Performance evaluation of process industries resilience: Risk-based with a network approach

Risk management can be defined as coordinated activities to conduct and control an organization with consideration of risk. Recently, risk management strategies have been developed to change the approach to hazards and risks. Resilience as a safety management theory considers the technical and social aspects of systems simultaneously. Resilience in process industries, as a socio-technical system, has four aspects of early detection, error-tolerant design, flexibility, and recoverability. Meanwhile, process industries' resilience has three phases: avoidance, survival, and recovery, determining the transition between normal state, process upset event, and catastrophic event. There may be various technical and social failures such as regulatory and human or organizational items that can lead to upset or catastrophic events. In the avoidance phase, the upset event is predicted, and thus, the system remains in a normal state. For the survival phase, the system state is assumed to be an upset process event, and the system tries to survive through the unhealthy process conditions or remains in the same state, probably with low performance. In the recovery phase, the system is supposed to be catastrophic, and the emergency barriers are prioritized to show the severity of the consequences and response time, leading to a resumption of a normal state. Therefore, a resilience-based network can be designed for process industries to show its inherent dynamic transition in nature. In this study, network data envelopment analysis (DEA), as a mathematical model, is used to evaluate the relative efficiency of the process industries regarding a network transition approach based on the system's internal structure. First, a resilience-based network is designed to consist of three states of normal, upset, and catastrophic events. Then, the efficiency of each industrial department, which is defined as decision-making units (DMUs), is evaluated using network DEA. As a case study, a refinery that is considered a critical process industry is assessed. Using the proposed model shows the efficient and inefficient DMUs in each of three states of normal, upset, and catastrophic events of the process and the projection onto efficient frontiers. Besides calculating the network efficiency, the performance of each state is extracted to precisely differentiate between DMUs. The results of this study, which is one of the fewest cases in the area of performance evaluation of process industries with a network approach, indicated a robust viewpoint for monitoring and assessment of risks.     

Dynamic accident modeling for high-sulfur natural gas gathering station

Dynamic accident modeling for a gas gathering station is implemented to prevent high-sulfur natural gas leakage and develop equipment inspection strategy. The progress of abnormal event occurring in the gas gathering station is modeled by the combination of fault tree and event sequence diagram, based on accident causal chain theory, i.e. the progress is depicted as sequential failure of safety barriers, then, the occurrence probability of the consequence of abnormal event is predicted. Consequences of abnormal events are divided into accidents and accident precursors which include incidents, near misses and so on. The Bayesian theory updates failure probability of safety barrier when a new observation (i.e. accident precursors or accidents data) arrives. Bayesian network then correspondingly updates failure probabilities of basic events of the safety barriers with the ability of abductive reasoning. Consequence occurrence probability is also updated. The results show that occurrence probability trend of different consequences and failure probability trend of safety barriers and basic events of the safety barriers can be obtained using this method. In addition, the critical basic events which play an important role in accidents occurrence are also identified. All of these provide useful information for the maintenance and inspection of the gas gathering station.     

Dynamic risk assessment using failure assessment and Bayesian theory

To ensure the safety of a process system, engineers use different methods to identify the potential hazards that may cause severe consequences. One of the most popular methods used is quantitative risk assessment (QRA) which quantifies the risk associated with a particular process activity. One of QRA's major disadvantages is its inability to update risk during the life of a process. As the process operates, abnormal events will result in incidents and near misses. These events are often called accident precursors. A conventional QRA process is unable to use the accident precursor information to revise the risk profile. To overcome this, a methodology has been proposed based on the work of Meel and Seider (2006). Similar to Meel and Seider (2006) work, this methodology uses Bayesian theory to update the likelihood of the event occurrence and also failure probability of the safety system. In this paper the proposed methodology is outlined and its application is demonstrated using a simple case study. First, potential accident scenarios are identified and represented in terms of an event tree, next, using the event tree and available failure data end-state probabilities are estimated. Subsequently, using the available accident precursor data, safety system failure likelihood and event tree end-state probabilities are revised. The methodology has been simulated using deterministic (point value) as well as probabilistic approach. This Methodology is applied to a case study demonstrating a storage tank containing highly hazardous chemicals. The comparison between conventional QRA and the results from dynamic failure assessment approach shows the significant deviation in system failure frequency throughout the life time of the process unit.     

