sec12_commonfa_2

7/30/2019 sec12_commonfa_2

1/18

REAL AVAILABILITY 2005

Common Cause Failures:Failures of multiple componentsinvolving a shared dependency


2/18

KEY POINTS OF THE SESSIONComponent Arrangements

Common Cause Failures

B Factor Method

Data Center Common Cause Failures

Dual Path and Dual Cord

Fault Tree Analysis of Single-Cord, Dual Path,

and Dual Cord Service4-2


3/18


4/18


5/18

EXAMPLE OF COMMON CAUSE FAILURESOURCES POTENTIALLY ABLE TO

AFFECT DATA CENTERS SERIOUSLYEnvironmental

Support System(Exceeding Allowable

Envelope) Structural External

Fuel Quantity

Fuel Quality

Cooling

Lubrication

Temperature

Pressure

Vibration

Noise

ManufacturingFlaw

FaultyMaintenanceProcedure

Earthquake

Hurricane

Tornado

Flood

Ventilation

Human Error

Air Quality

Electromagnetic Pulse

Component

Design Error

Explosion

Labor StrikeControl Power Terrorist

InterfacingSwitchgear

Action

4-5


6/18

TYPES OF COMMON CAUSE FAILURES AND THEIR ASPECTSDEPENDENT STRUCTURAL* ENVIRONMENTAL EXTERNAL*

Description of Failure of an interfacingFailure Cause system, action or

component

Hardware Examples Loss of electricalpower

A manufacturerprovides defectivereplacement parts thatare installed in allcomponents of a

given classHuman Examples Following a mistaken

leader An erroneous

maintenanceprocedure is repeatedfor all components ofa given class

Easy to Anticipate?:

Component failure High

Human error MediumEasy to Mitigate?:

Component failure High, if systemdesigned for mitigation

Human error High, if feedbackprovided to identify theerror promptly

* Usually there are no precursors

A common material ordesign flaw whichsimultaneously affects

all componentspopulation

Faulty materials Aging Fatigue Improperly cured

materials Manufacturing flaw

Incorrect training Poor management Poor motivation Low pay

Very Low

Very Low

Very Low, hard todesign for mitigation

Very Low, the factorsmaking CCF likely alsodiscourage beingprepared for correction

A change in theoperationalenvironment which

affects all members of acomponent populationsimultaneously

High pressure High temperature Vibration

Common cause psf's New disease Hunger Fear Noise Radiation in control

room

Medium

Medium

Low

Low

An event originatingoutside the systemwhich affects all

members of acomponent populationsimultaneously

Explosion Toxic substance Severe Weather Earthquake Concern for families

Medium

Medium

Low

Low

4-6


7/18

COMMON CAUSE (i.e., DEPENDENT) FAILURESLet CC Be a Common Cause Failure Event Causing Dependent Failures ofComponents A, B, C and D. The Component A Can Fail By

1. Independent Failure, Event Ai, Prob. = qA2. Dependent Failure, Event (Ac CC), Prob. = Prob.[Ac|CC]

Prob.(CC) = Prob.(CC)

Failure

Ai (Ac CC)

Prob.[Failure of Component A] = Prob.(Ai) + Prob. (Ac CC)

- Prob.(Ai) Prob. (Ac

CC)

Neglect, as Usually is ofSmall Value

4-7


8/18

COMMON CAUSE (i.e., DEPENDENT) FAILURESConsider Failure of Four Components: A, B, C, D

[Prob. 4 Component Failures ]= Prob. [AB C D][= Prob. A (BCD)] CProb. B[ ( D)] DProb. C[ ]Prob.(D)

Now Consider Events A, B, C, D Each to Have an Independent

Version and a Version Dependent Upon Event CC, (Prob. (CC) = qcc )

Then Prob.(A B C D )qA qBqCqD[[+ Prob.[Ac (Bc Cc Dc)]Prob. Bc (CcDc CC)]Prob. Cc (DcCC)]

( (Prob. Dc CC)Prob. CC)

(Prob. Dc CC)(Or Prob. A B C D )qA qBqCqD + 1 qcc

Independent Dependent

4-8


9/18

COMMON CAUSE (i.e., DEPENDENT) FAILURES(Often Order (qCC )=Order qA,B,C, D)>>qAqBqCqD(Prob. AB C D )q CC

In This Situation Redundancy of Components is of Little Benefit in

Reducing Values of Prob. (AB C D )

(Then Prob. A B C D) Prob.(Ai Bi Ci Di)+Prob.(Acc Bcc Ccc Dcc CC)i + independent failurec + dependent, or common cause failure

4-9


10/18

COMPONENT ARRANGEMENTSParallel Used When Success of a Single

Component is Sufficient for System SuccessAB

N

ComponentA

B C

Success

Three

SystemsN S =A +B+C =1A B C

Psystem =1qi , for Independent Failures Failurei=1

Psystem=1QindependentQcommon+ (Q independentQcc)cause

SCC

N N Success1

qi+ qccqcc qi= i=1 i=1Typicallyis small

4-10


11/18

COMMON CAUSE FAILURE FACTOR METHOD

N components, each of which has an independent failureprobability qI;

Common cause failure factor ;Let C be the event that common failure happens, P(C) = qI;

If C happens, none of the N components can succeed;

NOTE: Sometimes sharing a common cause among N components will

result in m (m N) failing upon occurrence of the common cause.

