Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners (Second Edition)

Probabilistic Risk Assessment (PRA) is a comprehensive, structured, and logical analysis method aimed at identifying and assessing risks in complex technological systems for the purpose of cost-effectively improving their safety and performance. NASA's objective is to better understand and effectively manage risk, and thus more effectively ensure mission and programmatic success, and to achieve and maintain high safety standards at NASA. NASA intends to use risk assessment in its programs and projects to support optimal management decision making for the improvement of safety and program performance. In addition to using quantitative/probabilistic risk assessment to improve safety and enhance the safety decision process, NASA has incorporated quantitative risk assessment into its system safety assessment process, which until now has relied primarily on a qualitative representation of risk. Also, NASA has recently adopted the Risk-Informed Decision Making (RIDM) process [1-1] as a valuable addition to supplement existing deterministic and experience-based engineering methods and tools. Over the years, NASA has been a leader in most of the technologies it has employed in its programs. One would think that PRA should be no exception. In fact, it would be natural for NASA to be a leader in PRA because, as a technology pioneer, NASA uses risk assessment and management implicitly or explicitly on a daily basis. NASA has probabilistic safety requirements (thresholds and goals) for crew transportation system missions to the International Space Station (ISS) [1-2]. NASA intends to have probabilistic requirements for any new human spaceflight transportation system acquisition. Methods to perform risk and reliability assessment in the early 1960s originated in U.S. aerospace and missile programs. Fault tree analysis (FTA) is an example. It would have been a reasonable extrapolation to expect that NASA would also become the world leader in the application of PRA. That was, however, not to happen. Early in the Apollo program, estimates of the probability for a successful roundtrip human mission to the moon yielded disappointingly low (and suspect) values and NASA became discouraged from further performing quantitative risk analyses until some two decades later when the methods were more refined, rigorous, and repeatable. Instead, NASA decided to rely primarily on the Hazard Analysis (HA) and Failure Modes and Effects Analysis (FMEA) methods for system safety assessment

Real-time sensor data development for smart truck drivetrains

Heavy articulated transport vehicles have a poor reputation associated with dramatic road accidents with frequent fatalities for those in automobiles. The result of this work is a formal data flow structure to enhance real-time decision-making in complex mechanical systems to increase performance capability and responsiveness to human commands. This structure recognizes the multiple layers of highly non-linear mechanical components (actuators, wheel tire & ground surfaces, controllers, power supplies, human/machine interfaces, etc.) that must operate in unison (i.e., reduce conflicts) in real-time (in milli-seconds) to enhance operator (driver) control to maximize human choice. This work contains a discussion on dependable sensor data is vital in complex systems that rely on a suite of sensors for both control as well as condition monitoring purposes as well as discussion on real-time energy distribution analysis in high momentum mechanical systems. The focus will be on tractor trucks of class 7 & 8 that are outfitted with an array of low-cost redundant sensors leveraging advances in intelligent robotic systems. This work details many topics including: Most relevant sensor types and their technologies, Designing, implementing, and maintaining a multi-sensor system using feasible industry standards, Sensor signal integrity and data flow processing for decision making, Asynchronous data flow methods for operating decision making schemes in real-time, Multiple applications to enhance tractor trucks systems with multi-sensor systems for real-time decision making.Mechanical Engineerin

Historical review of fire safety at NPP and application of fire PSA to Westinghouse PWR NPP in the frame of risk-informed decision making by

