Вы находитесь на странице: 1из 109

FAULT TREES

Introduction

Originated in the aerospace industry have


been used extensively by the nuclear power
industry to qualify and quantify the hazards
and risks associated.
Becoming more popular in the chemical
process industries due to the successful
experiences demonstrated by the nuclear
industry.
Fault trees are a deductive method for
identifying ways in which hazards can lead to
accidents.
The approach starts with a well defined
accident, or top event, and works backwards
towards the various scenarios that cause
accident.
Example:

Fig. 1:
Events in a fault tree are not restricted to
hardware failures. It can also include
software, human, and environmental factors.
A number of additional logic functions are
needed to construct a fault tree.
Fig: The logic components used in FTA
The AND logic function is very important for
describing processes that interact in parallel.
This means that the output state of the AND
logic function is active only when both of the
input states are active.
Fig. 2:
Preliminary Steps Taken Before
Drawing the FTA

1. Define precisely the top event; e.g. High Reactor


Temperature, Liquid Level Too High, Leak in Valve.
2. Define the existing event. What conditions are sure
to be present when the top event occurs.
3. Define the unallowed events. These are events that
are unlikely or are not under consideration at the
present; e.g. wiring failures, lightning, tornadoes,
etc.
4) Define the physical bounds of the process.
What components are to be considered in
the fault tree.
5) Define the equipment configuration. What
valves are open or closed. What are the
liquid levels. Is this a normal operation state.
6) Define the level of resolution. Will the
analysis consider just a valve, or will it be
necessary to consider the valve components.
Draw the FTA

1. Draw the top event at the top of the page. Label it as the top
event in order to avoid confusion later when the fault tree has
spread out to several sheets of paper.
2. Determine the major events that contribute to the top event.
Write these down as intermediate, basic, undeveloped, or
external events on the sheet.
3. If these events are related in parallel (all events must occur in
order for the top event to occur), they must be connected to
the top event by an AND gate.
4. If these events are related in series (any event can occur in
order for the top event to occur), they must be connected by
an OR gate.
4) Remember, the purpose of the fault tree is to
determine the individual event steps that must occur
to produce the top event.
5) Consider any one of the new intermediate events.
What events must occur to contribute to this single
event? Write these down as either intermediate,
basic, undeveloped, or external events on the tree.
Then decide the logic function.
6) Continue developing the fault tree until all branches
have been terminated by basic, undeveloped or
external events. All intermediate events must be
expanded.
Activity

FAULT TREE ANALYSIS


Fault Tree Analysis
Fault trees are a deductive method for identifying
ways in which hazards can lead to accidents.
The approach starts with a well-defined accident, or
top event, and works backward towards the various
scenarios that can cause accident.
A fault tree diagram contains two basic elements,
gates and events.
Gates allow or inhibit the passage of fault logic up
the tree and show the relationships between events
needed for the occurrence of a higher event.

* Refer h/out (table 4.1 and 4.2)

Environmental Health and Safety Slide no.: 4.15


F la t T ir e

R o ad
T ir e F a ilu r e
D e b r is

D e fe c t iv e W o rn
T ir e T ir e

Fig. A fault tree describing the various events


contributing to a flat tire
Environmental Health and Safety Slide no.: 4.16
Overall Methodology for Fault Tree
Analysis
a. Define the top event of a fault tree.
b. Choose the events which can lead to this top event.
c. Decide on the hierarchical construction of the fault
tree.
d. Construct the fault tree.
e. Quantify the basic events.
f. Quantify the top event.
g. Analyse the results to determine the significance of
particular basic events or combination events.

Environmental Health and Safety Slide no.: 4.17


h. Carry out a sensitivity analysis on the fault tree to test
the following factors:
i. the uncertainty of basic data
ii. the effect of improving the reliability of plant and
control systems
iii. the effect of varying the method of operation on
the plant
i. Report the results.

