Embed Size (px)
Citation preview
1ISE 311 - 18
Class Exercise: Accidents & errors
‘Human error’ ‘Unsafe conditions’
2ISE 311 - 18
Goals of safety engineering/management
Reduce errors Reduce proportion of errors that become
accidents Reduce proportion of accidents that become
injuries Reduce lost days/injury
3ISE 311 - 18
Injury and severity rate
Injury rate
= Injury cases/yr× 200,000 ÷ Actual hrs worked/yr
Severity rate = Days charged ÷ Injury cases/yr
Unsafe conditions
Unsafe acts
Injury rate
4ISE 311 - 18
Selection of problems
Decision method:1. Multiply frequency rate for each type of accident
by the severity rate.
2. Consider refining by including dollar cost/case.
3. Rank order annual costs.
Consider using a Pareto analysis. Examine high-energy sources.
5ISE 311 - 18
Open Manhole Analogy
The engineering approach is most effective and is permanent.
‘Warning’ approach
‘Guarding’ approach
Engineering approach
6ISE 311 - 18
Reduction of Unsafe Conditions
Reduce human error
Reduce equipment failure
Design the proper control, display, and
environment
Use distance
Use guards
Use time
7ISE 311 - 18
Unsafe acts
Treat all accidents as unsafe conditions. Unsafe acts may result from:
Lack of knowledge Deliberate risk Drug effects
Address the causes ..
Lack of knowledge
Deliberate risk
Drug effects
8ISE 311 - 18
Warnings Are information about a possible negative
consequence. An effective warning should change behavior. May be visual, auditory, or vibratory. Need increases when:
Injury potential increases Danger is less obvious Injury onset is not obvious More people are exposed
9ISE 311 - 18
Problems with Warnings
P The information must be Present.
R The warning must be Read.
U The reader must Understand the warning.
M The information must remain in Memory.
A The person must Act on the information.
E The warning must be Effective (the person
must be able to perform the desired
behavior).
10ISE 311 - 18
Fault Tree Analysis (FTA)
Fault Tree: A graphic “model” of the pathways within a system that can lead to a foreseeable, undesirable loss event.
The pathways interconnect contributory events and conditions, using standard logic symbols.
Numerical probabilities of occurrence can be entered and propagated through the model to evaluate probability of the foreseeable, undesirable event.
11ISE 311 - 18
FTA is best applied to cases with …
Large, perceived threats of loss, i.e., high risk. Numerous potential contributors to a mishap. Complex or multi-element systems/processes. Already-identified undesirable events (a must!) Indiscernible mishap causes (i.e., autopsies.)
Caveat: Large fault trees are resource-hungry and should not be undertaken without reasonable assurance of need.
12ISE 311 - 18
FTA produces: Graphic display of chains of events/conditions leading to
the loss event. Identification of those potential contributors to failure that
are “critical.” Improved understanding of system characteristics. Qualitative/quantitative insight into probability of the loss
event selected for analysis. Identification of resources committed to preventing
failure. Guidance for redeploying resources to optimize control
of risk. Documentation of analytical results.
13ISE 311 - 18
Some definitions FAULT
An abnormal undesirable state of a system or a system element induced 1) by presence of an improper command or absence of a proper one, or 2) by a failure (see below). All failures cause faults; not all faults are caused by failures. A system which has been shut down by safety features has not faulted.
FAILURE Loss, by a system or system element, of functional integrity
to perform as intended, e.g., relay contacts corrode and will not pass rated current closed, or the relay coil has burned out and will not close the contacts when commanded – the relay has failed; a pressure vessel bursts – the vessel fails. A protective device which functions as intended has not failed, e.g, a blown fuse.
14ISE 311 - 18
Assumptions and limitations
Non-repairable system. No sabotage. Markov…
Fault rates are constant. The future is independent of the past – i.e., future
states available to the system depend only upon its present state and pathways now available to it, not upon how it got where it is.
Bernoulli… Each system element analyzed has two, mutually
exclusive states.
15ISE 311 - 18
The logic symbols (see also table 18.4, pg. 360)
Most Fault Tree Analyses can be carried out usingonly these four symbols.
· TOP Event – forseeable, undesirable event, toward which all fault tree logic paths flow, or Intermediate event – describing a system state produced by antecedent events.
· “Or” Gate – produces output if any input exists. Any input, individual, must be (1) necessary and (2) sufficient to cause the output event.
· “And” Gate – produces output if all inputs co-exist. All inputs, individually must be (1) necessary and (2) sufficient to cause the output event.
· Basic Event – Initiating fault/failure, not developed further. (Called “Leaf,” “Initiator,” or “Basic.”) The Basic Event marks the limit of resolution of the analysis.
Events and Gates are not component parts of the system being analyzed. They aresymbols representing the logic of the analysis.
16ISE 311 - 18
Steps in FTA
Side impact with tree
Lose control of vehicle
Orient vehicle parallel to trees
Leave roadway
Slide sideways into trees
Rotate vehicle 270
degrees
Poor road interface
Human error
Vehicle mechanical
failure
Identify undesirable TOP event.1
Identify first level contributors.2
Link contributors to TOP by logic gates.3
Identify 2nd level contributors.4
Link contributors to events by logic gates.
