NEBOSH National Diploma - downloads.astutis … National Diploma Revision: System Reliability and...

1 of 156© Astutis Ltd

NEBOSH National Diploma

Revision: System Reliability and Failure Tracing Methodologies

A7.4 and A7.5


Learning Outcomes

• A7.4 Explain the analysis, assessment and improvement of system failures and system reliability with the use of calculations

• A7.5 Explain the principles and techniques of failure tracing methodologies with the use of calculations.


Session Plan

• Fault Trees and Event Trees

– Tree construction and calculations

• HAZOP

– Overview and types of exam question


FAULT TREES AND EVENT TREES


Bow Tie


Simple Qualitative Fault Tree

Fire in process area

Top event

FuelLevel

1

Level 2Leaking joint

Drain valve open

Welding in progress

Electric motor

and

or or

Oxygen

Ignition source


And gate - fault occurs if all input events true

Or gate - fault occurs if any input event true

Base event - further analysis not useful

Undeveloped events - not analysed further at this time

Event - Event which is further analysed (may be the top

event or an intermediate event)

Transfer gate - Event analysed at point A on a different

page

Fault Tree Symbols

A


Probability Scale

• Probability of 0

– Event is impossible and will never happen

• Probability of 1

– Event is certain to happen

• Probability of ½ (or 0.5 or 50%)

– Event has an even chance of happening


Gate Symbol MeaningRelationshi

p

AND

Output

exists only

if all inputs

exist

A= BC

OR

Output

exists if one

or more

inputs exist

A= B+C

Calculations @ Gates


• The frequency of an event is the reciprocal of its probability

• f = 1/P

Probability and Frequency


A machine operator is required to reach between the tools of a vertical hydraulic

press between each cycle of the press. Under fault conditions, the operator is at risk

from a crushing injury due either (a) to the press tool falling by gravity or (b) to an

unplanned (powered) stroke of the press. The expected frequencies of the failures

that would lead to either of these effects are given in the table below:

a) Given that the operator is at risk for 20 per cent of the time that the machine is

operating, construct and quantify a simple fault tree to show the expected

frequency of the top event (a crushing injury to the operator’s hand. (10)

b) If the press is one of ten such presses in a machine shop, state, with reasons,

whether or not the level of risk calculated should be tolerated. (4)

c) Assuming that the nature of the task cannot be changed, explain how the fault

tree might be used to prioritise remedial actions. (2)

Failure type Frequency (per year) Effect

Flexible hose failure 0.2 a

Detachment of press

tool0.1 a

Electrical fault 0.1 b

Hydraulic valve failure 0.05 a or b


• Concentrate on drawing the tree first

• Top down - Level by level

• Then do calculations – bottom up


• Top event

Crushing injury


• What 1st level events contribute to the top event?

• The operator has to be at risk, i.e. reaching into the machine

• And

• The machine has to fail – a fault condition must occur


Crushing injury


Crushing injury

Operator reaches between

plates

The diamond shape indicates that this event

will not be further developed / investigated

NBFor exam purposes the

use of diamonds (undeveloped events)

and circles (base events)Is not necessary


Crushing injury


plates

Tool comes down due to fault condition


Crushing injury


plates



Crushing injury


plates


What fault conditions may bring the tool

down?


Crushing injury


plates


The tool will come down as a result of

Gravity (a) ORAn unplanned (powered)

stroke (b)


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)


Crushing injury


plates


Powered stroke (b)

Gravity fall (a) What information do we

have about these failures?


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault


Calculations

• Populate the diagram with the given probabilities

• Calculate from the bottom up


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

Add up through an OR gate


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.2 + 0.1 + 0.05 = 0.35


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.2 + 0.1 + 0.05 = 0.35

0.1 + 0.05 = 0.15


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15



Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15


0.35 + 0.15 = 0.5


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

Multiply up through an AND gate

0.5


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

0.5

0.2 x 0.5 = 0.1 per year


Crushing injury


plates


Powered stroke (b)

Gravity fall (a)

Hose failure

Detached tool

Valve failure

Valve failure

Electrical fault

0.2 0.1 0.05 0.050.1

0.2

0.35 0.15

0.5

0.2 x 0.5 = 0.1 per year(the event is likely to happen once every ten years)


Simple Generic Event Tree


A mainframe computer suite has a protective system to mitigate

the effects of fire. The system comprises a smoke detector

connected by a power supply to a mechanism for releasing

extinguishing gas. It has been estimated that a fire will occur

once every five years (f=0.2/year).

