Home / Glossary / Beta-factor CCF
Glossary · Dependency model

Beta-factor CCF model

Without modelling dependencies, redundant architectures look almost arbitrarily safe — three identical channels in parallel, each with λ = 10⁻⁵/h, give a top event of order 10⁻¹⁵/h purely on independence. Reality is much worse, because shared causes (a software bug, a single batch of capacitors, a pipe that floods both rooms) defeat redundancy. The Beta-factor model is the simplest parametric way to capture this — and it's the one ISO 26262, IEC 61508, and most reliability standards default to.

The model

λ_total           = component total failure rate
λ_independent     = (1 − β) · λ_total
λ_common-cause    = β · λ_total

The Beta factor β is the fraction of failures that are common-cause — defeating all redundant channels simultaneously. The remaining 1 − β fraction is independent across channels.

Typical β values:

Worked example

A 2-out-of-3 voter system with three identical channels, each λ = 10⁻⁵/h, β = 0.05:

λ_indep    = 0.95 · 1e-5 = 9.5e-6 / h
λ_common   = 0.05 · 1e-5 = 5.0e-7 / h

Probability of 2-out-of-3 failure over 1000 h mission, with naïve independence:
P(2-out-of-3 indep) ≈ 3 · (1e-5 · 1000)^2 ≈ 3.0e-4

With Beta CCF:
P(common-cause failure) ≈ 5.0e-7 · 1000 = 5.0e-4
This DOMINATES the independence term.

The Beta-factor contribution alone (5.0e-4) is larger than the independent 2-out-of-3 path (3.0e-4) — the redundancy buys less than you'd think. Quantifying this is the whole point.

When to graduate to MGL or Alpha-factor

Beta is single-parameter — it lumps every dependent failure mode into one number. For systems with more than 2 redundant trains, or where the goal is to distinguish 2-of-N from 3-of-N from N-of-N common modes, the more refined models are:

For automotive ASIL work and most process-industry SIL verification, Beta is sufficient and is what FTA Studio's CCF block defaults to. Both Beta and MGL are supported in Enterprise.