Page 95 - Safety Risk Management for Medical Devices
P. 95

74    Safety Risk Management for Medical Devices


                       more details). Using the appropriate logic gates connect the higher level fault
                       to the lower level events.
                    6. Repeat Steps (4) and (5) for every fault in the FT until the terminus of the
                       tree is reached. The terminus is where all the events are basic events, or unde-
                       veloped events, or normal events.
                    7. Identify the components that are susceptible to CCFs, and then properly
                       model the CCF contribution.
                    8. Look for dependencies of faults.
                    9. Determine the minimal cut sets. Identify any minimal cut sets that depend on
                       a singular basic event.
                   10. If quantitative data is available for the basic events, compute the probability of
                       occurrence of the Hazardous Situations. Also perform an importance and sen-
                       sitivity analysis.
                   Information from the FT can be used in the Preliminary Hazard Analysis (PHA;

                Section 12.3). For example, probability of Hazardous Situations would inform the P 1
                values; and sequence of events can be created from the causal chains in the FTs.
                   Passive versus Active components. Passive components’ contribution to the system is
                more or less static. Examples are: wires, tubes, and welds. Active components provide
                a dynamic contribution to the system. Examples of active components are valves and
                switches. Historically, from a reliability perspective, passive components are two to
                three orders of magnitude more reliable than active components.


                    Tip   Because passive components are far less likely to fail than active components, you may
                    want to exclude passive components from the fault tree analysis, as their contribution to System
                    risk will be small.

                   It is important to develop a FT to a sufficient depth to gain meaningful knowledge
                of failure mechanisms and functional/failure dependencies. Developing FTs beyond
                that is a waste of effort, and potentially distracting. Another drawback to overly deep
                FTs is that generally quantitative failure rate data doesn’t exist for low-level
                components.
                   A common heuristic is to model the system to the depth necessary to identify
                functional dependencies, and to a level for which failure rate data exists for the
                components.



                12.1.5 Ground rules
                The ground rules listed in this section are intended to facilitate the creation of FTs
                while minimizing confusion and wasted effort.
   90   91   92   93   94   95   96   97   98   99   100