1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the...

1Final Conference, 19th – 23rd January 2015Geneva, Switzerland

RP 1

Design models for the management of accelerator components and infrastructure development for

RAMS

Douzi Imran KhanSeppo VirtanenTUT, Tampere, Finland.

Project: 09/11 – 09/14

Douzi Imran Khan


Background Information

• Name: Douzi Imran Khan• Country: India• B. Tech: Industrial & Production Engineering (2007)• M. Tech: Reliability Engineering(2009), IIT Bombay, India.• EMBA from International Institute for Business Management

(IIBM).• Current Designation: Researcher and PhD student, TUT,

Finland.

Supervisor: Prof. Seppo Virtanen

Organization: Tampere University of Technology (TUT), Tampere Finland.

Douzi Imran Khan


Contents

Motivation.

Research Goals vs. Results

Collaboration and Interaction

Summary.

Douzi Imran Khan


Contents

• Motivation.

• Research Goals vs. Results

• Collaboration and Interaction

• Summary

Douzi Imran Khan


System Dependability

Reliability

Maintainability

Availability

Safety

Douzi Imran Khan


Upside Risk Potential.

Availability and Safety

RISK affecting safety and availability of a facility.

Availability Safety

Risk Reduction

Risk Control

System Reliability

Risk taking

Risk

taki

ng impac

t

Douzi Imran Khan


System functional analysis and RAMS

Requirements

Component level RAMS analysis

System analysis, RAMS specifications and

allocation.Structure Categorization

Structure RAMS Analysis and Performance

Allocation for optimal Technical solution.

Structure RAMS Analysis: Consolidation and

justification of the RAMS performances and system-

structure architecture

Component (C)

System RAMS Results: Reports. Risk Management.

Justification of the System RAMS Performances &

Requirements

STRUCTURE (S)

SYSTEM S)

BOTTOM UP

PROCESS

TOP DOWN

PROCESS

Structure level (RAMS) Requirements

Component level (RAMS) Requirements

System RAMS Analysis: System level consolidation.

Risk Analysis.

FUNCTIONAL ANALYSIS (F)

RAMS SE process during system design and development.

Douzi Imran Khan


Contents

• Motivation.



• Summary

Douzi Imran Khan


Goals of the Research.

• Research and development framework for integrating efficiently RAMS in the lifecycle of an accelerator system.

• Concept for modeling FSSC causal relations and their interconnections to the facility (RAMS) performance.

• Method for the Specification and allocation of systems RAMS requirements.

• Method for the Application of RAMS design review to Probabilistic Risk Assessment (PRA) in a large scale facility.

• RAMS analysis and management using FME(C)A, Cause-Consequence logic tree (Combination of FTA and ETA), Safety and Availability analysis.

• To provide the methods for computer supported modeling and analysis of failure logic of a complex system for its RAMS characteristics.

Douzi Imran Khan


Risk Analysis and Management (PRA).

Recognizing the problem. Modeling the event chains, that leads to the

identified problem. Estimating the event probabilities. Modeling the consequences followed by the

identified problem. Estimating the consequences severities. Analytical Risk calculation and Risk simulation. Risk estimation and control plans. Action planning and execution.

Douzi Imran Khan


RAMS engineering and Management.

Iterative design model for RAMS engineering and management.

Probabilistic Risk Assessment (PRA). Simulation, calculation and analysis of design solution to fulfill requirements set for RAMS performance.

Cause-consequence logic tree modeling.

Method for the Management of Design (RAMS) requirements.

Method for modeling Functional hierarchy (Specification and allocation of RAMS requirements and seeking out the best technical solutions).

Framework for integrating efficiently RAMS

Douzi Imran Khan


Main function 1

Main function 2

Support functions 1...m

Technical System 1

Technical System 2

Technical System s

Main component 1

Specification and Allocation of a

Facilities RAMS design

requirements

Technical performance

Availability performance

Safety performance

Sub-function 1

Main function n

Sub-function2

Sub-function k-1

Sub-functions k

Structures 1...r

Seeking out and selecting design solutions

Main component 2

Main component u-1

Main component u

Sub-component 1

Sub-component 2

Sub-component u-1

Sub-component u

Func

tion

s, S

yste

ms, S

truc

ture

s an

d C

ompo

nent

s in

terc

onne

ctio

ns an

d cau

sal r

elat

ions

to th

e Fa

cilities

func

tion

s pe

rfor

man

ce

Concept of Functions, Systems,

Structures, Components (FSSC)

interconnections and causal relations to

facility performance.

