Presentation
Transcrição
Presentation
Causal Analysis Tools Webinar No. 4 Causal Analysis Trees/Maps (including Fault Trees) Name Jody Page Title Quality Engineering Approved for Public Release DAL201209012 File name – Web No. 4 Causal Analysis Trees/Maps Approved for Public Release DAL201209012 File name – Web No. 4 History of These Tools Dean Gano, having worked incident investigations for years in the nuclear industry, developed a robust, simple method that could be used in any level of investigation. His 1999 book (right) challenged conventional thinking on the subject at the time. The software – RealityCharting RCA, is a robust tool that assists the user by automating some of the drafting decisions, as well as providing checks and balances to ensure the method is being used properly. The company has re-branded under the single RealityCharting RCA name. Dean Gano Mark Galley, founder of ThinkReliability, deploys a similar philosophy and tree structure approach to causal analysis, but instead utilizes MS Excel as a drafting / data collection tool, providing templates and training to facilitate investigations. Mark Galley Approved for Public Release DAL201209012 File name – Web No. 4 Reason To Use This Method Think Reliability Cause Mapping • To study and capture the entire “System of Causes” contributing to your issue, so that robust solutions can be deployed. • When an issue is recurring after previous solutions have not worked. • To facilitate documenting the information obtained for knowledge transfer and retention. • To incorporate causes found from other Causal Analysis tools into “the big picture” • When precise mapping of causes and effects are warranted. RealityCharting RCA Method and Software Approved for Public Release DAL201209012 File name – Web No. 4 Characteristics of Cause & Effect Each Effect has a Least Two Causes – – Actions – momentary causes that bring conditions together to cause an effect (trigger) Conditions – causes that exist over time prior to the companion action Action Striking A Match Condition Open Fire Caused By Ignition Source Condition Combustible Material Condition Oxygen Identify an Action & Condition for Every Problem Approved for Public Release DAL201209012 File name – Web No. 4 Causal Analysis Tree/Map – Jefferson Memorial Use of 5 Whys, Fishbone, and Causal Chain Mapping Primary Effect 1st Why 2nd Why 3rd Why 4th Why 5th Why Excess Bird Droppings Jefferson Memorial is Deteriorating Washing Too Much Action Water Pressure Erodes Material Lots of Gnats to Eat Action Birds Present Lights Turn On at Dusk Lots of Spiders to Eat Spiders Like to Eat Gnats Gnats Are Attracted to the Lights Condition Birds Like to Eat Spiders Condition Gnats Mate at Dusk Action Water Pressure Required to Clean Area Condition Public Complaints On Odor and Safety Condition Causes lend themselves more to Mistake Proofing Approved for Public Release DAL201209012 File name – Web No. 4 Think Reliability Cause Mapping Approved for Public Release DAL201209012 File name – Web No. 4 RealityCharting RCA Method and Software Approved for Public Release DAL201209012 File name – Web No. 4 Module 4 Causal Analysis Trees / Maps Polling Question In the fire example, would there ever be a situation where introducing the ignition (match struck) would not be the action cause (last thing to happen)? a. No b. Yes Approved for Public Release DAL201209012 File name – Web No. 4 Fault Tree Analysis Approved for Public Release DAL201209012 File name – Web No. 4 History of Fault Tree Analysis 1962 - Bell Labs by H.A. Watson and A. Mearns under a U.S Air Force Ballistic Systems Division contract to evaluate the Minuteman Intercontinental Ballistic Missile (ICBM) Launch Control System. 1975 - U.S. Nuclear Regulatory Commission began using probabilistic risk assessment (PRA) methods including FTA. 1979 - Three Mile Island - significantly expanded PRA/FTA use / research during and following the incident investigation. 1981 - publication of the NRC Fault Tree Handbook NUREG–0492, and mandatory use of PRA under the NRC's regulatory authority. Approved for Public Release DAL201209012 Probabilities were added to causes a few years after the tool’s creation File name – Web No. 4 What is Fault Tree Analysis? Fault tree analysis (FTA): an analysis in which an undesired event is described and analyzed using Boolean logic from a series of lower-level events. Is a thorough method to quantitatively determine the probability [or bounds] of a undesired event. Cutset: The route through a FTA between an event and its primary causes. One set of events upon their occurring results in the top event. Minimal cutset: The shortest credible way through the tree from the top event to primary causes. Approved for Public Release DAL201209012 File name – Web No. 4 Reason to Use