Environmental Health and Safety Slide no.: 4.18


Boolean Manipulation
For + and . operations:
i. Commutative Laws
A + B = B + A, A.B = B.A

ii. Associative Laws


(A+B) + C = A + (B+C),
(A.B).C = A.(B.C)

iii. Distributive Laws


A + (B.C) = (A+B) . (A+C)
A . (B+C) = A.B + A.C

Environmental Health and Safety Slide no.: 4.19


iv. Identities
A + 0 = A, A.1 = A
v. Indempotent Law
A + A = A, A.A = A
vi. Absorption Law
A + A.B = A, A.(A+B) = A

Environmental Health and Safety Slide no.: 4.20


Advantages and Disadvantages of
Fault Tree

Advantages:
i. It begins with a top event which is selected by the
user to be specific towards the failure of interest.
ii. Are also used to determine the minimal cut sets
where it provides enormous insight into the
various ways for top events to occur.
iii. The entire fault tree procedure enables the
application of computers.

Environmental Health and Safety Slide no.: 4.21


Disadvantages:
i. Fault tree will be enormous for any reasonably
complicated process.
ii. The developer of a fault tree can never be
certain that all of the failure modes have been
considered.
iii. Assuming that failures are hard, that a
particular item of hardware does not fail
partially.
iv. Fault trees developed by different individuals
are usually different in structure.

Environmental Health and Safety Slide no.: 4.22


RISK
ASSESSMENT
Review of Probability Theory
- Equipment failures or faults in a process occur as a
result of a complex interaction of the individual
components.
- The overall probability of a failure in a process is highly
dependent on the nature of this interaction.
- Data is collected on the failure rate of a particular
hardware component.
- In average, components fail after a certain time.
- This is called the average failure rate; (faults/time).
- Poisson distribution: R(t) = e -t
R = reliability
Assume a constant failure rate , .
When t ,R 0
; R when
Failure Probability :
P(t) = 1 R(t)
= 1 - e -t
The time interval between 2 failures of the component
is called the mean time between failures (MTBF) :
MTBF = 1/

Failure Probability
P1
P
P2

Series link of components :


P = 1 (1 P1)(1- P2)
P = 1 ni=1 (1 Pi)
P1
P
P2

Parallel link of component :


P = P 1P 2
P = ni=1 Pi

Reliability
R1
R
R2
Series R = R1R2
n
= i=1 Ri
R1
R R = 1 [(1 R1)(1 R2)]
R2
parallel = 1 - ni=1 (1 - Ri )

Failure Rate

1 = 1 + 2

2 ni=1 i

= (-ln R) / t
1
2
E.g.
The water flow to a chemical reactor cooling coil is
controlled by the system :

FIC
Pump

Flow Control
meter Valve

The flow is measured by a differential pressure (DP)


device, the controller decides on an appropriate
control strategy and the control strategy and the
control valve manipulates the flow of coolant.
Determine the overall failure rate, the unreliability,
and the MTBF for the system. Assume a one year period
of operation.
Given : Failure rate, (faults/year)
Control valve : 0.6
Controller : 0.25
DP Cell : 1.41
Solution :
Component R = e -t P=1-R
Control valve 0.60 0.55 0.45
Controller 0.25 0.75 0.25
DP Cell 1.41 0.24 0.76
The overall reliability for components in series :
R = ni=1 Ri
= (0.55)(0.75)(0.24)
= 0.10
The failure probability
P = (1 R)
= 1 0.1
= 0.90 / year
The overall failure rate :
R = e -t since t = 1 year
0.10 = e -
= - ln (0.10)
= 2.30 failures / year
MTBF = 1 /
= 1 / 2.30
= 0.43 years
This system is expected to fail on the average once every
0.43 years.
Revealed And Unrevealed Failures
E.g . Emergency alarms and shut down systems are
used only when a dangerous situation occurs.
It is possible for the equipment to fail without the
operator being aware of the situation.