Reliability data for the system components are as follows:

Component Reliability

Detector 0.9

Power supply 0.99

Extinguishing gas release mechanism 0.95

a) Construct an event tree for the above scenario to calculate

the frequency of an uncontrolled fire in the computer suite.

(10)

b) Suggest ways in which the reliability of the system could be

improved. (4)


Initiating event

Consequences


Initiating event

Consequences

N

Y S

F


Initiating event

Consequences

N

Y S

F

Fire!!!









Detector 0.9

Power supply 0.99




(10)


improved. (4)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

P = 0.2 per yearF = 1 in 5 years


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9










Detector 0.9

Power supply 0.99




(10)


improved. (4)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1P = 0.2 per yearF = 1 in 5 years


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fireP = 0.2 per year

F = 1 in 5 years


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire

Power supply operation



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9





Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99










Detector 0.9

Power supply 0.99




(10)


improved. (4)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99

0.01



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99


Gas release operation



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99





Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



0.95










Detector 0.9

Power supply 0.99




(10)


improved. (4)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



0.95

0.05



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control



Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control


Calculations


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9

0.1 Out of control fire 1


0.99



Out of control fire

0.95

0.05

Fire brought under

control


Calculations


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control


CalculationsOut of control fire 1 occurs if the detector fails when there is a fire

Detector has to fail (P = 0.1)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control



Detector has to fail (P = 0.1) and fire has to occur (P = 0.2) Probability = 0.1 x 0.2 = 0.02


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control


CalculationsOut of control fire 2 occurs if the power supply fails after the detector has

successfully operated and the fire is active


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control



successfully operated and the fire is activePower has to fail (P = 0.01)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control



successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control



successfully operated and the fire is activePower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and

the fire has to be active (P = 0.2)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire

0.95

0.05

Fire brought under

control


CalculationsPower has to fail (P = 0.01) and the detector has to operate (P = 0.9) and

the fire has to be active (P = 0.2) Probability = 0.01 x 0.9 x 0.2 = 0.0018 (can be rounded to 0.002)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99



Out of control fire 3

0.95

0.05

Fire brought under

control


Calculations


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




0.95

0.05

Fire brought under

control


CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




0.95

0.05

Fire brought under

control


CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the

power supply works (P = 0.99)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




0.95

0.05

Fire brought under

control


CalculationsOut of control fire 3 occurs when the gas release fails (P=0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




0.95

0.05

Fire brought under

control


CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)


Initiating event

Consequences

N

Y S

F

Fire!!!

Detector operation

0.9



0.99




0.95

0.05

Fire brought under

control


CalculationsOut of control fire 3 occurs when the gas release fails (P = 0.05) and the

power supply works (P = 0.99) and the detector operates (P = 0.9) and the fire is active (P = 0.2)

Probability = 0.05 x 0.99 x 0.9 x 0.2 = 0.00891 (rounded to 0.009)


• An uncontrolled fire could arise as a result of:– The detector failing (out of control fire 1 / P = 0.02) OR

– The power supply failing (out of control fire 2 / P = 0.0018) OR

– The gas release failing (out of control fire 2 / P = 0.00891)

• The overall probability of an uncontrolled fire is OOC fire 1 (0.02) plus OOC fire 2 (0.0018) plus OOC fire 3 (0.00891)

• P = 0.02 + 0.0018 + 0.00891 = 0.03071

(A 3.07% chance of uncontrolled fire per year)

• F = 1/P

• F = 1 / 0.03071 = 32.56

• F = 0nce every 32.56 years


HAZOP


HAZOP

• Three types of question

– Historically 10 point descriptive questions

– January 2012 – 20 point simple HAZOP from diagram

– July 2015 – 10 point draw table and populate from information given in scenario


Past Question – January 2009(Part of 20 point risk assessment question)

• Explain the principles and methodology of a Hazard and Operability (HAZOP) study (10)


Detailed HAZOP Study Procedure

1) Specification

2) Team

3) Description and design intention

4) Generating a deviation

5) Identifying causes

6) Evaluating consequences

7) Safeguards (protection)

8) Risk assessment

9) Recommendations/actions

10) Recording


Past Question – January 2012

• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.

• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.


Past Question – January 2012

• Apply the methodology of a hazard and operability (HAZOP) study to the process at point A on the diagram AND give the results of the study in typical HAZOP format.

• You are not required to produce a complete study. Consider only the process parameter of ‘flow’ and apply no more than three guide words. (20)


Typical HAZOP Table

Deviation

Cause ConsequenceSafeguards

(Existing controls)

Actions (Additional

controlsGuideword Parameter


Typical HAZOP Table

Deviation


(Existing controls)

Actions (Additional


Flow


Typical HAZOP Table

Deviation


(Existing controls)

Actions (Additional


No Flow

Less Flow

More Flow


No Flow

Deviation


(Existing controls)

Actions (Additional


No Flow


No Flow - Causes


No Flow - Causes

(1) Blocked pipe


No Flow - Causes

(1) Blocked pipe

(2) Closed valve


No Flow - Causes

(1) Blocked pipe

(2) Closed valve(3) Defective

pump


No Flow - Causes

(1) Blocked pipe

(2) Closed valve(3) Defective

pump

(4) Empty tank


No Flow - Causes

Deviation


(Existing controls)

Actions (Additional


No Flow Blocked pipe

Closed valve

Defective pump

Empty tank


No flow - Consequences

• The diagram below shows a section of process plant in which a raw material is pumped continuously to a process from a storage tank.

• The flow rate is controlled by an operator who adjusts the manual valve to achieve the desired flow as shown on the flow gauge. If the flow is too great a dangerous reaction may occur in the process. If there is insufficient flow the product produced in the process will be defective and will have to be discarded. Any contaminant in the raw material may produce a dangerous reaction.


No Flow - Consequences

Deviation


(Existing controls)

Actions (Additional


No Flow Blocked pipeDefective product -

waste

Closed valveDefective product -

waste

Defective pump

Defective product -

waste

Empty tankDefective product -

waste


No Flow - Safeguards

Deviation


(Existing controls)

Actions (Additional



waste


waste

Operator Control

Defective pump

Defective product -

waste


waste


No Flow - Actions

Deviation


(Existing controls)

Actions (Additional



waste

Testing and maintenance


waste

Operator Control

Testing and maintenanceAutomating flow control

Defective pump

Defective product -

waste

Testing and maintenance


waste

Low level warning


Past Question July 2015

• In relation to a Hazard and Operability (HAZOP) study, give the meaning of the term 'guide word'. (2)

• Give an example of a guide word used in a HAZOP study. (1)

• A multi-disciplinary team has conducted a HAZOP study on a system used to manufacture chemicals in batches. The study has concluded that an uncontrolled rise in temperature could be caused either by adding ingredients too quickly or if the storage temperature of the ingredients was too high.

• In either case, there could be an uncontrolled rise in temperature that could in turn lead to catastrophic failure of the reaction vessel.

• The team has decided to improve the system by adding instruments to monitor the rate of addition of the ingredients and to monitor their storage temperature.

• The team has also decided to install remote warning indicators that will give alarms in the control room and to install automatic shut-off valves that will operate if the reaction temperature rises too high.

• Record the above findings in a typical HAZOP table. (7)


Typical HAZOP Table

Deviation


(Existing controls)

Actions (Additional



Deviation

Deviation


(Existing controls)

Actions (Additional

controls)Guideword Parameter

? ?


Deviation?









Deviation

Deviation


(Existing controls)

Actions (Additional


More Temperature


Cause?

Deviation


(Existing controls)

Actions (Additional


More Temperature ?


Cause?









Cause(s)

Deviation


(Existing controls)

Actions (Additional


More TemperatureIngredients added too

quickly

Storage temperature

too high


Consequence(s)?

Deviation


(Existing controls)

Actions (Additional



quickly?

Storage temperature

too high?


Consequence(s)?









