nebosh national diploma - downloads.astutis … national diploma revision: system reliability and...

1 of 156© Astutis Ltd

NEBOSH National Diploma

Revision: System Reliability and Failure Tracing Methodologies

A7.4 and A7.5

2 of 156© Astutis Ltd

Learning Outcomes

• A7.4 Explain the analysis, assessment and improvement of system failures and system reliability with the use of calculations

• A7.5 Explain the principles and techniques of failure tracing methodologies with the use of calculations.

3 of 156© Astutis Ltd

Session Plan

• Fault Trees and Event Trees

– Tree construction and calculations

• HAZOP

– Overview and types of exam question

4 of 156© Astutis Ltd

FAULT TREES AND EVENT TREES

5 of 156© Astutis Ltd

Bow Tie

6 of 156© Astutis Ltd

Simple Qualitative Fault Tree

Fire in process area

Top event

FuelLevel

1

Level 2Leaking joint

Drain valve open

Welding in progress

Electric motor

and

or or

Oxygen

Ignition source

7 of 156© Astutis Ltd

And gate - fault occurs if all input events true

Or gate - fault occurs if any input event true

Base event - further analysis not useful

Undeveloped events - not analysed further at this time

Event - Event which is further analysed (may be the top

event or an intermediate event)

Transfer gate - Event analysed at point A on a different

page

Fault Tree Symbols

A

8 of 156© Astutis Ltd

Probability Scale

• Probability of 0

– Event is impossible and will never happen

• Probability of 1

– Event is certain to happen

• Probability of ½ (or 0.5 or 50%)

– Event has an even chance of happening

9 of 156© Astutis Ltd

Gate Symbol MeaningRelationshi

p

AND

Output

exists only

if all inputs

exist

A= BC

OR

Output

exists if one

or more

inputs exist

A= B+C

Calculations @ Gates

10 of 156© Astutis Ltd

• The frequency of an event is the reciprocal of its probability

• f = 1/P

Probability and Frequency

11 of 156© Astutis Ltd

A machine operator is required to reach between the tools of a vertical hydraulic

press between each cycle of the press. Under fault conditions, the operator is at risk

from a crushing injury due either (a) to the press tool falling by gravity or (b) to an

unplanned (powered) stroke of the press. The expected frequencies of the failures

that would lead to either of these effects are given in the table below:

a) Given that the operator is at risk for 20 per cent of the time that the machine is

operating, construct and quantify a simple fault tree to show the expected

frequency of the top event (a crushing injury to the operator’s hand. (10)

b) If the press is one of ten such presses in a machine shop, state, with reasons,

whether or not the level of risk calculated should be tolerated. (4)

c) Assuming that the nature of the task cannot be changed, explain how the fault

tree might be used to prioritise remedial actions. (2)

Failure type Frequency (per year) Effect

Flexible hose failure 0.2 a

Detachment of press

tool0.1 a

Electrical fault 0.1 b

Hydraulic valve failure 0.05 a or b

12 of 156© Astutis Ltd

• Concentrate on drawing the tree first

• Top down - Level by level

• Then do calculations – bottom up

13 of 156© Astutis Ltd

• Top event

Crushing injury

14 of 156© Astutis Ltd

• What 1st level events contribute to the top event?

• The operator has to be at risk, i.e. reaching into the machine

• And

• The machine has to fail – a fault condition must occur

15 of 156© Astutis Ltd

Crushing injury

16 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

The diamond shape indicates that this event

will not be further developed / investigated

NBFor exam purposes the

use of diamonds (undeveloped events)

and circles (base events)Is not necessary

17 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

18 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

19 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

What fault conditions may bring the tool

down?

20 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

What fault conditions may bring the tool

down?

21 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

The tool will come down as a result of

Gravity (a) ORAn unplanned (powered)

stroke (b)

22 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

23 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a) What information do we

have about these failures?

