edition of
the referenced document (including any amendments) applies.
IEC 60050(191), International Electrotechnical Vocabulary (IEV) – Chapter 191: Dependability
and quality of service
IEC 61165, Application of Markov techniques
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 60050(191) apply.
In fault tree methodology and applications, many terms are used to better explain the intent of
analysis or the thought process behind such analysis. There are terms used also as
synonyms to those that are considered analytically correct by various authors. The following
additional terms are used in this standard.
3.1
outcome
result of an action or other input; a consequence of a cause
NOTE 1 An outcome can be an event or a state. Within a fault tree, an outcome from a combination of
corresponding input events represented by a gate may be either an intermediate event or a top event.
NOTE 2 Within a fault tree, an outcome may also be an input to an intermediate event, or it can be the top event.
3.2
top event
outcome of combinations of all input events
NOTE 1 It is the event of interest under which a fault tree is developed. The top event is often referred to as the
final event, or as the top outcome.

61025 © IEC:2006 –– 8 – 15 – 61025 © IEC:2006
NOTE 2 It is pre-defined and is a starting point of a fault tree. It has the top position in the hierarchy of events.
3.3
final event
final result of combinations of all of the input, intermediate and basic events
NOTE It is a result of input events or states (see 3.2).
3.4
top outcome
outcome that is investigated by building the fault tree
NOTE Final result of combinations of all of the input, intermediate and basic events; it is a result of input events
or states (see 3.2).
3.5
gate
symbol which is used to establish symbolic link between the output event and the
corresponding inputs
NOTE A given gate symbol reflects the type of relationship required between the input events for the output event
to occur.
3.6
cut set
group of events that, if all occur, would cause occurrence of the top event
3.7
minimal cut set
minimum, or the smallest set of events needed to occur to cause the top event
NOTE The non-occurrence of any one of the events in the set would prevent the occurrence of the top event.
3.8
event
occurrence of a condition or an action
3.9
basic event
event or state that cannot be further developed
3.10
primary event
event that is at the bottom of the fault tree
NOTE In this standard, primary event can mean a basic event that need not be developed any more, or it can be
an event that, although a product of groups of events and gates, may be developed elsewhere, or may not be
developed at all (undeveloped event).
3.11
intermediate event
event that is neither a top event nor a primary event
NOTE It is usually a result of one or more primary and/or other intermediate events.

61025 © IEC:2006 61025 © IEC:2006 –– 9 – 17 –
3.12
undeveloped event
event that does not have any input events
NOTE It is not developed in the analysis for various possible reasons, such as lack of more detailed information,
or it is developed in another analysis and then annotated in the current analysis as undeveloped. An example of
undeveloped gates could be Commercial Off The Shelf Items (or COTS).
3.13
single point failure (event)
failure event which, if it occurs, would cause overall system failure or would, by itself
regardless of other events or their combinations, cause the top unfavourable event (outcome)
3.14
common cause events
different events in a system or a fault tree that have the same cause for their occurrence
NOTE An example of such an event would be shorting of ceramic capacitors due to flexing of the printed circuit
board; thus, even though these might be different capacitors having different functions in their design, their
shorting would have the same cause – the same input event.
3.15
common cause
cause of occurrence of multiple events
NOTE In the above example it would be board flexing that itself can be an intermediate event resulting from
multiple events such as environmental shock, vibrations or manual printing circuit board break during product
manufacturing.
3.16
replicated or repeated event
event that is an input to more than one higher level event
NOTE This event can be a common cause or a failure mode of a component, shared by more than one part of a
design.
Figure 1 illustrates some of the above definitions. This figure contains annotations and
description of events to better explain the practical application of a fault tree. Omitted from
Figure 1 are the graphical explanations of cut sets or minimal cut sets, for simplicity of the
graphical representation of other pertinent terms. The symbols in Figure 1 and all of the
subsequent figures appear somewhat different to those in Tables A.1, A.2, A.3, and A.4
because of the added box above the gate symbol for description of individual events.