The importance of fire as a potential initiator of multiple-system failures took on a new perspective after the cable-tray fire at Browns Ferry in 1975 The review have shown that the first generation Nuclear Power Plant (NPP) fire safety was not factored as high risk area that needed to be effectively assessed and quantified. This resulted in development of peculiar fire safety regulations, standards and expensive backfits. Lack of appropriate regulations and effective methods of fire risk assessment, prescriptive, difficult and expensive retrofit regulations were instituted in USA. The alternative risk-informed performance based regulation was established in USA to resolve the challenges of the prescriptive rules. The review have revealed that both the prescriptive and risk-informed performance based approaches will not represent adequate design basis for new Nuclear Power Plants. The Japanese were pulled in the path of renew fire safety regulations and risk quantification after the Fukushima accident. It has been recognized that effective fire safety assessment, and culture, in concert with countermeasures to prevent, detect, suppress, and mitigate the effect of fires if they occur, will minimized NPP fire risk. Among the numerous recommendation the fire safety at NPP must be planned and engineered before construction begin using the state-of-the-arts technology. Also, the methods of fire risk assessment must integrate the state-of-the-arts deterministic and probabilistic approaches. Two methods are presented which serve to incorporate the fire-related risk into the current practices in nuclear power plants with respect to the assessment of configurations. The first method is a fire protection systems and key safety functions Unavailability Matrix (UM) which is developed to identify structures, systems, and components significant for fire-related risk. The second method is a fire zones and key safety functions (KSFs) fire risk matrix which is useful to identify fire zones which are candidates for risk management actions. The UM is an innovative tool to communicate fire risk. The Monte Carlo method has been used to assess the uncertainty of the UM. The analysis shows that the uncertainty is sufficiently bounded. The significant fire-related risk is localized in six KSF representative components and one fire protection system which should be included in the maintenance rule. The unavailability of fire protection systems does not significantly affect the risk. The fire risk matrix identifies the fire zones that contribute the most to the fire-related risk. These zones belong to the control building and electric penetrations building. The aggregation of Internal Events PSA model and Fire PSA model have shown that the Fire PSA contributes 38.4% to the Risk increase. The feasibility of developing Fire-related Risk Monitor from the FIRE PSA for the Spanish NPP was carried out. One of the main challenges is that RiskSpectrum® fire PSA has 384 fire cases and 384 CDF but in Risk Monitor one CDF is required. However, CAFTA is unable to convert a Sequential Fault Tree structure of the internal Event tree in the Fire PSA. The conversion fails to implement neither all of the sequences leading to core damage nor the Fault Tree selection of the frequency of fire. The proposal is to suppress exchange events and introduce the alignment of the consequences so that a unique result of core damage can be quantified. The detection and fire suppression Event Trees in the reference model were replaced by detection and fire extinction Fault trees. The frequency of each Fire Case of the conversion model and the reference model are quantified and the frequencies compared. The results shows that 90% of the cases are valid, however, the rest have challenges with MCS. A unique CDF of 7.65x10-7 is quantified compared with 9.83×10-6 of the reference. The conversion of the new model in CAFTA was not successful due to software incompatibility.La importància del incendi com un potencial iniciador de sistema múltiples fallides van agafar una nova perspectiva després del incendi al cable-safata de Browns Ferry el 1975. La revisió ha mostrat que la primera generació de seguretat contra incendis de centrals d'Energia Nuclear (NPP) no va ser àrea de alt risc, àrea que necessitava ser efectivament avaluada i quantificada. Això va resultar en el desenvolupament de normes de seguretat de incendi peculiar, estàndards i cares revisions. La manca d'una reglamentació adequada i mètodes eficaços d'avaluació de risc d'incendi, va fer que als USA foren instituïts mètodes d'adaptació de normativa preceptius, difícils i costós. L'alternativa de regulació informada per el risc es va establir als USA per resoldre els reptes de la regulació preceptiva. La revisió ha mostrat que tant als enfocaments de normativa preceptiva i regulació informada per el risc no representen bases de disseny adequades per a noves NPP. Ha estat reconeguda que la efectiva avaluació de seguretat al incendi i la cultura en concert amb mesures per prevenir, detectar, suprimir i mitigar l'efecte d'incendis, si es produeixen, minimitzarà el risc d'incendi en una NPP. Entre les nombroses recomanacions la seguretat contra incendis a una NPP s'hauran previst i dissenyat abans de començar la construcció i utilitzant estat del art de la tecnologia. També, els mètodes d'avaluació del risc d'incendi tindran que integrar el estat del art en els enfocaments de determinista i probabilístics. Dos mètodes són presentats que serveixen per incorporar el risc relacionats amb el foc a les pràctiques actuals en centrals nuclears en respecte a l'avaluació de configuracions. El primer mètode és un sistema de protecció contra incendis i una matriu de indisponiblitats de les funcions clau de seguretat (MU) que es desenvolupa per a identificar estructures, sistemes i components significatius per riscos relacionats amb els incendis. El segon mètode és zones de focs i matriu de risc d'incendi i funcions (KSFs) clau de seguretat que és útil identificar les zones de foc que són candidats per a les accions de gestió de risc. La MU és una eina innovadora per comunicar el risc d'incendi. El risc significatiu relacionats amb el incendi està localitzat en sis components representatius KSF i un sistema de protecció de foc que cal que figuri en la regla de manteniment. La manca de sistemes de protecció contra incendis no afecta significativament al risc. La matriu de risc d'incendi identifica les zones de foc que mes contribueixen al risc relacionats amb el incendi. Aquestes zones pertanyen a l'edifici de control i edifici de penetracions elèctriques. L'agregació del model de PSA de esdeveniments interns i model de incendis PSA han demostrat que el PSA de incendis aporta 38.4% a l'augment de risc. S'ha desenvolupat la viabilitat del Monitor de risc de incendis a partir del PSA de incendis per a una central nuclear espanyola. Un dels reptes principals és que RiskSpectrum® incendis PSA te 384 casos de incendis i te 384 CDF però en risc Monitor és necessària una CDF. Tanmateix, el CAFTA és incapaç de convertir una estructura seqüencial de arbre de fallida de l'arbre esdeveniment interna en el PSA de incendis. La conversió fracassa al posar en pràctica totes les seqüències de danys al nucli i la selecció de l'arbre de fallida de la freqüència de incendi. La descoberta i supressió de arbres de l'esdeveniment de incendi en el model de referència es van substituir per detecció i els arbres de fallades d'extinció d'incendi. La freqüència de cada cas de incendi del model de conversió i el model de referència son quantificades i les freqüències son comparades. Els resultats demostra que el 90% dels casos són vàlid, no obstant això, la resta té reptes amb MCS. Un únic CDF de 7.65x10-7 s'ha quantificat en comparació amb 9.83 × 10-6 de la referència. La conversió del nou model a CAFTA no va tenir èxit a causa de la incompatibilitat del programari

