STPA危险分析方法及其在ATSA-ITP设计中的应用

传统危险分析方法无法胜任对复杂的非线性社会技术系统的分析。系统理论过程分析(STPA)方法是建立在系统理论事故建模和过程(STAMP)基础上的一种新型的危险分析方法,它将安全视为系统的一种涌现特性,认为除了组件失效,组件间的非功能交互也是导致危险的主要原因,并通过定义系统危险、绘制安全控制结构、识别不安全控制行为、确定不安全控制行为起因等4个步骤完成危险分析过程。美国的空中交通态势感知尾随程序(ATSA-ITP)设计案例分析表明,STPA方法的组织形式有序,逻辑结构严谨,分析过程透彻。     

高铁应急调度STAMP/STPA安全性分析

为克服传统安全分析模型不能评估高铁调度系统中组件之间复杂交互的缺陷,基于系统理论的事故过程模型(STAMP),将高铁应急指挥系统中人员与设备之间交互安全性问题视作系统控制和反馈问题,构建高铁应急调度控制反馈模型,识别系统安全风险与约束;采用系统理论过程分析法(STPA),分析不安全控制行为及诱发不安全控制行为的控制缺陷;基于台高铁脱轨事故实例分析,验证STAMP/STPA应用于高铁应急调度安全分析的有效性。结果表明:构建的高铁应急调度控制反馈模型可分析得到高铁应急调度指挥的风险因素为感知或执行误差、决策失误、接收或执行时延;同时通过该模型可演绎安全约束失效路径。     

STAMP模型在危化品道路运输事故分析中的应用研究

为保障危化品道路运输行车安全,基于STAMP模型构建危化品道路运输的分层安全控制结构,将安全问题看作是控制问题,并将系统工程思想融入事故预防中。在此基础上,引入沪昆高速湖南邵阳段“7.19”特别重大道路交通危化品爆燃事故并对其进行实证分析,从物理层、基础层、运营层及监管层动态分析导致事故发生的控制缺失。结果表明:基于STAMP模型的安全分析方法不仅可考虑由组件失效引起的事故,还可发现组件之间的组织问题及决策背景,并对事故致因做出更为详细的解释,为类似事故的分析和预防提供思路与参考。     

基于STAMP-ISM的铁路危险品运输系统风险-事故分析方法*

为预防铁路危险品运输系统事故的发生,采用STAMP-ISM模型分析铁路危险品运输系统风险-事故。首先,利用STAMP模型详细分析事故,得到控制结构的相关安全约束、不充分控制行为及产生原因,以及系统的安全动态变化;其次,采用ISM分析事故致因因素之间的关联关系并划分层级;最后,基于STAMP和ISM分析结果提出系统改进方案。以我国一起匿名夹带事故为背景进行案例研究,结果表明,ISM模型的加入可深入挖掘事故因素间的相互关系,为事故致因因素重要度划分层级,分析结果及建议更具针对性。     

CRES的危害因素识别方法:以EETD为例

首先厘清传统危害识别方法的局限性,运用系统理论的事故模型及过程(STAMP)的系统理论过程分析(STPA)方法,分析CRES不能使动车组(EMU)制动这一危害事件,将其安全问题看作是控制问题;然后以车载地震紧急处置装置(EETD)为例,分析其引起的不安全控制控制行为,找出产生不安全控制行为的原因,进而分析出其危害因素;最后与传统的故障树分析(FTA)方法结果对比,验证基于STAMP模型的STPA方法的有效性。结果表明:用该方法能比FTA方法识别出更多的危害因素,如设计缺陷、沟通不畅等。     

基于功能共振事故模型的航空事故分析

航空事故大多是由诸多诱发因素紧密耦合、复杂交互导致的结果,为克服传统事故分析方法仅能处理单纯组件失效诱发的事故或相对简单的系统的不足,提出一种基于功能共振事故模型的航空事故分析方法。利用该方法,对美国5191航班冲出跑道事故进行系统分析。识别功能模块,评价功能性能变化,确定功能共振,并制定性能变化的防控屏障。结果表明:用该方法不仅能识别出导致事故的功能共振及其影响因素,解释事故发生的原因和过程,而且能够提出降低事故风险的防控措施。     

基于STAMP模型的地铁拥挤踩踏应急联动系统设计

当前地铁拥挤问题十分突出,而地铁管理仅依赖于经验性措施,无法有效管控拥挤踩踏风险。为解决这一问题,基于系统理论事故及过程(STAMP)模型,设计地铁拥挤踩踏事故应急联动系统。首先研究STAMP模型的原理和结构,将联动系统分为人群密度监测系统、应急疏散系统和广播信息系统3部分,使三者联动对地铁人流进行安全管理。然后分析人群密度安全约束条件,围绕约束条件应急联动系统的分层控制结构,建立应急联动系统中的人群密度监测和应急疏散过程控制模型,并整合形成地铁拥挤踩踏应急联动系统的控制回路,完成整个系统工作循环。研究结果表明,模型可量化拥挤踩踏风险,有效提升地铁的安全管理水平。     