61025 © IEC:2006 –– 10 – 19 – 61025 © IEC:2006
IEC  2118/06
Figure 1 – Explanation of terms used in fault tree analyses
NOTE Symbols in Figure 1 and all other figures might slightly differ from the symbols shown in Annex A. This is
because description blocks are added to better explain the relationship of various events
4 Symbols
The graphical representation of a fault tree requires that symbols, identifiers and labels be
used in a consistent manner. Symbols describing fault tree events vary with user preferences
and software packages, when used. General guidance is given in Clause 8 and in Annex A.
Other symbols used in this standard are standard dependability symbols such as F(t) or just
probability of an event occurring F. For that reason, a separate list of symbols is not provided.

61025 © IEC:2006 61025 © IEC:2006 –– 11 – 21 –
5 General
5.1 Fault tree description and structure
Several analytical methods of dependability analysis are available, of which fault tree analysis
(FTA) is one. The purpose of each method and their individual or combined applicability in
evaluating the flow of events or states that would be the cause of an outcome, or reliability
and availability of a given system or component should be examined by the analyst before
starting FTA. Consideration should be given to the advantages and disadvantages of each
method and their respective products, data required to perform the analysis, complexity of
analysis and other factors identified in this standard.
A fault tree is an organized graphical representation of the conditions or other factors causing
or contributing to the occurrence of a defined outcome, referred to as the "top event". When
the outcome is a success, then the fault tree becomes a success tree, where the input events
are those that contribute to the top success event. The representation of a fault tree is in a
form that can be clearly understood, analysed and, as necessary, rearranged to facilitate the
identification of:
– factors affecting the investigated top event as it is carried out in most of the traditional
fault tree analyses;
– factors affecting the reliability and performance characteristics of the system, when the
FTA technique is used for reliability analysis, for example design deficiencies,
environmental or operational stresses, component failure modes, operator mistakes,
software faults;
– events affecting more than one functional component, which could cancel the benefits of
specific redundancies or affect two or more parts of a product that may otherwise seem
operationally unrelated or independent (common cause events).
Fault tree analysis is a deductive (top-down) method of analysis aimed at pinpointing the
causes or combinations of causes that can lead to the defined top event. The analysis can be
qualitative or quantitative, depending on the scope of the analyses.
A fault tree can be developed as its complement, the success tree analysis, (STA), where the
top event is a success, and its inputs are contributor to the success (desired) event.
In cases where the probability of occurrence of the primary events cannot be estimated, a
qualitative FTA may be used to investigate causes of potential unfavourable outcomes with
individual primary events marked with descriptive likelihood of occurrence such as: “highly
probable”, “very probable” “medium probability”, “remote probability”, etc. The primary goal of
the qualitative FTA is to identify the minimal cut set in order to determine the ways in which
the basic or primary events influence the top event.
A quantitative FTA can be used when the probabilities of primary events are known.
Probabilities of occurrence of all intermediate events and the top event (outcome) can then be
calculated in accordance with the model. Also, the quantitative FTA is very useful in reliability
analysis of a product or a system in its development.
FTA can be used for analysis of systems with complex interactions between sub-systems
including software/hardware interactions.

