1

How to generate F-N curves

INSE 6320 -- Week 5

Risk Analysis for Information and Systems Engineering

F-N Curves
Fault Trees
Event Trees

Dr. A. Ben Hamza

The frequency of events which causes at least N fatalities is plotted

against the number N on log log scales
The difference between the frequency of events with N or more
fatalities, F(N), and that with N+1 or more, F(N+1), is the frequency of
events with exactly N fatalities, usually represented by f(N), with lowercase f. This means f(N) = F(N)-F(N+1)
Because f(N) must be non-negative, it follows that F(N) F(N+1) for all
N, so that FN-curves never rise from left to right, but are always falling
or flat
The lower an FN curve is located on the F-N graph, the safer is the
system it represents, because lower FN curves represent lower
frequencies of fatal events than higher curves.

Concordia University
2

F-N curves

Societal risk

Usually used to express societal risk.

Important to define acceptable / tolerable risk

The value F(1) is the frequency of accidents with 1 or more

fatalities, or in other words the overall frequency of fatal accidents.
This is the left-hand point on FN-curves, where the curve meets
the vertical axis (usually located at N = 1 with logarithmic scales).

FN curves can be constructed based on historical data in the form

of number of events (floods, landslides, etc) and related fatalities

They can also be based on different future risk scenarios, in which

for a number of events with different magnitudes the number of
casualties is estimated

Risk acceptability is mostly defined on the basis of F-N curves

F-N curves show the number of Fatalities against annual frequency.

How to calculate F-N curves

How to calculate F-N curves

Plot these values in the graph indicated at the bottom of the spreadsheet in a log-log manner,

In this exercise you will calculate F-N curves for accidents that have occurred in
Europe in the period 1967 to 2001 (i.e., 35 years).
Three different types of accident data area available: for roads, railroad and aviation.
The analysis is based on empirical data, collected from historical accidents records.

with Fatalities (N) or the X-axis, and the cumulative frequency per year on the Y-Axis.
Compare the results. What can you conclude on the :

Severity of the accident type

Frequency of the accident type

How to calculate F-N curves

First calculate the total number of fatalities for road, railroad and aviation accidents by multiplying
the number of events with the fatality class. Also calculate the average number of fatalities per
year..
Then calculate the cumulative number of events, starting with the lowest one in the table (related
to 146 fatalities) and summing them up upwards.
Then calculate the cumulative frequency of events per year, by dividing the cumulative number by
the number of years.

Probabilistic Risk Assessment

Probabilistic Risk Assessment usually answers three basic questions:
1) What can go wrong with the studied technological entity, or what are the initiators
or initiating events (undesirable starting events) that lead to adverse
consequence(s)?
2) What and how severe are the potential adverse consequences that the
technological entity may be eventually subjected to as a result of the occurrence
of the initiator?
3) How likely to occur are these undesirable consequences, or what are their
probabilities or frequencies?

Two common methods of answering this last question are Fault Tree Analysis
and Event Tree Analysis.

A fault tree is an event tree, where failures are emphasized rather than
successes

Fault Tree Analysis

Fault Tree Analysis (FTA) is one of the most important logic and probabilistic
techniques used in Probabilistic Risk Assessment (PRA) and system reliability
assessment.

Fault Tree Analysis is a deductive method for identifying ways in which hazards
can lead to accident.

The approach starts with a well defined accident, or top event, and works
backwards towards the various scenarios that can cause the accident.

Fault trees are used to determine the probability of a top event (e.g., core
damage).

Top event defines the failure or success of a system or component

Fault trees use a structure of logical operations to calculate the probability of the
top event as a result of basic events inputs

11

Fault Tree Analysis

The undesired event is stated at the top of the tree
The fault tree gates specify logical combinations of
basic events that lead to the top event

Fault trees can be used to identify system weaknesses

Fault trees can help recognize interrelationships
between fault events

Fault trees consist of logic gates and basic events as

AND Gate:

inputs to the logic gates

Logic Gates: Boolean operations (union or

intersection) of the input events

Basic Events: Faults such as a hardware failure,

human error, or adverse condition

10

Fault Tree Analysis

Fault tree analysis is a graphical representation of the combination of faults
that will result in the occurrence of some (undesired) top event.
In the construction of a fault tree, successive subordinate failure events are
identified and logically linked to the top event.
The linked events form a tree structure connected by symbols called gates.

