1 / 72

Probabilistic Risk and Safety Analyses for Process Plants and their Areas of Application Ulrich Hauptmanns

Probabilistic Risk and Safety Analyses for Process Plants and their Areas of Application Ulrich Hauptmanns. INNOVATION AND TECHNICAL PROGRESS: BENEFIT WITHOUT RISK? 11-13 September 2006, Ljubljana, Slovenia. Deterministic analyses - Probabilistic analyses.

hoshiko
Télécharger la présentation

Probabilistic Risk and Safety Analyses for Process Plants and their Areas of Application Ulrich Hauptmanns

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Probabilistic Risk and Safety Analyses for Process Plants and their Areas of Application Ulrich Hauptmanns INNOVATION AND TECHNICAL PROGRESS: BENEFIT WITHOUT RISK? 11-13 September 2006, Ljubljana, Slovenia

  2. Deterministic analyses - Probabilistic analyses • Design of plants traditionally deterministic • Origin: Way of thinking of classical physics • The state of a system at a certain point in time determines its future states • Possible in the macroscopic world, not applicable in quantum physics, which is probabilistic

  3. Example for the transition from the deterministic to the probabilistic approach • Flight of a bullet • The point of touching the ground can be predicted if • the direction of flight and • the initial speed are known and • the resistance of air is neglected.

  4. Example for the transition from the deterministic to the probabilistic approach • In case we deal with a fragment from an explosion • the direction of flight and • the speed can only be predicted on the average if experience from the past is available.

  5. Example for the transition from the deterministic to the probabilistic approach • Direction and speed of flight are stochastic or random variables. • They adopt specific values with certain probabilities and are hence described by probability distributions (on the basis of experience).

  6. Example for the transition from the deterministic to the probabilistic approach • In order to build a model differential equations with stochastic initial and boundary conditions are used. • Instead of a single point of touching the ground a probability distribution of such points is obtained. • The use of average values implies a loss of informa-tion (e.g. maximum distance of flight 40.8 m).

  7. Probabilistic result

  8. Example for the transition from the deterministic to the probabilistic approach • If instead of dealing with a bullet our concern are the fragments after a tank rupture, additionally • mass, geometry • orientation of the flight trajectory, resistance of air are random variables. • The model then uses stochastic differential equations.

  9. Occurrence of accidents and randomness • Conclusion: „the behaviour of natural phenomena is governed by chance and does not follow strictly deterministic laws“. • The instant of the occurrence of an accident and the associated volume of damage are random variables. • They can be predicted on the average, but not in detail, i.e. for a concrete case.

  10. Probabilistic modelling • Probabilistic models are more comprehensive than the conventional deterministic ones. • However, the models are more complex and require more input data. • They model phenomena at a higher level; they provide better validated results and hence a firmer basis for decision.

  11. Quality of analysis • The quality of an analysis depends on the quality of the models and that of the corresponding input data. • A simple model with few but well validated input data may therefore produce more realistic results than a complex model for which sufficiently good input data is not available.

  12. Probabilistic structural mechanics • So far only continuous variables were addressed (position, speed etc.), whose progress is described by stochastic differential equations. • The consideration of the stochastic character, for example, of load and strength enables one to predict the probability of failure of structures. It is the basis of the field of probabilistic structural mechanics.

  13. Probabilistic structural mechanics • The structures investigated may, of course, be passive components in process plants, e.g. pipework and tanks. • Naturally, accident consequences or the design of plants may be modelled as well using stochastic equations or stochastic differential equations.

  14. Probabilistic treatment of active components • Besides passive components numerous active components, e.g. control valves, form part of a process plant. • Their lifetimes can, at present, not be assessed with the help of differential equations or other models. • Instead, they are described by a statistical model which furnishes the component failure probability as a function of time.

  15. The component model in probabilistic analyses • Components are designated by binary variables. • Their behaviour is characterised by just two states: „functioning“ or „failed“ • These are represented by discrete stochastic variables, which adopt the two states with a certain probability. That probability depends upon the moment in time considered and, for example, on the prevailing maintenance strategy.