24 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

25 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

26 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

27 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

28 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

29 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

30 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

31 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

32 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

33 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

34 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

35 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

36 of 156© Astutis Ltd

Calculations

• Populate the diagram with the given probabilities

• Calculate from the bottom up

37 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

38 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

39 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

Add up through an OR gate

40 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.2 + 0.1 + 0.05 = 0.35

41 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.2 + 0.1 + 0.05 = 0.35

0.1 + 0.05 = 0.15

42 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

Add up through an OR gate

43 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

Add up through an OR gate

0.35 + 0.15 = 0.5

44 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

Multiply up through an AND gate

0.5

45 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

0.5

0.2 x 0.5 = 0.1 per year

46 of 156© Astutis Ltd

Crushing injury

Operator reaches between

plates

Tool comes down due to fault condition

Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

0.5

0.2 x 0.5 = 0.1 per year(the event is likely to happen once every ten years)

47 of 156© Astutis Ltd

Simple Generic Event Tree

48 of 156© Astutis Ltd

A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)

49 of 156© Astutis Ltd

Initiating event

Consequences

50 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

51 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

52 of 156© Astutis Ltd

A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)

53 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

P = 0.2 per yearF = 1 in 5 years

54 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

P = 0.2 per yearF = 1 in 5 years

55 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

P = 0.2 per yearF = 1 in 5 years

56 of 156© Astutis Ltd

A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)

57 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1P = 0.2 per yearF = 1 in 5 years

58 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1P = 0.2 per yearF = 1 in 5 years

59 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fireP = 0.2 per year

F = 1 in 5 years

60 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

P = 0.2 per yearF = 1 in 5 years

61 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

P = 0.2 per yearF = 1 in 5 years

62 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

P = 0.2 per yearF = 1 in 5 years

63 of 156© Astutis Ltd

A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)

64 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01

P = 0.2 per yearF = 1 in 5 years

65 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

P = 0.2 per yearF = 1 in 5 years

66 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

P = 0.2 per yearF = 1 in 5 years

67 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

P = 0.2 per yearF = 1 in 5 years

68 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

0.95

P = 0.2 per yearF = 1 in 5 years

69 of 156© Astutis Ltd

A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)

70 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

0.95

0.05

P = 0.2 per yearF = 1 in 5 years

71 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

P = 0.2 per yearF = 1 in 5 years

72 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

P = 0.2 per yearF = 1 in 5 years

73 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

74 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

Calculations

75 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire 1

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

Calculations

76 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire 1

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 1 occurs if the detector fails when there is a fire

Detector has to fail (P = 0.1)

77 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire 1

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 1 occurs if the detector fails when there is a fire

Detector has to fail (P = 0.1) and fire has to occur (P = 0.2) Probability = 0.1 x 0.2 = 0.02

78 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire 1

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 1 occurs if the detector fails when there is a fire

Detector has to fail (P = 0.1) and fire has to occur (P = 0.2) Probability = 0.1 x 0.2 = 0.02

79 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire 2

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 2 occurs if the power supply fails after the detector has

successfully operated and the fire is active

80 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire 2

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 2 occurs if the power supply fails after the detector has

successfully operated and the fire is activePower has to fail (P = 0.01)

81 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire 2

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 2 occurs if the power supply fails after the detector has

successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9)

82 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire 2

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 2 occurs if the power supply fails after the detector has

successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and

the fire has to be active (P = 0.2)

83 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire 2

Gas release operation

Out of control fire

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsPower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and

the fire has to be active (P = 0.2) Probability = 0.01 x 0.9 x 0.2 = 0.0018 (can be rounded to 0.002)

84 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

Calculations

85 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05)

86 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05)

87 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the

power supply works (P = 0.99)

88 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9)

89 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)

90 of 156© Astutis Ltd

Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation

0.99

0.01 Out of control fire

Gas release operation

Out of control fire 3

0.95

0.05

Fire brought under

control

P = 0.2 per yearF = 1 in 5 years

CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)

Probability = 0.05 x 0.99 x 0.9 x 0.2 = 0.00891 (rounded to 0.009)

91 of 156© Astutis Ltd

• An uncontrolled fire could arise as a result of:– The detector failing (out of control fire 1 / P = 0.02) OR

– The power supply failing (out of control fire 2 / P = 0.0018) OR

– The gas release failing (out of control fire 2 / P = 0.00891)

• The overall probability of an uncontrolled fire is OOC fire 1 (0.02) plus OOC fire 2 (0.0018) plus OOC fire 3 (0.00891)

• P = 0.02 + 0.0018 + 0.00891 = 0.03071

(A 3.07% chance of uncontrolled fire per year)

• F = 1/P

• F = 1 / 0.03071 = 32.56

• F = 0nce every 32.56 years

92 of 156© Astutis Ltd

HAZOP

93 of 156© Astutis Ltd

HAZOP

• Three types of question

– Historically 10 point descriptive questions

– January 2012 – 20 point simple HAZOP from diagram

– July 2015 – 10 point draw table and populate from information given in scenario

94 of 156© Astutis Ltd

Past Question – January 2009(Part of 20 point risk assessment question)

• Explain the principles and methodology of a Hazard and Operability (HAZOP) study (10)

95 of 156© Astutis Ltd

Detailed HAZOP Study Procedure

1) Specification

2) Team

3) Description and design intention

4) Generating a deviation

5) Identifying causes

6) Evaluating consequences

7) Safeguards (protection)

8) Risk assessment

9) Recommendations/actions

10) Recording

96 of 156© Astutis Ltd

Past Question – January 2012

• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.

• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.

97 of 156© Astutis Ltd

Past Question – January 2012

• Apply the methodology of a hazard and operability (HAZOP) study to the process at point A on the diagram AND give the results of the study in typical HAZOP format.

• You are not required to produce a complete study. Consider only the process parameter of ‘flow’ and apply no more than three guide words. (20)

98 of 156© Astutis Ltd

Typical HAZOP Table

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

99 of 156© Astutis Ltd

Typical HAZOP Table

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

Flow

100 of 156© Astutis Ltd

Typical HAZOP Table

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow

Less Flow

More Flow

101 of 156© Astutis Ltd

No Flow

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow

102 of 156© Astutis Ltd

No Flow - Causes

103 of 156© Astutis Ltd

No Flow - Causes

(1) Blocked pipe

104 of 156© Astutis Ltd

No Flow - Causes

(1) Blocked pipe

(2) Closed valve

105 of 156© Astutis Ltd

No Flow - Causes

(1) Blocked pipe

(2) Closed valve(3) Defective

pump

106 of 156© Astutis Ltd

No Flow - Causes

(1) Blocked pipe

(2) Closed valve(3) Defective

pump

(4) Empty tank

107 of 156© Astutis Ltd

No Flow - Causes

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow Blocked pipe

Closed valve

Defective pump

Empty tank

108 of 156© Astutis Ltd

No flow - Consequences

• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.

• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.

109 of 156© Astutis Ltd

No Flow - Consequences

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow Blocked pipeDefective product -

waste

Closed valveDefective product -

waste

Defective pump

Defective product -

waste

Empty tankDefective product -

waste

110 of 156© Astutis Ltd

No Flow - Safeguards

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow Blocked pipeDefective product -

waste

Closed valveDefective product -

waste

Operator Control

Defective pump

Defective product -

waste

Empty tankDefective product -

waste

111 of 156© Astutis Ltd

No Flow - Safeguards

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow Blocked pipeDefective product -

waste

Closed valveDefective product -

waste

Operator Control

Defective pump

Defective product -

waste

Empty tankDefective product -

waste

112 of 156© Astutis Ltd

No Flow - Actions

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

No Flow Blocked pipeDefective product -

waste

Testing and maintenance

Closed valveDefective product -

waste

Operator Control

Testing and maintenanceAutomating flow control

Defective pump

Defective product -

waste

Testing and maintenance

Empty tankDefective product -

waste

Low level warning

113 of 156© Astutis Ltd

Past Question July 2015

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

114 of 156© Astutis Ltd

Typical HAZOP Table

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter

115 of 156© Astutis Ltd

Deviation

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

? ?

116 of 156© Astutis Ltd

Deviation?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

117 of 156© Astutis Ltd

Deviation

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More Temperature

118 of 156© Astutis Ltd

Cause?

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More Temperature ?

119 of 156© Astutis Ltd

Cause?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

120 of 156© Astutis Ltd

Cause?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

121 of 156© Astutis Ltd

Cause?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

122 of 156© Astutis Ltd

Cause(s)

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Storage temperature

too high

123 of 156© Astutis Ltd

Consequence(s)?

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly?

Storage temperature

too high?

124 of 156© Astutis Ltd

Consequence(s)?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

125 of 156© Astutis Ltd

Consequence(s)?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

126 of 156© Astutis Ltd

Consequence(s)?Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

Storage temperature

too high

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

127 of 156© Astutis Ltd

Safeguards – Not GivenDeviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

Storage temperature

too high

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

128 of 156© Astutis Ltd

Safeguards – Not GivenDeviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

Storage temperature

too high

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

129 of 156© Astutis Ltd

Actions?Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature ?

Catastrophic failure of the

reaction vessel

?

Storage temperature

too high

Uncontrolled rise in

temperature ?

Catastrophic failure of the

reaction vessel

?

130 of 156© Astutis Ltd

Actions?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

131 of 156© Astutis Ltd

Actions?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

132 of 156© Astutis Ltd

Actions?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

133 of 156© Astutis Ltd

Actions?

