at SciVerse ScienceDirect

Journal of Loss Prevention in the Process Industries 26 (2013) 660e665

Contents lists available

Journal of Loss Prevention in the Process Industries

journal homepage: www.elsevier .com/locate/ j lp

Integration of techniques for early fault detection anddiagnosis for improving process safety: Applicationto a Fluid Catalytic Cracking refinery process

Carlos Agudelo a,*, Francisco Morant Anglada b, Eduardo Quiles Cucarella b,Emilio García Moreno b

a Instituto Colombiano del Petroleo e Ecopetrol S.A., Bucaramanga, ColombiabUniversidad Politecnica de Valencia, Valencia 46022, Spain

a r t i c l e i n f o

Article history:Received 29 May 2012Received in revised form14 November 2012Accepted 10 January 2013

Keywords:Early fault detectionDiagnosisKnowledge engineeringAlarm systems

* Corresponding author. Tel.: þ57 3112421213.E-mail addresses: carlos.agudelo@ecopetrol.co

(C. Agudelo), fmorant@isa.upv.es (F.M. Anglada), equilemilio@isa.upv.es (E.G. Moreno).

0950-4230/$ e see front matter � 2013 Elsevier Ltd.http://dx.doi.org/10.1016/j.jlp.2013.01.002

a b s t r a c t

In this paper we show the integration of techniques for early fault detection and diagnosis of operationalfaults in industrial processes, and we show an application example in a Fluid Catalytic Cracking refineryprocess. The early fault detection and diagnosis allow the operators in an industrial process to take thebest actions during the real state of the process, avoiding incipient faults to scale to critical situationswhere there is risk of human lives and economical lost.

� 2013 Elsevier Ltd. All rights reserved.

1. Introduction

Process safety has to do with the prevention of catastrophicevents with very low probability, but a very high consequence inenterprises. Names like Chernobyl, Bhopal, or Piper Alpha are wellknown in the industry, not only for the tragedy for the involvedworkers, but also for the tragedy for the community and thedamage to the environment (Belke & Dietrich, 2001; Drysdale &Sylvester-Evans, 1998; Norman, 1986; Paté-Cornell, 1993; Reason,1987; Salge & Milling, 2006; Shrivastava, 1987).

These names are reminders that safety should always accom-pany technological endeavors. These accidents (with human livesloss, environmental damage, financial penalties, ethical and moralconsiderations) are incentives to center our work in process safetyand avoid that accidents like these occur in the future.

Through the use of advanced software tools we can help theoperators to avoid that incipient faults scale to critical situations.On this paper we show the integration of early operationalfault detection and diagnosis in industrial processes, and howthese techniques can make recommendations to the operators.

m.co, cagudelo@gmail.comes@isa.upv.es (E.Q. Cucarella),

All rights reserved.

In Bakolas and Saleh (2011) it’s shown how it is necessary toincrease the observability and diagnosability to prevent processsafety events. A system is said to be observable if one can determinethe behavior of the entire system from the measurement of the out-putsof the same,otherwise the currentvaluesof someof its states cannot be determined from the output sensors, implying that its valueremains unknown to the driver, and you can not meet the specifica-tions of these outputs control. The diagnosability is a property ofsystems that can detect and diagnose faults associated with them.

In Saleh and Cummings (2011) it’s shown how to maintaineffective control of hazards and establish a set of defenses to blockaccidents, it is important sensing the signs that a situation isgrowing into a dangerous situation.

The control system helps prevent critical situations through theoverride control strategies (Smith & Corripio, 1997), but you needa system that tells the operating personnel that complex faultsare beginning to occur in the plant increasing the observability ofthe process, here is where fault detection and diagnosis appears onthe stage.