  16. Risk and safety analyses for technical installations • Accidents in technical installations are rare events. • Their risk can therefore not generally be obtained from retrospect in order to „predict“ the future, as is done, for example, when the expected numbers of future traffic accidents or flue cases are assessed. • Instead, risk is estimated by decomposition into details.

  17. Schematic of a risk assessment

  18. Steps in assessing risk 1. Event sequences 2. Characteristics 3. Exposure sequences 4. Damage and risk

  19. First step „Event sequences“ „Event sequences“: generation of conceivable sequences of events, also called scenarios, and assessment of the corresponding expected frequencies for their occurrence.

  20. First step „Event sequences“ • Example: release of chlorine following a pipe rupture caused by overpressure with an expected frequency of 10-6 yr-1. • Starting points: initiating events, which, in general, are failures of operational components (in case of the example: component failure caused by overpressure) or human error.

  21. Second step „characteristics“ „Characteristics“: Initial and boundary conditions for assessing the consequences of an event sequence for employees and the public (Example: leak size 10 cm2, height of release 10 m)

  22. Second step „characteristics“ • The boundary conditions are stochastic in nature, i.e. at most the probability or expected frequency of occurrence of the aforementioned leak can be indicated. • As a rule, the probability is not equal to 1 as assumed in the deterministic approach. Other leak sizes and locations are, of course, possible.

  23. Third step „exposure sequences“ „Exposure sequences“ describes how the harmful agent (in the above case chlorine) affects the object to be protected, e.g. man.

  24. Third step „exposure sequences“ • Example: Dispersion calculation with the objective of determining how many people in the surroundings of the point of release are exposed for how long to which concentrations of chlorine. • Measures like staying indoors or evacuation may be accounted for in this context.

  25. Fourth step „damage and risk“ „Damage and risk“ addresses in the first place the damage, i.e. the effect of the accident (Example: x fatalities following chlorine exposure, y cases of grave chlorine induced acne).

  26. Fourth step „damage and risk“ • In order to assess the risk, the amount of damage and its expected frequency of occurrence are combined (Example: x . 10-6 yr-1 fatalities following chlorine release, y . 10-6 yr-1 cases of grave chlorine induced acne).

  27. Methods and data requirements • Risk assessments are complex • A large number of different models have to be used; they require a substantial amount of input data, which are often difficult to obtain. • For the analysis of the systems of the technical installation, which is carried out using fault and event trees, mainly reliability data for technical components and human error probabilities are required.

  28. Accident consequences • The assessment of accident consequences requires numerous phenomena to be modelled, such as the discharge of fluids (including two-phase and multi-component flow), atmosphe-ric dispersion or heat radiation from fires with their corres-ponding input data. • Additionally, relations are needed which relate the intensity of exposure to man or environment to probabilities for the occurrence of certain volumes of damage. • This is often done using the so-called probit equations („Probability Integral“)

  29. Scope and depth of risk analyses • The scope and the depth of probabilistic risk analyses (PRA) may vary substantially. • If only the technical systems of the plant are analyzed we perform a probabilistic safety analysis (PSA) or quantitative safety analysis (QSA), since the damage is not assessed. • This is the most work intense part of a risk analysis. • The focus then lies on detecting weaknesses of the safety design of a plant in order to identify areas for improvement of plant safety.

  30. Simplified methods of analysis • Risk-based analysis • LOPA • SQUAFTA

  31. Risk-based analysis • Emphasis is placed on accident consequences, the analysis of plant systems is performed in a „lumped“ fashion. • This approach is used, for example, in the Netherlands in the context of licensing process plants.

  32. Layer of protection analysis „LOPA“ • All steps of a risk analysis are performed without much detail („screening“ analysis). • The underlying idea is the event tree analysis. • Initiating events (e.g. failure of a coolant pump) are described by generic failure rates. • The same applies to the unavailabilities of the barriers which are to cope with the initiating events (e.g. limiting and trip systems).

  33. Layer of protection analysis „LOPA“ • The barriers must be independent from one another. • In order to assess the risk, the expected frequencies for the occurrence of undesired events caused by barrier failure (e.g. release of hazardous materials) are combined with categorized accident consequences. • LOPA provides an order of magnitude estimate of the risk. It is not meant to replace detailed analyses.