61025 © IEC:2006 –– 12 – 23 – 61025 © IEC:2006
5.2 Objectives
FTA may be undertaken independently of, or in conjunction with, other reliability analyses.
Objectives include:
– identification of the causes or combinations of causes leading to the top event;
– determination of whether a particular system reliability measure meets a stated
requirement;
– determination of which potential failure mode(s) or factor(s) would be the highest
contributor to the system probability of failure (unreliability) or unavailability, when a
system is repairable, for identifying possible system reliability improvements;
– analysis and comparison of various design alternatives to improve system reliability;
– demonstration that assumptions made in other analyses (such as Markov and FMEA) are
valid;
– identification of potential failure modes that might cause a safety issue, evaluation of
corresponding probability of occurrence and possibility of mitigation;
– identification of common events (e.g. the middle branch of a bridge circuit, see Figure 10);
– search for an event or combinations of events which are the most likely to cause the top
event to occur;
– assessment of the impact of the occurrence of a primary event on the probability of the top
event;
– calculation of event probabilities;
– calculation of availabilities and failure rates of system or its components represented by a
fault tree, if a steady state can be postulated, and eventual repairs are independent of
each other (same limitation as for the success path diagram/reliability block diagram).
5.3 Applications
FTA is particularly suited to the analysis of systems comprising several functionally related or
dependent subsystems. Benefits of FTA are apparent when a system design is the product of
several independent specialized technical design groups and the separate fault trees are
linked together. Fault tree analysis is commonly applied when designing nuclear power
generating stations, transportation systems, communication systems, chemical and other
industrial processes, railway systems, home entertainment systems, medical systems,
computer systems, etc. Fault tree analysis is also of particular value when applied to systems
comprising various component types and their interaction (mechanical, electronic and
software components), which cannot be easily modelled with other techniques. An example of
this would be a combination of events where their order of appearance is essential such as
existence of vibration fatigue causing fracture cracks and failures of components.
FTA has a multitude of uses as a tool (to list a few):
– to determine the pertinent logic combination of events leading to the top event and,
potentially, their prioritization;
– to investigate a system under development and anticipate and prevent, or mitigate,
potential cause(s) of undesired top event;

61025 © IEC:2006 61025 © IEC:2006 –– 13 – 25 –
– to analyze a system, determine its reliability, identify the major contributors to its un-
reliability and evaluate the design changes;
– to assist probabilistic risk assessment efforts.
FTA can be applied to all new or modified products in all design phases, as an analytical tool
for identification of potential design problems, including those early phases where information
on the design details is incomplete. Those early efforts would then be extended as more
information on the system design and its components becomes available. FTA also identifies
potential problems that may originate from the product’s physical design, environmental or
operational stresses, flaws in product manufacturing processes and from operational and
maintenance procedures.
5.4 Combinations with other reliability analysis techniques
5.4.1 Combination of FTA and failure modes and effects analysis (FMEA)
This analysis combination is often recommended by sector specific standards, in particular
safety standards and transportation standards. The benefits of a combined analysis are the
following:
– FTA is a top-down and FMEA a bottom-up analysis method and use of both deductive and
inductive reasoning is regarded as a good argument for providing assurance for the
completeness of an analysis;
– safety standards often demand a single failure and, in some cases, a multiple failure
analysis, the first requirement being fulfilled by FMEA. Both single and multiple failure
analysis are accomplished by FTA;
– FMEA is also a useful method for a comprehensive identification of basic events or
hazards, while FTA is a practical method for causal analysis of the undesirable events.
Additionally there exists a simple consistency check between FMEA and FTA:
– any identified single failure in FMEA leading to the top event of the fault tree also has to
appear as a single point failure (in the minimal cut set);
NOTE A single point failure is a failure that, if it occurs, would cause the entire system to fail.
– any single point failure identified in the FTA should also appear as such in the FMEA.
The value of this consistency check is increased if the analyses are performed separately and
independently. This is especially important in safety analyses.
The IEC standard which explains this methodology is IEC 60300-3-1.
5.4.2 Combination of FTA and event tree analysis (ETA)
Any event could be analysed by FTA. However, in some cases this may be not appropriate for
several reasons:
− it is sometimes easier to develop event sequences rather than causal relationships;
− the resulting tree may become very large;
− there are often separate teams dealing with different parts of the analysis.