Functional analysis Concept/Method for RAMS..

Douzi Imran Khan


Specification of requirements for the Facilities Operational

Availability, Safety and O&M Costs (crude estimation)

Request for DMEs proposal including the 1) Specification of RAMS Performance and O&M Data that needs to be attached in the proposal, and2) Description of RAMS Analyses and Design Reviews that need to be carried out during the Facilities Design and development process

Potential DMEs SuppliersIdea Generation and

Screening

Definition of the FacilitiesProcess Objectives

MC = Maintenance CostsDMEs = Design and Manufacturing Entities associated with a facility systems, structures and components, SSCs)

What should the Facilities

achieve?

How can this be achieved?

DME proposals including the1) Specified RAMS Performance and O&M Data2) RAMS Analyses and Reviews to be carried out during the System design and development

Comparison of Proposals

Selection of the DMEs Suppliers

Preparation of Final Contracts of DMEs

Specification and Allocation of RAMS Requirements for DMEs of

the System

Possible Changes to

Yes

No

Yes

Proceed to

Facility Systems- Engineering- Component development & Procurement- Construction and Manufacturing- Assembly & Installation- Commissioning & Start-up- Operation and Maintenance- Waste management and disposal

Data & Information related to:- Market: demand, price & competition- Customer: operation profile, risk tolerance- Product Technology: state of the art - Safety and Environment - Legislation and Directives - Financial and Business - Others

Management concept of RAMS design requirements.

Douzi Imran Khan


Facility“Operation

Maintenance& RiskEvent”

Data Base

Indication of causes and consequences

of the event

Estimation of the root causes’ and the gates’ (conditional) probabilitiesand the extent of damages

Selection of TOP event to be studied

Identification of Events

- Failure modes- Consequences of Failures- Causes of Failure

- Deviation of Process and Environmental conditions- Consequences of Deviation- Causes of Deviation

- Human errors- Consequences of Human errors- Causes of Human error

Generated event listEvent 1Event 2Event 3Event 4Event 5

..Event n

Definition of type of the gates

Definition of the action plan to mitigate the risks under acceptable level

Generated model of thecause and consequence logic

Prioritization of root causes from probability and risk reduction point of view

Calculation of probabilities and risks of the chains of causes lead to TOP and the chains of consequences initiate from the TOP

FMEA

Haz

opH

EA

Implementation and control

of the action plan

C h a i n s o f c o n s e q u e n c e s i n i t i a t e d f r o m t h e T O P - e v e n t

T O P e v e n t

E x p e r t s e s t i m a t e e x t e n t C i o f c o n s e q u e n c e i .

P r o b a b i l i t y p i i s e s t i m a t e d f o r c o n s e q u e n c e i t h r o u g h s t o c h a s t i c s i m u l a t i o n .

i

ii CpRisk

T h e r i s k f u n c t i o n w i l l a m p l i f y t h e i m p o r t a n c e o f e v e n t s w i t h l a r g e d a m a g e s > 1 .

C o n d i -t i o n A

T h e c a u s e t r e e a p p r o a c h i s a p p l i e d t o m o d e l t h e c h a i n s o f c a u s e s l e a d t o c o n d i t i o n s a n d T O P - e v e n t . I t i s p o s s i b l e t h a t t r e e s h a v e r e l a t i o n s a n d s h a r e d e v e n t s .

C o n s e q u e n c e s f r o m t h e i n i t i a t e d e v e n t , f o r e x a m p l e c o n s e q u e n c e s 1 , 2 a n d 3 f r o m T O P - e v e n t , c a n b e e i t h e r e x c l u s i v e o r i n d e p e n d e n t .

C a u s e t r e e

C a u s e t r e e

C o n s e - q u e n c e 1

C o n d i -t i o n B

C a u s e t r e e


C o n d i -t i o n C

C a u s e t r e e


C o n d i -t i o n E

C a u s e t r e e


C o n d i -t i o n D

C a u s e t r e e


C o n d i -t i o n F

C a u s e t r e e

C o n s e - q u e n c e 1 T h e r e m a y b e s e v e r a l

s e p a r a t e c h a i n s o f e v e n t s t h a t l e a d t o c o n s e q u e n c e , f o r e x a m p l e c h a i n s t o c o n s e q u e n c e s 1 a n d 2 .

