3-Parameters SPW technique: A new method for evaluation of target safety integrity level

Introduced by IEC-61508 standard, safety integrity levels (SIL) have been used for assessing the reliability of safety instrumented functions (SIF) for protection of the system under control in abnormal conditions. Different qualitative, semi-qualitative and quantitative methods have been proposed by the standard for establishing target safety integrity levels amongst which “Risk Graph” has gained wide attention due to its simplicity and easy-to-apply characteristics. However, this method is subject to many deficiencies that have forced industry men and experts to modify it to fit their demands. In this paper, a new modification to risk graph parameters has been proposed that adds more flexibility to them and reduces their subjective uncertainties but keeps the method as simple as before. Three parameters, namely severity (S), hazard avoidance probability (P), and demand rate (W) are used instead of former four parameters. Hence, the method is named SPW. The outcome results of this method can be directly converted to probability of failure on demand (PFD) or risk reduction factor (RRF). The proposed method has been tested on an example case that has been studied before with conventional risk graph and LOPA techniques. The results show that new method agrees well with LOPA and reduces costs imposed by conservative approximations assumed during application of conventional risk graph.     

An evaluation approach using a HARA and FMEDA for the hardware SIL

Safety instrumented systems (SIS) are becoming increasingly complex, and form a growing proportion of programmable electronic parts. The IEC 61508 global standard was established to ensure the functional safety of SIS; however, it was expressed in highly macroscopic terms. The safety integrity level (SIL) is a criterion describing whether a component meets the safety requirements of a SIS. The safety requirements give a target SIL for the expected risks using hazard analysis and risk assessment (HARA). The SIL must correspond to the safety requirements. This study introduces an evaluation process for determining the hardware SIL through failure modes, effects, and diagnostic analysis (FMEDA). First, the components of the SIS subsystem are defined in terms of failure modes and effects, and then the failure rate and failure mechanism distribution are assigned to each component. The safety mode and detectability of each failure mode are determined for each component and, finally, the hardware SIL is evaluated. We perform a case study to evaluate the hardware SIL of the flame scanner system using HARA and FMEDA, where the safety requirement of the flame scanner was determined using the risk graph method. We verified that the hardware SIL of the flame scanner corresponded to the safety requirement.     

Human and organisational factors in the operational phase of safety instrumented systems: A new approach

The international standards IEC 61508 and IEC 61511, which provide a general framework for the design and implementation of safety instrumented systems, require quantification of the achieved risk reduction, expressed as a safety integrity level (SIL). Human and organisational factors affect the performance of safety instrumented systems during operation and may threaten the achieved SIL, but this is usually not explicitly accounted for. This article presents a new approach to address human and organisational factors in the operational phase of safety instrumented systems. This approach gives a prediction of the operational SIL and can also be used to improve safety. It shows which human and organisational factors are most in need of improvement and it provides guidance for preventive or corrective action. Finally, the approach can be used as part of a SIL monitoring strategy in order to maintain the achieved SIL at the required level during the operational phase.     

任意有界论域的模糊变量转化成随机变量的方法

针对机械系统广义可靠性中极限状态方程的模糊参数向等价正态随机变量转化时其均值难以确定的问题,提出了一种将具有任意有界论域的模糊变量转化成随机变量的方法,以该法所得的随机变量的均值作为等价正态随机变量的均值,得到模糊变量的更为准确的等价正态随机变量表达式,使含有模糊参数机械系统可靠度能在正态空间内确定.并在算例中以水平截集法作为准确值,验证了该方法的准确性和简洁性.     

基于FFTA-LOPA的化工装置安全仪表系统SIL确定方法

为了优化确定化工装置安全仪表系统（SIS）安全完整性等级（SIL）,分析了现有确定SIL的不足,针对化工装置的失效数据缺失和不确定性特点,提出模糊事故树-保护层（FFTA-LOPA）模型计算安全仪表系统SIL。以某低密度聚乙烯反应釜为例,建立了该反应釜爆炸事故树,运用模糊理论定量分析顶上事件发生的概率,最终确定其安全仪表系统安全完整性等级为SIL 1。结果表明:该方法结合两种风险分析理论,分析结果与实际和理论统计结果符合性较好,具有一定地准确性和实用性,可以为定量确定系统SIL提供理论指导。     

安全系统安全完整性等级确定方法比较研究

安全完整性等级的确定是开发和设计安全相关系统的前提和基础。为避免因方法选择不当而导致安全完整性等级确定不恰当的问题,针对常用的后果法、风险矩阵法、改进的HAZOP法、风险图法、保护层分析法和定量分析法进行了对比研究。在阐述和分析安全完整性等级内涵及其确定原理的基础上,根据每种方法自身的特点,从准确性、可量化性、工作量和运用的难易程度等方面对其进行了对比和研究,并分析和探讨了选择安全完整性等级确定方法时应重点考虑的因素。研究结果对合理选择安全完整性等级确定方法具有一定的实用价值和借鉴意义。     