Unrevealed failure
- Without regular and reliable equipment testing, alarm
and emergency system can fail without notice.
- Failure that are immediately obvious revealed
failures.
- E.g. flat tire obvious to driver.
Spare tire in the trunk might also be flat without the
driver being aware of the problem until it is needed.
Component
Repaired
Component fails
Component Status Operational Component repaired

Failed To
Tr

MTBF

Time

Component cycles for revealed failures. A failure


requires a period of time for repair.
To : The time the component is operational (period of
operation)
Tr : Period of inactivity or downtime (after a failure
occurs)
MTBF : Mean Time Between Failure is the sum of To and
Tr.
For revealed failures the period of down time for a
particular component is :
Tr = (1/n) ni=1 Tri
Where :
n = No. of time the failure or inactivity occurred.
Tri = Period for repair for a particular failure.
Similarly ;
To = (1/n) ni=1 Toi
To = Period of operation ( time before failure )
Toi = Period of operation between a particular set of
failures.
MTBF = 1/ = Tr + To

MTBF = Sum of the period of operation and the repair


period.
DISPERSION
Dispersion describes the airborne
transport of toxic materials away from
the accident site and into the plant and
community.
Catastrophic release of maximum
amount of material;
Rupture of a 2 or 3 inch liquid line
Tank truck rupture on a highway (3
or 4 inch hole size)
Entire source vessel inventory
spilled
After a release, the airborne
toxic is carried away by the wind in
a characteristic plume as shown in
Fig. 1 or a puff as shown in Fig. 2.
Fig. 1: Characteristic plume formed
by a continuous release of material
Fig. 2: Puff formed by near
instantaneous release of material
The maximum concentration of
toxic material occurs at the release
point (which may not be at ground
level). Concentrations downwind
are less, due to turbulent mixing
and dispersion of the toxic
substance with air.
Parameters Affect
Atmospheric Dispersion
A wide variety of parameters affect
atmospheric dispersion of toxic
materials:
wind speed
ground conditions, buildings, water,
trees
height of the release above ground
level
(i) Wind speed

As the wind speed increases, the plume


in Fig. 1 becomes longer and narrower;
the substance is carried downwind faster
but is diluted faster by a larger quantity
of air.
ii) Ground conditions,
buildings, water, trees
Ground conditions affect the
mechanical mixing at the surface
and the wind profile with height.
Trees and buildings increase mixing
while lakes and open areas
decrease it.
Height of the release above
ground level
The release height significantly affects
ground level concentrations. As the
release height increases, ground level
concentrations are reduced since the
plume disperses a greater distance. This
is seen in Fig. 3.
Fig. 3: Increased release height decreases
the ground concentration
BOILING LIQUID
EXPANDING VAPOR
EXPLOSIONS (BLEVE)
A boiling liquid expanding vapor
explosion (BLEVE) is a special type of
accident that can release large quantities
of materials.
If the materials are flammable, a VCE
might result; if toxic, a large area might
be subjected to toxic materials.
For either situation, the energy released
by the BLEVE process itself can result in
considerable damage.
BLEVE occurs when a tank containing a
liquid ruptures; resulting in the explosive
vaporization of a large fraction of the tank
contents.
BLEVEs are caused by the sudden
failure of the container due to any cause.
The most common type of BLEVE is
caused by fire.
STEPS TO BLEVE
1) A fire develops adjacent to a tank containing a liquid;
2) The fire heats the walls of the tank
3) The tank walls below liquid level are cooled by the
liquid, increasing the liquid temperature and the
pressure in the tank.
4) If the flames reach the tank walls or roof where there
is only vapor and no liquid to remove the heat, the
tank metal temperature rises until it loses its
structural strength.
5) The tank ruptures, explosively vaporizing its
contents.
If the liquid is flammable and a fire is the
cause of the BLEVE, it may ignite as the
tank ruptures.
Often, the boiling and burning liquid
behaves as a rocket fuel, propelling
vessel parts for great distances.
When a BLEVE occurs in a vessel, only a
fraction of the liquid vaporizes; the
amount depends on the physical and
thermodynamic conditions of the vessel
contents.
BLAST DAMAGE DUE TO
OVERPRESSURE
The explosion of a dust or gas results in a
reaction front moving outwards from the
ignition source preceded by a shock wave.
After the combustible material is consumed,
the reaction terminates, but the pressure wave
continues its outward movement.
A blast wave is composed of the pressure
wave and subsequent wind. It is the blast wave
that causes most of the damage.
Blast damage is based on the
determination of the peak
overpressure resulting from the
pressure wave impacting on a
structure.

