Recommended
More Related Content
What's hot
What's hot (20)
Similar to Using fault trees to analyze Safety Instrumented Systems
Similar to Using fault trees to analyze Safety Instrumented Systems (20)
Recently uploaded
Recently uploaded (20)
Using fault trees to analyze Safety Instrumented Systems
- 1. Safety-Instrumented Systems A Fault Tree Approach Joseph Belland, Isograph Inc. David Wiseman, Isograph Ltd.
- 2. Safety-Instrumented Systems Critical Processes or systems Found in many different industries Malfunction may cause risk Safety, environmental, or financial Examples: Chemical reactor Nuclear generator Airbag
- 3. Safety-Instrumented Systems Mitigate risks of critical systems Restores system to safe state in event of hazardous condition Three elements Inputs: Monitor system, detect hazardous conditions Logic solver: interprets inputs Final elements: halt the system or process or restore it to failsafe state
- 5. Example Fault Tree OR Top event (hazard) VOTE 2 Vote gate AND Logic gate EV2 Basic event EV3 Dormant event EV4 Basic event EV5 Basic event EV6 Basic event
- 6. Construction Logic SIS terminology: vote to trip Fault Trees: failure logic SIS trip logic 1ooN NooN MooN Fault Tree Gate AND OR (N-M+1)
- 7. Construction Logic Example VALVES Both valves fail open VALVE1 Block valve 1 fails open VALVE2 Block valve 2 fails open XV XV VALVES1 Either valve fails open VALVE3 Block valve 1 fails open VALVE4 Block valve 2 fails open
- 8. Generic SIS Tree PFD SIS failed dangerous INPUTS LOGIC SOLVER FINAL ELEMENTS
- 9. HIPPS Fault Tree HIPPS PFD HIPPS fails to stop over- pressurization PTS 2 2 of 3 pressure transmitters fail to register a high pressure VALVES Both valves fail open LS Logic Solver fails to send trip signal PT1 Pressure Transmitter 1 fails low PT2 Pressure Transmitter 2 fails low PT3 Pressure Transmitter 3 fails low VALVE1 Block valve 1 fails open VALVE2 Block valve 2 fails open
- 10. Failure Data λ SD λ SU λ DU λ DD
- 11. Failure Data Fault Trees constructed for a single hazard Basic events contribute to that hazard Dangerous or Safe failures only
- 12. Failure Data Commonly-used data Failure rate MTTR Test interval Dangerous failure % Diagnostic coverage Proof test coverage Used in equation to solve PFD
- 13. Common Cause Failures Affect multiple components simultaneously Reduce effectiveness of redundancy Beta factor Percent of failures due to CCF FT assumes independence CCFs must be accounted for Separate basic event Implicit inclusion
- 14. Explicit CCF Inclusion SYS System failure IND Both components fail independently COMP CCF Components fail due to CCF COMP1 IND Component 1 independent failure COMP2 IND Component 2 independent failure
- 15. Implicit CCF Inclusion SYS2 System failure COMP1 Component 1 failure COMP CCF COMP2 Component 2 failure COMP CCF
- 16. Logic and PFDAVG FT methods: 1. Solve component PFDAVG 2. Apply system logic to calculate system PFDAVG IEC 61508-6 1. Apply system logic 2. Solve PFDAVG 𝑓(𝑥) ∙ 𝑓(𝑥) ≠ 𝑓(𝑥) ∙ 𝑓(𝑥)
- 17. HIPPS Example Block valves IEC 61508-6: 3.949E-3 FT: 3.348E-3 Optimistic Compensating algorithm needed Markov analysis FT program with compensation: 3.913E-3
- 18. HIPPS Analysis SIL 2 PFDavg λ (/hour) MTBF (hours) RRF 4.7E-3 6.193E-7 1,622,000 212.8
- 19. Spurious Trip Analysis How often SIS engages unnecessarily “Safe” failures FT used to quantify MTTFspurious Failure data: safe failure rate Logical reverse of PFD Fault Tree
- 20. HIPPS Spurious Trip FT HIPPS SPURIOUS MTTF=1.622E+05 HIPPS engages unnecessarily PTS 2 2 of 3 pressure transmitters falsely register high pressure VALVES Valve system engages unnecessarily LS Logic Solver fails to send trip signal PT1 Pressure Transmitter 1 fails high PT2 Pressure Transmitter 2 fails high PT3 Pressure Transmitter 3 fails high VALVE1 Block valve 1 fails closed VALVE2 Block valve 2 fails closed
- 21. Optimization Advantage of computer programs How can we improve reliability? Importance Analysis Sensitivity Analysis
- 22. Importance Analysis Event contribution to system failure 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Block valves Pressure transmitters Logic solver
- 23. Sensitivity Analysis Repeated changes of events to see effect on TOP gate Test different basic event inputs Example Different block valve test intervals τ (months) 4 6 8 12 18 24 PFDavg 1.028E-3 1.274E-3 1.547E-3 2.174E-3 3.314E-3 4.700E-3
- 24. Conclusion Fault Tree Analysis Useful tool for evaluating SIS Well-developed methodology Plenty of programs exist Can model complex system logic Can model PFD/Spurious trips CCFs taken into account Importance and sensitivity considerations
Editor's Notes
- High-integrity pressure protection system Seen in petrochemical applications Prevent over-pressurization in fluid line or vessel Over-pressurization can cause rupture or explosion HIPPS shuts off inputs to mitigate risk
- What is it? Deductive hazard analysis Identifies causes of hazard (TOP event) TOP event linked to basic events via logic gates Basic (bottom) events represent component failures or events Quantitative Probabilistic failure data inputs Reliability metric outputs Uses Boolean algebra/probability math
- SIS component failures typically divided into: Safe detected Safe undetected Dangerous detected Dangerous undetected
- FTA used to analyse single hazard Demand failure of HIPPS Dangerous failures only Spurious trip of HIPPS Safe failures only
- Sometime safe and dangerous failure modes must be modelled in separate events Some software allow all modes to be built into single event
- X_Mean * Y_Mean = Mean(X * Y) if there is no correlation between X and Y, i.e. They are independent Why would this be the case if a cut set includes >1 dormant event?
- (see paper for details)
- Reverse of MooN is N – M +1. AND becomes OR (not for TOP gate, though)
- Calculated by comparing probability of hazard if event never occurs, to when it does occur (normal result). Here, block valves contribute to 89% of demand failures.
- Tau = test intervals tried