Mechatronic Systems

Mechatronics, the synergistic blend of mechanics, electronics, and computer science, has evolved over the past twenty five years, leading to a novel stage of engineering design. By integrating the best design practices with the most advanced technologies, mechatronics aims at realizing high-quality products, guaranteeing at the same time a substantial reduction of time and costs of manufacturing. Mechatronic systems are manifold and range from machine components, motion generators, and power producing machines to more complex devices, such as robotic systems and transportation vehicles. With its twenty chapters, which collect contributions from many researchers worldwide, this book provides an excellent survey of recent work in the field of mechatronics with applications in various fields, like robotics, medical and assistive technology, human-machine interaction, unmanned vehicles, manufacturing, and education. We would like to thank all the authors who have invested a great deal of time to write such interesting chapters, which we are sure will be valuable to the readers. Chapters 1 to 6 deal with applications of mechatronics for the development of robotic systems. Medical and assistive technologies and human-machine interaction systems are the topic of chapters 7 to 13.Chapters 14 and 15 concern mechatronic systems for autonomous vehicles. Chapters 16-19 deal with mechatronics in manufacturing contexts. Chapter 20 concludes the book, describing a method for the installation of mechatronics education in schools

A framework for assessing and improving the resilience of complex engineered systems during the early design process

As modern systems continue to increase in size and complexity, they pose significant safety and risk management challenges. System engineers and much of the government research efforts are focused on understanding the attributes and characteristics that emerge from the interactions of components and subsystems. As a result, the objective of this research is to develop techniques and supporting tools for the verification of the resilience of complex engineered systems during the early design stages. Specifically, this work focuses on automating the verification of safety requirements to ensure designs are safe, automating the analysis of design topology to increase design robustness against internal failures or external attacks, and allocating appropriate level of redundancy into the design to ensure designs are resilient. In distributed complex systems, a single initiating fault can propagate throughout engineering systems uncontrollably, resulting in severely degraded performance or complete failure. This research is motivated by the fact that there is no formal means to verify the safety and resilience properties, and no provision to incorporate related analysis into the design process

Systems Engineering: Availability and Reliability

Current trends in Industry 4.0 are largely related to issues of reliability and availability. As a result of these trends and the complexity of engineering systems, research and development in this area needs to focus on new solutions in the integration of intelligent machines or systems, with an emphasis on changes in production processes aimed at increasing production efficiency or equipment reliability. The emergence of innovative technologies and new business models based on innovation, cooperation networks, and the enhancement of endogenous resources is assumed to be a strong contribution to the development of competitive economies all around the world. Innovation and engineering, focused on sustainability, reliability, and availability of resources, have a key role in this context. The scope of this Special Issue is closely associated to that of the ICIE’2020 conference. This conference and journal’s Special Issue is to present current innovations and engineering achievements of top world scientists and industrial practitioners in the thematic areas related to reliability and risk assessment, innovations in maintenance strategies, production process scheduling, management and maintenance or systems analysis, simulation, design and modelling

