Page 89 - Safety Risk Management for Medical Devices
P. 89

68    Safety Risk Management for Medical Devices


                   Due to its nature, the FTA can be utilized for quantitative analysis, to estimate the
                probability of occurrence of the top undesired events. It is important to remember
                that an FT is not in itself a quantitative model. It is a qualitative model that can be
                evaluated quantitatively.
                   The FTA can be applied to new products before design details are available. In this
                capacity, the FTA can reveal at a high level, potential event sequences that could result
                in System Hazards, and thus alert the design teams to safety-critical aspects of the
                System. When FTA is applied to existing Systems, it can identify design weaknesses
                and aid in the identification of design upgrades to make the System safer.
                   A principal output of the FTA is a collection of minimal cut sets to the top event.
                “A cut set is a set of basic events, which if they all occur, will result in the top event
                of the fault tree occurring” [24]. A minimal cut set is the smallest set of basic events,
                which if they all occur will result in the occurrence of the top event. The term mini-
                mal is used to mean that in a given path to the top event, if any of the basic events
                doesn’t happen, then the top event won’t happen. Minimal cut sets can also be identi-
                fied for intermediate events. If a minimal cut set is shown to be comprised of only
                one basic event, it reveals a vulnerability to a single-point failure.
                   When probabilities are applied to a FT, the dominant cut sets can be identified.
                Those are the pathways with the highest probabilistic contribution to the occurrence
                of the top event. Additionally, the FTA can provide the relative importance of the
                basic events, and the sensitivity of the top event to the different basic events. With
                this knowledge, actions and resources can be prioritized to achieve the biggest reduc-
                tion in the likelihood of occurrence of the top event.
                   One of the strengths of the FTA is that unlike the Failure Modes and Effects
                Analysis (FMEA), for which architectural hierarchy is material and relevant to the
                analysis, in the FTA hierarchy doesn’t matter. The FTA simply looks for the contribu-
                tors to an event and crosses the hierarchical boundaries. Another strength of the FTA
                is that it is easy to learn, and easy to understand.
                   At the service of risk management, the FTA addresses only the pathways to
                Hazardous Situations. There may be many more top events that are of interest to,
                e.g., reliability, or others. Also, by its nature, the FTA only detects the events that are
                found in the path to the Hazardous Situation. Moreover, the modeled faults are not
                exhaustive—only the faults that are considered relevant and credible are assessed.
                   In the FTA the words fault and failure are meaningful depending on the context
                in which they are considered. Failures can be the result of faults. But when a fault is
                viewed in consideration of its underlying contributors, then it can be seen as a failure.
                The word “event” is a more general term that can be applied to both faults and
                failures.
   84   85   86   87   88   89   90   91   92   93   94