The document provides an agenda and overview for a two-day workshop on reliability and system risk analysis techniques. Day one focuses on classical qualitative techniques including Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis, Event Tree Analysis, and HAZOP. Day two will cover systems-theoretic techniques and human factors. The workshop introduces concepts of reliability, risk, failure, and safety and discusses how accidents can result from both component failures and unsafe interactions. Traditional techniques like FMEA have limitations and may not capture issues related to design, requirements, or organizational factors.
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers..
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2016-04-28 - VU Amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers..
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2016-04-28 - VU Amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
Risk management and business protection with Coding Standardization & Static ...Itris Automation Square
The following topic was presented at the CSIA 2013 Executive Conference: "Risk management and business protection with Coding Standardization & Static Analyzer".
http://csiaexecutiveconference.org/
http://www.controlsys.org/
REPAIR METHODS FOR BASIC MACHINE ELEMENTSlaxtwinsme
Repair methods for beds, slide ways, spindles, gears, lead screws and bearings – Failure analysis –Failures and their development – Logical fault location methods – Sequential fault location
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?TechWell
Throughout history, people have built systems of dramatically increasing complexity. In simpler systems, defects at the micro level are mitigated by the macro level structure. In complex systems, failures at the micro level cannot be compensated for at a higher level, often with catastrophic results. Lee Copeland says that we are building hyper-complex computer systems—so complex that faults can create totally unpredictable behaviors. For example, systems based on the service-oriented architecture (SOA) model can be dynamically composed of reusable services of unknown quality, created by multiple organizations, and communicating through many technologies across the unpredictable Internet. Lee explains that claims about quality require knowledge of test “coverage,” which is an unknowable quantity in hyper-complex systems. Join Lee for a look at your testing future as he describes new approaches needed to measure test coverage in these hyper-complex systems and lead your organization to better quality—despite the challenges.
Preview of Crisis Management Foundation
The lifecycle of a crisis which includes a disaster, outage or Major Incident. The process and all aspects of the process of dealing with the lifecycle of a crisis is covered.
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Luigi Vanfretti
Title:
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and GridDyn
Presenters:
Luigi Vanfretti (RPI) & Philip Top (LNLL)
luigi.vanfretti@gmail.com, top1@llnl.gov
Abstract:
The Modelica language, being standardized and equation-based, has proven valuable for the for model exchange, simulation and even for model validation applications in actual power systems. These important features have been now recognized by the European Network of Transmission System Operators, which have adopted the Modelica language for dynamic model exchange in the Common Grid Model Exchange Standard (v2.5, Annex F).
Following previous FP7 project results, within the ITEA 3 openCPS project, the presenters have continued the efforts of using the Modelica language for power system modeling and simulation, by developing and maintaining the OpenIPSL library: https://github.com/SmarTS-Lab/OpenIPSL
This seminar first gives an overview of the origins of the OpenIPSL and it’s models, it contrasts it against typical power system tools, and gives an introduction the OpenIPSL library. The new project features that help in the OpenIPSL maintenance (use of continuous integration, regression testing, documentation, etc.) are also described.
Finally, the seminar will present current work at LNLL that exploits OpenIPSL in coordination with other tools including ongoing work integrating openIPSL models into GridDyn an open-source power system simulation tool, as well as a demos of the use of openIPSL libraries in GridDyn.
Bios:
Luigi Vanfretti (SMIEEE’14) obtained the M.Sc. and Ph.D. degrees in electric power engineering at Rensselaer Polytechnic Institute, Troy, NY, USA, in 2007 and 2009, respectively.
He was with KTH Royal Institute of Technology, Stockholm, Sweden, as Assistant 2010-2013), and Associate Professor (Tenured) and Docent (2013-2017/August); where he lead the SmarTS Lab and research group. He also worked at Statnett SF, the Norwegian electric power transmission system operator, as consultant (2011 - 2012), and Special Advisor in R&D (2013 - 2016).
He joined Rensselaer Polytechnic Institute in August 2017, to continue to develop his research at ALSETLab: http://alsetlab.com
His research interests are in the area of synchrophasor technology applications; and cyber-physical power system modeling, simulation, stability and control.