Significant damage is expected for


even small overpressures.
Damage Produced By
Overpressure Table 1
Overpressure Damage
(Psig)
0.03 Large glass windows under strain broken
0.7 Minor damage to house structure
1 Partial demolition of houses, made uninhabitable
3 Steel frame building distorted and pulled from
foundations
3-4 Rupture of oil storage tanks
5-7 Complete destruction of houses
10 Total destruction of buildings
Experiments with explosives have
demonstrated that the overpressure can
be estimated using an equivalent mass of
TNT (explosive substance), denoted by
mTNT, and using the distance from the
ground zero point of the explosion,
denoted by r. The empirically derived
scaling law is:
ze = r / mTNT1/3
Example:
One kg of TNT is exploded. Compute the
overpressure at a distance of 30 m from
the explosion.

Solution:
The value of scaling parameter:
ze = r / mTNT1/3
= 30 m / (1.0 kg)1/3
= 30 m kg -1/3
Graph 1: Correlation between
overpressure and scaled distance
From graph 1, the overpressure is
estimated to be 2.4 kPa = 0.35 psi. This
is enough overpressure to shatter glass
windows.
MISSILE DAMAGE

An explosion occurring in a confined vessel or


structure can rupture the vessel or structure
resulting in the projection of debris over a wide
area.
This debris, or missiles, can cause appreciable
injury to people and damage to structures and
process equipment. Unconfined explosions
also create missiles by blast wave impact and
subsequent translation of structures.
Missiles are frequently a means by which
an accident propagates throughout a
plant facility. A localized explosion in one
part of the plant projects debris
throughout the plant.
This debris strikes storage tanks, process
equipment, and pipe lines, resulting in
secondary fires and explosions.
BLAST DAMAGE TO
PEOPLE
People may be injured by explosions
from direct blast effects (including
overpressure and thermal radiation) or
indirect blast effects (mostly missile
damage).
Blast damage effects are estimated using
probit analysis.
Example:
A reactor contains the equivalent of 10,000 Ib
of TNT. If it explodes, estimate the injury to
people and the damage to structures 500 ft
away.

Solution:
The scaled distance;
ze = r / mTNT1/3
= 500 ft / (10,000 Ib)1/3
= 23.2 ft / Ib 1/3
From graph (similar graph but with different
unit); overpressure is 1.8 psi. This indicates the
houses will be severely damaged at this
location (type of damage: refer to earlier table).
Injury to personnel is determined using probit
equations from Table 2.
Table 2 lists a variety of probit equations for a
number of different types of exposures.
The probit variable Y is given as:
Y = k1 + k2 In V
where k1 and k2 are probit parameters and V
represents the causative factor.
Probit Equations Table 2
The probit equation for deaths due to
lung hemorrhage is:
Y = -77.1 + 6.91 In P
And the probit equation for eardrum rupture
is:
Y = -15.6 + 1.93 In P
Where P is the overpressure in N/m2.
P = [1.8 psi / 14.7 psi/atm][101325
N/m2/atm]
= 12,400 N/m2
Substituting into the probit equations:

YDeaths = -77.1 + 6.91 In (12,400) = -11.9

YEardrums = -15.6 + 1.93 In (12,400) = 2.59

Table 3 and Graph 2 convert the probit to


percentages. The result shows that there are
no deaths and less than 0.1 percent of the
exposed people suffer eardrum ruptures. This
assumes complete conversion of explosion
energy.
Table 3 Probit to Percentages
Graph 2: Probit to percentages
Presence of Chemicals
(Organic Solvents)

Fire Explosion

Impact
-Need to understand :
Fire and explosion properties of material
Nature of the fire and explosion process
Procedures to low fire and explosion hazards.
FIRE

Ignition
Source
Fuels
- Liquids gasoline, acetone, ether, pentane
- Solids wood dust, fibers, plastics
- Gases Acetylene, propane, CO, H2
Oxidizers
- Gases O2, Fl2, Cl2
- Liquids H2O2, H2NO3
- Solids metal peroxides, ammonium nitrite
Ignition Sources
- Sparks
- Flames
- Static Electricity
- Heat
Rate of energy release.
Fires slow
Explosions very rapidly

