che 421_lect8

Upload: moe-a-jalala

Post on 04-Apr-2018

224 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/31/2019 ChE 421_Lect8

    1/30

    CHE 421 RISK MANAGEMENTESTIMATING THE LIKELIHOOD OFINCIDENTS (PART B)

    Nicoleta Maynard 2009

  • 7/31/2019 ChE 421_Lect8

    2/30

    WEEK 8 PLAN:

    Quantitative estimation of fault trees

    The rules

    Reliability assessment of protective systems

    Analysis of systems with common failures

    Human errors in fault tree analysis

    Uncertainties

    Quantitative estimation of even trees

    Your example on fault/event tree

    In-class work

  • 7/31/2019 ChE 421_Lect8

    3/30

    Books & Journals

    Skelton, BobProcess Safety Analysis: anintroduction chapter 7

    Cameron I and Raman R. - Process Systems RiskManagement chapter 8

    Lees loss prevention in the process industries:

    hazard identification, assessment and control,

    edited by Sam Mannan, free electronic resource atCurtins library

    RESOURCES used for discussions/debate

  • 7/31/2019 ChE 421_Lect8

    4/30

    FAULT TREE AND EVENT TREESTRUCTURES

    trace

    to

    basic

    events

    traceto

    consequence

    s

    Topevent

    C5C1 C2 C3 C4

    Startingevent

    e6e5e4e3

    e2e1

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    5/30

    FAULT TREE GATE SYMBOLS

    Symbol Name Causal relation

    AND

    Output occurs if allinputs occur

    simultaneously

    OR

    Output occurs if anyinput event occurs

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    6/30

    FAULT TREE EVENT SYMBOLS

    Symbol Meaning

    Top event

    Basic event, not requiring furtherdevelopment

    House event assumed to exist as aboundary condition. Basic event,used to represent a demand

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    7/30

    FAULT TREEBASIC STRUCTURES(INDEPENDENT EVENTS)

    OR gateAND gate

    T

    BE1 BE2

    T

    BE2BE1

    Probability (-) Probability (-)

    P(T) P(BE1) P(BE2)

    Frequency (time-1)

    f(T) f(BE1) f(BE2) f(T) f(BE1)P(BE2)

    P(T) P(BE1) (BE2)

    Frequency (time-1)

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    8/30

    QUANTITATIVE EVALUATION OFFAULT TREES

    What do we need?

    Failure rate data section 8.7 (Cameron)

    Follow the rules:

    OR gate rules: can add the input frequencies

    can add the input probabilities

    cannot add an input frequency & probability

    AND gate rules: can multiply the input probabilities

    can multiply a frequency & a probability

    cannot multiply the input frequencies

  • 7/31/2019 ChE 421_Lect8

    9/30

    FAULT TREE PROTECTIVE SYSTEMSTRUCTURES

    Common scenario involves two major issues

    demand rate on protective system

    performance of protective system

    Stranded onHighway

    Tyre blowout Repair notpossible

    BE1 G1

    No sparetyre

    BE2

    No jack

    BE3

    No spanner

    BE4

    Example Tree

    Generic Tree

    Hazardoccurs

    Demand onsystem

    Protectivesystem fails

    T

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    10/30

    RELIABILITY ASSESSMENT OFPROTECTIVE SYSTEMS

    Fractional dead time (FDT) the fraction of the totaltime that the protective device is in failed state

    2 types of protective system failure:

    Reveled failure detected before the demand

    Unrevealed failure not knowing before the demand

    HR = D.FDT

    HR = hazard/incident rateD = demand rate (incidents/time)FDT = fractional dead time

    Probability of failure on demand:

    Ian Cameron (Ch.8) / Skelton (Ch.7)

  • 7/31/2019 ChE 421_Lect8

    11/30

    THE FRACTIONAL DEAD TIME (FDT)

    Function of:

    Mean failure rate of the component ()

    Proof test interval (Tp)

    FDT11

    Tp1 exp Tp

    FDT 0.5Tp for

  • 7/31/2019 ChE 421_Lect8

    12/30

    THE FRACTIONAL DEAD TIME (contd.)

