Risk assessment and integrity in system design

All systems, regardless of how carefully they have been constructed, suffer failures. This paper focuses on developing a formal understanding of failure with respect to system implementations. Furthermore, the authors would like the system design process to be able to leverage off of this understanding. It is important to deal with failures in a system context, rather than a priori limiting the solution to a particular technology, such as software alone. Their approach is limited to the class of systems that can be modeled by hybrid finite state machines (HFSMs) as described in Winter. The purpose of this paper is to lay out a process, or framework that can aid in identification and characterization of techniques for dealing with the different types of system threats. This framework leads naturally to a taxonomy of technologies and strategies for dealing with the various types of threats. In this process technologies are used to identify a priority list of technical capabilities for dealing with threats. The technologies are prioritized according to their analyzability and predictability. Strategies are then used to identify specific implementations that are best suited to dealing with the threat

Failure environment analysis tool applications

Understanding risks and avoiding failure are daily concerns for the women and men of NASA. Although NASA's mission propels us to push the limits of technology, and though the risks are considerable, the NASA community has instilled within, the determination to preserve the integrity of the systems upon which our mission and, our employees lives and well-being depend. One of the ways this is being done is by expanding and improving the tools used to perform risk assessment. The Failure Environment Analysis Tool (FEAT) was developed to help engineers and analysts more thoroughly and reliably conduct risk assessment and failure analysis. FEAT accomplishes this by providing answers to questions regarding what might have caused a particular failure; or, conversely, what effect the occurrence of a failure might have on an entire system. Additionally, FEAT can determine what common causes could have resulted in other combinations of failures. FEAT will even help determine the vulnerability of a system to failures, in light of reduced capability. FEAT also is useful in training personnel who must develop an understanding of particular systems. FEAT facilitates training on system behavior, by providing an automated environment in which to conduct 'what-if' evaluation. These types of analyses make FEAT a valuable tool for engineers and operations personnel in the design, analysis, and operation of NASA space systems

Application of functional safety to electrical power equipment and systems in process industries

PresentationIn process industries, the application of functional safety in preventing major incidents is a well- established practice. The functional safety standard IEC 61511[1] is applied to the safety instrumented system (SIS) protection layers to avoid the undesired events or reduce the likelihood of the events or impacts due to failures in the process, process equipment, or its control system including human interactions. However, there are risks of catastrophic incidents due to electrical equipment failures as well. Therefore, one should not underestimate the importance of the management, design, installation, operation, and maintenance of electrical power systems and protection devices. Regulatory authorities, in some countries, require the owners or operators to address the risks that arise from electrical equipment failure. The risk-based assessment, allocation of safety functions to protection devices, the establishment of integrity requirements, design, installation, operation, and maintenance of electrical protection devices must be managed like the protection layers for the process units. This paper focusses on the application of IEC 61511 to the protection of electrical equipment and systems, available industry guidelines, and the unique challenges in implementing the functional safety standards. The paper guides the electrical engineers with an example risk assessment, identification of protection device and its safety integrity level (SIL), verification of the reliability of the protection device and establishing a maintenance and operation program

Fire Protection Integrity and Optimization

PresentationThe greatest challenge to fire protection engineering is the gap between codes and optimized facility design. Fire code and industrial practices provide prescriptive guidelines to mitigate the risk and control hazards. However, within the past decade new processes or methods of construction have been used and their associated hazards have not been foreseen in the current guidelines or standards. Atkins Consulting Canada Ltd. has developed a means to link process safety methods (PHA, Consequence Modeling, QRA, Facility Siting etc.) and the deterministic approach to optimize the design while also maintaining integrity of fire protection elements. This methodology focuses on risk-based (probabilistic) and performance-based (deterministic) assessment to select the most appropriate active and passive fire protection system and optimize the design. This presentation demonstrates a practical application of process safety to assess fire hazard scenarios and implementing the results in design to meet both the prescriptive legislative requirement as well as the goal of optimal safety in design

Successful Implementation of Hazards and Effects Management System in Capital Project

PresentationTiger AO4 Project delivers a competitive Linear Alpha Olefins (LAO) project at Geismar in 2018, recovering 100 kta of “stranded” LAO capacity in the Geismar Chemical Plan and contributes an additional 716 MMlbs/year of LAO to the Shell LAO Capacity. This paper elaborates the successful implementation of Hazards and Effects Management Process (HEMP) in Tiger AO4 project through design, procurement, construction, commissioning, startup, and operation. During the design process, the key processes include hazard identification, risk assessment, risk management to ALARP (as low as reasonably possible). It also covers the technical integrity verification process during the procurement, construction, commissioning, and startup., this paper explains the processes of incorporating HSSE critical activities (e.g. inspection, maintenance, surveillance, operator response, operating procedure steps, etc.) with current Geismar management system. At last, this paper also describes the development and operationalization of the Safety Case