The techniques for fault detection and diagnosis comparedwith criteria that define the early fault detection and diagnosis,discrimination between different faults, robustness to noise anduncertainty, new faults identification, multiple faults identification,ease of results explanation and adaptability, suffer from one ofthese criteria, what makes necessary a new approach to solve these

C. Agudelo et al. / Journal of Loss Prevention in the Process Industries 26 (2013) 660e665 661

shortcomings. In Agudelo (2010) a new approach raise, which is theuse of an extended fault dictionary, that through an inference ruleengine makes the integration of some techniques for early faultdetection and diagnosis.

On this paper we study the integration of some techniques forearly fault detection and diagnosis with the purpose to incorporatethe best characteristics of each one of those to be able to detect thewrong behavior in industrial processes. The early fault detectionand diagnosis assist the operations personnel in industrial plantsabout the best actions to take in the real process, avoiding thatincipient faults climb to critical situations where there is risk ofhuman live and financial loss.

2. Required information

2.1. The alarms of the industrial process

The alarms in the electronic control system are one of the firstbarriers to assure process safety. In industrial environments iscommon that operators make their job muting the alarms, becausethey have become noise instead of a help to detect and diagnoseabnormal situations. This is because is very easy to configure alarmsin the modern electronic control systems, and operators are floodedwith “alarms” that not help them to perform their tasks, but thehindering (Stanley & Vaidhyanathan, 1998). That is why there areinternational standards (ISA 18.2, EEMUA 191) seeking to normalizethe alarm systems in industrial processes, first defining what is analarm and then defining criteria to rationalize these systems. Plantalarms should be manage according to a philosophy that includesthe purpose of the alarm system relationship of the proceduresassociatedwith the alarm system to other plant procedures, methodfor prioritizing, kinds of alarms, operator roles and responsibilitieswith regard to alarms, design principles of the alarms, the doc-umentation required for each alarm, training, rates of key systemperformance and target values for them, change management andthe preservation of the history of the alarms (ISA 18.2). Internationalstandards include the use of advanced tools to maximize the capa-bilities of alarm systems: ISA 18.2, section 12, advanced methods toalarms; EEMUA 191, Appendix 7, conjunction of alarms e Intelligentdetection of faults. This software tools, included in the internationalstandards, must advice the operators in the abnormal situationmanagement, avoiding that incipient faults climb to complex andcostly faults (in terms of human live, environmental damage,equipment and production losses).

The use of these advanced software tools is related that thealarm management methodology had been applied in the process(Acero, Riascos, Agudelo, & Torres, 2005a). Once the previous workin alarm management has been done, you can use these softwaretools.

2.2. The integration of the early fault detection and diagnosistechniques

In Agudelo (2010) arises the integration of three techniques forfault detection and diagnosis: The expert knowledge in faults,written in rules, where in the antecedent side we have the symp-toms to validate, and in the consequent side the fault hypothesis;a step test model to detect disturbances in the process, to associatethem to process faults; and the alarm sequences, which must bepreviously identified (Agudelo, Quiles, Morant, & García, 2011).

This integration uses an extended fault dictionary, linking eachtechnique with its symptoms and the operation mode of the pro-cess (Agudelo, Quiles, Morant, & García, 2007). Through a ruleinference engine every symptom is validated and triggers the fault’sdetection and diagnosis.

2.3. Intelligent software tool to make fault detection and diagnosisin a Fluid Catalytic Cracking process

In Agudelo (2010) arises an intelligent software tool to makeearly fault detection and diagnosis in a Fluid Catalytic Crackingintegrating the three proposed techniques.

The software tool is operating on-line at the refinery ofBarrancabermeja (Colombia). This tool will become of great help tothe operators, to manage abnormal situations. The control roomsof this refinery are located in each plant, but they are going tobe located in a central location, putting new challenges to theoperators, making of this solution a valuable input to the refinery.

