Artifact: Fault-Tree Analysis
This artifact is a modeling artifact used to represent causality chain relating safety-critical events that can lead to a hazardous condition and accidents.
Domains: Development
Purpose
The purpose of an FTA is to visually capture the logical causal chain of events and conditions that can lead to a hazard.
Relationships
Description
Main Description

An FTA uses logical operators (commonly AND, OR, and NOT, but may also include XOR, NOR, and NAND) to depict the explicit relation between normal and exception (i.e. error) conditions and normal and exception (i.e. failure) events. FTA can be used to depict the causal chain of events and conditions for an existing design and also drive the development of design approaches (called control measures) that address the safety issues. These control measures are then added to the FTA as "ANDing redundancy" so that for the hazard to be manifest, both the original condition or fault must occur AND the control measure must fail as well.

An FTA is most often used in a top-down fashion, beginning with the hazards and the discovering that underlying faults that can lead to them. In contrast, an Fault Means and Effect Analysis (FMEA) is most often used in a bottom up fashion, beginning with the failures and then determining the consequences. Both are used in reliability and safety engineering.

Tailoring
Impact of not havingIn a safety-critical system, the analysis of the conditions and events that lead to a hazard must be analyzed and understood. An FTA can be the clearest measure for the visual depiction of this causal chains. Not having one or more FTAs can result in missing system hazards and not handing combinations of circumstances that lead to safety-related accidents, thus reducing the safety of the systems being developed.
Reasons for not needingAn FTA addresses safety concerns, so non-safety-critical systems usually do not use FTAs.
More Information
Guidelines