Mitigation of operational failures via an economic framework of reliability,availability, and maintainability (RAM) during conceptual design

Abnormal process situation may lead to tremendous negative impact on sustainability, wellbeing of workers and adjacent communities, company's profit, and stability of supply chains. Failure of equipment and process subsystems are among the primary causes of abnormal situations. The conventional approach in handling failure-based abnormal situations has usually focused on operational strategies. Such an approach overlooks the critical role of process design in mitigating failure, while simultaneously considering the effects of such failure on process economic performance. The aim of this work is to introduce a systematic methodology that accounts for failure early enough during the conceptual design stages. Once a base-case design is developed, the methodology starts by identifying the sources of failure that are caused by reliability issues including equipment, operational procedures, and human errors for a given process system or subsystem. This allows for the identification of critical process subsystem(s) that are more failure-prone or cause greater downtime than other subsystems. Bayesian updating and Monte Carlo techniques are utilized to determine the appropriate distributions for the failure and repair scenario(s), respectively, in question. Markov analysis is used to determine the system availability. Next, the process revenue is described as a function of inherent availability. The effects of failures are incorporated into profitability calculations to establish an economic framework for trading off failure and profitability. In the proposed framework, the economic potential of alternative design scenarios is evaluated and an optimization formulation with the objective of maximizing incremental return on investment (IROI) is utilized to make a design decision. A case study on an ethylene plant is solved to demonstrate the applicability and value of the proposed approach.     

Integrated dynamic risk assessment of buried gas pipeline leakages in urban areas

In urban areas, buried gas pipeline leakages could potentially cause numerous casualties and massive damage. Traditional static analysis and dynamic probability-based quantitative risk assessment (QRA) methods have been widely used in various industries. However, dynamic QRA methods combined with probability and consequence are rarely used to evaluate gas pipelines buried in urban areas. Therefore, an integrated dynamic risk assessment approach was proposed. First, a failure rate calculation of buried gas pipelines was performed, where the corrosion failure rate dependent on time was calculated by integrating the subset simulation method. The relationship between failure probability and failure rate was considered, and a mechanical analysis model considering the corrosion growth model and multiple loads was used. The time-independent failure rates were calculated by the modification factor methods. Next, the overall evolution process from pipeline failures to accidents was proposed, with the accident rates subsequently updated. Then, the consequences of buried gas pipeline accidents corresponding to the accident types in the evolution process were modeled and analyzed. Finally, based on the above research, dynamic calculation and assessment methods for evaluating individual and social risks were established, and an overall application example was provided to demonstrate the capacity of the proposed approach. A reliable and practical theoretical basis and supporting information are provided for the integrity and emergency management of buried gas pipelines in urban areas, considering actual operational conditions.     

Safety study of an LNG regasification plant using an FMECA and HAZOP integrated methodology

A safety analysis was performed to determine possible accidental events in the storage system used in the liquefied natural gas regasification plant using the integrated application of failure modes, effects and criticality analysis (FMECA) and hazard and operability analysis (HAZOP) methodologies. The goal of the FMECA technique is the estimation of component failure modes and their major effects, whereas HAZOP is a structured and systematic technique that provides an identification of the hazards and the operability problems using logical sequences of cause-deviation-consequence of process parameters. The proposed FMECA and HAZOP integrated analysis (FHIA) has been designed as a tool for the development of specific criteria for reliability and risk data organisation and to gain more recommendations than those typically provided by the application of a single methodology. This approach has been applied to the risk analysis of the LNG storage systems under construction in Porto Empedocle, Italy. The results showed that FHIA is a useful technique to better and more consistently identify the potential sources of human errors, causal factors in faults, multiple or common cause failures and correlation of cause-consequence of hazards during the various steps of the process.     

Design of Intelligent Fault Diagnostic System (FDS)

This research work presents useful framework and mechanism for integrated fault diagnostic system, or FDS. The proposed system is composed of three major subsystems: fault detection, root cause and consequence analyzer, and maintenance analyzer. Learning mechanisms are proposed to extract knowledge about deviations/failure modes from real time process and equipment monitoring data. Fault semantic network is proposed to represent failure modes and fault propagation models as integrated with process and equipment models. Qualitative rules are defined and associated with fault semantic networks for practical Actual maintenance findings are used to tune training data for more accurate fault detection and root cause and consequence analysis. Case study is used to illustrate the proposed idea.     

