Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Control system failures, causes

LEADIR-PS 200 has a graceful and safe response to all anticipated transients. For example, an overcooling event (as could be caused by loss of feedwater control or spurious opening of steam relief valves in combination with control system failure) causes the core inlet temperature (normally 350°C) to fall as the freezing point of 327°C is approached the coolant viscosity increases, coolant flow decreases, and in the absence of any control system action, the negative temperature coefficients of the fuel and moderator reduce reactor power. Heat removal is maintained by natural convection. [Pg.103]

Ten years ago, users became heavily dependent on their computers (e.g., word processing systems, applications to run stock control or order processing systems, and electronic mail to communicate more effectively with one another). A system failure caused inconvenience and in some instances departments had to revert to their paper-based systems whilst problems were resolved. [Pg.312]

Undesirable rod motion can result from control system failure and can be either inward or outward. Inward motion is a plant availability problem, but is not a safety concern. The extreme case of undesirable inward motion is an inadvertent reactor trip. This event might be caused by a loss of power or erroneous trip signals. This event places the plant in a safe condition. [Pg.393]

Outward motion can be a more significant threat to equipment and people. The consequence of control system failures which cause rod withdrawal are limited by several system features. The first is the limit on rod withdrawal speed due to the maximum amount of power that can be delivered to the CRD motor. Second is the control circuitry which limits the number of control rods that may be withdrawn at any one time. Third is the alarm system which will inform the operator of the improper rod motion so that he may take corrective action. Finally, a reactor trip signal will cause rods to be inserted. [Pg.393]

The next task is an analysis showing that no control system failure can cause an initiating event that can result in a hazard. If control system failure can initiate a hazardous sequence, then safety instrumented functions MUST NOT be designed into common equipment without detailed quantitative risk analysis. That language in the standard is strong and clear. Most of the time, initiating event analysis shows a problem with combined control and safety. [Pg.230]

Zone 2A active damper Ap control system (Provides active Ap adjustment for control of contamination from Zone 2A to Zone 2 and HEPA input air filtration.) Fail closed causes increased Ap to from Zone2A Zone 2 Mechanical failure of active damper, loss of air pressure for damper pneumatic actuator, programmed control system failure, or plugged filter Control and monitoring system indications and periodic maintenance inspections Leak rate through airlock doors and Room 109 shielded door may increase to reduce Ap somewhat No effect to positive effect since reduced flow may extend residence time in Zone 2A HEPA and charcoal exhaust filters... [Pg.448]

An argument used to justify this approach is that comprehensive software Verification and Validation (V V) program is capable to uncover all systematic software faults. Any system failure caused by software is thus hypothetical and can be thus omitted as negligible. This approach is basically correct in the control systems with limited amounts of variable (measured parameters) combination from the point of final probabilistic result (expressed either by system/function unavailability or by critical sys-tem/fimction failure rate). Nevertheless, some anxiety is still relevant because of the high common cause potential of software faults. [Pg.1293]

Primary Cause of Control System Failure Failures by Lifecycle Phase... [Pg.7]

In 2003 the UK Health and Safety Executive estimated that almost half of the primary causes for control system failures lay with inadequate specifications (Ref 2). Other key causes were changes made after commissioning, overly optimistic reliance on single channel systems, failure to verify software and poor consideration of human issues. These are systematic failures. [Pg.233]

Identify the causes or conditions that lead to deviations. For example, low flow can be caused by the failure of the flow control loop. Events can be caused by a single failure or by multiple failures. Ensure that the identified causes are the minimum that will lead to the process deviation. The most common initiating causes are related to control system failures, which can happen multiple times over the life of the process. If the consequence is significant, safety systems are generally required to address identified process hazards. [Pg.23]

Out of Control Why control systems go wrong and how to prevent failure, HSE Books 2003, is intended to raise the awareness of the causes of control system failures by describing actual case studies. While the analysis may not be considered statistically significant due to its small sample size (i.e., only 34 incidents were studied), the analysis does illustrate the importance of the safety lifecycle in the management of process risk. [Pg.140]

The rationale behind the definitions of iow demand mode and high demand or continuous mode in lEC 61508 is based on the failure behaviour of a safety-related system due to random hardware faults. Underlying much of the reasoning is the distinction between safety-functions that only operate on demand and those that operate continuously . A safety function that operates on demand has no influence until a demand arises, at which time the safety function acts to transfer the associated equipment into a safe state. A simple example of such a safety function is a high level trip on a liquid storage tank. The level of liquid in the tank is controlled in normal operation by a separate control system, but is monitored by the safety-related system. If a fault develops in the level control system that causes the level to exceed a pre-determined value, then the safety-related system closes the feed valve. With such a safety function, a hazardous event (in this case, overspill) will only occur if the safety function is in a failed state at the time a demand (resulting from a failure of the associated equipment or equipment control system) occurs. A failure of the safety function will not, of itself, lead to a hazardous event. This model is illustrated in Figure 4. [Pg.128]

The analysis suggests fliat most control system failures may have their root cause in an inadequate specification. In some cases this was because insufficient hazard analysis of the equipment under control had been carried out in others it was because the impact on the specification of a critical failine mode of the control system had not been assessed. [Pg.280]

Control system failure LT-4011 causes valve SDY-4012 to fail open. 1.0E-1 Y Safety Y 2.5E-3... [Pg.238]

