presentation of iso/tr 12489 · risk identification risk analysis modelling & calculations...

1

PETROBRAS Rio, November 2014

TC67

WG4

ISO/TR 12489: Reliability modelling & calculation of safety systems.Presentation and applications

Jean-Pierre SIGNORETISO/TR 12489 project leader

Reliability expert, TOTAL




TC67

WG4

Presentation of ISO/TR 12489

TR prepared by ISO TC67 WG4/Project Group 3PG3 leader : Jean Pierre Signoret (Total)WG4 Convenor: Runar Østebø (Statoil)

TR prepared by ISO TC67 WG4/Project Group 3PG3 leader : Jean Pierre Signoret (Total)WG4 Convenor: Runar Østebø (Statoil)

2

3- PETROBRAS Rio, November 2014TC67/ WG4

Background

Numerous safetysystems (SS) in

industrialinstallations

Numerous safetysystems (SS) in

industrialinstallations

Needs for accurate

reliability models & probabilistic

calculations

Needs for accurate

reliability models & probabilistic

calculations

More than 50 years of research & development

More than 50 years of research & development

ISO TC 67/WG4Reliability

Engineering and

Technology

ISO TC 67/WG4Reliability

Engineering and

Technology

IEC TC 65Functional Safety

standards

IEC TC 65Functional Safety

standards

Extensive expertiseexists in the field ofreliability modelling

& probabilisticcalculations

Extensive expertiseexists in the field ofreliability modelling

& probabilisticcalculations

Need to share expertise to fill the gaps and fulfill the

needs

Need to share expertise to fill the gaps and fulfill the

needsNo standardsfocused on

safety system

No standardsfocused on

safety system

Over simplifiedapproaches (*)

Over simplifiedapproaches (*)

Plenty ofavailable accurate

approaches

Plenty ofavailable accurate

approaches

(*) this has been improved in new editions (*) this has been improved in new editions

ISO/TR12489

ISO/TR12489

With regard tosafety

With regard tosafety

With regard toproduction

With regard toproduction

Launched in2008

Launched in2008

Developedfrom scratchDeveloped

from scratchDeveloped in parallelof the maintenance

of IEC 61508and IEC 61511

Developed in parallelof the maintenance

of IEC 61508and IEC 61511

FRFRNONO

UKUK

BRBR

BEBE

NINICHNCHN

USUS

NENE

Proposed andachieved by ISOTC67/WG4/PG3

Proposed andachieved by ISOTC67/WG4/PG3

ITIT

SPSP

Published inNov. 2013

Published inNov. 2013

Keptin line withIEC 61508-6

annex B

Keptin line withIEC 61508-6

annex B


ISO/TR 12489 outline

Reliability modelling & calculation of safety systems

This document dealswith reliability modelling

& calculations

This document dealswith reliability modelling

& calculations

This document dealswith safety systems

This document dealswith safety systems

Simplified &non-simplified

approaches

Simplified &non-simplified

approaches

SafetyInstrumented

Systems(SIS)

SafetyInstrumented

Systems(SIS)

This is aTechnical Report

This is aTechnical Report

Onlyinformative

matters

Onlyinformative

matters

Atechnical reportis obviously"technical"!

Atechnical reportis obviously"technical"!

OrdinarySafety

Systems

OrdinarySafety

Systems

Spurious actionsSpurious actions

Implementation of systemic approaches

Implementation of systemic approaches

Impact onDependability

Impact onDependability

Aims toprovide guidelines

Aims toprovide guidelines

Mathematical development of

formulae

Mathematical development of

formulae

Not explainedelsewhere

Not explainedelsewhere

Not developedelsewhere

Not developedelsewhere

Failure of safety actions

Failure of safety actions

Impact onsafety

Impact onsafety

Production availability

(ISO 20815)

Production availability

(ISO 20815) Simple& complexsystems

Simple& complexsystems

Reliabilitydata collection

(ISO 14224)

Reliabilitydata collection

(ISO 14224)

3


Overall framework of ISO/TR 12489

Risk management

Risk assessment

With regards to:safety,environment,production,operations,etc.

With regards to:safety,environment,production,operations,etc.

Risk identificationRisk identification

Risk analysis

Modelling& calculations

Modelling& calculations

ISO/TR12489

ISO/TR12489

Reliability analysis

Risk evaluationRisk evaluation

ISO 31000ISO 31000


GeneralmattersGeneralmatters

General &methodological

matters

General &methodological

matters

Target users of ISO/TR 12489

ManagementManagement Technical staff

Technical staff

OperatorsOperators

ManufacturersManufacturers

ConsultantsConsultants

Reliability engineersReliability engineers

Various stakeholders

Various stakeholders

Certification bodies

Certification bodies

Safety authoritiesSafety authorities UniversitiesUniversities

Teachers & students

Teachers & students

Coreof the

document

Coreof the

documentAnnexesAnnexes

4


Some examples of safety systems covered by ISO/TR 12489 (instrumented or not)

Emergency / Processshutdown

Emergency / Processshutdown

Overpressureprotection systems

Overpressureprotection systems

Fire & gassystems

Fire & gassystems

Process controlsystems

Process controlsystems

Public alarmsystems

Public alarmsystems

Emergencypreparedness systems

Emergencypreparedness systems

Marineequipment

Marineequipment

Electrical & telecom.systems

Electrical & telecom.systems

Other utilitiesOther utilities

Drilling & wellsDrilling & wells

SubseaSubsea

ESDESDPSDPSD EDPEDP

HIPSHIPS HIPPSHIPPS Pressurerelief

Pressurerelief

Gasdetection

Gasdetection

Fire fightingsystem

Fire fightingsystem

Fire watersystem

Fire watersystem

Control &monitoringControl &

monitoringChemicalinjection

Chemicalinjection

Emergencycommunication

Emergencycommunication

Evacuationsystem

Evacuationsystem

Discon-nectionsystem

Discon-nectionsystem

StationkeepingStationkeeping Ballast

waterBallastwater

UPSUPS Telecom.Telecom.