61025 © IEC:2006 –– 14 – 27 – 61025 © IEC:2006
In order to find a practical procedure, it is often not the top undesired event that is defined
first, but potentially undesirable events at the interface between the functional and technical
domain.
To give an illustration, consider the top event “loss of crew or vehicle” for a spacecraft
mission. Instead of building a large fault tree based on “loss of crew or vehicle,” intermediate
undesired events like “ignition fails” or “thrust failure” may be defined as top events and
analysed as separate fault trees. These reduced top events would then, in turn, be used as
inputs to an event tree in order to analyse operational consequences.
This combination of ETA and FTA is sometimes referred to as cause-consequence analysis
(CCA).
5.4.3 Combination of FTA and Markov analysis
FTA that has only a combination of static events (timing – sequencing of the event
combination is not considered or modelled – static gates) usually evaluates systems with no
sequence dependency of events. However, it is possible to extend the FTA by defining
additional gates that represent Markov models. These gates bear the name of “dynamic”
gates and include PRIORITY AND gates, SEQUENTIAL gates, and SPARE gates. For such
gates, it is necessary to evaluate the failure probability at a time t by using the appropriate
Markov model or simulation. Once evaluated, the dynamic gate and its inputs may be
replaced by a single primary event, with the probability of occurrence calculated by Markov
analysis. Some commercial software allow for modelling of dynamic gates and the capability
for calculation of probability of occurrence of the event they represent. An example of
dynamic, PRIORITY AND gate is shown in Annex A.
Both static and dynamic gates of a fault tree are used, based on the assumption that the
individual events are independent (unless defined as common). However, particular attention
shall be given to independence properties between the events included in the Markov model
and the events in the fault tree.
5.4.4 Combination of FTA and binary decision diagram (BDD) techniques
Calculation of the probability of occurrence for the top event of a fault tree with many cut sets
requires calculation of probability for all cut set combinations. Because of its high complexity,
this calculation will often need to be truncated. A BDD may be constructed recursively from a
fault tree and it provides an efficient, exact calculation method. This method is well explained
in the “NASA Fault Tree Handbook with Aerospace Applications version 1.1[1] ”.
The BDD approach is useful where truncation of cut set probability calculations results in
either unacceptable loss of accuracy or an FTA solution takes excessive time, particularly
when many high-probability events appear in the model. Because the minimal paths
generated in the BDD approach are disjointed (see 7.5.5.4), calculation of importance and
sensitivities can also be performed efficiently and exactly.
—————————
Figures in square brackets refer to the bibliography.

61025 © IEC:2006 61025 © IEC:2006 –– 15 – 29 –
5.4.5 Combination with the reliability block diagram
A reliability block diagram is made up of blocks or modules, representing a group of
components, or failure modes. Those groups are normally formed following the functional
block diagram of a product, system or a process. These modules have either a determined
failure rate, or a calculated reliability or probability of failure for given use or operational
profile. Traditionally, the blocks would have a failure rate which would be the sum of failure
rates of individual components. In that manner, the functional interaction of components
within a module is not considered.
To augment correctness of functional modelling within a block (software/hardware, interaction
of mechanical parts), reliability of certain blocks can be modelled with a fault tree, and then
the resultant information on probability of occurrence of those blocks can be assigned to that
specific block being part of a reliability block diagram. In this manner, reliability block
diagrams, which normally assume independency of components failure within a block, would
yield a more realistic prediction.
6 Development and evaluation
6.1 General considerations
6.1.1 Overview
A fault tree is an organized graphical representation of the conditions that cause, or contribute
to, the occurrence of a defined undesirable outcome, referred to as the "top event". The
representation is in a form that can be clearly understood, analysed and, as necessary,
rearranged to facilitate the identification of:
– factors affecting the reliability and other performance characteristics of the system. These
factors, for example, include design deficiencies, environmental or operational stresses,
component fault modes, operator mistakes, software faults;
– common events that may contribute to more than one outcome of intermediate events in a
fault tree. As an example, events affecting more than one functional component, which
could cancel the benefits of specific redundancies or affect two or more parts of a product
that may otherwise seem operationally unrelated.
Fault tree analysis is a deductive (top-down) method of analysis aimed at pinpointing the
causes, or combinations of causes, that can lead to the defined top event. The analysis can
be qualitative, Method A, or quantitative, Method B, depending on the scope of the analyses.
In cases where the probability of occurrence of the basic events cannot be estimated, a
qualitative FTA, Method A, may be used to investigate causes of potential unfavorable
outcomes with individual basic events marked with descriptive likelihood of occurrence such
as: “highly probable”, “very probable” “medium probability”, “remote probability”, etc. as
explained in 5.1.
A quantitative FTA, Method B, can be used when the probabilities of basic or primary events
are known. Probabilities of occurrence of all intermediate events and the top event (outcome)
can then be calculated using the appropriate mathematical expressions.

