Upload
garey-goodman
View
241
Download
5
Embed Size (px)
Citation preview
CHAPTER 11
TUGAS K3 DALAM INDUSTRI KIMIATUGAS K3 DALAM INDUSTRI KIMIA
RISK ASSESSMENTRISK ASSESSMENTCHEMICAL PROCESS SAFETY – Fundamentals with Applications, 2nd Edition
Daniel A. Crowl/Joseph F. Louvar
SITI SITAWATI (NPM : 1006735574)Rev. 1 - 22 April 2011
DEPARTEMEN TEKNIK KIMIA - PROGRAM STUDI MANAGEMEN GASPROGRAM PASCA SARJANA - UNIVERSITAS INDONESIA
CONTENTSCONTENTS
11-1 Review of Probability Theory
11-2 Event Trees
11-3 Fault Trees
11-4 Quantitative Risk Analysis (QRA) & Layers of Protection Analysis (LOPA)
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
R(t) = e-t (11-1)
Probability that the component will not fail during the time interval (0,t):
Where:R = reliability = faults/timet = time
EQUIPMENT FAILURES
Occur as a result of interaction of individual components
POISSON DISTRIBUTION
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Plot Failures:
(a) Failure Rate, (b) Failure Density, f(t)(c) Failure Probability, P(t)(d) Reliability, R(t)
FAILURE PROBABILITY (UNREALIBILITY)
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Time interval between two failures of the component
P(t) = 1 – R(t) = 1 - e-t (11-2)
E(t) = MTBF = 1 / (11-3)
MEAN TIME BETWEEN FAILURES
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Typical Bathtub Failure Rate Curve for Process Hardware
Failure probabilities for individual components:
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Where:n = total number of components Pi = failure probability of each component
P = Pi (11-4)
Reliability probabilities for individual components:
RRi
Where:Ri = reliability of an individual process componentR = (Ri)
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORYFailure Rate Data for Selected Process Components
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
•Simultaneous failure in parallel: logical AND function. •Simultaneous failure in series: logical OR function
Computation of Component Linkage :
Revealed Failures
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Immediately obvious to operator and can be fixed in a negligible amount of time
Component Cycles for Revealed Failures
Unrevealed Failures
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Component Cycles for Unrevealed Failures
Without operator being aware of the situation until it affects
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Mean time between failures (MTBF) for revealed and unrevealed:
MTBF = 1 / = r + 0 (11-12)
Where:0 = time that the component is operational, period of operationr = period of inactivity/downtime = inspection interval
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Probability of Coincidence:Is required when there are dangerous due to process upset occurs and unavailability of emergency system
Average frequency of dangerous episode:
Where:d = dangerous frequency = frequencypd = dangerous process episodeU = unavailability of emergency systemTi = time interval
11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY
Mean Time Between Coincidence (MTBC):Reciprocal average frequency of dangerous coincidences
Where:d = dangerous frequency = frequency = failure rate (failure/year)i = inspection period (year)
EVENT TREES
11-2 EVENT TREES11-2 EVENT TREES
Inductive approach that provides information on how a failure can occur and the probability of occurrence
•Used quantitatively if data are available on the failure rates of the safety function and the occurrence rate of the initiation event.
•Useful for providing scenarios of possible failure modes.
•Difficulty is that for most real processes the method can be extremely detailed, resulting in huge event tree.
11-2 EVENT TREES11-2 EVENT TREES
Event trees begin with an initiating event and work towards a final result with typical steps:
•Identify an initiating event of interest
•Identify the safety functions designed to deal with the initiating event
•Construct the event tree
•Describe the resulting accident event sequences
11-2 EVENT TREES11-2 EVENT TREES
EVENT TREE for loss of coolant accident for reactor:
11-2 EVENT TREES11-2 EVENT TREES
Computational Sequence in an Event Tree
11-2 EVENT TREES11-2 EVENT TREES
Typical Event Tree of a Reactor
11-3 FAULT TREES11-3 FAULT TREES
Is a deductive method for identifying ways in which hazards can lead to accidents:
Well-defined accident top event works backward toward the various scenarios that can cause the accident
Preliminary steps before actual fault tree is drawn:•Define precisely the top event•Define existing event•Define unallowed events•Define the physical bounds of the process•Define the equipment configuration•Define the level of resolution
FAULT TREE
11-3 FAULT TREES11-3 FAULT TREES
Typical Fault Tree Contributing to a Flat tire
11-3 FAULT TREES11-3 FAULT TREESLogic Transfer Component of a Fault Tree
11-3 FAULT TREES11-3 FAULT TREESTypical Fault Tree of Reactor Overpressure
11-3 FAULT TREES11-3 FAULT TREESMinimal Cut Set
•Is various sets of events that leads to top event.•Determined using Fussel & Vesely Procedure•Some of the minimal cut set have higher probability than others•Ordered with respect to failure probability
Quantitative Calculation Using Fault Tree
•Computation by Fault Tree Diagram, using AND gate & OR gate until top event•Computation by Minimal Cut Set Procedure
11-3 FAULT TREES11-3 FAULT TREESDrawing Fault Tree:
•Draw the top event at the top of the page
•Determine major events that contribute to the top event
•Parallel connected by AND gate ; •Series connected by OR gate
•Determine major events that contribute to the top event
•Determine intermediate events that contribute to the top event
•Expand intermediate events that contribute to the top event
11-3 FAULT TREES11-3 FAULT TREES
Disadavantages of Fault Trees
•For complicated process becomes enormous
•Not certain if all failure modes have been considered
•A particular item of hardware does not fail partially
•Failure of one component does not stress the other components
•Subjective dependence of individuals
•Requires failure probabilities of all events in the fault tree
11-3 FAULT TREES11-3 FAULT TREES
Advantages of Fault Trees:
•It begins with a top event, which is selected by user to be specific to the failure of interest
•Used to determine the minimal cut sets, which provides enormous insight into various ways for top events to occur
•Enables application of computers, which is available for construct fault trees, determining minimal cut set, calculating failure probabilities
11-4 QRA & LOPA11-4 QRA & LOPA
Quantitative Risk Analysis
•Identify where operations, engineering, or management systems can be modified to reduce risk.
