Facilitating fault tree preparation and review by applying complementary event logic

This paper describes a simple analysis and documentation procedure which can help ensure the completeness and accuracy of fault tree analysis, and thus help assure the safety of the corresponding product or system. With this procedure, each layer of the fault tree which feeds into an OR gate is structured to comprise a complete theoretical set. This is done, generally, by first including the most significant or most obvious failure contributor, and then using complementary event logic to define a second failure contributor which includes all possibilities except the one already covered. A simple example of using complementary event logic in this way would be an OR gate with the contributors: (1) “valve commanded closed”; and (2) “valve closes even though not commanded”. Another example would be an OR gate with the contributors: (1) “software logic satisfied to generate a valve close command”; and (2) “a valve close command is generated even though the software logic is not satisfied”. Fault trees prepared in this way are inherently complete, and are more amenable for review