FlaresystemFlare

systemHVACHVAC

MaterialhandlingMaterialhandling

Wellintegrity

Wellintegrity

Wellcompletion

Wellcompletion

ESDESDPSDPSD

HIPPSHIPPS

IsolationIsolation DivingDiving

Etc.Etc.

31 systemsidentified inthe TR

31 systemsidentified inthe TR


Part 7Part 7

ISO/TR 12489 versus IEC 61508/511 and IEC TC56

ISO/TR12489

ISO/TR12489

IEC61508IEC

61508

IEC61511IEC

61511

IEC TC65Process Sector - Safety Instrumented Systems

IEC TC65Process Sector - Safety Instrumented Systems ISO TC 67/WG4

Reliability Engineeringand Technology

ISO TC 67/WG4Reliability Engineering

and Technology

Part 1Part 1Part 2Part 2

Part 3Part 3

Part 4Part 4

Part 5Part 5

Part 6Part 6

Part 1Part 1

Part 2Part 2

Part 3Part 3

Part 6annex B

Probabilisticcalculations

Part 6annex B


Part 3annex J


Part 3annex J


Approximatedformulae

Approximatedformulae

"Alternative"approaches

"Alternative"approaches

Multiplesafety systems

Multiplesafety systems

Bring the methodology to the state of the art

Bring the methodology to the state of the art

Detailed explanations of proposed solutions to reliability engineers

Detailed explanations of proposed solutions to reliability engineers

Identification and explanations of weaknesses

Identification and explanations of weaknesses

Consolidation of simplified approaches

Consolidation of simplified approaches

Demystification of systemic approaches & provision of

extensive solutions

Demystification of systemic approaches & provision of

extensive solutions

In line withIEC 61508 &IEC 61511

In line withIEC 61508 &IEC 61511Extension

to spuriousfailures

Extensionto spurious

failures

Any kindof safetysystems

Any kindof safetysystems

Self containeddocument

Self containeddocument

Extension tocomplex systems

Extension tocomplex systems

IEC TC56Dependability

IEC TC56DependabilityMethodsMethods

Link with

ISO 20815

Link with

ISO 20815

5


Distribution of the topics within the 260 pages of ISO/TR 12489


ApproachesApproachesMiscellaneousMiscellaneous

Typicalapplications

Typicalapplications

FormulaFormula

BooleanBooleanMarkovMarkov

Petri netsPetri nets

DefinitionsDefinitions

GeneralanalyticsGeneralanalytics

Human factor

Human factor

CCFCCF

Monte CarloMonte Carlo

UncertaintyUncertainty

SafetysystemsSafety

systems

Reliability dataReliability data

41%

32%

21%

6%

5%

28%

7%

8%

34%3%

14%5%

30%

26%

29%

26%

OverallcontentOverallcontent

ApproachesApproaches


More than 30safety systemsare identified

More than 30safety systemsare identified


TC67

WG4

Introduction to functional safety concepts

6


3rdProtection

layer

3rdProtection

layer

RRF = 10 to 100RRF = 10 to 100

ALARP : Minimumneeded reductionALARP : Minimumneeded reduction

SIL Principle: identification of Risk Reduction needed

44

33

22

11

Dangerous event

frequencies

Dangerous event

frequencies

Processrisk

ProcessriskTolerable

riskTolerable

risk

1stProtection

layer

1stProtection

layer2ndProtection

layer

2ndProtection

layer

Risk Reductionwith conventional means

Risk Reductionwith conventional means

Dangerous events

consequences

Dangerous events

consequences

Risk without SISRisk without SIS

R2R2 R1R1

RRF = 100 to 1000RRF = 100 to 1000

RRF = 1000 to 10 000RRF = 1000 to 10 000

RRF > 10 000RRF > 10 000

RiskReductionFactor: R1/R2

RiskReductionFactor: R1/R2

SafetyIntegrityLevel: SIL

SafetyIntegrityLevel: SIL

HIPSHIPS

Con

sequ

ence

Frequency

Maxreduction

allowable ifnon SIF

=> 10

Maxreduction

allowable ifnon SIF

=> 10

4 sets ofrequirements

4 sets ofrequirements


From conventional Safety system to Safety Instrumented System

PT3

PT2

PT1

L1 L2

Over-

PressureOver-

Pressure

IEC 61508IEC 61511IEC 61508IEC 61511API 14CAPI 14C

Relief ValveRelief Valve

SafetyInstrumented

System

SafetyInstrumented

System

CostCost

SizeSize

HighIntegrity

(Pressure)ProtectionSystem

HighIntegrity

(Pressure)ProtectionSystem

Conventionalsafety

system

Reliability?Reliability?

7


Low demandmode of operation

Low demandmode of operation

PFDavgPFDavg

Types of Safety Instrumented Systems (SIS)

Demand frequency1 Year1 Year

Average of theProbability ofFailure onDemand


High demand or continuous mode of operation

High demand or continuous mode of operation

Continuousmode of operation

Continuousmode of operation

High demandmode of operation

High demandmode of operation

PFHPFH

Probability ofFailure perHour

Probability ofFailure perHour

Functionalsafety

standards

Functionalsafety

standards

Averageunavailability

U(T)


U(T)

Reliabilityengineering


Averagefailure frequency

w(T)

Averagefailure frequency

w(T)


SIL

PFH

(SIL0)SIL1SIL4 SIL3 SIL2

SIL- summary & difficulties

Applies toSafetyInstrumentedFunction

Applies toSafetyInstrumentedFunction

Deterministicconstraints

10-4/h10-8/h 10-7/h 10-6/h 10-5/h

10-010-4 10-3 10-110-2

PFD

SFF

HFT

SFF

HFT

Relevancefor safety?Relevance

for safety?