Pythagorean fuzzy VIKOR-based approach for safety risk assessment in mine industry

Introduction: Underground mining is considered one of the most hazardous industries and is often associated with serious work-related fatalities; this paper addresses job-related hazards and associated risks. Method: A risk assessment approach is proposed (Pythagorean fuzzy environment) and a case study is carried out in an underground copper and zinc mine. Results: Results of the study demonstrate that hazards can be categorized into different risk levels via compromised solutions of the fuzzy approach. Conclusion: The study provides a theoretical contribution by suggesting a Pythagorean fuzzy numbers-based VlseKriterijumska Optimizacija I Kompromisno Resenje (PFVIKOR) approach. Moreover, it contributes to improving overall safety levels of underground mining by considering and advising on the potential hazards of risk management. Practical applications: The proposed approach will improve the existing safety risk assessment mechanism in underground copper and zinc mining.     

Modeling and application of risk assessment considering veto factors using fuzzy Petri nets

Risk assessment is important for plant safety, and fuzzy set theory is useful for such assessment because many risk factors have fuzzy characteristics. In this study, veto factors for risk assessment are taken into account. Weighted fuzzy Petri nets (WFPN) with inhibitor arcs are proposed to model relationships between risk factors and establish the risk assessment structure considering veto factors. Definitions of WFPNs as well as the enabling rule and execution rule are provided. The modeling approach for the assessment combining normal factors with veto items is discussed. The proposed fuzzy risk assessment approach is illustrated by an example of the assessment of production installations and process technology of plants that deal with hazardous chemicals. Veto factors and non-veto factors are presented and the assessment structure based on WFPNs is established. Using the factor data of a plant, an assessment value is obtained through the operation of WFPNs and the verification of the approach is discussed.     

基于人因可靠性的间歇装置SIL分析与改进

IEC 61508和IEC 61511等标准针对连续工艺装置提出了安全仪表系统安全完整性等级评估方法。但对于间歇装置的SIL评估,受人因因素影响水平并未明确,且没有提出相应计算模型。以某六氟磷酸锂间歇生产装置典型SIS为例,采用HAZOP结合LOPA方法对其进行风险分析,在明确间歇生产装置存在人员中毒、窒息及燃烧爆炸风险的基础上,确定并验证其安全仪表系统的SIL,再依据间歇生产装置人工依赖性高,即部分安全仪表系统未接入自动联锁且需人工手动触发的特点,建立人因可靠性模型,来分析人因可靠性对安全仪表系统SIL的影响,并进行改进研究。研究结果表明:人因因素对安全仪表系统SIL有显著影响;可通过改变SIS元件冗余结构、测试策略并结合改进人因管理措施来提高SIL。     

Application of fuzzy logic to explosion risk assessment

Safety and health of workers potentially being at risk from explosive atmospheres are regulated by separate regulations (ANSI/AIHA in USA and ATEX in the European Union). The ANSI/AIHA does not require risk assessment whereas it is compulsory for ATEX. There is no standard method to do that assessment. For that purpose we have applied the explosion Layer of Protection Analysis (ExLOPA), which enables semi-quantitative risk assessment for process plants where explosive atmospheres occur. The ExLOPA is based on the original work of CCPS for LOPA taking into account an explosion accident scenario at workplace. That includes typical variables appropriate for workplace explosion like occurrence of the explosive atmosphere, the presence of effective ignition sources, activity of the explosion prevention and mitigation independent protection layers as well as the severity of consequences. All those variables are expressed in the form of qualitative linguistic categories and relations between them are presented using expert based engineering knowledge, expressed in the form of appropriate set of rules. In this way the category of explosion risk may be estimated by the semi-quantitative analysis. However, this simplified method is connected with essential uncertainties providing over or under estimation of the explosion risk and may not provide real output data.In order to overcome this problem and receive more detailed quantitative results, the fuzzy logic system was applied. In the first stage called fuzzification, all linguistic categories of the variables are mapped by fuzzy sets. In the second stage, the number of relation between all variables of analysis are determined by the enumerative combinatorics and the set of the 810 fuzzy rules “IF-THEN” is received. Each rule enables determination of the fuzzy risk level for a particular accident scenario. In the last stage, called defuzzification, the crisp value of final risk is obtained using a centroid method. The final result of the risk presents a contribution of each risk category represented by the fuzzy sets (A, TA, TNA and NA) and is therefore more precise and readable than the traditional approach producing one category of risk only. Fuzzy logic gives a possibility of better insights into hazards and safety phenomena for each explosion risk scenario. It is not possible to receive such conclusions from the traditional ExLOPA calculation results. However it requires the application of computer-aided analyses which may be partially in conflict with a simplicity of ExLOPA.The practical example provides a comparison between the traditional results obtained by ExLOPA and by fuzzy ExLOPA methods.     

