7/31/2019 ChE 421_Lect8
1/30
CHE 421 RISK MANAGEMENTESTIMATING THE LIKELIHOOD OFINCIDENTS (PART B)
Nicoleta Maynard 2009
7/31/2019 ChE 421_Lect8
2/30
WEEK 8 PLAN:
Quantitative estimation of fault trees
The rules
Reliability assessment of protective systems
Analysis of systems with common failures
Human errors in fault tree analysis
Uncertainties
Quantitative estimation of even trees
Your example on fault/event tree
In-class work
7/31/2019 ChE 421_Lect8
3/30
Books & Journals
Skelton, BobProcess Safety Analysis: anintroduction chapter 7
Cameron I and Raman R. - Process Systems RiskManagement chapter 8
Lees loss prevention in the process industries:
hazard identification, assessment and control,
edited by Sam Mannan, free electronic resource atCurtins library
RESOURCES used for discussions/debate
7/31/2019 ChE 421_Lect8
4/30
FAULT TREE AND EVENT TREESTRUCTURES
trace
to
basic
events
traceto
consequence
s
Topevent
C5C1 C2 C3 C4
Startingevent
e6e5e4e3
e2e1
Ian Cameron
7/31/2019 ChE 421_Lect8
5/30
FAULT TREE GATE SYMBOLS
Symbol Name Causal relation
AND
Output occurs if allinputs occur
simultaneously
OR
Output occurs if anyinput event occurs
Ian Cameron
7/31/2019 ChE 421_Lect8
6/30
FAULT TREE EVENT SYMBOLS
Symbol Meaning
Top event
Basic event, not requiring furtherdevelopment
House event assumed to exist as aboundary condition. Basic event,used to represent a demand
Ian Cameron
7/31/2019 ChE 421_Lect8
7/30
FAULT TREEBASIC STRUCTURES(INDEPENDENT EVENTS)
OR gateAND gate
T
BE1 BE2
T
BE2BE1
Probability (-) Probability (-)
P(T) P(BE1) P(BE2)
Frequency (time-1)
f(T) f(BE1) f(BE2) f(T) f(BE1)P(BE2)
P(T) P(BE1) (BE2)
Frequency (time-1)
Ian Cameron
7/31/2019 ChE 421_Lect8
8/30
QUANTITATIVE EVALUATION OFFAULT TREES
What do we need?
Failure rate data section 8.7 (Cameron)
Follow the rules:
OR gate rules: can add the input frequencies
can add the input probabilities
cannot add an input frequency & probability
AND gate rules: can multiply the input probabilities
can multiply a frequency & a probability
cannot multiply the input frequencies
7/31/2019 ChE 421_Lect8
9/30
FAULT TREE PROTECTIVE SYSTEMSTRUCTURES
Common scenario involves two major issues
demand rate on protective system
performance of protective system
Stranded onHighway
Tyre blowout Repair notpossible
BE1 G1
No sparetyre
BE2
No jack
BE3
No spanner
BE4
Example Tree
Generic Tree
Hazardoccurs
Demand onsystem
Protectivesystem fails
T
Ian Cameron
7/31/2019 ChE 421_Lect8
10/30
RELIABILITY ASSESSMENT OFPROTECTIVE SYSTEMS
Fractional dead time (FDT) the fraction of the totaltime that the protective device is in failed state
2 types of protective system failure:
Reveled failure detected before the demand
Unrevealed failure not knowing before the demand
HR = D.FDT
HR = hazard/incident rateD = demand rate (incidents/time)FDT = fractional dead time
Probability of failure on demand:
Ian Cameron (Ch.8) / Skelton (Ch.7)
7/31/2019 ChE 421_Lect8
11/30
THE FRACTIONAL DEAD TIME (FDT)
Function of:
Mean failure rate of the component ()
Proof test interval (Tp)
FDT11
Tp1 exp Tp
FDT 0.5Tp for
7/31/2019 ChE 421_Lect8
12/30
THE FRACTIONAL DEAD TIME (contd.)
FDT should take into account:
Tp/2
- duration of the test (the protective system might bedisarmed)
- human error of leaving protective system disarmedafter each test
FDT 0.5Tp
Tp
if Tp /Tp 0
Ian Cameron (Ch.8) / Skelton (Ch.7)
7/31/2019 ChE 421_Lect8
13/30
FDT EXAMPLE
The failure rate of emergency shutdown valve is0.05 p.a.
