“RELIABILITY, SAFETY AND RISK ANALYSIS”
65
“RELIABILITY, SAFETY AND RISK ANALYSIS” Lecture 1: Introduction to the Course 22/02/2021 Piero Baraldi ([email protected])
Transcript of “RELIABILITY, SAFETY AND RISK ANALYSIS”
“RELIABILITY, SAFETY AND RISK ANALYSIS”
Lecture 1: Introduction to the Course
22/02/2021Piero Baraldi ([email protected])
Piero Baraldi
2
Introduction to the course:• Reliability• Safety• Risk Analysis
演示者
演示文稿备注
The first half of the course will be about the concept of reliability You graduate at polimi with a very high mark. You work for a very famous engineering company… you design a turbine. You are one of the best turbine designer. Then the turbine is made with very good materials…. And start working in a energy production plant…
Piero Baraldi
Degradation & Failure3
Healthy Degradation initiation
Evolution to… failure
Failure
演示者
演示文稿备注
What is our problem? We consider industrial component. In the example a glass of red wine . Even if you are very good at designing the component and you use the best material and technologies available, the industrial component, sooner or later will start to degrade. Here the component is represented by a glass of wine. You see at this time you have the onset of a degradation process (a crack). The crack becomes bigger and bigger and at a given time you will have the collapse of the component.
44Piero Baraldi
Degradation (some examples)
Creeping of turbine blades
Erosion of chokevalves
Crack propagation
演示者
演示文稿备注
OK, now let’s change the glass of wine with three components from three very different industrial systems These are the blades of a gas turbine. They can undergo a process of creeping. Creeping is a plastic deformation, the blade becomes thinner and at the end can break. The loss of a turbine blade is one of the most feared failure modes of turbomachinery. The turbine becomes unbalanced, this causes the failure of the turbine bearing which will stop the turbine in a very short time, the consequence is the failure of the rotor with parts of the system (missiles) that can reach hundreds of meters from the turbine Oil industry. A valve in an offshore oil plant.due to the sand we have a process of erosion of this choke valve. Which we have to periodically replace. Nei pozzi ad alta pressione il flusso può raggiungere 400/500 m/s. Tempi di vita intorno anche all’anno. Difficoltà nel rimpiazzo fermo attività MOTORS: crack propagation in bearings of rotating machinery, which often results in damage to the bearings and consequent reduced efficiency, or even severe damage, of the entire motor system.
Consequences
Failure: an Example from the Nuclear Industry
• Davis-Besse accident (February 2002): Refueling outage a cavity of the size of an American football in the reactor
pressure vessel head. Only a layer of cladding of 7.6 mm thick was left by the corrosion.
5
Repair Action: new lid (600M $) Stop operation until March 2004 (2 years)
Possible consequences in case of rupture Loss of coolant accident (LOCA)
Emergency safety procedures to protect from core damage or meltdown
The jet of reactor coolant might have damaged adjacent control rod drive mechanisms,
hampering or preventing reactor shut-down.
Core melt down
演示者
演示文稿备注
This is the top of the pressure vessel of NPP, these are the control bars. Here we should have 15 cm of steel. During a routine inspection, workers felt a wiggle of the control rode drive mechanisms. It should be impossible since it should be sorrounded by the 15 cm thick steel. I this case , they were lucky: they detected the cavity just in time, but what about if we had the ropture? … it was a problem of Boric Acid Corrosion. As with all environmentally-assisted damage modes there is an expected distribution in the extent of damage reflecting the stochastic processes occurring early in the damage development, and the uncertainties associated with modeling and system definition. The practical question here (quite apart from addressing the failure to address the problem in a timely manner) is: "Can we expect other similar incidents, for which the Davis Besse case is part of a wider distribution?" In fact, there have been many similar though less serious incidents including at least one case where almost the entire thickness of a low alloy steel pipe was corroded away to the internal stainless steel cladding due to a boric acid leak from a valve above). Other incidents have also occurred including failures of low alloy steel bolting of flanged joints exposed to high velocity steam jets (steam cutting) from primary side leaks where the degradation was probably mainly caused by erosion with a contribution from BAC where condensation occurred. Unfortunately, we do not know with certitude the specific system conditions that can lead to extensive BAC under boric acid deposits; in many cases relatively little corrosion of carbon or low alloy steel occurs under such deposits. We cannot readily explain, for instance, the fact at Davis Besse that there was extensive BAC at one penetration (#3), but no BAC damage at an adjacent and nominally identical penetration other than as a possible consequence of different elapsed times from the first occurrence of a leak in the two penetrations. Consequently a defensible proactive mitigation action is difficult to define at this time, and degradation management can be accomplished by reliable inspection and timely repair or replacement