基于SIL评估的LNG加气站安全仪表系统问题分析及改进建议*

为分析LNG加气站安全仪表系统的功能完备性与可靠性,以3座典型的三级LNG加气站为研究对象,全面开展安全仪表功能辨识、安全完整性等级（SIL）定级与验证,进而提出针对性的改进建议。结果表明:3座LNG加气站的安全仪表系统均存在功能不完备、设备组件缺少失效数据的问题;为满足风险控制要求,三级LNG加气站需设置15个安全仪表功能,其中1个应达到SIL2等级,14个应达到SIL1等级;LNG加气站的安全仪表系统应选用获得功能安全认证的设备组件,并在设计阶段开展SIL评估工作。研究结果可为今后LNG加气站安全仪表系统的设计与管理提供重要参考。     

Planning protection measures against runaway reactions using criticality classes

A systematic approach to the assessment of thermal risks linked with the performance of exothermal reactions at industrial scale was proposed a long time ago. The approach consisted of a runaway scenario starting from a cooling failure and a classification of these scenarios into criticality classes. In the mean time these tools became quite popular and many chemical companies use them. Recently, the international standard IEC 61511 required the use of protection systems with reliability depending on the risk level. Since the criticality classes were developed as a tool for the choice of risk reducing measures as a function of the criticality, it seems obvious that the criticality classes may be used in the context of the standard IEC 61511, which provides a relation between the risk level and the reliability of protection systems.Firstly, the runaway scenario and the criticality classes will be shortly described. Secondly, the assessment criteria for severity and probability of occurrence of a runaway scenario will be described together with the required data and their interpretation in terms of risk. Thirdly, the assessment procedure is exemplified for the different criticality classes. Finally, the design of protection measures against runaway and the required IPL and SIL are based on the risk assessment obtained from the criticality classes. This approach allows minimising the required data set for the safety assessment and for the definition of the protection system designed in order to avoid the development of the runaway.     

基于模糊随机可靠性的边坡稳定性评价

影响边坡稳定性的因素中包含有很多的不确定性,这些不确定因素既具有随机性也具有模糊性。基于模糊分析理论,建立了模糊随机可靠性分析模型,提出了边坡模糊随机可靠性分析的点估计法,并运用该方法对一露天矿边坡稳定的的可靠性进行分析,通过对影响边坡稳定的各个力学参数进行模糊处理,然后应用统计矩点估计方法估计边坡的安全系数均值和可靠度,得出边坡的失稳概率。这种方法由于考虑到了各个力学参数的模糊性,比较符合客观实际,因而更具有实际指导意义。     

模糊综合评价在钻井队安全管理评价中的应用

钻井队的安全管理评价对于整个石油勘探与钻井工作的正常进行有着十分重要的意义,它也是油田进行日常管理的一项基本活动。为了研究与评价目前钻井队的安全现状,我们通过对钻井作业过程的分析,针对影响钻井队安全管理的因素,提出了钻井队安全管理中人员安全、安全钻井配套装备、安全制度与执行、危险识别与评价这四个方面的大指标,再细分成十二个方面的详细指标。在用层次分析法确定了各项指标的权重之后,设计了一个模糊综合评价体系,从而对目前钻井队的安全现状进行了定性与定量相结合的分析,并以某钻井队为例,进行了实证研究,根据模糊综合评价的最大隶属度原则,得出该钻井队安全管理现状处于很好的状态的结论。此方法从而为钻井队的安全管理工作提供了量化的借鉴依据。     

考虑人因可靠性的安全仪表功能SIL验证方法研究

油气站场一般设置有紧急停车系统（ESD）等存在操作员介入的非常规安全仪表功能（SIF）,为解决已有的安全完整性等级（SIL）评估方法不能针对此类SIF进行功能安全评价的情况。对存在操作员介入的非常规SIF进行研究,将其中的人为因素细分为观察、决策和执行3个阶段;根据各类人因可靠性分析方法优缺点,筛选CREAM和HCR方法分别分析紧急情景环境和应急响应时间对非常规SIF人因失效概率的影响,建立考虑人因可靠性的SIL验证模型;基于此模型选取某输油站典型SIF开展SIL评估,分析人因失效对SIF整体可靠性的影响水平,并提出改善措施。结果表明:将操作员应急响应过程中的人因失效概率引入传统的SIL验证模型中,可实现对非常规SIF的功能安全评价;人因失效对非常规SIF具有显著影响,筛选的人因可靠性模型可准确计算人因失效概率。     

