The inter-relationship of cut sets, path sets and system reliability|healthcare|Tao's Tips

Links within this page:

Cut Sets

Definition of Cut Set

A cut set is any group of fault tree initiators (basic event) which, if all occur, will cause the TOP event to occur.
A minimal cut set is a least group of fault tree initiators (basic event) which, if all occur, will cause the TOP event to occur.

Finding Cut Sets

Ignore all tree elements except the initiators (basic events)
Starting immediately below the TOP event, assign a unique letter to each gate (TOP gate is A. Do not repeat letters.
Starting immediately below the TOP event, assign a unique number to each initiator. If a basic initiator appears more than once, represent it by the same number at each appearance.

Figure 2. Fault tree with initiators and gates labelled.

Proceeding stepwise from TOP event downward, construct a matrix using the letters and numbers, starting with the TOP A gate.

- Replace the letter for each AND gate by the letter(s)/number(s) for all gates/initiators which are its inputs. Display these horizontally, in matrix rows.
- Replace the letter for each OR gate by the letter(s)/number(s) for all gates/initiators which are its inputs. Display these vertically, in matrix rows. Each newly formed OR gate replacement row must also contain all other entries found in the original parent row.
A final matrix results, displaying only numbers representing initiators. Each row of this matrix is a Boolean Indicated Cut Set.
By inspection, eliminate any row that contains all elements found in a lesser row.
Also eliminate redundant elements within rows and rows that duplicate other rows. The rows that remain are Minimal Cut Sets.

Process Steps Explained

Figure 3. Cut set matrix producing minimal cut set

{Top row, reading from left to right}

TOP event gate is A, the initial matrix entry
A is an AND gate; B and D, its inputs, replace it horizontally
B is an OR gate; 1 and C, its inputs, replace it vertically. Each requires a new row in the matrix.
C is an AND gate; 2 and 3, its inputs, replace it horizontally.

{Second row, reading from left to right}

D (top row), is an OR gate; 2 and 4, its inputs, replace it vertically. Replace D in its position by 2; duplicate this row as a new row and change 2 to 4.
D (second row), is an OR gate. Replace it as before: 2 and 4, its inputs, replace it vertically. Replace the D and also add a new row in the matrix.
All of the rows in this matrix are cut sets
Remove duplicates in same row: 2-2-3 → 2-3
Remove rows that contain other rows: 2-4-3 contains 2-3, so although 2-4-3 is a cut set, it is not the minimal one that involves the same initiators; so remove 2-4-3 row.
The final matrix: 1-2 /2-3 / 1-4 are minimal cut sets.
Minimal cut set rows are least groups of initiators which will induce TOP.

Cut Set Uses

Evaluating the probability of the TOP adverse event: ` P_T ≅ ∑ P_e `

Cut Set Probability ` P_k = ∏ P_e `

The product of probabilities for events within the Cut Set, is the probability that the Cut Set being considered will induce the TOP event. In Figure 4:
row 1: ` P_k^1 = P_1 × P_2 `
row 2: ` P_k^2 = P_1 × P_3 `
row 3: ` P_k^3 = P_1 × P_4 `
row 4: ` P_k^4 = P_3 × P_4 × P_5 × P_6 `
` P_T ≅ ∑ P_e = P_k^1 + P_k^2 + P_k^3 + P_k^4 `

Evaluating "Importance"

Evaluating Structural Cut Set "Importance".

Analyzing Structural Importance enables qualitative ranking of contributions to System Failure. All other things being equal …

a LONG Cut Set signals low vulnerability (for example, rows 4 in Table 4)
a SHORT Cut Set signals higher vulnerability (rows 1~3 in Table 4)
The presence of NUMEROUS Cut Sets signals high vulnerability
A single cut set signals a Potential Single-Point Failure.

Evaluating Quantitative Cut Set "Importance".

The quantitative importance of a Cut Set ( `I_k` ) is the numerical probability that, given the TOP has occurred, that Cut Set has introduced it.

`I_k = P_k / P_T ` where `P_k = ∏ P_e ` for that minimal cut set.

Analyzing Quantitative Importance enables numerical ranking of contributions to System Failure. To reduce system vulnerability most effectively, attack Cut Sets having greater Importance. Generally, short Cut Sets have greater Importance, long Cut Sets have lesser Importance.

