Copyright 2007, Society of Petroleum Engineers

This paper was prepared for presentation at the 2007 SPE Latin American and Caribbean
Petroleum Engineering Conference held in Buenos Aires, Argentina, 1518 April 2007.
This paper was selected for presentation by an SPE Program Committee following review of
information contained in an abstract submitted by the author(s). Contents of the paper, as
presented, have not been reviewed by the Society of Petroleum Engineers and are subject to
correction by the author(s). The material, as presented, does not necessarily reflect any
position of the Society of Petroleum Engineers, its officers, or members. Papers presented at
SPE meetings are subject to publication review by Editorial Committees of the Society of
Petroleum Engineers. Electronic reproduction, distribution, or storage of any part of this paper
for commercial purposes without the written consent of the Society of Petroleum Engineers is
prohibited. Permission to reproduce in print is restricted to an abstract of not more than
300 words; illustrations may not be copied. The abstract must contain conspicuous
acknowledgment of where and by whom the paper was presented. Write Librarian, SPE, P.O.
Box 833836, Richardson, Texas 75083-3836 U.S.A., fax 01-972-952-9435.
Abstract
The purpose oI this paper is to create a calculation model to
estimate the operation Iailure probability oI an oil production
Iacility, to guarantee an operation without accidents, without
dangerous Iailures, observing the saIety and environment
policy established by the company. The Iacility operation is
considered successIul when it can carry out the Iunctions it
was design Ior.
Once the Iailure rate has been obtained, the system reliability
level is obtained. The quantiIication oI the success or Iailure is
carried out through the application oI the Failure Tree
technique. The SaIety and Operativity systems have been
separately analyzed; taking into account that each oI them has
to be considered independently.
The model was used in the calculation oI Iacility reliability in
an oil Iield.
(1)
Introduction
In the current maintenance management, the reliability
concept has the purpose oI creating maintenance plans based
on technical criteria that assure the operation oI the assets in
the diIIerent operating contexts.
These concepts are well used in upstream operations, and
that is the reason why this model has been developed to
incorporate them on the Iacilities and equipment which, up
to now, have been maintained with programs based on strict,
periodic maintenance plans, which were made based on
personal and manuIacturer`s experience, or working with the
breakage.
Although the typical conditions oI this type oI industry, and
oI upstream in particular, make us believe that it would be
pointless to work with mathematical and statistical models oI
calculus, reality shows us that saIety and environment
conditions currently adopted by companies, governmental
regulations and maintenance cost optimization asked Ior to
the operating sectors are the ones that really provide support
to the developed calculus.