Cause-Consequence logic tree modeling.

Douzi Imran Khan


Gate Model.

n

G i Ii ix k I x m U p

10

The characteristics of a gate is given by the data column (k, m, p, μ, ± I1, ± I2, …, ± In)

0 ≤ p ≤ 1, μ ≥ 0,

and Ii are the ID-numbers of the inputs.

Type of gate k m p

OR 1 n 1

AND n n 1

Vouting, k/n (1≤k≤n) k n 1

Inhibit (example) n n <1

Generalized XOR (1≤k<n) k k 1

PriorityAND n n 1

Input(s) produce output when conditional event occurs

Output event occurs if all input events occur in certain order

Where, k & m are nonnegative integers,

The state of a gate (gate event) G is a random variable depending on the states of the input events:

Where U is a random number from the uniform distribution on the unit interval,

And, the truth function Φ (“statement”) equals 1 if “statement” is true, and otherwise 0.

In-Short: The logic of the gate is true with conditionalprobability p, if at least k and at most m inputs are true.

Douzi Imran Khan


Gate Example.

The gate (ID4)

(k, m, p, μ, ± I1, ± I2, …, ± In)

(1, 2, 0.9, 0, 1, -2, 3)

And

X4 = [1 ≤ x1+(1-x2)+x3 ≤ 2] . Φ (U ≤0.9)

GateID = 4P = 0.9

K=1 m=2

CauseID = 1

CauseID = 2

CauseID = 3

n

G i Ii ix k I x m U p

10

NOT

Douzi Imran Khan


Cause tree matrix

Douzi Imran Khan


MR Power outage Cause-Consequence logic.

Mobile Robot (MR) Power

outageID = 13

Facility property damageID = 22

MR hits other machinesID = 20

MR disturbing other operations

ID = 21

Human intervention not

allowedID = 16

Not capable to rechargeID = 15

Facility operation runningID = 7

MR does not have power to

moveID=17

No recharge station nearby

ID = 5

Rescue robot can not take failed MR to recharge station

ID = 14

No information where the failed

MR isID = 4

Rescue robot can not find the way to

failed MRID = 3

Rescue robot fails to place failed MR to recharge station

ID = 6

High radiation dose

ID = 8

MR electronic damage caused

by radiationID = 19

MR can not be taken out before

a weekID = 18

Economical lossID = 23

Back-up batteryconnection

failureID = 10

Back-up battery(BUB) power supply failure

ID = 11


succesID = -10

Back-up battery is called

for operationID = 9

Back-up battery

is out of powerID = 12

Back-up batterypower supply

succesID = -11

Failure in main battery power

supplyID = 2

Main battery is out of power

ID = 1


for operationID = 9


for operationID = 9

ID k m p μ I1 I2 I3

9 1 2 1 0 1 2 0

10 1 1 0.1 1.5 9 0 0

11 2 2 0.05 0 -10 9 0

12 2 2 0.01 0 -11 9 0

13 1 1 1 0 10 11 12

14 1 2 1 0 3 4 0

15 1 3 1 0 5 14 6

16 1 2 1 0 7 8 0

17 1 1 1 0 13 0 0

18 3 3 0.6 0 17 16 15

19 1 1 1 0 18 0 0

20 1 1 0.1 0 13 0 0

21 1 1 0.5 0 20 0 0

22 1 1 0.8 0 20 0 0

23 1 3 1 0 19 21 22

Cause tree matrix

Consequence tree matrix

Douzi Imran Khan


Example (Mobile Robot Power Outage).

Cause Tree for MR Power outage.


failureID = 10

Back-up battery(BUB) power supply failure

ID = 11


succesID = -10


for operationID = 9

Back-up battery

is out of powerID = 12

Back-up batterypower supply

succesID = -11

Failure in main battery power

supplyID = 2

Main battery is out of power

ID = 1


for operationID = 9


for operationID = 9

Mobile Robot Power outage

ID = 13

Cause tree logic matrix

Douzi Imran Khan


Consequence Tree from MR Power outage.Consequence tree logic matrix

Douzi Imran Khan


Risk Importance measures.

