Reliability of Safety-Critical Systems 5.1 Reliability Quantification with FTs

Similar documents
Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

Reliability of Safety-Critical Systems Chapter 10. Common-Cause Failures - part 1

Impact of Common Cause Failure on Reliability Performance of Redundant Safety Related Systems Subject to Process Demand

Reliability Analysis Including External Failures for Low Demand Marine Systems

THE IMPROVEMENT OF SIL CALCULATION METHODOLOGY. Jinhyung Park 1 II. THE SIL CALCULATION METHODOLOGY ON IEC61508 AND SOME ARGUMENT

model for functional safety of

High Integrity Pressure Protection Systems HIPPS

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

The Key Variables Needed for PFDavg Calculation

Valve Communication Solutions. Safety instrumented systems

PL estimation acc. to EN ISO

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

Every things under control High-Integrity Pressure Protection System (HIPPS)

Ch.5 Reliability System Modeling.

Success Paths: A Risk Informed Approach to Oil & Gas Well Control

Failure Modes, Effects, and Diagnostic Analysis of a Safety Device

A new methodology for cost-benefit-risk analysis of oil metering station lay-outs

A REAL-TIME RISK-INFORMED BOP RETRIEVAL DECISION TOOL

Genetic algorithm optimisation of a firewater deluge system

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

Understanding safety life cycles

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

Failure Modes, Effects and Diagnostic Analysis

Simplicity to Control Complexity. Based on Slides by Professor Lui Sha

PI MODERN RELIABILITY TECHNIQUES OBJECTIVES. 5.1 Describe each of the following reliability assessment techniques by:

Partial Stroke Testing. A.F.M. Prins

Bespoke Hydraulic Manifold Assembly

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Achieving Compliance in Hardware Fault Tolerance

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System (HIPPS) to IEC 61511

A study on the relation between safety analysis process and system engineering process of train control system

Failure Modes, Effects and Diagnostic Analysis

YT-300 / 305 / 310 / 315 / 320 / 325 Series

Safety Manual OPTISWITCH series relay (DPDT)

Neles trunnion mounted ball valve Series D Rev. 2. Safety Manual

AUTHOR(S) CLIENT(S) Multiclient - PDS Forum CLASS. THIS PAGE ISBN PROJECT NO. NO. OF PAGES/APPENDICES

Analysis of Instrumentation Failure Data

CHAPTER 4 FMECA METHODOLOGY

SPR - Pneumatic Spool Valve

New Thinking in Control Reliability

MODULE III - PROCESS DESIGN

C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

Quantitative Risk Analysis (QRA)

SPECIAL PRINT. Innovative Control Technology. Safety in the Process Industry. SAMSON AG Manuel Hinkelmann Marcel Richter Monika Schneider

Containment Isolation system analysis and its contribution to level 2 PSA results in Doel 3 unit

Failure Modes, Effects and Diagnostic Analysis

(C) Anton Setzer 2003 (except for pictures) A2. Hazard Analysis

Hydraulic (Subsea) Shuttle Valves

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

EMERGENCY SHUT-DOWN RELIABILITY ADVANTAGE

High performance disc valves Series Type BA, BK, BW, BM, BN, BO, BE, BH Rev Safety Manual

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

Solenoid Valves For Gas Service FP02G & FP05G

Hazard Operability Analysis

Session: 14 SIL or PL? What is the difference?

Safety Manual VEGAVIB series 60

Safety Manual VEGASWING 61, 63. NAMUR With SIL qualification. Document ID: 52084

Implementing IEC Standards for Safety Instrumented Systems

Safety Manual VEGAVIB series 60

Fail operational controls for an independent metering valve

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER P: REFERENCE OPERATING CONDITION STUDIES (PCC)

Vibrating Switches SITRANS LVL 200S, LVL 200E. Safety Manual. NAMUR With SIL qualification