Generic event trees and probabilities for the release of different types of hazardous materials

To simplify quantitative risk analysis, the initiating events leading to loss of containment are normally described using generic hypotheses. For example, the following hypothesis is applied to the loss of containment from a storage tank: instantaneous release of the complete inventory, continuous release of the complete inventory in 10 min, and continuous release from a hole with a diameter of 10 mm. Once the initiating events have been specified, the corresponding event trees must be drawn to establish the sequences from each initiating event to the diverse final outcomes or accident scenarios, which will depend on the properties of the released material or on other specific factors. In this paper we propose, in a systematic way, a set of short generic event trees for the main loss of containment scenarios involving different types of hazardous materials. Even though most of them have been taken from the literature (BEVI Reference Manual), we have modified some of them, added the corresponding intermediate probabilities (immediate ignition, delayed ignition, flame front acceleration, etc.) obtained from a literature review and expert judgment, and associated the use of each event tree to the hazardous properties of the material (flammability, volatility and toxicity) and to its category according to EC labeling directives.     

Predicting the frequency of accidents in port areas by developing event trees from historical analysis

The historical analysis of 828 accidents in port areas, which have been selected from a database, has been used to identify the sequences of the accidents. Processing these data has allowed the event trees and the probability of the various accident scenarios to be determined. By using these event trees and figures detailing the frequency of the events that initiated the accidents, as taken from various authors, the frequency of the accidents has been determined.     

Subjective theories of organizing and learning from events

The present paper outlines potential shortcomings of analyzing events in high hazard systems. We argue that the efficiency of organizational learning within high hazard systems is at least partially undermined by the subjective theories of organizing held by their members. These subjective theories basically reflect an “engineering” understanding of “how a system and its components perform”, and are assumed to involve (social-) psychological blind spots when applied to the analysis of events. More specifically, we argue that they neglect individual motives and goals that critically drive work performance and social interactions in high hazard systems. First, we focus on the process of identifying the causes of failed organizing within the course of an event analysis. Our analysis reveals a mismatch between the basic functional assumptions of the event analyst on the motives of social actors involved in an event and on the other hand, the perspective held by the social actors themselves. Second, we discuss the process of correcting failed social system performance after events. Thereby we draw on blind spots that emerge from the direct application of technical safety principles (i.e., standardization and redundancy) to the organization of social systems. Finally, we propose some future research strategies for developing event analysis methods which are aimed at improving an organization’s learning potential.     

辅助驾驶中的换道决策安全研究

换道是驾驶员达到快速通行目标的一种常用手段,但换道会带来很多公路交通事故。为有效避免交通事故,需给驾驶员提供换道安全预警。构建了安全换道决策模型,将换道决策分为换道意图识别和换道条件判断分别建立模型以提高预测精确度。通过神经网络方法SOM(Self-Organization-Map)聚类及BP(Back Propagation)建立换道意图识别模型,基于贝叶斯理论建立最小风险贝叶斯换道条件判别模型。模型开发和测试采用车辆轨迹数据集(NGSIM),提取数据中的换道行为特征参数作为模型的输入,将驾驶员换道决策预测视为输入变量的函数。通过对比最小贝叶斯和最小风险贝叶斯方法发现,由后者构建的换道条件判别模型效果较好,对于不换道行为的预测精度为90.4%,换道行为的预测精度为73.8%。鉴于错误的换道决策可能导致交通事故,而错误的不换道决策只会导致失去一次换道的机会,在换道辅助系统中,不换道决策的精确度要求需高于换道决策的精度。最后,在微观交通仿真系统中加入换道决策模型,其结果验证换道决策安全。最小风险贝叶斯换道条件判别模型的引入,使得换道决策系统能够通过修正风险系数,进一步提高换道判别精度,减少不安全的换道概率。     

海南省环境质量与经济发展DEA有效性评价

以海南省环境质量作为研究对象,结合海南经济发展的现状构建评价指标体系,运用DEA模型对海南省环境质量与经济发展有效性进行评价。结果表明,DEA的有效性与地区经济的发展水平紧密相关,DEA有效性与经济发展好坏基本一致;部分区域的环境污染物排放集中与转移,实现了经济与环境发展协调的DEA有效。在此基础上,对DEA无效的背后因素做了进一步分析,提出提升资源利用效率和优化经济结构才是实现环境质量与经济协调发展的根本途径。     

Rare event risk analysis – application to iceberg collision

To design an engineering system, testing in extreme conditions is at least recommended if not required. There are ambiguities about how to define an extreme state and how to consider it in the design of a system or its operation. The probability estimation of such an event is challenging due to data scarcity, especially in many engineering domains, e.g. offshore development. In this study, available techniques for analyzing the probability of extreme events are examined for their suitability in engineering applications, and a framework is proposed for rare event risk analysis. The framework is comprised of three phases. In the first phase, the outlier based extreme value theory is implemented to estimate the rare event probability. The maximum likelihood criterion is used to estimate the extreme distribution parameters. In the second phase, the rare event is considered as a heavy tail event, and the tail index is estimated through the Hill and the SmooHill estimator. In the third phase, The uncertainty analysis is conducted, and the risk is computed. The proposed methodology is tested for extreme iceberg risk assessment on large offshore structures in the Flemish Pass basin. For this specific case, the estimated design extreme iceberg speed was 4.31 km/h, with an occurrence probability of 3.61E-06.     