基于FMECA与模糊FTA的余热锅炉安全分析

为了保证余热锅炉安全运行,预防爆炸事故发生,利用FMECA方法和模糊FTA方法,研究余热锅炉事故致因。通过对余热锅炉潜在危险因素的分析辨别,探讨设备故障类型、原因及相应处理方法,引入模糊FTA对余热锅炉爆炸事故定性和定量分析,进而构建了基于FMECA与模糊FTA的余热锅炉安全分析框架,并计算得出事故发生的模糊概率以及对基本事件的敏感性分析。研究表明,余热锅炉系统的可靠度大约为96.92%,未按规定排污,报警器失灵,安全阀压力连接管堵塞及除氧器不合格事件对顶事件发生概率的影响最大,从而为该系统的安全决策提供支持。     

Safety assessment of natural gas storage tank using similarity aggregation method based fuzzy fault tree analysis (SAM-FFTA) approach

Fault tree analysis (FTA) is an important method to analyze the failure causes of engineering systems and evaluate their safety and reliability. In practical application, the probabilities of bottom events in FTA are usually estimated according to the opinions of experts or engineers because it is difficult to obtain sufficient probability data of bottom events in fault tree. However, in many cases, there are many experts with different opinions or different forms of opinions. How to reasonably aggregate expert opinions is a challenge for the engineering application of fault tree method. In this study, a fuzzy fault tree analysis approach based on similarity aggregation method (SAM-FFTA) has been proposed. This method combines SAM with fuzzy set theory and can handled comprehensively diverse forms of opinions of different experts to obtain the probabilities of bottom events in fault tree. Finally, for verifying the applicability and flexibility of the proposed method, a natural gas spherical storage tank with a volume of 10,000 m³ was analyzed, and the importance of each bottom event was determined. The results show that flame, lightning spark, electrostatic spark, impact spark, mechanical breakdown and deformation/breakage have the most significant influence on the explosion of the natural gas spherical storage tank.     

A framework for resilience assessment in process systems using a fuzzy hybrid MCDM model

Resilience engineering (RE) has recently emerged as a novel safety management paradigm in socio-technical organizations. It is believed that RE is more compatible with the characteristics of complex socio-technical systems. The multicriteria nature and the presence of both qualitative and quantitative latent factors make RE substantially more complex especially in quantifying and modeling aspects. To address this issue, the present research aims to develop a fuzzy hybrid multicriteria decision-making (MCDM) model for quantifying and evaluating resilience using the fuzzy Analytic hierarchy process (F-AHP) and fuzzy VIKOR (F-VIKOR) techniques. Initially, an evaluation framework including six resilience indicators and 43 sub-indicators was established. Afterward, the F-AHP method was used to determine the weight of the resilience indicators, while the F-VIKOR method was employed to rank the resilience performance of the different operational units. To present the model capability, we evaluated the resilience of a gas refinery as a typical instance of socio-technical systems. The findings revealed the performance level of resilience indicators in all units of the studied refinery and their ranking based on the computation of the index value (Qi). With respect to the Qi values, the best and worst performance of units from the resilience perspective was specified. Results indicate that the proposed model can serve as an effective evaluation approach in complicated systems and can be used to effectively design strategies to improve system safety performance. To the best of our knowledge, this is the first study that evaluates the resilience using the VIKOR and AHP in a fuzzy environment in the process industry.     

Reliability analysis of subsea blowout preventer control systems subjected to multiple error shocks

Two configurations of subsea blowout preventer (BOP) distributed control systems, which are triple modular redundancy (TMR) control system and double dual modular redundancy (DDMR) control system, are presented. With respect to common-cause failures, the performances of the two systems are evaluated by using Markov method with multiple error shock model. Due to the complexity, each system is split into three independent modules, and the corresponding Markov models are proposed subsequently. The probability of failure on demand, availability and reliability of the systems are evaluated by merging the independent Markov modules by Kronecker product approach. The results indicate that a same safety integrity level of SIL3 can be attained for the two configurations, which satisfies the requirement of subsea BOP control system, even though both of them have some advantages and shortcomings. In addition, for TMR control system, the effects of multiplicity distribution of multiple error shock and mean time to repair on reliability performances are studied.     

合成氨装置系统安全仪表系统安全完整性等级分析

论文在介绍安全仪表系统、安全完整性等级的基本原理基础上,综合分析了危险与可操作性分析(HAZOP)、保护层分析(LOPA)等系统风险分析理论的应用方法。并结合上述理论,确定了安全仪表系统的安全完整性等级(SIL)定级。以合成氨装置为例,应用HAZOP及保护层分析方法,得出了合成塔压力过高及废热锅炉液位过低2个场景下的安全完整性SIL等级。结果表明:合成塔装置仪表的SIL等级为1,废热锅炉仪表的SIL等级为2。