nebosh national diploma - downloads.astutis … national diploma revision: system reliability and...
TRANSCRIPT
1 of 156© Astutis Ltd
NEBOSH National Diploma
Revision: System Reliability and Failure Tracing Methodologies
A7.4 and A7.5
2 of 156© Astutis Ltd
Learning Outcomes
• A7.4 Explain the analysis, assessment and improvement of system failures and system reliability with the use of calculations
• A7.5 Explain the principles and techniques of failure tracing methodologies with the use of calculations.
3 of 156© Astutis Ltd
Session Plan
• Fault Trees and Event Trees
– Tree construction and calculations
• HAZOP
– Overview and types of exam question
4 of 156© Astutis Ltd
FAULT TREES AND EVENT TREES
5 of 156© Astutis Ltd
Bow Tie
6 of 156© Astutis Ltd
Simple Qualitative Fault Tree
Fire in process area
Top event
FuelLevel
1
Level 2Leaking joint
Drain valve open
Welding in progress
Electric motor
and
or or
Oxygen
Ignition source
7 of 156© Astutis Ltd
And gate - fault occurs if all input events true
Or gate - fault occurs if any input event true
Base event - further analysis not useful
Undeveloped events - not analysed further at this time
Event - Event which is further analysed (may be the top
event or an intermediate event)
Transfer gate - Event analysed at point A on a different
page
Fault Tree Symbols
A
8 of 156© Astutis Ltd
Probability Scale
• Probability of 0
– Event is impossible and will never happen
• Probability of 1
– Event is certain to happen
• Probability of ½ (or 0.5 or 50%)
– Event has an even chance of happening
9 of 156© Astutis Ltd
Gate Symbol MeaningRelationshi
p
AND
Output
exists only
if all inputs
exist
A= BC
OR
Output
exists if one
or more
inputs exist
A= B+C
Calculations @ Gates
10 of 156© Astutis Ltd
• The frequency of an event is the reciprocal of its probability
• f = 1/P
Probability and Frequency
11 of 156© Astutis Ltd
A machine operator is required to reach between the tools of a vertical hydraulic
press between each cycle of the press. Under fault conditions, the operator is at risk
from a crushing injury due either (a) to the press tool falling by gravity or (b) to an
unplanned (powered) stroke of the press. The expected frequencies of the failures
that would lead to either of these effects are given in the table below:
a) Given that the operator is at risk for 20 per cent of the time that the machine is
operating, construct and quantify a simple fault tree to show the expected
frequency of the top event (a crushing injury to the operator’s hand. (10)
b) If the press is one of ten such presses in a machine shop, state, with reasons,
whether or not the level of risk calculated should be tolerated. (4)
c) Assuming that the nature of the task cannot be changed, explain how the fault
tree might be used to prioritise remedial actions. (2)
Failure type Frequency (per year) Effect
Flexible hose failure 0.2 a
Detachment of press
tool0.1 a
Electrical fault 0.1 b
Hydraulic valve failure 0.05 a or b
12 of 156© Astutis Ltd
• Concentrate on drawing the tree first
• Top down - Level by level
• Then do calculations – bottom up
13 of 156© Astutis Ltd
• Top event
Crushing injury
14 of 156© Astutis Ltd
• What 1st level events contribute to the top event?
• The operator has to be at risk, i.e. reaching into the machine
• And
• The machine has to fail – a fault condition must occur
15 of 156© Astutis Ltd
Crushing injury
16 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
The diamond shape indicates that this event
will not be further developed / investigated
NBFor exam purposes the
use of diamonds (undeveloped events)
and circles (base events)Is not necessary
17 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
18 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
19 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
What fault conditions may bring the tool
down?
20 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
What fault conditions may bring the tool
down?
21 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
The tool will come down as a result of
Gravity (a) ORAn unplanned (powered)
stroke (b)
22 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
23 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a) What information do we
have about these failures?