Evaluating Item "Importance".

The quantitative Importance of an item ( `I_e` ) is the numerical probability that, given the TOP has occurred, that item has contributed to it.

` I_e ≅ ∑^(N_e) I_(ke) `
` N_e ` = Number of Minimal Cut Sets containing Item e
` I_(ke) ` = Importance of the Minimal Cuts Sets containing Item e Example: Importance of item 1:
` I_1 ≅ ((P_1 × P_2) + (P_1 × P_3) + (P_1 × P_4)) / P_T `

Evaluating "Common Causes"

Figure 5. Cut set uses: common cause vulnerability

Finding Vulnerability to Common Causes
Analyzing Common Cause Probability

Legend: add unique subscripts to initiators, using a lowercase alphabet letter to indicate common cause susceptibility e.g. m=moisture, h=human operator, q=heat, v=vibration etc. Some initiators may be vulnerable to several Common Causes and receive several corresponding subscript designators. Some may have no Common Cause vulnerability — receive no subscripts.

All Initiators in this Cut Set are vulnerable to moisture. Moisture is a Common Cause and can induce TOP.
ADVICE: Moisture proof one or more items.

Path Sets

Definition of Path Set

A Path Set is a group of fault tree initiators which, if none of them occurs, will guarantee that the TOP event cannot occur.
Path Set Probability ( `P_p` ) is the probability that the system will suffer a fault at one or more points along the operational route modeled by the path.

Finding Path Set

To find path sets, change all AND gates to OR gates and all OR gates to AND.
Then proceed using matrix construction as for Cut Sets. Path Sets will be the result.

Using Path Set to increase Reliability

To minimize failure probability, minimize path set probability
Sprinkle countermeasure resources amongst the Path Sets.
Compute the probability decrement for each newly adjusted Path Set option.
Pick the countermeasure ensemble(s) giving the most favorable ` (ΔP_p) / (Δ$) `.

Figure 6. CUT SET to PATH SET transformation

Reducing Vulnerability: Summary

Inspect tree — find/operate on major `P_T` (Probability of the TOP adverse event) contributors …
- Add interveners/redundancy (lengthen cut sets)
- De-rate components (increase robustness/reduce `P_e` )
- Fortify maintenance/parts replacement (increase MTBF)
Examine/alter system architecture — increase path set/cut set ratio
Evaluate Cut Set Importance. Rank items using `I_e`. Identify items amenable to improvement
Evaluate path set probability. Reduce `P_p` at most favorable ` (ΔP_p) / (Δ$) `

For all new countermeasures, THINK … • COST • EFFECTIVENESS • FEASIBILITY (including schedule)
AND
Does the new countermeasure … • Introduce new HAZARDS? • Cripple the system?

Some AND Gate Properties.

Figure 7. Freedom from single point failure

Cost: Assume two identical elements having `P = 0.1`
TOP `P_T = 0.01`
Two elements (initiators) having `P = 0.1` may cost much less than one element having `P = 0.01`.
Redundancy ensures that either ① or ② may fail without inducing TOP.

Importance Measures

What are Importance Measures?

An effective way to separate, identify, and quantify values of individual factors which affect risk and the sensitivity of risk to changes in components. Common importance measures include:

Fussell-Vesely
Risk Reduction (Risk Reduction Worth, RRW)
Risk Increase or Risk Achievement Worth (RAW)
Birnbaum
System and component failures

System and component failures

Calculation Examples

Initiators

`T = 1`/`year`
`A = 6×10^(-4)`
`B = 1×10^(-2)`
`C = 3×10^(-3)`
`D = 1×10^(-3)`

Minimal Cut Sets

`T•A = 1` / `year × (6×10^{-4)) = 6×10^(-4) `
`T•B•C = 1` / `year × (1×10^{-2)) × (3×10^(-3))` `= 3×10^{-5)`
`T•C•D = 1` / `year × (3×10^{-3)) × (1×10^{-3))` `= 3×10^{-6)`
`Σ(`minimal cut sets`) = F(x) = 6.33×10^{-4)`

Fussell-Vesely (FV)