Philp Top (Lawrence Livermore National Lab)
PhD 2007 Purdue University. Currently a Research Engineer at Lawrence Livermore National Laboratory in Livermore, CA. Philip has been involved in several projects connected with the DOE effort on Grid Modernization including projects on modeling and simulation, co-simulation and smart grid data analytics. He is the principle developer on the open source power system simulation tool GridDyn, and a key contributor to the HELICS open source co-simulation framework.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
Risk management and business protection with Coding Standardization & Static ...Itris Automation Square
The following topic was presented at the CSIA 2013 Executive Conference: "Risk management and business protection with Coding Standardization & Static Analyzer".
http://csiaexecutiveconference.org/
http://www.controlsys.org/
REPAIR METHODS FOR BASIC MACHINE ELEMENTSlaxtwinsme
Repair methods for beds, slide ways, spindles, gears, lead screws and bearings – Failure analysis –Failures and their development – Logical fault location methods – Sequential fault location
Testing Hyper-Complex Systems: What Can We Know? What Can We Claim?TechWell
Throughout history, people have built systems of dramatically increasing complexity. In simpler systems, defects at the micro level are mitigated by the macro level structure. In complex systems, failures at the micro level cannot be compensated for at a higher level, often with catastrophic results. Lee Copeland says that we are building hyper-complex computer systems—so complex that faults can create totally unpredictable behaviors. For example, systems based on the service-oriented architecture (SOA) model can be dynamically composed of reusable services of unknown quality, created by multiple organizations, and communicating through many technologies across the unpredictable Internet. Lee explains that claims about quality require knowledge of test “coverage,” which is an unknowable quantity in hyper-complex systems. Join Lee for a look at your testing future as he describes new approaches needed to measure test coverage in these hyper-complex systems and lead your organization to better quality—despite the challenges.
Preview of Crisis Management Foundation
The lifecycle of a crisis which includes a disaster, outage or Major Incident. The process and all aspects of the process of dealing with the lifecycle of a crisis is covered.
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and Gr...Luigi Vanfretti
Title:
Modeling and Simulation of Electrical Power Systems using OpenIPSL.org and GridDyn
Presenters:
Luigi Vanfretti (RPI) & Philip Top (LNLL)
luigi.vanfretti@gmail.com, top1@llnl.gov
Abstract:
The Modelica language, being standardized and equation-based, has proven valuable for the for model exchange, simulation and even for model validation applications in actual power systems. These important features have been now recognized by the European Network of Transmission System Operators, which have adopted the Modelica language for dynamic model exchange in the Common Grid Model Exchange Standard (v2.5, Annex F).
Following previous FP7 project results, within the ITEA 3 openCPS project, the presenters have continued the efforts of using the Modelica language for power system modeling and simulation, by developing and maintaining the OpenIPSL library: https://github.com/SmarTS-Lab/OpenIPSL
This seminar first gives an overview of the origins of the OpenIPSL and it’s models, it contrasts it against typical power system tools, and gives an introduction the OpenIPSL library. The new project features that help in the OpenIPSL maintenance (use of continuous integration, regression testing, documentation, etc.) are also described.
Finally, the seminar will present current work at LNLL that exploits OpenIPSL in coordination with other tools including ongoing work integrating openIPSL models into GridDyn an open-source power system simulation tool, as well as a demos of the use of openIPSL libraries in GridDyn.
Bios:
Luigi Vanfretti (SMIEEE’14) obtained the M.Sc. and Ph.D. degrees in electric power engineering at Rensselaer Polytechnic Institute, Troy, NY, USA, in 2007 and 2009, respectively.
He was with KTH Royal Institute of Technology, Stockholm, Sweden, as Assistant 2010-2013), and Associate Professor (Tenured) and Docent (2013-2017/August); where he lead the SmarTS Lab and research group. He also worked at Statnett SF, the Norwegian electric power transmission system operator, as consultant (2011 - 2012), and Special Advisor in R&D (2013 - 2016).
He joined Rensselaer Polytechnic Institute in August 2017, to continue to develop his research at ALSETLab: http://alsetlab.com
His research interests are in the area of synchrophasor technology applications; and cyber-physical power system modeling, simulation, stability and control.
Philp Top (Lawrence Livermore National Lab)
PhD 2007 Purdue University. Currently a Research Engineer at Lawrence Livermore National Laboratory in Livermore, CA. Philip has been involved in several projects connected with the DOE effort on Grid Modernization including projects on modeling and simulation, co-simulation and smart grid data analytics. He is the principle developer on the open source power system simulation tool GridDyn, and a key contributor to the HELICS open source co-simulation framework.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
2. Schedule
Monday, July 20, 2015: Classical Techniques
• 1000-1030 Introduction, overview of failure search techniques
• 1030-1100 Qualitative Failure Modes and Effects Analysis (examples and exercise)
• 1100-1130 Qualitative Fault Tree Analysis (examples and exercise)
• 1130-1230 Other Qualitative Techniques (Event Tree Analysis, HAZOP)
• Lunch
• 1400-1430 Quantitative Fault Tree Analysis
• 1430-1515 Other Quantitative Techniques (FMEA, ETA)
• 1515-1545 Practical strengths and limitations, lessons learned
• Break
• 1615-1645 Wrap-up and discussion
Tuesday, July 21, 2015: Systems-Theoretic Techniques
• 0900-0915 Introduction and overview to Systems-Theoretic Techniques
• 0915-1000 Human factors introduction
• 1000-1030 Systems Theoretic Accident Models and Processes (STAMP)
• Break
• 1050-1220 System Theoretic Hazard Analysis (STPA)
• Lunch
• 1400-1600 STPA examples and exercises
• 1600-1630 Wrap-up and discussion
3. Today’s Agenda
• Intro to reliability and system risk
• Overview of analysis techniques
• Traditional qualitative techniques
• Failure Modes and Effects Analysis
• Fault Tree Analysis
• Event Tree Analysis
• HAZOP
• Traditional quantitative techniques
• Quant. Fault Tree Analysis
• FMECA
• Quant. ETA
Tomorrow:
- Human factors
- System-theoretic techniques
4. Introduction: Reliability and System Risk
Analysis
• What is Reliability?
