7. Markov Models Reliable System Design 2011 by: Amir M. Rahmani.
10. Hazard & Risk Reliable System Design 2011 by: Amir M. Rahmani.
-
Upload
felix-casey -
Category
Documents
-
view
216 -
download
0
Transcript of 10. Hazard & Risk Reliable System Design 2011 by: Amir M. Rahmani.
10. Hazard & Risk
Reliable System Design 2011by: Amir M. Rahmani
matlab1.ir
Hazard analysis Safety is a property of a system that it will not
endanger human life or the environment Probably the most important mechanism for
improving the safety of a system is to identify the ways in which it can cause the harm, i.e., hazards
A hazard is a system state that could lead to:• Loss of life• Loss of property• Release of energy• Release of dangerous materials
Hazards are the states we have to avoid
matlab1.ir
Hazard & Risk (1) A hazard is a situation in which there is actual
or potential danger to people or to the environment
(2) A hazard is a state or set of conditions of a system that, together with other conditions in the environment of the system will lead unavoidably to an accident
Characteristics of a hazard: risk Risk is a combination of severity and probability
of hazard occurrence
matlab1.ir
Hazard & Accident An Accident (Incident) is an undesired and unplanned
(but not necessarily unexpected) event that result in (at least) a specified level of loss
Hazard represents a potential for an accident to occur An elevator shaft with a door stuck open is a hazard - a
hazardous state It is not necessarily the case that an accident will result For an accident to occur requires that an environmental
circumstance arise - a blind person walks through the open door unaware of the state
For each activity it is wise to consider hazards associated with the activity and the risks associated with those hazards
matlab1.ir
Further definitions - Risk Risk Management
• is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
Risk Assessment• Risk assessment is the determination of
quantitative or qualitative value of risk related to a concrete situation and a recognized hazard
Risk Analysis• The process of evaluating the frequency (or
probability) of hazardous events.
matlab1.ir
Further definitions - Risk Tolerable Risk
• A risk that is allowed to exist, so that certain benefits can be gained - there being a level of confidence that the risk is under control.
Intolerable Risk• A risk that cannot be justified except in
extraordinary circumstances.
Negligible Risk • A risk that is so small and insignificant
that it can be ignored as long as existing precautions remain in place.
matlab1.ir
Risk analysis Risk analysis predicts the probability and
severity of accidents
Example: In a country with a population of 10,000,000 approximately 5000 people are killed in traffic accidents each year. In average each person spend 500 hours per year in situations where they are exposed to the risk of traffic accidents. What is the risk of being killed in a traffic accident?
(5000 / 107) / 500 = 10-6 deaths/hour
matlab1.ir
An Overview of Accidents
Taken from a publication called Out of Control from the UK Health and Safety Executive.
A set of 34 Accidents all involving control systems was analysed.
All systems possessed one or more input devices, a controller, plus one or more output devices.
matlab1.ir
Analysis discovered
Operation and Maintenance
14.7%
Specification44.1%
Changes after Commisioning
20.6%
Installation and Commisioning
5.9%Design and
Implementation14.7%
matlab1.ir
Lessons Learned A number of "good engineering
practices" are being ignored Hazard analysis in the
specification phase often does not occur - major source of failure.
Maintenance policy is often not considered at the specification stage thus making it difficult, for example, for components to be safely isolated and maintained.
"no single failure should cause a dangerous failure to the overall system" needs to become a more widely respected principle.
matlab1.ir
Hazard identification
Hazard identification is the systematic determination of a system’s hazards
Complex and sophisticated process Once identified, the set of hazards define a
set of system states that we need to avoid How could system enter one of the
hazardous states? Is it possible to avoid hazards?
matlab1.ir
Hazard analysis Hazard Analysis involves:
• Identifying the hazards that exist within a system.
• Determining the chain of events that could potentially lead to each hazard.
• Determining the consequences resulting from an occurrence of the hazard.
• Investigating any safeguards already in place to address the hazards.
matlab1.ir
Preliminary Hazard Analysis
PHA : a distinct phase of the Overall Safety Lifecycle, carried out at requirements stage.
The purpose of PHA is:• To identify safety-critical areas of the
system• To evaluate/identify major hazards
(which must be controlled or eliminated by redesign).
PHA should be carried out for ALL systems and subsystems.
matlab1.ir
Preliminary Hazard Analysis
A brief description of the system and its environment
An overview of the system’s function and its safety features
The safety objectives of the system Justification of the risk and integrity level
assignments Target failure rates and safety levels Sources of any data used within the analysis A bibliography of all documents used.
PHA Main Steps
1. PHA prerequisites 2. Hazard identification 3. Consequence and frequency estimation 4. Risk ranking and follow-up actions
matlab1.ir
1- PHA prerequisites 1. Establish PHA team 2. Define and describe the system to be analyzed
• (a) System boundaries (which parts should be included and which should not)
• (b) System description; including layout drawings, process flow diagrams, block diagrams, and so on
• (c) Use and storage of energy and hazardous materials in the system • (d) Operational and environmental conditions to be considered • (e) Systems for detection and control of hazards and accidental events,
emergency systems, and mitigation actions
3. Collect risk information from previous and similar systems (e.g., from accident data bases)
matlab1.ir
PHA - System breakdown
To be able to identify all hazards and events, it is often necessary to split the system into manageable parts, for example, into three categories
• System parts (e.g., process units)• Activities• Exposed to risk (who, what are exposed?)
matlab1.ir
2- Hazard identification
All hazards and possible accidental events must be identified. It is important to consider all parts of the system, operational modes, maintenance operations, safety systems, and so on. All findings shall be recorded. No hazards are too insignificant to be recorded. Murthy’s law must be borne in mind: “If something can go wrong, sooner or later it will”.
matlab1.ir
Hazard checklist To get a complete survey of all possible hazards it may
be beneficial to use a hazard checklist. An example of a checklist (mainly from the standard EN 1050) is given.
