Safety study of an LNG regasification plant using an FMECA and HAZOP integrated methodology

A safety analysis was performed to determine possible accidental events in the storage system used in the liquefied natural gas regasification plant using the integrated application of failure modes, effects and criticality analysis (FMECA) and hazard and operability analysis (HAZOP) methodologies. The goal of the FMECA technique is the estimation of component failure modes and their major effects, whereas HAZOP is a structured and systematic technique that provides an identification of the hazards and the operability problems using logical sequences of cause-deviation-consequence of process parameters. The proposed FMECA and HAZOP integrated analysis (FHIA) has been designed as a tool for the development of specific criteria for reliability and risk data organisation and to gain more recommendations than those typically provided by the application of a single methodology. This approach has been applied to the risk analysis of the LNG storage systems under construction in Porto Empedocle, Italy. The results showed that FHIA is a useful technique to better and more consistently identify the potential sources of human errors, causal factors in faults, multiple or common cause failures and correlation of cause-consequence of hazards during the various steps of the process.     

Integration of intelligent sensors in Safety Instrumented Systems (SIS)

This article deals with the assessment of Safety Instrumented Systems using intelligence in the field devices. The integration of intelligent instruments within safety oriented applications presents a challenge. The justification for using these instruments in safety applications is not fully proven and the dependability evaluation of such systems is not trivial. The work presented in this article deals with modeling in order to evaluate the performances relating to the dependability for structures which contains intelligent instruments. This architecture constitutes a Safety Instrumented System (SIS). In the modeling of the system, the functional and dysfunctional aspects coexist and the dynamic approach using the Stochastic Activity Network (SAN) is proposed to overcome the difficulties mentioned above. Monte-Carlo method is used to assess the dependability parameters in compliance with safety standards related to SIS (IEC 61508 & IEC 61511). The proposed method and associated tools allow this evaluation by simulation and thus provide assistance in designing SIS integrating intelligence.     

A framework for dependability engineering of critical computing systems

This paper presents a development model focused on the production of dependable systems. Three classes of processes are distinguished: (1) the system creation process which builds on the classical development steps (requirements, design, realization, integration); (2) dependability processes (i.e. fault prevention, fault tolerance, fault removal and fault forecasting); and (3) other supporting processes such as quality assurance and certification. The proposed approach relies on the identification of basic activities for the system creation process and for the dependability processes, and then on the analysis of the interactions among the activities of each process and with the other processes. Finally, to support the development of dependable systems, we define for each system creation activity, a checklist that specifies the key issues that need to be addressed with respect to each dependability process.     

FMECA-模糊综合分析法在自旋滑车桥轴风险评价中的应用

FMECA法是一种定性的分析方法,它通过对目标系统下各单元的功能、潜在故障模式、故障原因、故障率及严重性进行分析,找出危险性较高的故障模式和设计中的薄弱环节。模糊综合分析法可以将定性的评价结果以定量的形式表达,但其评价结果具有模糊性。提出了一种将FMECA法与模糊综合分析法相结合的评价方法,既可以减少模糊综合分析评价结果的模糊性,又可以将FMECA法的定性描述以定量的形式表达,使评价结果更加客观、合理。并以大型游乐设施中自旋滑车的桥轴为例,运用FMECA-模糊综合分析法对其进行风险评价,计算结果表明其风险等级较低,与实际检验结果相符。     

Dependability modelling of instrumentation and control systems: A comparison of competing architectures

The purpose of this paper is to present a framework for comparing different candidate architectures for the same system. To this end, we propose a rigorous approach for homogeneously modelling different architectures. Starting with the functional specifications of the system, we derive a functional-level model that is used to construct a high-level dependability model for each architecture, using well-defined, formal construction rules. Our modelling approach is then applied to three possible architectures of an instrumentation and control system, and an example of a comparative analysis of these systems is provided.     

