Post on 03-Dec-2015
description
Rig 1 – Emergency Generator FMEA Report
Ref: S1266, Rev 1
Rig 1 – FMEA Studies – Emergency Generator Abstract
Project Title Rig 1 – FMEA Study – Emergency Generator
Client Name
Job No. S1266
Team Leader Alastair Krebs
Project Analyst (s)
Report Author (s)
ABSTRACT
A Failure Mode & Effects Analysis (FMEA) study was conducted with respect to the Emergency Generator system of the semi-submersible drilling rig Rig 1. The FMEA study was conducted at the Company project offices in JSL Shipyard, Singapore.
FMEA is a methodology used for analyzing potential reliability problems of systems, with a view to enhancing reliability through design. The FMEA approach has three basic elements when reviewing potential failure modes. These are the SEVERITY of the event, the likelihood of OCCURRENCE and the DETECTABILITY during the design phase of the failure event.
Based on these elements, the FMEA process calculates a Risk Priority Number (RPN) for each individual Potential Cause of Failure. The aggregate RPN for each Potential Failure Mode (which may be comprised of a number of individual Potential Causes of Failure) is then presented in a graphical format for review.
The study team identified 5 subsystems of the Emergency Generator system for review. These were the starting, fuel, emergency stop, fire damper and synchronisation / control subsystems. A total of 26 discrete failure modes were identified and analysed.
Recommendations were developed for the critical and high risk failure modes which, if implemented, will reduce risk to an acceptable level. Revised RPN’s were calculated to demonstrate the expected reduction in risk for these elements.
Key Words: (e.g. Industry category, study type)DRILLING, FMEA
Release No.
Date of Issue Reviewed by Approved by Client Approval
Draft
Ref: S1266 Rev 1 Page 2 of 13
Rig I – FMEA Studies – Emergency GeneratorTable of Contents
TABLE OF CONTENTS
1. EXECUTIVE SUMMARY....................................................................4
2. ACRONYMS & GLOSSARY................................................................6
3. DISCUSSION..................................................................................7
4. FMEA STUDY TEAM........................................................................9
5. FMEA METHODOLOGY...................................................................10
6. DISTRIBUTION.............................................................................13
ATTACHMENTS:
1. FMEA RISK PRIORITY NUMBER (RPN) GRAPH2. FMEA WORKSHEETS3. PHOTOGRAPHS
Ref: S1266 Rev 1 Page 3 of 13
Rig 1 – FMEA Studies – Emergency Generator Executive Summary
1. EXECUTIVE SUMMARY
A Failure Mode & Effects Analysis (FMEA) studies was conducted with respect to the Emergency Generator system of the semi-submersible drilling rig Rig 1. The FMEA study was conducted at the Company project offices in JSL Shipyard, Singapore.
This report covers the Emergency Generator system. Five subsystems of the Emergency Generator system were identified for review. The identified subsystems were:
Starting subsystem
Fuel subsystem
Emergency Stop subsystem
Fire Damper Subsystem
Synchronisation / Control subsystem
Potential failure modes for each subsystem were then identified and the severity, occurrence and detectability assessed for each potential cause of those failure modes.
The Fire Damper subsystems were identified as having a significant Risk Priority Number (RPN) value. The Potential Causes of Failure which resulted in high RPN values for the Fire Damper subsystem were:
Failure of Fire Dampers to close on signal
Failure of Fire Dampers to seal properly upon closure
The RPN is derived as a mathematical calculation of Severity x Occurrence x Detectability.
An aggregate RPN is calculated for each of the 26 Potential Failure Modes identified and is presented in a graphical format for review. The calculation of RPN values serves to prioritise responses to the findings of the FMEA study (Refer Attachment 2).
Review of the RPN aggregate graph led to the establishment, by Pareto Analysis, of two levels where response activities would return significant risk reduction. These were established at RPN values of 200 and 350 (respectively) for this study.
It should be noted that these RPN values are specific to this FMEA only and are not absolute values which can be compared to other RPN values in other FMEA studies (Refer Attachment 1).