66Piero Baraldi6
Explosion of the platform Deepwater Horizon (Gulf of Mexico), April 2010 (source: sciencesetavenir.fr)
Probable cause: leakage in the oil pumping system
Kamal MEDJAHER and Noureddine ZERHOUNI, workshop (Politecnico di Milano, 2015)
11 fatalities 4.9 billion barrels of oil spilled into Gulf of
Mexico Reputation Reputation Repair efforts:
1 billion dollars spent in Google, Adwords, and Youtube advertising
New CEO $20 billion claims fund $52 million to federal and state health
organizations to fund behavioural healthsupport and outreach programs across theUS Gulf Coast region
Consequences
Failure: an Example from the Oil and Gas Industry
Piero Baraldi
7
Cause: failure of a fishplate (source: Bureau d’enquêtes sur les accidents de transport terrestre)
Train derailment in Brétigny-sur-Orge in July 2013
7 fatalities 21 people were seriously injured 180 people were injured
Failure: an Example from Railway
Consequences
Sources: Keynote of Pierre Dersin at PHM Europe 2014, Muller et al. 1996, Sovacool 2008, Tzanakakis 2013, Kamal MEDJAHER and Noureddine ZERHOUNI workshop (Politecnico di Milano, 2015)
演示者
演示文稿备注
Metal bar that is bolted at the end of 2 rails to join them
Piero Baraldi
Failure: an Example from Civil Infrastructures 8
演示者
演示文稿备注
Morandi Bridge collapse tower
Piero Baraldi
Failure 9
演示者
演示文稿备注
Our life is based on critical infrastructures, such as an electric grid or a transportation systems. They can fail due to external events, cyclone, avalanche,…
Piero Baraldi10
Failure costs (Some Numbers)
According to Network Rail (UK), rail infrastructure failures and defects are responsible for 14 million minutes of delay per year
In automobile domain, failures cost around 288 millions US $ per day
Sources: Keynote of Pierre Dersin at PHM Europe 2014,
Piero Baraldi
Failure Definition 11
Failure definition: the termination/loss of ability of an item to perform its required function
Failure examples: Total cessation of function
• An engine stops running• A structure collapses
Deterioration/instability of function• a motor that is no longer capable of delivering a specified torque• a structure that exceeds a specified deflection
演示者
演示文稿备注
For example, a pump to pump a flow between minimum and maximum, a valve to stop a flow in a given amount of time…
Piero Baraldi12
Failure prevention
FailuresPrevented by
Design for Reliability Maintenance
Time
NormalDegradation
onsetRepair
演示者
演示文稿备注
Add a safety system to your industrial plant in order to improve its reliability.
Piero Baraldi
Reliability
Reliability (ISO8402): ability to perform an assigned task for a given time under given environmental and operational conditions • Always present in human activities
• From reasonable to rational solutions
13
演示者
演示文稿备注
ISO=International Standard Organization (continuously from the start of the operation until the system mission time) Environmental and Operationl Conditions … Vessel of a NPP = 40 years F1 engine = 1 season (21 races) carriege Concept of reliability always present in the human history. However, until the 2nd war war, people were not investing the concept of reliability. After a failure they were just replacing the failed component, maybe with one of better quality, design,… With the 2nd war war and the complexity of the industry, this was not possible (airplane).
Piero Baraldi
Reliability engineering: When?
II World War: USA
Radar Vacuum tubes
GERMAN
V1 Missile
14
• lot of failures• poor system performance• high maintenance costs
first reliabilitystudies
first 10 launcheswere allfiascos
first reliabilitystudies
Lusser (German Mathematician):“the reliability of a chain of components is determined by the reliability of the weak link”
演示者
演示文稿备注
5 times as the other electronic components V1; after the launches they were trying to improve all the components, but they were not able to improve the system…
Piero Baraldi
Reliability Engineering
• Why do systems fail? (reliability physics to discover causes and mechanisms of failure and to identify consequences)
• How to develop reliable systems?• How to measure/test reliability (in design and operation)? • How to maintain systems reliable (maintenance)?
15
演示者
演示文稿备注
These are the questions to which reliability engineering is trying to answer
Piero Baraldi
Our Big Problem…
lamp of my wife’s bedside table
lamp of mybedside table
演示者
演示文稿备注
This is making this course a little different from most of the other courses you have seen until now. We have to deal with random event Heat transfer, there is an equation, maybe is differential, with partial derivatives,… difficult to solve…., but there is an exact solution…Here is different…
Piero Baraldi
Our Big Problem…
t
t
X
X
lamp of my wife’s bedside table
lamp of mybedside table
http://www.centennialbulb.org/photos.htm
演示者
演示文稿备注
This is making this course a little different from most of the other courses you have seen until now. We have to deal with random event Heat transfer, there is an equation, maybe is differential, with partial derivatives,… difficult to solve…., but there is an exact solution…Here is different…
Piero Baraldi
Our Big Problem…
t
t
X
X
The failure time is a random variable!
