Upload
aliknf
View
215
Download
0
Embed Size (px)
Citation preview
7/25/2019 W5INSE6320
1/8
1
INSE 6320 --Week 5
Risk Analysis for Information and Systems Engineering
F-N Curves Fault Trees
Event Trees
Dr. A. Ben Hamza Concordia University
2
F-N curves
Risk acceptability is mostly defined on the basis of F-N curves
F-N curves show the number of Fatalities against annual frequency.
Usually used to express societal risk.
Important to define acceptable / tolerable risk
3
How to generate F-N curves
The frequency of events which causes at least N fatalities is plottedagainst the number N on log log scales
The difference between the frequency of events with N or morefatalities, F(N), and that with N+1 or more, F(N+1), is the frequency of
events with exactly N fatalities, usually represented by f(N), with lower-case f. This means f N = F N-F N+1
Because f(N) must be non-negative, it follows that F(N) F(N+1) for allN, so that FN-curves never rise from left to right, but are always falling
or flat
The lower an FN curve is located on the F-N graph, the safer is thesystem it represents, because lower FN curves represent lower
frequencies of fatal events than higher curves.
4
Societal risk
The value F(1) is the frequency of accidents with 1 or morefatalities, or in other words the overall frequency of fatal accidents.
This is the left-hand point on FN-curves, where the curve meets
the vertical axis (usually located at N = 1 with logarithmic scales).
of number of events (floods, landslides, etc) and related fatalities
They can also be based on different future risk scenarios, in whichfor a number of events with different magnitudes the number of
casualties is estimated
7/25/2019 W5INSE6320
2/8
5
How to calculate F-N curves
In this exercise you will calculate F-N curves for accidents that have occurred inEurope in the period 1967 to 2001 (i.e., 35 years).
Three different types of accident data area available: for roads, railroad and aviation.
The analysis is based on empirical data, collected from historical accidents records.
6
How to calculate F-N curves
First calculate the total number of fatalities for road, railroad and aviation accidents by multiplyingthe number of events with the fatality class. Also calculate the average number of fatalities per
year..
Then calculate the cumulative number of events, starting with the lowest one in the table (relatedto 146 fatalities) and summing them up upwards.
Then calculate the cumulative frequency of events per year, by dividing the cumulative number bythe number of years.
7
How to calculate F-N curves
Plot these values in the graph indicated at the bottom of the spreadsheet in a log-log manner,with Fatalities (N) or the X-axis, and the cumulative frequency per year on the Y-Axis.
Compare the results. What can you conclude on the: Severity of the accident type
Frequency of the accident type
8
Probabilistic Risk Assessment
Probabilistic Risk Assessment usually answers three basic questions:
1) What can go wrong with the studied technological entity, or what are the initiatorsor initiating events (undesirable starting events) that lead to adverse
consequence(s)?
2) What and how severe are the potential adverse consequences that thetechnolo ical entit ma be eventuall subected to as a result of the occurrence
of the initiator?
3) How likely to occur are these undesirable consequences, or what are theirprobabilities or frequencies?
Two common methods of answering this last question are Fault Tree Analysisand Event Tree Analysis .
A fault tree is an event tree, where failures are emphasized rather thansuccesses
7/25/2019 W5INSE6320
3/8
9
Fault Tree Analysis
Fault Tree Analysis (FTA) is one of the most important logic and probabilistictechniques used in Probabilistic Risk Assessment (PRA) and system reliability
assessment.
Fault Tree Analysis is a deductive method for identifying ways in which hazardscan lead to accident.
, ,backwards towards the various scenarios that can cause the accident.
Fault trees are used to determine the probability of a top event (e.g., coredamage).
Top event defines the failure or success of a system or component
Fault trees use a structure of logical operations to calculate the probability of thetop event as a result of basic events inputs
10
Fault tree analysis is a graphical representation of the combination of faults
that will result in the occurrence of some (undesired) top event.
In the construction of a fault tree, successive subordinate failure events are
identified and logically linked to the top event.
The linked events form a tree structure connected by symbols called gates.
