What to do when nothing has happened?

What to Do When NothingHas Happened?Raymond ‘‘Randy’’ FreemanS&PP Consulting, Houston, TX 77041; [email protected] (for correspondence)

Published online 28 June 2011 in Wiley Online Library (wileyonlinelibrary.com). DOI 10.1002/prs.10463

Often, during a layer of protection analysis (LOPA)or a quantitative risk analysis (QRA) study, historicalinformation indicates no occurrences of a particularundesired event in the plant or system. The simplereply that the frequency or rate is zero because theevent has never happened is sometimes heard by theanalyst during review meetings. The analyst must thendecide on an appropriate measure of the frequency ofthe undesired event. This article presents methodsbased on statistical tools for developing a measure ofthe frequency or failure rate of an event when the his-torical information includes no occurrences of theevent. The article compares the various available sta-tistical tools. Guidance is presented on methods toincorporate historical information of no failures intoa LOPA or QRA study. Examples on the application ofthe recommended methods to deal with the problemare presented. � 2011 American Institute of ChemicalEngineers Process Saf Prog 30: 204–211, 2011

Keywords: Risk analysis, LOPA, historical data

BACKGROUNDDuring a layer of protection analysis (LOPA) [1]

review, the team must assign initiating event frequen-cies. The assignment of the initiating event frequen-cies is often done using standard tables. Many timesthe LOPA team is presented with historical informa-tion on the occurrence of the initiating event such as:

Chief Operator Speaking, ‘‘I have been assigned tothis process unit since it was started up over 25 yearsago. The event you are describing has never occurred.’’

Process Engineer Speaking, ‘‘We have reviewed allof the incident reports for the past 20 years as well asall the near miss reports. We can find no history toindicate that this event has ever occurred.’’

Maintenance Supervisor Speaking, ‘‘We have pulledthe past 10 years of maintenance log books, workorders and project requests for this area of the plant.There is no record of a request, work order or modi-fication request that would indicate that the eventdescribed has ever occurred.’’

What is the LOPA team leader to do with this infor-mation? Simply assigning an initiating event frequencyof zero ignores the possibility that the event couldhappen tomorrow. This article presents statistical toolsfor dealing with this situation that can be applied dur-ing a typical LOPA study team meeting by the teamleader. In this article, the various estimators are identi-fied as Mi. For example, M1 represents the estimatorfor the failure rate presented in Eq. 1 below.

METHOD 1—ASSUME THAT THE EVENT HAS ACTUALLY HAPPENEDIf there are n years of history with no history of

occurrence, one could assume that one event hasoccurred. This is equivalent to stating that the historyterminated the instant before a failure would haveoccurred. The event frequency would be:

M1 ¼ k ¼ 1=n ð1Þ

As the sample size is small and the occurrence ofthe event of concern is a discrete variable (yes orno—1 or 0), the ‘‘correction for continuity’’ [2] issometimes used. This approach simply splits the dif-ference between 1 and 0 and says that the event hasoccurred ½ time in the n years of history. The eventfrequency becomes:

M2 ¼ k ¼ 1=ð2nÞ ð2ÞMETHOD 2—BAYESIAN APPROACH

A different approach is to use Bayesian analysis todevelop an estimate of the event frequency or failurerate. Welker and Lipow [3] developed a Bayesian esti-mate of the ‘‘best guess’’ or maximum likelihood esti-mate for the value of k.

Welker and Lipow formulated the Bayesian prob-lem for establishing the failure rate k as:

wðkjc ¼ f Þ ¼ Pðc ¼ f jkÞwðkÞPðc ¼ f Þ ð3Þ

where c is the number of observed failures in a testof duration T, f is the number of observed failures in� 2011 American Institute of Chemical Engineers

204 September 2011 Process Safety Progress (Vol.30, No.3)

a particular test, k is the failure rate of the device.(This is what we desire to find.), w(k) is the prior dis-tribution or the assumed density function of k, P(c 5f|k) is the conditional probability of observing f fail-ures given k, P(c 5 f) is the unconditional probabilityof observing f failures based on the assumed priordistribution, and w(k |c 5 f) is the posterior distribu-tion for k conditioned on the observation of f failures.