Measures the overall percent contribution of cut sets containing a basic event of interest to the total risk

Calculated by finding the value of cut sets that contain the basic event of interest `(x_i)` and dividing by the value of all cut sets representing the total risk (baseline risk)

FV_xi = F(i) / F(x)

where

F(i) is risk from just those cut sets that contain event `x_i`
F(x) is the total risk from all cut sets

The FV range is from 0 to 1 (0% to 100%)

`FV_T = F_T` / `F_x `
`FV_T = (6.33×10^(-4)) ` / ` (6.33×10^(-4))`
`FV_T = 1.0`

`FV_A = F_A ` / ` F(x) `
`FV_A = (6.00×10^(-4)) ` / ` (6.33×10^(-4)) `
`FV_A = 0.948`

`FV_B = F_B ` / ` F(x) `
`FV_B = (3.00×10^(-5)) ` / ` (6.33×10^(-4)) `
`FV_B = 0.047`

`FV_C = [F_C + F_D] ` / ` F(x) `
`FV_C = [(3.00×10^(-5)) + (3.00×10^(-6))] ` / ` (6.33×10^(-4))`
`FV_C = 0.052`

`FV_D = F_D ` / ` F(x) `
`FV_D = (3.00×10^(-6)) ` / ` (6.33×10^(-4))`
`FV_D = 0.005`

Risk Reduction Importance (risk Reduction Worth RRW)

Measures the amount that the total risk would decrease if a basic event's failure probability were 0 (i.e., never fails)
Calculated as either ratio or difference between the value of all cut sets representing the total risk (baseline risk) and the value of the total risk with the failure probability for the basic event of interest `(x_i)` set to 0

_xi

The Risk Reduction Ratio range is from 1 to `∞`
Risk Reduction gives the same ranking as Fussell-Vesely
For Maintenance Rule (10 CFR 50.65), NUMARC Guide 93-01 (endorsed by NRC) uses a RRR significance criterion of 1.005
— Equivalent to Fussell-Vesely importance of 0.005

RRR_T `= F_x ÷ (0)`
RRR_T `= (6.33×10^(-4)) ÷ (0) = ∞`

RRR_A `= F_x ÷ (0 + TBC + TCD)`
RRR_A `= (6.33×10^(-4)) ÷ (3.3×10^(-5))`
RRR_A `= 19.18`

RRR_B `= F_x ÷ (TA + 0 + TCD)`
RRR_B `= (6.33×10^(-4)) ÷ (6.03×10^(-4))`
RRR_B `= 1.05`

RRR_C `= F_x ÷ (TA + 0 + 0)`
RRR_C `= (6.33×10^(-4)) ÷ (6.00×10^(-4))`
RRR_C `= 1.06`

RRR_D `= F_x ÷ (TA + TBC + 0)`
RRR_D `= (6.33×10^(-4)) ÷ (6.30×10^(-4)) `
RRR_D `= 1.00`

Risk Achievement Worth (RAW)

Measures the amount that the total risk would increase if a basic event's failure probability were 1 (e.g., component taken out of service or is failed)
Calculated as either ratio or difference between the value of the total risk with the failure probability for the basic event of interest `(x_i)` set to 1 and the total risk (baseline risk)
Ratio: RIR_xi = RAW_xi = F(1) / F)x)
Difference (or Interval): RII_xi = F(1) - F(x)
where,
F(x) is the total risk from all cut sets and all basic events are at their nominal failure probability
F(1) is the total risk with basic event `x_i` probability set to 1
Ratio measure referred to as Risk Achievement Worth (RAW)
The RAW range is ≥ 1
— Caution when interpreting RAW for initiating events, recall initiating events are typically input as a frequency rather than a probability
For Maintenance Rule (10 CFR 50.65), NUMARC Guide 93-01 (endorsed by NRC) uses a RAW significance criterion of 2

`RAW_T = Σ [ (T=1)A + (T=1)BC + (T=1)CD ] ` / ` (6.33×10^-4) `
`RAW_T = (6.33×10^-4) ` / ` (6.33×10^-4) ` ` = 0.00063 ` / ` 0.00063 `
`RAW_T = 1.0 ` `(RII_T = 0.0) `