    FDT should take into account:

    Tp/2

    - duration of the test (the protective system might bedisarmed)

    - human error of leaving protective system disarmedafter each test

    FDT 0.5Tp

    Tp

    if Tp /Tp 0

    Ian Cameron (Ch.8) / Skelton (Ch.7)

  • 7/31/2019 ChE 421_Lect8

    13/30

    FDT EXAMPLE

    The failure rate of emergency shutdown valve is0.05 p.a.

    The proof test interval is 1 in 6 months. During eachtest, the system is disarmed for 1 h.

    The general human error probability for ommison tore-alarm the trip is 0.003 per operation

    0.05 p.a.

    Tp 0.5 year

    1/8760 year 0.003

    FDT 0.5Tp

    Tp

    0.0125 0.000114 0.003 0.0156

    ifTp 1/12 year (monthly FDT 0.0021 1.14E 4 0.003 0.0052

    Ian Cameron (Ch.8) / Skelton (Ch.7)

  • 7/31/2019 ChE 421_Lect8

    14/30

    ANALYSIS OF SYSTEMS WITHCOMMON FAILURES

    Assume that the various inputs to the gate areindependent wrong!!!

    Essential to identify and treat common cause

    issues

    Example: a component contributing to a demand isalso used as protection system (control valve as tripvalve)

    Ian Cameron (Ch.8) / Skelton (Ch.7)

  • 7/31/2019 ChE 421_Lect8

    15/30

    CHLORINE/ETHYLENE REACTOR P&ID

    Ian Cameron (Ch.8)

  • 7/31/2019 ChE 421_Lect8

    16/30

    CHLORINE REACTOR EXAMPLE

    Demand events

    Cl2 control valve sticks open (A) 0.2 p.a. Cl2 control system (including sensor) malfunction (B) 0.1 p.a.

    C2H4 control valve sticks closed (C) 0.2 p.a.

    C2H4 control system (including sensor) malfunction (D) 0.1 p.a.

    Protection system failures:

    Cl2/C2H4 ratio high trip failure (E) 0.005 (FDT)

    Cl2 valve fails to close on demand (A)

    Top event release of Cl2 in atm

    Ian Cameron (Ch.8)

  • 7/31/2019 ChE 421_Lect8

    17/30

    CHLORINE REACTOR EXAMPLEFAULT TREE AFTER REDUCTION

    T= A+(B+C+D).E

    0.1/yr 0.1/yr0.2/yr

    0.4/yr

    0.005

    0.0020.2/yr

    0.202

    T= 0.202 p.a.

    Ian Cameron (Ch.8)

  • 7/31/2019 ChE 421_Lect8

    18/30

    CHLORINE REACTOR EXAMPLEshutdown valve for chlorine feed included

    T= (A+B+C+D).(E+F)=0.009 22 times reduction!!!Ian Cameron (Ch.8)

  • 7/31/2019 ChE 421_Lect8

    19/30

    Fault Tree

    Logic function for the tree

    TBE1 (BE2 BE3)(BE4 BE5)

    Mechanicalfailure Pump B

    BE5

    PS2 fails

    BE4

    Mechanicalfailure Pump A

    BE3

    Power supplyPS1 fails

    BE2

    Pump B fails

    G3Pump A fails

    G2

    Pumps fail

    G1

    Valve C fails

    BE1

    No flow

    0.1 0.15 0.1 0.15

    0.1

    Process

    [1]

    T 0.1 0.25 0.25 0.1625

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    20/30

    FAULT TREE REVISED PUMPINGAPPLICATION

    Logic function

    TBE1 BE2 BE3 BE5 0.222

    Pump B fails

    BE5

    Pump A fails

    BE3

    Pumps fail

    G1

    Valve C fails

    BE1

    No flow

    Power fails

    BE2

    Process

    Shared power supply

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    21/30

    FAULT TREES COMMON CAUSEFAILURES

    Common Cause Failures

    System Faults Operating Faults

    Design Construction Operating Procedures Ambience

    Not all

    parameters

    recognized

    Execution Component

    Manufacture

    Installation

    and start-up

    Maintenance

    and testing

    Operation Extreme

    values

    during

    operation

    not

    recognized

    Incidental

    events

    inadequate

    instrumentation

    inadequate

    control systems

    etc.

    common

    operating and

    control

    components

    inadequate

    components

    etc.

    inadequate

    quality

    control

    standards

    inspection

    etc.

    inadequate

    quality

    control

    standards

    inspection

    etc.

    inadequate

    testing

    inadequate

    repair

    inadequate

    calibration

    spare parts

    etc.

    operator

    instructions

    communications

    inadequate

    supervision etc.

    vibrations

    pressure

    temperature

    corrosion

    etc.

    fire

    flooding

    explosion

    etc.

