# ETA : Event Tree Analysis

-

1. Introduction
• ETA has gained widespread acceptance as a mature methodology for dependability and risk analysis and is applied in diverse industry branches ranging from aviation industry, nuclear installations, automotive industry, chemical processing, offshore oil and gas production, and defense industry to transportation systems.
• ETA is based on relatively elementary mathematical principles. The implementation of ETA requires a high degree of expertise in the application of the technique. This is due in part to the fact that particular care has to be taken when dealing with dependent events.
• Furthermore, one can utilize the close relationship between Fault Tree Analysis (FTA) and the qualitative and quantitative analysis of event trees.

2. Terms And Definitions

• For the purposes of Event Tree Analysis the terms and definitions given in IEC 62502 Analysis techniques for dependability – Event tree analysis (ETA) are applied.

3. General Description

• The Event Tree Analysis (ETA) is an inductive logic technique to model a system with respect to dependability and risk related measures as well as to identify and assess the frequency of the various possible outcomes of a given initiating event.
• According to the IEC 60050(191), the dependability of a system is defined as the ability to meet success criteria, under given conditions of use and maintenance.
• The core elements of dependability are the reliability, availability and maintainability of the item considered.
• Starting from an initiating event, the ETA deals with the question “What happens if…” and thus constructs a tree of the various possible outcomes.
• It is therefore crucial that a comprehensive list of initiating events is compiled to ensure that the event tree properly depicts all the important event sequences for the system under consideration.
• Using this forward logic, the ETA can be described as a method of representing the mitigating factors in response to the initiating event – taking into account additional mitigating factors.
• From the qualitative point of view ETA is a means of identifying all potential accident scenarios (fanning out like a tree with success- or failure branches) and of identifying design or procedural weaknesses.
• As with other dependability techniques, particular care has to be taken with the modeling of dependencies bearing in mind that the probabilities used for quantifying the event tree are conditioned on the event sequence that occurred prior to the occurrence of the event concerned.
• The advantages of ETA as a dependability and risk related technique as well as the limitations are discussed bellow.
• Event Tree Analysis bears a close relationship with the Fault Tree Analysis (FTA) whereby the top events of the FTA yield the conditional probability for a particular node of the ETA.

4. Benefits And Limitations of Event Tree Analysis Benefits

• ETA provides the following merits:

a. It is applicable to all types of technical systems;

b. It provides visualization of event chains following an initiating event;

c. It enables the assessment of multiple, coexisting system faults and failures as well as order dependent events;

d. It functions simultaneously in the failure or success domain;

e. Its end events need not be anticipated;

f. It identifies potential single-point failures, areas of system vulnerability, and low payoff countermeasures. This provides for optimized deployment of resources, improved control of risk through improved procedures and safety functions;

g. It allows for identification and traceability of failure propagation paths of a system;

h. It enables decomposition of large and complex systems into smaller, more manageable parts.

•  Strength of ETA – Compared to many other dependability and risk related techniques – is its ability to model the sequence and interaction of various mitigating factors that follow the occurrence of the initiating event. Thus, the system and its interactions in an accident scenario, with all mitigating factors become visible to the analyst for further risk evaluations.
• Limitations

a. The initiating events are not disclosed by the analysis, but must be foreseen by the analyst;

b. Possible operating scenarios must be anticipated by the analyst;

c. Subtle system dependencies might be overlooked, leading to unduly optimistic estimates of dependability and risk related measures; also sometimes being in a particular state for too long a time can result in a failure state, which is difficult to model in an event tree.

d. Method needs practical experiences of the analyst and preceding system investigations, e.g., to address correct handling of conditional probabilities and dependent events;

e. ETA is not very suitable for handling common cause failures in the quantitative analysis. This aspect should be covered by fault tree analysis which can then be linked to the ETA;

f. Although multiple pathways to system failure may be identified, the levels of loss associated with particular pathways may not be distinguishable without additional analysis; however, awareness of such a need is required

5. Development Of Event Trees

• The events delineating the event sequences are usually characterized in terms of:

a. Functional event tree: The fulfillment (or not) of mitigating functions;

b. System event Tree: The intervention (or not) of mitigating factors which are supposed to take action for the mitigation of the accident;

c. Phenomenological event tree: The occurrence or non-occurrence of physical phenomena.

• Typically, the functional event trees are an intermediate step to the construction of system event trees: following the initiating event, the safety functions which need to be fulfilled are identified; these will later be replaced by the corresponding mitigating factors.
• The system event trees are used to identify the sequences involving the mitigating factors.
• The event trees involving physical phenomena describe the accident with physical phenomena evolution taking place inside and outside the system under consideration (e.g. pressure and temperature transients, fire, containment dispersion, etc.).

6. Evaluation

• Before starting the quantitative analysis of the frequency or probability of the outcomes of the different event sequences, one has to carefully analyze the qualitative aspects of the event tree model, i.e., the dependence of the events, including the initiating event and the top events as well as the intermediate or basic events of the linked fault trees.

For any feedback or suggestions write to info@pharmastate.com

PharmaState Blog
This is a platform for people working in the pharmaceuticals industry for Discussions, Jobs, News updates, Professional Profile display space and company business pages. PharmaState DNA is having four pillars: Quality, Transparency, Innovation & Benchmarks.