Ref: S1266 Rev 1 Page 4 of 13
Rig 1 – FMEA Studies – Emergency Generator Executive Summary
Potential Failure Modes with an RPN value in excess of 350 have been ranked as “Risk Reduction Measures Required”. These can also be viewed as critical risks.
There were two Potential Failure Modes identified by the team as having an RPN value in excess of 350. Both of these identified items related to the Fire Damper subsystem.
Potential Failure Modes with an RPN value in excess of 200 but less than 350 have been ranked as “Risk Reduction Measures Recommended”. That is to say, these risks were recommended for action but such action was not seen to be mandatory.
There were two Potential Failure Modes identified by the team as having an RPN value in excess of 200 but less than 350. Two of these items related to the Fire Damper subsystem and one item related to the Starting subsystem.
Potential Failure Modes with an RPN value less than 200 have been ranked as “Continuous Improvement”. These are items which have no immediate impact on the operability and safety of the system and thus can be dealt with in due course, as resources become available to do so.
There were twenty items identified over the range of subsystems which fell into this category.
Recommendations to mitigate the critical risks were identified by the team. These recommendations were compiled during the FMEA study and were included in this report at the Client’s request.
For the Fire Damper subsystem the following was recommended to mitigate the risks to an acceptable level:
Adopt planned maintenance routine to periodically clean and check louvre’s clean of debris
Periodic maintenance of the main, auxiliary and emergency switchboards.
Include periodic maintenance of emergency starting batteries in planned maintenance program.
Ensure that regular emergency exercises are held and crew are made aware of the emergency generator room fire damper system limitations.
The study showed that the Emergency Generator system was a fit-for-purpose design provided that the appropriate asset integrity activity recommendations such as maintenance, testing and inspection, are carried out during the life of the system.
Ref: S1266 Rev 1 Page 5 of 13
Rig 1– FMEA Studies – Emergency Generator Acronyms & Glossary
2. ACRONYMS & GLOSSARY
ACRONYMSAC Alternating currentALARP As Low As Reasonably PracticableBHPB BHP BillitonFMEA Failure Modes & Effects AnalysisHAZID Hazard IdentificationHp Horse PowerL LikelihoodM Marginal RiskN Negligible RiskNDT Non Destructive TestingOcc OccurrencePM Preventative MaintenanceRPN Risk Priority NumberSev SeveritySOP Standard Operating ProcedureE-Stop Emergency StopU Unacceptable Risk
Ref: S1266 Rev 1 Page 6 of 13
Rig 1 – FMEA Studies – Emergency Generator Discussion
3. DISCUSSION
3.1. Background
The emergency generator system is a critical piece of equipment on every vessel as it provides ongoing power to those systems required for the management of emergency situations.
3.2. Analysis
The results of this FMEA are supported by industry data. The DNV Offshore Reliability Data handbook provides specific data relating to reliability of emergency generator systems. The following empirical data with respect to worldwide experience of emergency generator reliability was extracted as part of the FMEA study:
Number of failures per 1 x 106 hours of operation = 685
Number of critical failures per 1 x 106 hours of operation = 120(This includes 100 ‘failure to start’ events and 19 ‘failure while running’ events.)
Mean number of manhours to repair a critical failure = 16.2 hours
Number of overheating related failures per 1 x 106 hours of operation = 9.57.
(This failure mode is often related to fire damper operation and is of major concern as the mean number of hours for repair of such failure stands at 82.5)
Number of degrading events per 1 x 106 hours of operation includes the following:
- Leakage on auxiliary systems = 9.5 - Faulty output frequency = 4- Fail to synchronize = 14.32- Fail while running = 5
In line with the above reliability data, the FMEA study for the Emergency Generator on Rig 1 resulted in high RPN levels for the following Potential Failure Modes:
Failure to start
Failure of fire dampers to operate correctly
3.3. Recommendations
The analysis showed that the Fire Damper posed significant risks. In this failure mode one casual mode was identified as significantly high; debris jammed in the louvres. Recommendations to mitigate the risk were identified by the team. Recommendations were compiled during the FMEA study and were included in this report at the Clients request. For the Fire Damper subsystem the following was recommended to mitigate the risk to an acceptable level:
Ref: S1266 Rev 1 Page 7 of 13
Rig 1 – FMEA Studies – Emergency Generator Discussion
Adopt planned maintenance routine to periodically clean and check louvre’s clean of debris
Periodic maintenance of the main, auxiliary and emergency switchboards.