Using the exponential distribution fork, Welkerand Lipow completed a series of estimates for thevalue of k. They calculated an estimator for k andthen used that estimator as the prior distribution for anew estimate of k. They presented their results for anestimator for k in the form:

k ¼ k=ðnÞ ð4Þ

with k being a constant arrived at by the successiveBayesian solution for an estimator of k. Lipow andWelker found that k was between 0.24 and 0.51.They proposed the ‘‘rule of 1 over 3n’’ as a simplemethod for arriving at an estimate of k.

M3 ¼ k ¼ 1=ð3nÞ ð5Þ

Using k as 0.24, we can formulate a ‘‘rule of 1/4N’’as:

M4 ¼ k ¼ 1=ð4nÞ ð6ÞMETHOD 3—POISSON ARRIVALS OF A EXPONENTIAL FAILURE RATE

The exponential distribution is often used in reli-ability engineering to represent the failure of a de-vice. This distribution is characterized by a singleparameter, k, the failure rate. For an exponentiallydistributed random variable, the arrival process(when the device fails) is described by a Poissonprocess [4].

We are interested in the Poisson arrival processwhere no failures have occurred in a time frame of 0to t for a device with an exponential failure distribu-tion. The Poisson arrival model for this situation [5]is:

Fðc ¼ 0Þ ¼ e�k�t ð7Þ

where F(c 5 0) is the probability that no failureshave occurred in the time period 0 to t.

By setting the probability of no failures, we canestimate a limit of the value of k. Setting F(c 5 0) 50.9 yields an expression for k as:

M5 ¼ k ¼ � lnð0:9Þ=ðnÞ ¼ 0:105=n ð8Þ

Note that the specification of the probability of nofailures during the time period 0 to t is arbitrary. Ifwe were to believe that the no failures during thetime period 0 to t was a random fluke and set F(n 50) 5 0.1, the expression for k becomes:

M6 ¼ k ¼ � lnð0:1Þ=ðnÞ ¼ 2:303=n ð9Þ

METHOD 4—CONFIDENCE LIMIT ON THE FAILURE RATE, kThe first problem is to establish what the confi-

dence interval is for an exponentially distributed ran-dom variable. Kececioglu [6,7] presents a detailedderivation and mathematical proof based on thework of Epstein and Sobel [8] that demonstrates thatthe confidence interval for the exponential distribu-tion parameter k is v2 distributed with 2n 1 2degrees of freedom. The one-sided confidence limiton k when no failures have been observed in a trialof n duration is [9]:

k ¼ X2a;2=ð2nÞ ð10Þ

where Xa;22 is the value of the v2 distribution with two

degrees of freedom and a confidence level (CL)established as:

CL ¼ 1� a ð11Þ

with a being a parameter that expresses the area ofthe tail of the v2 distribution. Note that 0 < a < 1.The corresponding confidence level (CL) is thus;

1 > CL > 0 or 0 < CL < 1

Nothing in the above discussion allows for thedetermination of the desired confidence level. Typi-cally, the confidence level is set at 90% or 95%. Thevalue of the v2 distribution (Xa;2

2 ) with two degreesof freedom at a confidence level of 95% is 5.991.Therefore, the estimator for the failure rate, kbecomes:

M7 ¼ k ¼ Xa;2=ð2nÞ ¼ 5:991=ð2nÞ ð12Þ

Tobias and Trindade [10] and Caldwell [11] pro-posed using the 50% confidence level to estimate thefailure rate from a sample set that contains no fail-ures. The interpretation of this recommendation is asfollows:

‘‘Using the 50% Chi-squared failure rate as a pointestimate should be interpreted carefully; the value isnot really an average but rather a failure rate valuethat will produce zero failures half of the time.’’

The value of the v2 distribution (Xa;22 ) with two

degrees of freedom at a confidence level of 50% is1.3863 Therefore, the estimator for the failure rate, kbecomes:

M8 ¼ k ¼ Xa;2=ð2nÞ ¼ 1:3863=ð2nÞ ð13ÞMETHOD 5—BINOMIAL FAILURE LIMIT

As the outcome of a test of n years will either befailure or nonfailure, limits on the failure rate may beestimated using the properties of the binomial proba-bility distribution. The binomial probability distribu-tion [12] is given as:

FðyÞ ¼ n!

y!ðn� yÞ! pyð1� pÞn�y ð14Þ

Process Safety Progress (Vol.30, No.3) Published on behalf of the AIChE DOI 10.1002/prs September 2011 205

where p is the probability of a failure during any test.For these analyses, k 5 p, y is the number of out-comes of a failure; 0, 1, 2, 3, . . ., and n is the numberof tests or the number of years of operation.