基于马尔可夫方法的水下防喷器可靠性研究

水下防喷器是保障海上钻井安全的关键设备,对其可靠性进行定量评价对井控作业有重要的指导意义.为了弥补现有水下防喷器可靠性评价方法的不足,将水下防喷器的工作状态分为四种,包括无故障可用、关井、井控关键失效及关井时失效.利用Markov方法建立了水下防喷器的Markov模型.通过水下防喷器系统的状态转换图找出了各工作状态的转换关系.通过分析墨西哥湾83口深水井水下防喷器的失效数据,定义了影响水下防喷器可靠性的井控关键失效,并对深水钻井水下防喷器防喷功能的可靠性进行了定量计算.将计算结果与不考虑关井期间的井控关键失效相比较发现,防喷器的防喷失效概率增加了65％.因此传统的定量评价方法可能会得出相对乐观的结论,应在实际生产中给予重视.     

基于多故障冲击模型和故障树的PFDavg计算方法研究*

为提高安全仪表功能（SIF）要求时危险失效平均概率（PFDavg）计算结果的精确度,提出1种能准确计算SIF在多重共因失效影响下的PFDavg的数学模型。建立包含多重共因失效的系统失效故障树,然后利用多故障冲击模型区分普通失效率和多重共因失效率,根据瞬时不可用率的定义和故障树的逻辑关系计算出SIF的瞬时不可用率;基于PFDavg的定义,计算出SIF的PFDavg,以某化工企业SIF为例进行验证。结果表明:方法有效考虑了多重共因失效对SIF的影响,通过模型计算出SIF的PFDavg大于基于马尔可夫（Markov）方法的软件计算结果,但二者处于相同的数量级。模型在评估SIF的PFDavg时比传统方法偏保守,能提高安全仪表功能的安全性。     

Development of a risk-based maintenance (RBM) strategy for a power-generating plant

The unexpected failures, the down time associated with such failures, the loss of production and, the higher maintenance costs are major problems in any process plant. Risk-based maintenance (RBM) approach helps in designing an alternative strategy to minimize the risk resulting from breakdowns or failures. Adapting a risk-based maintenance strategy is essential in developing cost-effective maintenance policies.The RBM methodology is comprised of four modules: identification of the scope, risk assessment, risk evaluation, and maintenance planning. Using this methodology, one is able to estimate risk caused by the unexpected failure as a function of the probability and the consequence of failure. Critical equipment can be identified based on the level of risk and a pre-selected acceptable level of risk. Maintenance of equipment is prioritized based on the risk, which helps in reducing the overall risk of the plant.The case study of a power-generating unit in the Holyrood thermal power generation plant is used to illustrate the methodology. Results indicate that the methodology is successful in identifying the critical equipment and in reducing the risk of resulting from the failure of the equipment. Risk reduction is achieved through the adoption of a maintenance plan which not only increases the reliability of the equipment but also reduces the cost of maintenance including the cost of failure.     

Dynamic Bayesian network modeling of reliability of subsea blowout preventer stack in presence of common cause failures

A subsea blowout preventer (BOP) stack is used to seal, control and monitor oil and gas wells. It can be regarded as a series–parallel system consisting of several subsystems. This paper develops the dynamic Bayesian network (DBN) of a parallel system with n components, taking account of common cause failures and imperfect coverage. Multiple error shock model is used to model common cause failures. Based on the proposed generic model, DBNs of the two commonly used stack types, namely the conventional BOP and modern BOP are developed. In order to evaluate the effects of the failure rates and coverage factor on the reliability and availability of the stacks, sensitivity analysis is performed.     