高速铁路信号系统的安全管理评价研究

高速铁路信号系统要通过安全管理来保障其开发与运行中的安全相关活动符合系统安全计划的要求。为了评估安全管理活动的可信性,提出基于系统安全分析技术的安全管理评价方法。通过建立安全管理流程与系统安全功能相关联的概念模型,使用安全文化危险与可操作性研究(SCHAZOP)辨识出安全管理流程中的行为偏差,基于失效传导转换符号(FPTN)建立管理角色的安全文化失效模型,最终将管理行为失效模式转换成组件故障树作为安全管理评价证据。研究结果表明,安全管理行为偏差体现了信号系统开发与运营过程中的安全文化特征;辨识与分析安全文化失效,为信号系统安全管理活动的可信性提供了评价依据。     

Probability and frequency calculations related to protection layers revisited

This article casts a new glance over some methods dedicated to the calculation of the likelihood (probability or frequency) of failure of systems and, in particular, safety-related systems working alone or in association with other protection layers. It consists first in examining with a critical eye the relevancy of the aforementioned methods, which are still often used in spite of their restrictive limitations, and second in proposing an alternative approach for each of them. The correctness of the examinated methods is tested by applying them to very simple systems modeled by fault tree models, with intent to show why these methods are debatable and how they can be replaced by other ones, more appropriate. The particular case of several protection layers having to react on the demand resulting from the global failure of their associated control system is considered. That case leads to revisit the common assumption of the independence between the above protection layers and control system, by taking into account the order of their respective failures from a qualitative and quantitative point of view.     

From job-based to competency-based organizations

The efficacy of designing organizations around job structures is challenged. Although this approach has dominated the fields of organizational behavior and human resource management for decades, a number of forces have converged to suggest that a competency-based approach often is more appropriate. In the global competitive environment which large, complex organizations face, the competency-based approach and the capabilities that individuals need to acquire and develop should be the major focus. Reward systems, career tracks, selection systems, and the structure of organizations need to change to focus on competencies. The challenges and opportunities for research, theory, and practice development that a change to a competency-based approach raises are many and diverse. For example, new pay systems are needed, new selection systems are needed, indeed whole new concepts about what constitutes selection validity and career development are needed.     

城市管道系统风险分析及闭环管理研究

为了探索构建城市管道系统安全及可靠性风险管理体系,基于FMECA,FTA&ETA及FRACAS等技术,建立涵盖故障模式辨识、影响及危害度分析、纠正措施执行等内容,且遵循闭环管理原则的科学、完整的风险闭环管理模式。针对城市管道安全及可靠性研究存在的局限性,引入FCE改进的FMECA和模糊灰关联FTA等定量计算方法,克服统计信息匮乏、数据模糊等瓶颈。研究结果表明:基于改进“3F”一体化技术的系统风险闭环管理体系契合城市管道风险管控需求,为多态、多要素耦合、不确定性复杂系统整体风险分析研究提供新思路。     

移动脚手架升降作业的FMECA分析

利用FMECA(故障模式,影响及危险度分析)方法回顾了升降作业的典型事故,阐述了架体结构和升降作业流程,对移动脚手架升降作业进行了故障类型、影响及危险度分析,认为保障移动脚手架升降施工作业安全的重点是:保证防坠装置的有效可靠性、维护防护装置的功能完整性、确保提升机构和架体结构的整体稳定性。     

Risk analysis for road and rail transport of hazardous materials: a GIS approach

An approach to transportation risk analysis for road and rail transport of dangerous goods is proposed, which is based on the use of geographic information systems (GIS) to manage territorial information, coupled with a product data bank in a risk evaluation tool. Such an approach enables to accurately take into account the local data affecting risk analysis, such as population, accident rate, and weather conditions along all the route, by means of a system which can be easily updated. The resulting risk evaluation tool assists in the step of route identification and allows to rapidly perform an accurate transportation risk analysis, for a single transportation event as well as for multiple substances, trips and itineraries.     

A novel method to apply Importance and Sensitivity Analysis to multiple Fault-trees

The unavailability/frequency analysis of critical failure states of complex industrial systems is normally conducted by using the Fault-tree methodology. The number of Fault-trees describing the system is given by the number of system’s failure states (i.e. Top-events). For each Top-event characterised by unacceptable occurrence probability, some design improvements should be made. Importance and Sensitivity Analysis (ISA) is normally applied to identify the weakest parts of the system. By selecting these parts for design improvement, the overall improvement of the system is made more effective. In current practice, ISA is normally applied sequentially to all Fault-trees. The sequence order is subjectively selected by the analyst, based on several criteria as for instance the severity of the associated Top-event. This approach has the clear limitation of not ensuring the identification of the most cost-effective design solution to improve safety. The present paper describes an alternative approach which consists of concurrently analysing all relevant system’s Fault-trees with the objective of overcoming the above limitations and to identify the most cost-effective solution. In addition, the proposed method extends the ISA application to “over-reliable” system functions, if any, on which the reliability/maintainability characteristics of the involved components can be relaxed, with a resulting cost saving. The overall outcome of the analysis is a uniformly protected system, which satisfies the predefined design goals. A point to note is that the overall cost of the analysis of the proposed approach is significantly lower if compared with the sequential case.     

