Chapter 1: Safety engineering
Engineering is a subject that ensures that engineered systems deliver adequate levels of safety. One of the engineering disciplines is safety engineering. Within the realm of industrial engineering and systems engineering, as well as the subfield of system safety engineering, it has a strong connection. Even in the event that individual components fail, safety engineering ensures that a life-critical system continues to function as intended.
There are two distinct categories that can be used to classify analysis techniques: qualitative methods and quantitative approaches. Finding causal relationships between a danger on the system level and failures of specific components is the objective of both approaches, which are related to one another. The question "What must go wrong, such that a system hazard may occur?" is the focal point of qualitative approaches, whereas the objective of quantitative methods is to provide calculations of the probability, rates, and/or severity of effects.
On the other hand, the complexity of the technological systems, which includes things like improvements to the design and materials, planned inspections, foolproof design, and backup redundancy, reduces risk while simultaneously increasing costs. Depending on the circumstances, the risk can be reduced to levels that are either as low as reasonably feasible (ALARA) or as low as realistically achievable (ALAPA).
Techniques for safety analysis have traditionally relied exclusively on the knowledge and experience of the safety engineer doing the study. Throughout the course of the past ten years, model-based methodologies, such as STPA (Systems Theoretic Process Analysis), have gained significant prominence. On the other hand, model-based techniques, in contrast to traditional methods, make an effort to deduce links between causes and consequences from some kind of model of the system.
FMEA, which stands for failure mode and effects analysis, and FTA, which stands for fault tree analysis, are the two fault modeling methodologies that are used the most frequently. In the same manner as probabilistic risk assessment makes use of these methodologies, they are only methods for locating problems and developing strategies to deal with failures. One of the earliest studies that utilized this method on a commercial nuclear facility was the WASH-1400 research, which is sometimes referred to as the Reactor Safety research or the Rasmussen Report. This study was noted for its comprehensive nature.
Failure Mode and Effects Analysis, also known as FMEA, is an inductive analytical process that is performed from the bottom up. It can be carried out at either the functional or piece-part level. The functional failure mode and effects analysis (FMEA) process involves determining the failure modes for each function in a system or piece of equipment, typically with the assistance of a functional block diagram. During the piece-part FMEA process, failure modes are determined for each component that is considered to be a piece-part (for example, a valve, connection, resistor, or diode). The failure mode is explained, and a probability is attributed to the impacts of the failure mode. This probability is determined by the failure rate and failure mode ratio of the function or component. For software, this quantization is challenging since it is difficult to determine whether or not a defect exists, and the failure models that are used for hardware components do not apply. The variables like temperature, age, and manufacturing variability have an impact on a resistor, but they have no impact on software.
It is possible to combine failure modes that have the same effects and describe them in a document called a Failure Mode Effects Summary. Combined with criticality analysis, failure mode and effects analysis (FMEA) is referred to as failure mode, effects, and criticality analysis (FMECA).
The error tree analysis, often known as FTA, is a logical and top-down approach of analysis. When using FTA, primary events that are triggered by factors like as component failures, human errors, and external events are followed through Boolean logic gates until they reach an undesirable top event. This may be something like an aircraft crash or a nuclear reactor core meltdown. In addition to ensuring that safety objectives have been met, the purpose of this endeavor is to find strategies to reduce the likelihood of top occurrences occurring.
By applying de Morgan's theorem to success trees, which are directly related to reliability block diagrams, one can generate fault trees, which are a logical inverse of success trees. Fault trees can be obtained by applying the principle of de Morgan.
A qualitative or quantitative FTA may be implemented. It is possible to conduct an analysis of qualitative fault trees for minimal cut sets in situations where failure and event probability are unknown. For instance, if a single base event is included in any minimal cut set, then the top event can be the result of a single failure. To compute the top event probability, quantitative FTA is utilized, and it typically necessitates the utilization of computer software such as CAFTA, which is developed by the Electric Power Research Institute, or SAPHIRE, which is developed by the Idaho National Laboratory.
Fault trees and event trees are both utilized in certain economic sectors. Beginning with an undesirable initiator (such as the loss of critical supply or the failure of a component, for example), an event tree then proceeds to follow potential additional system events all the way through to a series of final consequences. As each new occurrence is taken into account, a new node is added to the tree, and the probabilities of selecting either branch are divided between the two new nodes. When this occurs, it is possible to view the probability of a variety of "top events" that are a result of the initial event.
For the purpose of ensuring the safety of offshore production systems and platforms, the offshore oil and gas sector employs a process known as qualitative safety systems analysis. throughout the design phase, the analysis is utilized to identify process engineering hazards and risk mitigation methods. This activity takes place throughout the design phase. The process is outlined in the Recommended Practice 14C of the American Petroleum Institute, which is titled "Analysis, Design, Installation, and Testing of Basic Surface Safety Systems for Offshore Production Platforms."
The method employs system analysis techniques in order to ascertain the safety requirements that must be met in order to safeguard any individual component of the process, such as a vessel, pipeline, or pump. The safety needs of separate components are incorporated into a comprehensive platform safety system. This system includes emergency support systems such as fire and gas detection, as well as liquid containment systems.
In the initial stage of the study, specific process components are identified. These components may include flowlines, headers, pressure vessels, atmospheric vessels, fired heaters, exhaust heated components, pumps, compressors, pipelines, and heat exchangers. Flowlines are additionally a component of the process. An analysis of safety is performed on each component in order to determine the occurrence of unfavorable occurrences (such as the failure of equipment or the upset of the process, among other things) that require protection. A detectable condition, such as excessive pressure, is identified as a result of the analysis. This condition is then utilized to begin actions that are intended to prevent or limit the impact of unwanted events. Listed below are the components that are included in a Safety Analysis Table (SAT) designated for pressure vessels.
Inflow is greater than outflow
Gas blowby (originating from the upstream direction)
Inability to manage the pressure
Increase in temperature
A surplus of heat input
The flow of liquid slug
Liquid outflow that is either blocked or restricted
Inability to adjust the level
Under-pressure, gas blowby, leak, and excess temperature are some more unpleasant events that can occur in a pressure vessel. These occurrences, along with the conditions that are linked with them and can be detected, are also undesirable.
Following the identification of the events, causes, and conditions that can be detected, the subsequent stage of the approach involves the utilization of a Safety Analysis Checklist (SAC) inside each component. The following is a list of the safety devices that may be necessary or the circumstances that eliminate the requirement for such a technology. As an illustration, the SAC detects the following circumstances in the event of a liquid overflow from a vessel (as described above): The analysis guarantees that two levels of protection are supplied in order to attenuate each undesired outcome. For instance, if a pressure vessel were to be subjected to over-pressure, the primary protection would be a pressure switch high (PSH) that would cut off the inflow to the vessel. The secondary protection would be given by a pressure safety valve (PSV) that would be installed on the vessel itself.
In the subsequent phase of the investigation, a Safety Analysis Function Evaluation (SAFE) chart is utilized to establish connections between all of the sensing devices, shutdown valves (ESVs), trip systems, and emergency assistance systems.
The letter X indicates that the shutdown or warning action represented on the top right (for example, ESV closure) is initiated by the detecting device located on the left (for example, PSH).
In order to design the functional architecture...