`RAW_A = Σ[T(A=1) + TBC + TCD] ` / ` (6.33×10^-4) `
`RAW_A = (1.000033) ` / ` (6.33×10^-4)`
`RAW_A = 1579.78` `(RII_A = 0.9994)`

`RAW_B = Σ[TA + T(B=1) + TCD] ` / ` (6.33×10^-4) `
`RAW_B = (3.603×10^-3) ` / ` (6.33×10^-4)` `= 0.003603 ÷ 0.00063 `
`RAW_B = 5.691943128 ≈ 5.692` `(RII_B = 0.00297)`

`RAW_C = Σ[TA + TB(C=1) + T(C=1)D] ` / ` (6.33×10^-4) `
`RAW_C = (1.16×10^-2) ` / ` (6.33×10^-4)`
`RAW_C = 18.32543444 ≈ 18.325` `(RII_C = 0.010967) `

`RAW_D = Σ[TA + TBC + TC(D=1)] ` / ` (6.33×10^-4) `
`RAW_D = (3.63×10^-3) ` / ` (6.33×10^-4)`
`RAW_D = 5.734597156 ≈ 5.735` `(RII_D = 0.002997)`

Birnbaum Importance

Measures the rate of change in total risk as a result of changes to the probability of an individual basic event
Ranks events according to the effect they produce on the risk level when they are modified from their nominal values
`Bi_x = ∂F`(x) / ` ∂x `
where:
F(x) is the total risk from all cut sets and all basic events are at their nominal failure probability
`∂`/`∂x ` is the first derivative of the risk expression with respect to the basic event of interest `(x_i)`
When the risk expression has a linear form
Bi_xi = F(1) - F(0)
The Bi range is between 0 and the cumulative initiating event frequency
— That is, a Bi = 0 indicates little risk sensitivity and a Bi = cumulative initiating event frequency indicates large risk sensitivity

[How to find the First Derivative of a function www.varsitytutors.com

Birnbaum Importance

`Bi_T = Σ[(T=1)A + (T=1)BC + (T=1)CD] − (0) `
`Bi_T = (6.33×10^-4) − (0)`
`Bi_T = 6.33×10^-4`

`Bi_A = Σ[T(A=1) + TBC + TCD] − (0 + TBC + TCD)`
`Bi_A = (1.0) − (3.3×10^-5) `
`Bi_A = 1.0`

`Bi_B = Σ[TA + T(B=1)C + TCD] − (TA + 0 + TCD)`
`Bi_B = (3.603×10^-3) − (6.03×10^-4) `
`Bi_B = 3.0×10^-3`

`Bi_C = Σ[TA + TB(C=1) + T(C=1)D] − (TA + 0 + 0)`
`Bi_C = (1.16×10^-2) − (6.00×10^-4)`
`Bi_C = 1.10×10^-2`

`Bi_D = Σ[TA + TBC + TC(D=1)] − (TA + TBC + 0)`
`Bi_D = (3.63×10^-3) − (6.30×10^-4) `
`Bi_D = 3.0×10^-3`

Path Sets and Reliability

Figure 8. Freedom from single point failure

Path Set Probability (`P_p`) is the probability that the system will suffer a fault at one or more points along the operational route modeled by the path.

`P_p ≅ ΣP_e`

Sprinkle countermeasure resources amongst the Path Sets.
Compute the probability decrement for each newly adjusted Path Set option.
Pick the countermeasure ensembles(s) giving the most favorable `(ΔP_p)/(Δ$)`.
Selection results can be verified by computing `(ΔP_T)/(Δ$)` for competing candidates.

Practice Scenarios

#1. Alarm clock fails to awaken sleeper.

Figure 9. FTA diagram for artificial wakeup

Assume 260 operations/year. Basic events (and rate as faults/year)

Hour hand on the alarm clock jams works: 1/20
Hour hand falls off: 1/10
Electrical fault: 1/15
Power outage: 3/1
Forget to set: 2/1
Faulty mechanism: 1/10
Forget to wind: 3/1
Nocturnal deafness: negligible

Logic Analysis.

