Common Cause Analysis
Session 16
Common Cause Analysis – Principles
Common cause analysis techniques are an extension of
deductive analysis specifically targeted at the detection of
non-independence between events which would otherwise
have been treated as independent
Functional dependencies
Shared-equipment dependencies
Physical interactions
Human-interface dependencies
Generally require very detailed knowledge of system
Common cause analysis is important
Can undermine design, qualitative and quantitative safety / risk
analyses
Common Cause Analysis - 2
CCA – Outline
General outline of common-cause analysis process:
Consider
recognised
failure Record
Identify groups Group parts Identify mechanisms observations
of critical by common credible and generic and
components features failure modes causes conclusions
From PSSA Possible Include: Include: • Recovery
Fault Tree commonalities • Electrical short • Fire mechanisms
Analysis include: • Broken wires / • Flood or leak • Design
FMEA • Location pipes etc. • Corrosion enhancements
• Manufacturer • Mechanical • Temperature
• Power source interference
• Connectors • EMC
interference
Common Cause Analysis - 3
Zonal Hazard (Safety) Analysis 1
Common-cause analysis technique which specifically considers
physical proximity of different technologies, and how a failure in one
could cause failures in others
e.g. hydraulic leak leads to intermittent electrical connection
Aim is not only to identify interactions, but also where they invalidate
claims of independence
e.g. hydraulic leak causes open
circuit in wire from hydraulic
pressure sensor, claimed to
be independent test for leak
Based on structure of platform
e.g. wing as a single zone
or may take section...
Often regarded as a “black art”
certainly requires experience, and can be hard to systematise
Common Cause Analysis - 4
Zonal Hazard Analysis 2
Simple example of a zonal problem rain water entering
through ventilator air
intake is drained into top
of double bulkhead and
Windscreen then out through drain
holes
Bonnet
moisture in presence of
battery fumes makes
weak acid, which attacks
Battery
bulkhead (structural
Outer Bulkhead Inner Bulkhead component)
maintenance problem
Bulkhead Drain Holes
claimed that battery could
not be relocated due to
space constraint
Common Cause Analysis - 5
Zonal Hazard Analysis 3
Aircraft ZHA example
heating to aircraft front canopy
one heating mechanism is via hot air from engine
for a particular aircraft
hot air duct went through a zone containing two of the four FCS
computers
leak of duct could cause over-heating of computers, and both to
fail – leaving the other two (which is acceptable)
BUT other two FCS computers in adjacent zone
thermal effects would mean that other two computers may fail
shortly afterwards
redesign desirable
Common Cause Analysis - 6
Zonal Hazard Analysis 4
ZHA should be carried out at various stages –
earlier identification of a problem the better
early design stage
from engineering drawings, showing location
of items
in future, do from electronic product definition
e.g. Rolls-Royce and Boeing do electronic pre-
assembly
“Virtual Reality” CAD
mock-ups
sub-assembly / platform in build
completed prototypes
production platform
(hopefully) confirmation / finalisation of earlier
analyses
Common Cause Analysis - 7
Zonal Hazard Analysis 5
ZHA procedures
determine zones
determine the threats to the system
e.g. fire, water movements for ships
determine the ways in which the platform can contain the threat
fireproof doors/partitions, bulkheads
determine zones that reflect this physical containment
based on traditional manufacturing division of platform
e.g. connectors for hydraulics, cables etc. at ship bulkheads
Common Cause Analysis - 8
Zonal Hazard Analysis 6
determine zones contd
may be decomposed hierarchically into major zones, sub-major
zones etc.
e.g. in aircraft
major zone – left wing
sub-major zone – left wing leading edge
zone – left wing leading edge inboard section
decomposition is to the level where a threat can affect that (sub)-
zone
battery compartment
but battery cell would not be
remember the exterior of the platform is a zone
e.g. paintwork of a car
Common Cause Analysis - 9
Zonal Hazard Analysis 7
Common Cause Analysis - 10
Zonal Hazard Analysis 8
Common Cause Analysis - 11
Zonal Analysis 9
Beware of false zones
e.g. the bulkheads for the Titanic
can bulkheads provide containment against water movement
between zones in all circumstances?