Include periodic maintenance of emergency starting batteries in planned maintenance program.
Ensure that regular emergency exercises are held and crew are made aware of the emergency generator room fire damper system limitations.
Ref: S1266 Rev 1 Page 8 of 13
Rig 1 – FMEA Studies – Emergency Generator FMEA Study Team
4. FMEA STUDY TEAM
For the purposes of this FMEA study, Contractor utilised the following personnel:
Table 4.1: FMEA Team Members
Name Company
These team member’s backgrounds covered areas such as Electrical Engineering, Subsea Engineering, Marine Engineering, Petroleum Engineering and Process Engineering.
Ref: S1266 Rev 1 Page 9 of 13
Rig 1 – FMEA Studies – Emergency Generator FMEA Methodology
5. FMEA METHODOLOGY
FMEA is a methodology Contractor use for analyzing potential reliability problems of systems, with a view to enhancing reliability through design. The FMEA approach has three basic elements when reviewing potential failure modes. These are the SEVERITY of the event, the likelihood of OCCURRENCE and the DETECTABILITY during the design phase of the failure event.
The FMEA process delivers a Risk Priority Number (RPN) for each Potential Cause of Failure. The aggregate RPN for each Potential Failure Mode is then presented in a graphical format for review.
A crucial step is anticipating what might go wrong with a product. While anticipating every failure mode is not possible, the development team should formulate as extensive a list of potential failure modes as possible.
The study used the following methodology:
Prepare Technical, failure and reliability data (e.g. drawings and manuals)
Site visit to the rig
Identify a discrete system for review (Emergency Generator)
Identify assessable functional subsystems of the Emergency Generator system
Identify the Potential Failure Modes of each subsystem
Identify the Potential Effects of Failure for each Potential Failure Mode
Assess and rank the severity criteria of each Potential Effect of Failure
Identify the Potential Causes of Failure for each of the Potential Effects of Failure
Assess and rank the Occurrence and Detectability criteria levels for each Potential Cause of Failure
Quantify the risk by generating a Risk Priority Number (RPN) for each Potential Cause of Failure.
Prepare and issue draft report of the study with appropriate recommendations for comment.
Issue final report
The aggregate RPN for each Potential Failure Mode is presented in a graphical format for review and serves to allow a prioritisation of response to the findings of the FMEA study.
Ref: S1266 Rev 1 Page 10 of 13
Rig 1 – FMEA Studies – Emergency Generator FMEA Methodology
The following tables provide the criteria used to ranking the elements of Severity, Occurrence and Detectability during the FMEA study:
Severity
1 None No effect on vessel or drilling program2 Very Slight Negligible effect on vessel or drilling program. Client
not affected.3 Slight Slight effect on vessel or drilling program.4 Minor Minor effect on vessel or drilling program. Client
slightly dissatisfied.5 Moderate Reduced performance of vessel or drilling
equipment. Client dissatisfied.6 Moderately High Vessel and drilling equipment operable and safe but
performance degraded. Client dissatisfied but no downtime occurred.
7 High Vessel and/or drilling equipment severely affected. Client very dissatisfied. Downtime is expected.
8 Very High Vessel and/or drilling equipment inoperable but safe. Client very dissatisfied and contractor on downtime. Drilling program in jeopardy.
9 Extremely High Vessel and/or drilling equipment failure resulting in hazardous effects highly probable. Compliance with statutory and/or industry standard in jeopardy. Contractor on downtime. Drilling program suspended.
10 Maximum Vessel and/or drilling equipment failure resulting in hazardous effects is almost certain. Non compliance with statutory and/or industry standards. Contractor on downtime. Drilling program suspended.
