A guide to the equipment, methods and procedures for the prevention of risks, emergency response and mitigation of the consequences of accidents: Part I

This report is the first part of a dilogy which aims to be a compendium for regulators without a specific background in risk and safety assessment. It describes the state-of-the-art of the safety-related equipment, methods, procedures and projects available nowadays for the prevention of risks, the emergency response and the mitigation of the consequences of accidents. While the present report addresses the above topics from a generic perspective, the second part, currently in preparation, focuses on the particular challenges of the Nordic Seas. The review is based on the retrieval and analysis of a large number of open source information, along with personal contacts with Authorities and HSE representatives of several major oil and gas operators. This helps the reader go into further details and better appreciate the latest technological advancements in offshore safety as a consequence of the lessons learnt from the Macondo Accident.JRC.C.3-Energy Security, Distribution and Market

ASTRA 3.0: Test Case Report

In the context of activities related to the application of system analysis to safety and security of critical installations a new logical and probabilistic fault tree analysis procedure was developed and implemented in the software package ASTRA, version 3.0. This report contains the results of the logical and probabilistic analysis for a limited, but significant, subset of test cases considered during the test campaign performed at the JRC. Most of the described test cases come from the open literature, for which results are available to the reader. For more complex test cases ASTRA 3.0 was compared with other available tools, such as ASTRA 2.0 and XS-MKA, a Markovian analysis package. The experience gained with the testing activity also allowed the identification of a set of recommendations for future improvements.JRC.DG.G.7-Traceability and vulnerability assessmen

Components' IMportance Measures for Initiating and Enabling events in Fault Tree Analysis

This report deals with the problem of determining the exact values of the importance indexes of basic events in case of both unavailability and frequency analysis of coherent and non-coherent fault trees. In particular a new method is described for determining the importance of enabling events in case of frequency analysis. Insights are given into the importance analysis implemented in the new software ASTRA 3.0 based on the Binary Decision Diagram approach with Labelled variables (LBDD). The analysis methods are also described with reference to modularised fault trees. Simple numerical examples are provided to clarify how the methods work. Proofs of the implemented equations are provided in Appendixes.JRC.DG.G.7-Traceability and vulnerability assessmen

ASTRA 3.0: Logical and Probabilistic Analysis Methods

This report contains the description of the main methods, implemented in ASTRA 3.0, to analyse coherent and non-coherent fault trees. ASTRA 3.0 is fully based on the Binary Decision Diagrams (BDD) approach. In case of non-coherent fault trees ASTRA 3.0 dynamically assigns to each node of the graph a label that identifies the type of the associated variable in order to drive the application of the most suitable analysis algorithms. The resulting BDD is referred to as Labelled BDD (LBDD). Exact values of the unavailability, expected number of failure and repair are calculated; the unreliability upper bound is automatically determined under given conditions. Five different importance measures of basic events are also provided. From the LBDD a ZBDD embedding all the MCS is obtained from which a subset of Significant Minimal Cut Sets (SMCS) is determined through the application of the cut-off techniques. With very complex trees it may happen that the working memory is not sufficient to store the large LBDD structure. In these cases ASTRA 3.0 completes the analysis by constructing a Reduced ZBDD embedding the SMCS - using cut-off techniques - thus by-passing the construction of the LBDD. The report also contains few tutorials on the usefulness of non-coherent fault trees, on the BDD approach, and on the determination of failure and repair frequencies.JRC.DG.G.7-Traceability and vulnerability assessmen

ASTRA Plus User Manual

This report describes the user interface and the main commands to perform system dependability analysis by means of ASTRA Plus. This package implements the analysis methods developed at the Institute for the Protection and Security of the Citizen from mid-2008. ASTRA Plus is composed of the Fault Tree Analysis (FTA) module and of the Concurrent Importance and Sensitivity Analysis (CISA) module. The FTA module contains three different methods for solving a fault tree; all are based on the state of the art approach of Binary Decision Diagrams (BDD). These three methods allow the user to analyse fault trees of increasing complexity (i.e. increasing number of basic events and gates). In particular the third method, which is based on functional decomposition, allow performing the analysis of fault trees of very high complexity. The CISA module is based on a new methodology for system design improvement. The key operation is the calculation of Global Importance Measures of basic events considering all system fault trees. This allows identifying the weakest part of the system with reference to all top-events. Then the on-line sensitivity analysis allows the user to rapidly identify the set of suitable design improvements from which the best cost-effective one can be selected.JRC.G.6-Security technology assessmen