[1] AND [2] result in a "{a} Mechanical Fault" (4th level event)
{a} OR [3] result in "{b} Faulty Innards" (3rd level event)
{b} OR [4] OR [5] result in "{c} Main Plug-in Clock Fails" (2nd level event)
[6] OR [7] OR [8] result in "{d} Backup (Windup) Clock Fails" (2nd level event)
{c} AND {d} result in "{e} Alarm Clock Fails" (1st level event)
{e} OR {f} result in "{g} Artificial Wakeup Fails" (top level event)

#2. Sclerotic scurvy —the astronaut's scourge.

Background

Sclerotic scurvy infects 10% of all returning astronauts. Incubation period is 13 days. For a week thereafter, victims of the disease display symptoms which include malaise, lassitude, and a very crabby outlook. Anti-toxin administered during the incubation period is 100% effective in preventing the disease when administered to an infected astronaut. However, for an uninfected astronaut, it produces disorientation, confusion, and intensifies all undesirable personality traits for about seven days. A test can be used during the incubation period to determine whether an astronaut has been infected. The test for infection produces a false positive result in 2% of all uninfected astronauts and a false negative result in one percent of all infected astronauts.

Both treatment of an uninfected astronaut and failure to treat an infected astronaut constitute in malpractice.

Problem

Using the test for infection and the anti-toxin, if the test indicates need for it, what is the probability that a returning astronaut will be a victim of malpractice?

Find minimal cut sets and path sets.

Figure 11. Fault Tree labelled and numbered for cut set analysis

Figure 12. Fault Tree #prac01 for cut set analysis

Figure 13. Fault Tree #prac02 for cut set analysis

Figure 14. FTA diagram for #pathset pratice

Solutions to practice examples

Find minimal cut sets and path sets.

Figure 15. solution to #artificial wakeup (figure 9)

Figure 16. solution to #prac01 (figure 12)

Figure 17. solution to #prac02 (Figure 13)

Figure 18. solution to #pathset (Figure 14)

References

陳曉惠
2010-03-30 (22 slides) 集合的基本概念 467KB (22 slides)
Clements PL.
邏輯閘概率計算 3,055KB (11 slides)
Clements PL.
1990-06-30 2^nd Edition (13pp)
Clements PL.
1993-05-30 4^th Edition (96pp)
Abecassis ZA, McElroy LM, Patel RM, Khorzad R, Carroll C, Mehrotra S. Applying fault tree analysis to the prevention of wrong site surgery.
2014; 193(1): 88-94.
Hyman WA, Johnson E. Fault tree analysis of clinical alarms.
2014; 193(1): 88-94.
Marx DA, Slonim AD. Assessing patient safety risk before the injury occurs: an introduction to sociotechnical probabilistic risk modelling in health care.
2003; 12 (Suppl II): ii33-ii38. [probability data]
Wreathall J, Nemeth C. Assessing risk: the role of probabilistic risk assessment (PRA) in patient safety improvement.
2004; 13: 206-212. [probability data]
NEBOSG National Diploma. Fault Tree Analysis (FTA) and Event Tree Analysis (ETA)
2004; 13: 206-212. [bow-tie model]
Lyons M, Adams S, Woloshynowych M, Vincent C. Human reliability analysis in healthcare: a review of techniques.
2004; 16: 223-237. [probability data] VIP REVIEW
McElroy LM, Khorzad R, Rowe TA, Abecassis ZA, Apley DW, Barnard C, Holl JL. Fault Tree Analysis: assessing the adequacy of reporting efforts to reduce postoperative bloodstream infection.
2017; 32(1): 80-86.
Charters DA, Barnett JR, Shannon M, Harrod P, Shea D, Morin K. Assessment of the probabilities that staff and/or patients will detect fires in hospitals.
Proceedings of the fifth international symposium. pp. 747-758. [probability data]
Rice WP. Medical Device Risk Based Evaluation and Maintenance Using Fault Tree Analysis.
2007; 41(1): 76-82.
Department of Mechanical Engineering (UT Austin) Reliability
2002; May 28.
Precalculus: Find the First Derivative of a Function
Idaho National Laboratory PRA Technology and Regulatory Perspectives — VI Module N Importance Measures
Calculate values for four types of importance measures given Level 1 PRA results. www.nrc.gov/docs/ 22pp