油气管道位移光纤安全监测技术定位理论及预警信号特征研究

管道安全分布式光纤监测系统利用分布式光纤振动传感器两端检测信号的时间差确定管道沿线所发生事件位置,时间差的精度决定对异常事件事发点的定位精度;系统拥有较高的灵敏度,可对1.5 km内敲击、落石、滚石及人工挖掘等威胁管道安全的事件进行报警;事件的定位有一定的误差,对抢修有一定的指导意义。     

Markov reliability model research of monitoring process in digital main control room of nuclear power plant

Monitoring process is an important part in a high safety digital main control room of nuclear power plant (NPP), it is the source extracted information and found abnormal information in time. As the human factors events arisen from monitoring process recently take place more and more frequent, the authors propose a reliability Markov model to effectively decrease these abnormal events. The model mainly analyzes next monitoring object probability in terms of current information and plant state. The authors divide digital human–machine interface into two parts that are referred as logical homogeneous Markov and logical heterogeneous Markov. For the former, a series of methods of probability evaluation are proposed, such as, Markov transition probability with condition, probability distributed function with human factors, system state and alarm; for the latter, the authors propose the calculation of probability of correlation degree between last time and next time and probability calculation methods with multi-father nodes. The methods can effectively estimate the transition probability from a monitoring component to next monitoring component at time t, can effectively analyze which information is more important in next monitoring process and effectively find more useful information in time t + 1, so that the human factors events in monitoring process can greatly be decreased.     

基于事故树的空中交通管制员情景意识分析

为更系统地研究管制员的情景意识,找出导致管制员情景意识丧失的主要因素,运用事故树分析法、采用自上而下的方式对管制员情景意识丧失的原因进行逐层分析,建立管制员情景意识丧失事故树模型。通过进一步计算事故树的最小割集和各基本事件的结构重要度,计算各基本事件的结构重要度系数,对比得出情景意识丧失的各个基本事件的重要程度及各事件之间的关系。结果表明,造成情景意识丧失事故的主要原因是轮班制度不合理、睡眠效率低及对特情不熟悉、飞行冲突预判能力弱。     

基于有界数据包络分析(DEA)模型的应急避难场所效率评价

应用数据包络分析(DEA)方法,针对应急避难场所规划建设和运营维护两种情况,分别建立以建设成本和运营成本为输入指标,以服务性、可达性、安全性为输出指标的效率评价指标体系,并选择有界DEA模型,分层次对应急避难场所的投入产出效率进行评价。实证案例表明,临时和中长期避难场所比短期避难场所更容易获得较高的DEA效率;位于区域内部、交通便利的应急避难场所DEA效率较高;提高应急避难场所的综合利用水平,更有利于提高其DEA效率。     

Experts,Bayesian Belief Networks,rare events and aviation risk estimates

Bayesian Belief Networks (BBN) are conceptually sensible models for aviation risk assessment. The aim here is to examine the ability of BBN-based techniques to make accurate aviation risk predictions. BBNs consist of a framework of causal factors linked by conditional probabilities. BBN conditional probabilities are elicited from aviation experts. The issue is that experts are not being asked about their expertise but about others’ failure rates. A simple model of expertise, which incorporates the main features proposed by researchers, implies that a best-expert’s estimates of failure rates are based on accessible quantitative data on accidents, incidents, etc. Best-expert estimates will use the best available and accessible data. Depending on the frequency of occurrence, this will be data on similar events, on similar types of event, or general mental rules about event frequencies. These considerations, plus the need to be cautious about statistical fluctuations, limit the accuracy of conditional probability estimates. The BBN framework assumes what is known as the Causal Markov Condition. In the present context, this assumes that there are no hidden common causes for sequences of failure events. Examples are given from safety regulation comparisons and serious accident investigations to indicate that common causes may be frequent occurrences in aviation. This is because some States/airlines have safety cultures that do not meet ‘best practice’. BBN accuracy might be improved by using data from controlled experiments. Aviation risk assessment is now very difficult, so further work on resilience engineering could be a better way of achieving safety improvements.     