24 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
25 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
26 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
27 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
28 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
29 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
30 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
31 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
32 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
33 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
34 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
35 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
36 of 156© Astutis Ltd
Calculations
• Populate the diagram with the given probabilities
• Calculate from the bottom up
37 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
38 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
39 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
Add up through an OR gate
40 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.2 + 0.1 + 0.05 = 0.35
41 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.2 + 0.1 + 0.05 = 0.35
0.1 + 0.05 = 0.15
42 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.35 0.15
Add up through an OR gate
43 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.35 0.15
Add up through an OR gate
0.35 + 0.15 = 0.5
44 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.35 0.15
Multiply up through an AND gate
0.5
45 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.35 0.15
0.5
0.2 x 0.5 = 0.1 per year
46 of 156© Astutis Ltd
Crushing injury
Operator reaches between
plates
Tool comes down due to fault condition
Powered stroke (b)
Gravity fall (a)
Hose failure
Detached tool
Valve failure
Valve failure
Electrical fault
0.2 0.1 0.05 0.050.1
0.2
0.35 0.15
0.5
0.2 x 0.5 = 0.1 per year(the event is likely to happen once every ten years)
47 of 156© Astutis Ltd
Simple Generic Event Tree
48 of 156© Astutis Ltd
A mainframe computer suite has a protective system to mitigate
the effects of fire. The system comprises a smoke detector
connected by a power supply to a mechanism for releasing
extinguishing gas. It has been estimated that a fire will occur
once every five years (f=0.2/year).
Reliability data for the system components are as follows:
Component Reliability
Detector 0.9
Power supply 0.99
Extinguishing gas release mechanism 0.95
a) Construct an event tree for the above scenario to calculate
the frequency of an uncontrolled fire in the computer suite.
(10)
b) Suggest ways in which the reliability of the system could be
improved. (4)
49 of 156© Astutis Ltd
Initiating event
Consequences
50 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
51 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
52 of 156© Astutis Ltd
A mainframe computer suite has a protective system to mitigate
the effects of fire. The system comprises a smoke detector
connected by a power supply to a mechanism for releasing
extinguishing gas. It has been estimated that a fire will occur
once every five years (f=0.2/year).
Reliability data for the system components are as follows:
Component Reliability
Detector 0.9
Power supply 0.99
Extinguishing gas release mechanism 0.95
a) Construct an event tree for the above scenario to calculate
the frequency of an uncontrolled fire in the computer suite.
(10)
b) Suggest ways in which the reliability of the system could be
improved. (4)
53 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
P = 0.2 per yearF = 1 in 5 years
54 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
P = 0.2 per yearF = 1 in 5 years
55 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
P = 0.2 per yearF = 1 in 5 years
56 of 156© Astutis Ltd
A mainframe computer suite has a protective system to mitigate
the effects of fire. The system comprises a smoke detector
connected by a power supply to a mechanism for releasing
extinguishing gas. It has been estimated that a fire will occur
once every five years (f=0.2/year).
Reliability data for the system components are as follows:
Component Reliability
Detector 0.9
Power supply 0.99
Extinguishing gas release mechanism 0.95
a) Construct an event tree for the above scenario to calculate
the frequency of an uncontrolled fire in the computer suite.
(10)
b) Suggest ways in which the reliability of the system could be
improved. (4)
57 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1P = 0.2 per yearF = 1 in 5 years
58 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1P = 0.2 per yearF = 1 in 5 years
59 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fireP = 0.2 per year
F = 1 in 5 years
60 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
P = 0.2 per yearF = 1 in 5 years
61 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
P = 0.2 per yearF = 1 in 5 years
62 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
P = 0.2 per yearF = 1 in 5 years
63 of 156© Astutis Ltd
A mainframe computer suite has a protective system to mitigate
the effects of fire. The system comprises a smoke detector
connected by a power supply to a mechanism for releasing
extinguishing gas. It has been estimated that a fire will occur
once every five years (f=0.2/year).
Reliability data for the system components are as follows:
Component Reliability
Detector 0.9
Power supply 0.99
Extinguishing gas release mechanism 0.95
a) Construct an event tree for the above scenario to calculate
the frequency of an uncontrolled fire in the computer suite.
(10)
b) Suggest ways in which the reliability of the system could be
improved. (4)
64 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01
P = 0.2 per yearF = 1 in 5 years
65 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
P = 0.2 per yearF = 1 in 5 years
66 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
P = 0.2 per yearF = 1 in 5 years
67 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
P = 0.2 per yearF = 1 in 5 years
68 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
0.95
P = 0.2 per yearF = 1 in 5 years
69 of 156© Astutis Ltd
A mainframe computer suite has a protective system to mitigate
the effects of fire. The system comprises a smoke detector
connected by a power supply to a mechanism for releasing
extinguishing gas. It has been estimated that a fire will occur
once every five years (f=0.2/year).
