Quantitative risk assessment system (QRAS)

US 6,223,143 B1
Filed: 08/31/1998
Issued: 04/24/2001
Est. Priority Date: 08/31/1998
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus assessing risk of failure of a system, said apparatus comprising:

a build risk model module building a risk model of the system, said risk model including an element/subsystem/failure mode hierarchy, a mission timeline linked with the hierarchy by indicating what are phases for global system functioning and providing time intervals for failure modes for each subsystem, mulitiplicities, redundancies, and dependencies across the system and at a subsystem level and above by an embedded fault tree behind the hierarchy, a failure mode quantification, event sequence diagrams that link with initiating events of the event sequence diagrams being the failure modes in the hierarchy, tagged by Phase and operational time intervals of the respective subsystems;

a create fixed baseline/generate analysis runs module, coupled to the build risk model module, creating a fixed baseline of the system that generates and stores the lowest-level scenarios of the risk model preserved in event-tree structure, with linkage via the hierarchy to time-based or demand-based quantification, and providing for multiple user-defined analysis runs using the fixed baseline; and

a perform sensitivity analysis module, coupled to the create fixed baseline/generate analysis runs module, altering any of the components or combination thereof that are fundamental to construct the baseline without modifying the baseline itself, and using an existing analysis run, generating the sensitivity run with the user-supplied sensitivity changes, presenting both the original runs and the new sensitivity-derived results.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A quantitative risk assessment system (QRAS) builds a risk model of a system for which risk of failure is being assessed, then analyzes the risk of the system corresponding to the risk model. The QRAS performs sensitivity analysis of the risk model by altering fundamental components and quantifications built into the risk model, then re-analyzes the risk of the system using the modifications. More particularly, the risk model is built by building a hierarchy, creating a mission timeline, quantifying failure modes, and building/editing event sequence diagrams. Multiplicities, dependencies, and redundancies of the system are included in the risk model. For analysis runs, a fixed baseline is first constructed and stored. This baseline contains the lowest level scenarios, preserved in event tree structure. The analysis runs, at any level of the hierarchy and below, access this baseline for risk quantitative computation as well as ranking of particular risks. A standalone Tool Box capability exists, allowing the user to store application programs within QRAS.

Citations

28 Claims

1. An apparatus assessing risk of failure of a system, said apparatus comprising:
- a build risk model module building a risk model of the system, said risk model including an element/subsystem/failure mode hierarchy, a mission timeline linked with the hierarchy by indicating what are phases for global system functioning and providing time intervals for failure modes for each subsystem, mulitiplicities, redundancies, and dependencies across the system and at a subsystem level and above by an embedded fault tree behind the hierarchy, a failure mode quantification, event sequence diagrams that link with initiating events of the event sequence diagrams being the failure modes in the hierarchy, tagged by Phase and operational time intervals of the respective subsystems;
  
  a create fixed baseline/generate analysis runs module, coupled to the build risk model module, creating a fixed baseline of the system that generates and stores the lowest-level scenarios of the risk model preserved in event-tree structure, with linkage via the hierarchy to time-based or demand-based quantification, and providing for multiple user-defined analysis runs using the fixed baseline; and
  
