Fault tree analysis - Insulin delivery system

The FTA diagram sample "Fault tree analysis - Insulin delivery system" was redesigned from the illustration of "CMSI 641: Introduction to Software Engineering. Design of Critical Systems. B.J. Johnson. 2005. Loyola Marymount University".
"Another way of assessing hazards is using fault tree analysis. In this process, each of the identified hazards is covered by a detailed analysis to find out what might cause it. Either inductive or deductive reasoning is applied. In the case of software hazards, the usual focus is to determine faults that will cause the system to fail to deliver a system service, such as a monitoring system. A "fault tree" is constructed to link all the possible situations together, to help identify the interrelationships of the failures, which modules may cause them, and what "trickle-down effects" there might be. Here is an example of a fault tree, as applied to the Insulin delivery system from Sommerville...
Note that this tree is only partially complete, since only the potential software faults are shown on the diagram. The potential failures involving hardware, such as low battery, blood monitor or sensor failure, patient over-exertion or inattention, or medical staff failure are noticeable by their absence.
The fault tree and safety specification processes are two ways of helping with system risk assessment tasks. Once the risks are identified, there are other assessments that need to take place. First, the likelihood of the risk occurrance must be assessed. This is often quantifiable, so numbers may be assigned based on things like MTBF, latency effects, and other known entities. There may be other non-quantifiable contributors to the risk likelihood, however, such that these must be assessed and estimated by experts in the domain. (Don't short-change this process when dealing with critical systems!) Finally, the risk assessment must include the severity of the risk, meaning an estimation of the cost to the project in the event the risk item actually does occur. "Cost to the project" means all associated costs, including schedule delays, human injury, damage to hardware, corruption of data, and so on."
[myweb.lmu.edu/ bjohnson/ cmsi641web/ week15-2.html]
The FTA diagram example "Fault tree analysis - Insulin delivery system" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Fault Tree Analysis Diagrams solution from the Engineering area of ConceptDraw Solution Park.

"Fault-tolerant computer systems are systems designed around the concepts of fault tolerance. In essence, they have to be able to keep working to a level of satisfaction in the presence of faults. ...
Most fault-tolerant computer systems are designed to be able to handle several possible failures, including hardware-related faults such as hard disk failures, input or output device failures, or other temporary or permanent failures; software bugs and errors; interface errors between the hardware and software, including driver failures; operator errors, such as erroneous keystrokes, bad command sequences, or installing unexpected software; and physical damage or other flaws introduced to the system from an outside source." [Fault-tolerant computer system. Wikipedia]
The computer network diagram example "Cisco LAN fault-tolerance system" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Cisco Network Diagrams solution from the Computer and Networks area of ConceptDraw Solution Park.

"Failure analysis is the process of collecting and analyzing data to determine the cause of a failure. It is an important discipline in many branches of manufacturing industry, such as the electronics industry, where it is a vital tool used in the development of new products and for the improvement of existing products. There are many companies which provide services to find the cause of failure in products, devices and in post disaster situations. The failure analysis process relies on collecting failed components for subsequent examination of the cause or causes of failure using a wide array of methods, especially microscopy and spectroscopy. The NDT or nondestructive testing methods (such as Industrial computed tomography scanning) are valuable because the failed products are unaffected by analysis, so inspection always starts using these methods." [Failure analysis. Wikipedia]
The example "Audit failure - Fault tree analysis diagram" was created using the ConceptDraw PRO diagramming and vector drawing software extended with the Fault Tree Analysis Diagrams solution from the Engineering area of ConceptDraw Solution Park.