• Mechanical hazards• Electrical hazards
• Ex: Approach to live parts under high voltage• Thermal hazards
• Ex: Damage to health by hot or cold working environment• Thermodynamic hazards• Hazards generated by noise
• Ex: Interference with speech communication, acoustic signals, etc.• Hazards generated by vibration• Hazards generated by radiation• Hazards generated by materials/substances
• Fire or explosion hazard
matlab1.ir
3-Frequency and consequence estimation
The risk related to an accidental event is a function of the frequency of the event and the severity of its potential consequences.
To determine the risk, we have to estimate the frequency and the severity of each accidental event.
matlab1.ir
4- Risk ranking and follow-up actions
matlab1.ir
The risk is established as a combination of a given event/consequence and a severity of the same event/consequence. This will enable a ranking of the events/consequences in a risk matrix as below:
PHA Result
matlab1.ir
The results of the PHA are usually reported by using a PHA worksheet (or, a computer program).
Some analyses may require other columns, but these are the most common.
PHA – Adv. , Disadv. Positive
• Helps ensure that the system is safe• Modifications are less expensive and easier to implement in the
earlier stages of design• Decreases design time by reducing the number of surprises
Negative• Hazards must be foreseen by the analysts• The effects of interactions between hazards are not easily
recognized
matlab1.ir
matlab1.ir
Approaches to Hazard Analysis
Hazard and Operability Studies (HAZOP)
Event Tree Analysis (ETA) Fault Tree Analysis (FTA) Failure Modes and Effects Analysis
(FMEA). Failure Modes, Effects and
Criticality Analysis (FMECA). Cause Consequence Analysis (CCA)
matlab1.ir
Hazard and Operability Studies (HAZOP)
HAZOP is a technique (almost like brainstorming) whereby a group of well informed people aim to identify all the ways in which hazards may appear in a system.
Its purpose is to:• - Establish hazardous failure modes, and• - A measure of their effect by a systematic
examination of the system and its components.
matlab1.ir
Notes on HAZOP HAZOP is applicable at all stages of the
system lifecycle although it is of limited use until a relatively detailed description of the system has been developed.
Typically the selected members of the HAZOP team will have had previous experience of such systems, and complement one another (are from different backgrounds) so that the benefits of the team approach are obvious.
matlab1.ir
Event Tree Analysis Why: to investigate how a certain event can
potentially affect the system How: by forward search. For each event consider
success and failure execution (two branches in the tree). Draw a tree until system effect becomes evident
Information analyzed: initial event (usually known from the previous experience), system structure, effect of success and failure of each event, hazardous or caring effect on the system
matlab1.ir
Example of Event Tree (1)
Example of Event Tree (2)
matlab1.ir
Event Tree -Application
Risk analysis of technological systems Identification of improvements in
protection systems and other safety functions
matlab1.ir
Event Tree – Adv. , Disadv. Positive
• Visualize event chains following an accidental event• Visualize barriers and sequence of activation• Good basis for evaluating the need for new / improved procedures
and safety functions
Negative• No standard for the graphical representation of the event tree• Only one initiating event can be studied in each analysis• Easy to overlook subtle system dependencies• Not well suited for handling common cause failures in the
quantitative analyses
matlab1.ir
matlab1.ir
Fault Tree Analysis
A fault tree is a logical diagram that displays the interrelationships between a potential critical event (accident) in a system and the reasons for this event.
By constructing a fault tree you analyze how a system can fail, and the analysis also gives you insight in how the components contributes to the system reliability. With its intuitive graphical user interface, the program lets you create fault trees in a flash
matlab1.ir
Fault Tree Analysis Systematic elaboration of events that might lead to a
hazard Compound events and basic events Compound events defined as logical expressions - AND,
OR and other operators Provides:
• Systematic way to document informal analysis• Permits analysts to review and revise analysis over time
Assignment of probabilities to specific events Computation of probabilities for compound events Sophisticated dependability analysis possible Extensive, elaborate, established technique Provides:
• Mechanism for showing that design will meet dependability requirements
matlab1.ir
Primary Events:
Basic event – fault in atomic component
Undeveloped Event – fault in composite Component (may be analyzed later or
information is unavailable)
External event – expected event from environment
Intermediate event:Nodes inside a fault-tree
Fault Tree Events
... ...Fault Tree - Gates
matlab1.ir
Example – ”Wake too late”
Wake too late
Alarm clock fails Phone fails ”Inner clock”fails
matlab1.ir
Example ”Alarm clock fails”
Beeper fails
Button fails
Alarm clock fails
electronics fail
SWfails
Powerfails
Button read failsBeeper not set