5
Repeat/continue.6
17ISE 311 - 18
Use FTA to …
Identify probability of failures and faults. Identify candidates for engineering solutions. Identify common cause events …
Events which, if they occur, will cause two or more fault tree events to occur.
Typical common cause events include power failures, dust & grit, temperature effects (freezing/overheating), operator oversight, etc.
Can be overcome through redundant systems, isolation or shielding, etc.
18ISE 311 - 18
Your turn …
Identify a specific potential occurrence using a product, tool, or piece of equipment with which you are familiar (enough to analyze the occurrence in detail.)
Conduct a FTA using this occurrence as the top-level event.
19ISE 311 - 18
Failure Modes & Effects Analysis, FMEA
Evaluates reliability and identifies single-point failures that can lead to systems failure.
Functional vs hardware FMEA: used early in design programs top-level, focus on systems and subsystems
Hardware FMEA: based on detailed design data concentrates on assemblies, subassemblies, and components
Limitations – FMEA doesn’t address operational interface multiple failures human factors
20ISE 311 - 18
Three key questions to be answered by the FMEA process:
1. What could fail in each component of my product or design?
2. To what extent might it fail and what are the potential hazards produced by the failure?
3. What steps should be implemented to prevent failures?
21ISE 311 - 18
The FMEA process
1. Define the system
2. Identify potential failure modes & their causes
3. Evaluate the effects on the system of each failure mode
4. Identify failure detection methods
5. Identify corrective measures for failure modes
6. Document analysis / prepare FMEA report
22ISE 311 - 18
Your Turn …
1. Define the system Identify a product with which you are familiar
(enough to perform an analysis of failure modes.)
Identify one part on that product to analyze in detail.
(NOTE: use the attached FMEA form for this exercise.)
23ISE 311 - 18
Design FMEA Analysis∆ = Critical characteristic which may effect safety, compliance with Gov. regulations, or require
special controls.SEV = Severity rating (1 to 10)OCC = Occurrence frequency (1 to 10)DET = Detection Rating (1 to 10)RPN = Risk Priority Number (1 to 1000) = SEV * OCC * DET
FMEA Form and DefinitionsPart & Function
Potential Failure Modes
Potential Effect(s) of Failure
∆ SEV
Potential Cause(s) / Mechanisms of Failure
OCC
Detection Method & Quality Controls
DET
RPN
Recommended Actions
24ISE 311 - 18
Your turn …
2. Identify potential failure modes & their causes Identify 2 – 3 potential failure modes and what could cause
them.
3. Evaluate the effects on the system of each failure mode Identify 2 – 3 potential failure modes and what could cause them.
Using the table on the following page, evaluate the potential severity of each failure mode.
25ISE 311 - 18
Severity Rating, SEVRanking Effect Criteria: Severity of Effect
1 None No effect
2 Very Minor Very minor effect on product or system performance.
3 Minor Minor effect on product or system performance.
4 LowSmall effect on product performance.The product does not require repair.
5 ModerateModerate effect on product performance.The product requires repair.
6 SignificantProduct performance is degraded. Comfort or convenience functions may not operate.
7 MajorProduct performance is severely affected but functions. The system may not be operable.
8 ExtremeProduct is inoperable with loss of primary function.The system is inoperable.
9 SeriousFailure involves hazardous outcomes and I or noncompliance with govt. regulations or standards.
10 HazardousFailure is hazardous, and occurs without warning. It suspends operation of the system and/or involves noncompliance with govt. regulations.
26ISE 311 - 18
Your turn …
4. Identify failure detection methods How would you as the user/operator of this product recognize
that the part has failed or is about to fail? Use the OCC table on the following page to evaluate the
probability of failure occurrence.
5. Identify corrective measures for failure modes Do you know how to correct the fault to restore safe and
correct operation of the product? Use the DET table to evaluate the probability of detecting the
failure.
27ISE 311 - 18
Probability of Occurrence, OCC
RankingPossible
Failure RatesProbability of Failure
1 < 1 x 10-6 Nearly Impossible
2 1 x 10-5 Remote
3 1 x 10-4 Low
4 4 x 10-4 Relatively Low
5 2 x 10-3 Moderate
6 1 x 10-2 Moderately High
7 4 x 10-2 High
8 0.2 Repeated Failures
9 0.33 Very High
10 > 0.55Extremely High: Failure AlmostInevitable
28ISE 311 - 18
Probability of Detection, DET
Ranking Detection Probability
1 Almost Certain Detection
2 Very High Chance of Detection
3 High Probability of Detection
4 Moderately High Chance of Detection
5 Moderate Chance of Detection
6 Low Probability of Detection
7 Very Low Probability of Detection
8 Remote Chance of Detection
9 Very Remote Chance of Detection
10 Absolute Uncertainty - No Control
29ISE 311 - 18
Your turn …
6. Document analysis / prepare FMEA report Calculate the risk priority number,
RPN = SEV * OCC * DET
Recommend action based on the RPN.