Occurrence
1 Extremely Unlikely
Failure highly unlikely.
2 Remote Rare number of failures likely.3 Very Low Very few failures likely.4 Low Few failures likely.5 Moderately Low Occasional failures likely.6 Medium Medium number of failures likely.7 Moderately High Moderately high number of failures likely.8 High High number of failures likely.9 Very High Very high number of failures likely.
10 Extremely Likely Failure almost certain.
Ref: S1266 Rev 1 Page 11 of 13
Rig 1 – FMEA Studies – Emergency Generator FMEA Methodology
Detectability during design process
Detection Likelihood of DETECTION by Design Control Ranking
Almost Certain Design control will detect potential cause/mechanism and subsequent failure mode
1
Very High Very high chance the design control will detect potential cause/mechanism and subsequent failure mode
2
High High chance the design control will detect potential cause/mechanism and subsequent failure mode
3
Moderately High Moderately High chance the design control will detect potential cause/mechanism and subsequent failure mode
4
Moderate Moderate chance the design control will detect potential cause/mechanism and subsequent failure mode
5
Low Low chance the design control will detect potential cause/mechanism and subsequent failure mode
6
Very Low Very low chance the design control will detect potential cause/mechanism and subsequent failure mode
7
Remote Remote chance the design control will detect potential cause/mechanism and subsequent failure mode
8
Very Remote Very remote chance the design control will detect potential cause/mechanism and subsequent failure mode
9
Absolute Uncertainty
Design control cannot detect potential cause/mechanism and subsequent failure mode
10
FMEA Worksheets
Following is an example of a completed worksheet from the FMEA study. The Risk Priority number is used to prioritise the process of addressing the findings of the FMEA study.
Table 5.2 FMEA Worksheet Example
Potential Failure Mode
Potential Effects of
FailureSeverity
Potential Causes of Failure
OccurrenceDetectability
during design process
Risk Priority Number
1. Start motor failure
1. Generator does not start upon receiving start signal
7 1. Age of motor 1 1 7
2. Ingress of moisture to motor winding
2 3 42
3. Low voltage/high amperage starts
3 2 42
4. Excessive number of starts (short cycling of engine)
4 1 28
Table 5.3 FMEA Response Criteria Levels
Ref: S1266 Rev 1 Page 12 of 13
Rig 1 – FMEA Studies – Emergency Generator FMEA Methodology
Criteria RankingRisk Reduction MeasuresRequiredRisk Reduction MeasuresRecommended
Ref: S1266 Rev 1 Page 13 of 13
Rig 1 – FMEA Studies – Emergency Generator Distribution
6. DISTRIBUTION
The FMEA study report distribution is as follows:
Copy No. Owner1 Paper2 CD3 Contractor Library System
Ref: S1266 Rev 1 Page 14 of 13
Rig 1 – FMEA Studies – Emergency Generator Attachment 1: FMEA RPN Graph
ATTACHMENT 1
FMEA RISK PRIORITY NUMBER (RPN) GRAPH
Ref: S1266 Rev 1
Rig 1 – FMEA Studies – Emergency Generator Attachment 1: FMEA Risk Priority Number (RPN) Graph
1. FMEA RISK PRIORITY NUMBER (RPN) GRAPH
DD1 FMEA - Emergency Generator
050
100150200250300350400450500
Emergency Generator Failure Modes
RP
N
(Ris
k P
rio
rity
Num
be
r)
Ref: S1266 Rev 1 Page 1 of 1
Rig 1– FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
ATTACHMENT 2
FMEA Worksheets
Ref: S1266 Rev 1
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
2. FMEA WORKSHEETS
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
1. Start motor failure (air/electrical)
1. Generator does not start upon receiving start signal
7 1. Age of motor 1 1 7
2. Ingress of moisture to motor air/electric
2 3 42
3. Low voltage/high amperage starts
3 2 42
4. Excessive number of starts (short cycling of engine)
4 1 28
5. Incorrect application of motor
1 1 7
2. Start power failure (battery/air failure)
1. Generator does not start upon receiving start signal
7 1. Lack of maintenance (dry batteries)
4 2 56
2. Low air pressure 3 2 42
2. Battery explosion 4 1. Shorting of terminals
2 1 8
2. Insufficient insulation
1 1 4
3. Cable damage 2 2 16
3. Fire 6 1. Internal cell collapse
1 4 24
2. Excessive current delivery
2 2 24
Ref: S1266 Rev 1 Page 1 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
3. Terminal corrosion
1. Generator does not start upon receiving start signal
7 1. Lack of maintenance
3 1 21
2. Poor installation 1 1 7
3. Choice of material 1 1 7
4. Moisture 2 2 28
4. Solenoid failure
1. Generator does not start upon receiving start signal
7 1. Excessive number of starts (short cycling of engine)
2 1 14
2. Low voltage/high amperage starts
2 1 14
5. Flywheel burr 1. Generator does not start upon receiving start signal
7 1. Damage during commissioning
3 1 21
2. Control system errors causing start signals while engine running
3 2 42
2. Emergency generator downtime
5 1. Inability to start due to flywheel excessively burred/damaged.