SimplifiedcalculationsSimplifiedcalculations

Definitions Definitions

RRFRRF

links withPFD/PFHlinks withPFD/PFH

Splittinglow / highdemandmodes

Splittinglow / highdemandmodes

SafeFailureFraction

SafeFailureFraction

HarwareFaultTolerance

HarwareFaultTolerance

Spuriousfailures

Spuriousfailures

Proposed clarifications, explanations & improvements in ISO/TR 12489

Proposed clarifications, explanations & improvements in ISO/TR 12489

Organizationof the worksthrough the

life cycle

Organizationof the worksthrough the

life cycle FormalProcess

8


TC67

WG4

Introduction to the methods developed into ISO/TR 12489 for

PFDavg calculations

Lowdemand

mode safetysystems

Lowdemand

mode safetysystems



Functionalsafety

standards

Functionalsafety

standards




U(T)


U(T)


Formulae

Taylor'sexpansionTaylor's

expansion

FTRBD

State Transition models(finite state automata)

Probabilistic models overviewProbabilistic models overview

Analyticalmethods

Analyticalmethods

Monte Carlosimulation


Generictools

Generictools

SpecificformulaeSpecificformulae

Behavioralmodels

Behavioralmodels

PetrinetsPetrinets

FormallanguagesFormal

languages

50 years of

experience

50 years of

experience

Markovianapproach

Markovianapproach

BooleanapproachBooleanapproach

State ofthe art

State ofthe art

Developedwhen

computersdidn't exist

Developedwhen

computersdidn't exist

Computeroriented

Computeroriented

FT / RBDdriven Markov

processes

FT / RBDdriven Markov

processes

RBDdriven

Petri Nets

RBDdriven

Petri Nets

9


TC67

WG4

Simplified analytical approach


2 parameters:λλλλ : Failure rateττττ : test interval


OKOK KOKO

τ / 2τ / 2τ / 2τ / 2

ττττ

ButBut

2

τλτδ .≈unv

Proba. ofhiddenfailures


Averagehidden failure

duration


duration

2

λττ

δ=≈ unv

avgPFD

Simplest approximation of the PFDavg

00

=→

avgLim PFD τ

22

11 2

0

λτλττ

δλδτ

ττ

==≈= ∫ dUavg .)(PFD

τ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λ

Unavailabilityduration


AA

The mostfamous formula

in functionalsafety

The mostfamous formula

in functionalsafety

Notrealistic!

Notrealistic!

λδλδδ ≈−−= )exp()( 1U

10


3 parameters:λλλλ : Failure rateττττ : test intervalµµµµ : repair rate


KOKO

ττττ

ButBut2

τλτδ .≈unv

µλλτ

τδ

+=≈2

unvavgPFD

Approximation of the PFDavgfrom IEC 61508

µλτ 1

.+




AA

1/µµµµ

Averagerepair

duration

Averagerepair

duration



1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ

IEC 61508formula

IEC 61508formula

Influentparametersare missing

Influentparametersare missing

OKOK

Uof revealed

failures

Uof revealed

failures

τµ

τ ≈− 1


Parameters:λλλλ : failure rateττττ : test intervalµµµµ : repair rateγ γ γ γ : prob. failure

due to a demandππππ : test durationψ ψ ψ ψ : reconfiguration error


due to a demandππππ : test durationψ ψ ψ ψ : reconfiguration error

ττττ

τψπµ

γµ

λττλτδ ... ++++≈ 11

2unv

ψτπ

τµγ

µλλτ

τδ

++++=≈.

PFD2

unvavg

Approximation of the PFDavg with more parameters (ISO/TR 12489) τ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λτ << 1/λ



AA

1/µµµµ

1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τOKOK

ττττ

ππππKOKO

π << τπ << τπ << τπ << τπ << τπ << τπ << τπ << τ

ττττ

ππππ

etc.etc.

Taylorexpansion formore complex

cases

Taylorexpansion formore complex

cases

γγγγ

ψψψψ

OKOK KOKO

KOKOτπτ ≈−

11


Test interval ττττTest interval ττττ

Average unavailability U ≡≡≡≡ PFDavgAverage unavailability U ≡≡≡≡ PFDavg

1

0

Limit average unavailability versus test interval

ττττ1ττττ1 ττττ2

ττττ2

OptimumOptimumττττo ≈≈≈≈ 2222γγγγ/(/(/(/(λµλµλµλµ))))

γγγγ increases

γγγγ increaseslog-loggraphiclog-loggraphic

Flat in thevicinity of

the minimum

Flat in thevicinity of

the minimum

Not enoughtests

Not enoughtests

Too muchtests

Too muchtests

Two testintervals

for the sameU

Two testintervals

for the sameU

Parameters:λλλλ : failure rateττττ : test intervalµµµµ : repair rateγ γ γ γ : prob. failure due to a demand

Parameters:λλλλ : failure rateττττ : test intervalµµµµ : repair rateγ γ γ γ : prob. failure due to a demand

AA

Need fordata collectionto estimate γγγγ

Need fordata collectionto estimate γγγγ




Simplest approximation of the PFDavg for redundant systems

22

11 2

0

λτλττ

δδλτ

ττ

==≈= ∫ dUavg ..)(PFD A


AA

OKOK KOKO

τ / 2τ / 2τ / 2τ / 2

ττττ

OKOK KOKO

τ / 3τ / 3τ / 3τ / 3

ττττAA

BB

44

11 343

0

3 )().()(PFD ABC

λττλτ

δδλτ

ττ

==≈= ∫ dUavg

OKOK KOKO

τ / 4τ / 4τ / 4τ / 4

ττττ

AA

BB

CC

Even for simplest systems, each case implies specific

Taylor expansion development

Even for simplest systems, each case implies specific

Taylor expansion development


duration


duration

Taylor expansionλδλδλδλδ <<1

Taylor expansionλδλδλδλδ <<1

)().().()(),().()( CBAABCBAAB τττττττ UUUUUUU ≠≠

Notpossible to

combineformulae!