For the case where no failures have occurred (y 50) in the test period n, the binomial distributionreduces to:

Fðy ¼ 0Þ ¼ ð1� pÞn ð15Þ

Setting a probability limit (say 0.9) and solving forp:

p ¼ 1� ½Fðy ¼ 0Þ�1=n ¼ 1� ½0:9�1=n

The estimator for the failure rate, k, becomes:

M9 ¼ k ¼ 1� ½0:9�1=n ð16Þ

Once again, establishing the confidence limit is amatter of judgment.

OTHER METHODSBailey [13] published a comparison of several

methods of arriving at an estimate of the failure ratewhen no failures have been recorded in the historicaldata. Bailey discusses the above estimators M1 (hisP4) and M3 (his P6). In addition, Bailey presentssome additional estimators. The additional estimatorsby Bailey for k are presented below. They are labeledusing his convention of Pi and with the conventionof this article (Mi) to allow the reader to easily trackthe method source.

METHOD 6—UNIFORM DISTRIBUTION BAYES ESTIMATORThis method basically states that a failure would

have occurred if the test were run for two additionaltime periods.

M10 ¼ P3 ¼ k ¼ 1=ðnþ 2Þ ð17ÞMETHOD 7—HYPOTHESIS TESTING

A hypothesis is tested based on estimating the larg-est value of k that one would fail to reject as estima-tor for k at a given significance level. This methodassumes that the distribution of failures is normallydistributed. The resulting estimator for k becomes:

M11 ¼ P5 ¼ k ¼ z2a

ðnþ z2aÞ

ð18Þ

where N is the number of tests (years of service), zais the value of the standard normal deviate at thespecified level of confidence, 1 2 a, and za is the1.6445 for a confidence level of 95% (a 5 5%).

METHOD 8—EXPLOSIVE INITIATION TEST ESTIMATEThis method is used to estimate the likelihood of

an explosive detonation due to an impact. Thismethod is based on the Binomial distribution with

F (y 5 0) set to 0.5. The resulting estimator for kbecomes:

M12 ¼ P2 ¼ k ¼ 1� ½0:5�1=n ð19ÞMETHOD 9—BEST WORST-CASE ESTIMATE

This method is based on minimizing the maximumerror using a quadratic loss function. Detailed deriva-tion of this method and associated estimator is pre-sented in the paper by Quigley and Revie [14].

M13 ¼ k ¼ 1=ð2:5nÞ ð20ÞCOMPARISON OF METHOD RESULTS

Each method presented in this article was used toestimate a value for the failure rate, k, given that nofailures have occurred. This section presents theresults of that comparison. Table 1 presents the com-parison of results for each estimation method for acase where no failure has occurred in 10 years ofoperation. The methods in the table have been cate-gorized into two groups:

Best guess—These are methods that attempt toarrive at an estimate of the central tendency of fail-ure rate. These are similar to an average value andmay be considered as estimates of the true value ofthe failure rate, k.

Confidence level—These methods rely on the use of aconfidence level to arrive at an upper value of the fail-ure rate, k. In effect, these represent an upper boundthat the failure rate should not exceed. These methodsrely on the specification of a confidence limit to arriveat the estimate. As was noted previously, the specifica-tion of the confidence level is arbitrary.

Table 2 presents the results for each estimator at n5 20. For both cases (n5 10 or 20), the binomial es-timator (M9) results in the smallest estimate for thefailure rate. In both cases, the v2 estimator for k (M7)results in the largest estimate of the failure rate.When compared to the ‘‘confidence limit’’ methods,the ‘‘best guess’’ methods generally show a signifi-cantly lower estimate of the failure rates.

Best Guess MethodsMethods M1, M2, M3, M4, M8, M9, M10, and M13

are categorized as belonging to the best guess group.These methods attempt to estimate the true value ofthe failure rate that would be obtained from a longertest. Figure 1 presents a plot of the results of the esti-mation of the failure rate by each method for timeframes as short as 1 year to 100 years. All methodsbehaved correctly. That is, each method shows a con-tinuous reduction in the estimated failure rate as thelength of the trial increases. The longer the system ordevice runs without failure, the lower the estimatedfailure rate. In the region of n 5 1–10, all estimatorssteeply rise as n decreases.

The curve labeled M3 represents the mid-range ofthe available estimation methods.

