Hazards systemic failures

The first perspective is the traditional safety engineering approach (Section 2.4). This stresses the individual factors that give rise to accidents and hence emphasizes selection, together with motivational and disciplinary approaches to accident and error reduction. The main emphasis here is on behavior modification, through persuasion (motivational campaigns) or pimishment. The main area of application of this approach has been to occupational safety, which focuses on hazards that affect the individual worker, rather than process safety, which emphasizes major systems failures that could cause major plant losses and impact to the environment as well as individual injury. 

Barricades. These are constructed to protect uncontrolled areas from the effects of a hydrogen system failure and to protect a hydrogen system from the hazards of adjacent or nearby operations. Barricades have been shown to be most effective against... 

The full range of process maloperations, including system failures that might lead to process runaway will first have to be considered by a systematic evaluation of the plant and process concerned141. These may, for examplel be due to human error, hardware failure, or due to failure of a computerised sequence controller. To assess the likely/ credible maloperations accurately, it is recommended that personnel who will be operating the plant are involved in the hazard assessment. 

It must be recognized that these systems are the last line of defense against a hazardous event, and to be effective they must perform when called upon. In other words, there must be a low probability of system failure when a demand is placed upon it. 

Defining your goal is usually fairly easy. Figuring out how you are going to get there is a bit more complex. It requires knowledge of components, what they do, how they do it and what type of environments they can operate in. This requires consideration of such things as pressure ratings of components and how the materials the components are made of will react to the other materials and the conditions in the system. To avoid errors that will cause system failure or create a safety hazard, materials must be well matched and the processes of the system must be well understood. 

An analysis of a system s failure modes may determine that some could trigger a hazard - these failure modes are safety-related and are likely to represent causes. In contrast those which would not typically lead to harm will be not safety-related . Depending on the relative degree of risk it may be necessary to justify the reason for a failure mode not being safety-related. 

Accidents hke the Mars Polar Lander or the British batch chemical reactor losses, where the cause lies in dysfunctional interactions of non-failing, reliable components—i.e., the problem is in the overaU system design—illustrate reliable components in an unsafe system. There can also be safe systems with unreliable components if the system is designed and operated so that component failures do not create hazardous system states. Design techniques to prevent accidents are described in chapter 16 of Safeware. One obvious example is systems that are fail-safe, that is, they are designed to fail into a safe state. 

Event-based models work best for accidents where one or several components fail, leading to a system failure or hazard. Accident models and explanations involving only simple chains of failure events, however, can easily miss subtle and complex... 

Losses result from component failures, disturbances external to the system, interactions among system components, and behavior of individual system components that lead to hazardous system states. Examples of hazards include the release of toxic chemicals from an oil refinery, a patient receiving a lethal dose of medicine, two aircraft violating minimum separation requirements, and commuter train doors opening between stations. ... 

Second, note that the word failure does not appear anywhere. Hazards are not identical to failures—failures can occur without resulting in a hazard and a hazard may occur without any precipitating failures. C. O. Miller, one of the founders of System Safety, cautioned that distinguishing hazards from failures is implicit in understanding the difference between safety and reliability [138]. 

The next task is an analysis showing that no control system failure can cause an initiating event that can result in a hazard. If control system failure can initiate a hazardous sequence, then safety instrumented functions MUST NOT be designed into common equipment without detailed quantitative risk analysis. That language in the standard is strong and clear. Most of the time, initiating event analysis shows a problem with combined control and safety. 

It addresses only functional hazards. The determination of the hazard severity level does not attempt to account for the system failures necessary for its occurrence it only seeks to determine the appropriate limits for probability of occurrence for a given hazard. 

ID Component in zone External failure mode(s) Intrinsic hazards Systemic vulnerabilities Effect on the aircraft Corrective/preventative action and/or mitigations... 

The case, used to illustrate systems failure, equally illustrates the role of personal qualities and skills as a key factor in the erosion, or creation, of safety. Those involved failed to see the inherent hazards in the system. 

Two distinctly different, yet complementary, perspectives of hazards for the HCF and associated radioactive material storage locations are obtained for the overall hazard analysis of Chapter 3 by using both PHA and failure mode effects analysis (FMEA) techniques. FMEA is a complementary type of evaluation that utilizes a system failure-based form of analysis. Unlike PHA, the first objective of FMEA is to subdivide the facility Into several different (and, to the maximum extent possible, independent) system elements. Failure modes of each system element are then postulated and a structured examination of the consequences of each failure mode follows. However, similar to PHA, FMEA documents preventive and mitigative features (failure mechanisms and compensation) and anticipated accident consequences (failure effects). Appendix 3D contains the FMEA for the HCF. 

We can express hazard function of system failures with statistical process of simulation experiment. 

We start our analysis with hazard event identification and construction of the fault tree for the hazard. For the system presented in the Section 3.1, we can describe hazard as operational system failure . This negative event can occur only if the time resource, which is defined for restoring of the failed tram, is over crossing. This event may occur only in one of two possible situations ... 

HentX , the hazard operational system failure can o(x ur only if maximal lead time of a repaired tram (tdmax) is equal or greater than minimal redundant time (tyndn), see (17). If the minimal redundant time is greater than maximal lead time of a repaired tram, then redundant tram are not neexsssary. 

Some of the hazard analysis (evaluation) techniques already used by the chemical industry include traditional system safety tools such as preliminary hazard analysis, failure modes and effects analysis, and fault tree analysis. 

Component Description Failure Mode Effects on Other Components Effects on System RAC or Hazard Category Failure Frequency Effects Probability Remarks... 

Describe the larger result of the hazard, which may reduce subsystem effectiveness or result In subsystem failure and/or total system failure. 

Hence, when occurrence of the top event is not dependent on the occurrence of all subevents, the probability of the top event is not so remote. In this example, the likelihood of simple system failure (as opposed to catastrophic system failure) has increased by several orders of magnitude and would therefore require a more informed decision regarding hazard risk acceptance. 

---