2.4. Alarm sequences to detect and diagnose faults

The alarm sequences are early indicators of abnormal situations.In Agudelo (2010) is shown that for the same type of fault the alarmsequences are very similar, what allow us to associate them tofaults. Many works have been done in correlating the processanalog variables to make fault detection and diagnosis (Mingsheng,2006; Singhal & Seborg, 2001; and others). There are also manyworks in correlating discrete events (process alarms) to detect anddiagnose faults (Arellano, Galicia, & Ramírez, 1990; Mannila &Ronkainen, 1998; and others). The abnormal situation diagnosiscan be helped if similar performance periods of time can be locatedin the historical database. Such approach has come from differentsources: The telecommunications industry (Mannila & Ronkainen,1998), and the electrical energy production industry (Pereira,Kezunovic, & Mantovani, 2009).

3. State of the art

Many techniques have been used in fault detection and diag-nosis, classified as the next figure shows (Venkatasubramanianet al., 2003) (Fig. 1):

In general can be said that the quantitative model-based tech-niques use information from process measurements and a mathe-matical model of the process. The failure can be treated as aninternal state change, a process parameter change, or an unknowninput (disturbance). When calculating this possible failure signal iscompared with a threshold value to determine whether the faulthas been presented. These techniques can use linear models of theprocess (on-line filters), or non-linear models based on the un-derlying first principles. The difference between the model and theactual process (called residue) will cause false alarms if thresholdsare too low, or undetected faults if they are very high.

In contrast, the qualitativemodel-based techniques are based onthe causal relationship of the process variables. The magnitude ofthe relationship is ignored, only care about the direction of move-ment. Its resolution is regular. Some causal relationships (such asfeedback due to a controller) can generate structures difficult todiagnose. Some techniques used are signal graphs that can incor-porate uncertainty in the model using Bayesian networks. Anothertechnique used was that of knowledge-based systems, which areconstructed from the collection of expert knowledge in the form ofrules of the form if-antecedent-is-true-then-consequent-is-true,for capture process relationships. The inference process for vali-dating a fault hypothesis is done through the backward chaining ofrules, by checking the truthfulness of the consequent side (faulthypothesis) from the true state of the antecedent side (symptomsobserved during the fault scenario), making the calculations withthe data received in real-time from the process.

The early fault detection and diagnosis techniques review willfocus on methodologies that employ the most relevant informationavailable in a typical industrial process: The alarms associated with

MODEL-BASED PROCESS HISTORY BASED

QUANTITATIVE QUALITATIVE QUANTITATIVE QUALITATIVE

Extended Kalman Filter Fault tree PCA/PLS Expert SystemObservers Signal-flow diagrams Artificial neural networks Qualitative Trend Analysis

DIAGNOSTIC METHODS

Fig. 1. Classification of diagnosis techniques.

C. Agudelo et al. / Journal of Loss Prevention in the Process Industries 26 (2013) 660e665662

the process variables, which are designed to warn the operatorwhen operational limits are violated; the available experience inthe detection and diagnosis of fault scenarios, and can be for-mulated as rules that allow replicate the inference mechanism usedby operations personnel of the plant to cope with an abnormalsituation; a process model which can detect disturbances in thecontrolled variables of the process.

3.1. The process alarms as tools to detect and diagnose faults

Alarms in an industrial process are early indicators that someabnormal situation is occurring in the process. The following figureshows the philosophy that you should use to configure alarmlimits:

The control guide and the operational window define the nor-mal operation ranges and the acceptable ranges for the process,respectively (Fig. 2). There are differences between the EmergencyShutdown System alarms and the Distributed Control System (DCS)alarms. The limits showed in Fig. 2 are from the DCS, but in theEmergency Shutdown System are also configured alarms, that warnthe operators that an emergency shutdown has been done (takingthe process to the safe condition) or an emergency shutdown isapproaching if they don’t take the proper actions (pre-trip alarm).

The alarms must address the operator’s attention to the processconditions that requires her/his evaluation and timely action,focusing on important decisions, allowing the reduction of risks topeople, environment and equipment (Acero, Riascos, Agudelo, &Torres, 2005b).