Notpossible to

combineformulae!

Catalog ofad hoc formulae

Catalog ofad hoc formulae

33

11 232

0

2 )().()(PFD AB

λττλτ

δδλτ

ττ

==≈= ∫ dUavg

Effect of systemicdependencies

Effect of systemicdependencies

Not in linewith reliability

analysisphilosophy

Not in linewith reliability

analysisphilosophy

12


TC67

WG4

Multi-phase Markovian approach


Multi phase Markov model

)(*])[*()( 0ii MEXP PrPrPrPr

PrPrPrPr

δδ =

∫=τ

δδτ0

d).()( ii PrPrPrPr

AST

AST

AST

AST

τττ /)(1)( Aavg AST

AST

AST

AST

−== UPFDλλλλ

µµµµA

DU

R

A

DU

R

A

DU

R

1

1

1

Linkingmatrix

[C]

Linkingmatrix

[C]

ττττ δδδδ



AA

AvailableAvailable

Dangerousundetected

failure

Dangerousundetected

failure

RepairRepair

Markovmatrix[M]

Markovmatrix[M]

Behaviorduring test

intervals

Behaviorduring test

intervals

Effect ofthe test

Effect ofthe test

λλλλ

µµµµA

DU

R

A

DU

R

A

DU

R

11

1

AccumulatedSojournTimes

AccumulatedSojournTimes

TestTest

)(].[)( τ10 −= ii PrPrPrPr

CCCCPrPrPrPr

)()()( A δδδ PrPFD −== 1U

Repairstarts as soonas the fault is

detected

Repairstarts as soonas the fault is

detected

13


Typical saw-tooth curves for a singleperiodically tested component

Classical saw-tooth curve

Classical saw-tooth curve

λ λ λ λ ��λ λ λ λ ��

1/µ 1/µ 1/µ 1/µ ��1/µ 1/µ 1/µ 1/µ ��

1/µ 1/µ 1/µ 1/µ ��1/µ 1/µ 1/µ 1/µ ��

τ τ τ τ ��τ τ τ τ ��

ττττ ��0Idem revealed

faults

ττττ ��0Idem revealed

faults

AA


1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ1/µ << τ

U(t)

U(T)

T

U(t)

U(T)

T

U(t)

U(T)

T

Ut)

U(T)

T

U(T)

U(t)

T


due to a demandππππ : test duration


due to a demandππππ : test duration


U(t)

T

U(T)

γγγγ

1 - γγγγ

Modeling the probability of failure due to the demand itself and the test duration

γγγγA

R

DU

A

R

DU

Test

1U(t)

ππππ

Failure dueto tests ( γγγγ)

Failure dueto tests ( γγγγ)

Testduration

Testduration

T

14


TC67

WG4

Fault tree approach


Indisponibilitédes feuilles

Indisponibilitédes feuilles

Fault tree driven Markov processes: principle for unavailability calculation.

Top

E1

E2 E3

t

U1(t)

t

U2(t)

t

U3(t)

t

US(t)

ti

ti

titi

Calculate N results distributedover the time interval [0, T]

Calculate N results distributedover the time interval [0, T]

Calculate the systemunavailability at ti (Top)Calculate the system

unavailability at ti (Top)

Select an instant tiSelect an instant ti

Calculate each leaf unavailability of at ti

Calculate each leaf unavailability of at ti

Systemunavailability


US(t)US(t)FT driven Markov

processesFT driven Markov

processes

Establish Uk(t) foreach leaf.

Establish Uk(t) foreach leaf.

Independentcomponents Independentcomponents

Markovprocesses

Markovprocesses

Leavesunavailabilities

Leavesunavailabilities

15


1 2

TOP

1 2

TOP

λλλλ : 1e-4ττττ : 1000 λλλλ : 1e-4ττττ : 1000 Max : 1.81 10 -1

Mean : 9.37 10 -2Max : 1.81 10 -1

Mean : 9.37 10-2Max : 1.39 10 -1

Mean : 9.01 10 -2Max : 1.39 10 -1

Mean : 9.01 10-2

1 2

1 2

Hips Unavailability

0 1000 2000 3000 4000

1e-1

0 1000 2000 3000 4000

5e-2

0 1000 2000 3000 4000

5e-2

Hips Unavailability

0 1000 2000 3000 4000

1e-1

0 1000 2000 3000 4000

5e-2

0 1000 2000 3000 4000

5e-2

Staggering

5e-2(λτλτλτλτ/2)5e-2(λτλτλτλτ/2)

9.75 10-29.75 10-2


• No Max value• Staggering not

possible

• No Max value• Staggering not

possible

• Conservative• Conservative

UsualCalculations

UsualCalculations

CorrectCalculations

CorrectCalculations

PFDi(t)PFDi(t)PFDavgPFDavg

Becautious

Becautious

Independentcomponents

PFD(t)PFD(t)??!??!