In this way, a plausible relationship is established between the multiplicity of causes (control system failures) and the bandwidth of possible effects (hazards and expectable severity levels) in the context of the highly time-variable man-machine interaction. The risk reductions can thus also be depicted in a time domain as an enclosure with interlock and locking in the context of an operating mode concept. This is what the product standards for machine tools are dealing with very successfully since more than a decade. [Pg.1939]

The ILO scheme for classification of deviations takes into account whether the injured person controls the energies that cause harm or not. The latter is the case when the energies are controlled e.g. by a technical control system. Control-system failures are here a concern. There is no clear distinction between deviations and incidents in this scheme. [Pg.69]

If the failure of a control system can cause a plant condition that necessitates safety action and can concurrently disable one channel within the safety group that protects against the condition, the safety requirements should continue to be met on... [Pg.48]

This upset initiates a runaway reaction that can catastrophically rupture the reactor. The impact of this event was judged to be extensive, which, as discussed in Table 6 Note 1, leads to a tolerable frequency of 10 /year for a single scenario. Several failures in the control system could cause this upset, with operating experience indicating that this type of upset occurs about once every 10 years. Protection per Table 5 was the Shortstop addition, but the runaway reaction may be too fast for the operator to respond to an alarm. This protection layer is not included for risk reduction. The area is normally occupied, so it was assumed that personnel could be impacted by the event. The pressure safety valves (PSVs) are only estimated to be 90% effective, since plugging is a common problem in this service. Since the PSVs share a common relief line, they are conservatively considered to be a single Independent Protection Layer. This led to an intermediate event likelihood of a 10 per year. Per the conservative assumptions used in this example, only the PSVs qualified as an IPL. The PHA team reviewed all the process safety risk issues and decided that a SIF was appropriate. As shown in Table 7, this requires a SIL 3 SIF. [Pg.28]

Event 6 Overfill Reactor Caused by Control System Failure... [Pg.29]

Control of quality and state of engine parts, components of electric, pneumatic, hydraulic systems, load-bearing elements Investigations of parts and units failure causes... [Pg.603]

Sulphuric acid at 93% was added to p-nitrotoluene. The temperature reached 160°C due to a failure of the thermal control system. The sulphonic acid formed decomposed violently at this temperature. The post-accident investigation showed that the decomposition started between 160 and 190 C. In fourteen minutes the temperature rose to 190-224°C and in one minute and thirty seconds to 224-270°C. A large volume of gas was then released during the eruption. The phenomena caused by the decomposition of nitrated derivatives in the presence of sulphuric acid will be addressed several times. What these incidents have in common is the formation of large carbonised volumes. This phenomenon is common with sulphonic acids. The nitro group role is to destabilise intermediate compounds and final compounds and to generate... [Pg.301]

If symptoms do not improve, the patient should be evaluated for persistent infection. There are many reasons for poor patient outcome with intraabdominal infection improper antimicrobial selection is only one. The patient maybe immunocompromised, which decreases the likelihood of successful outcome with any regimen. It is impossible for antimicrobials to compensate for a nonfunctioning immune system. There may be surgical reasons for poor patient outcome. Failure to identify all intraabdominal foci of infection or leaks from a GI anastomosis may cause continued intraabdominal infection. Even when intraabdominal infection is controlled, accompanying organ system failure, most often renal or respiratory, may lead to patient demise. [Pg.1136]

Occasionally an incident occurs that results in a common mode failure. This is a single event that affects a number of pieces of hardware simultaneously. For example, consider several flow control loops similar to Figure 11-4. A common mode failure is the loss of electrical power or a loss of instrument air. A utility failure of this type can cause all the control loops to fail at the same time. The utility is connected to these systems via OR gates. This increases the failure rate substantially. When working with control systems, one needs to deliberately design the systems to minimize common cause failures. [Pg.486]

On July 24,1994, an explosion followed by a number of fires occurred at 13 23 at the Texaco refinery in Milford Haven, Wales, England. Prior to this explosion, around 9 a.m., a severe coastal electrical storm caused plant disturbances that affected the vacuum distillation, alkylation, butamer, and FCC units. The explosion occurred due to a combination of failures in management, equipment, and control systems. Given its calculated TNT equivalent of at least 4 tons, significant portions of the refinery were damaged. That no fatalities occurred is attributed partially to the accident occurring on a Sunday, as well as the fortuitous location of those who were near the explosion. [Pg.5]

The most common cause of a well to become uncontrolled and develop into a blowout is improper mud control operations and the inability of the blowout prevention system to contain it because of system failures, i.e., lack of testing and maintenance. [Pg.232]

See other pages where Control system failures, causes is mentioned: [Pg.107]    [Pg.107]    [Pg.107]    [Pg.232]    [Pg.158]    [Pg.131]    [Pg.50]    [Pg.7]    [Pg.200]    [Pg.9]    [Pg.163]    [Pg.262]    [Pg.1117]    [Pg.80]    [Pg.201]    [Pg.353]    [Pg.365]    [Pg.389]    [Pg.185]    [Pg.156]    [Pg.156]    [Pg.175]    [Pg.194]    [Pg.239]    [Pg.428]   
See also in sourсe #XX -- [ Pg.9 ]



SEARCH



Failure causes

Failures systemic

System failures

© 2024 chempedia.info