Fault Tree Analysis
11
Fault Tree Analysis
The undesired event is stated at the top of the tree
The fault tree gates specify logical combinations ofbasic events that lead to the top event
Fault trees can be used to identify system weaknesses
Fault trees can help recognize interrelationshipsbetween fault events
Fault trees consist of logic gates and basic events asinputs to the logic gates
Logic Gates: Boolean operations (union orintersection) of the input events
Basic Events: Faults such as a hardware failure,human error, or adverse condition
AND Gate:
12
Applying Fault Tree Analysis
Postulate top event (fault)
Branch down listing faults in the system that must occur for thetop event to occur
Consider sequential and parallel or combinations of faults Use Boolean algebra to quantify fault tree with event probabilities
Determine probability of top event
Fault Tree Logic
Use logic gates to show how top event occurs
Higher gates are the outputs from lower gates in the tree Top event is output of all the input faults or events that occur
7/25/2019 W5INSE6320
4/8
13
FTA Symbols
Basic Event: A lower most event that can not be further developed.E.g. Relay failure, Switch failure etc.,
An Event / Fault: This can be a intermediate event (or) a top event. Theyare a result logical combination of lower level events.E.g. Both transmitters fail, Run away reaction
OR Gate: Either one of the bottom event results in occurrence ofthe top event.E.g. Either one of the root valve is closed, process signalto transmitter fails.
AND Gate: For the top event to occur all the bottom events shouldoccur.E.g. Fuel, Oxygen and Ignition source has to be presentfor fire.
14
Union
A=B+C
A=B Union C
B OR C must occur
for event A to occur
No CurrentA
B
Switch A
Open
Battery B
0 Volts
15
Intersection
D=E.F
D= E Intersection F
EAND F must occur
for D to occur
Over-heated
WireD
E
5mA Current
in System
Power Applied
t >1ms
16
Fault Tree Basics
A fault tree involves:
Specifying a top level event (TLE)representing an undesired state.
Find all possible chains ofbasic eventsthat may cause the TLE to occur.
Top level event
Intermediate
events
au ree:
Is a systematic representation of suchchains of events.
Uses logical gates to represent theinterrelationships between events and
TLE, e.g. AND, OR.Basic events
An examp le fault tree
Logically: (A + (B + C)).
(C + (A.
B))
7/25/2019 W5INSE6320
5/8
17
Fault Tree Basics
Logically, fault trees are equivalent if the associated logicalformulae are equivalent.
Example:
(A + (B + C)) . (C + (A . B)) C + (A . B)
18
Procedure
Procedure for Fault Tree Analysis
Define TOP
event
Define overall
structure.
Explore each
branch in
successive level
of detail.
Solve the fault
tree
Perform
corrections if
required and
make decisions
Solve the Fault Tree:
Assign probabilities of failure to the lowest level event in each branch of the tree. From this data the intermediate event frequency and the top level event frequency
can be determined using Boolean Algebra and Minimal Cut Set methods.
19
Minimal Cut Set Theory
The fault tree consists of many levels of basic and intermediate events linkedtogether by AND and OR gates. Some basic events may appear in different
places of the fault tree.
The minimal cut set analysis provides a new fault tree, logically equivalent tothe original, with an OR gate beneath the top event, whose inputs (bottom) are
minimal cut sets.
the TOP event occurs.
Minimal Cut Set: is a cut set that does not contain another cut set as asubset.
Each minimal cut set is an AND gate with a set of basic event inputsnecessary and sufficient tocause the top event.
The fault tree can be represented by the TOP structure and the minimal cutsets connected through a single OR-gate.
20
Minimal Cut Sets
This shape is of particular interest representation in terms of Minimal Cut Sets
(MCS).
Minimal cut set = smallest set of basic eventswhich, in conjunction, cause the top level event
to occur.
Logically: Disjunctive Normal Form (DNF) =disjunction of conjunctions of basic events.
The fault tree on the left has two minimal cutsets: C (single point of failure) and A.B (cut
set of order 2).
MCSs
7/25/2019 W5INSE6320
6/8
21
Procedure
Steps to get the final Boolean equation:
1.Replace AND gates with the product of their inputs.
IE1 = A.B
IE2 = C.D
2. Replace OR gates with the sum of their inputs.
TOP
IE1 IE2
TOP = IE1+IE2
= A.B+C.D
3. Continue this replacement until all intermediate event gates
have been replaced and only the basic events remain in the
equation.
