I’m not sure my opinion is aligned to ISO standard, but I believe it’s practical.
When starting safety analysis, I’m recognizing that it can be used as eliciting additional safety requirement. For me, FMEA(Failure Modes and Effect Analysis) is more comfortable.
FMEA is an activity of finding SPF, while FTA(Fault Tree Analysis) is finding both SPF(Single Point Fault) and MPF(Multiple Point Fault). If FTA can reveals SPF only, I’m not sure why I conduct FTA. Based on FMEA, FTA can be extracted automatically. If additional information about SM are considered in FMEA then some MPF can be drawn in FTA. So I believe that the purpose of FTA is to find MPF, not SPF.
I have one more comment about FTA.
It is a kinds of logical expressions. So MPF can be extracted by analyzing identified safety requirements. Let’s assume that Safety Requirements are specified as follows;
Top Requirement = AND(Group_REQ1, Group_REQ2, Group_REQ3)
Group_REQ1 = OR(REQ11, REQ12)
Group_REQ2 = AND(OR(REQ21, REQ22), OR(REQ23, REQ24))
Group_REQ3 = OR(AND(REQ31, REQ32), AND(REQ33, REQ31), REQ35))
Violation of Safety Goal is Negation of Top Requirement.
Based on this, Violation of SG can be expressed as logical expression.
To find CF, CCF, and MPF, these logical expression should be prepared, and it is during safety requirement elicitation phase.
Safety analysis in the architecture level is a deeper level of elicitation of safety requirement.
There is a mechanical procedure of drawing FTA from architecture such as Hip-Hops method. But its demerit is they do not consider logically expressed safety requirements, so constructing logical expression is weak point. It surely reviewed by safety analyzer.