CHAPTER 11 TUGAS K3 DALAM INDUSTRI KIMIA RISK ASSESSMENT CHEMICAL PROCESS SAFETY – Fundamentals with Applications, 2 nd Edition Daniel A. Crowl/Joseph

CHAPTER 11

TUGAS K3 DALAM INDUSTRI KIMIATUGAS K3 DALAM INDUSTRI KIMIA

RISK ASSESSMENTRISK ASSESSMENTCHEMICAL PROCESS SAFETY – Fundamentals with Applications, 2nd Edition

Daniel A. Crowl/Joseph F. Louvar

SITI SITAWATI (NPM : 1006735574)Rev. 1 - 22 April 2011

DEPARTEMEN TEKNIK KIMIA - PROGRAM STUDI MANAGEMEN GASPROGRAM PASCA SARJANA - UNIVERSITAS INDONESIA

CONTENTSCONTENTS

11-1 Review of Probability Theory

11-2 Event Trees

11-3 Fault Trees

11-4 Quantitative Risk Analysis (QRA) & Layers of Protection Analysis (LOPA)

11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORY

R(t) = e-t (11-1)

Probability that the component will not fail during the time interval (0,t):

Where:R = reliability = faults/timet = time

EQUIPMENT FAILURES

Occur as a result of interaction of individual components

POISSON DISTRIBUTION


Plot Failures:

(a) Failure Rate, (b) Failure Density, f(t)(c) Failure Probability, P(t)(d) Reliability, R(t)

FAILURE PROBABILITY (UNREALIBILITY)


Time interval between two failures of the component

P(t) = 1 – R(t) = 1 - e-t (11-2)

E(t) = MTBF = 1 / (11-3)

MEAN TIME BETWEEN FAILURES


Typical Bathtub Failure Rate Curve for Process Hardware

Failure probabilities for individual components:


Where:n = total number of components Pi = failure probability of each component

P = Pi (11-4)

Reliability probabilities for individual components:

RRi

Where:Ri = reliability of an individual process componentR = (Ri)

11-1 REVIEW OF PROBABILITY THEORY11-1 REVIEW OF PROBABILITY THEORYFailure Rate Data for Selected Process Components


•Simultaneous failure in parallel: logical AND function. •Simultaneous failure in series: logical OR function

Computation of Component Linkage :

Revealed Failures


Immediately obvious to operator and can be fixed in a negligible amount of time

Component Cycles for Revealed Failures

Unrevealed Failures


Component Cycles for Unrevealed Failures

Without operator being aware of the situation until it affects


Mean time between failures (MTBF) for revealed and unrevealed:

MTBF = 1 / = r + 0 (11-12)

Where:0 = time that the component is operational, period of operationr = period of inactivity/downtime = inspection interval


Probability of Coincidence:Is required when there are dangerous due to process upset occurs and unavailability of emergency system

Average frequency of dangerous episode:

Where:d = dangerous frequency = frequencypd = dangerous process episodeU = unavailability of emergency systemTi = time interval


Mean Time Between Coincidence (MTBC):Reciprocal average frequency of dangerous coincidences

Where:d = dangerous frequency = frequency = failure rate (failure/year)i = inspection period (year)

EVENT TREES

11-2 EVENT TREES11-2 EVENT TREES

Inductive approach that provides information on how a failure can occur and the probability of occurrence

•Used quantitatively if data are available on the failure rates of the safety function and the occurrence rate of the initiation event.

•Useful for providing scenarios of possible failure modes.

•Difficulty is that for most real processes the method can be extremely detailed, resulting in huge event tree.


Event trees begin with an initiating event and work towards a final result with typical steps:

•Identify an initiating event of interest

•Identify the safety functions designed to deal with the initiating event

•Construct the event tree

•Describe the resulting accident event sequences


EVENT TREE for loss of coolant accident for reactor:


Computational Sequence in an Event Tree


Typical Event Tree of a Reactor

11-3 FAULT TREES11-3 FAULT TREES

Is a deductive method for identifying ways in which hazards can lead to accidents:

Well-defined accident top event works backward toward the various scenarios that can cause the accident

Preliminary steps before actual fault tree is drawn:•Define precisely the top event•Define existing event•Define unallowed events•Define the physical bounds of the process•Define the equipment configuration•Define the level of resolution

FAULT TREE


Typical Fault Tree Contributing to a Flat tire

11-3 FAULT TREES11-3 FAULT TREESLogic Transfer Component of a Fault Tree

11-3 FAULT TREES11-3 FAULT TREESTypical Fault Tree of Reactor Overpressure

11-3 FAULT TREES11-3 FAULT TREESMinimal Cut Set

•Is various sets of events that leads to top event.•Determined using Fussel & Vesely Procedure•Some of the minimal cut set have higher probability than others•Ordered with respect to failure probability

Quantitative Calculation Using Fault Tree

•Computation by Fault Tree Diagram, using AND gate & OR gate until top event•Computation by Minimal Cut Set Procedure

11-3 FAULT TREES11-3 FAULT TREESDrawing Fault Tree:

•Draw the top event at the top of the page

•Determine major events that contribute to the top event

•Parallel connected by AND gate ; •Series connected by OR gate

•Determine major events that contribute to the top event

•Determine intermediate events that contribute to the top event

•Expand intermediate events that contribute to the top event


Disadavantages of Fault Trees

•For complicated process becomes enormous

•Not certain if all failure modes have been considered

•A particular item of hardware does not fail partially

•Failure of one component does not stress the other components

•Subjective dependence of individuals

•Requires failure probabilities of all events in the fault tree


Advantages of Fault Trees:

•It begins with a top event, which is selected by user to be specific to the failure of interest

•Used to determine the minimal cut sets, which provides enormous insight into various ways for top events to occur

•Enables application of computers, which is available for construct fault trees, determining minimal cut set, calculating failure probabilities

11-4 QRA & LOPA11-4 QRA & LOPA

Quantitative Risk Analysis

•Identify where operations, engineering, or management systems can be modified to reduce risk.