OR gate

PFDavgPFDavg

1 2

TOP


2

1

UsualCalculations

UsualCalculations


2.25 10-32.25 10-3


1 2

TOP

Non conservativeNon conservative

λλλλ : 1e-4ττττ : 1000 λλλλ : 1e-4ττττ : 1000

11 22

No max valueNo max valueCorrect

CalculationsCorrect

Calculations

Max : 9.05 10 -3

Mean : 3.13 10 -3

Max : 9.05 10 -3

Mean : 3.13 10 -3Max : 4.6 10 -3

Mean : 1.92 10 -3

Max : 4.6 10 -3

Mean : 1.92 10 -3

1 2

TOP

1 2

TOP

0 1000 2000 3000 4000

5e-2

0 1000 2000 3000 4000

5e-2

0 1000 2000 3000 4000

5e-2

0 1000 2000 3000 4000

5e-2

Unavailability

0 1000 2000 3000 4000

5e-3

Unavailability

0 1000 2000 3000 4000

2e-34e-35e-3

Staggering

Staggering not possible

Staggering not possible

PFD(t)PFD(t)PFDavgPFDavg

Be verycautiousBe verycautious

PFD(t)PFD(t)

PFDavgPFDavg

Independentcomponents

AND gate

16


Parameters of a periodically tested component (dangerous undetected failures)

DU Failurerate

DU Failurerate

Failure rateduring testFailure rateduring test

Repairrate

Repairrate

TestdurationTest

duration

TestintervalTest

interval

Date of 1st testDate of 1st test

Probabilityof failure dueto the test

Probabilityof failure dueto the test

Availabilityduring testAvailabilityduring test

TestcoverageTest

coverageProba. of

reconfigurationfailure

Proba. ofreconfiguration

failure

ClassicalparametersClassical

parameters

Teststaggering

Teststaggering

Big PFDcontributor

when unavailable

Big PFDcontributor

when unavailable

Genuine PFDGenuine PFD

GenerallyneglectedGenerallyneglected

Smallcontributor

Smallcontributor

Failuresnever tested

Failuresnever tested Should be

discovered atthe next test

Should be discovered atthe next test

Generallyignored

Generallyignored

Simplestmodels

Simplestmodels

IEC61508

IEC61508


FT driven Markov processes:application to safety systems.

E1, E2 & E3reasonably

independent

Top

E1

E2 E3

0

0.025

0.075

0.1

0 10000 20000 30000 40000

t

U1(t)

0

0.4

0.81

0 10000 20000 30000 40000

t

U2(t)

00.04

0.12

0.2

0 10000 20000 30000 40000

t

U3(t)

0

0.1

0.2

0.3

0 10000 20000 30000 40000

t

US(t)

Multi-phaseMarkov processes

Multi-phaseMarkov processes

Fault treeinputs

Fault treeinputs

- On demand failure ( γγγγ)- Test coverage ( σσσσ) - On demand failure ( γγγγ)- Test coverage ( σσσσ)

-Test duration ( ππππ)- unavailable during tests-Test duration ( ππππ)- unavailable during tests

Simplesaw-tooth curve

Simplesaw-tooth curve



PFDavgPFDavg

Describedin IEC

61508 Ed2

Describedin IEC

61508 Ed2

17


TC67

WG4

RBD driven Petri net and Monte Carlo simulation

approaches


Simulation of any probability law

1

0

F(x)

x

F(x)=P(X≤x)

X: wanted distribution

(cdf)

X: wanted distribution

(cdf)

0 z

P(Z ≤ z)

Z: Uniform distributionZ: Uniform distribution

1

1

1

2

3 1

Randomnumber

Randomnumber

x = F-1(z) distributedalong to F(x)

x = F-1(z) distributedalong to F(x)

λδ )(zLN−=

ex: delay δδδδexponentiallydistributed

ex: delay δδδδexponentiallydistributed

Cumulateddistribution

function(cdf)

Cumulateddistribution

function(cdf)

18


Random number generators

PhysicalmethodsPhysicalmethods

Decimals of ππππDecimals of ππππ

Pseudo randomnumber generators

Pseudo randomnumber generators Xn+1= (a.Xn+b) mod mXn+1= (a.Xn+b) mod m

Linear congruential generators

Linear congruential generators

3,1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679 82148086513282306647093844609550582231725359408128 ...

3,1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679 82148086513282306647093844609550582231725359408128 ...

ComputerComputer

J. Von Neumann

Trajectoryof the bouleTrajectory

of the boule

Zenerdiode

Thermalnoise

Thermalnoise

Several billons are known

Several billons are known

Length ofone revolution

Length ofone revolution

Widelyused

Widelyused


Periodically tested component

OKOK

DUDU

RR

??MT==true !Ci=false

AvailableAvailable

Non detectedfault

Non detectedfault

RepairRepair

!!Ci=true

Assertion:State of thecomponent

Assertion:State of thecomponent

µµµµ

δ= τδ= τδ= τδ= τ−−−− t mod(τ(τ(τ(τ))))

DDDD

Detectedfault

Detectedfault

!! MT=false

!!MT=true

FailureFailure

TestTest

Start ofrepair

Start ofrepair

End ofrepair

End ofrepair

δ= 0δ= 0δ= 0δ= 0

Predicate:availability of the

maintenance team

Predicate:availability of the

maintenance team

Place:local state

Place:local state

Transition:event

Transition:event

Token:actual local

state

Token:actual local

state

Arcs:links place/transitions

Arcs:links place/transitions

Statevariable Ci

Statevariable Ci

19


OK

DU

R

??MT==true

DD

!! MT=false

!!MT=true

test

Repair team mobilization

nM

MOL

ωωωω

OK

DU

R

DD

test

2/3 O1

A

BE

FDO1 O2 S

C

RBD driven PN modelling: applicationto SIL calculations

Simple periodicallytested component

Simple periodicallytested component

SIS modelSIS model

O1=A.B+A.C+B.C

O2= O1.D

S= O2.(E+F)