TOP = A.B+C.D
A B C D
22
Procedure
Boolean Algebra Reduction Example:
TOP = IE1 + IE2
= (A.B) + (A + IE3)
= A.B + A + (C.D.IE4)
= A.B + A + (C.D.D.B)
= A + A.B + B.C.D.D (D.D = D)
= + + + =
TOP
IE1 IE2
. . . .
= A + B.C.D
So the minimal cut sets are:
CS1 = A
CS2 = B.C.D
meaning TOP event occurs ifeither A occurs OR(B.C.D) occurs.
A B A IE3
C D IE4
D B
23
Fault Tree Construction
Consider the following block diagram. Let I/P and O/P be the input and output terminals.
There are two sub-systems A and B that are connected in series.
INPUT OUTPUTX 1 X 3
SUB - SYSTEM (A) SUB - SYSTEM (B)
For this the fault tree analysis diagram show n in next slide
24
F (S)
F (A) F (B)
OR
Top event
intermediate event
Continue..
AND
F( X1) F( X 3)F( X2) F( X 4)
AND
Basic event
7/25/2019 W5INSE6320
7/8
25
Continue..
Here F(X1) , F(X2) , F(X3), F(A4) Are Events Fail
F (A) = SUB SYSTEM (A) FAILS
F(B) = SUB SYSTEM (B) FAILS
AND F(B) = F(X3) AND F(X4)
FINALLY THE FAILURE OF THE SYSTEM
F(S) = F(A) OR F(B)
26
Calculation of Reliability from Fault Tree
CONSIDER THE EARLIER BLOCK DIAGRAM
The probability of failure of sub system (A) is indicated as shown in below,
P(A) = P (X 1 and X 2)
P(A) = P( X1).
P( X 2)
Similarly for sub system (B)
P(B) = P( X 3 and X 4)
P(B) = P( X 3) . P( X 4)
FAILURE OCCURS WHEN SUB SYSTEM (A) or (B) FAIL..,
F (S) = P(A) or P(B) THEN F(S) = P(A) + P(B) ( P(A). P(B) )
IF THE RELIABILITY OF THE ELEMENTS ARE GIVEN BY R1,R2,R3,R4
THENP( Xi ) = 1 Ri
RELIABILITY OF SYSTEM R(S) = 1 -F(S)
27
Uses of FTA
Use of FTA tounderstand of the logic leadingto the top event.
Use of FTA toprioritize the contributorsleading to the top event.
Use of FTA asa proactive tool to prevent the top event.
Use of FTA tomonitor the performanceof the system.
Use of FTA tominimize and optimize resources.
Use of FTA toassist in designinga system.
Use of FTA as adiagnostic tool to identify and correct causes of the top event.
Advantages
Begins with top event.
Use to determine the minimal cut sets.
Disadvantages
Complicated process.
Require considerable amount of time to complete.
28
Event Trees
Event trees begin with an initiating event & work towards the final result.
This method provides information on how a failure can occur & theprobability of occurrence.
Event trees can be viewed as a special case of fault trees, where thebranches are all ORs weighted by their probabilities.
Event trees are generated both in the success and failure domains.
This technique explores system responses to an initiating challenge andenables assessment of the probability of an unfavorable or favorable
outcome. The system challenge may be a failure or fault, an undesirable
event, or a normal system operating command.
In constructing the event tree, one traces each path to eventual success orfailure.
7/25/2019 W5INSE6320
8/8
29
Event tree development procedure
Step 1: Identification of the initiating event
Step 2: Identification of safety function
Step 3: Construction of the event tree
Step 4: Classification of outcomes
Step 5: Estimation of the conditional probability of each branch
Step 6: Quantification of outcomes
Step 7: Evaluation
30
Event Tree Structure
31
32
ADVANTAGES
Structured, rigorous, and methodical approach.
Can be effectively performed on varying levels of design detail.
Permits probability assessment.
Event Tree Analysis
DISADVANTAGES
An ETA can only have one initiating event, therefore multiple ETAs will berequired to evaluate the consequence of multiple initiating events.
Partial successes/failures are not distinguishable.
Requires an analyst with some training and practical experience.