0

B1

P1

P0

P B

P A 1 A

I RAW

I B

I RRW

0P1PI B Birnbaum’s importance measure

AB

BRRW PI0PPI

Risk Reduction Worth

AB

BRAW P1IP1PI

Risk Achievement Worth

B

RRW

B

AB

B

CR

P

I

P

PI

P

0P1I

Criticality importance

Importance measures to describe the correlative relation between two events.

Douzi Imran Khan


ID 1 2 3 4 5 6 7 8

0.05 0.01 0.20 0.50 0.80 0.50 0.95 0.95

> 1 >1 >1 >1 >1 >1 >1

ID 10 11 12 18 20 21 22

p 0.10 0.05 0.01 0.60 0.10 0.50 0.80

>1 >1 >1 >1 >1 >1 >1Gate events mean repair

time [d]

Number of one day operation simulation = 1000

Input data for

simulation

Basic events

Gate events conditional

probability

Basic events mean repair

time [d]

Probability that Basic events

come true in one day

Input data for simulation

ID 1 2 3 4 5 6 7 8

1 0 0 0 1 1 1 1 0.1320 0.00715

1 0 0 0 1 0 1 1 0.1250 0.00715

1 0 0 1 1 0 1 1 0.1180 0.00715

1 0 0 1 1 1 1 1 0.1100 0.00715

1 0 1 1 1 1 1 1 0.0390 0.00179

1 0 1 0 1 1 1 1 0.0370 0.00179

1 0 0 1 0 0 1 1 0.0350 0.00179

0 1 0 1 1 0 1 1 0.0340 0.00137

1 0 0 0 0 1 1 1 0.0320 0.00179

0 1 0 0 1 0 1 1 0.0320 0.00137

1 0 1 1 1 0 1 1 0.0280 0.00179

0 1 0 0 1 1 1 1 0.0280 0.00137

1 0 0 1 0 1 1 1 0.0250 0.00179

1 0 1 0 1 0 1 1 0.0190 0.00179

0 1 0 1 1 1 1 1 0.0180 0.0014

1 0 0 0 0 0 1 1 0.0110 0.00179

1 0 1 1 0 0 1 1 0.0100 0.00045

Probability of MR Power Outage (ID 30) occurency in

1 day mission

Probability of Economic loss (ID23) occurency in one

day mission caused by MR Power Outage 0.00584

0.00892

General probability of Combination realization

Combination probability when Economic loss caused by MR

Power Ouage is true

Com

bin

ation o

f basi

c events

lead to E

conom

ic loss

cause

d b

y

MR P

ow

er O

uage

1 2 10 11 12

0.146 0.156 0.988 0.994 0.883

ID 1 2 10 11 12

0.096 0.101 0.657 0.639 0.525

Birnbaum's importance

measureID

How strong connection selected

basic and gate events have in

occurence of MR Power outage

(ID 13)

Event

How strong connection selected

basic and gate events have in

occurence of Economic loss (ID

23) caused by MR Power

Outage

Simulation results.

Douzi Imran Khan


Identification of undesirable events related to the Design:Failure mode- consequences- causeProcess deviations- consequences- causesHuman errors- consequences- causes

Identification and analysis of minimal-cut-sets related to the defined gate-events in TOP cause-consequence tree. (Note. Defined gate-event can be different than TOP-event)

Calculation of conditional probability for the combinations of root-cause-events which lead to the occurrence of the selected gate-event.

Prioritization of the root-cause-events combinations from availability risk point of view, and updating the list of events' criticality based on the availability risks.

Prioritization of the root-cause-events Combinations from safety risk point of view, and updating list of the events' criticality based on the safety risk.

Prioritization of root-cause-events from the availability and safety perspective, and updating the list of events' criticality.

Assessment of the causes' and/or mechanisms' detectability which can lead to the critical events' occurrence.

Assessment of FSSCs criticalityfrom Facility’s availability,safety and costsperspective. Prioritization, Selection and Organizing of the Design to be Reviewed.ELMAS

DatabaseFSSCs cause-consequence

logicRAMS data

Risk reduction tasks

descriptions

Assessment of the feasibility of risk reduction tasks related to the critical events’ occurrence.

Engineering and scheduling of risk reduction tasks to be performed according to the Design Change’s priority (TOP10 list)

Management of required Design Changes associated with the proposed Design solution.