The system alarms the operator receives should be the mostrelevant to address abnormal situations, and provide sufficient timeto respond with appropriate actions for handling. Unfortunately itis common in modern electronic control systems, to find alarmsthat actually are not a help to the operator but instead hinder theirefforts, flooding the alarm system with an unmanageable numberof events both audible and visible, not only during the emergencies,

normal

Alarm limits

Acceptable range for the process

Total range

Process measurementINSTRUMENT

FAILURE

Fig. 2. Alarm’s pyramid.

but even during normal operation scenarios. Therefore it is essen-tial that, in order to make optimal use of information from processalarms, perform a purification of them, attending their prioritybased on an analysis of possible scenarios of unsafe operation thatmay arise in the process (Acero et al., 2005b; Acero, Riascos,Agudelo, & Torres, 2005c).

3.2. Discrete events sequence analysis

We made a research address to the subject of modeling discreteevent sequences (Ortiz Barajas, 2008), it raised the followingobjectives:

� Define the fault modes associated with the main equipment,the causes that may originate them, and the operation of anequipment in a mode to trigger these other fault modes inadjacent equipment.

� Relate the causes and observable symptoms of the fault modesin the main equipment of the Fluidized Catalytic Cracking unitto create sequences that describe the causality between them.

� Associate the fault modes of major equipment with the generalfault states of the process.

� Represent in a causal diagram transitions between fault modesof equipment and triggering fault states of the process.

After doing research we found that the fault trigger alarmssequences are not identical for the same fault, but they have anappreciable degree of similarity (Fig. 3).

The figure above shows labeled process alarms with numbers,and it shows the alarm sequences for the same fault on three dif-ferent dates, showing that although the sequences are not identical,they have an appreciable degree of similarity.

3.3. The extended fault dictionary

In Agudelo et al. (2007) is shown how to model the faults usingan extended fault dictionary. Using information from the alarms ofthe process with a process model and experience of operationspersonnel in the typical faults of the unit can detect and diagnosethe most common faults of the process. Fault dictionaries are basedon quantitative techniques, once you have defined the fault todetect, measurements or calculations are selected which may beassociated with the faults and are recorded in a table.

The measurements obtained from an unknown faulty systemare compared with those recorded in the table, and thus one canidentify the fault (Pous i Sabadí, 2004). Depending on the type ofintegrated techniques, the information recorded in the extendedfault dictionary can be: The fit between the observations of theactual process and the quantitative model for a particular faultscenario; the level of similarity between the sequence of observedalarms in the actual process, and a sequence of associated alarmsprior to the decision in question; or simply a set of symptoms to beobserved during the fault scenario (drawn from the knowledge ofexperts in the process).

22-may28-may21-jun

I2 P2 H1

B2 E1

D2 F1

C2 K2

W3 M2

R3 W1

M4 T3

I3 Q1

F3 K4

P1 O1

H3 Y1

G4 R2

F4 Q4

U3 P4

B3 N2

J4 Q3 O2

Fig. 3. Alarm sequences associate it to the same fault occurred in 3 different dates.

C. Agudelo et al. / Journal of Loss Prevention in the Process Industries 26 (2013) 660e665 663

In any of the above situations, the information is recorded in theextended fault dictionary as a set of symptoms Sij, where the firstsubscript refers to the technique used to detect these symptomsand the second subscript refers to fault defined within the dictio-nary (Fig. 4).

Some items in this extended fault dictionary might be empty (4)due to problems in the techniques used to detect the fault (lack ofinformation from sensors, the absence of a quantitative model forthis fault scenario, etc.). Or even be repeated for different faultsymptoms due to masking it difficult to discern the root cause ofthe symptoms observed. In the extended fault dictionary has addeda column (mode) to identify the operationmode during which suchfault can occur (and may present the same fault in different oper-ation modes). This makes easier the inhibition of the detection ofcertain faults during startup and shutdown operations, in whichcertain techniques have drawbacks for discerning between anabnormal condition of operation and a perfectly normal condition(for example, alarms in an industrial process normally are activatedduring the startup and shutdown procedures due to the violation of

Fig. 4. Extended fault dictionary.

