Presentation on theme: "10. Hazard & Risk Reliable System Design 2011 by: Amir M. Rahmani."— Presentation transcript:
10. Hazard & Risk Reliable System Design 2011 by: Amir M. Rahmani
matlab1.ir Hazard analysis Safety is a property of a system that it will not endanger human life or the environment Probably the most important mechanism for improving the safety of a system is to identify the ways in which it can cause the harm, i.e., hazards A hazard is a system state that could lead to: Loss of life Loss of property Release of energy Release of dangerous materials Hazards are the states we have to avoid
matlab1.ir Hazard & Risk (1) A hazard is a situation in which there is actual or potential danger to people or to the environment (2) A hazard is a state or set of conditions of a system that, together with other conditions in the environment of the system will lead unavoidably to an accident Characteristics of a hazard: risk Risk is a combination of severity and probability of hazard occurrence
matlab1.ir Hazard & Accident An Accident (Incident) is an undesired and unplanned (but not necessarily unexpected) event that result in (at least) a specified level of loss Hazard represents a potential for an accident to occur An elevator shaft with a door stuck open is a hazard - a hazardous state It is not necessarily the case that an accident will result For an accident to occur requires that an environmental circumstance arise - a blind person walks through the open door unaware of the state For each activity it is wise to consider hazards associated with the activity and the risks associated with those hazards
matlab1.ir Further definitions - Risk Risk Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.risks Risk Assessment Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized hazard quantitativequalitative Risk Analysis The process of evaluating the frequency (or probability) of hazardous events.
matlab1.ir Further definitions - Risk Tolerable Risk A risk that is allowed to exist, so that certain benefits can be gained - there being a level of confidence that the risk is under control. Intolerable Risk A risk that cannot be justified except in extraordinary circumstances. Negligible Risk A risk that is so small and insignificant that it can be ignored as long as existing precautions remain in place.
matlab1.ir Risk analysis Risk analysis predicts the probability and severity of accidents Example: In a country with a population of 10,000,000 approximately 5000 people are killed in traffic accidents each year. In average each person spend 500 hours per year in situations where they are exposed to the risk of traffic accidents. What is the risk of being killed in a traffic accident? (5000 / 10 7 ) / 500 = deaths/hour
matlab1.ir An Overview of Accidents Taken from a publication called Out of Control from the UK Health and Safety Executive. A set of 34 Accidents all involving control systems was analysed. All systems possessed one or more input devices, a controller, plus one or more output devices.
matlab1.ir Analysis discovered
matlab1.ir Lessons Learned A number of "good engineering practices" are being ignored Hazard analysis in the specification phase often does not occur - major source of failure. Maintenance policy is often not considered at the specification stage thus making it difficult, for example, for components to be safely isolated and maintained. "no single failure should cause a dangerous failure to the overall system" needs to become a more widely respected principle.
matlab1.ir Hazard identification Hazard identification is the systematic determination of a system’s hazards Complex and sophisticated process Once identified, the set of hazards define a set of system states that we need to avoid How could system enter one of the hazardous states? Is it possible to avoid hazards?
matlab1.ir Hazard analysis Hazard Analysis involves: Identifying the hazards that exist within a system. Determining the chain of events that could potentially lead to each hazard. Determining the consequences resulting from an occurrence of the hazard. Investigating any safeguards already in place to address the hazards.
matlab1.ir Preliminary Hazard Analysis PHA : a distinct phase of the Overall Safety Lifecycle, carried out at requirements stage. The purpose of PHA is: To identify safety-critical areas of the system To evaluate/identify major hazards (which must be controlled or eliminated by redesign). PHA should be carried out for ALL systems and subsystems.
matlab1.ir Preliminary Hazard Analysis A brief description of the system and its environment An overview of the system’s function and its safety features The safety objectives of the system Justification of the risk and integrity level assignments Target failure rates and safety levels Sources of any data used within the analysis A bibliography of all documents used.