Application of human factors evaluation in engineering design and safe operation of dense phase ethylene treaters

Ethylene treaters are widely used in the petrochemical industry to remove impurities from ethylene feedstock imported from pipeline networks or storage caverns. The safety concerns of dense phase ethylene treaters due to the reactive and highly flammable nature of ethylene are well known and studied. Under certain conditions, ethylene may self-polymerize and decompose violently with heat release. Under other conditions, ethylene will auto-refrigerate, generating cold liquids that may cause potential brittle fracture hazards. Therefore, dense phase ethylene treaters present design challenges with the unique combination of high temperature decomposition and cold temperature brittle fracture hazards.Due to these safety concerns, it is important to select the appropriate engineering design options for dense phase ethylene treaters and the associated regeneration facilities. Totally automated treater regeneration systems add complexity and instrument maintenance requirements while manually operated systems rely heavily on operator training and procedures. Unfortunately, little or no information or design guidance is available from published research findings in the literature on the evaluation and risk assessment of current industrial design options and practices for dense phase ethylene treaters.This paper presents a systematic risk assessment method to evaluate the engineering design and safe operation options for dense phase ethylene treaters. The proposed risk assessment method integrates human factors task analysis into the traditional HAZOP, LOPA and fault tree analysis to allow evaluation of automated, manual and hybrid approaches with a goal of selecting and optimizing design options to ensure plant safety. This approach provides a realistic assessment of the operational risk and allows identification of fit-for-purpose risk reduction. Applying this systematic risk assessment approach, a simpler and more cost effective design solution can be justified, thereby avoiding the need for a high integrity protective system.     

Common cause failures in safety instrumented systems on oil and gas installations: Implementing defense measures through function testing

This paper presents a common cause failure (CCF) defense approach for safety instrumented systems (SIS) in the oil and gas industry. The SIS normally operates in the low demand mode, which means that regular testing and inspection are required to reveal SIS failures. The CCF defense approach comprises checklists and analytical tools which may be integrated with current approaches for function testing, inspection and follow-up. The paper focuses on how defense measures may be implemented to increase awareness of CCFs, to improve the ability to detect CCFs, and to avoid introducing new CCFs. The CCF defense approach may also be applicable for other industry sectors.     

Reliability analysis of subsea blowout preventer control systems subjected to multiple error shocks

Two configurations of subsea blowout preventer (BOP) distributed control systems, which are triple modular redundancy (TMR) control system and double dual modular redundancy (DDMR) control system, are presented. With respect to common-cause failures, the performances of the two systems are evaluated by using Markov method with multiple error shock model. Due to the complexity, each system is split into three independent modules, and the corresponding Markov models are proposed subsequently. The probability of failure on demand, availability and reliability of the systems are evaluated by merging the independent Markov modules by Kronecker product approach. The results indicate that a same safety integrity level of SIL3 can be attained for the two configurations, which satisfies the requirement of subsea BOP control system, even though both of them have some advantages and shortcomings. In addition, for TMR control system, the effects of multiplicity distribution of multiple error shock and mean time to repair on reliability performances are studied.     

成套装置动态风险管理专家系统

传统的设备管理模式造成设备非计划停机次数较多、故障频繁、可靠性和可用性不高等问题。为了解决上述问题,开发了成套装置动态风险管理专家系统,该系统包括动态风险监控、数据存储、失效模式及损伤机理判别、动态风险评估、风险辅助分析5个流程。该系统通过GIS平台进行展示,使用户可以直观、方便地查找、定位管线和容器位置,实现了高风险设备的风险展示、管道剩余寿命不足报警功能和管道冲蚀图例展示。将该专家系统进行了工程应用,得到容器和管道的潜在损伤机及其风险等级,针对不同风险等级的设备,生成了不同的检维修策略,为工程应用带来了很大的方便。     

Incident tree model and incident tree analysis method for quantified risk assessment: An in-depth accident study in traffic operation

Fault tree analysis (FTA) is a logically structured process that can help identify potential causes of system failure before the failures actually occur. However, FTA often suffers from a lack of enough probabilistic basic events to check the consistency of the logic relationship among all events through linkage with gates. Sometimes, even logic relationship among all events is difficult to determine, and failures in system operation may have been experienced rarely or not at all. In order to address the limitations, this paper proposes a novel incident tree methodology that characterizes the information flow in a system instead of logical relationship, and the amount of information of a fuzzy incident instead of probability of an event. From probability statistics to fuzzy information quantities of basic incidents and accident, we propose an incident tree model and incident tree analysis (ITA) method for identification of uncertain, random, complex, possible and variable characteristic of accident occurrence in quantified risk assessment. In our research, a much detailed example for demonstrating how to create an incident tree model has been conducted by an in-depth analysis of traffic accident causation. The case study of vehicle-leaving-roadway accident with ITA illustrates that the proposed methodology may not only capture the essential information transformations of accident that occur in system operation, but also determine the various combinations of hardware faults, software failures and human errors that could result in the occurrence of specified undesired incident at the system level even accident.     

