Legal information

Copyright DB Netz AG, licensed under CC-BY SA 3.0 DE (see full text in CC-BY-SA-3.0-DE)

ARCH.067 Populate the fault tree

SM-2809 - Populate Confluence page for activity definition: ARCH.067 Populate the fault tree IN PEER REVIEW

GoalVisualize all logical combinations of system level deviations that cause one operational deviation in a fault tree and define initial probabilities for the system level deviations.
Requirements met by this process stepISO 15288 6.4.3.3 c)
InputsNone identified
OutputsAMOD-004 Fault tree (per operational deviation)
Methodology

Following prerequisite activities have been completed in ARCH.066:

  • Deviations of functional exchanges on system level (system level deviations) have been identified
  • Causal links between a system level deviation that cause an operational deviations have been defined
  • Combinatorial logic of all system level deviations that cause one operational deviations has been defined


In this activity the fault tree shall be generated as per AMOD-004., such that the logical combination of system level deviations that results into an operational deviation are shown.

Further, the probabilities for the occurrence of an operational deviation shall be broken down to the causing system level deviations. At this moment of the process a meaningful breakdown of probabilities will be very limited, because the physical manifestation of the system of interest is needed to make this more meaningful, which is not existent yet. Because of that as first approach only the equal distribution of probabilities is suggested depending on the logical combinations applied:

  • OR-gate: Distribute the probability of the operational deviation to the system level deviations such that the sum of the probabilities of the system level deviations does not exceed the probability of the operational deviation.
  • XOR-gate: Distribute the probability of the operational deviation to the system level deviations such that each individual probability of a system level deviation does not exceed the probability of the operational deviation.
  • AND-gate: Distribute the probability of the operational deviation to the system level deviations such that the product of the probabilities of the system level deviations does not exceed the probability of the operational deviation.


Note

The distribution of the probabilities among the system level deviation will become important in one of the following process activities, when external constraints that are implied on the system are considered. E.g. when an input is used from an actor/system of low safety integrity in a system of that requires high safety integrity. Then safety measures have to be incorporated to compensate for the input of low safety integrity.

Tools and non-human resources

Team for Capella

(tbd - possibly a further tool or plugin for modelling fault trees - ticketed SET-183)

CardinalityOnce per system capability per operational deviation, with allowed revisions after changes in the operational level risk model or the system function definitions 
Completion criteria

All system level deviations are included included in at least one fault tree for an operational deviation.

Design review

ARCH.R.3 System capability review

ARCH.R.4 System review - consolidated

Step done by (Responsible)System architect
Provides input to/assists (Contributes)

RAMS architect

Security architect

Uses outputs (Informed)Independent safety assessor