!-A

! A

IEC 61508ISO/TR 12489

IEC 61508ISO/TR 12489

•Reliability•Availability•Frequency

•Reliability•Availability•Frequency

StatisticsStatistics

-PFDavg-PFH-PFDavg-PFH

GlobalassertionGlobal

assertion

!-E

! E

Monte carlosimulation

Monte carlosimulation

VirtualRBD

VirtualRBD

Statevariable A

Statevariable A

Statevariable E

Statevariable E

λλλλDDµµµµ

DD

OK

!-D

! D

Statevariable D

Statevariable D

Simple componentwith revealed failuresSimple component

with revealed failures

!!NbR=NbR+1

!!NbR=NbR-1

OL

M

??NbR>0

??NbR==0

- Nb. component failed: !NbR- Repair resources on location: OL- Repair team mobilized: M

- Nb. component failed: !NbR- Repair resources on location: OL- Repair team mobilized: M

Simple periodicallytested component with

repair team mobilization

Simple periodicallytested component with

repair team mobilization

SS


Parameter calculations: The magic sub PN!

OK

KO

AvailabilityAvailability

UnavailabilityUnavailability

UnreliabilityUnreliability

MTTFMTTF

Detectionof the first

failure

Detectionof the first

failure

PFDavg =Mean markingPFDavg =Mean marking

PFD(t) =KO marked at tPFD(t) =KO marked at t

PFH = failure frequency

(not ultimate layer)

PFH = failure frequency

(not ultimate layer)

PFH≈≈≈≈ 1/MTTF

(ultimate layer)

PFH≈≈≈≈ 1/MTTF

(ultimate layer)

Single shotSingle shot PFH≈≈≈≈ F(T)/T

(ultimate layer)

PFH≈≈≈≈ F(T)/T

(ultimate layer)

?? S=0?? S=0

?? S=1?? S=1

S=1S=1S=0S=0S=1S=1

Beware

of this

formula

Beware

of this

formula

VirtualRBD

output

VirtualRBD

output

20


Example of Monte Carlo output(50 000 histories)

2/3 O1

AA

BBEE

FFDDO1 O2 S

CC O1=A.B+A.C+B.CO1=A.B+A.C+B.C

O2= O1.DO2= O1.D

S= O2.(E+F)S= O2.(E+F)Sensors availability

0.4

0.6

0.8

1

0 5000 10000 15000 20000 25000 30000 35000

Time

Availability of 3 sensors in 2oo3

0.4

0.6

0.8

1

0 5000 10000 15000 20000 25000 30000 35000

Time

Logic solver with revealed failures

0.9984

0.9988

0.9992

0.9996

1

0 5000 10000 15000 20000 25000 30000 35000

Time

Avalability of safety valves

0.4

0.6

0.8

1

0 5000 10000 15000 20000 25000 30000 35000

Time

SIS availability

0.4

0.6

0.8

1

0 5000 10000 15000 20000 25000 30000 35000

Time

SIS unavailability – PFD( t)

0

0.2

0.4

0.6

0 5000 10000 15000 20000 25000 30000 35000

Time

Not SNot S

PFDavgPFDavg

SS


Monte Carlo simulation uncertainties

90%confidence

interval

90%confidence

interval

Unavailability(500 histories)

0

0.1

0.2

0.3

0.4

0.5

0.6

0 5000 10000 15000 20000 25000 30000 35000

Time

A(t)A(t)

PFDavgPFDavg

21


Other possible outputs

Unreliability

0

0.2

0.6

1

0 5000 10000 15000 20000 25000 30000 35000

Time

Time to failure

0

2000

4000

6000

0 5000 10000 15000 20000 25000 30000 35000

Time

Accumulated number of failures

0

2

4

6

0 5000 10000 15000 20000 25000 30000 35000

Time

Average failure frequency

0

0.00004

0.00012

0.0002

0 5000 10000 15000 20000 25000 30000 35000

Time

Average failure frequency

0.00016

0.000162

0.000166

0.00017

0 5000 10000 15000 20000 25000 30000 35000

Time

MTTFMTTF


TC67

WG4

Multiple safety systems

22


Two simple SIS acting in sequence

SIS1SIS2 Situation

Perfect functioningYes

Hazardous eventNo

NoYes

Degraded functioning

Processdemand

Safestates

ww

demandfrequency

F1(t)= λλλλ1111tF1(t)= λλλλ1111tww

λλλλ1111, τ, τ, τ, τλλλλ1111, τ, τ, τ, τ


U1(t)≈λλλλ1111 ....t

U2(t)≈λλλλ2222t

F2(t)= λλλλ2222....tF2(t)= λλλλ2222....t3

)()(2

221

τλλδδλλτ

δδδτ

ττ 210

210

11wdwdw == ∫∫ FFHEFS

ww PFD1= λλλλ1111τ τ τ τ / 2PFD1= λλλλ1111τ τ τ τ / 2 PFD2= λλλλ2222τ τ τ τ / 2PFD2= λλλλ2222τ τ τ τ / 24

..2

21τλλ 21ww == PFDPFDHEFS

Simplistic calculation(e.g. LOPA)