How to represent the failure time?
Probability distribution: fT(t)
lamp of my wife’s bedside table
lamp of mybedside table
演示者
演示文稿备注
Random - uncertain variable – a variable for which we do not know the true value in advance. What is the consequence in practice of this? We must have few lectures to recall the basic concepts of probability and statistics (I promise , just few lectures at the beginning of the course).
Piero Baraldi
Reliability and Probability
Definition of reliability (ISO8402): the ability to perform an assigned task for a given time under given environmental and operational conditions
Operative definition of reliability: Probability that an item performs its assigned task for a given time under given environmental and operational conditions
Piero Baraldi
Reliability, Performance and Cost: the Trade-Off
• Objective: design and build product for improved performance Faster aircraft Thermodynamically more efficient energy conversion
devices
• Increase ‘load’ Aircraft decrease weight Energy conversion devices work at larger temperature
• Approach the physical limit of the system Aircraft Increase stress level in its components Energy conversion devices heat-induced losses of
strengths and more rapid corrosion
• Number of failures increases (reliability decreases)
• Countermeasures should be taken (cost increases) Purer material Tighter dimensional tolerance Monitoring & improved maintenance
20
演示者
演示文稿备注
When we consider the reliability of a component, we should take into account that the concept of reliability is deeply connected with the performance and the cost of the system. At an industrial level, the objective is always that of improving the performance of the system. To obtain better performance, what we typically do is to increase the load on the system. What is the problem of this? We will approach the … limits of the system, … s at the nd the results will be to increase … or, it is the same, to decrease the reliability of the system. But this is typically not acceptable, so we should take countermeasures. … The results of this countermeasures is an increase of the costs.
Piero Baraldi
Reliability, performance and cost: the trade-off
• Objective: design and build product for improved performance Faster aircraft Thermodynamically more efficient energy conversion
devices
• Increase ‘load’ Aircraft decrease weight Energy conversion devices work at higher temperature
• Approach the physical limit of the system Aircraft Increase stress level in its components Energy conversion devices heat-induced losses of
strengths and more rapid corrosion
• Number of failures increases (reliability decreases)
• Countermeasures should be taken (cost increases) Purer material Tighter dimensional tolerance Monitoring & improved maintenance
21
Use new-design components, thanks to new technologies(e.g. iron instead of wood in Structures)
Potentially, in the long term:• Better performance• Lower costs• Larger reliability
But in the early stage of introduction of the new technology:• Lower reliability
e.g. iron instead of wood in structures:• Problem of brittle fractures
演示者
演示文稿备注
The concept of reliability should not be considered alone, but intrinsically connected with those of performance and cost. The objective that we have as engineer is always that of improve the performance of our system.
Piero Baraldi
• Maintenance (IEC60300): set of actions that ensure the ability of an item to be retained in (preventive maintenance) or restored to (corrective maintenance) the functional state required by the purpose for which it was conceived.
Maintenance 22
Failure Maintenance
preventivemaintenance
演示者
演示文稿备注
Set of actions that we do to: 1) maintain the equipment working (able to perform…) 2) In case of failure: to repair/replace
Piero Baraldi
Maintenance Costs
Derived from M. Garetti
G$/year
演示者
演示文稿备注
More work done by machine, less by personnel. Machines may have failure.
Piero Baraldi
24
Introduction to the course:• Reliability• Safety• Risk Analysis
Piero Baraldi
Safety
• SAFETY ≡ freedom from unaffordable harm
演示者
演示文稿备注
State of being "safe", the condition of being protected from harm or other non-desirable outcomes
Piero Baraldi
26Hazard = Source of Potential Damage
演示者
演示文稿备注
Hazards can have very different sources…
Piero Baraldi
Hazard
barrier
No Hazard
Safety
• SAFETY ≡ freedom from unaffordable harm
• The ‘parmesan cheese’ model
演示者
演示文稿备注
Hazard = Source of potential damage 1) Radioactive material in a NPP 2) Oil and gas in the well reservoir We try to put a barrier (represented by a slice of cheese) to avoid that the potential damage (the hazard) becomes a real damage For example in a Nuclear Power Plant we have the fuel rod, the pressure vessel and the containment
Piero Baraldi
Not all barriers work...