  a perform sensitivity analysis module, coupled to the create fixed baseline/generate analysis runs module, altering any of the components or combination thereof that are fundamental to construct the baseline without modifying the baseline itself, and using an existing analysis run, generating the sensitivity run with the user-supplied sensitivity changes, presenting both the original runs and the new sensitivity-derived results.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus according to claim 1, wherein the build a risk model module further comprises a create mission timeline module creating the mission timeline of the system comprising top level, contiguous phases for the system and multiple operational time intervals for each discrete subsystem, wherein the create mission timeline module tags failure modes to the operational time intervals.
  - 3. The apparatus according to claim 2, wherein the build risk model module further comprises a quantify failure modes/documentation module quantifying the failure modes of the system tagged to the operational time intervals and storing documentation displayed upon user request.
  - 4. The apparatus according to claim 3, wherein the build risk model module further comprises a build and quantify ESDs module building and editing event sequence diagrams tagged to the operational time intervals and phases.
  - 5. The apparatus according to claim 4, wherein the build risk model module further comprises an include multiplicities, dependencies, and redundancies module which includes in the risk model the multiplicities, dependencies, and redundancies of the system at the element, and/or subsystem, and/or failure mode levels.
  - 6. The apparatus according to claim 5, wherein the create fixed baseline/generate analysis runs module determines the probabilities of failure over scenarios and ranks risks by subsystems or failure modes using fundamental units of failure.
  - 7. The apparatus according to claim 6, wherein risks are ranked by end states.
  - 8. The apparatus according to claim 5, wherein the build and quantify ESDs module automatically generates event trees from the event sequence diagrams.
  - 9. The apparatus according to claim 5, wherein the hierarchy is combined with the fault tree behind the hierarchy to account for dependencies between differing elements or subsystems.
  - 10. The apparatus according to claim 9, wherein risk models are organized by project independent of other projects.
  - 11. The apparatus according to claim 9, wherein a percentage of distribution which must be truncated to allow uncertainty between 0 and 1, inclusive, is determined and a corresponding message is displayed to the user.
  - 12. The apparatus according to claim 9, further comprising a toolbox including a set of internal codes/programs quantifying, off-line, the components of the risk model.
  - 13. The apparatus according to claim 1, wherein the element/subsystem/failure mode hierarchy comprises a multiplicity number k corresponding to an element, a subsystem, or a failure mode of the element/subsystem/failure mode hierarchy, and that the corresponding element, the corresponding subsystem, or the corresponding failure mode is accounted for k times in the element/subsystem/failure mode hierarchy by the risk model.
  - 14. The apparatus according to claim 1, wherein the baseline is locked and unlocked using a password.

15. A method of assessing risk of failure of a system, said method comprising:
- building a risk model of the system by a build risk model module, said risk model including an element/subsystem/failure mode hierarchy, a mission timeline linked with the hierarchy by indicating what are phases for the system functioning and providing time intervals for failure modes for each subsystem, mulitiplicities, redundancies, and dependencies across the system and at the subsystem level and above by an embedded fault tree behind the hierarchy, a failure mode quantification, event sequences diagrams that link the initiating events of the event sequence diagrams with the failure modes in the hierarchy, tagged by Phase and operational time intervals of the respective subsystems; and
  
  analyzing risk in the system by creating a fixed baseline of the system and providing for individual risk analyses by accessing the baseline and tagged to levels of the hierarchy, said fixed baseline generating and storing the lowest-level scenarios of the risk model preserved in event-tree structure, with linkage via the hierarchy to time-based quantification, and providing for multiple user-defined analysis runs using the fixed baseline by altering the components or combinations thereof that are fundamental to construct the baseline without modifying the baseline itself with user-supplied sensitivity changes, and using an existing stored analysis run, generating a sensitivity run with the user-supplied sensitivity changes, presenting both the original run and the new sensitivity-derived results.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method according to claim 15, wherein the mission timeline comprises top level, contiguous phases for the system and multiple operational time intervals for each discrete subsystem, and wherein the the failure modes are tagged to the operational time intervals.
  - 17. The method according to claim 16, wherein building a risk model further comprises quantifying the failure modes of the system tagged to the operational time intervals and storing documentation displayed upon user request.
  - 18. The method according to claim 17, wherein building a risk model further comprises building event sequence diagrams tagged to the operational time intervals and automatically generating event trees displayed on individual analysis runs.
  - 19. The method according to claim 18, wherein building a risk model further comprises including multiplicities, dependencies, and redundancies, at the element, subsystem, or failure mode levels.
  - 20. The method according to claim 15, wherein the element/subsystem/failure mode hierarchy comprises a multiplicity number k corresponding to one of an element, a subsystem, and/or a failure mode of the element/subsystem/failure mode hierarchy, and that the one of the element, the subsystem, and/or the failure mode are accounted for k times in the element/subsystem/failure mode hierarchy by the risk model, and having a fault tree capability behind the hierarchy to handle failure, redundancy, dependency of the elements and/or subsystems, across differing elements and/or subsystems.
  - 21. The method according to claim 20, further comprising addressing common cause failures by the inclusion of a β
    - factor.