61025 © IEC:2006 –– 16 – 31 – 61025 © IEC:2006
6.1.2 Concepts and combinations of events and states
The final outcome of a fault tree (top event) can be a fault in itself, or an event. Here, the fault
tree describes a fault or an event resulting from the contributing events or other faults. In the
fault tree analysis certain combination of events can be either states or events, while the
others must match the outcome. For example, the inputs into an OR gate where the outcome
is a state or an event, can be states or events. All inputs into an AND gate which as an
outcome is an event must be events, while if as the outcome it represent a state all the inputs
must be states.
The state can be characterized by the probability that the state will exist in time t, while the
event can be characterized either by the failure rate or failure frequency, or by probability of
event occurrence at time t.
6.1.3 Fault tree for investigation of faults leading to other faults or events
Traditionally, a fault tree is constructed to investigate faults or events leading to an outcome.
This concept has been used for a long time in many industries, and is specifically efficient and
applied in the nuclear industry. In this manner, it is a powerful and invaluable tool for
investigation of potential problems, events, improvements and other preventive measures that
preclude or mitigate an undesirable outcome.
An outcome, success or fault, is investigated, and the states or events leading to this outcome
investigated, their probability of existence or occurrence determined, and the fault tree model
constructed appropriately that would lead to the probability of existence or occurrence of the
assumed outcome.
In this application, the fault tree is constructed and evaluated as described in Clause 7,
having in mind that the outcome is characterized by probability of fault existence or event
occurrence, and is not related to reliability of the analysed item or a system.
It is possible that the basic or any other events in this type of analysis are not given any real
probability value, and are only used in investigation of an event that potentially might take
place (Method A). In such a case, they might be marked with a descriptive probability of “high,
medium, or low”, and are evaluated as potential contributors to the top event or fault. Such
types of fault trees are often used for identification of a primary fault or event that was the
single or a major contributor to the top fault or event, and are used in a vast variety of
industries: automotive, nuclear, manufacturing plants, etc.
6.1.4 FTA use in reliability assessment and improvement during product development
In this application which is based on the FTA Method B, a fault tree can model the entire
product, or parts of a product that might pose a risk to its reliability or operational safety. In
this case, Method B analysis probability of occurrence can be determined in a traditional
manner, such as in analysis of a safety-related fault or event of a product, or the detailed
analysis of potential product failure within a certain time period may lead to expression of its
unreliability or probability of failure within that period of interest. In this application, the fault
tree methodology follows the principles of a top down failure modes and effects analysis,
where each potential failure mode may result in an event or a fault leading
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