  34. Semi-quantitative fault tree analysis (SQUAFTA) • An important obstacle to an extensive use of fault tree analyses for process plants is the dearth of appropriate reliability data. • Its consequence are lengthy and error-prone searches. • The data quality in any case suffers from the fact that data which are not plant-specific cannot reflect important factors like the type of components, the quality of maintenance etc.

  35. Semi-quantitative fault tree analysis (SQUAFTA) • Therefore generic ranges for reliability data are used. • These reflect uncertainties which stem, amongst others, from the transfer of data from their plant of origin to another plant. • Uncertainties are propagated through the evaluation of the fault tree; the result is given in terms of numbers and, additionally, by means of natural language qualifiers.

  36. Semi-quantitative fault tree analysis (SQUAFTA) • Reliability ranges for typical components of process plants are provided; they are chosen according to their corresponding test intervals by indicating a cardinal number. • Expected frequencies for the occurrence of initiating events and probabilities for human error are treated analogously.

  37. Semi-quantitative fault tree analysis (SQUAFTA) • Advantages of a comprehensive fault tree analysis are obtained at considerably less effort. • Dependencies are accounted for; their neglect leads to non-conservative results of the safety analysis. • The expected frequencies of occurrence may be combined with consequence assessments, for example from LOPA, in order to arrive at an assessment of risk.

  38. Qualitative and quantitative safety analyses • Probabilistic safety analyses (PSA) are also called quantitative safety analyses (QSA) • This does not mean that deterministic safety analyses are merely qualitative. In both cases quantitative investigations are carried out. • Deterministic analyses are based on deterministic models with fixed (determined) boundary conditions.

  39. Qualitative and quantitative safety analyses • In probabilistic analyses further reaching considerations concerning models and their boundary conditions are made. • Assumptions in deterministic analyses: • all active components of the technical system function with certainty, • the integrity of passive components is assured. • In probabilistic analyses both affirmations only apply with a certain probability.

  40. Methods of system analysis • Probabilistic and deterministic analyses both use the methods of system analysis which are qualitative (e.g. failure mode and effects analysis or HAZOP). • Probabilistic analyses mainly use event trees and fault trees. • The approaches differ in the type of conclusion (e.g. inductive or deductive) and their degree of detail.

  41. „Qualitative - quantitative“ • All methods are qualitative in the first place. • Only by assigning probabilities, if the procedure in question allows this, it becomes quantitative.

  42. „Qualitative - quantitative“

  43. Methods of system analysis • System analytical methods enable one to structure existing knowledge and to assess the safety of an installation. • They raise questions which usually can only be answered by taking recourse to the technical, physical, chemical and biological foundations of the process in question. • The answers are contained in the so-called success criteria.

  44. Success criteria • The qualitative analysis takes recourse to results from model calculations or experiments, i.e. quantitative information. • Questions such as: „will the pipe wall resist a certain thermal and pressure transient?“ are raised. • The answer may be given, for example, on the basis of a dynamic calculation of the time evolution of pressure and temperature and the pertaining fracture mechanical calculation. • For further use in the safety assessment it boils down to either „yes“ or „no“.

  45. Uncertainties • All engineering calculations are affected by uncertainties. • The reasons are on one hand the stochastic nature of some of the phenomena involved (aleatory uncertainties) and on the other gaps in knowledge (epistemic uncertainties).

  46. The engineer and uncertainties • The engineer strives for performing calculations which are as reliable as possible. • Nevertheless uncertainties cannot be avoided. They are compensated by safety factors. • They concern the models used as well as their input data. • Model uncertainties are, at present, only treated in a cursory manner. • Data uncertainties are usually accounted for, e.g. in probabilistic analyses for nuclear power plants.

  47. Examples for safety factors

  48. Dealing with uncertainties • Neglecting uncertainties may lead to faulty decision bases for dimensioning components and, hence, to components which are to weak. • Safety factors do not forestall an insufficient design, overdesign is possible as well. • Uncertainties may be treated more efficiently probabilistically, as is done in PRA and PSA.

  49. Dealing with uncertainties • Uncertain quantities are described by probability distributions. • A distinction between „objective“ data and „subjective“ probabilities is often made. • „Subjective“ probabilities seem to be apt for modelling human error, especially when decision processes are involved.

More Related