22. A computer-readable medium storing a program, said program directing a computer to assess risk of failure of a system by executing the steps of:
- building a risk model of the system by a build risk model module, said risk model including an element/subsystem/failure mode hierarchy, a mission timeline linked with the hierarchy by indicating what are phases for the system functioning and providing time intervals for failure modes for each subsystem, mulitiplicities, redundancies, and dependencies across the system and at the subsystem level and above by an embedded fault tree behind the hierarchy and inclusion of k or k-of-n in the hierarchy decomposition levels, a failure mode quantification, event sequences diagrams that link initiating events of the event sequence diagrams with the failure modes in the hierarchy, tagged by Phase and operational time intervals of the respective subsystems; and
  
  analyzing risk in the system by creating a fixed baseline of the system and providing for individual risk analyses by accessing the baseline and tagged to levels of the hierarchy, said fixed baseline generating and storing the lowest-level scenarios of the risk model preserved in event-tree structure, with linkage via the hierarchy to time-based and demand-based quantification, and providing for multiple user-defined analysis runs using the fixed baseline, and using an existing analysis run, generating a sensitivity run by altering any of the components or combination thereof that are fundamental to construct the baseline without modifying the baseline itself with the user-supplied sensitivity changes, presenting both the original runs and the new sensitivity-derived results.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The computer-readable medium according to claim 22, wherein building a risk model further comprises creating a mission timeline comprising top level, contiguous phases for the system and multiple operational time intervals for each discrete subsystem, wherein the create mission timeline module tags failure modes to the operational time intervals, by phase.
  - 24. The computer-readable medium according to claim 23, wherein building a risk model further comprises quantifying the failure modes of the system tagged to the operational time intervals and storing documentation displayed upon user request.
  - 25. The computer-readable medium according to claim 24, wherein building a risk model further comprises building event sequence diagrams tagged to the operational time intervals and automatically generating event trees displayed on individual analysis runs, and quantifying the pivotal events in the event sequence diagrams, selecting various end states, and allowing for documentation of the pivotal events and initiating event.
  - 26. The computer-readable medium according to claim 25, wherein building a risk model further comprises including multiplicities, dependencies, and redundancies, at the element, subsystem, or failure mode levels linked directly to the hierarchy.
  - 27. The computer-readable medium according to claim 22, wherein the element/subsystem/failure mode hierarchy comprises a multiplicity number k corresponding to an element, a subsystem, and/or a failure mode of the element/subsystem/failure mode hierarchy, and that the element, the subsystem, and/or the failure mode are accounted for k times in the element/subsystem/failure mode hierarchy by the risk model, and having a fault tree capability behind the hierarchy to handle failure, redundancy, dependency of the elements and/or subsystems, across differing elements, and/or subsystems.
  - 28. The computer-readable medium according to claim 27, further comprising addressing common cause failures by the inclusion of a first β
    - factor for common cause failures that are directly catastrophic, and a second β
      
      factor for permanent but non-catastrophic failures which, in combination, lead to catastrophic failures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
National Aeronautics and Space Administration US Government As Represented By The Administrator of The, University of Maryland
Original Assignee
The United States of America As Represented By The Secretary of Agriculture
Inventors
Chang, Yung-Hsien, Weinstock, Robert M, Swaminathan, Sankaran, Smidts, Carol S, Tan, Zhibin, Groen, Francisco J, Mosleh, Ali
Primary Examiner(s)
Teska, Kevin J.
Assistant Examiner(s)
CHOI, KYLE JAEHUN

Application Number

US09/143,969
Time in Patent Office

967 Days
Field of Search

703/1, 703/6, 703/7, 703/8, 703/13, 703/17, 714/1, 714/25, 714/26, 705/7
US Class Current

703/17
CPC Class Codes

G06F 11/008 Reliability or availability...

G06Q 10/0635 Risk analysis of enterprise...

Quantitative risk assessment system (QRAS)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Quantitative risk assessment system (QRAS)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links