1 1 5
6. Automatic controller failure
1. Generator does not start upon receiving start signal
7 1. Poor terminal connections
2 3 42
2. Maintenance personnel not resetting controller
2 1 14
3. Drift of control parameters
1 3 21
Ref: S1266 Rev 1 Page 2 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
4. Failure of monitoring circuit
1 2 14
7. Manual override not deactivated
1. Generator does not start upon receiving start signal
7 1. Maintenance personnel not resetting controller
3 1 21
2. Wiring errors 2 1 14
2. Emergency generator does not receive start signal
5 1. Switch left in manual position
2 1 10
8. Fuel shut off closed
1. Generator does not start upon receiving start signal
7 1. Fuel supply valve closed causing zero fuel supply to engine
2 2 28
2. Fuel starvation, requiring re-bleed of systems and downtime
7 1. Engine starting with fuel valve closed
1 2 14
2. Fuel valve not fully opened
2 1 14
9. Fire dampers closed
1. Emergency generator overheats
7 1. Fire damper left in closed position
1 1 7
2. Inadvertent operation of damper
1 2 14
3. Compressed air system failures
2 3 42
2. Oxygen starvation to emergency generator
6 1. Operating engines whilst fire dampers closed
1 2 12
10. Fuel inventory (day tank empty or
1. Generator does not start upon receiving start signal
7 1. Stale fuel (non circulation of fuel stocks)
3 1 21
Ref: S1266 Rev 1 Page 3 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
contaminated) 2. Shipyard blasting grit
7 1 49
2. Fuel starvation, requiring re-bleed of systems and downtime
6 1. Clogged filters 2 1 12
2. Air in system 1 1 6
3. Premature shutdown 6 1. Engine runs out of fuel
2 1 12
11. Battery charger failure
1. Generator does not start upon receiving start signal
7 1. Main bus failure (blown fuse)
3 2 42 2. Periodic maintenance of the main, auxiliary and emergency switchboards.
7 3 1 21 50.00
2. Maintenance check failures
1 2 14
3. PM system does not cover monitoring of charging amps
1 1 7
2. Flat batteries 6 1. Extended non charging periods
2 2 24
2. Excessive number of starts (short cycling of engine)
2 1 12
3. Faulty battery 1 1 6
4. Poor battery maintenance
4 3 72 3. Include periodic maintenance of emergency starting batteries in planned maintenance program.
