Fault Tree Analysis

Part 5: Digraph-Based Fault Tree Synthesis Procedure (Multiple Loops)

HEAT EXCHANGER WITH MULTIPLE FEEDBACK LOOPS

HOT

V 2 A.C.

COLD8

9

6

3

T

4

5

SET PT.

AIR

SUPPLY

1021

7

TRC

V 1

A. O.

T3

T3

MULTIPLE FEEDBACK LOOP OPERATOR

IF the Output Variable Is On Two NFBLs of Equal Power and Speed

Output (Value)

OR

Large or

Fast Disturbances

Off both Loops

Loops

Pass

Disturbances

A

AND

OR OR

Inputs (Value)

(Off both NFBLs)

Inact Both Loop I Causes

Loop II Normal

Loop I Normal

Loop II CausesAND

OR

Inact Loop I

OR

Inact Loop II

AND

EOR

Loop I

Causes

Loop II

OK

(prob = 1)

AND

Loop I

OK

(prob = 1)

EOR

Loop II

Causes

Disturbances Inactive Loops

A

OR

BOTH

CAUSE

Loop I Inact.

Loop II Cause

Loop I Cause

Loop II Inact.

AND

EOR EOR

Loop I

Causes

Loop II

Causes

AND

EOR OR

Loop I

Causes

Loop II

Causes

AND

EOR

Inact.

Loop II

OR

Inact.

Loop I

T4(+1)

OR -1

T3(+1)

OR -2

OR -3

Fire atHx(+10)

T2(+10)

OR -14

T1(+10)

T9(+10)OR -15

T8(+10)

2 NFBL

AND -16

OR -4

(page 1)

(page 2)

(page 3)

AND -16

OR -17

Fire atHx (+1)

T2(+1)

OR -20

T1(+1)

T9(+1)

OR -21

T8(+1)

OR -18

AND -19

-9Loop IInactive

-11Loop IIinactive

-6Loop Icause

-7Loop IIcause

(page 2)

(page 3) (page 3)

(page 3) (page 3)

OR -4

AND -8 AND -10 AND -5

EOR -6 EOR -7

M2(+1)(page A)

M9(-1)(page B)

-7 OR -9

OR -12

V1stuck

TRCstuck

TRC onmanual

Sensorstuck

-6

OR -11

OR -13

V2 stuck

TRCstuck

TRC onmanual

Sensorstuck

(page 3)

2M ( 1)

OR

OR

1M ( 10)

1VFalls

Open

(+1)

AND

OR

1M ( 1)

-23

-12

-25

-26

EOR

1V

Reversed7

P ( 1)

OR

OR

Set

Point

(+1)

Air

Press.

(+10)

TRC

Falls

High

(+1)

AND

Air

Press.

(+1)

OR

TRC

Stuck

TRC

On

Manual

Sensor

Stuck

EOR

TRC

Reversed5

P ( 1)(page C)

-22

-24

-27

-28 -29 -30

-31

1 NFBL

1 NFBL

(page A)

9M ( 1)

OR

OR

8M

(-10)

2V

Falls

Closed

(+1)

AND

OR

8M(-1)

EOR

2V

Reversed

6P ( 1)-13

-39

-38

-36

-40-37

OR

OR

Set

Point

(+1)

Air

Press.

(+10)

TRC

Falls

High

(+10)

AND

Air

Press.

(+1)

OR

TRC

Stuck

TRC

On

Manual

Sensor

Stuck

EOR

TRC

Reversed5

P ( 1)

-32

-45

-44

-43

-41

-42

1 NFBL

1 NFBL

(page B)

(page C)

(page 3)

OR

OR EORAND

Temp.

Sensor

Fails Low

(+1)

-33 -34 -35

-322 NFBL

(page C)

P5(-1)

T3(-1)No reversegain

[Example] TANK PRESSURIZATION PROBLEM

This process separates a two-phase stream (stream 1) into vapor (stream 2) and liquid (stream 3) using a flash tank. Level in the tank is controlled by a negative feedback loop through a level controller. A pressure sensor monitors the tank pressure which is relayed back to the control room. Should the operator see a high pressure on the indicator, he is instructed to manually open valve V1 which drains the tank and reduces the pressure. The relief valve is designed to vent the vapor portion of the tank mixture when high tank pressure is encountered.

P

1

L

V1

RV

7

2

5

LC

4

3 6 A.O.

• TOP EVENT:

• Normal Conditions:

Flow in stream 1, 2, and 3. Tank 50% full. Level controller on automatic. Relief valve and V1closed.

• Equipment Behavior:

Level Sensor : P5 increases when level increases. The sensor has stuck during operation.

Level Controller: P4 increases when P5 increases. The controller set point may be changed. The controller may be switched to manual operation.

Control Valve : Increasing P4 causes the valve to open.

Valve V1: The valve is manually operated. It may stick.

Relief Valve : The valve may fail shut. If the relief valve is full of liquid, it will not vent the system fast enough.

)10(TANKP

PLUGIN LINE 2

2P

1P

OPERATORACTION TK

P RVP

0 ( RV FAILS CLOSED)

LOOP II

0 ( L = +10)

70 (P +10)

+10+1

+1

TK+1 (P = +10)

V1P

0 (PRESSURE SENSOR) INOPERATIVE

0 (O

PER

AT

OR

OP

EN

S

WR

ON

G V

AL

VE

)

0 (V

1 S

TU

CK

)

+1

L

(OPERATOR DOES NOTSEE PRESSURE INDICATOR)

1M

5P

+1

+1

4P

(LEVEL SENSOR STUCK)

0

+1

LEVEL SETPOINT

+1

-1

0

(CO

NTR

OLLER

ON

MA

NU

AL)

3M

6M

+1

+1

-1

-10

LOOP I

LOOP III

+1 )10( TKP

-1

0

LOOP I

LOOP I

LOOP II

LOO P III

TKP ( 10)

OR

AND OR(See Page 2)

OR OR

(Loops Pass

Disturbance)

RVP (-10)L (+10) AND

OR

TKP ( 10)

(See Page 2***)

Loop II

cause

Loop I

cause

OR

RVP (0)

TKP (0)

L (+10)RV

Falls

Closed

7P ( 10)

L (0)

OR

VIP (0)

OR

Plug In

Line 2

V1

Stuck

Operator

Action (0)

Operator Opens

Wrong Valve

OR

Pressure Sensor

Inoperative

Operator does not See

Pressure Indicator

2P ( 10)

1P ( 10)

2 NFBL

No

Uncontrollable

Disturbances!

( Loops Cause )

Loop II

inactive

Loop I

inactive *

**inconsistent

(page 1)

( Loops Cause )OR

AND

L (+10)

OR

( Done )

*** L (+10)7

P ( 10) RV

Falls

Closed

RVP (0)

OR

AND

OR VIP (0)

( Done )

**( See Page 1 )

1M ( 10)

3M ( 10)

OR

6M ( 10)

4P ( 10)

OR

Level

Set Pt.

(+10)

5P ( 10)

L (-10)

AND

L (0) RVP (-10)

( Done )

*( See Page 1 )

TKP ( 10)

AND

L (+10)

( Done )

***

RVP (-10)

TKP ( 10)

TKP (0)

(page 2)

***1 NFBL

Isolation valveClosed in error

Loop I causeLoop II inactive

Loop I inactiveLoop II cause

Both cause