A formal specification for analysing and implementing multiple fault diagnosis software is proposed in this paper. The specification computes all potential fault sources that correspond to a set of triggered alarms for a safety-related system, or part of a system. The detection of faults occurring in a safety-related system is a fundamental function that needs to be addressed efficiently. Safety monitors for fault diagnosis have been extensively studied in areas such as aircraft systems and chemical industries. With the introduction of intelligent sensors, diagnosis results are made available to monitoring systems and operators. For complex systems composed of thousands of components and sensors, the diagnosis of multiple faults and the computational burden of processing test results are substantial. This paper addresses the multiple fault diagnosis problem for zero-time propagation using a fault propagation graph. Components represented as nodes in a fault propagation graph are allocated with alarms. When faults occur and are propagated some of these alarms are triggered. The allocation of alarms to nodes is based on a severity analysis performed using a form of Failure Mode and Effect Analysis on components in the system.