ARIPAR 5.0: Reference Manual: Software Tool for Area Risk Assessment and Management

ARIPAR is a quantitative area risk assessment tool used to evaluate the risk resulting from major accidents in industrial areas where hazardous substances are stored, proc-essed and transported. It is based on a geographical information system platform (GIS). This tool has already been applied to perform a quantitative area risk assess-ment in several industrial areas, and it has been demonstrated to be a very powerful tool also for managing industrial risk. ARIPAR 5.0 is the new release of the software, which embeds several new features and improvements, such as a completely new de-velopment platform based on ArcGIS and a much more powerful module for dealing with consequence assessment data. The present document represents the Reference Manual of ARIPAR 5.0, which describes all commands, dialogs, risk analysis equa-tions, input data format and reporting available in this software package.JRC.G.6-Security technology assessmen

ASTRA 3.x: Theoretical Manual

This report describes the main algorithms implemented in ASTRA 3.x to analyse coherent and non-coherent fault trees. ASTRA 3.x is fully based on the state-of-the-art of Binary Decision Diagrams (BDD) approach. In case of non-coherent fault trees ASTRA 3.x dynamically assigns to each node of the graph a label that identifies the type of the associated variable in order to drive the application of the most suitable analysis algorithms. The resulting BDD is referred to as Labelled BDD (LBDD). Exact values of the unavailability, expected number of failure and repair are calculated; the unreliability upper bound is automatically determined under given conditions. Several importance measures of basic events are also provided. From the LBDD a ZBDD embedding all MCS is obtained from which a subset of Significant Minimal Cut Sets (SMCS) is determined through the application of the cut-off techniques. An important issue is related to the analysis of safety related systems according to the IEC 61508 international standard. In order to simplify the fault tree modelling and analysis a new component type has been defined allowing determining, for any configuration, the PFDavg and PFHavg values. The Staggered testing policy is also applicable besides the Sequential testing implicitly considered by the IEC standardJRC.G.6-Security technology assessmen

Concurrent Importance and Sensitivity Analysis Applied to Multiple Fault Trees

Complex industrial systems may present different potentially dangerous failure states (Top-events). The analysis of system failure states via Fault-tree technique allows determining the failure frequency of potential accidents and the importance measures of components' failure modes. The combination of Importance and Sensitivity Analysis (ISA) constitutes a very powerful tool to improve the design of critical systems or to prove that the design satisfies safety requirements. The present reports describes a novel approach to implement Importance and Sensitivity analysis applied to Fault-trees, which consists of the concurrent analysis of all relevant system's Fault-trees to identify the weakest parts of the system which require further design improvement. This approach aims at overcoming the limitations of the current methods in application for ISA in which Top-events are sequentially analysed. In addition the proposed method extends the ISA application also to 'over-reliable' system functions (if any) on which the reliability/maintainability characteristics of the involved components can be relaxed with consequent cost saving. The result is a uniformly protected system satisfying the predefined design goals.JRC.G.7-Traceability and vulnerability assessmen

On Software Interoperability for Accident Consequence Assessment

The present report describes the outcome of a feasibility study to explore the possibility to make consequence assessment software tools interoperable through the definition of a suitable Common Data Exchange Format (CDEF). In this way the input data used by the operators of Seveso type establishments for consequence assessment can be easily exported in a format compatible with the corresponding tools in use by the competent authority. As an outcome of this feasibility study, a first prototype of CDEF was developed in XML and applied for data exchange amongst different commercially available consequence-related tools. The software CEM to rapidly compare the results of two software packages for accident consequence assessment has been implemented to prove the usefulness of the CDEF. Another test consisted in importing into ARIPAR, a GIS-based tool for area risk analysis, the results of accident consequences obtained using the commercial software packages PHAST, EFFECTS, and ALHOA.JRC.G.7-Traceability and vulnerability assessmen

Benchmark Exercise in Quantitative Area Risk Assessment in Central and Eastern European Countries (BEQUAR) Final Report

Abstract is not availableJRC.G.4-Maritime affair