Risk Analysis = Hazard Analysis + Risk Assessment

Hazard Analysis Methods

A crucial distinction between different hazard analysis methods is whether the analysis starts with a component failure and tries to investigate the possible effects on the occurrence of hazards, or whether they start with a specific hazard and try to trace back by which sorts of component failures they may be caused.

• Failure Modes and Effects Analysis (FMEA) assumes that the failure modes of the system components are known. On the basis of these failure modes, the causes of each failure is then evaluated in the system. Characteristics of the method:
  • FMEA is a forward analysis method.
    
  • FMEA investigates effects of a single component failure; it is not possible to investigate the problems caused by combinations of component failures.
    
• Failure Modes, Effects and Criticality Analysis (FMECA) is an extended variant of FMEA, where the criticality of each effect is recorded.
  
  • It is considered as state -of-the-art to perform FMECA instead of FMEA.
• Hazard and Operability Studies (HAZOP) use a series of guide words to investigate the effects of deviations from normal operating conditions during each phase of a system's operation.
  
  • FMEA is a forward analysis method.
    
  • HAZOP originated from criticality analysis of chemical processes. It focuses of the effects of normal and exceptional parameter variations on the system.
• Event Tree Analysis (ETA) takes as its starting point the events that can affect the system and tracks them forward through sequences of interfaceing system components to determine their possible consequences.
  
  • FMEA is a forward analysis method.
    
  • ETA is superior to FMEA/FMECA since it analysis the combination of execptional behaviours in a chain of system components.
    
  • The results of an ETA are typically displayed as a horizontal tree structure: The root is the component causing the initial failure event, at each level of the tree, a new component is introduced and analysed for the two cases "component fails/does not fail".
    
  • For a chain of n components, the ETA tree contains 2^(n-1) leaves.
    
• Fault Tree Analysis (FTA) starts with an identified hazard as the root of a tree and works backwards to determine its possible causes. A cause can be defined as an AND or OR combination of events, thereby revealing the combinations of component failures that may cause the hazard. A fault tree analysis follows the system structure, such that the upper levels in a fault tree correspond to the system, and the lower levels correspond to system components.
  
• Common Mode Failure Analysis (CMF) has the purpose to identify potential failures in redundant systems. The failures of interest are those which may occur in both systems at the same time. Such failures may, for instance, occur if the redundant components all run the same software in a synchronous way using active replication techniques.
  
• Cause Consequence Diagrams are a combination of fault tree analysis and event tree analysis: Given the occurrence of an initiating event, the causes of this event are revealed using fault tree analysis, and the consequences are evaluated using an event tree analysis.