A novel tool for Bayesian reliability analysis using AHP as a framework for prior elicitation

Quantitative risk assessment (QRA) is a powerful and popular technique to support risk-based decisions. Unfortunately, QRAs are often hampered by significant uncertainty in the frequency of failure estimation for physical assets. This uncertainty is largely due to lack of quality failure data in published sources. The failure data may be limited, incompatible and/or outdated. Consequently, there is a need for robust methods and tools that can incorporate all available information to facilitate reliability analysis of critical assets such as pipelines, pressure vessels, rotating equipment, etc. This paper presents a novel practical approach that can be used to help overcome data scarcity issues in reliability analysis. A Bayesian framework is implemented to cohesively integrate objective data with expert opinion with the aim toward deriving time to failure distributions for physical assets. The Analytic Hierarchy Process is utilized to aggregate time to failure estimates from multiple experts to minimize biases and address inconsistencies in their estimates. These estimates are summarized in the form of informative priors that are implemented in a Bayesian update procedure for the Weibull distribution. The flexibility of the proposed methodology allows for efficiently dealing with data limitations. Application of the proposed approach is illustrated using a case study.     

Human and organisational factors in the operational phase of safety instrumented systems: A new approach

The international standards IEC 61508 and IEC 61511, which provide a general framework for the design and implementation of safety instrumented systems, require quantification of the achieved risk reduction, expressed as a safety integrity level (SIL). Human and organisational factors affect the performance of safety instrumented systems during operation and may threaten the achieved SIL, but this is usually not explicitly accounted for. This article presents a new approach to address human and organisational factors in the operational phase of safety instrumented systems. This approach gives a prediction of the operational SIL and can also be used to improve safety. It shows which human and organisational factors are most in need of improvement and it provides guidance for preventive or corrective action. Finally, the approach can be used as part of a SIL monitoring strategy in order to maintain the achieved SIL at the required level during the operational phase.     

高速铁路信号系统的安全管理评价研究

高速铁路信号系统要通过安全管理来保障其开发与运行中的安全相关活动符合系统安全计划的要求。为了评估安全管理活动的可信性,提出基于系统安全分析技术的安全管理评价方法。通过建立安全管理流程与系统安全功能相关联的概念模型,使用安全文化危险与可操作性研究(SCHAZOP)辨识出安全管理流程中的行为偏差,基于失效传导转换符号(FPTN)建立管理角色的安全文化失效模型,最终将管理行为失效模式转换成组件故障树作为安全管理评价证据。研究结果表明,安全管理行为偏差体现了信号系统开发与运营过程中的安全文化特征;辨识与分析安全文化失效,为信号系统安全管理活动的可信性提供了评价依据。     

A systemic methodology for risk management in healthcare sector

The recent biomedical, technological, and normative changes have led healthcare organizations to the implementation of clinical governance as a way to ensure the best quality of care in an increasingly complex environment. Risk management is one of the most relevant aspects of clinical governance and approaches put forward in literature highlight the necessity to perform comprehensive analyses intended to uncover root causes of adverse events.Contributing to this field, the present paper applies Reason’s theory of failures to work out a systemic methodology to study risks impacting not only directly but also indirectly on patients. Also, the steps of such approach are organized around Human Reliability Assessment phases, in order to take into account the human component of healthcare systems. This framework is able to foster effective decision making about reducing failures and waste and to improve healthcare organizations’ maturity towards risk management.The developed methodology is applied to the pharmacy department of a large Italian hospital. An extensive validation in different healthcare settings is required to fully prove benefits and limitations.     

