Fault tree analysis protection systems

Process Hazards Analysis. Analysis of processes for unrecogni2ed or inadequately controUed ha2ards (see Hazard analysis and risk assessment) is required by OSHA (36). The principal methods of analysis, in an approximate ascending order of intensity, are what-if checklist failure modes and effects ha2ard and operabiHty (HAZOP) and fault-tree analysis. Other complementary methods include human error prediction and cost/benefit analysis. The HAZOP method is the most popular as of 1995 because it can be used to identify ha2ards, pinpoint their causes and consequences, and disclose the need for protective systems. Fault-tree analysis is the method to be used if a quantitative evaluation of operational safety is needed to justify the implementation of process improvements. 

Within process industries characterized by large production units and high levels of automation, risk and accident analysis is focused on the avoidance of low-probability events entailing serious consequences for the plant and its environment. Safety analysis is based here on causal or probabilistic models of the accidental chain of events that can serve to identify deficiencies in the design of the plant and its protective system as well as to predict the level of risk involved in an operation. Methods developed are fault tree analysis, MORT (Johnson 1975) and INRS (Leplat Rasmussen 1984). A detailed analysis of the actual, individual incident or failure is performed to identify these possible weak spots in the plant and its operation. It is a common experience that human acts play an important role in such industrial mishaps so, especially after the reactor incident at Three Miles Island in 1979, much effort has been spent on developing suitable predictive tools for the... 

In this way, the fault tree can be quantified, which makes this technique very powerful for the reliability analysis of protection systems. The prerequisite is the availability of statistical reliability data of the different devices and instruments that is often difficult to obtain for multi-purpose plants, where devices can be exposed to very different conditions when changing from one process to another. Nevertheless, if the objective is to compare different designs, semi-quantitative data are sufficient. 

First, the importance of learning lessons from past process safety incidents is highlighted in Section 3.2. The subsequent section presents preliminary hazard review procedure, risk matrix, what-if method, plot plan and layout review, pressure relief system review and fire safety design aspects. Section 3.4 presents PHA techniques and procedures hazards and operability analysis (HAZOP), failure modes and effects analysis (FMEA), instrumented protective system (IPS) design, fault trees, event trees, layer of protection analysis (LOPA) and finally SIS life eyele. The importanee of revision of PSI is highlighted in Seetion 3.5. 

Are there documents that provide comprehensive analysis of all potential safety and health hazards of the worksite Are there documents that provide both the analysis of potential safety and health hazards for each new facility, equipment, material, or process and the means for eliminating or controlling snch hazards Does documentation exist outlining the step-by-step analysis of hazards in each part of each job, so that yon can clearly discern the evolution of decisions on safe work procedures If complicated processes exist, with a potential for catastrophic impact from an accident but low probability of such accident (as in nnclear power or chemical production), are there documents analyzing the potential hazards in each part of the process and the means to prevent or control them If there are processes with a potential for catastrophic impact from an accident but low probability of an accident, have analyses such as fault tree or what if been documented to ensure sufficient backup systems for worker protection in the event of multiple control failures ... 

Fault tree for overpressure example (Fig. VII/1.2.2-1). BPCS, basic plant control system C Valve, control valve E/E/PE, electrical/electronics/programmable electronics IPL, independent protection layer PHA, plant hazard analysis SIS, safety instrumentation system. 

A risk model often comprises a formal logical representation of the system. Fault- and event tree analysis is often building blocks in such a representation. Barriers, safety functions and/or layers of protection are typically represented by basic events. Probabilities are assigned to the outcome of the basic events, i.e., success or failure. A wide range of factors and conditions will influence the outcome of the basic events, and these need to be taken into account when assigning the basic event probabili-... 

The most important Boolean models are Event Trees and Fault Trees (classics/dynamics). Event Trees (Papazoglou 1998) are graphical models that can be discretized according to their possible effects or distinction in a series of simple events. In the same time Event Trees are adapted for modeling and assessment of the events sequences for non-reparable systems such as safety or protection systems. Instead, the reparable systems or instrumentation and control systems can not be modeled by Event Trees. Fault Trees are built according to an undesired event that is decomposed into basic events till this decomposition becomes impossible or judged useless (Dutuit Rauzy 2005). These models are efficient for c r-based analysis but have limitations for sequence-hd.ssd analysis because of the static point of view they consider. 

Qualitative reliability analysis are used to identify possible ways in which a system can fail. The calculation can result in all combinations of components and human failures that lead to safety (protection) system failure, which prevents the safety system to shut-down the reactor upon request. For this analysis a top-down logic model, known as a Master Logic Diagram (MLD), similar to a fault-tree, could advantageously be used with a top event of a safety system failure upon request. The results of this analysis can be used to prove the fulfillment of the important single failure design criteria. 

---