4-11


12/18

NO COMMON CAUSE FAILURE

If there is no common cause failure, i.e. = 0.With N = 10, we obtain the following binomial distribution forX the number of successful components.

10 kP(X =k) =

k (1 qI) qI10k,

k =0,1,2,...,10

4-12


13/18

COMMON CAUSE FAILURE: FACTOR METHOD(continued)

If 0, X has the following distribution:

P( X = 0) = P(X = 0 | C)P(C ) + P( X = 0| C)P(C)= 1 qI +

10(1 qI )0 qI10 (1 )= qI + (1 )qI10 qI 0

k 0

P( X = k) = P(X = k | C)P( C) + P( X = k | C)P(C)

10 10 k

= 0 qI +

10

(1 qI )k

qI10 k

(1 qI ) = (1 qI )

(1 qI )k

qI k k 10 k 10 (1 qI )k qI

k 4-13


14/18

COMMON CAUSE FAILURE: FACTOR METHOD(continued)

Common cause failure increased the probability that all componentswill fail dramatically. Take N = 10, qI = 0.01 as an example:

If = 0 (no common cause failure), the probability that all 1010

components will fail is 00.0110= 0.0110=10200(10.01) If = 0.01, the probability the common cause failure happens is

P(C) = qI=0.010.01=10-4. The probability that all 10 components

will fail is qI +(1 )qI10 =0.01 0.01 + (1 0.01) 0.01

10 104

With = 0.01, we have all components failure probability of 10-4while without common cause failure, we have 10-20, which is far

less than 10-4.

4-14


15/18

COMMON CAUSE FAILURE:FACTOR METHOD(continued)

beta=0

p k 0 1 2 3 4 5 6 7 8 9 10

0.01 1.0000E-20 9.9000E-18 4.4105E-15 1.1644E-12 2.0173E-10 2.3965E-08 1.9771E-06 1.1185E-04 4.1524E-03 9.1352E-02 9.0438E-01

0.001 1.0000E-30 9.9900E-27 4.4910E-23 1.1964E-19 2.0916E-16 2.5074E-13 2.0874E-10 1.1916E-07 4.4641E-05 9.9104E-03 9.9004E-01

0.0001 1.0000E-40 9.9990E-36 4.4991E-31 1.1996E-26 2.0992E-22 2.5187E-18 2.0987E-14 1.1992E-10 4.4964E-07 9.9910E-04 9.9900E-01

beta=0.01

p k 0 1 2 3 4 5 6 7 8 9 10

0.01 1.0000E-04 9.8990E-18 4.4100E-15 1.1642E-12 2.0170E-10 2.3963E-08 1.9769E-06 1.1184E-04 4.1519E-03 9.1343E-02 9.0429E-01

0.001 1.0000E-05 9.9899E-27 4.4910E-23 1.1964E-19 2.0916E-16 2.5074E-13 2.0874E-10 1.1916E-07 4.4641E-05 9.9103E-03 9.9003E-01

0.0001 1.0000E-06 9.9990E-36 4.4991E-31 1.1996E-26 2.0992E-22 2.5187E-18 2.0987E-14 1.1992E-10 4.4964E-07 9.9910E-04 9.9900E-01

beta=0.001

p k 0 1 2 3 4 5 6 7 8 9 10

0.01 1.0000E-05 9.8999E-18 4.4104E-15 1.1643E-12 2.0172E-10 2.3965E-08 1.9771E-06 1.1185E-04 4.1523E-03 9.1351E-02 9.0437E-01

0.001 1.0000E-06 9.9900E-27 4.4910E-23 1.1964E-19 2.0916E-16 2.5074E-13 2.0874E-10 1.1916E-07 4.4641E-05 9.9103E-03 9.9004E-01

0.0001 1.0000E-07 9.9990E-36 4.4991E-31 1.1996E-26 2.0992E-22 2.5187E-18 2.0987E-14 1.1992E-10 4.4964E-07 9.9910E-04 9.9900E-01

*In the above table, q means qI, 4-15


16/18

4-16


(continued)

No common cause failure, log scale

1E-40

1E-37

1E-34

1E-31

1E-28

1E-25

1E-22

1E-19

1E-16

1E-13

1E-10

1E-07

0.0001

0.1

0 1 2 3 4 5 6 7 8 9 10

Number of successes

Probability

qI = 0.01

qI = 0.001

qI = 0.0001


17/18

4-17


(continued)

Common cause factor is 0.01, log scale

1E-36

1E-34

1E-32

1E-30

1E-28

1E-26

1E-24

1E-22

1E-20

1E-18

1E-16

1E-14

1E-12

1E-101E-08

1E-06

0.0001

0.01

1

0 1 2 3 4 5 6 7 8 9 10

Number of successes

Probability

qI = 0.01, beta=0.01

qI = 0.001, beta=0.01

qI = 0.0001, beta=0.01


18/18

4-18


(continued)Common cause factor of 0.001, log scale

1E-36

1E-33

1E-30

1E-27

1E-24

1E-21

1E-18

1E-15

1E-12

1E-09

1E-06

0.001

1

0 1 2 3 4 5 6 7 8 9 10

Number of successes

Probability

qI = 0.01, beta=0.001

qI = 0.001, beta=0.001

qI = 0.0001, beta=0.001

Documents

sec12_commonfa_2