established operating windows for normal operation). The exten-ded fault dictionary allows integration of several techniques forfault detection and diagnosis, incorporating not just the symptomsobservable during normal operation (f0), but also the observablesymptoms for each fault scenario. The way in which a rules enginecan model this process of inference is through a backward chainingset of rules to record the possible scenarios of fault from the entriesin the extended fault dictionary. ij rule has the following form:

Sij^ModeðmÞ0fj (1)

where the consequent side has the fault hypothesis, and the wholesymptoms set to be checked (quantitative model of the process,fault alarm sequence, set of symptoms validated by an expert in theprocess, etc.), next to the operation mode in which the processmust be found, in the antecedent side, everything recorded in theextended fault dictionary.

4. Faults to detect

Sadeghbeigi (2000) defines the typical faults of a FluidizedCatalytic Cracking Unit:

High temperature in the regenerator;Limited movement of catalyst;Reverse flow;Coke deposits;Low quality and yield (related to low conversion, high dry gasproduction, low production of gasoline and low octane ingasoline);Loss of catalyst;Afterburn.

VARIABLEINDEPENDIENTE

VARIABLEDEPENDIENTE

FUNCION DE TRANSFERENCIA

INDEPENDENT VARIABLE

DEPENDENT VARIABLETRANSFER

FUNCTION

Fig. 6. Relation between manipulated variable and controlled variable using multi-variable predictive control step model.

C. Agudelo et al. / Journal of Loss Prevention in the Process Industries 26 (2013) 660e665664

From the typical fault scenarios of the process and historicaldata collected we have built a fault dictionary that associates theobservable symptoms for each of them, and to delimit the numberof abnormal situations to which the fault detection and diagnosistechniques (and later the integration platform) should react. Thefault dictionary simplifies the complexity of the diagnostic work,because although abnormal behavior is detected in the process willnot always be diagnosable.

4.1. Information on process alarms

The console operators have to face certain alarm conditions inthe plant:

Alarm bit descriptive.Alarms too detailed.Too many alarms during a process upset.False alarms.Multiple alarms for the same event.Alarms that change too fast to be read in the graphic display ofthe operator.Alarms are not in order of priority.

The proposed processing alarms detect sequences associatedwith the same type of fault and make an intelligent cause-effectanalysis. We created a new type of alarms that give informationto the operator on the shortcomings, its symptoms, the causethereof and to make recommendations by the operations staff.

4.2. Knowledge based system for fault detection and diagnosis

One of the great advantages of using knowledge-based systemsis to preserve the knowledge of operational best practices, andactions to be performed for each set of symptoms that show that anabnormal situation begins to occur in the process, incorporatingexperience of expert staff, ensuring the knowledge to future gen-erations of operators, standardizing best practices.

4.3. Collected Knowledgebase

The knowledge needed to integrate the proposed techniques fordetecting and diagnosing faults, it has been collected in terms ofrules, where in the antecedent side have the symptoms of majorfaults of the process, and the in the consequent side fault hypoth-esis that confirmed if symptoms are verified as true.

4.4. The process dynamic model

The step response model type used for detection of distur-bances, to detect a fault in its early stages (before it climbs to morecomplex problems) is the same model used in multivariable pre-dictive control of the process.

Fig. 5. Bands corresponding to the normal distribution of data collected online.

The solution to the problem of uncertainty in model parametersis resolved through the specification of bands to determine thevariability allowed for the input, output and state variables of theprocess (Fig. 5).

The uncertainty is addressed in the bands statistical analysis,that approach the calculation of the symptoms associated witheach detectable fault, making if a variable is above two standarddeviations from its carrying value, it is assumed that the symptomobserved is the increase of that variable, while if the variable istwo standard deviations below the carrying value, the symptom isthe decreased variable and if the variable is within the range oftwo standard deviations then the associated symptom is that thevariable remained the same (Bao, Khan, Iqbal, & Chang, 2011).

