The core techniques of CLEARSY’s consultants for conducting safety analyses are:

Preliminary Risk Analysis (PRA), Failure Mode Effects and Criticality Analysis (FMECA), etc.


The core techniques of CLEARSY consultants for conducting safety analyses are

  • Preliminary Hazard/Risk Analysis (PHA/RCA)
  • Failure Mode Effects and Criticality Analysis (FMEA)
  • Cause Tree Analysis
  • Software Error Effects Analysis (SEEA)
  • Summarised Fault Combination Method
  • Others

To these methods, which are well known to industrialists, the CLEARSY consultants have been able to make improvements known as :

  • Formal Failure Modes, Effects and Criticality Analysis (FFMEA)
  • Formal Cause Tree (FCT)


This approach has at least 3 advantages:

  • The analysis process is embedded in the formal model of the system and not in the analyst’s head. It can therefore be reused. It can be enriched by taking into account new failure modes and/or system evolutions.
  • The level of confidence that can be placed in this analysis process is much higher than that of a FMEA, since each of its stages is the subject of proven reasoning, which imposes an expression of operating hypotheses.
  • The method is not reduced to the examination of a single failure and its consequences, but is a method of combining failures and their combined effects.

The Method

This method of analysing a system is characterised by :

  • The construction of a formal hierarchical model of the system in its nominal mode(s) of operation. This model follows the hierarchical decomposition of the system into sub-systems, elements.
  • The construction of this model is proven, i.e. in normal operation, the desired properties (particularly safety properties), referred to in our jargon as invariants, are preserved.
  • The introduction of failures in the model is done one by one at the level of the elementary constituents of the system and have the effect of breaking the formal coherence of the model (it is no longer provable).
  • The coherence of the model is restored by a progressive incorporation of the undesirable properties, i.e. the effects of failures, at all levels of the system (elements, sub-systems and system).
    The final result is a formal model of the system, decorated with the envisaged failures and the effects of these failures.