工艺安全管理系统中的工艺危害分析方法比较

简要介绍了工艺安全管理系统,其中工艺危害分析是工艺安全管理系统中的核心要素。对通常采用的故障假设/检查表、故障类型及影响分析、事故树分析、危险与可操作性研究、保护层分析五种分析方法进行了比较,得出了它们的优点、缺点、适用范围及应用时机。故障假设/检查表分析法比较容易使用,适用于工艺的初次评估;故障类型及影响分析、事故树分析适用于高危险性工艺中的工段、组件或单元操作的分析;危险与可操作性研究可以非常系统、全面的对工艺进行分析,是最有效的工艺危害分析方法。保护层分析方法是一种半定量的风险评价方法,它通过分析系统中各个防护层的失效概率来评估潜在事故的危险性,并与可接受标准进行比较,从而实现对防护系统防护性能的判断。通过对分析方法的比较可以指导化工企业选用合适的分析方法来进行工艺危害分析。     

基于STAMP模型的建筑事故致因因素定量分析方法研究

为揭示建筑安全事故致因因素间的相互关系从而对其进行有效预防和控制,探讨1种STAMP模型的定量分析方法,用于深入剖析事故致因因素间的逻辑关系和属性特征。基于STAMP系统事故理论模型,从建筑工程安全控制结构入手逐层定性分析事故的致因因素;引入灰色DEMATEL与ISM相结合的方法对系统事故间的复杂逻辑关系进行层级划分;运用MICMAC分析计算各致因因素的驱动力和依赖度数值并判断其属性类别。结果表明:提出的定量分析方法运用到江西丰城冷却塔坍塌事故中的分析结果与事故调查报告相契合,能较全面地说明各层次结构间的相互作用。     

矿用重型汽车作业现场碰撞事故模糊故障树分析

矿用重型汽车作业现场碰撞事故属于安全生产重大事故,本文根据现场的事故案例运用事故树分析方法,解析出69个导致碰撞事故发生的最小割集。借助于故障树结构重要度,找出对运输碰撞事故系统里底事件中的主要诱发因素,识别出系统关键节点的危险性,寻求预防同类碰撞事故发生的各种有效措施。由于构成割集的底事件本身就带就有一定的模糊性,所以运用模糊数学方法克服了传统的故障树分析方法中确定底事件发生概率的困难,为解决故障树种的模糊性问题提供了一种研究思路,在管理资源有限的条件下,为矿用重型汽车运行安全评价和安全管理提供可靠的保障。     

Safety assessment of the film boiling chemical vapor infiltration (FB-CVI) process through a system-theoretic accident model and process (STAMP)

Film boiling chemical vapor infiltration (FB-CVI) is considered as one of the fastest process methodologies for manufacturing carbon-carbon (C–C) composite products and possesses various advantages compared to conventional methodologies. However, there are safety concerns associated with this process for large-scale manufacturing, mainly owing to the intrinsic nature of the precursor and the process conditions. Considering the multifunctional interactions of the various systems during the process, a system-theoretic process analysis (STPA)/system theoretic accident model and process (STAMP) model is used to perform a safety analysis of the hazardous states of the FB-CVI process at the system level. As a case study, the FB-CVI process equipment employed for the manufacturing of C–C composites is considered. The safety constraints present in the system are assessed for adequacy through a hazard analysis by STPA/STAMP. The analysis through STPA/STAMP demonstrated the capability to create proactive strategies for the design and realization of process equipment that can be employed to manufacture C–C composite products through the FB-CVI process.     

STAMP-based analysis on the railway accident and accident spreading: Taking the China–Jiaoji railway accident for example

Each hazard analysis technique is based on a model of accident causation. Most accident models regard accidents as resulting from a chain or sequence of events, such models are fit for accidents caused by failures of physical components and for relatively simple systems, but suffer from serious deficiencies when they are applied to software-intensive, complex engineering systems. Recently, a new accident model called System-Theoretic Accident Models and Process (STAMP) for system safety has been proposed, it is based on control theory and enforces constraints on hazards and thereby prevent accidents. In this paper, taking the China–Jiaoji railway accident happened on April 28, 2008 as an example, the STAMP approach has been used to analyze the railway accident and some improvement measures have been proposed. As the occurrence of one accident can cause many other accidents happen, based on the STAMP-based analysis, the accident spreading processes have also been discussed and modeled, which will be helpful to analyze accidents spreading in a broad sense and establish effective emergent measures for accident response management.     