CLC
EN 61078:2016(Main)
Reliability block diagrams
SIST EN 61078:2017

IEC 61078:2016 this International Standard describes: - the requirements to apply when reliability block diagrams (RBDs) are used in dependability analysis; - the procedures for modelling the dependability of a system with reliability block diagrams; - how to use RBDs for qualitative and quantitative analysis; - the procedures for using the RBD model to calculate availability, failure frequency and reliability measures for different types of systems with constant (or time dependent) probabilities of blocks success/failure, and for non-repaired blocks or repaired blocks; - some theoretical aspects and limitations in performing calculations for availability, failure frequency and reliability measures; - the relationships with fault tree analysis (see IEC 61025) and Markov techniques (see IEC 61165). This third edition cancels and replaces the second edition published in 2006. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: - the structure of the document has been entirely reconsidered, the title modified and the content extended and improved to provide more information about availability, reliability and failure frequency calculations; - Clause 3 has been extended and clauses have been introduced to describe the electrical analogy, the "non-coherent" RBDs and the "dynamic" RBDs; - Annex B about Boolean algebra methods has been extended; - Annex C (Calculations of time dependent probabilities), Annex D (Importance factors), Annex E (RBD driven Petri net models) and Annex F (Numerical examples and curves) have been introduced. Keywords: reliability block diagram (RBD)

  • Standard
    121 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN 62429:2008(Main)
Reliability growth - Stress testing for early failures in unique complex systems
SIST EN 62429:2008

This International Standard gives guidance for reliability growth during final testing or acceptance testing of unique complex systems. It gives guidance on accelerated test conditions and criteria for stopping these tests.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN 62308:2006(Main)
Equipment reliability - Reliability assessment methods
SIST EN 62308:2007

This International Standard describes early reliability assessment methods for items based on field data and test data for components and modules. It is applicable to mission, safety and business critical, high integrity and complex items. It contains information on why early reliability estimates are required and how and where the assessment would be used.

  • Standard
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
prEN IEC 61025:2023(Main)
Fault tree analysis (FTA)
oSIST prEN IEC 61025:2023
  • Draft
    109 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61169-74:2025(Main)
Radio-frequency connectors - Part 74: Sectional specification for HN series RF coaxial connectors with screw coupling - Characteristic impedance 50 Ω
SIST EN IEC 61169-74:2026

IEC 61169-74:2025, which is a Sectional Specification (SS), provides information and rules for the preparation of Detail Specifications (DS) for series HN RF coaxial connectors with screw coupling with a characteristic impedance of 50 Ω. This document prescribes mating face dimensions for high performance connectors (grade 2), dimensional details of standard test connectors (grade 0), gauging information and tests selected from IEC 61169-1, applicable to all Detail Specifications relating to series HN RF connectors. This document indicates recommended performance characteristics which are considered when writing a Detail Specification and it covers test schedules and inspection requirements for assessment levels M and H. The series HN connectors are intended to be used in microwave transmission systems and can be connected with all kinds of RF cables and microstrips. The operating frequency is up to 6 GHz.

  • Draft
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN 50174-4:2025(Main)
Information technology - Cabling installation - Part 4: Testing of installed optical fibre cabling
SIST EN 50174-4:2025

This document specifies systems and methods for the inspection and testing of installed optical fibre cabling designed in accordance with premises cabling standards including the EN 50173 series. The test methods refer to existing standards-based procedures where they exist.

  • Draft
    86 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 61540:2025(Main)
Portable residual current devices (PRCDs) without integral overcurrent protection for household and similar use
SIST EN IEC 61540:2026