    (Edwards et al. 1979) Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    22/30

    CAPTURING HUMAN FACTORS IN FTA

    Errors captured as:

    Skill-based: routine tasks

    Rule-based: procedural errors in work systems

    Knowledge-based: higher level decision making

    Human reliability analysis (HRA)

    Human error rate prediction:

    THERP: Technique for human error rateprediction (handbook)

    HEART: Human error assessment andreduction technique (database)

    Performance shaping factors (PSFs): training,communication and procedures, instrumentation

    feedback/design, preparedness, stress etc Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    23/30

    GENERAL ESTIMATES OF HUMANERROREstimated Error

    Probability

    Activity

    0.001 Pressing the wrong button. Error is not decision based, but one of loss ofinattentiveness or loss of concentration.

    0.003 - 0.01 General human error or commission, errors of omission, with no provision forreminder for error recovery. e.g. misreading label and therefore selecting wrong

    switch, forgetting to re-arm trip after function testing.

    1.0 Conditional probability of error in a 2nd task, given an error in the 1st task, whentwo coupled tasks are carried out by the same person.

    0.1 Failure to check plant condition after shift handover, in the absence of a wittenhandover procedure or a checklist.

    0.5 Failing to detect abnormal conditions during plant walk-through surveillance, inthe absence of a specific checklist.

    0.2 - 0.3 General error rate given very high stress levels where dangerous activities areoccurring rapidly.

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    24/30

    FAILURE TO DIAGNOSE ABNORMALEVENT

    0.01

    0.1

    1

    0 20 40 60 80 100 120 140 160 180 200

    Elapsed time, minutes

    Probability

    ofi

    ncorrectresponse

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    25/30

    FAULT TREES UNCERTAINTIES ANDPROBLEMS

    Inadequate definition of system boundary

    Failure to include all significant failure modes (e.g.human)

    Inconsistent units used No consideration of common mode failures

    Inappropriate failure data (eg. generic vs. specific)

    Lack of statistically significant data or none at all

    Wrong choice of logic

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    26/30

    EVENT TREES BASICS

    Define initiating event

    Define relevant secondary events (chronologicalsequence both technical and human)

    Trace failure paths

    Classify outcomes

    Estimate conditional probability of branches

    Quantify outcomes

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    27/30

    EVENT TREES QUANTITATIVEEVALUATION

    Provide frequency/probability data for eachoutcome

    Evaluate principal consequences ($/y) atparticular frequency

    Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    28/30

    EXAMPLE

    Pumpoverheats

    Secondaryevents:

    Failure+ Fire

    Notextinguished

    Major pipefailure

    Explosion

    Explosion

    Fire damageand loss

    Fire damage

    Short termfire

    Overheats

    C1

    C2

    C3

    C4

    C5

    (1-P1)

    (1-P2)

    (1-P3 )

    (1-P4)

    P4

    P3

    P2

    P1

    Yes

    No

    fo

    P(C1)=fo P1.P2.P3.P4

    P(C5)=fo (1-P1) Ian Cameron

  • 7/31/2019 ChE 421_Lect8

    29/30

    EXAMPLE

    Pumpoverheats

    Secondaryevents:

    Failure+ Fire

    Notextinguished

    Major pipefailure

    Explosion

    Explosion

    Fire damageand loss

    Fire damage

    Short termfire

    Overheats

    C1=0.00002

    C2

    C3

    C4

    C5

    (1-P1)

    (1-P2)

    (1-P3 )

    (1-P4)

    P4=0.2

    P3=0.2

    P2=0.1

    P1=0.05

    Yes

    No

    Fo=0.1

    P(C1)=fo P1.P2.P3.P4

    P(C2)=fo P1.P2.P3.(1-P4)

    P(C5)=fo (1-P1)

  • 7/31/2019 ChE 421_Lect8

    30/30

    HUMAN FACTORS IN EVENT TREES

    Human response outcomes after an initiating event Techniques to analyze these actions: HRA, THERP and HCR Performance shaping factors (PSFs) address stress levels Base performance data available from NUREG (USA) studies

    Ian Cameron