Safety
演示者
演示文稿备注
Poor mouse…, this barrier the helmet is not going to work
Piero Baraldi
Not all barriers work...
Safety
演示者
演示文稿备注
Protective mask
Piero Baraldi
No Hazard
Hazard
Safety: Multiple Barriers
Piero Baraldi
Geological Barrier
Technical BarriersEmbeddingStorage caskOver packsBackfill
Waste
Safety: Multiple Barriers - Example
演示者
演示文稿备注
Hazard = Spent nuclear fuel Radioactive waste repository
Piero Baraldi
Hazard
HumanErrors
ProceduralErrorsFaults in
Redundancies
Safety: the Swiss Cheese Model
演示者
演示文稿备注
The problem is that the safey barriers that we design can have weaknesses, the holes in the figure. So in some particular conditions they can be ineffective. Depending on the hazards, the environmental conditions and so on, these weaknesses are continuosly changing position and size. According to this model, we have a system failure when all the holes align, permitting a trajectory, an accident opportunity, the hazard passes through all
Piero Baraldi
33
Introduction to the course:• Reliability• Safety• Risk Analysis
Piero Baraldi
The Concept of Risk
Hazard
SafeguardsEnvironment
People
UNCERTAINTY
演示者
演示文稿备注
A risk requires the presence of an hazard = potential source of damage. A Tank filled with a potentially exposive solution. Damage can be to the worker of the plant, to the population or to the environment. If there is an hazard, safeguards are typically used to prevent the possible undesired consequence of the hazard. Typically we can try to prevent the occurrence of the hazard (good control of the solution conditions) or mitigate its consequence (build a containment around the tank). Notice that not all the hazards becomes damage, there is an uncertainty behind the fact that the hazard translates from potential to actual damage. So, the idea of risk is connected with uncertainty and damage.
Piero Baraldi
The Concept of Risk 35
RISK = POTENTIAL DAMAGE + UNCERTAINTY
Dictionary: RISK = possibility of damage or injuryto people or things
Piero Baraldi
Probabilistic Risk Assessment 36
Piero Baraldi
Probabilistic Risk Assessment 37
1. What undesired conditions may occur? Accident Scenario, S
2. With what probability do they occur? Probability, p
3. What damage do they cause? Consequence, x
RISK = { Si, pi, xi }
Piero Baraldi
S p x
S1 p1 x1
… … …
SN pN xN
{Si, pi, xi}
Probabilistic Risk Assessment (PRA): Results
Piero Baraldi
RISK = p∙xRisk Measures
演示者
演示文稿备注
Let us start for simplicity from a system with a single possible accidental scenario. A measure of risk should combine the probability of occurence with a measure of the consequences. It can be natural to consider the product. So RISK is equal to probability * consequence. Tipically our perception is that the consequences are more relevant than probability power of k… Prevention add redundancies, improve reliability of the components Mitigation emergency system that reduces the consequences Protection
Piero Baraldi
RISK = p∙x k(>1)
Risk Measures
演示者
演示文稿备注
Let us start for simplicity from a system with a single possible accidental scenario. A measure of risk should combine the probability of occurence with a measure of the consequences. It can be natural to consider the product. So RISK is equal to probability * consequence. Thipically our perception is that the consequences are more relevant than consequences power of k… Prevention add redundancies, improve reliability of the components Mitigation emergency system that reduces the consequences Protection emergency system that reduces the consequences outside
Piero Baraldi
RISK = Σipixik(>1)
WARNING:
RISK (A)= RISK (B) A=(P, x); B=(p, X)
RISK REDUCTION:
A: Prevention B: Mitigation, Protection
Risk Measures
演示者
演示文稿备注
Prevention add redundancies, improve reliability of the components Mitigation emergency system that reduces the consequences (mitigate the accident) e.g. a fire protection system Protection containment system that limits the consequence outside
Piero Baraldi
The level of risk is not acceptableand risk control measures arerequired to move the risk figure tothe previous regions
The level of risk is broadlyacceptable and generic controlmeasures are required aimed atavoiding deterioration
The level of risk can be tolerableonly once a structured review ofrisk-reduction measures hasbeen carried out
Risk Evaluation: Risk Matrix
Piero Baraldi
Risk Assessment & Management Procedure 43
Piero Baraldi
Global Risk 44
Piero Baraldi
45
Course Syllabus
Piero Baraldi
Topics
• Basics of probability• Reliability of simple systems• Markov processes for reliability and availability
analysis of more complex systems• Monte Carlo simulation method for reliability and
availability analysis• Estimation of reliability parameters from
experimental data• Maintenance in the energy industry• Probabilistic Risk Assessment• Bayesian networks, fault and event tree analysis
for identification and quantification of accidentalsequences
• Dependent Failures• Importance Measures
Part 1: Reliability
Part 2: Risk
Assessment
Piero Baraldi
Topics (Part 1)
• Basics of probability
t
t
X
X
The failure time is a random variable!