4.5. The dynamic step model to detect disturbances

This technique of the intelligent software tool is based ona model commonly known in control systems as step response,where in the system output is the response to a unit step inputsignal. This method has as its foundation the study of the dynamicbehavior of the dependent and independent variables that belongto the multivariable control system of the Fluid Catalytic Crackingprocess at Barrancabermeja refinery.

The structure of the dynamic model is based on unitary modelsthat relate each dependent variable with each independent varia-ble (a transfer function corresponding to the dynamic effect thata movement generates an independent variable on the dependentvariable). Thanks to the properties of the obtained models, it ispossible to relate the dynamic behavior of a dependent variable andthe addition of the effects of each of the independent variables, fordetection and diagnosis of a fault, the step response model onlyconsiders the behavior of a single pair of independente dependentvariables that can describe the predicted behavior, this is a changeof a condition or state to another in a manipulated variable anda considerable distance in a controlled variable target, as a result ofa disturbance in the system (Fig. 6).

The change of the manipulated variable is because of the de-grees of freedom of the controller in the presence of a disturbance.Disturbances that are beyond the set of limits in the controller willbe detected by other techniques, the distance of the target of thecontrolled variables are the response of the automatic controller totry to restore the system to steady state.

5. Conclusions

This article supports the use of advanced software tools to helpearly fault detection and diagnosis. It shows how early faultdetection and diagnosis aid the process safety. It has been shownusing an extended fault dictionary the integration of three tech-niques for fault detection and diagnosis: Expert knowledge of theprocess, formulated in terms of rules; a simplified model of theprocess (step response), which detects disturbances on the process;and alarm sequences. The use of extended fault dictionary willallow future growth in the set of techniques used for the faultdetection and diagnosis (for example using qualitative models).

C. Agudelo et al. / Journal of Loss Prevention in the Process Industries 26 (2013) 660e665 665

References

Acero, C., Riascos, F., Agudelo, C., & Torres, E. (2005a). Gerenciamiento de Alarmas:Documento filosófico para el manejo de alarmas en la Gerencia Refinería de Car-tagena. Piedecuesta (Colombia): Instituto Colombiano del Petróleo, ECOPETROL.

Acero, C., Riascos, F., Agudelo, C., & Torres, E. (2005b). Gerenciamiento de Alarmas enGRC: Diagnóstico preliminar Unidad de Ruptura Catalítica-Fase I. Piedecuesta(Colombia): Instituto Colombiano del Petróleo, ECOPETROL.

Acero, C., Riascos, F., Agudelo, C., & Torres, E. (2005c). Gerenciamiento de Alarmas enGRC: Informe de medición Post-Fase I Unidad de Ruptura Catalítica. Piedecuesta(Colombia): Instituto Colombiano del Petróleo, ECOPETROL.

Agudelo, C. (2010). Integración de técnicas para la detección temprana y el diagnósticode fallos. Aplicación a un proceso de Cracking Catalítico Fluidizado. Documentpresented as requirement for the Advanced Studies Diploma. Valencia, Spain:Universidad Politécnica de Valencia.

Agudelo, C., Quiles, E., Morant, F., & García, E. (2011). Intelligent alarm management.Presented and publish in IEEE LARC e LARS e CCAC & IASCW 2011 (XI LatinAmerican Robotics Competition & Colombian Conference on Automatic Control& II Industry Applications Society Colombian Workshop) Bogota (Colombia).http://dx.doi.org/10.1109/LARC.2011.6086852.

Agudelo, C., Quiles, E., Morant, F., & García, E. (2007). Uso de Sistemas Expertos en elDiagnóstico de Fallos en Procesos Complejos. XIII Convención de IngenieríaEléctrica (CIE2007). Villa Clara (Cuba): Univ. Central Maria Abreu de las Villas.

Arellano, J., Galicia, Y., & Ramírez, E. (1990). A new shell for the development ofalarm pattern recognition expert systems. In. Proceedings of the 3rd internationalconference on industrial and engineering applications of artificial intelligence andexpert systems, Vol. 2.