This developed calculus combines the concepts that are then
indicated in such way that they provide a global view oI how
to obtain the reliability degree in both operation and saIety oI
an upstream oil industry system.
Statement of Theory and Definitions
System: It is a deterministic entity which consists oI a
collection oI discreet elements that interact.
System limit: there are three limits: external limit, internal
limit and resolution limit.
External Limit: It is deIined by the parts or aspects oI the
system we want to develop.
Internal Limit: It is deIined by the selection oI the subsystems
we want to divide the system into Ior analyses purposes.
Resolution Limit: It is the level oI a lower subsystem we want
to analyze. Fig.1
SaIety vs. Control: The saIety systems take action when the
equipment and process variables reach values out oI their
saIety range. This situation can be due to several reasons,
equipment Iailure (pipeline breakage, stuck valves) abnormal
process conditions (abnormal gas rate, low temperatures) and
Iailure oI the control equipment itselI, operator`s mistakes
when working with the process in manual, etc.
A particular situation to take into account is the normal or
emergency equipment start-up, since the critical variables can
move out oI the saIety range.
The international standards indicate in a compulsory way that
the saIety systems must be independent oI the process control
systems, to avoid the Iailure common causes. The
International standard IEC 61508 / 61511 deals with the
reliability oI the Systems related to saIety, linked to the
process risks. And only the dangerous Iailure mode is used.
Simultaneous satisIaction is given to the process saIety and
continuity.
It has to be taken into account that the unexpected
interruptions oI the process are dangerous in themselves, over
and above the economic losses that are generated.
Complying with the Reliability that the standard demands is a
necessary but not suIIicient condition, thus it has to be veriIied
that the selected saIety system guarantees a reliability value to
the non interruption oI the suIIiciently reasonable process
(2)
SPE 107012-PP
Petroleum Facilities Reliability Assessment Model
Luis Palmieri, Pablo Alonso, Adrin Moreno/Repsol YPF
2 SPE 107012-PP
Reliability: Ability oI a system to carry out the required
Iunctions, under speciIic conditions, during a established
period oI time. It is measured as the probability that a system
is operative without Iailure during the mission period oI time.
Failure: Situation in which the equipment or system stops
carrying out the Iunction(s) Ior which it was designed or
installed.
Failure Mode: It is the eIIect through which a Iailure becomes
apparent. The Iailure mode can be divided into two main
types:
a)The change oI the demanded or required state is not
achieved.
b)Unwanted change in the conditions or state.
Dangerous Iailure: Failure to the assigned Iunction,
undetectable Iailure. It is only detectable through inspection.
The dangerous Iailure prevents the saIety system Irom
perIorming in the case its action is required, i.e. the system is
not available.
SaIe Iailure: Failure which is caused by the saIe action oI the
system.
Failure On Demand Probability: It occurs when the protection
system is not available.
Failure Rate: It is the Iunction that tells us the number oI
Iailures that an item is going to have during its liIe span.
Failure Probability Distribution: It is the mathematical
expression that models how the Iailures are distributed through
time (Ior example, exponential, lognormal, Weibull, Poisson,
etc distribution.)
Failure Tree: Systematic method to obtain inIormation oI a
system. This inIormation can be used Ior the complex
decision-making process.
It is in itselI a graphic model oI the several Iailure parallel and
sequential combinations which will result in the occurrence oI
the predeIined unwanted event.
Although it is a mainly qualitative model, it can be
quantitatively evaluated.
An unwanted event represents the upper point in a Iailure tree
diagram, which provides the method to determine the causes
oI reaching that point.
This event is the most important and has to be careIully
determined. The Iailure tree leads to a Iinal event, which
corresponds to a speciIic Iailure mode, and all the events that
contribute have to Iollow that Iailure mode (Fig.2)
(3)
Operational context: It is the environment in which a piece oI
equipment or system is working. This environment is very
important since it has inIluence on the Iailures the system may
have. In other words, the same system can Iail in diIIerent
ways according to the context in which it is operating.
Maintainable item: It is the set oI parts that represents the
lowest inspection level during maintenance.
Homogeneous Sample: It consists oI identical maintainable
items in operational contexts and oI an identical
environment.
Multiple Sample: The Iailure rate varies between the
diIIerent operational and environmental contexts, and each
oI them represents a sample
(4)
.
Method Descriptions and ResuIts
The proponed method is summarized in the Ilow diagram
shown in the Fig.3.
This diagram starts with the system general deIinition in
which the limits, subsystems, components, maintainable
items, etc are set. The operational context is also deIined.
Taking into account that there can be saIety systems
involved, these shall be analyzed separately using the
process established by the standard IEC 61508 (Fig. 6 and 7)
(5)
and the Risk CuantiIication is evaluated by:
np
t
F
F
FPD =
test P
T FPD =
D T FPD F
test t
=
AIter that, the system Iunctions shall be established,
identiIying all the Iailures to the established Iunctions. Each
identiIied Iailure shall be associated to the speciIic Iailure
mode that aIIects the assigned Iunction
(6)
. The Irame oI
reIerence to identiIy these speciIic Iailure modes will be the
standard ISO 14224.
(7)
Once all the inIormation above has been deIined, the
construction oI the Iailure tree shall begin, which is a
deductive process in which the Iollowing steps are going to
be taken:
1. Proposal oI the speciIic state 'state oI Iailure.
1. Systematic linkage oI basic Iailures that contribute to
occurrence oI the unwanted event.
Given this basic structure, we are ready to continue with the
quantitative stage oI this method.
For doing so, some data is needed. Based on the availability
oI such data, we have to choose between the analysis with
our own data (Fig.5) or data obtained Irom OREDA DATA
BANK (Fig.4).
As shown in Fig.4, Oreda Data Bank requires to determine
the type oI samples being analyzed (multiple or
homogeneous), in order to determine the table column Irom
which the data is going to be obtained.
Multiple Sample: The column MEAN, which is the average
oI the Iailure rate that the estimator OREDA establishes, is
going to be used.
Homogeneous sample: The column 'q/t is going to be used.
Once the column has been determined, the line to be used
SPE 107012-PP 3
shall be selected, taking into account the Iailure mode
speciIied in the analysis.
II there is no speciIic Iailure mode observed, the line ALL
MODES is going to be used, thus obtaining the Iailure rate
oI the analyzed component.
AIter obtaining all the Iailure rates oI the components that
generate events in the Iailure tree, the logic oI the tree is
going to be applied and the system Iinal Iailure rate is going
to be determined.
(4)
A distribution oI the constant Iailure rate is accepted. This
distribution is suIIiciently representative oI the reality based
on the Iollowing:
1DiIIerent combined distributions Ior a variety oI
components Iollow an exponential law. This is
mathematically demonstrable.
2The repair oI Iailures in a speciIic piece oI equipment
tends to produce a constant Iailure rate.
3When trying to compare reliabilities between pieces oI
equipment (relative reliability), the distribution with
constant Iailure rate is excellent.
(2)

