The Functional Failure Identification and Propagation (FFIP) risk assessment method has been proposed in past research for the evaluation of early system designs. Extensions of the method have been proposed in prior work to assess a set of system designs, in which there are several alternatives for component parameter values or for the configuration of components and software algorithms. A disadvantage of the method is that a single critical event scenario must be used at a time and that the simulation results must be processed manually. In this paper, an event tree-based methodology is proposed. An event tree is used to investigate the outcome of an initiating failure event when some or all of the system’s safety functions fail to activate; each branch of the tree corresponds to a specific sequence of safety functions which have failed. In this paper, a FFIP run is automatically generated for each branch of the event tree. The method determines the consequences on the system for each branch of the tree in terms of the functional failure output of the FFIP method. In addition, a software tool has been developed to support the methodology and to assist the user to investigate the consequences of each scenario that corresponds to a branch of the event tree. The methodology is illustrated with a case study from boiling water nuclear reactor design.

This content is only available via PDF.
You do not currently have access to this content.