Bakolas, E., & Saleh, J. (2011). Augmenting defense-in-depth with the conceptsof observability and diagnosability from Control Theory and Discrete EventSystems. Reliability Engineering and System Safety, 96, 184e193.

Bao, H., Khan, F., Iqbal, T., & Chang, Y. (2011). Risk-based fault diagnosis and safetymanagement for process systems. Process Safety Progress, 30(1).

Belke, J. C., & Dietrich, D. Y. (2001). Chemical accident risks in US industrydA pre-liminary analysis of accident risk data from US hazardous chemical facilities. Paperpresented at the 10th international symposium on loss prevention and safetypromotion in the process industries, Stockholm, Sweden.

Drysdale, D. D., & Sylvester-Evans, R. (1998). The explosion and fire on the PiperAlphaplatform, 6 July 1988. A case study. Philosophical Transactions of the Royal Societyof London Series, a Mathematical Physical and Engineering Sciences, 356(1748),2929e2951.

Mannila, H., & Ronkainen, P. (1998). Similarity of event sequences (extended abstract).University of Helsinki, Department of Computer Science.

Mingsheng, Q. (2006). Efficient methodologies for real-time state identification duringprocess transitions. A thesis submitted for the degree doctor of philosophy,Department of Chemical and Biomolecular Engineering, National University ofSingapore.

Norman, C. (1986). Chernobylderrors and designflaws. Science, 233(4768),1029e1031.Ortiz Barajas, M. C. (2008). Definición de los modos de fallo de una unidad de ruptura

catalítica a partir de información bibliográfica y conocimiento previo. Electronicengineer thesis. Universidad Industrial de Santander, Facultad de ingeníeriasfísico-mecánicas, Escuela de ingeniería eléctrica, electrónica y tele-comunicaciones, Bucaramanga (Colombia).

Paté-Cornell, M. E. (1993). Learning from the Piper Alpha accidentda postmortemanalysis of technical and organizational factors. Risk Analysis, 13(2), 215e232.

Pereira, R., Kezunovic, M., & Mantovani, J. (2009). Fault location algorithm for primarydistribution feeders based on voltage sags. International Journal of Innovations inEnergy Systems and Power, 4(1).

Pous i Sabadí, C. (2004). Case based reasoning as an extensión of fault dictionarymethods for linear electronic analog circuits diagnosis. PhD dissertation, Uni-versidad de Girona, Spain.

Reason, J. (1987). The Chernobyl errors. Bulletin of the British Psychological Society,40, 201e206.

Sadeghbeigi, R. (2000). Fluid Catalytic Cracking handbook (2nd ed.). Houston (USA):Gulf Professional Publishing Company.

Saleh, J., & Cummings, A. (2011). Safety in the mining industry and the unfinishedlegacy of mining accidents: safety levers and defense-in-depth for addressingmining hazards. Safety Science, 49, 764e777.

Salge, M., & Milling, P. M. (2006). Who is to blame, the operator or the designer?Two stages of human failure in the Chernobyl accident. System DynamicsReview, 22(2), 89e112.

Shrivastava, P. (1987). Bhopal: Anatomy of a crisis. Cambridge, Mass: BallingerPub. Co.Singhal, A., & Seborg, D. (2001). Matching patterns from historical data using PCA

and distance similarity factors. In Proceedings of the American control conference,Arlington, VA. Santa Barbara: Department of Chemical Engineering. University ofCalifornia.

Smith, C., & Corripio, A. (1997). Principles and practice of automatic process control(2nd ed.). Wiley.

Stanley, G. M., & Vaidhyanathan, R. (1998). A generic fault propagation modelingapproach to on-line diagnosis and event correlation. Submitted to 3rd IFACworkshop on on-line fault detection and supervision in the chemical processindustries, Solaize, France.

Venkatasubramanian, V., Rengaswamy, R., Yin, K., & Kavuri, S. (2003). A review ofprocess fault detection and diagnosis. Part I: quantitative model-basedmethods. Computers and Chemical Engineering, 27, 293e311.