The proof test interval is 1 in 6 months. During eachtest, the system is disarmed for 1 h.
The general human error probability for ommison tore-alarm the trip is 0.003 per operation
0.05 p.a.
Tp 0.5 year
1/8760 year 0.003
FDT 0.5Tp
Tp
0.0125 0.000114 0.003 0.0156
ifTp 1/12 year (monthly FDT 0.0021 1.14E 4 0.003 0.0052
Ian Cameron (Ch.8) / Skelton (Ch.7)
7/31/2019 ChE 421_Lect8
14/30
ANALYSIS OF SYSTEMS WITHCOMMON FAILURES
Assume that the various inputs to the gate areindependent wrong!!!
Essential to identify and treat common cause
issues
Example: a component contributing to a demand isalso used as protection system (control valve as tripvalve)
Ian Cameron (Ch.8) / Skelton (Ch.7)
7/31/2019 ChE 421_Lect8
15/30
CHLORINE/ETHYLENE REACTOR P&ID
Ian Cameron (Ch.8)
7/31/2019 ChE 421_Lect8
16/30
CHLORINE REACTOR EXAMPLE
Demand events
Cl2 control valve sticks open (A) 0.2 p.a. Cl2 control system (including sensor) malfunction (B) 0.1 p.a.
C2H4 control valve sticks closed (C) 0.2 p.a.
C2H4 control system (including sensor) malfunction (D) 0.1 p.a.
Protection system failures:
Cl2/C2H4 ratio high trip failure (E) 0.005 (FDT)
Cl2 valve fails to close on demand (A)
Top event release of Cl2 in atm
Ian Cameron (Ch.8)
7/31/2019 ChE 421_Lect8
17/30
CHLORINE REACTOR EXAMPLEFAULT TREE AFTER REDUCTION
T= A+(B+C+D).E
0.1/yr 0.1/yr0.2/yr
0.4/yr
0.005
0.0020.2/yr
0.202
T= 0.202 p.a.
Ian Cameron (Ch.8)
7/31/2019 ChE 421_Lect8
18/30
CHLORINE REACTOR EXAMPLEshutdown valve for chlorine feed included
T= (A+B+C+D).(E+F)=0.009 22 times reduction!!!Ian Cameron (Ch.8)
7/31/2019 ChE 421_Lect8
19/30
Fault Tree
Logic function for the tree
TBE1 (BE2 BE3)(BE4 BE5)
Mechanicalfailure Pump B
BE5
PS2 fails
BE4
Mechanicalfailure Pump A
BE3
Power supplyPS1 fails
BE2
Pump B fails
G3Pump A fails
G2
Pumps fail
G1
Valve C fails
BE1
No flow
0.1 0.15 0.1 0.15
0.1
Process
[1]
T 0.1 0.25 0.25 0.1625
Ian Cameron
7/31/2019 ChE 421_Lect8
20/30
FAULT TREE REVISED PUMPINGAPPLICATION
Logic function
TBE1 BE2 BE3 BE5 0.222
Pump B fails
BE5
Pump A fails
BE3
Pumps fail
G1
Valve C fails
BE1
No flow
Power fails
BE2
Process
Shared power supply
Ian Cameron
7/31/2019 ChE 421_Lect8
21/30
FAULT TREES COMMON CAUSEFAILURES
Common Cause Failures
System Faults Operating Faults
Design Construction Operating Procedures Ambience
Not all
parameters
recognized
Execution Component
Manufacture
Installation
and start-up
Maintenance
and testing
Operation Extreme
values
during
operation
not
recognized
Incidental
events
inadequate
instrumentation
inadequate
control systems
etc.
common
operating and
control
components
inadequate
components
etc.
inadequate
quality
control
standards
inspection
etc.
inadequate
quality
control
standards
inspection
etc.
inadequate
testing
inadequate
repair
inadequate
calibration
spare parts
etc.
operator
instructions
communications
inadequate
supervision etc.
vibrations
pressure
temperature
corrosion
etc.
fire
flooding
explosion
etc.