Explosion
Fires
Liquids
- Major physical properties used is flash point
to determine the fire and explosion hazards
of liquids.
- What is flash point?
- The lowest temperature where liquids give up
enough vapor to form flammable mixture in
the atm.
flash point , P
Flash points can be estimated for multi
component mixtures if only one component
and if the flash point of the flammable is
known.
Flash point temperature is estimated by
determining the temp. at which the vapor
pressure of the flammable in the mixture is
equal to the pure component vapor pressure
at its flash point.
Vapors
-flammable limits are determined experimentally
in a specially designed closed vessel apparatus.
- Vapor air mixtures of known concentration
are added and then ignited.
- The maximum explosion pressure is measured.
- Repeated the test with different concentrations
to establish the range of flammability for the
specific gas.
10

Explosion Pressure
(bar)

LEL UEL

0 Concentration of flammable10
gas (vol%)

Figure : Flammability limits for a


typical vapor
Vapor Mixtures
LFL mix = 1
Yi / LFLi
LFLi = Lower flammable limit for component I
in volume % of component I in fuel and air
Yi = mole fraction of component i on a
combustible basis
n = No. of combustible species
UFL mix = 1
Yi / UFLi
UFLi = upper flammable limit for component I
in volume % of component i in fuel and air.

Combustion occurs :
LFL < Composition < UFL
Example
Gas mixture

Vol% Yi LFLi %vol UFLi%vol


Hexane 0.8 0.24 1.1 7.5
Methane 2.0 0.61 5.0 15
Ethylene 0.5 0.15 2.7 36
Total
combustibles (3.3)
Air (96.7)
LFL mix = 1
Yi / LFLi
= 1
(0.24/1.1) + (0.61/5.0) + (0.15/2.7)
= 2.53% ( by volume total
combustibles)

UFLmix =1/[(0.24/7.5) + (0.61/15) +


(0.15/36.0)]
= 13.0% by volume total combustibles

Since the above mixture contains 3.3% total


combustibles, it is flammable.
LFLT = LFL25 [ 1 [0.75(T 25)/HC]]
UFLT = UFL25 [ 1 + [0.75(T 25)/HC]]

HC = Net heat of combustion (kcal/mode)