6 4 2 48 33.33
3. Reduced battery life 3 1. Poor quality battery
1 1 3
Ref: S1266 Rev 1 Page 4 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
2. Poor battery maintenance
4 3 36
3. Excessive number of starts (short cycling of engine)
2 1 6
4. Insufficient design charging current
1 1 3
4. Reduced cranking amp availability
3 1. Poor quality battery
1 1 3
2. Poor battery maintenance
2 3 18
3. Excessive number of starts (short cycling of engine)
2 1 6
4. Insufficient design charging current
1 1 3
12. Alarm malfunction
1. Generator does not start upon receiving start signal
7 1. Alarm state inhibits start signal
2 1 1
2. Alarm flooding 3 1. Poor design of alarm systems
1 2 2
3. False alarms 4 1. Poor maintenance 1 3 3
2. Low quality alarm systems
1 1 1
3. Inadequate alarm check procedures
2 1 1
4. Premature shutdown 6 1. False alarm 3 2 2
Ref: S1266 Rev 1 Page 5 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 1. Starting
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
5. Failure to shutdown 2 1. Failure to recognize alarm state
3 1 1
System: 1. Emergency Generator
Subsystem: 2. Fuel Systems
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
1. Hose/fuel line failure
1. Fuel leak/spill - environmental release
2 1. Leaking connection
5 2 20
2. Fractured pipe 3 1 6
2. Fire 7 1. Contact with exhaust - leak
2 1 14
2. Fuel leak contacting turbo charger
2 1 14
3. Premature shutdown 7 1. Fuel starvation 6 2 84
2. Fuel filter blockage
1. Premature shutdown 7 1. Fuel starvation 6 2 84
3. Fuel quality 1. Covered under starting system
4. Fuel inventory inadequate
1. Covered under starting system
5. Fuel pump failure
1. Generator does not start
7 1. Mechanical breakdown
2 1 14
Ref: S1266 Rev 1 Page 6 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 2. Fuel Systems
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
2. Poor maintenance 2 2 28
3. Inadequate design
1 1 7
2. Premature shutdown 7 1. Fuel starvation 4 1 28
System: 1. Emergency Generator
Subsystem: 3. Emergency Stop (Estop)
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
1. Inadvertent operation
1. Unwarranted emergency stop
4 1. Sabotage 1 8 32
2. Unprotected Estop buttons
2 2 16
2. Degradation engine/electrical system
2 1. Short cycling (loading and unloading of system)
2 2 8
3. Loss of emergency power systems
6 1. Emergency generator shutdown
3 3 54
2. Failure To Operate
1. Damage to generator electrical systems
3 1. Incorrect voltage 2 2 12
2. Loss of control 1 2 6
3. Overload 2 2 12
4. Poor maintenance 3 1 9
2. Damage to bus electrical systems
3 1. Incorrect voltage 1 2 6
2. Overload 1 2 6
Ref: S1266 Rev 1 Page 7 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 3. Emergency Stop (Estop)
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
3. Asynchronous operation
1 2 6
3. Damage to motor 2 1. Overspeed 2 2 8
2. Overload 2 2 8
3. Incorrect operation
1. Estop fails to trip circuit breaker
4 1. Circuit breaker failure
2 3 24
2. Poor design of Estop system
2 3 24
2. Estop fails to trip air intake
2 1. Poor design of Estop system
2 3 12
2. Mechanical failure of air intake
2 2 8
3. Estop fails to initiate Estop alarm
3 1. Poor design of Estop system
2 3 18
2. Poor maintenance 3 2 18
Ref: S1266 Rev 1 Page 8 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 4. Fire damper
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
1. Failure to close on signal
1. Non extinguishing of fire
7 1. Debris jammed in louvre
7 7 343 1. Adopt planned maintenance routine to periodically check louvres are clean of debris.
7 3 3 63 81.63
2. Seizure due to lack of maintenance
3 1 21
3. Poor design of fire damper control
1 1 7
4. Loss of air system 2 3 42
2. Escalation of fire 7 1. Non exclusion of air
2 3 42
2. Failure to reset (open)
1. Inability to operate emergency generator
7 1. Poor design of fire damper control
1 1 7
2. Lack of maintenance
2 1 14
3. Lack of awareness of procedure
5 5 175 4. Ensure that regular emergency exercises are held and crew are made aware of the emergency generator room fire damper system limitations.
