Treatment of general dependencies in system fault-tree and risk analysis

Implicit and explicit methods are described for reliability and risk analysis of systems with dependent or correlated basic events. General rules are presented for modeling any group of n mutually s-dependent events with 2ⁿ-1 s-independent events. The probabilities of these virtual events are determined based on the joint probabilities of the original s-dependent events, typically known by s-correlation or conditional probabilities. The transformations preserve the values of all terms (e.g., minimal cut sets), independent of system success criteria. This facilitates general use of ordinary fault-tree computer codes that assume basic events to be s-independent. Explicit basic event probabilities are obtained for calculating the probability of failure on demand of standby safety systems when the s-dependency is caused by scheduling and synchronization of test episodes between n redundant components (1 ⩽ n ⩽ 4), and by statistical variation of failure rates. Interesting "negative probabilities" are encountered in this exercise, mainly due to negative s-correlation between the component unavailabilities with staggered testing. Results obtained for human-error events are useful when the conditional probability to repeat an error is larger than the probability of an error in a single isolated task. Explicit results are obtained for systems with time-related common-cause failures modeled by general multiple failure rates. The impacts of test intervals and test staggering are included. Staggered testing is optimal with an ETR (extra-testing rule), although ETR is not important for 1-out-of-n:G systems. An economic model provides insights into the impacts of various parameters: the optimal test interval increases with increasing redundancy and testing cost, and it decreases with increasing accident cost and initiating event rate. Staggered testing with ETR allows for the longest optimal test intervals. Rules are presented for changing s-dependency probabilities when some component is known to be failed. Current fault-tree quantification tools are not well geared to use the implicit method in spite of the fact that it would simplify the fault-tree construction, reduce the number of cut sets, and allow different types of dependencies or correlations in the analysis. A recommendation is to computerize the implicit method or include it as an option to current codes. It would need only a data table for joint probabilities and the ability to pick-up data from this table whenever two or more of the s-dependent events appear in a term (or a cut set)