FMEA

Hazop

HEA

12 3 4 5

6

810

12 13 14 15

9

Extent and frequency levels identification to the root-cause-events based on defined safety damage classification.

7

16

Work safety

Radiological safety

Fire safety

11

Estimation of RAMS data (frequencies, states’ durations, work and material costs) connected to the gate-events and the root-cause-events.

Review Availability or Safety in the Design. (Deterministic and Probabilistic approach In Failure Tolerance Analysis is applied according to state of the System Design .

Select TOP-event to be studied and connect identified cause and consequence events to it level by level and branch by branch.

Definition of the root-cause-events (according to the state of System Design) and the logic of the gates in the TOP cause-consequence tree

Calculation of importance measures for the root-cause-events associated with the most probable cut-sets.

Updating of Design review related cause-consequence logic and RAMS data of FSSCs 17

Application of RAMS Design Review to Probabilistic Risk Assessment in

a Large Scale Facility

Douzi Imran Khan


Analysing System and its

RAMS requirements

Perfrom Preliminary

Safety Analysis.

Verification and Validation

of RAMS.

Perform Failure Mode Effects and

Analysis (FMEA)

Perform Cause Consequence

Analysis

Analysing RAMS Requirements

System / Functional Analysis

Analyze Maintenance Programme /

actionPerform LCC calculation of the system

Allocate RAMS

requirements to system

architecture

Perform Preliminary

Risk Analysis

Iterative Design model for RAMS engineering and management.

Douzi Imran Khan


Contents

• Motivation.



• Summary

Douzi Imran Khan


Collaboration and Interaction

– Host Organization. (Supervisor and Colleagues)

– Other PURESAFE ESR’s and Supevisors

– PURESAFE Coordinator and project manager.

– University Personnel.

Douzi Imran Khan


Private Sector Interaction• Collaboration with Ramentor Oy, Finland and discussions on the

ELMAS ((Event Logic Modeling and Analysis Software), developed and maintained by Reliability Engineering Research Group, TUT)

• Collaboration with RELIASOFT, Taipuva Consulting Ltd, Finland and discussions on the FTA/ETA (Fault/Event Tree Analysis) FMEA (Failure Mode and Effect Analysis), and RCM (Reliability Centered Maintenance) for realtime projects.

• Collaboration with LTU(Luleå University of Technology, Sweden), BARC(Bhabha Atomic Research Center) and IIT Bombay, India for discussions on failure of physics approach and RAMS studies.

• Interaction with Posiva Oy, Pöyry Oy and STUK, for discussions/training will be on the consideration of safety issues, probabilistic risk assessment(PRA) .

Douzi Imran Khan


Framework for RAMS engineering and Management

STUK.

POSIVA

PÖYRY

RAMENTOR

RELIASOFT

TAIPUVA

PURESAFE

RP projects

CERN and GSI

Radiation and Nuclear Safety

Authority, Finland. RadioActive Waste

Management Sector.

ELMAS and RELIASOFT software for

RAMS.

Prof. Seppo Virtanen &

Team

Safety management

system

Related RP projects inputs?

Douzi Imran Khan


Future Work.

RAMS modeling and analysis for FAIR Super FRS remote handling systems for maintenance tasks

* RAMS study and assessment , from LHC to FCC

Douzi Imran Khan


Contents

• Motivation.



• Summary

Douzi Imran Khan


IMPACT & SUMMARY

• RAMS analysis and management done through Functional Analysis, FME(C)A, Cause-Consequence logic tree (Combination of FTA and ETA), Reliability and availability analysis technique can guarantee a reasonably good result for a Risk Analysis.

• Addition to this, a well structured RAMS modeling and management, ensures a safer facility, decreased engineering problems, reduced operation and maintenance costs and increased process up time.

• Based on experience and assisted by the modeled failure logic, it is possible to find out the problem areas, which during the design and development phase may reduce the system’s RAMS performance and delay its design and development time.

• It also helps to identify which parts of a system are likely to have the major impacts on system level failure, and also which failure modes to expect and which risks they pose to the human, infrastructure and environment.

Douzi Imran Khan


Thank you very much for your kind attention!

QUESTIONS?

Douzi Imran Khan

1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the...

Documents

Transcript of 1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the...