Notconservative

Notconservative

Multiple SISMultiple SIS

Probabilityof failure at δδδδProbability

of failure at δδδδ

Probability offailure at t


HazardousEventFrequency

HazardousEventFrequencyAverage

probabilityof failure

Averageprobabilityof failure

Riskreduction

over estimatedby 25%

Riskreduction


Effect dueto systemic

dependencies

Effect dueto systemic

dependencies


U2(t)≈(λλλλ2222 ....t)2

Two Redundant SIS acting in sequence

SIS1SIS2 Situation

Perfect functioningYes

Hazardous eventNo

NoYes

Degraded functioning

Processdemand

Safestates

ww

demandfrequencydemand

frequency

F1(t)= (λλλλ1111t)2F1(t)= (λλλλ1111t)2ww F2(t)= (λλλλ2222....t)2F2(t)= (λλλλ2222....t)2

5)()()(

44

21τλλδδλλ

τδδδ

τττ 2

22

12

0 210

11wdwdw == ∫∫ FFHEFS

ww PFD1= (λλλλ1111ττττ)2 / 3PFD1= (λλλλ1111ττττ)2 / 3 PFD2= (λλλλ2222τ τ τ τ )2 2 2 2 / 3PFD2= (λλλλ2222τ τ τ τ )2 2 2 2 / 39

..4

21τλλ 2

22

1ww == PFDPFDHEFS



Notconservative

Notconservative

Multiple SISMultiple SIS

Probabilityof failure at δδδδProbability

of failure at δδδδ



HazardousEventFrequency

HazardousEventFrequencyAverage

probabilityof failure

Averageprobabilityof failure


λλλλ1111, τ, τ, τ, τλλλλ1111, τ, τ, τ, τ λλλλ2222, τ, τ, τ, τλλλλ2222, τ, τ, τ, τ

λλλλ2222, τ, τ, τ, τλλλλ2222, τ, τ, τ, τU1(t)≈(λλλλ1111 ....t)

2

Riskreduction


Riskreduction


The effectof systemic

dependenciesincreases when

redundancyincreases

The effectof systemic

dependenciesincreases when

redundancyincreases

23


PDFavgPDFavg

Scenariosprobabilities

Initiatingevent

Protectionlayer 1

Protectionlayer 2

Protectionlayer 3

yes

Noyes

No yes

No

p1(t)

1-p1(t)

p2(t)

1-p2(t)

p3(t)

1-p3(t)

Event tree (multiple SIS) or fault tree (redundant SIS) calculation difficulties

1-p11-p1

p1(1-p2)p1(1-p2)

p1.p2.p3p1.p2.p3

p1.p2(1-p3)p1.p2(1-p3)

CommonCause

Failures

CommonCause

Failures

Constantprobabilities

Constantprobabilities

AsymptoticprobabilitiesAsymptoticprobabilities

Instantaneousprobabilities

Instantaneousprobabilities

Averageprobabilities

Averageprobabilities

Popularcalculation

Popularcalculation

p1(ττττ).p2(ττττ).p3(ττττ).dττττp1(ττττ).p2(ττττ).p3(ττττ).dττττ1

T 0

T

1-p1(t)1-p1(t)

p1(t) [1-p 2(t)]p1(t) [1-p 2(t)]

p1(t).p 2(t).p 3(t)p1(t).p 2(t).p 3(t)

p1(t).p 2(t) [1-p 3(t)]p1(t).p 2(t) [1-p 3(t)]

Nonconservative

results

Nonconservative

results

Explained in IEC 61511and ISO/TR 12489

Explained in IEC 61511and ISO/TR 12489

Systemicdependen-

cies

Systemicdependen-

cies

46PETROBRAS Rio, November 2014

Application in TOTAL





Pierre-Joseph CACHEUXReliability expert, TOTALPierre-Joseph CACHEUXReliability expert, TOTAL

24

PETROBRAS Rio, November 201447-

From pencil andpaper to computer !

Emergency safety featuresPressurized water reactorsEmergency safety featuresPressurized water reactors

Gulf of Biscaye drilling platform

Gulf of Biscaye drilling platform

Mediterranean deep sea drilling

Mediterranean deep sea drilling

19801980

Drilling with H2S near PAUDrilling with H2S near PAU

19791979

Survey and analyze of reliability tools

Survey and analyze of reliability tools

SKULD(subsea platform)

SKULD(subsea platform)

19811981

Decision to developthe 1st version ofour software tools

Decision to developthe 1st version ofour software tools

19841984

19821982

Safety instrumented systemsNuclear submarines

Safety instrumented systemsNuclear submarines

19711971

19741974 19811981

Reliabilitystudies

Reliabilitystudies

Toolsimprovement

Toolsimprovement

Pencil, paper &formulae

Pencil, paper &formulae

1stsoftware

tools: ADDMarkov

1stsoftware

tools: ADDMarkov

Grondin north eastGrondin north east

19751975 Safety studiesmust be

conservative

!!!

Safety studiesmust be

conservative

!!!