“The gift of failure: New approaches to analyzing and learning from events and near-misses.” Honoring the contributions of Bernhard Wilpert

This special issue presents papers from a workshop conducted by New Technologies and Work (NeTWork) to honor the memory of Bernhard Wilpert, the founder and organiser of NeTWork. The papers reflect the theme that undesirable incidents and events, serious and disturbing as they may be, are a “gift of failure.” In short, events offer an opportunity to learn about safe and unsafe operations, generate productive conversations across engaged stakeholders, and bring about beneficial changes to technology, organization, and mental models (understanding). Papers in the special issue are organised around three topics: the process of event analysis, the relationship between event analysis and organisational learning, and learning at multiple system levels. In this introduction we describe the workshop, summarize the contributions of Bernhard Wilpert, suggest three themes that emerged from the workshop, and offer our thoughts about the future of event analysis and learning from events.     

危险辨识方法的研究

介绍了一种新的危险辨识方法 ,应用该方法可以系统地发现潜在的事故序列、事故的起始事件以及相应控制系统的薄弱环节 ,为进一步的风险分析奠定基础     

复杂工业系统中人因失误根本原因分析

在现代大规模复杂人 -机 -环境系统中 ,人因失误诱发的故障或事件呈上升趋势。人因事件的根本原因分析 ,对于防范复杂系统中事故的发生是非常必要的。人因事件根本原因的分析包括 :需要分析的人因事件的确定 ;对事实进行调查 ,分析调查结果 ;确定根本原因 ;制定纠正措施 ;完成最终报告。人因事件的分析最终需要找出失效屏障并提出修补的方法 ,笔者采用事件与原因因子分析技术来进行分析。在分析过程中 ,需要绘出事件和原因因子图 (E&CF图 ) ,而E&CF图可以显示出从开始到结束全过程中事件发生的正确次序 ,通常包括失效屏障 ,预先存在的条件、次级事件、不恰当的动作和形成事件的原因因子。形成人因事件的原因因子在复杂工业系统中 ,可以分成 12个部分。笔者给出了核电厂蒸汽发生器 (SG)主给水阀门泄漏的人因事件的分析实例 ,确认了该实例中失效的屏障和事件的根本原因并提出了纠正措施。     

Assessing drivers' response during automated driver support system failures with non-driving tasks

IntroductionWith the increase in automated driver support systems, drivers are shifting from operating their vehicles to supervising their automation. As a result, it is important to understand how drivers interact with these automated systems and evaluate their effect on driver responses to safety critical events. This study aimed to identify how drivers responded when experiencing a safety critical event in automated vehicles while also engaged in non-driving tasks.MethodIn total 48 participants were included in this driving simulator study with two levels of automated driving: (a) driving with no automation and (b) driving with adaptive cruise control (ACC) and lane keeping (LK) systems engaged; and also two levels of a non-driving task (a) watching a movie or (b) no non-driving task. In addition to driving performance measures, non-driving task performance and the mean glance duration for the non-driving task were compared between the two levels of automated driving.ResultsDrivers using the automated systems responded worse than those manually driving in terms of reaction time, lane departure duration, and maximum steering wheel angle to an induced lane departure event. These results also found that non-driving tasks further impaired driver responses to a safety critical event in the automated system condition.ConclusionIn the automated driving condition, driver responses to the safety critical events were slower, especially when engaged in a non-driving task.Practical applicationTraditional driver performance variables may not necessarily effectively and accurately evaluate driver responses to events when supervising autonomous vehicle systems. Thus, it is important to develop and use appropriate variables to quantify drivers' performance under these conditions.     

Identification, analysis and dissemination of information on near misses: A case study in the construction industry

Near misses are well-known for providing a major source of useful information for safety management. They are more frequent events than accidents and their causes may potentially result in an accident under slightly different circumstances. Despite the importance of this type of feedback, there is little knowledge on the characteristics of near misses, and on the use of this information in safety management. This article proposes guidelines for identifying, analyzing and disseminating information on near misses in construction sites. In particular, it is proposed that near misses be analyzed based on four categories: (a) whether or not it was possible to track down the event; (b) the nature of each event, in terms of its physical features (e.g. falling objects); (c) whether they provided positive or negative feedback for the safety management system; and (d) risk, based on the probability and severity associated with each event. The guidelines were devised and tested while a safety management system was being developed in a healthcare building project. The monitoring of near misses was part of a safety performance measurement system. Among the main results, a dramatic increase in both the number and quality of reports stands out after the workforce was systematically encouraged to report. While in the first 4 months of the study – when the workforce was not encouraged to report – there were just 12 reports, during the subsequent 4 months – when the workforce was so encouraged – there were 110 reports, all of them being analyzed based on the four analytical categories proposed.