Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reliable System Design 2011 by: Amir M. Rahmani

Similar presentations

Presentation on theme: "Reliable System Design 2011 by: Amir M. Rahmani"— Presentation transcript:

1 Reliable System Design 2011 by: Amir M. Rahmani
10. Hazard & Risk Reliable System Design 2011 by: Amir M. Rahmani

2 Hazard analysis Safety is a property of a system that it will not endanger human life or the environment Probably the most important mechanism for improving the safety of a system is to identify the ways in which it can cause the harm, i.e., hazards A hazard is a system state that could lead to: Loss of life Loss of property Release of energy Release of dangerous materials Hazards are the states we have to avoid

3 Hazard & Risk (1) A hazard is a situation in which there is actual or potential danger to people or to the environment (2) A hazard is a state or set of conditions of a system that, together with other conditions in the environment of the system will lead unavoidably to an accident Characteristics of a hazard: risk Risk is a combination of severity and probability of hazard occurrence

4 Hazard & Accident An Accident (Incident) is an undesired and unplanned (but not necessarily unexpected) event that result in (at least) a specified level of loss Hazard represents a potential for an accident to occur An elevator shaft with a door stuck open is a hazard - a hazardous state It is not necessarily the case that an accident will result For an accident to occur requires that an environmental circumstance arise - a blind person walks through the open door unaware of the state For each activity it is wise to consider hazards associated with the activity and the risks associated with those hazards

5 Further definitions - Risk
Risk Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities. Risk Assessment Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized hazard Risk Analysis The process of evaluating the frequency (or probability) of hazardous events.

6 Further definitions - Risk
Tolerable Risk A risk that is allowed to exist, so that certain benefits can be gained - there being a level of confidence that the risk is under control. Intolerable Risk A risk that cannot be justified except in extraordinary circumstances. Negligible Risk A risk that is so small and insignificant that it can be ignored as long as existing precautions remain in place.

7 Risk analysis Risk analysis predicts the probability and severity of accidents Example: In a country with a population of 10,000,000 approximately 5000 people are killed in traffic accidents each year. In average each person spend 500 hours per year in situations where they are exposed to the risk of traffic accidents. What is the risk of being killed in a traffic accident? (5000 / 107) / 500 = 10-6 deaths/hour

8 An Overview of Accidents
Taken from a publication called Out of Control from the UK Health and Safety Executive. A set of 34 Accidents all involving control systems was analysed. All systems possessed one or more input devices, a controller, plus one or more output devices.

9 Analysis discovered

10 Lessons Learned A number of "good engineering practices" are being ignored Hazard analysis in the specification phase often does not occur - major source of failure. Maintenance policy is often not considered at the specification stage thus making it difficult, for example, for components to be safely isolated and maintained. "no single failure should cause a dangerous failure to the overall system" needs to become a more widely respected principle.

11 Hazard identification
Hazard identification is the systematic determination of a system’s hazards Complex and sophisticated process Once identified, the set of hazards define a set of system states that we need to avoid How could system enter one of the hazardous states? Is it possible to avoid hazards?

12 Hazard analysis Hazard Analysis involves:
Identifying the hazards that exist within a system. Determining the chain of events that could potentially lead to each hazard. Determining the consequences resulting from an occurrence of the hazard. Investigating any safeguards already in place to address the hazards.

13 Preliminary Hazard Analysis
PHA : a distinct phase of the Overall Safety Lifecycle, carried out at requirements stage. The purpose of PHA is: To identify safety-critical areas of the system To evaluate/identify major hazards (which must be controlled or eliminated by redesign). PHA should be carried out for ALL systems and subsystems.

14 Preliminary Hazard Analysis
A brief description of the system and its environment An overview of the system’s function and its safety features The safety objectives of the system Justification of the risk and integrity level assignments Target failure rates and safety levels Sources of any data used within the analysis A bibliography of all documents used.

15 PHA Main Steps 1. PHA prerequisites 2. Hazard identification
3. Consequence and frequency estimation 4. Risk ranking and follow-up actions

16 1- PHA prerequisites 1. Establish PHA team
2. Define and describe the system to be analyzed (a) System boundaries (which parts should be included and which should not) (b) System description; including layout drawings, process flow diagrams, block diagrams, and so on (c) Use and storage of energy and hazardous materials in the system (d) Operational and environmental conditions to be considered (e) Systems for detection and control of hazards and accidental events, emergency systems, and mitigation actions 3. Collect risk information from previous and similar systems (e.g., from accident data bases)

17 PHA - System breakdown To be able to identify all hazards and events, it is often necessary to split the system into manageable parts, for example, into three categories System parts (e.g., process units) Activities Exposed to risk (who, what are exposed?)

