Common mode failure

Layers of protection There are many independent layers of protection provided in the control measure in addition to the basic process control system. These layers of protection make the control measures more robust. Fig. 11/4.5.4-1 may be referred to for more detail. Detailed discussions are available in Chapter V. Common mode failure Common mode failure refers to the failure of more than one control system on account of a common cause, which underlines the importance of independent layers of protection. However, common cause can affect both engineering and administrative controls. So, while considering the adequacy of control measures used for risk prevention/reduction/mitigation, etc. it is necessary and important to see that all such control measures are not only independent but also do not suffer from common mode fculure—discussed in later part of the book. 

Another problem with this approach is common mode failures. A common mode failure is a single event which could lead to the simultaneous failure of several components at the same time. An excellent example of this is a power failure, which could lead to many simultaneous failures. Frequendy, the common mode failure has a higher probabiUty than the failure of the iadividual components, and can drastically decrease the resulting reUabiUty. 

Common Mode Failure An event having a single cause with multiple failure effects, which are not consequences of each other. 

Common-mode failure Avoid common-mode failure possibilities with services, control systems, safety systems etc. 

Rupture discs should be removed from service at predetermined intervals for visual inspection. Depending on the condition of the disc and recommendations by the manufacturers, they are either replaced or returned to service. The most common mode of failure is case (c), premature rupture below the minimum bursting pressure. An analysis of this mode of failure indicates that this can be the result of ... 

Avoid common-mode failures between the BPCS and the SIS. Do not share components within a BPCS and SIS. 

System models assume the independent probabilities of basic event failures. Violators oithis assumed independence are called Systems Interactions, Dependencies, Common Modes, or Common Cause Failure (CCF) which is used here. CCF may cause deterministic, possibly delayed, failures of equipment, an increase in the random failure probability of affected equipment. The CCF may immediately affect redundant equipment with devastating effect because no lime is available for mitigation. If the effect of CCF is a delayed increase in the random failure probability and known, time is available for mitigation. 

WASH-1400 introduced this method for unknown common mode effects. The procedure was not presented in the best light and was severely criticized by the Lewis Commiiiee or lack of a physical basis, although the approach is not unreasonable. Basically, the procedure considered the failure rate of a system, with a common mode, to be i>ctween two bounds. The lower bound is the one with no... 

The overall system failure rate including common modes was estimated to be the geometric mean of these extremes (equation... 

Experience shows that the failure rate of one diesels is A-j = 8.7F-5/hr, and they are tested 1 1 days (720 hours). A study of related plant ows that common mode contributes 10% 1 One 1 [failed ... 

Evans, R, A. 1975, Statistical Independence and Common-Mode Failures, IEEE Trans. Rel., R-24, p289. 

Fleming, K, N cs al., 1975, A Reliability Model for Common Mode Failures In Redundant Safety Systems, Proceedings of the Sixth Annual Pittsburgh Conference on Modeling and Simulation, April. 

A systematic approach was undertaken for the BRP PRA to identify all potential sources of common mode failure. The first step in the treatment of common mode failures was a compilation of a detailed list of common mode initiators. To achieve this, available literature on common mode failure analysis was reviewed. The next step was to qualitatively assess the potential effects of these initiators on BRP systems. The initiator categories and the systems selected for examination are presented in Table VI.1 of the BRP PRA. 

The Reactor Safety Study (WASH-1400) was published by the USNRC in 1975 to set down a methodology for assessing nuclear plant reliability and risk. Of particular Interest to the data analyst are Appendix III, "Failure Data," and Appendix IV, "Common Mode Failures."... 

Appendix IV contains a thorough discussion of quantification techniques and engineering studies of common mode failures. Large LOCA, small LOCA, and transient sequences are considered. 

In many cases, a product fails when the material begins to yield plastically. In a few cases, one may tolerate a small dimensional change and permit a static load that exceeds the yield strength. Actual fracture at the ultimate strength of the material would then constitute failure. The criterion for failure may be based on normal or shear stress in either case. Impact, creep and fatigue failures are the most common mode of failures. Other modes of failure include excessive elastic deflection or buckling. The actual failure mechanism may be quite complicated each failure theory is only an attempt to explain the failure mechanism for a given class of materials. In each case a safety factor is employed to eliminate failure. 

Occasionally an incident occurs that results in a common mode failure. This is a single event that affects a number of pieces of hardware simultaneously. For example, consider several flow control loops similar to Figure 11-4. A common mode failure is the loss of electrical power or a loss of instrument air. A utility failure of this type can cause all the control loops to fail at the same time. The utility is connected to these systems via OR gates. This increases the failure rate substantially. When working with control systems, one needs to deliberately design the systems to minimize common cause failures. 

Common law trademark right, 25 258 Common mode failures, 13 169 Communication. See also Communications organizational, 21 622, 628-629 in pilot-plant planning, 19 467-468 among process control levels, 20 676 Communication applications, glass fibers in, 12 612-616... 

The upsets considered need to be regarded as independent from one another and are not based on "common mode" failure. Furthermore the measures adopted need to be effective and independent of one another. 

One spare electrochemical cell stack is installed in the primary anolyte circuit. Manual intervention is required to connect the spare cell stack and disconnect a faulty cell stack. Five spare cell stacks are kept in storage, allowing replacement of all primary or secondary electrochemical cell stacks (but not both at once) in the case of common-mode failure, e.g., severe blockage. The inventory of spare cell stacks was not deemed necessary to cover common-mode failure of both primary and polishing (secondary) electrochemical cells, because their anolyte circuits are separate and the catholyte circuit is much less likely to be the source of failure (AEA, 2001a). 

Common Cause or Common Mode Failure—Failure, which is the result of one or more events, causing coincident failures in multiple systems or on two or more separate channels in a multiple channel system, leading to system failure. The source of the common cause failure may be either internal or external to the systems affected. Common cause failure can involve the initiating event and one or more safeguards, or the interaction of several safeguards. 

A control system designed to automatically change the operating conditions such that the COP is no longer outside the Never-Exceed-Limit (N-E-L). The system may shutdown the operation or it may change conditions such that operation continues in a different mode. The Safety Interlock System must be independent from the normal control system to avoid "common mode" failure where one failure defeats both the normal control system and the Safety Interlock System. 

---