7 3 3 63 64.00
4. Loss of air system 2 3 42
3. Failure to seal upon closure
1. Non extinguishing of fire
7 1. Debris jammed in louvre
7 7 343 1. Adopt planned maintenance routine to periodically clean and check louvres clean of debris
7 3 3 63 81.63
Ref: S1266 Rev 1 Page 9 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 4. Fire damper
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
2. Lack of maintenance
2 1 14
3. Poor design of damper
1 1 7
2. Escalation of fire 7 1. Non exclusion of air
2 3 42
4. Inadvertent operation
1. Unplanned shutdown of generator
7 1. Loss of Emergency Power
2 7 98
Ref: S1266 Rev 1 Page 10 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 5. Synchronization / Control
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
1. Fails to synchronize to main bus (if applicable)
1. Inability to return to main power without power interruption
4 1. Design of control system
1 1 4
2. Control system component failure
2 2 16
2. Fails to reach synchronize speed
1. Inability to synchronize to main bus
5 1. Design of control system
1 1 5
2. Control system component failure
2 2 20
3. Problems with main bus (e.g. main bus voltage incompatible)
4 4 80
2. Voltage/frequency dependant loads receiving incorrect power supply (EG AC motors)
6 1. Generator damage
2 3 36
2. Fuel system impairment
2 2 24
3. Control system component failure
2 2 24
4. Fire damper malfunction
3 3 54
3. Generator attempts asynchronous closure
1. Circuit breaker damage
7 1. Control system component failure
2 2 28
2. Personnel attempting manual closure of circuit breaker
3 7 147
2. Explosion/fire 7 1. Circuit breaker recoil on attempted closure to main bus
1 2 14
Ref: S1266 Rev 1 Page 11 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 5. Synchronization / Control
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
3. Blackout 5 1. Main bus protection operates in reaction to attempted emergency generator circuit breaker closure
2 4 40
2. Emergency generator protection operates
4 2 40
4. Generator damage 5 1. Inadequate protective systems
1 1 5
2. Extreme overload 1 7 35
5. Unplanned shutdown 4 1. Generator protective devices operate
4 2 32
6. Loss of emergency power systems
5 1. Emergency generator shutdown
2 2 20
4. Unstable voltage/frequency
1. Voltage/frequency dependent loads receiving incorrect power supply (EG AC motors)
6 1. Generator damage
1 3 18
2. Fuel system impairment
2 2 24
3. Control system component failure
2 2 24
2. Inability to synchronize to main bus
4 1. Inappropriate voltage/frequency parameters
1 2 8
3. Generator damage 5 1. Inadequate protective systems
1 1 5
Ref: S1266 Rev 1 Page 12 of 14
Rig 1 – FMEA Studies – Emergency Generator Attachment 2: FMEA Worksheets
System: 1. Emergency Generator
Subsystem: 5. Synchronization / Control
Potential Failure Mode
Potential Effects of Failure
SevPotential Causes of
FailureOcc
Detectability during design
processRPN Recommendations
After Actions Taken
Sev Occ Detectability RPN%
Reduction
4. Unplanned shutdown 4 1. Emergency generator protection operates
4 3 48
5. Loss of emergency power systems
5 1. Emergency generator shutdown
2 2 20
Ref: S1266 Rev 1 Page 13 of 14
Rig 1– FMEA Studies – Emergency GeneratorAttachment 3: Photographs
ATTACHMENT 3
Photographs
Ref: S1266 Rev 1 Page 1 of 1
Rig 1 – FMEA Studies – Emergency Generator Attachment 3: Photographs
3. PHOTOGRAPHS
Emergency Generator - Air start system
Emergency Generator / Switchboard
Ref: S1266 Rev 1Page 1 of 3
Rig 1 – FMEA Studies – Emergency Generator Attachment 3: Photographs
Emergency Generator Fuel / Lube system
Emergency Generator Fuel / Lube system
Ref: S1266 Rev 1Page 2 of 3
Rig 1 – FMEA Studies – Emergency Generator Attachment 3: Photographs
Emergency Generator Alarms / Protection
Emergency Generator Starting Batteries
Ref: S1266 Rev 1Page 3 of 3