•Design to provide managers with a tool to help them evaluate the overall risk of a process.
•Evaluate potential risks when qualitative methods cannot provide an adequate understanding of risks
•Relatively complex procedure that requires expertise and a substantial commitment of resources and time.
11-4 QRA & LOPA11-4 QRA & LOPAMajor steps of QRA study include:
•Define potential event sequences and potential incidents
•Evaluate incident consequences (typical tools for this step include dispersion modeling and fire explosion modeling)
•Estimate potential incident frequency using event trees and fault trees
•Estimate incident impacts on people, environment, and property, and
•Estimate the risk by combining the impacts and frequencies, and recording the risk using a graph
11-4 QRA & LOPA11-4 QRA & LOPALayer of Protection Analysis•Semi-quantitative too for analyzing and assessing risk
•Simplified methods to characterize the consequences and estimate the frequencies,
•Various layers of protection are added to a process to lower frequency of the undesired consequences
•Consequences and affects are approximated by categories, the frequencies are estimated, and the effectiveness of the protection layers is also approximated.
•Individual companies use different criteria to establish the boundary between acceptable and unacceptable risk.
11-4 QRA & LOPA11-4 QRA & LOPATypical Layer of Protection Analysis of a Specific Accident Scenario
11-4 QRA & LOPA11-4 QRA & LOPAMajor steps of QRA study include:•Identify a single consequence•Identify an accident scenario and cause associated with the consequence•Identify the initiating event for the scenario and estimating the initiating event frequency•Identify protection layers available for consequence and estimating the probability of failure on demand (PFD) for each protection layer•Combining the initiating event frequency with the PFD for the independent protection layers to estimate a mitigated consequence frequency•Plotting the consequences versus the consequence frequency to estimate the risk •Evaluating the risk for acceptability
11-4 QRA & LOPA11-4 QRA & LOPA
ConsequenceMost common scenario of interest for LOPA is loss of containment of hazardous material occurred through variety of incidents such as leak from a vessel, ruptured pipeline, gasket failure, release from a relief valve Consequences are estimated using the following methods:•Semi-quantitative approach without the direct reference to human harm •Qualitative estimates with human harm•Quantitative estimates with human harm
11-4 QRA & LOPA11-4 QRA & LOPASemi-Quantitative Consequences Categorization
11-4 QRA & LOPA11-4 QRA & LOPAFrequency
Methods to determine frequency includes the following steps:•Determine failure frequency of initiating event•Adjust the frequency to include the demand•Adjust the failure frequency to include probabilities of failure on demand (PFDs) for each independent layer of protection
Probabilities of failure on demand (PFD) for each independent protection layer (IPL) varies from:
•10-1 for a weak IPL•10-2 for a common practice IPL•10-5 for a strong IPL
11-4 QRA & LOPA11-4 QRA & LOPAThree rules for classifying a specific system or action of an IPL:
•IPL is effective in preventing the consequence when it function as designed
•IPL functions independently of the initiating event and the components of all other IPLs that are used for the same scenario
•IPL is auditable, that is, the PFD of the IPL must be capable of validation including review, testing, and documentation
11-4 QRA & LOPA11-4 QRA & LOPAFrequency Values Assigned to Initiating Events
11-4 QRA & LOPA11-4 QRA & LOPAPFD concept is used when designing emergency shutdown system called safety instrumented functions (SIFs).
A SIF achieves low PFD figures by:
•Using redundant sensors and final redundant control elements
•Using multiple sensors with voting systems and redundant final control elements
•Testing the system components at s specific intervals to reduce the PFD by detecting hidden failures
•Using deenergized trip system (i.e., a relayed shutdown system)
11-4 QRA & LOPA11-4 QRA & LOPAPFDs for Passive IPLs
11-4 QRA & LOPA11-4 QRA & LOPAPFDs for Active IPLs and Human Actions
11-4 QRA & LOPA11-4 QRA & LOPAConsequence Frequency of Specific Scenario Endpoint
Consequence Frequency of Multiple Scenario Endpoint
Where:
11-4 QRA & LOPA11-4 QRA & LOPA
Safety Integrated Levels (SILs) for emergency shutdown system:
•SIL1 (PFD = 10-1 to 10-2): implemented with a single sensor, a single logic solver, a single final control element, and requires periodic proof testing
•SIL2 (PFD = 10-2 to 10-3): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires periodic proof testing
•SIL3 (PFD = 10-3 to 10-4): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires careful design and frequent validation test to achieve low PFD figures.
THANK YOU