In order to calculate the system reliability, the next equation
is going to be used.
t
e t R

= ) (
Reliability Exponential Function
In the Fig.5, the steps to be Iollowed are shown iI using
available inIormation in our own databases.
A big group oI data (more than 20), Irom a statistical point
oI view, can be used to perIorm a Iailure probability
distribution analysis that helps to select the most appropriate
distribution. With less than 20 data, Weibayes is going to be
used as the Iailure probability distribution, in which
parameter (Iorm Iactor) shall be estimated according to the
age oI the analyzed component and the Iailure mode
speciIied, resulting in a Weibull analysis, and the reliability
value is determined according to the next equation
(8)

) (
) (
t
e t R

=
Weibull Reliability Function
When having more than 20 data, this group will adjust to one
oI the Iollowing Iailure probability distribution types:
Weibull, lognormal, normal, exponential, and the
distribution adopted will be the one in which the smallest
error in the adjustment is obtained.
In the case in which the adjustment is not acceptable, the
data used shall be revised in order to detect possible
problems oI mixture and/or competence oI the Iailure modes,
batch oI data. II any oI these problems arise, other statistical
methods, Irom which the reliability value can be determined,
shall be applied.
II it is not possible to determine the data problem, it shall be
assumed that these are not reliable enough; thereIore, we
should proceed according to what the Ilow diagram oI the
Fig.4 indicates.
Once the distributions that best adjust to each Iailure mode
have been determined, the reliabilities are going to be
calculated according the nexts equations:
(9) (10)
t
e t R

= ) (
Reliability Exponential Function

) (
) (
t
e t R

=
Weibull Reliability Function

=
t
t
at e t R
2
2
1
2
1
) (

Normal Reliability Function

=
T
t
T
at e t R
T
2
2
1
2
1
) (

LogNormal Reliability Function
AIter obtaining all the reliability values oI each component,
the Iailure tree logic previously built shall be applied, and
the system Iinal reliability will be determined according to
the next equations:
(10)

=
n
i
i System
R R
Serie System Reliability
( )