Raw Material Spill. Lessons Learned. Volume 05 Issue USW

Safety-critical systems: Basic definitions

CHAPTER 28 DEPENDENT FAILURE ANALYSIS CONTENTS

Large Valve Causes Back Injury

Hazard Identification

Nitrogen System Contamination

An offshore safety system optimization using a SPEA2 based approach

Instrument Craftsman Receives Caustic Burn to Ear

Failure Modes, Effects and Diagnostic Analysis

Fail Operational Controls for an Independent Metering Valve

A Fault Diagnosis Monitoring System of Reciprocating Pump

PROCEDURE. April 20, TOP dated 11/1/88

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

Unattended Bleeder Valve Thaws, Causing Fire

Combining disturbance simulation and safety analysis techniques for improvement of process safety and reliability

Safety Critical Systems

COMPLIANCE with IEC EN and IEC EN 61511

Jamesbury Pneumatic Rack and Pinion Actuator

Why do I need dual channel safety? Pete Archer - Product Specialist June 2018

Section 1: Multiple Choice

CT433 - Machine Safety

Reliability. Introduction, 163 Quantifying Reliability, 163. Finding the Probability of Functioning When Activated, 163

Module No. # 01 Lecture No. # 6.2 HAZOP (continued)

Failure Modes, Effects and Diagnostic Analysis

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

Failure Modes, Effects and Diagnostic Analysis

Enterprise. Chapter 3. 1 Manufacturing Process Management. Automatic Control System. works in real time; checks the safety;

Proposed Abstract for the 2011 Texas A&M Instrumentation Symposium for the Process Industries

YT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 /

Incorrect Relief Valve Material Causes Release

PRA Methodology Overview

Instrumented Safety Systems

Pressure Gauge Failure Causes Release

A Production Operator Received a Lime Burn on His Wrist

Advanced LOPA Topics

M-06 Nitrogen Generator (Nitrogen Making Machine)

Transcription:

Reliability of Safety-Critical Systems 5.1 Reliability Quantification with FTs Mary Ann Lundteigen and Marvin Rausand mary.a.lundteigen@ntnu.no &marvin.rausand@ntnu.no RAMS Group Department of Production and Quality Engineering NTNU (Version 1.1 per August 2015) M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 1 / 18

Reliability of Safety-Critical Systems Slides related to the book Reliability of Safety-Critical Systems Theory and Applications Wiley, 2014 Theory and Applications Marvin Rausand Homepage of the book: http://www.ntnu.edu/ross/ books/sis M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 2 / 18

Learning objectives The main purpose of this presentation is to: Give an overview and brief introduction to fault tree analysis Indicate the relationship between reliability block diagrams and fault trees M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 3 / 18

Key modeling symbols A fault tree includes the following main modeling symbols: TOP event, which is a description of the system failure Basic events, which are the type of faults and events that may contribute to the TOP event Logic OR or AND gates, which gives the logical relationship between the TOP event and the basic events A koon gate symbol also exists, but it should be noted that k in this case is the the minimum number of faults that leads to a failure, rather than success. What is often called a koon system would be modeled by a (n k + 1)oon gate in the fault tree. Other symbols: Transfer-out and transfer-in symbols, that links several fault trees together M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 4 / 18

Relationship with RBSs (i) TOP 1 2 3 1 2 3 (ii) TOP 1 2 1 2 3 3 (iii) TOP 1 G1 1 2 3 2 3 M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 5 / 18

Key modeling concepts The concept of minimal cut sets is key in relation to modeling and analysis of fault trees. Cut set: A cut set in a fault tree is a set of basic events whose (simultaneous) occurrence ensures that the TOP event occurs. Minimal cut set: A cut set that cannot be reduced without losing its status as a cut set. TOP event occurs if one more ore of the minimal cut sets occur. The M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 6 / 18

Example Consider the reliability block diagram of a SIS, as illustrated below: PT1 PT1 PT1 PT1 PT1 PT1 LS SDV1 SDV2 The corresponding minimal cut sets (denoted C i ) are: C 1 = {PT1,PT2} C 2 = {PT1,PT3} C 3 = {PT2,PT3} C 4 = {LS} C 5 = {SDV 1,SDV 2} M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 7 / 18

Illustration (overall system) Top structure No signal about high pressure from the pressure transmitters PT Critical high pressure in pipeline when outlet blocked Logic solver does not transmit signal about high pressure LS OR-gate TOP event description Shutdown valves fail to close on demand Transfer symbol Basic event description SDV 1 fails to close SDV 2 fails to close Basic event symbol SDV1 SDV2 M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 8 / 18