• Probability that a component or system will perform its specified
function (for a prescribed time under stated conditions)
• What is Risk?
• Threat of damage, injury, liability, loss, or any other negative
occurrence that may be avoided through preemptive action.
• What is a Failure?
• Inability of a component to perform its specified function (for a
prescribed time under stated conditions)
• What is Safety?
• Freedom from undesired losses (e.g. loss of life, loss of mission,
environmental damage, customer satisfaction, etc.)
5. Two basic types of losses
• Losses caused by component failure
• Focus of reliability analysis
• Losses caused by component interactions
• Often occur without failures
• Can be more difficult to anticipate
Today’s
class
Tomorrow’s
class
8. Redundancy
Two valves in series:
Two valves in parallel:
Valve A Valve B
Valve B
Valve A
What happens if one valve is stuck open or stuck closed?
9. Dealing with component failures
• Potential solutions:
– Eliminate failure
– Reduce effect of failure
• Use redundancy
• Design to fail in a safe state
• Design to tolerate the failure
– Make failure less likely
• Improve component reliability
– Reduce duration of failure
– Etc.
14. CSB video – Cooling system incident
• Recommendations:
• Avoid manual interruption of evaporators
• Add more redundant valves (obeying the same flawed
software?)
• Emergency shutdown recommendation
• Activate emergency shutdown in the event of an ammonia release
if a leak cannot be promptly isolated and controlled
• Inadequate checks and reviews were supposed to catch
these problems before the incident
• Technical reviews
• Emergency procedure reviews
• Regulations and Standards
• Safety Management System
18. Today’s Agenda
• Intro to reliability and system risk
• Overview of analysis techniques
• Traditional qualitative techniques
• Failure Modes and Effects Analysis
• Fault Tree Analysis
• Event Tree Analysis
• HAZOP
• Traditional quantitative techniques
• Quant. Fault Tree Analysis
• FMECA
• Quant. ETA
19. Risk/Hazard/Causal Analysis
• “Investigating a loss before it happens”
• Goal is to identify causes of losses (before they occur) so we
can eliminate or control them in
• Design
• Operations
• Requires
• An accident causality model
• A system design model
(even if only in the mind
of the analyst)
“Accident” is any incident,
any undesired loss
20. System Design Model (simplified)
Pressurized
Metal Tank Valve control input
Valve control input
Water
Supply
Drain
28. 5 Whys Example (A Backwards Analysis)
Problem: The Washington Monument
is disintegrating.
Why is it disintegrating?
Because we use harsh chemicals
Why do we use harsh chemicals?
To clean pigeon droppings off the monument
Why are there so many pigeons?
They eat spiders and there are a lot of spiders at
monument
Why are there so many spiders?
They eat gnats and lots of gnats at monument
Why so many gnats?
They are attracted to the lights at dusk
Solution:
Turn on the lights at a later time.
33. Accident models
• Chain-of-events model is very popular
• Intuitive, requires little or no training
• Can be traced to Aristotle (300 BC) and earlier
• “Aristotle claims that in a chain of efficient causes, where the first element of
the series acts through the intermediary of the other items, it is the first
member in the causal chain, rather than the intermediaries, which is the
moving cause (See Physics 8.5, Aristotle, 257a10–12).”
• Forms basis for many other accident models
Event 1
Event 2
Event 3
Event 4
Initiating Event
Intermediate Events
Final Outcome
Image from: http://en.wikipedia.org/wiki/File:Aristotle_Bust_White_Background_Transparent.png
Quote from: http://plato.stanford.edu/entries/aristotle-natphil/
34. Other accident models
• Domino model
• Herbert Heinrich, 1931
• Essentially a chain-of-events model
• What additional assumptions are made?
