Technical Paper
Redundancy Killers
1998-04-06
981204
Redundancy in a safety-critical system has the potential for greatly improving safety. However, in physical real life that potential cannot be realized if failure of an element of one subsystem can sometimes be physically related to failure of an element of another subsystem intended to be redundant with respect to the first. Two real-life element failures can be related to each other either because (1) one failure cascaded to cause the other, or (2) an abnormal event external to both elements caused both elements to fail. System designers and safety analysts should therefore be aware of all three types of real-life failure pairs: (1) unrelated, (2) cascading/consequential related, and (3) common-external-cause related. It is the possibility of occurrence of the latter two types of real-life failure pairs which is responsible for probabilistic dependencies between failures in probabilistic safety analyses.