This document applies to portable residual current devices (PRCDs) for household and similar uses, consisting of a plug, a residual current device (RCD) and one or more socket-outlets or a provision for connection. They do not incorporate overcurrent protection. They are intended for single- and two-phase systems for rated currents not exceeding 16 A for rated voltages not exceeding 250 V AC, or for rated current not exceeding 32 A for rated voltages not exceeding 130 V AC to earth. They are intended to provide protection against shock hazard in case of direct contact, in addition to the protection provided by the fixed installations for the circuit downstream. PRCDs have a rated residual operating current not exceeding 0,03 A. The plug and socket-outlet parts of a PRCD are covered by the national standard of the country where the PRCD is placed on the market. If no national requirements exist, IEC 60884 1 is used. This document applies to portable devices performing simultaneously the functions of detection of the residual current, of comparison of the value of this current with the residual operating value and of opening of the protected circuit when the residual current exceeds this value. PRCDs providing an additional function of detecting faults on the supply side with a defined behaviour in case of supply failures or miswiring (PRCD-S) are also covered by this document. PRCDs are not intended to be used as parts of fixed installations. Their connecting means can be plugs, socket-outlets, terminals or cords. NOTE 1 The requirements for PRCDs are in compliance with the general requirements of IEC 60755. PRCDs are essentially intended to be operated by ordinary persons and designed not to require maintenance. NOTE 2 An integral fuse is used, if necessary, for the relevant plug and socket-outlet system. The switching contacts of the PRCDs are not intended to provide isolation, as isolation can be ensured by disconnecting the plug. The requirements of this document apply for environmental conditions as defined in 7.1. Additional requirements can be necessary for PRCDs used in locations having more severe environmental conditions. PRCDs including batteries are not covered by this document. This document does not contain additional requirements for PRCDs without earthing contacts for which specific requirements can apply. This document can, however, be used as a guide for such devices which are intended to be used with Class II appliances only.

  • Draft
    145 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 62841-2-22:2025(Main)
Electric motor-operated hand-held tools, transportable tools and lawn and garden machinery - Safety - Part 2-22: Particular requirements for hand-held cut-off machines
SIST EN IEC 62841-2-22:2026

IEC 62841-2-22:2025 applies to hand-held cut-off machines fitted with - one bonded reinforced wheel of Type 41 or Type 42; or - one or more diamond cutting wheels with peripheral gaps, if any, • having no positive rake angle; and • not exceeding 10 mm for cut-off machines other than flush cutters, power cutters and wall chasers; and with - a rated no-load speed not exceeding a peripheral speed of the wheel of 100 m/s at rated capacity; and - a rated capacity not exceeding 430 mm. NOTE 101 An example of a permitted diamond cutting wheel construction is shown in Figure 106. These tools are intended to cut materials such as metals, concrete, masonry, glass and tile. This document does not apply to: - cut-off machines that can be converted to a grinder, sander or polisher, which are covered by IEC 62841-2-3; - circular saws which are covered by IEC 62841-2-5; and - die grinders and small rotary tools which are covered by IEC 62841-2-23; - tools intended to cut wood, except for utility cutters; - cut-off machines fitted with a bonded reinforced wheel of Type 42 with a diameter exceeding 230 mm. This document is to be used in conjunction with IEC 62841-1:2014.

  • Draft
    58 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN IEC 62841-2-20:2025/A11:2025(Amendment)
Electric motor-operated hand-held tools, transportable tools and lawn and garden machinery - Safety - Part 2-20: Particular requirements for hand-held band saws
SIST EN IEC 62841-2-20:2026/A11:2026

2021-12-20: This prAA includes common mods to EN IEC 62841-2-20 (PR=75425)
DOW=DOR+48 months is applied to all parts in EN IEC 62841 series

  • Amendment
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CLC
EN 50736:2025(Main)
Railway application - Communication, signalling and processing system - Test requirements for signalling and telecommunication equipment
SIST EN 50736:2026

This document applies to railway signalling and telecommunication trackside equipment. This document does not cover signalling and telecommunication equipment mounted in vehicles; these are covered by EN 50155:2021. This document covers the type testing phases of the equipment for signal and telecommunication (S&T) systems (including power supply systems belonging to S&T), in order to ensure compliance with specified requirements already defined in the customer specifications or by the involved parties. In particular this document intends to define test requirements with related performance / acceptance criteria, considering only the environmental conditions stated by the EN 50125-3:2003, and considering the severities of the environmental parameters herein defined. Safety considerations are not covered by this document.

  • Draft
    75 pages
    English language
    sale 10% off
    e-Library read for
    1 day