Reliability data for the system components are as follows:
Component Reliability
Detector 0.9
Power supply 0.99
Extinguishing gas release mechanism 0.95
a) Construct an event tree for the above scenario to calculate
the frequency of an uncontrolled fire in the computer suite.
(10)
b) Suggest ways in which the reliability of the system could be
improved. (4)
70 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
0.95
0.05
P = 0.2 per yearF = 1 in 5 years
71 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
P = 0.2 per yearF = 1 in 5 years
72 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
P = 0.2 per yearF = 1 in 5 years
73 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
74 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
Calculations
75 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire 1
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
Calculations
76 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire 1
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 1 occurs if the detector fails when there is a fire
Detector has to fail (P = 0.1)
77 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire 1
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 1 occurs if the detector fails when there is a fire
Detector has to fail (P = 0.1) and fire has to occur (P = 0.2) Probability = 0.1 x 0.2 = 0.02
78 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire 1
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 1 occurs if the detector fails when there is a fire
Detector has to fail (P = 0.1) and fire has to occur (P = 0.2) Probability = 0.1 x 0.2 = 0.02
79 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire 2
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 2 occurs if the power supply fails after the detector has
successfully operated and the fire is active
80 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire 2
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 2 occurs if the power supply fails after the detector has
successfully operated and the fire is activePower has to fail (P = 0.01)
81 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire 2
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 2 occurs if the power supply fails after the detector has
successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9)
82 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire 2
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 2 occurs if the power supply fails after the detector has
successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and
the fire has to be active (P = 0.2)
83 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire 2
Gas release operation
Out of control fire
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsPower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and
the fire has to be active (P = 0.2) Probability = 0.01 x 0.9 x 0.2 = 0.0018 (can be rounded to 0.002)
84 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
Calculations
85 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05)
86 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05)
87 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the
power supply works (P = 0.99)
88 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the
power supply works (P = 0.99) and the detector operates (P = 0.9)
89 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the
power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)
90 of 156© Astutis Ltd
Initiating event
Consequences
N
Y S
F
Fire!!!
Detector operation
0.9
0.1 Out of control fire
Power supply operation
0.99
0.01 Out of control fire
Gas release operation
Out of control fire 3
0.95
0.05
Fire brought under
control
P = 0.2 per yearF = 1 in 5 years
CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the
power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)
Probability = 0.05 x 0.99 x 0.9 x 0.2 = 0.00891 (rounded to 0.009)
91 of 156© Astutis Ltd
• An uncontrolled fire could arise as a result of:– The detector failing (out of control fire 1 / P = 0.02) OR
– The power supply failing (out of control fire 2 / P = 0.0018) OR
– The gas release failing (out of control fire 2 / P = 0.00891)
• The overall probability of an uncontrolled fire is OOC fire 1 (0.02) plus OOC fire 2 (0.0018) plus OOC fire 3 (0.00891)
• P = 0.02 + 0.0018 + 0.00891 = 0.03071
(A 3.07% chance of uncontrolled fire per year)
• F = 1/P
• F = 1 / 0.03071 = 32.56
• F = 0nce every 32.56 years
92 of 156© Astutis Ltd
HAZOP
93 of 156© Astutis Ltd
HAZOP
• Three types of question
– Historically 10 point descriptive questions
– January 2012 – 20 point simple HAZOP from diagram
– July 2015 – 10 point draw table and populate from information given in scenario
94 of 156© Astutis Ltd
Past Question – January 2009(Part of 20 point risk assessment question)
• Explain the principles and methodology of a Hazard and Operability (HAZOP) study (10)
95 of 156© Astutis Ltd
Detailed HAZOP Study Procedure
1) Specification
2) Team
3) Description and design intention
4) Generating a deviation
5) Identifying causes
6) Evaluating consequences
7) Safeguards (protection)
8) Risk assessment
9) Recommendations/actions
10) Recording
96 of 156© Astutis Ltd
Past Question – January 2012
• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.
• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.
97 of 156© Astutis Ltd
Past Question – January 2012
• Apply the methodology of a hazard and operability (HAZOP) study to the process at point A on the diagram AND give the results of the study in typical HAZOP format.