•Design to provide managers with a tool to help them evaluate the overall risk of a process.

•Evaluate potential risks when qualitative methods cannot provide an adequate understanding of risks

•Relatively complex procedure that requires expertise and a substantial commitment of resources and time.

11-4 QRA & LOPA11-4 QRA & LOPAMajor steps of QRA study include:

•Define potential event sequences and potential incidents

•Evaluate incident consequences (typical tools for this step include dispersion modeling and fire explosion modeling)

•Estimate potential incident frequency using event trees and fault trees

•Estimate incident impacts on people, environment, and property, and

•Estimate the risk by combining the impacts and frequencies, and recording the risk using a graph

11-4 QRA & LOPA11-4 QRA & LOPALayer of Protection Analysis•Semi-quantitative too for analyzing and assessing risk

•Simplified methods to characterize the consequences and estimate the frequencies,

•Various layers of protection are added to a process to lower frequency of the undesired consequences

•Consequences and affects are approximated by categories, the frequencies are estimated, and the effectiveness of the protection layers is also approximated.

•Individual companies use different criteria to establish the boundary between acceptable and unacceptable risk.

11-4 QRA & LOPA11-4 QRA & LOPATypical Layer of Protection Analysis of a Specific Accident Scenario

11-4 QRA & LOPA11-4 QRA & LOPAMajor steps of QRA study include:•Identify a single consequence•Identify an accident scenario and cause associated with the consequence•Identify the initiating event for the scenario and estimating the initiating event frequency•Identify protection layers available for consequence and estimating the probability of failure on demand (PFD) for each protection layer•Combining the initiating event frequency with the PFD for the independent protection layers to estimate a mitigated consequence frequency•Plotting the consequences versus the consequence frequency to estimate the risk •Evaluating the risk for acceptability


ConsequenceMost common scenario of interest for LOPA is loss of containment of hazardous material occurred through variety of incidents such as leak from a vessel, ruptured pipeline, gasket failure, release from a relief valve Consequences are estimated using the following methods:•Semi-quantitative approach without the direct reference to human harm •Qualitative estimates with human harm•Quantitative estimates with human harm

11-4 QRA & LOPA11-4 QRA & LOPASemi-Quantitative Consequences Categorization

11-4 QRA & LOPA11-4 QRA & LOPAFrequency

Methods to determine frequency includes the following steps:•Determine failure frequency of initiating event•Adjust the frequency to include the demand•Adjust the failure frequency to include probabilities of failure on demand (PFDs) for each independent layer of protection

Probabilities of failure on demand (PFD) for each independent protection layer (IPL) varies from:

•10-1 for a weak IPL•10-2 for a common practice IPL•10-5 for a strong IPL

11-4 QRA & LOPA11-4 QRA & LOPAThree rules for classifying a specific system or action of an IPL:

•IPL is effective in preventing the consequence when it function as designed

•IPL functions independently of the initiating event and the components of all other IPLs that are used for the same scenario

•IPL is auditable, that is, the PFD of the IPL must be capable of validation including review, testing, and documentation

11-4 QRA & LOPA11-4 QRA & LOPAFrequency Values Assigned to Initiating Events

11-4 QRA & LOPA11-4 QRA & LOPAPFD concept is used when designing emergency shutdown system called safety instrumented functions (SIFs).

A SIF achieves low PFD figures by:

•Using redundant sensors and final redundant control elements

•Using multiple sensors with voting systems and redundant final control elements

•Testing the system components at s specific intervals to reduce the PFD by detecting hidden failures

•Using deenergized trip system (i.e., a relayed shutdown system)

11-4 QRA & LOPA11-4 QRA & LOPAPFDs for Passive IPLs

11-4 QRA & LOPA11-4 QRA & LOPAPFDs for Active IPLs and Human Actions

11-4 QRA & LOPA11-4 QRA & LOPAConsequence Frequency of Specific Scenario Endpoint

Consequence Frequency of Multiple Scenario Endpoint

Where:


Safety Integrated Levels (SILs) for emergency shutdown system:

•SIL1 (PFD = 10-1 to 10-2): implemented with a single sensor, a single logic solver, a single final control element, and requires periodic proof testing

•SIL2 (PFD = 10-2 to 10-3): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires periodic proof testing

•SIL3 (PFD = 10-3 to 10-4): typical fully redundant, including the sensor, a single logic solver, a single final control element, and requires careful design and frequent validation test to achieve low PFD figures.

THANK YOU

Documents

CHAPTER 11 TUGAS K3 DALAM INDUSTRI KIMIA RISK ASSESSMENT CHEMICAL PROCESS SAFETY – Fundamentals with Applications, 2 nd Edition Daniel A. Crowl/Joseph