(Edwards et al. 1979) Ian Cameron
7/31/2019 ChE 421_Lect8
22/30
CAPTURING HUMAN FACTORS IN FTA
Errors captured as:
Skill-based: routine tasks
Rule-based: procedural errors in work systems
Knowledge-based: higher level decision making
Human reliability analysis (HRA)
Human error rate prediction:
THERP: Technique for human error rateprediction (handbook)
HEART: Human error assessment andreduction technique (database)
Performance shaping factors (PSFs): training,communication and procedures, instrumentation
feedback/design, preparedness, stress etc Ian Cameron
7/31/2019 ChE 421_Lect8
23/30
GENERAL ESTIMATES OF HUMANERROREstimated Error
Probability
Activity
0.001 Pressing the wrong button. Error is not decision based, but one of loss ofinattentiveness or loss of concentration.
0.003 - 0.01 General human error or commission, errors of omission, with no provision forreminder for error recovery. e.g. misreading label and therefore selecting wrong
switch, forgetting to re-arm trip after function testing.
1.0 Conditional probability of error in a 2nd task, given an error in the 1st task, whentwo coupled tasks are carried out by the same person.
0.1 Failure to check plant condition after shift handover, in the absence of a wittenhandover procedure or a checklist.
0.5 Failing to detect abnormal conditions during plant walk-through surveillance, inthe absence of a specific checklist.
0.2 - 0.3 General error rate given very high stress levels where dangerous activities areoccurring rapidly.
Ian Cameron
7/31/2019 ChE 421_Lect8
24/30
FAILURE TO DIAGNOSE ABNORMALEVENT
0.01
0.1
1
0 20 40 60 80 100 120 140 160 180 200
Elapsed time, minutes
Probability
ofi
ncorrectresponse
Ian Cameron
7/31/2019 ChE 421_Lect8
25/30
FAULT TREES UNCERTAINTIES ANDPROBLEMS
Inadequate definition of system boundary
Failure to include all significant failure modes (e.g.human)
Inconsistent units used No consideration of common mode failures
Inappropriate failure data (eg. generic vs. specific)
Lack of statistically significant data or none at all
Wrong choice of logic
Ian Cameron
7/31/2019 ChE 421_Lect8
26/30
EVENT TREES BASICS
Define initiating event
Define relevant secondary events (chronologicalsequence both technical and human)
Trace failure paths
Classify outcomes
Estimate conditional probability of branches
Quantify outcomes
Ian Cameron
7/31/2019 ChE 421_Lect8
27/30
EVENT TREES QUANTITATIVEEVALUATION
Provide frequency/probability data for eachoutcome
Evaluate principal consequences ($/y) atparticular frequency
Ian Cameron
7/31/2019 ChE 421_Lect8
28/30
EXAMPLE
Pumpoverheats
Secondaryevents:
Failure+ Fire
Notextinguished
Major pipefailure
Explosion
Explosion
Fire damageand loss
Fire damage
Short termfire
Overheats
C1
C2
C3
C4
C5
(1-P1)
(1-P2)
(1-P3 )
(1-P4)
P4
P3
P2
P1
Yes
No
fo
P(C1)=fo P1.P2.P3.P4
P(C5)=fo (1-P1) Ian Cameron
7/31/2019 ChE 421_Lect8
29/30
EXAMPLE
Pumpoverheats
Secondaryevents:
Failure+ Fire
Notextinguished
Major pipefailure
Explosion
Explosion
Fire damageand loss
Fire damage
Short termfire
Overheats
C1=0.00002
C2
C3
C4
C5
(1-P1)
(1-P2)
(1-P3 )
(1-P4)
P4=0.2
P3=0.2
P2=0.1
P1=0.05
Yes
No
Fo=0.1
P(C1)=fo P1.P2.P3.P4
P(C2)=fo P1.P2.P3.(1-P4)
P(C5)=fo (1-P1)
7/31/2019 ChE 421_Lect8
30/30
HUMAN FACTORS IN EVENT TREES
Human response outcomes after an initiating event Techniques to analyze these actions: HRA, THERP and HCR Performance shaping factors (PSFs) address stress levels Base performance data available from NUREG (USA) studies
Ian Cameron
Top Related