一种主动功能约束视域下的复杂系统事故预防模型

复杂系统事故发生模式具有多样性、不确定性的特点。传统的被动式、以失效因果分析为导向的事故预防模型虽然能够较为有效地防止或者减少同类事故的发生,但无法预防未发生过的新事故,因此并不适用于事故模式多样的复杂系统的事故预防。为了更加系统、全面地降低复杂系统的事故风险,需从更加主动的、前瞻性的视角分析如何使系统保持正常的功能。根据控制系统中的功能约束原理,并以功能分解与共振分析模型(ACAT/FRAM)为建模工具,提出一种主动功能约束视域下的复杂系统事故预防模型。该模型通过将复杂系统进行功能分解与抽象,以闭环控制关系对功能进行耦合关联,得到复杂系统要素的正常功能约束结构。基于该模型的事故预防机制在于保证系统各要素以及要素间的正常功能,据此可制定面向多种事故模式的事故预防措施。     

The paradoxes of almost totally safe transportation systems

Safety remains driven by a simple principle: complete elimination of technical breakdowns and human errors. This article tries to put this common sense approach back into perspective in the case of ultra-safe systems, where the safety record reaches the mythical barrier of one disastrous accident per 10 million events (10⁻⁷). Three messages are delivered: (1) the solutions aimed at improving safety depend on the global safety level of the system. When safety improves, the solutions used to improve the safety record should not be further optimised; they must continue to be implemented at present level (to maintain the safety health obtained), and supplemented further by new solutions (addition rather than optimisation rationale); (2) the maintenance and linear optimisation of solutions having dwindling effectiveness can result in a series of paradoxes eventually replacing the system at risk and jeopardising the safety record obtained in the first place; and (3) after quickly reviewing ambiguities in the definition of human error and the development of research in this area, this article shows, through recent industrial examples and surveys, that errors play an essential role in the acquisition and effectiveness of safety, at individual as well as collective levels. A truly ecological theory of human error is developed. Theories of error highlight the negative effects of an over-extensive linear extrapolation of protection measures. Similarly, it is argued that accepting the limitation of technical systems performance through the presence of a minimum breakdown and incident ‘noise’ could enhance safety by limiting the risks accepted. New research opportunities are outlined at the end of this paper, notably in the framework of systems now safe or ultra-safe.     

天然气集输站泄漏监控系统研究

为克服目前天然气集输站站控系统存在的主要技术问题,探讨了建立泄漏监控安全系统的技术要求.该系统应用负压波检漏技术、模式识别技术和虚拟仪器技术,实现了.对天然气泄漏的信号检测、处理、传输和实时动态显示等.借助于这些技术开发的天然气泄漏监控系统,具有数据处理准确可靠,精度高,误报率低等特点.通过该系统,可以及时获取相关参数和信息,实现早期预警,降低天然气泄漏的事故风险.     

Improving safety and availability of complex systems using a risk-based failure assessment approach

This paper presents a structured risk-based failure assessment (RBFA) approach, which provides a complete solution to avoid repeated and potential failures to improve overall plant safety and availability. Technological advancements and high product demand have encouraged designers to design mega-capacity systems to enhance system utilization and improve revenues. However, these benefits make the systems more complex and thus prone to unnoticed failure. It is an overwhelming task to address all the failures due to the limited resources and time constraints. This leads to substandard and poor quality failure assessments, which cause repeated failures. To address this common industry concern, a four phase RBFA framework is proposed which is not limited to the identification of root cause(s) but also includes other actions such as failure monitoring. The four phases include the plan phase, the assessment phase, the analysis phase and the implementation-tracking phase. These phases cover identification of failure, failure analysis, root cause(s) analysis, and failure monitoring. In this paper, the applicability and advantages of the proposed approach are examined through two real case studies pertaining to bearing failure and drive coupling failure. By implementing the proposed approach, significant improvements have been experienced in the system availability in both the cases.     