206 September 2011 Published on behalf of the AIChE DOI 10.1002/prs Process Safety Progress (Vol.30, No.3)

Confidence Limit MethodsMethods M5, M6, M7, M11, and M12 are catego-

rized as belonging to the confidence limit group.Rather than attempting to estimate the true value of

the failure rate, these methods attempt to establish anupper limit or a lower limit on the failure rate. Figure 2presents a plot of the results of the estimation of thefailure rate by these methods for time frames of 1–

Table 1. Comparison of failure rate estimators at n 5 10 years

EstimatorMi

EstimatorEquation

No.

EstimatorBaileyPaper

MethodDescriptor

MethodType

EstimatedFailure Rate(failures/year)

RatioMi/Max

RatioMi/Min

M1 1 P4 Assume 1 event happened Best Guess 0.1000 33% 10M2 2 Correction for continuity Best guess 0.0500 17% 5M3 5 Bayesian mid-range Best guess 0.0333 11% 3M4 6 Bayesian lower Best guess 0.0250 8% 2M5 8 Poisson arrival of

exponential failurelower limit

Confidence limit 0.0105 4% 1

M6 9 Poisson arrival ofexponential failureupper limit


M7 12 Chi square estimator for k Confidence limit 0.2996 100% 29M8 13 Mid-range chi square Best guess 0.0693 23% 7M9 16 Binomial Uncertainty Band Best guess 0.0105 3% 1M10 17 P3 Uniform Bayes Best guess 0.0833 28% 8M11 18 P5 Hypothesis test Confidence limit 0.2130 71% 20M12 19 P2 Explosive Initiation Confidence limit 0.0670 22% 6M13 20 Best worst case Best guess 0.0400 13% 4

Minimum estimate 5 0.0105 failures/year. Maximum estimate 5 0.2996 failures/year.

Table 2. Comparison of failure rate estimators at n 5 20 years

EstimatorMi

EstimatorEquation

No.

EstimatorBaileyPaper

MethodDescriptor

MethodType

EstimatedFailure Rate(failures/year)

RatioMi/Max

RatioMi/Min

M1 1 P4 Assume 1 eventhappened

Best guess 0.0500 33% 10

M2 2 Correction forcontinuity

Best guess 0.0250 17% 5

M3 5 Bayesian mid-range Best guess 0.0167 11% 3M4 6 Bayesian lower Best guess 0.0125 8% 2M5 8 Poisson arrival of

exponential failurelower limit


M6 9 Poisson arrival ofexponential failureupper limit


M7 12 Chi square estimatorfor k


M8 13 Mid-range chi square Best guess 0.0347 23% 7M9 16 Binomial uncertainty

bandBest guess 0.0053 4% 1

M10 17 P3 Uniform Bayes Best guess 0.0455 30% 9M11 18 P5 Hypothesis test Confidence limit 0.1192 80% 23M12 19 P2 Explosive initiation Confidence limit 0.0341 23% 6M13 20 Best worst case Best guess 0.0200 13% 4

Minimum estimate 5 0.0053 failures/year. Maximum estimate 5 0.1498 failures/year.


100 years. The curve labeled M12 represents the mid-range of the confidence limit group.

The behavior of the methods M3 and M12 is pre-sented in Figure 3. These two methods represent amid-range of the two different groups of estimators(best guess and confidence limit). Note that thesetwo estimators are within 1/2 an order of magnitudeof each other. Method M3 always will generate alower estimate than method M12.

Finally, to aid in the use of these methods, Table 3is presented giving the detailed values for eachmethod from 1 year to 100 years. This table was usedin creating Figures 1–3. This table may be usedinstead of recalculating the estimator while conduct-ing a LOPA or quantitative risk analysis (QRA) study.

RECOMMENDATION FOR LAYER OF PROTECTION ANALYSIS ANDCHEMICAL PROCESS QUANTITATIVE RISK ANALYSIS STUDIES

When confronted with statements or history thatindicates no failures, the analyst should proceed with

caution. The first question to be answered is: Is itphysically possible for the event to occur?

The maximum likelihood estimator for the casewhere no failures have occurred in n years is a fail-ure rate of zero failures per year. It may be impossi-ble for the event to occur. For example, a pump witha maximum dead-head discharge pressure 100 psigcannot open a relief valve set at 200 psig. Impossibleevents should not be included in our safety studiesby assigning them a probability of occurrence.

The second point the analyst should consider isthat there is no right answer. All of the methods pre-sented attempt to provide a nonzero estimate of thefailure rate given that no failures have occurred. Allmethods are based on a defensible statistical basis.All methods are internally consistent and behave cor-rectly with respect to increasing sample size.

The analyst should consider how uncertainty andconservatism will be handled in the study. Will safetyfactors be applied at each step of the analysis or willconservatism be applied after the numerical calcula-tions are completed?

Estimators M1 and M3 are widely used to estimatethe frequency for events that have not occurred. TheCenter for Chemical Process Safety (CCPS) [15] usesboth estimators for estimating the frequency of explo-sions in facilities where no explosion has occurred.The rule of 1/3N method (M3) has been used in USgovernment safety studies [16]. Note that estimatorM14 recently developed by Quigley and Revie provideessentially the same result as the rule of 1/3N method.Bailey recommended the use of estimator M12. Esti-mators M8 and M12 yield almost identical results.

Method M7 uses the v2 Distribution and is takenfrom the reliability data literature. This method isused to define confidence limits on failure dataobtained from production units and field applica-tions. The method relies on the specification of aconfidence level to allow for the calculations to becompleted. For most situations, this method will gen-erate the largest estimate of the failure rate.

My recommendation for LOPA and chemical pro-cess QRA (CPQRA) studies is as follows.

Figure 1. Behavior of best guess methods for increas-ing trials.

Figure 2. Behavior of confidence limit methods forincreasing trials.

Figure 3. Comparison of recommended methods.


Table3.

Valuesofestim

atormethodsM1to

M12forsample

size

1–100

Number

of

Trials

M1

M2

M3

M4

M5

M6

M7

M8

M9

M10

M11

M12

M13

11.00E100

5.00E-01

3.33E-01

2.50E-01

1.05E-01

2.30E100

3.00E100

6.93E-01

1.00E-01

3.33E-01

7.30E-01

5.00E-01

4.00E-01

25.00E-01

2.50E-01

1.67E-01

1.25E-01

5.25E-02

1.15E100

1.50E100

3.47E-01

5.13E-02

2.50E-01

5.75E-01

2.93E-01

2.00E-01

33.33E-01

1.67E-01

1.11E-01

8.33E-02

3.50E-02

7.68E-01

9.99E-01

2.31E-01

3.45E-02

2.00E-01

4.74E-01

2.06E-01

1.33E-01

42.50E-01

1.25E-01

8.33E-02

6.25E-02

2.63E-02

5.76E-01

7.49E-01

1.73E-01

2.60E-02

1.67E-01

4.03E-01

1.59E-01

1.00E-01

52.00E-01

1.00E-01

6.67E-02

5.00E-02

2.10E-02

4.61E-01

5.99E-01

1.39E-01

2.09E-02

1.43E-01

3.51E-01

1.29E-01

8.00E-02

61.67E-01

8.33E-02

5.56E-02

4.17E-02

1.75E-02

3.84E-01

4.99E-01

1.16E-01

1.74E-02

1.25E-01

3.11E-01

1.09E-01

6.67E-02

71.43E-01

7.14E-02

4.76E-02

3.57E-02

1.50E-02

3.29E-01

4.28E-01

9.90E-02

1.49E-02

1.11E-01

2.79E-01

9.43E-02

5.71E-02

81.25E-01

6.25E-02

4.17E-02

3.13E-02

1.31E-02

2.88E-01

3.74E-01

8.66E-02

1.31E-02

1.00E-01

2.53E-01

8.30E-02

5.00E-02

91.11E-01

5.56E-02

3.70E-02

2.78E-02

1.17E-02

2.56E-01

3.33E-01

7.70E-02

1.16E-02

9.09E-02

2.31E-01

7.41E-02

4.44E-02

10

1.00E-01

5.00E-02

3.33E-02

2.50E-02

1.05E-02

2.30E-01

3.00E-01

6.93E-02

1.05E-02

8.33E-02

2.13E-01

6.70E-02

4.00E-02

11

9.09E-02

4.55E-02

3.03E-02

2.27E-02

9.55E-03

2.09E-01

2.72E-01

6.30E-02

9.53E-03

7.69E-02

1.97E-01

6.11E-02

3.64E-02

12

8.33E-02

4.17E-02

2.78E-02

2.08E-02

8.75E-03

1.92E-01

2.50E-01

5.78E-02

8.74E-03

7.14E-02

1.84E-01

5.61E-02

3.33E-02

13

7.69E-02

3.85E-02

2.56E-02

1.92E-02

8.08E-03

1.77E-01

2.30E-01

5.33E-02

8.07E-03

6.67E-02

1.72E-01

5.19E-02

3.08E-02

14

7.14E-02

3.57E-02

2.38E-02

1.79E-02

7.50E-03

1.65E-01

2.14E-01

4.95E-02

7.50E-03

6.25E-02

1.62E-01

4.83E-02

2.86E-02

15

6.67E-02

3.33E-02

2.22E-02

1.67E-02

7.00E-03

1.54E-01

2.00E-01

4.62E-02

7.00E-03

5.88E-02

1.53E-01

4.52E-02

2.67E-02

16

6.25E-02

3.13E-02

2.08E-02

1.56E-02

6.56E-03

1.44E-01

1.87E-01

4.33E-02

6.56E-03

5.56E-02

1.45E-01

4.24E-02

2.50E-02

17

5.88E-02

2.94E-02

1.96E-02

1.47E-02

6.18E-03

1.35E-01

1.76E-01

4.08E-02

6.18E-03

5.26E-02

1.37E-01

4.00E-02

2.35E-02

18

5.56E-02

2.78E-02

1.85E-02

1.39E-02

5.83E-03

1.28E-01

1.66E-01

3.85E-02

5.84E-03

5.00E-02

1.31E-01

3.78E-02

2.22E-02

19

5.26E-02

2.63E-02

1.75E-02

1.32E-02

5.53E-03

1.21E-01

1.58E-01

3.65E-02

5.53E-03

4.76E-02

1.25E-01

3.58E-02

2.11E-02

20

5.00E-02

2.50E-02

1.67E-02

1.25E-02

5.25E-03

1.15E-01

1.50E-01

3.47E-02

5.25E-03

4.55E-02

1.19E-01

3.41E-02

2.00E-02

25

4.00E-02

2.00E-02

1.33E-02

1.00E-02

4.20E-03

9.21E-02

1.20E-01

2.77E-02

4.21E-03

3.70E-02

9.77E-02

2.73E-02

1.60E-02

30

3.33E-02

1.67E-02

1.11E-02

8.33E-03

3.50E-03

7.68E-02

9.99E-02

2.31E-02

3.51E-03

3.13E-02

8.27E-02

2.28E-02

1.33E-02

35

2.86E-02

1.43E-02

9.52E-03

7.14E-03

3.00E-03

6.58E-02

8.56E-02

1.98E-02

3.01E-03

2.70E-02

7.18E-02

1.96E-02

1.14E-02

40

2.50E-02

1.25E-02

8.33E-03

6.25E-03

2.63E-03

5.76E-02

7.49E-02

1.73E-02

2.63E-03

2.38E-02

6.34E-02

1.72E-02

1.00E-02

45

2.22E-02

1.11E-02

7.41E-03

5.56E-03

2.33E-03

5.12E-02

6.66E-02

1.54E-02

2.34E-03

2.13E-02

5.67E-02

1.53E-02

8.89E-03

50

2.00E-02

1.00E-02

6.67E-03

5.00E-03

2.10E-03

4.61E-02

5.99E-02

1.39E-02

2.10E-03

1.92E-02

5.13E-02

1.38E-02

8.00E-03

55

1.82E-02

9.09E-03

6.06E-03

4.55E-03

1.91E-03

4.19E-02

5.45E-02

1.26E-02

1.91E-03

1.75E-02

4.69E-02

1.25E-02

7.27E-03

60

1.67E-02

8.33E-03

5.56E-03

4.17E-03

1.75E-03

3.84E-02

4.99E-02

1.16E-02

1.75E-03

1.61E-02

4.31E-02

1.15E-02

6.67E-03

65

1.54E-02

7.69E-03

5.13E-03

3.85E-03

1.62E-03

3.54E-02

4.61E-02

1.07E-02

1.62E-03

1.49E-02

4.00E-02

1.06E-02

6.15E-03

70

1.43E-02

7.14E-03

4.76E-03

3.57E-03

1.50E-03

3.29E-02

4.28E-02

9.90E-03

1.50E-03

1.39E-02

3.72E-02

9.85E-03

5.71E-03

75

1.33E-02

6.67E-03

4.44E-03

3.33E-03

1.40E-03

3.07E-02

3.99E-02

9.24E-03

1.40E-03

1.30E-02

3.48E-02

9.20E-03

5.33E-03

80

1.25E-02

6.25E-03

4.17E-03

3.13E-03

1.31E-03

2.88E-02

3.74E-02

8.66E-03

1.32E-03

1.22E-02

3.27E-02

8.63E-03

5.00E-03

85

1.18E-02

5.88E-03

3.92E-03

2.94E-03

1.24E-03

2.71E-02

3.52E-02

8.15E-03

1.24E-03

1.15E-02

3.08E-02

8.12E-03

4.71E-03

90

1.11E-02

5.56E-03

3.70E-03

2.78E-03

1.17E-03

2.56E-02

3.33E-02

7.70E-03

1.17E-03

1.09E-02

2.92E-02

7.67E-03

4.44E-03

95

1.05E-02

5.26E-03

3.51E-03

2.63E-03

1.11E-03

2.42E-02

3.15E-02

7.30E-03

1.11E-03

1.03E-02

2.77E-02

7.27E-03

4.21E-03

100

1.00E-02

5.00E-03

3.33E-03

2.50E-03

1.05E-03

2.30E-02

3.00E-02

6.93E-03

1.05E-03

9.80E-03

2.63E-02

6.91E-03

4.00E-03


A minimum of 10 years of data where the event ofconcern has not happened should be availablebefore any of the methods described in this articleare used. The behavior of estimators when n issmall and with no failures is currently an active sub-ject of mathematical research. This is not a regionwhere these estimation tools should be applied. Forcases where there are fewer than 10 years of data,use the generic Initiating Event (IE) or IndependentProtection Layer (IPL) datasheets in the LOPA book[1,17] or assume that the event is certain with aprobability of 10.

If the event of concern is physically possible andmore than 10 years of verifiable history are avail-able, use the estimator M1 (1/n) for basic LOPA orfor an initial CPQRA study. If the analysis yields ananswer that is reasonable, then further analysis isnot required.

If the analysis using the simple estimator M1 yieldsanswers that are intolerable, refine the analysis byusing either estimators M3, M8, or M12 to representthe failure rate of a device with no history of fail-ures. They will differ by only a factor of 2. EstimatorM3 (rule of 1/3n) is easier to remember and to cal-culate than estimator M8 (mid-range v2) or M12 (ex-plosive initiation test method).

EXAMPLES

Case 1During a LOPA review, a team member indicates

that no occurrences of an event have occurred in the3 years that they have been assigned to a processunit. What is the value of the frequency of the eventto be used in the LOPA event? As the number ofyears of history is less than the recommended 10years, ignore the history and use the event frequencyfrom the CCPS LOPA book.


that an occurrence of an event has occurred once inthe 10 years that they have been assigned to a pro-cess unit. What is the value of the frequency of theevent to be used in the LOPA event? The methodspresented in this article only apply to conditionswhere no occurrence of the event has been observedin the history. The analyst should start with event fre-quency from the LOPA book. However, an event fre-quency of less than 1/10 events per year should notbe used. Use an event frequency which is the maxi-mum of either the value from the LOPA book or 1/10years.


that no occurrence of an event has occurred in the 10years that they have been assigned to a process unit.What is the value of the frequency of the event to be

used in the LOPA event? The analyst should questionthe team member thoroughly on the event. Are thereconfirming written records? Does another team mem-ber confirm the first team member’s memory? If theresult of the discussion is that the event has notoccurred in 10 years and is physically possible, theLOPA analyst should then start with an event fre-quency of 1/10 events per year. If the analysis is beingdone to greater than an order of magnitude signifi-cance, a value of 1/(3 3 10) or 1/30 events per yearmay be used to estimate the frequency of the event.


that no occurrence of an event has occurred in the 30years that they have been assigned to a process unit.What is the value of the frequency of the event to beused in the LOPA event? The analyst should questionthe team member thoroughly on the event. Are thereconfirming written records? Does another team mem-ber confirm the first team member’s memory? If theresult of the discussion is that the event has notoccurred in 30 years and is physically possible, theLOPA analyst should then start with an event fre-quency of 1/30 events per year. If the analysis isbeing done to one order of magnitude significance,use an event frequency of 1/10 events per yearinstead of the 1/30 events per year obtained by appli-cation of the methods in this article. If the analysis isbeing done to greater than one order of magnitudesignificance, a value of 1/(3 3 30) or 1/90 or 1/100events per year may be used to estimate the fre-quency of the event.


that a pressure relief valve (PRV) on a pressure ves-sel has never opened due to overpressure from apump. The team member has been in the processunit for 20 years. What is the value of the frequencyof the event of ‘‘PRV opens due to dead head pumppressure’’ to be used in the LOPA event? The LOPAanalyst determines from the other team membersthat the maximum dead-head pump pressure is 100psig and the PRV set pressure is 150 psig. The pres-sure vessel has a design pressure (maximum allow-able working pressure, MAWP) of 150 psig. As thedead-head pressure of the pump (100 psig) is lessthan the MAWP of the pressure vessel (150 psig) andis less than the set pressure of the PRV (100 psig),the event of concern ‘‘PRV opens due to dead headpump pressure’’ cannot happen and is physicallyimpossible. This event should be deleted from theLOPA analysis.

CONCLUSIONSThirteen different methods for estimating the fre-

quency of an event where the historical evidenceindicates no occurrences of the event were com-pared in this article. The widely used estimatorknown as the rule of 1/3N was found to provide rea-sonable results when the LOPA or risk analyst is


attempting to find an estimate of the actualfrequency (best guess) of a rare event. A methodol-ogy was proposed and examples given as to theapplication of the methodology to cases oftenencountered in a LOPA study.

ACKNOWLEDGMENTSThis paper is an expanded version of a paper

entitled ‘‘LOPA Case Study—What to Do With RareEvents’’ presented at the Mary Kay O’Connor 2010Process Safety Symposium, October 26, 2010, CollegeStation, TX. The author wishes to thank those indi-viduals who gave comments and suggestions forimproving this article. Special thanks are offered toRobert Johnson and Kathy Kas for their detailedcomments and suggestions that greatly improved thisarticle.

LITERATURE CITED1. CCPS, Layer of Protection Analysis, AIChE, New

York, NY, 2001.2. Belz, Statistical Methods in the Process Industries,

Wiley, New York, 1973, pp. 116–117.3. E. Welker and M. Lipow, Estimating the exponen-

tial failure rate from data with no failures, Pro-ceedings of the 1974 Annual Reliability and Main-tainability Symposium, Los Angeles, CA, Instituteof Electrical and Electronics Engineers, New York,NY, 1974, pp. 420–427; IEEE Catalog Number74CHO820–1RQC, Vol. 7, Number 2.

4. Y.-H. Tang and X.-W. Tang, A concise proof ofthe relation between Poisson process and expo-nential distribution, J Syst Sci Syst Eng 8 (1999),423–426.

5. J. Henley and H. Kumamoto, Reliability Engineer-ing and Risk Assessment, Prentice Hall, New York(1981), p. 239.

6. D. Kececioglue, Reliability and Life Testing Hand-book, Vol. 1, DEStech Publications, Lancaster, PA(2002), pp. 133–134.

7. D. Kececioglue, Reliability and Life Testing Hand-book, Vol. 1, DEStech Publications, Lancaster, PA(2002), pp. 245–254.

8. B. Epstein and M. Sobel, Life testing, J Am StatAssoc 48 (1953), pp. 480–502.

9. A.E. Green and A.J. Bourne, Reliability Technol-ogy, Wiley Interscience, New York (1972), pp.344–346.

10. P.A. Tobias and D.C. Trindade, Applied Reliabil-ity, 2nd ed., Van Nostrand Reinhold, New York,NY (1995), pp. 70–71.

11. L.C. Caldwell, Failure rate data analysis for hightechnology components, Eighth InternationalTopical Meeting on Nuclear Applications and Uti-lization of Accelerators, Idaho National LaboratoryPreprint INL/CON-07–12265, July 2007.

12. Meyer, Introductory Probability and StatisticalApplications, Addison-Wesley Publishing, NewYork (1972), p 190.

13. R. Bailey, Estimation from zero failure data, RiskAnalysis 17 (1997), 375–380.

14. J. Quigley and M. Revie, Estimating the probabil-ity of rare events: addressing zero failure data,Risk Analysis (in press); DOI: 10.1111/j.1539–6924.2010.01568.x.

15. CCPS, Guidelines for Evaluating Process PlantBuildings for External Explosion and Fires,AIChE,New York, NY (1996), p. 67.

16. US DOE, Analysis of available hydrogen data andaccumulation of hydrogen in unvented TRUdrums, Report Number HNF-EDC-04–21632, June24, 2004.

17. CCPS, Guidelines for Independent ProtectionLayers and Initiating Events, AIChE, New York,NY (2011).


Documents

What to do when nothing has happened?