Historical review of fire safety at NPP and application of fire PSA to Westinghouse PWR NPP in the frame of risk-informed decision making by

The importance of fire as a potential initiator of multiple-system failures took on a new perspective after the cable-tray fire at Browns Ferry in 1975 The review have shown that the first generation Nuclear Power Plant (NPP) fire safety was not factored as high risk area that needed to be effectively assessed and quantified. This resulted in development of peculiar fire safety regulations, standards and expensive backfits. Lack of appropriate regulations and effective methods of fire risk assessment, prescriptive, difficult and expensive retrofit regulations were instituted in USA. The alternative risk-informed performance based regulation was established in USA to resolve the challenges of the prescriptive rules. The review have revealed that both the prescriptive and risk-informed performance based approaches will not represent adequate design basis for new Nuclear Power Plants. The Japanese were pulled in the path of renew fire safety regulations and risk quantification after the Fukushima accident. It has been recognized that effective fire safety assessment, and culture, in concert with countermeasures to prevent, detect, suppress, and mitigate the effect of fires if they occur, will minimized NPP fire risk. Among the numerous recommendation the fire safety at NPP must be planned and engineered before construction begin using the state-of-the-arts technology. Also, the methods of fire risk assessment must integrate the state-of-the-arts deterministic and probabilistic approaches. Two methods are presented which serve to incorporate the fire-related risk into the current practices in nuclear power plants with respect to the assessment of configurations. The first method is a fire protection systems and key safety functions Unavailability Matrix (UM) which is developed to identify structures, systems, and components significant for fire-related risk. The second method is a fire zones and key safety functions (KSFs) fire risk matrix which is useful to identify fire zones which are candidates for risk management actions. The UM is an innovative tool to communicate fire risk. The Monte Carlo method has been used to assess the uncertainty of the UM. The analysis shows that the uncertainty is sufficiently bounded. The significant fire-related risk is localized in six KSF representative components and one fire protection system which should be included in the maintenance rule. The unavailability of fire protection systems does not significantly affect the risk. The fire risk matrix identifies the fire zones that contribute the most to the fire-related risk. These zones belong to the control building and electric penetrations building. The aggregation of Internal Events PSA model and Fire PSA model have shown that the Fire PSA contributes 38.4% to the Risk increase. The feasibility of developing Fire-related Risk Monitor from the FIRE PSA for the Spanish NPP was carried out. One of the main challenges is that RiskSpectrum® fire PSA has 384 fire cases and 384 CDF but in Risk Monitor one CDF is required. However, CAFTA is unable to convert a Sequential Fault Tree structure of the internal Event tree in the Fire PSA. The conversion fails to implement neither all of the sequences leading to core damage nor the Fault Tree selection of the frequency of fire. The proposal is to suppress exchange events and introduce the alignment of the consequences so that a unique result of core damage can be quantified. The detection and fire suppression Event Trees in the reference model were replaced by detection and fire extinction Fault trees. The frequency of each Fire Case of the conversion model and the reference model are quantified and the frequencies compared. The results shows that 90% of the cases are valid, however, the rest have challenges with MCS. A unique CDF of 7.65x10-7 is quantified compared with 9.83×10-6 of the reference. The conversion of the new model in CAFTA was not successful due to software incompatibility.La importància del incendi com un potencial iniciador de sistema múltiples fallides van agafar una nova perspectiva després del incendi al cable-safata de Browns Ferry el 1975. La revisió ha mostrat que la primera generació de seguretat contra incendis de centrals d'Energia Nuclear (NPP) no va ser àrea de alt risc, àrea que necessitava ser efectivament avaluada i quantificada. Això va resultar en el desenvolupament de normes de seguretat de incendi peculiar, estàndards i cares revisions. La manca d'una reglamentació adequada i mètodes eficaços d'avaluació de risc d'incendi, va fer que als USA foren instituïts mètodes d'adaptació de normativa preceptius, difícils i costós. L'alternativa de regulació informada per el risc es va establir als USA per resoldre els reptes de la regulació preceptiva. La revisió ha mostrat que tant als enfocaments de normativa preceptiva i regulació informada per el risc no representen bases de disseny adequades per a noves NPP. Ha estat reconeguda que la efectiva avaluació de seguretat al incendi i la cultura en concert amb mesures per prevenir, detectar, suprimir i mitigar l'efecte d'incendis, si es produeixen, minimitzarà el risc d'incendi en una NPP. Entre les nombroses recomanacions la seguretat contra incendis a una NPP s'hauran previst i dissenyat abans de començar la construcció i utilitzant estat del art de la tecnologia. També, els mètodes d'avaluació del risc d'incendi tindran que integrar el estat del art en els enfocaments de determinista i probabilístics. Dos mètodes són presentats que serveixen per incorporar el risc relacionats amb el foc a les pràctiques actuals en centrals nuclears en respecte a l'avaluació de configuracions. El primer mètode és un sistema de protecció contra incendis i una matriu de indisponiblitats de les funcions clau de seguretat (MU) que es desenvolupa per a identificar estructures, sistemes i components significatius per riscos relacionats amb els incendis. El segon mètode és zones de focs i matriu de risc d'incendi i funcions (KSFs) clau de seguretat que és útil identificar les zones de foc que són candidats per a les accions de gestió de risc. La MU és una eina innovadora per comunicar el risc d'incendi. El risc significatiu relacionats amb el incendi està localitzat en sis components representatius KSF i un sistema de protecció de foc que cal que figuri en la regla de manteniment. La manca de sistemes de protecció contra incendis no afecta significativament al risc. La matriu de risc d'incendi identifica les zones de foc que mes contribueixen al risc relacionats amb el incendi. Aquestes zones pertanyen a l'edifici de control i edifici de penetracions elèctriques. L'agregació del model de PSA de esdeveniments interns i model de incendis PSA han demostrat que el PSA de incendis aporta 38.4% a l'augment de risc. S'ha desenvolupat la viabilitat del Monitor de risc de incendis a partir del PSA de incendis per a una central nuclear espanyola. Un dels reptes principals és que RiskSpectrum® incendis PSA te 384 casos de incendis i te 384 CDF però en risc Monitor és necessària una CDF. Tanmateix, el CAFTA és incapaç de convertir una estructura seqüencial de arbre de fallida de l'arbre esdeveniment interna en el PSA de incendis. La conversió fracassa al posar en pràctica totes les seqüències de danys al nucli i la selecció de l'arbre de fallida de la freqüència de incendi. La descoberta i supressió de arbres de l'esdeveniment de incendi en el model de referència es van substituir per detecció i els arbres de fallades d'extinció d'incendi. La freqüència de cada cas de incendi del model de conversió i el model de referència son quantificades i les freqüències son comparades. Els resultats demostra que el 90% dels casos són vàlid, no obstant això, la resta té reptes amb MCS. Un únic CDF de 7.65x10-7 s'ha quantificat en comparació amb 9.83 × 10-6 de la referència. La conversió del nou model a CAFTA no va tenir èxit a causa de la incompatibilitat del programari.Postprint (published version