18 2- Hazard identification
All hazards and possible accidental events must be identified. It is important to consider all parts of the system, operational modes, maintenance operations, safety systems, and so on. All findings shall be recorded. No hazards are too insignificant to be recorded. Murthy’s law must be borne in mind: “If something can go wrong, sooner or later it will”.

19 Hazard checklist To get a complete survey of all possible hazards it may be beneficial to use a hazard checklist. An example of a checklist (mainly from the standard EN 1050) is given. Mechanical hazards Electrical hazards Ex: Approach to live parts under high voltage Thermal hazards Ex: Damage to health by hot or cold working environment Thermodynamic hazards Hazards generated by noise Ex: Interference with speech communication, acoustic signals, etc. Hazards generated by vibration Hazards generated by radiation Hazards generated by materials/substances Fire or explosion hazard

20 3-Frequency and consequence estimation
The risk related to an accidental event is a function of the frequency of the event and the severity of its potential consequences. To determine the risk, we have to estimate the frequency and the severity of each accidental event.

21 4- Risk ranking and follow-up actions
The risk is established as a combination of a given event/consequence and a severity of the same event/consequence. This will enable a ranking of the events/consequences in a risk matrix as below:

22 PHA Result The results of the PHA are usually reported by using a PHA worksheet (or, a computer program). Some analyses may require other columns, but these are the most common.

23 PHA – Adv. , Disadv. Positive Negative
Helps ensure that the system is safe Modifications are less expensive and easier to implement in the earlier stages of design Decreases design time by reducing the number of surprises Negative Hazards must be foreseen by the analysts The effects of interactions between hazards are not easily recognized

24 Approaches to Hazard Analysis
Hazard and Operability Studies (HAZOP) Event Tree Analysis (ETA) Fault Tree Analysis (FTA) Failure Modes and Effects Analysis (FMEA). Failure Modes, Effects and Criticality Analysis (FMECA). Cause Consequence Analysis (CCA)

25 Hazard and Operability Studies (HAZOP)
HAZOP is a technique (almost like brainstorming) whereby a group of well informed people aim to identify all the ways in which hazards may appear in a system. Its purpose is to: - Establish hazardous failure modes, and - A measure of their effect by a systematic examination of the system and its components.

26 Notes on HAZOP HAZOP is applicable at all stages of the system lifecycle although it is of limited use until a relatively detailed description of the system has been developed. Typically the selected members of the HAZOP team will have had previous experience of such systems, and complement one another (are from different backgrounds) so that the benefits of the team approach are obvious.

27 Event Tree Analysis Why: to investigate how a certain event can potentially affect the system How: by forward search. For each event consider success and failure execution (two branches in the tree). Draw a tree until system effect becomes evident Information analyzed: initial event (usually known from the previous experience), system structure, effect of success and failure of each event, hazardous or caring effect on the system

28 Example of Event Tree (1)

29 Example of Event Tree (2)

30 Event Tree -Application
Risk analysis of technological systems Identification of improvements in protection systems and other safety functions

31 Event Tree – Adv. , Disadv. Positive Negative
Visualize event chains following an accidental event Visualize barriers and sequence of activation Good basis for evaluating the need for new / improved procedures and safety functions Negative No standard for the graphical representation of the event tree Only one initiating event can be studied in each analysis Easy to overlook subtle system dependencies Not well suited for handling common cause failures in the quantitative analyses

32 Fault Tree Analysis A fault tree is a logical diagram that displays the interrelationships between a potential critical event (accident) in a system and the reasons for this event. By constructing a fault tree you analyze how a system can fail, and the analysis also gives you insight in how the components contributes to the system reliability. With its intuitive graphical user interface, the program lets you create fault trees in a flash

33 Fault Tree Analysis Systematic elaboration of events that might lead to a hazard Compound events and basic events Compound events defined as logical expressions - AND, OR and other operators Provides: Systematic way to document informal analysis Permits analysts to review and revise analysis over time Assignment of probabilities to specific events Computation of probabilities for compound events Sophisticated dependability analysis possible Extensive, elaborate, established technique Mechanism for showing that design will meet dependability requirements

34 Fault Tree Events Primary Events:
Basic event – fault in atomic component Undeveloped Event – fault in composite Component (may be analyzed later or information is unavailable) External event – expected event from environment Intermediate event: Nodes inside a fault-tree ... ... Fault Tree - Gates

35 Example – ”Wake too late”
”Inner clock” fails Phone fails Alarm clock fails

36 Example ”Alarm clock fails”
Power fails Beeper fails electronics fail Button fails SW fails Beeper not set Button read fails

Download ppt "Reliable System Design 2011 by: Amir M. Rahmani"

Similar presentations

Ads by Google