Common cause and special cause (statistics)

As a common cause failures (including failure due to common cause, common cause failure or together cause failures, GVA, English common cause failures, CCF) are in the risk analysis failures of several components or systems, calling it the result of a single cause of the error or single event occur. Your failure behavior is therefore statistically dependent on each other.

Types of dependent failures

To be distinguished from common cause failures are initially similar failures ( Common Mode Failure), which are characterized by an identical sequence.

There are three fundamentally different types of failures distinguish common cause:

• Failures because of a common external cause (secondary failures),
• Failures due to functional dependencies of the components ( commanded failures),
• Failures due to a - the component inherent - common cause ( GVA).

Secondary failures can be triggered by unexpected environmental conditions such as humidity, vibration, heat, skipped several components ( for " extrinsic dependency "). Are all pumps of a sprinkler system in the same room, all these pumps can fail at the same time, if the room is too hot is flooded (eg following a fire event) or by a water leak ( possible common causes of error ).

Commanded failures occur when multiple components have common control or supply systems ( power supply, ventilation, cooling water), which also leads to the failure result of the cancellation of the supplied components (after " Intrinsic / functional input dependency "). ( In the detailed fault tree analysis, these functional dependencies are represented in the fault tree model and are thus explicitly evaluated. )

Failures due to - several components inherent - common cause occur in components of the same type from one manufacturer, in particular under the same operating conditions. The same applies to the same type equipment of several components. The causes of errors can be caused by covert design or manufacturing defects, due to faulty maintenance procedures (such faulty investigation plan, defective lubrication or cleaning agents ) or by the use of the same ( faulty ) software.

Importance of common cause failures

Of particular importance are potential common cause failures in an undesirable cancellation of redundant safety-related subsystems. In avoiding this possibility, therefore, great importance should be given for outages, which cause great dangers, be laid. Examples of this are the safety systems of nuclear power plants, airplanes.

In the probabilistic safety analysis (PSA ) and specifically in the fault tree analysis of Together caused failure ( GVA) is explicitly analyzed (see Kap.3.3 ).

Strategies against common cause failures

Strategies against common cause failures ( GVA), for example, spatial separation, use of diverse software and use diversely redundant components, eg of parallel-connected components from different manufacturers, see diversity ( technology).

With the shortening of the test intervals of redundant components, the probability of GVA can be reduced since occur offset the timing of component failures of a redundancy group for a number of reasons (such as notably from pollution, corrosion, adhesion, wear - GVA events in the category " non- lethal shock " ). Upon detection of the first fault an impending GVA can be averted by removing the failure, since the other components of the redundancy group are still intact.

Models for the quantification of GVA

A " together caused failure" (GVA ) of a group of components produced in the principle of two factors, ( 1 ) the vulnerability of the components with respect to a particular cause ( " root cause" ) and ( 2 ) a mechanism ( coupling factor ), the conditions causes for the multiple failure.

Example: Two pressure relief valves fail to open at overpressure due to a too high set response (as a result of a personal error / " human error" ).

The GVA models distinguish two main types of failure behavior of redundant components Groups:

• Fatal shock - all components of the redundancy group have failed due to a common cause ( The coupling probability of all components is 1).
• Non -lethal shock - the components of the redundancy group are affected by a common failure mechanism, the degree of damage to the individual components may be different pronounced, from weak to complete ( coupling probabilities from 0 to 1 ).

The evaluation of operating experience for the recovery of GVA probabilities in the cases " Fatal shock" unique, ie failure of all components of the redundancy group.

For events "non- lethal shock" must to obtain the GVA each probabilities, the degree of damage to the individual components are estimated in the form of a coupling probability ( "expert estimation "). This estimate is subject to considerable uncertainty in the rule, as this is the level of experience of experts and in particular the quality of the damage and description of causes dependent. The identification and description of the basic causation ( "Root Cause" ) is not trivial, it often remains undetected and is many cases, only in case of recurrence. In is therefore determined by the statistical scatter of the data collection beyond an interpretation of uncertainty, will be expanded with the uncertainty factor or scatter factor (K ) (K ≥ 4).

Determination of GVA probabilities

The GVA- probabilities of the components groups ( the power plant operating hours ) of each group determined from the numbers of observed events GVA, the estimated coupling probabilities and the observation times. They are therefore non-availability variables in the probabilistic model dar.

In ( Appendix A: Generic GVA probabilities ) derived GVA probabilities are reported for different redundancy groups (such as for valves, gate valves, heat exchangers, fans, pumps, diesel generators, measuring devices for a number of procedural and electrical components from the operating experience of nuclear power plants, batteries, switches, relays, see examples in table), below.

Table: GVA probabilities of redundancy groups ( 2 of 2) and ( 3 of 3) by.

(Observation time)

Probability

2 of 2

( Scatter factor )

Probability

3 of 3

( Scatter factor )

(920 years)

(4.0 )

(4.9 )

(326 years)

(4.0 )

(5.5 )

With motor drive

In the cooling water system

( 3950 years )

(4.0 )

(4.2 )

(4.0 )

(4.2 )

(4.0 )

(4.2 )

(4.0 )

(4.2 )

The GVA- likelihood of redundancy groups ( 2 of 2) and ( 3 of 3) are distinguished by their coupling probabilities only slightly, ie a reliability growth by increasing the degree of redundancy is therefore marginal.

In contrast, the test interval has a much greater impact, since the majority of GVA events in the category of " non -lethal shock" fall and the GVA event can already be detected by the test until all components of a redundancy group have failed. The GVA- month probabilities of tested groups therefore differ over groups tested annually to practically a magnitude, ie, the test interval is approximately linear in the GVA probabilities.

Swell

• Risk Management