Space Shuttle Corrosion Protection Performance

The reusable Manned Space Shuttle has been flying into Space and returning to earth for more than 25 years. The launch pad environment can be corrosive to metallic substrates and the Space Shuttles are exposed to this environment when preparing for launch. The Orbiter has been in service well past its design life of 10 years or 100 missions. As part of the aging vehicle assessment one question under evaluation is how the thermal protection system and aging protective coatings are performing to insure structural integrity. The assessment of this cost resources and time. The information is invaluable when minimizing risk to the safety of Astronauts and Vehicle. This paper will outline a strategic sampling plan and some operational improvements made by the Orbiter Structures team and Corrosion Control Review Board

Utilizing Layer of Protection Analysis (LOPA) in Verification of Safety Integrity Level (SIL) of Instrumented System

The project is aimed to utilize layer of protection analysis (LOPA) to verify safety integrity level (SIL) of safety instrumented system. Safety instrumented system (SIS) is the last resort in case of emergency happened in plant. Determining the specific safety requirement of safety systems is a vital part to ensure accidents are prevented. Previous study is carried out till classification of Safety Integrity Levels (SIL) for hazardous installation by using the risk assessment techniques. In this study, the focus will be on SIL classification and verification in safety instrumented system (SIS). The program is developed using Microsoft Excel based on established methodology found in the literatures. Thorough literature surveys are expected in order to gather appropriate SIL verification information which will further integrate in existing spreadsheet. The program is tested using two case studies related to process plant industries. The results obtained show the sufficiency of the protection system and provide risk control strategy including number of SIL required in case of the protection is insufficient. If the protection system is sufficient, it will ensure the design is the optimum. Reliability and accurateness of the result are vital due to main function of the program is to assess and validate the SIS. The application is used either in designing the SIS or in auditing the effectiveness of the installed SIS. The verification of assigned SIL to a particular Safety Instrumented Function (SIF) is still new compared to SIL classification. Based on industrial perspective, there is no established method on verification of an installed SIS. Most scenarios can be catered by enhancing the existing design rather than adding safety protection layer. Future study shall be continued to improve the relevancy and reliability of the tool by integrating more parameters in assessing a case

An Additive Statistical Modeling Approach to the Analysis of Transport Infrastructure Flood Risk-Based Resilience

Australia is a very vulnerable region to flood events, and the frequency of flood events and damage has increased dramatically over the past decades. Although flood has impacted diverse types of buildings and built infrastructure, there has been limited research investigating flood risk management specific to transport infrastructure in Australia and the factors that might influence the resilience of the transport infrastructure to flooding. To develop an appropriate design management system for roads and bridges specific to risk assessment from flooding requires a multitude of factors to be identified and analyzed. In this study, we review the range of critical factors necessary to represent the resilience of bridges to extreme flood events and demonstrate a novel mathematical approach to evaluate the relationship between the bridge resilience and flood risk. We use additive statistical approach in arriving at a framework to evaluate the resilience of bridges. The findings confirm that metrological characteristics such as annual exceedance probability and probable maximum precipitation and structural integrity of the bridge represented by the structural age of the bridge and mechanical properties of the soils have a substantial impact on the resilience of the Australian transport infrastructure, particularly bridges located on main roads

Design science research towards resilient cyber-physical eHealth systems

Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur.Most eHealth systems are cyber-physical systems (CPSs) making safety-critical decisions based on information from other systems not known during development. In this design science research, a conceptual resilience governance framework for eHealth CPSs is built utilizing 1) cybersecurity initiatives, standards and frameworks, 2) science of design for software-intensive systems and 3) empowering cyber trust and resilience. According to our study, a resilient CPS consists of two sub-systems: the proper resilient system and the situational awareness system. In a system of CPSs, three networks are composed: platform, software and social network. The resilient platform network is the basis on which information sharing between stakeholders could be created via software layers. However, the trust inside social networks quantifies the pieces of information that will be shared - and with whom. From citizens’ point of view, eHealth is wholeness in which requirements of information security hold true. Present procedures emphasize confidentiality at the expense of integrity and availability, and regulations/instructions are used as an excuse not to change even vital information. The mental-picture of cybersecurity should turn from “threat, crime, attack” to “trust” and “resilience”. Creating confidence in safe digital future is truly needed in the integration of the digital and physical world’s leading to a new digital revolution. The precondition for the exchange of information “trust” must be systematically built at every CPS’ level. In health sector, increasingly interconnected social, technical and economic networks create large complex CPSs, and risk assessment of many individual components becomes cost and time prohibitive. When no-one can control all aspects of CPSs, protection-based risk management is not enough to help prepare for and prevent consequences of foreseeable events, but resilience must be built into systems to help them quickly recover and adapt when adverse events do occur