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)

134 of 156© Astutis Ltd

Actions?Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature ?

Catastrophic failure of the

reaction vessel

?

Storage temperature

too high

Uncontrolled rise in

temperature ?

Catastrophic failure of the

reaction vessel

?

135 of 156© Astutis Ltd

Actions?Deviation

Cause ConsequenceActions (Additional

controls)Guideword Parameter

More TemperatureIngredients added too

quickly

Uncontrolled rise in

temperature

Install instruments to monitor the rate of addition

of the ingredients

Catastrophic failure of the

reaction vessel

Install remote warning indicators that will give

alarms in the control room

Storage temperature

too high

Uncontrolled rise in

temperature

Install thermometers to monitor storage

temperature

Catastrophic failure of the

reaction vessel

Install automatic shut-off valves that will operate if the reaction temperature

rises too high

136 of 156© Astutis Ltd

• Reliability of individual components and the way in which they are arranged:

– In series (one after the other) - failure of any one piece means failure of the system

– In parallel (side by side)

– As a combination of both (a complex or mixed system)

Reliability Theory

137 of 156© Astutis Ltd

Series Systems

• Fault intolerant

• Failure of any component causes the system to fail

• System reliability (Rs) = R1 x R2 x R3

• Rs = 0.95 x 0.98 x 0.97

• Rs = 0.91 or 91%

• NB the reliability of the series is less than the reliability of individual components

1 2 3

R1 =

0.95

R2 =

0.98

R3 =

0.97

138 of 156© Astutis Ltd

Parallel Systems

• The failure of one component will not stop the system functioning

• Rs = 1 – [(1 - R1)(1 - R2)]

• Rs = 1 – [(1- 0.95)(1- 0.98)(1- 0.97)]

• Rs = 1 – [0.05 x 0.02 x 0.03]

• Rs = 1 – 00003

• Rs = 0.99997 or 99.997%

• NB the reliability of the system is better than the reliability of individual components

1

2

R1 =

0.95

R3 =

0.97

R2 =

0.98

139 of 156© Astutis Ltd

• Break down the overall system into sub-systems

• Calculate parallel systems

• Then calculate overall series system RA x R3 x RB

Mixed System

R1 =

0.99

R2 =

0.95

R4 =

0.70

R6 =

0.90

R5 =

0.93

R3 =

0.999

RA R3 RB

140 of 156© Astutis Ltd

Mixed System - Calculation

• RA = 1 - [(1 - 0.99)(1 - 0.95)]

• = 1 - (0.0005)

• = 0.9995

• RB = 1 - [(1 - 0.70)(1 - 0.93) (1 - 0.90)]

• = 1 - (0.0021)

• = 0.9979

• RS = RA x R3 x RB

• = 0.9995 x 0.999 x 0.9979

• = 0.9964

R

A R

B

141 of 156© Astutis Ltd

Past Question

A computer suite is protected from fire by a CO2 flood

system. The system comprises of components A (a

detector), B (a switch) and C (a release mechanism)

installed in series.

It has been proposed that a new series system of a

detector and a switch, identical to A and B, are placed in

parallel to the original series components A and B, in order

to improve the system reliability.

Calculate the improvement in reliability of the proposed

new system, given that the reliability of the components

are:

• Component A 95%

• Component B 85%

• Component C 97%

142 of 156© Astutis Ltd

A B C

RS = RA x RB x RC

RS = 0.95 x 0.85 x 0.97

RS = 0.783

RS = 78.3%

95% 85% 97%

Original System

143 of 156© Astutis Ltd

New System

A B

A B

C

144 of 156© Astutis Ltd

A B

A B

C

A-B =

X

X

X

C

= Z

Z C

X

X

145 of 156© Astutis Ltd

RX = RA x RB

RX = 0.95 x 0.85

RX = 0.8075

RZ = 1 – [ (1 – RX) (1 – RX)]

RZ = 1 – [ (1 – 0.8075) (1 –

0.8075)]

RZ = 1 – [0.1925 x 0.1925]

RZ = 1 - 0.037

RZ = 0.963

RS2 = RZ x RC

RS2 = 0.963 x 0.97

R = 0.934

146 of 156© Astutis Ltd

RS = 78.3%

RS2 = 93.4%

Improvement in reliability = 93.4% - 78.3%

= 15.1%

Improvement in Reliability

147 of 156© Astutis Ltd

Questions?