How Do I quickly determine that FTA is poor?

I have some criteria to determine that it is not mature within 10 sec.

1) There are no AND gate

No AND gate means that there is no safety mechanisms. It also means that it is not complete. if any fault occurs, it can trigger to Top level event. It is not mature FTA. There is no remedy how to handle.

If you have time, please check cut-set analysis result. Generally SPF(single point fault) is not allowed.

2) Small Tree

There is a method to generate to FTA mechanically based on FMEA. If FMEA is ready, then please compare size between FTA and FMEA. It does not mean that they should be equivalent, but at least roughly 40~60% should be overlapped.

The value is what I created in my mind, and there is no rationale. Of course FTA is generated from FMEA, then it should be 100% equivalent.

If there is no commonality between FMEA and FTA, then it is not well-made.

In some cases, they are inconsistent between FMEA and FTA. It is obviously no good. Of course, comparison requires more than 10 sec. But size comparison between FMEA and FTA is enough to spend 10 sec.

 

 

Useful AUTOSAR specifications for functional safety

Recently I had a chance to review AUTOSAR specifications, and I share useful documents for functional safety.

Engineering aspect, safety analysis is key task for functional safety. I recommend that they are insightful.

They are recommended not only for safety engineers in automotive domain but also for safety engineers in other domain.

• Explanation of Error Handling on Application Level
• Overview of Functional Safety Measures in AUTOSAR
• Safety Use Case Example

 

If you access AUTOSAR web site, you can download safety related documents.