= =
n
i
i
n
i
i System
R F R 1 1
Parallel System Reliability
ConcIusions
This model was used to calculate the reliability oI an oil
standardized battery. The result obtained was used to
identiIy improvement opportunities, and carry out
reengineering in the subsystems that are part oI the battery
and have higher impact on the calculated value oI the total
reliability.
AcknowIedgments
ProIessor Eng. Hctor Ecay, Austral Buenos Aires University,
Ior his invaluable help in our analysis and Ior being our
mentor in Reliability Engineering.
Austral University, Buenos Aires, Argentina represented by
the Engineers Pedro Univaso and Roberto Bottini, who were
part oI our training as maintenance engineers.
Maria Amelia Lucero and Andrs Bateman Ior their assistance
and collaboration in this project.
Repsol YPF, Ior its help during the project.
NomencIature
R(t) Reliability Function
F(t) Unreliability Iunction
4 SPE 107012-PP
i, n indexes
FPD Failure Probability on Demand
= Failure rate
SIL SaIety Integrity Level (Iailures/year)
FtTolerable Irequency oI the unwanted event (accidents/year)
H Hazard rate
q Number oI Iailures
t time in service.
Fnp: Accident Frecuency without protection
P: Dangerous Failure Rate
test
T : Time beetwen test (year/test)
D: Demand (demand/year)
References
1.Palmieri, F., Alonso, P. and Moreno, A. 'Stanaart Facility
Reliability Analisys`, paper IAPG presented at the IAPG 4
th
Quality
in Maintenance ConIerence, Neuqun, Argentina, April 2006.
2.Ecay, H.E.J., 'Reliability, Maintenability ana Risk`, Module 2 oI
Maintenance engineering and management program, Austral
University, Buenos Aires, Argentina, (2004)
3.Haasl, D.F., Roberts, N., Vesely, W. and Goldberg,F., 'Fault Tree
Hanabook, NUREG 0492, U.S.Nuclear Regulatory Commission,
Washington DC, USA (January 1981)
4.SINTEF Industrial Management, 'Offshore Reliability Data`, 4
th
.
Edition, Oreda Participans, Det Norske Veritas, Norway (2000)
5.IEC 61508, 'International Stanaart`, Iirst edition, 1998
6.Moubray, J., 'Reliability-centrea maintenance (RCM)`, spanish
edition, Aladon LLC, North Carolina, USA (2004)
7.ISO 14224, 'International Stanaart`, Iirst edition, 1999
8.Avernethy, R., 'The New Weibull Hanabook, second edition,
(1996)
9.DuIIuaa, S., RaouI, A. and Campbell, J.D.,'Maintenance System
(planning ana control), Iirst edition, Limusa Wiley, Mexico DF
(2000)
10.Jardine, A. and Tsang, A., 'Maintenance, Replacement and
Reliability, Taylor and Francis Group.

SPE 107012-PP 5
Figure 1 System Flow Diagram
Figure 2 Failure Tree Example
6 SPE 107012-PP
SYSTEM
DEFNTON
SAFETY
SYSTEM?
APPLY EC
61508 61511
DEFNE
FUNCTONS
DEFNE
SYSTEM
FALURES
DEFNE
FALURE MODES
DEFNE
FALURE TREE
DATA LFE
ACCESSBLE?
NO
YES
YES
NO
to Fig. 5
from Fig. 5
(1)
to Fig. 4
from Fig. 5
(2)
Figure 3
SEARCH DATA
(SOURCE
OREDA)
SAMPLES
HOMOGENOUS
MULTPLES
MEAN COLUMN
q /
COLUMN
FLES
USE OREDA
SPECFCATON
OBTAN
/
LAST
COMPONENT?
APPLY FALURE
TREE LOGC
OBTAN FNAL
/
NO
YES
OBTAN
R
Figure 4
from Fig. 3
Figure 3 General Flow Diagram Figure 4 Flow Diagram Branch Oreda
SPE 107012-PP 7
MORE THAN 20
DATA?
YES NO
APPLY
WEBAYES
ESTMATE
ACCORDNG TO
FALURE MODE,
TYPE AND
EQUPMENT LFE
OBTAN
WEBULL
ADJUST DSTRBUTON
WTH THE MNOR
POSSBLE ERROR
ACCORDNG TO THE
SPECFC FALURE MODE
ADJUST S
ACCEPTABLE?
NO
REVEW DATA
CAN THE PROBLEM
BE DETERMNED?
NO
OTHER
STATSTCS
METHODS ARE
APPLCABLE
CALCULATE R
FROM
DSTRBUTON
YES
LAST
COMPONENT?
APPLY FALURE
TREE LOGC
OBTAN
R
NO
YES
YES
to Fig. 3
(2)
from Fig. 3
to Fig. 3
(1)
Figure 5
Figure 5 Flow Diagram Branch own companys data
Risk Graph Method
8 SPE 107012-PP
Figure 6 - IEC 61508
Severity Matrix Method
Figure 7 - IEC 61508