Applicability of accident analysis methods to Chinese construction accidents

IntroductionIt is necessary to clearly understand construction accidents for preventing a rise in Chinese construction accidents and deaths. Better analysis methods are required for Chinese construction sector accidents.MethodsChoosing and analyzing a typical construction accident based on four popular contemporary accident causation models: STAMP, AcciMap, HFACS, and the 2-4 Model. Then we evaluated the models' applicability to construction accidents, including their usability, reliability, and validity.ResultsSTAMP addressed how complexity within the accident system influenced the accident development, and its output makes the responsibilities clearer for the accident. AcciMap described the entire system's failure, the entire accident's trajectory, and the relationship between them. AcciMap showed that the accident was a dynamic developing process, and this method has a high usability. The taxonomic nature of HFACS is an important feature that provides it with a high reliability. In the accident reviewed here, we found that poor management was a critical factor rather than the individual factor in the accident. The 2-4 Model provided detailed causes of the accident and established the relationship among the accident causes, the safety management system, and the safety culture. It also avoided capturing all of the complexity in the large sociotechnical system and revealed a dynamic analysis and developing process. We confirmed that it has a high usability and validity. Therefore, the 2-4Model is recommended for future Chinese construction accident analysis efforts.Practical ApplicationsThe study provides a useful, reliable, and effective analysis method for Chinese construction accidents.     

基于STAMP模型的电网企业事故风险控制模型

事故预防和风险控制理论模型对于指导企业开展安全工作具有重要作用,智能化、信息化、自动化对电网企业的事故预防和风险控制工作提出新的挑战,因此有必要对电网企业进行事故风险控制模型研究.本文基于系统安全和风险控制理论与STAMP模型,结合我国电网企业的特点与安全现状,对电网企业事故风险控制模型进行研究,构建了基于STAMP模...     

An urban pipeline accident model based on system engineering and game theory

Urban pipeline accidents are caused by complex social-technical factors, in which urban communities and pipeline systems are involved. Such accidents can thus be investigated from the viewpoint of system engineering. System-Theoretic Accident Model and Processes (STAMP) is a systemic method for safety assessment, which has been adopted in many domains. This approach can provide deep insights of accident causes by considering direct and indirect factors. Meanwhile, competition and cooperation between stakeholders in accidents are observed. Therefore, these parties can also be analyzed with the game theory. That is, stakeholders in STAMP can be regarded as players in game. The aim of this paper is to provide a new insight to analyze urban pipeline accidents by considering both STAMP and game theory. In this paper, we proposed an accident model for urban pipelines, with a case study of China-Qingdao pipeline accident occurred in 2013. We concluded that accident reasons can be investigated in-depth and lessons can be learned from analyzing causal factors by using STAMP. Based on results generated from STAMP, we applied the game theory to analyze roles that government and companies act in the China-Qingdao urban pipeline accident. The results show that current punishment and incentive systems are incomplete, lacking of the driving force and constraining force for the stakeholders involved in the accident.     

GIS在化工园区事故应急救援辅助决策中的应用

采用GIS平台与应急决策支持技术相结合,以园区高危工艺和重大危险源作为分析对象,开发化工园区安全管理系统中的应急救援辅助决策模块,针对园区内高危工艺或重大危险源事故后果预测与事故应急救援管理的科学性和有效性,扩展为对整个化工园区的事故风险管理与事故应急救援辅助决策支持。运用该模块可实现园区内突发事故后果预测、最优救援和疏散路径规划、应急辅助决策方案生成,有效提高化工园区事故救援的科学性和效率,减少人员伤亡和财产损失,提高化工园区安全管理水平。     

HAZOP-FTA综合分析方法在煤化工装置中的应用

为提高煤化工生产工艺安全水平,降低事故发生的可能性和严重程度,有必要对其工艺过程中的危害因素进行全面系统的辨识分析。以某甲醇公司煤制甲醇气化装置为例,运用HAZOP方法准确识别工艺偏差危害因素,定性分析偏差产生的可能原因、后果及现有安全措施;在此基础上,运用FTA方法,获得顶上事件发生概率值和基本事件重要度结果,实现工艺设备设施危害因素的定性与定量分析,提出有针对性的建议安全措施。两种方法的综合应用,给予煤化工企业系统安全分析一种新的思路,使其得到更加科学准确的危险性分析结果,为企业开展危害因素的分级管理,有效预防和减少事故的发生提供了理论支撑。