12

Applying Fault Tree Analysis

Postulate top event (fault)

Branch down listing faults in the system that must occur for the
top event to occur
Consider sequential and parallel or combinations of faults
Use Boolean algebra to quantify fault tree with event probabilities
Determine probability of top event

Fault Tree Logic

Use logic gates to show how top event occurs

Higher gates are the outputs from lower gates in the tree
Top event is output of all the input faults or events that occur

13

FTA Symbols
Basic Event:

15

Intersection

A lower most event that can not be further developed.

E.g. Relay failure, Switch failure etc.,

Over-heated
Wire

D=E.F
D= E Intersection F
E AND F must occur
for D to occur

An Event / Fault: This can be a intermediate event (or) a top event. They
are a result logical combination of lower level events.
E.g. Both transmitters fail, Run away reaction
OR Gate:

Either one of the bottom event results in occurrence of

the top event.
E.g. Either one of the root valve is closed, process signal
to transmitter fails.

AND Gate:

For the top event to occur all the bottom events should
occur.
E.g. Fuel, Oxygen and Ignition source has to be present
for fire.

E
5mA Current
in System

F
Power Applied
t >1ms

14

Union

16

Fault Tree Basics

Top level event

No Current

A=B+C
A=B Union C
B OR C must occur
for event A to occur

Switch A
Open

Battery B
0 Volts

A fault tree involves:

Specifying a top level event (TLE)
representing an undesired state.
Find all possible chains of basic events
that may cause the TLE to occur.
A fault tree:
Is a systematic representation of such
chains of events.
Uses logical gates to represent the
interrelationships between events and
TLE, e.g. AND, OR.

Intermediate
events

Basic events
An example fault tree
Logically: (A + (B + C)) . (C + (A . B))

17

19

Minimal Cut Set Theory

Fault Tree Basics

Logically, fault trees are equivalent if the associated logical

The fault tree consists of many levels of basic and intermediate events linked
together by AND and OR gates. Some basic events may appear in different
places of the fault tree.

The minimal cut set analysis provides a new fault tree, logically equivalent to
the original, with an OR gate beneath the top event, whose inputs (bottom) are
minimal cut sets.

Cut Set: is a set of basic events whose simultaneous occurrence ensures that
the TOP event occurs.

Minimal Cut Set: is a cut set that does not contain another cut set as a
subset.

Each minimal cut set is an AND gate with a set of basic event inputs
necessary and sufficient to cause the top event.

The fault tree can be represented by the TOP structure and the minimal cut
sets connected through a single OR-gate.

formulae are equivalent.

Example:
(A + (B + C)) . (C + (A . B))

C + (A . B)

18

20

Minimal Cut Sets

Procedure
Procedure for Fault Tree Analysis
Define TOP
event

Define overall
structure.

This shape is of particular interest

representation in terms of Minimal Cut Sets
(MCS).

Explore each
branch in
successive level
of detail.

Minimal cut set = smallest set of basic events

which, in conjunction, cause the top level event
to occur.

Perform
corrections if
required and
make decisions

Solve the fault

tree

Solve the Fault Tree:

Assign probabilities of failure to the lowest level event in each branch of the tree.
From this data the intermediate event frequency and the top level event frequency
can be determined using Boolean Algebra and Minimal Cut Set methods.

Logically: Disjunctive Normal Form (DNF) =

MCSs

disjunction of conjunctions of basic events.

The fault tree on the left has two minimal cut

sets: C (single point of failure) and A.B (cut
set of order 2).

21

Fault Tree Construction

Procedure

Consider the following block diagram. Let I/P and O/P be the input and output terminals.
There are two sub-systems A and B that are connected in series.

Steps to get the final Boolean equation:

1. Replace

23

TOP

AND gates with the product of their inputs.