PHA Main Steps 1. PHA prerequisites 2. Hazard identification 3. Consequence and frequency estimation 4. Risk ranking and follow-up actions matlab1.ir
1- PHA prerequisites 1. Establish PHA team 2. Define and describe the system to be analyzed (a) System boundaries (which parts should be included and which should not) (b) System description; including layout drawings, process flow diagrams, block diagrams, and so on (c) Use and storage of energy and hazardous materials in the system (d) Operational and environmental conditions to be considered (e) Systems for detection and control of hazards and accidental events, emergency systems, and mitigation actions 3. Collect risk information from previous and similar systems (e.g., from accident data bases) matlab1.ir
PHA - System breakdown To be able to identify all hazards and events, it is often necessary to split the system into manageable parts, for example, into three categories System parts (e.g., process units) Activities Exposed to risk (who, what are exposed?) matlab1.ir
2- Hazard identification All hazards and possible accidental events must be identified. It is important to consider all parts of the system, operational modes, maintenance operations, safety systems, and so on. All findings shall be recorded. No hazards are too insignificant to be recorded. Murthy’s law must be borne in mind: “If something can go wrong, sooner or later it will”. matlab1.ir
Hazard checklist To get a complete survey of all possible hazards it may be beneficial to use a hazard checklist. An example of a checklist (mainly from the standard EN 1050) is given. Mechanical hazards Electrical hazards Ex: Approach to live parts under high voltage Thermal hazards Ex: Damage to health by hot or cold working environment Thermodynamic hazards Hazards generated by noise Ex: Interference with speech communication, acoustic signals, etc. Hazards generated by vibration Hazards generated by radiation Hazards generated by materials/substances Fire or explosion hazard matlab1.ir
3-Frequency and consequence estimation The risk related to an accidental event is a function of the frequency of the event and the severity of its potential consequences. To determine the risk, we have to estimate the frequency and the severity of each accidental event. matlab1.ir
4- Risk ranking and follow-up actions matlab1.ir The risk is established as a combination of a given event/consequence and a severity of the same event/consequence. This will enable a ranking of the events/consequences in a risk matrix as below:
PHA Result matlab1.ir The results of the PHA are usually reported by using a PHA worksheet (or, a computer program). Some analyses may require other columns, but these are the most common.
PHA – Adv., Disadv. Positive Helps ensure that the system is safe Modifications are less expensive and easier to implement in the earlier stages of design Decreases design time by reducing the number of surprises Negative Hazards must be foreseen by the analysts The effects of interactions between hazards are not easily recognized matlab1.ir
Approaches to Hazard Analysis Hazard and Operability Studies (HAZOP) Event Tree Analysis (ETA) Fault Tree Analysis (FTA) Failure Modes and Effects Analysis (FMEA). Failure Modes, Effects and Criticality Analysis (FMECA). Cause Consequence Analysis (CCA)
matlab1.ir Hazard and Operability Studies (HAZOP) HAZOP is a technique (almost like brainstorming) whereby a group of well informed people aim to identify all the ways in which hazards may appear in a system. Its purpose is to: - Establish hazardous failure modes, and - A measure of their effect by a systematic examination of the system and its components.
matlab1.ir Notes on HAZOP HAZOP is applicable at all stages of the system lifecycle although it is of limited use until a relatively detailed description of the system has been developed. Typically the selected members of the HAZOP team will have had previous experience of such systems, and complement one another (are from different backgrounds) so that the benefits of the team approach are obvious.
matlab1.ir Event Tree Analysis Why: to investigate how a certain event can potentially affect the system How: by forward search. For each event consider success and failure execution (two branches in the tree). Draw a tree until system effect becomes evident Information analyzed: initial event (usually known from the previous experience), system structure, effect of success and failure of each event, hazardous or caring effect on the system
matlab1.ir Example of Event Tree (1)
Example of Event Tree (2) matlab1.ir
Event Tree -Application Risk analysis of technological systems Identification of improvements in protection systems and other safety functions matlab1.ir
Event Tree – Adv., Disadv. Positive Visualize event chains following an accidental event Visualize barriers and sequence of activation Good basis for evaluating the need for new / improved procedures and safety functions Negative No standard for the graphical representation of the event tree Only one initiating event can be studied in each analysis Easy to overlook subtle system dependencies Not well suited for handling common cause failures in the quantitative analyses matlab1.ir
Fault Tree Analysis A fault tree is a logical diagram that displays the interrelationships between a potential critical event (accident) in a system and the reasons for this event. By constructing a fault tree you analyze how a system can fail, and the analysis also gives you insight in how the components contributes to the system reliability. With its intuitive graphical user interface, the program lets you create fault trees in a flash
matlab1.ir Fault Tree Analysis Systematic elaboration of events that might lead to a hazard Compound events and basic events Compound events defined as logical expressions - AND, OR and other operators Provides: Systematic way to document informal analysis Permits analysts to review and revise analysis over time Assignment of probabilities to specific events Computation of probabilities for compound events Sophisticated dependability analysis possible Extensive, elaborate, established technique Provides: Mechanism for showing that design will meet dependability requirements
matlab1.ir Primary Events: Basic event – fault in atomic component Undeveloped Event – fault in composite Component (may be analyzed later or information is unavailable) External event – expected event from environment Intermediate event: Nodes inside a fault-tree Fault Tree Events... Fault Tree - Gates
matlab1.ir Example – ”Wake too late” Wake too late Alarm clock fails Phone fails ”Inner clock” fails
matlab1.ir Example ”Alarm clock fails” Beeper fails Button fails Alarm clock fails electronics fail SW fails Power fails Button read fails Beeper not set