In an operation phase of an information system such as an online transaction system which is composed of a computer network or in a design phase of such an information system, reliability of the information system is evaluated. In this reliability evaluation, system availability is evaluated. In this evaluation of system availability, a fault-tree analysis is frequently used (see Kenji Kitagawa, “Saishin Sekkei Shinsa Gijutsu (Latest Design-Review Technique),” Technosystem, Inc., Dec. 4, 1987 (Second Edition), and JP-A Nos. 9-234652(KOKAI) and 9-237102(KOKAI), for example). For instance, in the evaluation of availability of a system using a nuclear power plant, the following procedures are executed in order to secure safety of the plant. A person who conducts evaluation (hereinafter, an evaluator) envisages an event of trouble, and calculates a probability of incurring such an event. Then, the evaluator quantitatively analyzes that the probability of occurrence of the relevant trouble is at a level of the probability that the trouble may hardly happen. The principal analysis method used at this time is called the fault-tree analysis. This fault-tree analysis is utilized in reliability engineering and related fields thereto, and is also used in information systems (see Kenji Kitagawa, “Saishin Sekkei Shinsa Gijutsu (Latest Design-Review Technique),” Technosystem, Inc., Dec. 4, 1987 (Second Edition), for example).
The technique of evaluating the availability with the fault-tree analysis is as follows. The evaluator firstly selects a top event predicted in a system. Thereafter, the evaluator searches for a first factor leading to this top event, and then derives a logical relationship (AND, OR) between the top event and the first factor. The evaluator expresses the logical relationship by use of a tree structure. In this tree structure, the top event is stated, then a logical symbol is stated below this top event, and then the first factor is stated below this logical symbol. Moreover, in the tree structure, a logical symbol is stated below each first factor, and a second factor is stated below this logical symbol similarly. A series of similar statements is repeated for a third factor and a fourth factor as well. In this way, in the tree structure, segmentation is continued until reaching a sufficient level which allows availability distribution to be referenced as a result of experiments and the like.
By using Boolean algebra, it is indicated that the top event is caused by a combination of lowest-level events (basic events) in the tree structure. By use of this combination (i.e. the tree structure indicating the logical relationship) it is possible to derive unavailability (=1−availability) corresponding to the top event from unavailability (=1−availability) corresponding to the basic events. Accordingly, it is possible to derive the availability corresponding to the top event.
For example, a reliability analysis, which is designed as a conventional reliability evaluation for an information system, produces fault trees on based on an equipment configuration of a plant system, and then calculates degrees of reliability (such as system availability) of the plant system on the basis of failure rates of the respective instruments that constitute the equipment. According to this reliability analysis, the fault trees including variable factors as parameters are produced. Here, the parameters are changed on the basis of a production quantity, the equipment configuration, and the like. Moreover, the degrees of reliability (the system availability) of the plant system are calculated. Then, the calculated degrees of reliability are compared with one another to extract the equipment configuration having the highest degree of reliability (the highest system availability). On the basis of this extracted equipment configuration, the plant system is operated, or a repair strategy for the plant system is selected (see JP-A Nos. 9-234652(KOKAI) and 9-237102(KOKAI), for example). In this way, it is possible to design a plant system so as to sufficiently satisfy a standard value of system availability, and to repair the plant system while operating it with the high system availability.