How to represent the failure time?
Probability distributions: fT(t|λ)
Piero Baraldi
Topics (Part 1)
• Basics of probability• Reliability of simple systems
pumping system
Piero Baraldi
Topics (Part 1)
• Basics of probability• Reliability of simple systems• Markov processes for reliability and availability analysis of more
complex systems
Piero Baraldi
Topics (Part 1)
• Basics of probability• Reliability of simple systems• Markov processes for reliability and availability analysis of more
complex systems• Monte Carlo simulation method for reliability and availability analysis
Monte Carlo Simulationfor reliability and availability analysis
Piero Baraldi
Topics (Part 1)
• Basics of probability• Reliability of simple systems• Markov processes for reliability and availability analysis of more
complex systems• Monte Carlo simulation method for reliability and availability analysis• Estimation of reliability parameters from experimental data
(Accelerated) degradationtests
Failure times15.8 h15.9 h15.1 h17.2 h…14.5 h
fT(t|𝜃𝜃)
Piero Baraldi
Topics (Part 1)
• Basics of probability• Reliability of simple systems• Markov processes for reliability and availability analysis of more
complex systems• Monte Carlo simulation method for reliability and availability analysis• Estimation of reliability parameters from experimental data• Maintenance
?
Piero Baraldi
Topics (Part 2)
• (Probabilistic) Risk Assessment• Bayesian networks, fault and event tree analysis for identification and
quantification of accidental sequences• Importance Measures• Dependent Failures
53
Piero Baraldi
Topics
• (Probabilistic) Risk Assessment
54
S p x
S1 p1 x1
… … …
SN pN xN
Piero Baraldi
Topics
• Probabilistic Risk Assessment• Bayesian networks, fault and event tree analysis for identification and
quantification of accidental sequences
55
Blowout Accident in Oil and Gas Wells during drilling
Blowout
Kick
Piero Baraldi
Topics (Part 2)
• Probabilistic Risk Assessment• Fault and event tree analysis for identification and quantification of
accidental sequences• Importance Measures
56
Which is the most«critical» component?
Piero Baraldi
Topics (Part 2)
• Probabilistic Risk Assessment• Fault and event tree analysis for identification and quantification of
accidental sequences• Importance Measures• Dependent Failures
57
electric grid
Piero Baraldi
Topics (Part 2)
• Probabilistic Risk Assessment• Fault and event tree analysis for identification and quantification of
accidental sequences• Importance Measures• Dependent Failures
58
Piero Baraldi
Teaching Organization
• Lectures (traditional + flipped classes)• Exercise Sessions• Homework
development of a matlab/python code for the estimation of reliability and availability of an energy system
multidisiplinary teams (energy, manamegement, nuclear students)• Prepare a presentation and deliver a speech on a specific topic
related to the latest advancement in the field of reliability, safety and risk analysis.
• Seminars
Piero Baraldi
Teaching Organization (energy and nuclear engineering students)
RELIABILITY, SAFETY AND RISK ANALYSIS C
RELIABILITY, SAFETY AND RISK ANALYSIS A+B
June4th
Part 1 Part 2
May 19th
Piero Baraldi
Final Evaluation
33 Points Written exam ([30%;40%] of the final mark):
• Exercises (and questions?) on all the course topics Oral exam ([40%,50%] of the final mark):
• 2 questions (on all the course topics) Homework Monte Carlo (12% of the final mark) Presentation (6%) Bouns Exercise (2%)
1) It is necessary to have at least 18/30 in the written exam to be admitted to the oral2) It is necessary to have 30/30 in the written or oral exam to have 30 cum Laude
Piero Baraldi
Course Material
• Lecture slides (http://www.lasar.polimi.it/)• Zio E., An introduction to the basics of reliability and risk analysis,
World Scientific, 2007.• Zio E., Computational methods of reliability and risk analysis, World
Scientific, 2009.• Zio E., The Monte Carlo Simulation Method for System Reliability and
Risk Analysis• Zio E., Baraldi P., Cadini F., “Basics of Reliability and Risk Analysis:
Worked Out Problems and Solutions”. World Scientific, Singapore, 2011
Piero Baraldi
63
Piero Baraldi
64
Piero Baraldi
65