IE1 = A.B

X1

IE2 = C.D

X3

INPUT

2. Replace OR gates with the sum of their inputs.

IE1

IE2

OUTPUT
X2

TOP = IE1+IE2

SUB - SYSTEM (A)

= A.B+C.D
3. Continue this replacement until all intermediate event gates

X4
SUB - SYSTEM (B)

have been replaced and only the basic events remain in the
For this the fault tree analysis diagram shown in next slide

equation.
TOP = A.B+C.D

22

Procedure
Boolean Algebra Reduction Example:
TOP
= IE1 + IE2
= (A.B) + (A + IE3)
= A.B + A + (C.D.IE4)
= A.B + A + (C.D.D.B)
= A + A.B + B.C.D.D
(D.D = D)
= A + A.B + B.C.D
(A + A.B = A)
= A + B.C.D
So the minimal cut sets are:
CS1 = A
CS2 = B.C.D
meaning TOP event occurs if
either A occurs OR (B.C.D) occurs.

24

Continue..

F (S)

Top event

OR
TOP

IE1

IE2

F (A)

F (B)

AND

AND

intermediate event

IE3

IE4

F( X1)

F( X2)

F( X 3)

F( X 4)

Basic event

25

27

Uses of FTA

Continue..

Use of FTA to understand of the logic leading to the top event.

Here F(X1) , F(X2) , F(X3), F(A4) Are Events Fail

Use of FTA to prioritize the contributors leading to the top event.

F (A) = SUB SYSTEM (A) FAILS

Use of FTA as a proactive tool to prevent the top event.

Use of FTA to monitor the performance of the system.

Use of FTA to minimize and optimize resources.

THEN F(A) = F(X1) AND F(X2)

Use of FTA to assist in designing a system.

AND F(B) = F(X3) AND F(X4)

Use of FTA as a diagnostic tool to identify and correct causes of the top event.

F(B) = SUB SYSTEM (B) FAILS

FINALLY THE FAILURE OF THE SYSTEM

F(S) = F(A) OR F(B)

Advantages

Disadvantages

Begins with top event.

Complicated process.

Use to determine the minimal cut sets.

Require considerable amount of time to complete.

26

Calculation of Reliability from Fault Tree

CONSIDER THE EARLIER BLOCK DIAGRAM
The probability of failure of sub system (A) is indicated as shown in below,
P(A) = P (X 1 and X 2)
P(A) = P( X1) . P( X 2)
Similarly for sub system (B)

28

Event Trees

Event trees begin with an initiating event & work towards the final result.

This method provides information on how a failure can occur & the
probability of occurrence.

Event trees can be viewed as a special case of fault trees, where the
branches are all ORs weighted by their probabilities.

Event trees are generated both in the success and failure domains.

This technique explores system responses to an initiating challenge and

enables assessment of the probability of an unfavorable or favorable
outcome. The system challenge may be a failure or fault, an undesirable
event, or a normal system operating command.

In constructing the event tree, one traces each path to eventual success or
failure.

P(B) = P( X 3 and X 4)
P(B) = P( X 3) . P( X 4)
FAILURE OCCURS WHEN SUB SYSTEM (A) or (B) FAIL..,
F (S) = P(A) or P(B) THEN

F(S) = P(A) + P(B) ( P(A) . P(B) )

IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4

THEN
P( Xi ) = 1 Ri
RELIABILITY OF SYSTEM R(S) = 1 - F(S)

29

31

30

32

Event tree development procedure

Step 1: Identification of the initiating event
Step 2: Identification of safety function
Step 3: Construction of the event tree
Step 4: Classification of outcomes
Step 5: Estimation of the conditional probability of each branch
Step 6: Quantification of outcomes
Step 7: Evaluation

Event Tree Structure

Event Tree Analysis

ADVANTAGES

Structured, rigorous, and methodical approach.

Can be effectively performed on varying levels of design detail.

Permits probability assessment.

DISADVANTAGES

An ETA can only have one initiating event, therefore multiple ETAs will be
required to evaluate the consequence of multiple initiating events.

Partial successes/failures are not distinguishable.

Requires an analyst with some training and practical experience.