ABSTRACT
As it is discussed in (Mosleh et al., 1998), residual CCF represents relatively high failure potential caused by common manufacturer, design, environment, operational conditions, procedures, maintenance etc. As a consequence, although “identical”, the redundant, added trains do not have the same conditional failure probability p when used as “one more” backup of so far operated “main” frontline system train, which already failed with p probability; rather the overall failure probability of the backup is typically of 10−1
Consequently, failure prob-train is typically of order 2 × 10−1 − 5 × 10−1 and failure probability of yet more redundant trains approaches unity. Having system with six redundant trains, it can be supposed, in practice, that if CCF is strong enough to let four trains fail, it is strong enough to cause all six trains failed.