Methodology for Computer-Aided Fault Tree Analysis

Fault tree analysis is a systematic, deductive and probabilistic risk assessment tool which elucidates the causal relations leading to a given undesired event. Quantitative fault tree (failure) analysis requires a fault tree and failure data of basic events. Development of a fault tree and subsequent analysis require a great deal of expertise, which may not be available all the time. Computer-aided fault tree analysis is an easy-to-use approach, which not only provides reliable results but also facilitates the validation and repeatability of the analysis. This enhances the overall results of the fault tree analysis and quantitative risk analysis.This paper presents a revised methodology for computer-aided fault tree analysis. The methodology includes fault tree development, minimal cutsets determination, cutsets optimization and probability analysis. The methodology uses advanced concepts of fault tree development and static and dynamic modularizing for complex and large fault trees. Furthermore, it enables sensitivity analysis of the system for design modification and risk-based decision making. Application of the proposed methodology to a process system is also discussed in the paper.     

信息系统安全风险评估研究综述疆

风险评估是信息系统安全保证的关键技术。笔者对国内外现有的信息安全风险评估方法与技术进行归纳和系统的评述。回顾了信息安全风险评估的理论框架与现有的评估标准;在此基础上,比较了包含FTA,FMECA,HAZOP等在内的传统风险评估技术和以CORAS为代表的现代风险评估技术;肯定了现代风险评估技术在利用统一建模语言进行半形式化表述方面的先进性以及根据信息系统生命周期的各个阶段特点选用适宜的风险评估方法的灵活性;同时指出该现代风险评估技术在动态识别、评估安全风险方面的不足;提出了一种改进和完善现代风险评估技术的方法,即利用Markov链形式化描述并分析信息系统,确保了分布式信息系统风险评估的需要。此外,针对信息安全风险的不确定性,提出了通过模糊集理论丰富现代风险评估方法的研究方向。     

An integrated off-on line approach for increasing stability and effectiveness of automated controlled systems based on pump dependability—case study: Offshore industry

Automated controlled systems are vulnerable to faults. Faults can be amplified by the closed loop control systems and they can develop into malfunction of the loop. A control loop failure will easily cause production stop or malfunction at a petrochemical plant. A way to achieve a stable and effective automated system is to enhance equipment dependability. This paper presents a standard methodology for the analysis and improvement of pump performance to enhance total operational effectiveness and stability in offshore industry based on dependability. Furthermore, it is shown how a reliability–safety analysis can be conducted through equipment dependability indicators to facilitate the mitigation of hazard frequency in a plant. The main idea is to employ principle component analysis (PCA) and importance analysis (IA) to provide insight on the pumps performance. The pumps of offshore industries are considered according to OREDA classification. The approach identifies the critical pump and their fault through which the major hazards could initiate in the process. At first PCA is used for assessing the performance of the pumps and ranking them. IA is then performed for the worst pump which could have most impact on the overall system effectiveness to classify their components based on the component criticality measures (CCM). The analysis of the classified components can ferret out the leading causes and common-cause events to pave a way toward improving pump performance through design optimization and online fault detection which ultimately enhance overall operational effectiveness.     

A risk-based approach to design warning system for processing facilities

Alarm flooding is a major safety issue in today's processing facilities. Important recommendations are available for alarm management; however, they are often violated in practice, especially in the alarm systems implemented through the distributed control system. An effective process alarm prioritization and management system is desired for a safe and effective operation of a process facility.In present work, authors address two main issues related to an alarm system – the reliability and the prioritization of the alarms. The main objective is to deal with the alarm-flooding problem in process facilities. A multi alert voting system based on sensor redundancy approach is proposed to improve the reliability. A quantitative risk-based alarm management approach is proposed to address the flooding issue. In the risk-based approach, an integrated model consisting of the probability (P), the impact (I) of the potential hazards, and the process safety time is proposed to prioritize these raised alarms.The proposed approach is further explained by a reactor system with pressure and temperature variable monitoring and controls, where the hazards associated with two alerts caused by over high pressure and over high temperature are analyzed and integrated with response time for alarms generation and prioritization.