Common Cause Analysis - 12
Zonal Hazard Analysis 10
ZHA procedures – continued
identify equipment in zones
either show location or just produce a list
Assess impact on other equipment within and outside zone
equip equip
ment ment equip
Debris
ment
Heat equip equip
equip
ment ment
ment
Environmental factor
equip
ment
equip
ment
equip
ment
Common Cause Analysis - 13
Zonal Hazard Analysis 11
ZHA should address
Mechanical problems, e.g.
clearance from moving parts / uncontained failure of moving parts
foreign object damage
vibration…
Electromagnetic and radiation effects, e.g.
ionising & non-ionising radiation
electro-static discharge and lightning
magnetic fields…
Human factors, e.g.
difficulty of access to the system and its components
spatial relationship of operators to the equipment
ZHA also considers effects of normal operation
Common Cause Analysis - 14
Zonal Hazard Analysis 12
foreign object damage
e.g. roo strike
Common Cause Analysis - 15
Zonal Hazard Analysis 13
Gloster Javelin maintenance example
Common Cause Analysis - 16
Zonal Hazard Analysis 14
Part of a zonal analysis taken from ARP 4761
Equipment Zone Equipment Aircraft level effects Threat to
Failure Mode zone
Hydraulic Main landing Leakage or Loss of hydraulic pressure in one One
pipe gear bay rupture of fluid landing gear extension system. hydraulic
from pipe. Hydraulic leakage is drained system
overboard. Hydraulic fluid vapour inoperable.
is vented overboard.
Hydraulic Leakage of Loss of hydraulic pressure in one One
component fluid landing gear extension system. hydraulic
Hydraulic leakage is drained system
overboard. Hydraulic fluid vapour inoperable.
is vented overboard.
Hydraulic Burst Loss of hydraulic pressure in one One
accumulator landing gear extension system. hydraulic
(green Hydraulic leakage is drained system
system) overboard. Hydraulic fluid vapour inoperable.
is vented overboard. Debris
contained by Kevlar wrapping.
Hydraulic Burst Effects on brake system see SSA. Loss of brake
accumulator Hydraulic leakage is drained hydraulic
(brake overboard. Hydraulic fluid vapour pressure
system) is vented overboard. Debris
contained by Kevlar wrapping.
Common Cause Analysis - 17
Defensive Strategies Against CCA
Design the common cause failure out
Barriers
Physical impediments
Personnel training
Ensure procedures followed
Redundancy and Diversity
Preventative maintenance
Monitoring, testing and inspection
Including dedicated tests on redundant components following
observed failures
Common Cause Analysis - 18
Particular Risk Analysis 1
Most safety analysis techniques are:
systematic
largely independent of technology
Particular Risk Analyses (PRA)
are technology dependent, or circumstance dependent,
analyses
examples from aerospace - fan burst, fire, EWIS
examples from railways – SPAD, vandalism etc
may involve complex calculations or simulation
used in common cause analysis
Common Cause Analysis - 19
Particular Risk Analysis 2
Example – fan burst
burst angle for fan defined,
e.g. ± 3º
blade trajectory (and
penetration) modelled
interaction with other aircraft
systems and technologies
identified, e.g. loss of all
hydraulics (Sioux City) Burst angle
common cause – perhaps in Hydraulics
ZHA
Hydraulics
Burst
Angle
Common Cause Analysis - 20
Conclusions
Common cause analyses are important
common cause failures can undermine design, qualitative and
quantitative safety analysis
There are techniques for carrying out common cause
analysis
ZHA – looking at proximity
particular risk – considering specific problems and technologies
such as stores
also other issues, e.g. manufacturing, maintenance
Key area for systems safety engineers, as these issues
cross (sub)- system boundaries and technologies
likely to be come more demanding in the future
Common Cause Analysis - 21