Performance evaluation of process industries resilience: Risk-based with a network approach

Risk management can be defined as coordinated activities to conduct and control an organization with consideration of risk. Recently, risk management strategies have been developed to change the approach to hazards and risks. Resilience as a safety management theory considers the technical and social aspects of systems simultaneously. Resilience in process industries, as a socio-technical system, has four aspects of early detection, error-tolerant design, flexibility, and recoverability. Meanwhile, process industries' resilience has three phases: avoidance, survival, and recovery, determining the transition between normal state, process upset event, and catastrophic event. There may be various technical and social failures such as regulatory and human or organizational items that can lead to upset or catastrophic events. In the avoidance phase, the upset event is predicted, and thus, the system remains in a normal state. For the survival phase, the system state is assumed to be an upset process event, and the system tries to survive through the unhealthy process conditions or remains in the same state, probably with low performance. In the recovery phase, the system is supposed to be catastrophic, and the emergency barriers are prioritized to show the severity of the consequences and response time, leading to a resumption of a normal state. Therefore, a resilience-based network can be designed for process industries to show its inherent dynamic transition in nature. In this study, network data envelopment analysis (DEA), as a mathematical model, is used to evaluate the relative efficiency of the process industries regarding a network transition approach based on the system's internal structure. First, a resilience-based network is designed to consist of three states of normal, upset, and catastrophic events. Then, the efficiency of each industrial department, which is defined as decision-making units (DMUs), is evaluated using network DEA. As a case study, a refinery that is considered a critical process industry is assessed. Using the proposed model shows the efficient and inefficient DMUs in each of three states of normal, upset, and catastrophic events of the process and the projection onto efficient frontiers. Besides calculating the network efficiency, the performance of each state is extracted to precisely differentiate between DMUs. The results of this study, which is one of the fewest cases in the area of performance evaluation of process industries with a network approach, indicated a robust viewpoint for monitoring and assessment of risks.     

Cost–benefit analysis approach for the management of industrial safety in chemical and petrochemical industry

The high complexity of chemical and petrochemical installations determines a complex safety management of these establishments, therefore, there is a need to find innovative solutions to guarantee the prevention of failures and losses of containment from process equipment. In this frame, the use of the API Risk Based Inspection (RBI) assessment approach permits a significant reduction of maintenance costs and, simultaneously, the increase of plant's reliability and availability. To increase the level of industrial safety, a proper selection of measures is also needed, even if the adoption of such measures poses costs. Given that resources for the companies are usually limited, a comparison amongst various solutions has to be done with the aim to find the best one, based on a comparison of costs and benefit. To this scope, recently a software, named Inspection Manager, has been developed by ANTEA and implemented thanks to a cooperation with the University of Padova (Italy). The Inspection Manager provides support in the application of the RBI approach by means of the use of plant-specific data, which are stored in its database; its further implementation, presented in this paper, has made it able to support also cost-benefit analysis and, thus, the selection of measures to be adopted to prevent accidental events causing the release of hazardous materials. A case-study is presented to test the new functionality of the tool; after the identification of the most effective measures, a careful cost-benefit assessment has been executed as a basis for decision-making.     

Reliability analysis of subsea blowout preventers with condition-based maintenance using stochastic Petri nets

Blowout Preventer (BOP) has maintained its function as a safety barrier and the last line of defence against oil and gas spills since its development in the early 1900s. However, as drilling and exploration activities move further offshore, challenges pertaining to reliable operation of the subsea BOP systems continue to be a source of concern for stakeholders in the industry. In spite of recent advancements in reliability analysis of safety instrumented systems (SISs), the research on reliability assessment of BOP is still lacking in some regards. There are gaps in the literature with respect to the incorporation of preventive maintenance (PM) strategies as well as dynamic operating conditions into BOP reliability analysis. To address these gaps, this paper develops an advanced analysis method using stochastic Petri nets (SPN) to estimate the reliability of subsea BOP systems subject to condition-based maintenance (CBM) with different failure modes. The BOP system is divided into five subsystems which are connected in series with each other and categorised into degrading and binary units. The performance of the BOP system in terms of availability, reliability and mean-time-between failures (MTBF) is obtained and analysed. A sensitivity analysis is also performed to evaluate the effect of fault coverage factor and redundancy design on system performance. The results show that both the fault coverage factor and redundancy have significant impact on the BOP's reliability, availability and MTBF.