Consequence(s)?Deviation


(Existing controls)

Actions (Additional



quickly

Uncontrolled rise in

temperature

Catastrophic failure of the

reaction vessel

Storage temperature

too high


temperature


reaction vessel


Safeguards – Not GivenDeviation


(Existing controls)

Actions (Additional



quickly


temperature


reaction vessel

Storage temperature

too high


temperature


reaction vessel


Actions?Deviation


(Existing controls)

Actions (Additional



quickly


temperature ?


reaction vessel

?

Storage temperature

too high


temperature ?


reaction vessel

?


Actions?









Actions?Deviation


(Existing controls)

Actions (Additional



quickly


temperature ?


reaction vessel

?

Storage temperature

too high


temperature ?


reaction vessel

?


Actions?Deviation

Cause ConsequenceActions (Additional



quickly


temperature

Install instruments to monitor the rate of addition

of the ingredients


reaction vessel

Install remote warning indicators that will give

alarms in the control room

Storage temperature

too high


temperature

Install thermometers to monitor storage

temperature


reaction vessel

Install automatic shut-off valves that will operate if the reaction temperature

rises too high


• Reliability of individual components and the way in which they are arranged:

– In series (one after the other) - failure of any one piece means failure of the system

– In parallel (side by side)

– As a combination of both (a complex or mixed system)

Reliability Theory


Series Systems

• Fault intolerant

• Failure of any component causes the system to fail

• System reliability (Rs) = R1 x R2 x R3

• Rs = 0.95 x 0.98 x 0.97

• Rs = 0.91 or 91%

• NB the reliability of the series is less than the reliability of individual components

1 2 3

R1 =

0.95

R2 =

0.98

R3 =

0.97


Parallel Systems

• The failure of one component will not stop the system functioning

• Rs = 1 – [(1 - R1)(1 - R2)]

• Rs = 1 – [(1- 0.95)(1- 0.98)(1- 0.97)]

• Rs = 1 – [0.05 x 0.02 x 0.03]

• Rs = 1 – 00003

• Rs = 0.99997 or 99.997%

• NB the reliability of the system is better than the reliability of individual components

1

2

R1 =

0.95

R3 =

0.97

R2 =

0.98


• Break down the overall system into sub-systems

• Calculate parallel systems

• Then calculate overall series system RA x R3 x RB

Mixed System

R1 =

0.99

R2 =

0.95

R4 =

0.70

R6 =

0.90

R5 =

0.93

R3 =

0.999

RA R3 RB


Mixed System - Calculation

• RA = 1 - [(1 - 0.99)(1 - 0.95)]

• = 1 - (0.0005)

• = 0.9995

• RB = 1 - [(1 - 0.70)(1 - 0.93) (1 - 0.90)]

• = 1 - (0.0021)

• = 0.9979

• RS = RA x R3 x RB

• = 0.9995 x 0.999 x 0.9979

• = 0.9964

R

A R

B


Past Question

A computer suite is protected from fire by a CO2 flood

system. The system comprises of components A (a

detector), B (a switch) and C (a release mechanism)

installed in series.

It has been proposed that a new series system of a

detector and a switch, identical to A and B, are placed in

parallel to the original series components A and B, in order

to improve the system reliability.

Calculate the improvement in reliability of the proposed

new system, given that the reliability of the components

are:

• Component A 95%

• Component B 85%

• Component C 97%


A B C

RS = RA x RB x RC

RS = 0.95 x 0.85 x 0.97

RS = 0.783

RS = 78.3%

95% 85% 97%

Original System


New System

A B

A B

C


A B

A B

C

A-B =

X

X

X

C

= Z

Z C

X

X


RX = RA x RB

RX = 0.95 x 0.85

RX = 0.8075

RZ = 1 – [ (1 – RX) (1 – RX)]

RZ = 1 – [ (1 – 0.8075) (1 –

0.8075)]

RZ = 1 – [0.1925 x 0.1925]

RZ = 1 - 0.037

RZ = 0.963

RS2 = RZ x RC

RS2 = 0.963 x 0.97

R = 0.934


RS = 78.3%

RS2 = 93.4%

Improvement in reliability = 93.4% - 78.3%

= 15.1%

Improvement in Reliability


Questions?

NEBOSH National Diploma - downloads.astutis … National Diploma Revision: System Reliability and...

Documents

Transcript of NEBOSH National Diploma - downloads.astutis … National Diploma Revision: System Reliability and...