35. Other accident models
• Swiss cheese accident
model
• James Reason, 1990
• Essentially a chain-of-
events model
• Additional assumptions
• Accidents caused by unsafe acts
• Random behavior
• Solved by adding layers of defense
• Omits systemic factors
• I.e. how are holes created?
Image from: http://www.fireengineering.com/articles/print/volume-163/issue-3/features/managing-fireground-errors.html
36. Other accident models
• Parameter deviation
model
• Used in HAZOP (1960s)
• Incidents caused by
deviations from design or
operating intentions
• E.g. flow rate too high, too low, reverse,
etc.
Image from: http://www.akersolutions.com/en/Global-menu/Products-and-Services/Maintenance-modifications-and-operations/Technology-services/Hazard-and-operability-analysis-HAZOP/
37. Other accident models
• STAMP
• Systems theoretic accident model
and processes (2002)
• Accidents are the result of
inadequate control
• Lack of enforcement of safety
constraints in system design and
operations
• Captures:
• Component failures
• Unsafe interactions among
components
• Design errors
• Flawed requirements
• Human error
Image from: http://organisationdevelopment.org/five-core-theories-systems-theory-organisation-development/
38. Today’s Agenda
• Intro to reliability and system risk
• Overview of analysis techniques
• Traditional qualitative techniques
• Failure Modes and Effects Analysis
• Fault Tree Analysis
• Event Tree Analysis
• HAZOP
• Traditional quantitative techniques
• Quant. Fault Tree Analysis
• FMECA
• Quant. ETA
51. Definitions
Reliability
• Probability that a component or system will perform its specified
function (for a prescribed time under stated conditions)
Failure
• Inability of a component to perform its specified function (for a
prescribed time under stated conditions)
Risk
• Threat of damage, injury, liability, loss, or any other negative
occurrence that may be avoided through preemptive action.
Safety
• Freedom from undesired losses (e.g. loss of life, loss of mission,
environmental damage, customer satisfaction, etc.)
52. FMEA Limitations
• Component failure incidents only
• Unsafe interactions? Design issues? Requirements issues?
• Single component failures only
• Multiple failure combinations not considered
• Requires detailed system design
• Limits how early analysis can be applied
• Works best on hardware/mechanical components
• Human operators? (Driver? Pilot?)
• Software failure?
• Organizational factors (management pressure? culture?)
• Inefficient, analyzes unimportant + important failures
• Can result in 1,000s of pages of worksheets
• Tends to encourage redundancy
• Often leads to inefficient solutions
• Failure modes must already be known
• Best for standard parts with few and well-known failure modes
53. New failure modes and redundancy
• Pyrovalves with dual
initiators
• “No-fire” failures
investigated by NASA
Engineering and Safety
Center
• Failures occurred when
redundant pyrovalves
triggered at same time
– More reliable to trigger a
single valve at a time
57. Safe ≠ Reliable
• Safety often means making sure X never happens
• Reliability usually means making sure Y always
happens
Safe Unsafe
Reliable •Typical commercial flight •Computer reliably executes unsafe
commands
•Increasing tank burst pressure
•A nail gun without safety lockout
Unreliable •Aircraft engine won’t start
on ground
•Missile won’t fire
•Aircraft engine fails in flight
57
61. FTA Process
1. Definitions
• Define top event
• Define initial state/conditions
2. Fault tree construction
3. Identify cut-sets and minimal
cut-sets
Vesely
68. Example of an actual incident
• System Design: Same
• Events: The open position indicator light and open indicator light both
illuminated. However, the primary valve was NOT open, and the system
exploded.
• Causal Factors: Post-accident examination discovered the indicator light
circuit was wired to indicate presence of power at the valve, but it did not
indicate valve position. Thus, the indicator showed only that the activation
button had been pushed, not that the valve had opened. An extensive
quantitative safety analysis of this design had assumed a low probability of
simultaneous failure for the two relief valves, but ignored the possibility of
design error in the electrical wiring; the probability of design error was not
quantifiable. No safety evaluation of the electrical wiring was made;
instead, confidence was established on the basis of the low probability of
coincident failure of the two relief valves.
74. FTA Limitations
• Independence between events
is often assumed
• Common-cause failures not
always obvious
• Difficult to capture non-
discrete events
• E.g. rate-dependent events,
continuous variable changes
• Doesn’t easily capture systemic
factors
75. FTA Limitations (cont)
• Difficult to capture delays and other
temporal factors
• Transitions between states or
operational phases not represented
• Can be labor intensive
• In some cases, over 2,500 pages of fault
trees
• Can become very complex very
quickly, can be difficult to review
77. Vesely FTA Handbook
• Considered by many to be the textbook definition
of fault trees
• Read the excerpt (including gate definitions) on
Stellar for more information
77