A Framework to Evaluate the Risk of Human- and Component-related Vulnerability Interactions

Most accidents and malfunctions in complex engineered systems are attributed to human error. However, a closer inspection would reveal that such mishaps often emerge as a result of poor design and human- and component-related vulnerabilities acting together. To fully understand and mitigate potential risks, the effects of such interactions between component and human fallibilities (in addition to their independent effects) need to be considered early in the design process. Existing risk assessment methods either quantify the risk of component failures or human errors in isolation or are only applicable during later design stages. This work takes the view that the combined effects of human errors and component failures are better understood when they are studied together. To this effect, this research introduces an early design stage computational framework to model the system level effects of component failures and human errors. Then, an automated fault scenario generation technique and a severity quantification model are introduced to help designers generate a wide range of potential fault scenarios (involving both humans and components) and prioritize them based on severity. Next, the applicability of the framework to complex engineered systems and the accuracy of scenario generation and severity quantification are explored. Finally, this research demonstrates an application of the framework to promote risk-informed ergonomic assessments with the use of digital human modeling simulations. The ultimate goal of this research is to help designers detect the combined effects of human- and component-related vulnerabilities (in addition to their effects in isolation) in complex engineered systems during early design stages to improve performance and safety while minimizing the potentially costly design changes and rework later in the design stages