Fault Tree Analysis This analysis method is mainly used in the fields of Safety Engineering and Reliability Engineering to determine the probability of a safety accident or a particular system level (functional) failure. FTA can be used to: • show compliance with the (input) system safety / reliability requirements. • prioritize the contributors leading to the top event - Creating the Critical Equipment/Parts/Events lists for different importance measures. • monitor and control the safety performance of the complex system (e.g. Is it still safe to fly an Aircraft if fuel valve x is not "working"? For how long is it allowed to fly with this valve stuck closed?). • minimize and optimize resources. • assist in designing a system. The FTA can be used as a design tool that helps to create (output / lower level) requirements. • function as a diagnostic tool to identify and correct causes of the top event. It can help with the creation of diagnostic manuals / processes. Approved for Public Release DAL201209012 File name – Web No. 4 Unintended Event 1st Level Causes ESD Induced Dielectric Breakdown in or adjacent to propellant with sufficient joules for ignition Unintended Rocket Motor Ignition Mass impact at propellant surface exceeding detonation velocity Unintended initiation of electroexplosive device Presence of mass heat/fire exceeding propellant autoignition temperature Sympathetic detonation from blast overpressure 2nd Level Causes Approved for Public Release DAL201209012 File name – Web No. 4 1st Level Causes ESD Induced Dielectric Breakdown in or adjacent to propellant with sufficient joules for ignition ESD with sufficient joules Insufficient Grounding Propellant ESD Sensitive High joule ESD Propellant damaged (cracks or “dusting”) Insufficient ESD Barrier Failure to connect grounds properly Grounding System Defect ESD from equipment materials Leg Stats Missing 2nd Level causes Personnel generated ESD Leg Stat Failure Approved for Public Release DAL201209012 Static Floor Failure Propellant Formulation not “insensitive” Lightning Side Flash Static Buildup File name – Web No. 4 LMCO Fault Tree Analysis Example 1.1 Oil Leaks 1.0 Compressor Test Failures 1.1.4.2 Defective Part 1.1.1 Salazar 1.1.4.1 McCrary Overfill Improper Assembly 1.1.2 McCrary Caps Left on 1.1.4.2 McCrary 1.1.3 McCrary 1.1 Oil Leaks Pg 4 1.1 Loose fittings Compressor Oil Leaks 1.1.4 1.1.4.3 McCrary Faul ty Seal s Defective Material 1.2 Air Pressure Defective Part 1.1.5 McCrary Pg 5 1.1.4.4 McCrary Cracked Hardware Compressor Fault Tree 1.3 Other Pg 2 1.1.6 Pg 6 Drawing not speci fic enough 1.1.7 McCrary Pg 7 Improper venting of breather valves. 1.5 1.1.8 McCrary High Torque Contaminated Oil Compressor Failures and Anomalies 1.2.1 McCrary 2.0 1.2.2 Reserved Pg 3 1.2 Compressor Air Pressure 1.1.6.2 McCrary Part doesn’t meet drawing 1.2.5.1.1 Salazar Blocked Inlet Hardware Damage Anomalies 1.1.6.1 McCrary Interference at mounting flange 1.4 Low Volume Air Out 1.0 Compressor Test Failures 1.0 Compressor Test Failures Seal Design Oil Overfil l 1.2.5.1 Hydro-lock 1.2.5.1.2 Salazar Tilted while full 1.2.3 McCrary 1.2.5.2.1 Hartwell Loose fi ttings Lack of Maintenance 1.2.4 McCrary Cracked Hardware 1.2.5.2.2 1.2.5 1.2.5.2 Moisture Intrusion 3rd Stage Relief Valve Popping Corroded 4 th Stage 1.2.5.2.2.1 Hartwell Moisture Separator Malfunction 1.2.5.2.2.2 Hartwell 1.2.5.2.3 Hartwell Back feed from Outlet Incompatible Materials 1.2.5.2.4 Air Intake Contaminates 1.2.5.3 4th Stage defecti ve parts Approved for Public Release DAL201209012 File name – Web No. 4 LMCO Fault Tree Analysis Example – Detailed Close Up 1.1.4.2 Defective Part Approved for Public Release DAL201209012 File name – Web No. 4 LMCO FTA Summary Report Sample Approved for Public Release DAL201209012 File name – Web No. 4 Module 4 Fault Tree Analysis Polling Question What was the fault tree analysis created to do? a. To evaluate the probability of human error. b. To increase the safety level of the space program. c. To improve the safety of missile systems. d. To illustrate where to place blame/fault in the process. Approved for Public Release DAL201209012 File name – Web No. 4 References: RealityCharting Home Page: http://realitycharting.com/ RealityCharting Training: http://coach.realitycharting.com/ RealityCharting Downloads: http://www.realitycharting.com/downloads/badge/simplified ThinkReliability Home Page: http://www.thinkreliability.com ThinkReliability Template: http://www.thinkreliability.com/excel-tools.aspx ThinkReliability Training: http://www.thinkreliability.com/excel-tools.aspx Fault Tree Template: http://www.fault-tree.net/ Fault Tree Training: http://www.fault-tree.net/ Approved for Public Release DAL201209012 File name – Web No. 4 Approved for Public Release DAL201209012 File name – Web No. 4