Illustration (failure of pressure transmitter system) PT No signal about high pressure from the pressure transmitters PT 1 and PT 2 fail to signal high pressure PT 1 and PT 3 fail to signal high pressure PT 2 and PT 3 fail to signal high pressure AND-gate PT 1 fails to signal high pressure PT 1 fails to signal high pressure PT 1 fails to signal high pressure PT 3 fails to signal high pressure PT 2 fails to signal high pressure PT 3 fails to signal high pressure PT1 PT2 PT1 PT3 PT2 PT3 M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 9 / 18

Illustration (alternative modelign of failure of pressure transmitter system ) PT No signal about high pressure from the pressure transmitters 2/3 PT 1 fails to signal high pressure PT 2 fails to signal high pressure PT 3 fails to signal high pressure PT1 PT2 PT3 Note that the k/n gate is (n k + 1)/n if it represents the failure of koon system. M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 10 / 18

Key modeling rules The TOP event occurs if one of the minimal cut sets occurs The main challenge is therefore to identify the minimal cut sets If all minimal cut sets were independent, we could calculate the the probability of the top event by: Q 0 (t) = 1 k [1 ˇQ j (t)] j=1 where Q j (t) is the failure probability of minimal cut set C j : ˇQ j (t) = q i (t) i C j M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 11 / 18

Upper bound In reality, the minimal cut sets will not (normally) be independent, since the same basic event may belong to the several minimal cut sets. This type of dependency is called positive dependency, which increases the reliability. This double counting of basic events results in a higher failure probability of the TOP event, and consequently, we can claim that the true TOP event failure probability will be lower than:: Q 0 (t) 1 k [1 ˇQ j (t)] j=1 and we can therefore use this formula as a conservative approximation for the calculations. M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 12 / 18

Illustration TOP Minimal cut set 1 fails Minimal cut set 2 fails Minimal cut set k fails 1.1 1.2 1.3 2.1 2.2 2.3 k.1 k.2 k.3 M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 13 / 18

Failure probabilities Consider the state of the basic event i, E i. The choice of failure probability is dependent on the following factors: Alternative 1: The item in continuous operation and non-repairable. In this case we may be interested in the probability that item i has failed at time t, q i (t),which is: q i (t) = Pr[E i (t)] = Pr(T < t) If we assume exponential time to failure, q i (t) becomes: q i (t) = 1 e λ it M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 14 / 18

Failure probabilities Alternative 2: The item in continuous operation and repairable. We assume that the item runs to failiure and is then repaired. In this case, we may want to determine the mean unavailability of the item: q i = MTTR i MTTF i + MTTR i λ i MTTR i where MTTR i is the mean time after the failure, and MTTF i is the mean time to failure. Note that we here have assumed (again) exponentially distributed time to failure so that 1/MTTF i = λ i M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 15 / 18

Failure probabilities Alternative 3: The item that is normally passive and therefore subject to regular testing and repair. In this case, we may want to chose the mean unavailability or mean downtime due to a hidden failure: q i = λ iτ + Pr(Failure found) Mean downtime of the test 2 λ iτ 2 + λ iτ MRT i τ Note that λ i in this case represent DU failures, and that the mean down time due to other failure categories may need to be added in addition. M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 16 / 18

Inclusion of Common cause failures There are mainly three strategies to modeling CCFs in relation to fault tree analysis: 1. Include in FT (explicit): Model each CCF cause as a separate basic event that may lead to the failure of several items 2. Include in FT (implicit): Model a CCF as a basic event that cover several causes that may lead to the failure of several items 3. Exclude from FT: Add the contribution from CCFs in the quantification after the minimal cut sets have been extracted. The last option may be favourable when the system complexity is high, and where dependency may exist between basic events at different levels and section of the fault tree. M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 17 / 18

Importance measure Several importance measures have been developed to measure the relative importance of basic events. One of particular importance is the Birnbaum measure, where the relative importance of basic event i is measures by: I B (i t) = δq 0(t) δq i (t) This may also be calculated more easily as: I B (i t) = Q 0 (t E i (t) = 1) Q 0 (t E i (t) = 0) M.A.Lundteigen (RAMS Group) Reliability of Safety-Critical Systems (Version 1.1) 18 / 18

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback