ERT 312SAFETY & LOSS PREVENTION IN

BIOPROCESS

RISK ASSESSMENT

Prepared by:Miss Hairul Nazirah Abdul Halim

Introduction

• Risk assessment includes:

1. Incident Identification

2. Consequence Analysis

1. Incident Identification

- describe how an accident occurs

- HAZOP

2. Consequence Analysis

- describes the expected damage

- Dow F&EI is a form of consequence analysis

Objectives

• To define the probability theory

• To discuss, analyze and evaluate

- Event Tree,

- Fault Tree

- LOPA

Probability Theory

• Reliability, R – the probability that the component will not fail:

• µ is a constant failure rate (refer to Table 11-1 for selected component)

• Unreliability, P – failure probability:

• Mean time between failure (MTBF):

• Interaction between process unit:

a) Parallel

- logical AND function

- Overall failure probability, P = multiply the P for the individual components

- Overall reliability, R = 1 – P

b) Series

- logical OR function

- Overall Reliability, R = multiply the R for the individual components

- Overall failure probability, P = 1 – R

Summary of Computation for Series

Summary of Computation for Parallel

Tutorial

Example 11-1

The water flow to a chemical reactor cooling coil is controlled by the system shown in Figure 11-4. The flow is measured by a differential pressure (DP) device, the controller decides on an appropriate control strategy, and the control valve manipulates the flow of coolant. Determine the overall failure rate, the unreliability, the reliability, and the MTBF for this system. Assume a 1-yr period of operation.

• The process component are related in series.

• If any one of the components fail, the entire system fails.

• Failure rates are from Table 11-1.

• Reliability – Eq. 11-1

• Failure probability – Eq. 11-2

• Overall reliability, R (Eq. 11-8)

• Failure probability, P

• Overall failure rate, µ

• MTBF

Example 11-2A diagram of the safety systems in a certain chemical reactor is shown in Figure 11-5. This reactor contains a high-pressure alarm to alert the operator in the event of dangerous reactor pressures. It consists of a pressure switch within the reactor connected to an alarm light indicator. For additional safety an automatic high-pressure reactor shutdown system is installed. This system is activated at a pressure somewhat higher than the alarm system and consists of a pressure switch connected to a solenoid valve in the reactor feed line. The automatic system stops the flow of reactant in the event of dangerous pressures. Assume a 1-yr period of operation. Compute:a) the overall failure rate, b) the failure probability, c) the reliability, d) and the MTBF for a high-pressure condition.

Solution

• A dangerous high-pressure reactor situation occurs only when both the alarm system and the shutdown system fail.

• These two components are in parallel.

• For the alarm system the components are in series:

• For the shutdown system the components are also in series:

• The two systems are combined using Equation 11-6:

• For the alarm system alone a failure is expected once every 5.5 yr. Similarly, for a reactor with a high- pressure shutdown system alone, a failure is expected once every 1.80 yr. However, with both systems in parallel the MTBF is significantly improved and a combined failure is expected every 13.7 yr.

Event Tree

• Begin with initiating event and work toward a final result

• Various of safety systems is designed to prevent the accident from propagating

• Consider the chemical reactor system shown in Figure 11-8.

• This system is identical to the system shown in Figure 10-6, except that a high-temperature alarm has been installed to warn the operator of a high temperature within the reactor.

• The event tree for a loss-of-coolant initiating event is shown in Figure 11-9.

• Four safety functions are identified. These are written across the top of the sheet. 1) The first safety function is the high-temperature alarm. 2) The second safety function is the operator noticing the high reactor temperature during normal inspection. 3) The third safety function is the operator reestablishing the

coolant flow by correcting the problem in time. 4) The final safety function is invoked by the operator performing an emergency shutdown of the reactor.

• Let us also assume that:• The hardware safety function fail 1% of the time they are placed

in demand. This is a failure rate of 0.01 failure/demand. • Assume that the operator will notice the high reactor temperature

3 out of 4 times and that 3 out of 4 times the operator will be successful at reestablishing the coolant flow.

• Both of these cases represent a failure rate of 1 time out of 4, or 0.25 failure/demand.

• Finally, it is estimated that the operator successfully shuts down the system 9 out of 10 times. This is a failure rate of 0.10 failure/demand.

Fault Tree

• Method for identifying ways in which hazards can lead to accidents.

• Identified top event and works backward toward the various scenarios that can cause the accident.

Example 11-5Consider again the alarm indicator and emergency shutdown system of Example 11-2. Draw a fault tree for this system.

Solution• The top event is written at the top of the fault tree and is

indicated as the top event (see Figure 11-14). • Two events must occur for overpressuring: failure of the alarm

indicator and failure of the emergency shutdown system. • These events must occur together so they must be connected by

an AND function. • The alarm indicator can fail by a failure of either pressure

switch 1 or the alarm indicator light. These must be connected by OR functions.

• The emergency shutdown system can fail by a failure of either pressure switch 2 or the solenoid valve. These must also be connected by an OR function.

Layer of Protection Analysis (LOPA)• LOPA is a semi-quantitative tool for analyzing and assessing risk.

• To characterize the consequences and estimate the frequencies.

• In order to lower the frequency of the undesired consequences, various layers of protection are added to a process.

• Figure 11-16 shows the concept of layers of protection.

• The primary purpose of LOPA is to determine whether there are sufficient layers of protection against a specific accident scenario.

• By plotting the consequence versus frequency, we can evaluate the risk for acceptability.

• If the risk is unacceptable, additional layers of protection are required.

Figure 11-15 General description of risk.