• You are not required to produce a complete study. Consider only the process parameter of ‘flow’ and apply no more than three guide words. (20)
98 of 156© Astutis Ltd
Typical HAZOP Table
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
99 of 156© Astutis Ltd
Typical HAZOP Table
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
Flow
100 of 156© Astutis Ltd
Typical HAZOP Table
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow
Less Flow
More Flow
101 of 156© Astutis Ltd
No Flow
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow
102 of 156© Astutis Ltd
No Flow - Causes
103 of 156© Astutis Ltd
No Flow - Causes
(1) Blocked pipe
104 of 156© Astutis Ltd
No Flow - Causes
(1) Blocked pipe
(2) Closed valve
105 of 156© Astutis Ltd
No Flow - Causes
(1) Blocked pipe
(2) Closed valve(3) Defective
pump
106 of 156© Astutis Ltd
No Flow - Causes
(1) Blocked pipe
(2) Closed valve(3) Defective
pump
(4) Empty tank
107 of 156© Astutis Ltd
No Flow - Causes
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow Blocked pipe
Closed valve
Defective pump
Empty tank
108 of 156© Astutis Ltd
No flow - Consequences
• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.
• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.
109 of 156© Astutis Ltd
No Flow - Consequences
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow Blocked pipeDefective product -
waste
Closed valveDefective product -
waste
Defective pump
Defective product -
waste
Empty tankDefective product -
waste
110 of 156© Astutis Ltd
No Flow - Safeguards
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow Blocked pipeDefective product -
waste
Closed valveDefective product -
waste
Operator Control
Defective pump
Defective product -
waste
Empty tankDefective product -
waste
111 of 156© Astutis Ltd
No Flow - Safeguards
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow Blocked pipeDefective product -
waste
Closed valveDefective product -
waste
Operator Control
Defective pump
Defective product -
waste
Empty tankDefective product -
waste
112 of 156© Astutis Ltd
No Flow - Actions
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
No Flow Blocked pipeDefective product -
waste
Testing and maintenance
Closed valveDefective product -
waste
Operator Control
Testing and maintenanceAutomating flow control
Defective pump
Defective product -
waste
Testing and maintenance
Empty tankDefective product -
waste
Low level warning
113 of 156© Astutis Ltd
Past Question July 2015
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
114 of 156© Astutis Ltd
Typical HAZOP Table
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controlsGuideword Parameter
115 of 156© Astutis Ltd
Deviation
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
? ?
116 of 156© Astutis Ltd
Deviation?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
117 of 156© Astutis Ltd
Deviation
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More Temperature
118 of 156© Astutis Ltd
Cause?
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More Temperature ?
119 of 156© Astutis Ltd
Cause?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
120 of 156© Astutis Ltd
Cause?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
121 of 156© Astutis Ltd
Cause?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
122 of 156© Astutis Ltd
Cause(s)
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Storage temperature
too high
123 of 156© Astutis Ltd
Consequence(s)?
Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly?
Storage temperature
too high?
124 of 156© Astutis Ltd
Consequence(s)?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
125 of 156© Astutis Ltd
Consequence(s)?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
126 of 156© Astutis Ltd
Consequence(s)?Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
Storage temperature
too high
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
127 of 156© Astutis Ltd
Safeguards – Not GivenDeviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
Storage temperature
too high
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
128 of 156© Astutis Ltd
Safeguards – Not GivenDeviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
Storage temperature
too high
Uncontrolled rise in
temperature
Catastrophic failure of the
reaction vessel
129 of 156© Astutis Ltd
Actions?Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature ?
Catastrophic failure of the
reaction vessel
?
Storage temperature
too high
Uncontrolled rise in
temperature ?
Catastrophic failure of the
reaction vessel
?
130 of 156© Astutis Ltd
Actions?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
131 of 156© Astutis Ltd
Actions?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
132 of 156© Astutis Ltd
Actions?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
133 of 156© Astutis Ltd
Actions?
• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)
• Give an example of a guide word used in a HAZOP study. (1)
• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.
• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.
• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.
• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.
• Record the above findings in a typical HAZOP table. (7)
134 of 156© Astutis Ltd
Actions?Deviation
Cause ConsequenceSafeguards
(Existing controls)
Actions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature ?
Catastrophic failure of the
reaction vessel
?
Storage temperature
too high
Uncontrolled rise in
temperature ?
Catastrophic failure of the
reaction vessel
?
135 of 156© Astutis Ltd
Actions?Deviation
Cause ConsequenceActions (Additional
controls)Guideword Parameter
More TemperatureIngredients added too
quickly
Uncontrolled rise in
temperature
Install instruments to monitor the rate of addition
of the ingredients
Catastrophic failure of the
reaction vessel
Install remote warning indicators that will give
alarms in the control room
Storage temperature
too high
Uncontrolled rise in
temperature
Install thermometers to monitor storage
temperature
Catastrophic failure of the
reaction vessel
Install automatic shut-off valves that will operate if the reaction temperature
rises too high
136 of 156© Astutis Ltd
• Reliability of individual components and the way in which they are arranged:
– In series (one after the other) - failure of any one piece means failure of the system
– In parallel (side by side)
– As a combination of both (a complex or mixed system)
Reliability Theory
137 of 156© Astutis Ltd
Series Systems
• Fault intolerant
• Failure of any component causes the system to fail
• System reliability (Rs) = R1 x R2 x R3
• Rs = 0.95 x 0.98 x 0.97
• Rs = 0.91 or 91%
• NB the reliability of the series is less than the reliability of individual components
1 2 3
R1 =
0.95
R2 =
0.98
R3 =
0.97
138 of 156© Astutis Ltd
Parallel Systems
• The failure of one component will not stop the system functioning
• Rs = 1 – [(1 - R1)(1 - R2)]
• Rs = 1 – [(1- 0.95)(1- 0.98)(1- 0.97)]
• Rs = 1 – [0.05 x 0.02 x 0.03]
• Rs = 1 – 00003
• Rs = 0.99997 or 99.997%
• NB the reliability of the system is better than the reliability of individual components
1
2
R1 =
0.95
R3 =
0.97
R2 =
0.98
139 of 156© Astutis Ltd
• Break down the overall system into sub-systems
• Calculate parallel systems
• Then calculate overall series system RA x R3 x RB
Mixed System
R1 =
0.99
R2 =
0.95
R4 =
0.70
R6 =
0.90
R5 =
0.93
R3 =
0.999
RA R3 RB
140 of 156© Astutis Ltd
Mixed System - Calculation
• RA = 1 - [(1 - 0.99)(1 - 0.95)]
• = 1 - (0.0005)
• = 0.9995
• RB = 1 - [(1 - 0.70)(1 - 0.93) (1 - 0.90)]
• = 1 - (0.0021)
• = 0.9979
• RS = RA x R3 x RB
• = 0.9995 x 0.999 x 0.9979
• = 0.9964
R
A R
B
141 of 156© Astutis Ltd
Past Question
A computer suite is protected from fire by a CO2 flood
system. The system comprises of components A (a
detector), B (a switch) and C (a release mechanism)
installed in series.
It has been proposed that a new series system of a
detector and a switch, identical to A and B, are placed in
parallel to the original series components A and B, in order
to improve the system reliability.
Calculate the improvement in reliability of the proposed
new system, given that the reliability of the components
are:
• Component A 95%
• Component B 85%
• Component C 97%
142 of 156© Astutis Ltd
A B C
RS = RA x RB x RC
RS = 0.95 x 0.85 x 0.97
RS = 0.783
RS = 78.3%
95% 85% 97%
Original System
143 of 156© Astutis Ltd
New System
A B
A B
C
144 of 156© Astutis Ltd
A B
A B
C
A-B =
X
X
X
C
= Z
Z C
X
X
145 of 156© Astutis Ltd
RX = RA x RB
RX = 0.95 x 0.85
RX = 0.8075
RZ = 1 – [ (1 – RX) (1 – RX)]
RZ = 1 – [ (1 – 0.8075) (1 –
0.8075)]
RZ = 1 – [0.1925 x 0.1925]
RZ = 1 - 0.037
RZ = 0.963
RS2 = RZ x RC
RS2 = 0.963 x 0.97
R = 0.934
146 of 156© Astutis Ltd
RS = 78.3%
RS2 = 93.4%
Improvement in reliability = 93.4% - 78.3%
= 15.1%
Improvement in Reliability
147 of 156© Astutis Ltd
Questions?