T = C
UFLp = UFL + 20.6 (log P + 1)
P = Pressure ( mega pascal absolute)
UFL = upper flammable limit ( vol% of fuel plus
air at 1 atm)
Explosion behaviour depends on :
- Ambient temperature
- Ambient pressure
- Composition of explosive material
- Physical properties of explosive material
- Nature of ignition source ; type, energy,
duration
- Geometry of surroundings;
confined/unconfined
- Amount of combustible material
Physical Explosions:
- Bursting of vessels due to pressure (e.g.
steam boiler).
Chemical Explosions:
- e.g. plant & vessels
- Due to exothermic reaction occurring
internally involve decomposition of unstable
substances.( e.g. polymerization) of
monomers -heating & increase in
composition - pressure burst vessel
1) Failure of vessel at normal working pressure.
Why??
- Inadequate design or construction/support.
- Prevention??
- Adherence to design codes.
- Selection of suitable materials.
- Inspection to ensure proper construction
- Have pressure testing
Assignment
2 3 pages on design codes!!
2) Failure at normal working pressure through
deterioration by corrosion, fatigue
Protection??
- Regular inspection and non-destructive
testing
3) Failure due to over pressurization
Protection??
- Install pressure control and overpressure
relief.
4) Failure due to internal overheating resulting
in over pressurization and mechanical
weakening of vessel.
Protection???
- Install temperature control & overpressure
relief.
5) Failure due to external overheating by fire
leading to over pressurization and
mechanical weakening of vessel.
Protection??
Fire prevention, fire resistant insulation,
spray cooling, or vapour pressure relief.
6) Impact of vehicles, cranes.
- Put barriers and guard rails.
Self reaction decomposition and
polymerisation of substances.
Controls???
- Control temperature below self accelerating
decomposition value.
- Use chemical stabilisers and inhibitors.
- Venting, dumping to a safe place.
- Segregation in a safe place(e.g. explosion
cell, with ventilation and fire protection).
- Avoidance of decomposition or
polymerization catalysts.
VAPOR CLOUD
EXPLOSIONS (VCE)
The most dangerous and destructive
explosions in the chemical process
industries. These explosions occur by a
sequence of steps:
1. Sudden release of a large quantity of
flammable vapor. Typically this occurs when
a vessel containing a superheated and
pressurized liquid, ruptures.
2. Dispersion of the vapor throughout the plant
site while mix with air.
3. Ignition of the resulting vapor cloud.
Example: Flixborough accident
A sudden failure of a 20-inch
cyclohexane line between reactors led to
vaporization of an estimated 30-tons of
cyclohexane. The vapor cloud dispersed
throughout the plant site and was ignited
by an unknown source 45 seconds after
the release. The entire plant site was
leveled and 28 people were killed.
A summary of 29 VCEs over the period 1974-
1986 shows property losses for each event of
between $5,000,000 to $100,000,000 and 140
fatalities (an average of almost 13 per year).
VCEs have increased in number due to an
increase in inventories of flammable materials
in process plants and operations at more
severe conditions.
Any process containing quantities of liquefied
gases, volatile superheated liquid, or high
pressure gases is considered a good candidate
for a VCE.
VCEs are difficult to characterize,
primarily due to the large number of
parameters needed to describe the
event.
Accidents occur under uncontrolled
circumstances. Data collected from the
real events are mostly unreliable and
difficult to compare.
Parameters that affect
VCE Behaviour
Quantity of material released
Fraction of material vaporized
Probability of ignition of the cloud
Distance travelled by the cloud prior to ignition
Time delay before ignition of cloud
Probability of explosion rather than fire
Location of ignition source with respect to
release.
Quantitative studies have shown that:
a) The ignition probability increases as the size
of the vapor cloud increases
b) Vapor cloud fires are more common than
explosions
c) The explosion efficiency is usually small; 2%
of the combustion energy is converted into a
blast wave
d) Turbulent mixing of vapor and air, and
ignition of the cloud at a point of release,
increases the impact of the explosion.
Control Measures for VCE
Prevent the release of material a large cloud of
combustible material is very dangerous and almost
impossible to control, despite any safety systems to
prevent ignition.
Keep low inventories of volatile, flammable materials
Use process conditions which minimize flashing if a
vessel or pipeline is ruptured
Use analyzers to detect leaks
Install automated block valves to shut systems down
while the spill is in the incipient stage of development.
Reduce workplace exposures reduce health
hazards
oSubstitution
oAttenuation
oIsolation
oIntensification
oEnclosures
oLocalventilation
oWet methods
oGood housekeeping
oPPE
Use chemicals and equipment which are less
hazardous;
o Use solvents that are less toxic
o Use chemicals with higher flash points,
boiling points and other less hazardous
properties.
o Use water as a heat transfer fluid instead of
hot oil.
Use chemicals under conditions which make
them less hazardous;
o Reduce process T & P
o Refrigerate storage vessels
o Dissolve hazardous material in safe solvent
o Operate at conditions where reactor runaway
is not possible.
Isolate equipment and / or sources of hazard;
o Place control rooms away from operations
o Separate pump room from other rooms
o Barricade control rooms and tanks
Reduce quantity of chemical:
o Change from large batch reactor to smaller
continous reactor
o Reduce storage inventory of raw materials
Enclose room or equipment
o Enclose hazardous operations like sample
points
o Shield high T surfaces.
Design ventilation systems to control low level
toxics;
o Use properly designed hoods
o Use hoods for charging and discharging
Design ventilation systems to control low level
toxics;
o Design locker rooms with good ventilation
and special areas or enclosures for
contaminated clothing.
o Design ventilation to isolate operations from
rooms and offices.
Use wet methods to minimize contamination
with dusts;
o Clean areas frequently
o Use water sprays for cleaning
Keep toxics and dusts contained:
o Provide lines for flushing and cleaning
o Provide well-designed sewer system with
emergency containment.
Last line of defence:
o Use goggles and face shields
o Use approns, arm shield and space suits
o Wear appropriate respirators