20142014SécuritéSécuritéProductionProduction

ISO/TR12489ISO/TR12489

Result of40 years of

R&D

Result of40 years of

R&D

HIPSHIPS

ADD,BDF

Markov,RdP

ADD,BDF

Markov,RdP


Preferred techniques

RBDRBD

FTFT

MarkovMarkov

PNPN

Preferred representation of engineersPreferred representation of engineers

Systemic method generally known by contractorsSystemic method generally known by contractors

Beloved by universitiesBeloved by universities

Used by ELF and TOTAL for 30 yearsUsed by ELF and TOTAL for 30 years

Has allowed to solve all our problems all over 30 y earsHas allowed to solve all our problems all over 30 y ears

Easy jump to flow diagramsEasy jump to flow diagrams

Known by some contractorsKnown by some contractors

FT or RBD drivenMarkov processesFT or RBD drivenMarkov processes

StochasticRBD

StochasticRBD

Petro moduleProductionavailability

Petro moduleProductionavailability

FormulaeFormulae

• Very difficult to establish and understand

• PFD(t) not provided (pb for permanent SIL)

=> Not recommended by TOTAL e&P headquarters

• Very difficult to establish and understand

• PFD(t) not provided (pb for permanent SIL)

=> Not recommended by TOTAL e&P headquarters

SILmodule

SILmodule

SoftwareworkshopSoftwareworkshop

25


Choosing the right technique

Fault

Tree Petri nets

Reliability

Block

Diagram

Markov

graph

Start

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

No

No

Yes

No

Yes

No No

Dynamic ModelsStatic Models

Constant Transition Rates ?

Repairable Components ?

Can dependencies be neglected or conservative approximation?

Is a simple Series-Parallelmodel usable ?

Method to be used

Number of relevantstates manageable ?

Dependent Components ?

single repair team,Stand-by,

spare parts, ... ?

Exponentiallaws only?

<100 : Handmade <106 : Automatic

TopsideHIPS

TopsideHIPS

SubseaHIPS

SubseaHIPS

Smallcomplexsystems

Smallcomplexsystems

FT drivenMarkov

processes

FT drivenMarkov

processes

Periodicallytested

components

Periodicallytested

components


Staggering testsStaggering tests more CCF testsmore CCF tests

Components tested at the same timeComponents tested at the same time

SIL3

SIL3

Design versus operation risks

SIL2

0 2000 4000 6000 8000 10000 12000 14000 16000 18000 20000 22000 24000 26000

5.0e-4

1.0e-3

1.5e-3

T=8760

28.1%71.9%

6300h

0 2000 4000 6000 8000 10000 12000 14000 16000 18000 20000 22000 24000 26000

2.0e-4

4.0e-4

6.0e-4

8.0e-4

1.0e-3T=8760

4.46e-4

6.94e-4

Time spentSIL zonesTime spentSIL zones Maximum

valueMaximum

value

2460h

Permanent SIL3

Permanent SIL3 SIL3SIL3

Designer

point

of view

Designer

point

of view

Worker

point

of view

Worker

point

of view

"PFD avg""PFD avg"

PFD(t)

PFD(t)

"Permanent" SILis safer for operators

"Permanent" SILis safer for operators

26


ISO14224

Background &general philosophy

IEC61511

IEC61508

ISO20815

Maximizing Productionunder safe conditionsMaximizing Productionunder safe conditions

Safety

RAM

ISO/TR12489

SILSIL

IEC60300-1

IEC62551

IEC TC56 / UTE UF56 (FR)

"Dependability"

ChairmanChairman

Standardi-

sation

Compromise

Safety Production

ReferentialReferential

SafetyInstrumented

Systems

SafetyInstrumented

Systems

ProductionAssurancePlan

ProductionAssurancePlan

DataCollection

DataCollection

SafetyRelatedSystems

SafetyRelatedSystems

SafetySystemsSafetySystems

ProjectleaderProjectleader

Dependabilitymanagement

Dependabilitymanagement

PetriNetsPetriNets

Design ofsafety

Design ofsafety

Design of DependabilityDesign of

Dependability

VerificationVerification

Terminology•Methodology •Availability•Maintenance•Human factor•Software•etc.

Terminology•Methodology •Availability•Maintenance•Human factor•Software•etc.

Functional safety

IEC60300-3-1

Guide ondependability

Guide ondependability

IEC61703

Mathematicalformulae

Mathematicalformulae

IEV191

TerminologyTerminology

CompatibilityCompatibility

IEC61025

FaulttreeFaulttree

IEC61078


RBDRBD

Methods& tools

Methods& tools

≈≈≈≈ 80stds≈≈≈≈ 80stds


IEC/ISO31010Risk

managementRisk

management

OREDA


Reliability data

IEC 61511IEC 61511

IEC 61508IEC 61508

Norequirement aboutdata collection in

1st editions

Norequirement aboutdata collection in

1st editions

15 years lost fordata collection

15 years lost fordata collectionButButProbabilistic

standardsProbabilistic

standards

Insinuation of the ideathat data collection

is not importantor not possible

Insinuation of the ideathat data collection

is not importantor not possible

Data beingbullshit … any

simplisticcalculations are

well enough

Data beingbullshit … any

simplisticcalculations are

well enough

Wrong

reasoning

!!!

Wrong

reasoning

!!!Weak PointWeak Point

It is not legitimate to add

uncertainty to uncertainty byusing rough simplistic calculations

It is not legitimate to add

uncertainty to uncertainty byusing rough simplistic calculations

Don't count too much on data from others

Don't count too much on data from others

Progress to be done to collect

own field feedback

Progress to be done to collect

own field feedback

OREDA :

Offshore Reliability Data BankOREDA :

Offshore Reliability Data Bank

Preferreddata set

Preferreddata set

30 yearsof data

collection

30 yearsof data

collection

Valid forE&P

studies

Valid forE&P

studies Input for accurate or conservative resultsInput for accurate or conservative results

Comparisons/ sensibility studies

Comparisons/ sensibility studies

usefulness of accurate

calculation tools

usefulness of accurate

calculation tools

SideeffectSideeffect

ISO14224

Conserva-

tiveness

Conserva-

tiveness

27


Formulae

Taylor'sexpansionTaylor's

expansion

FTRBD

State Transition models(finite state automata)

Probabilistic models overviewProbabilistic models overview

Analyticalmethods

Analyticalmethods



Generictools

Generictools

SpecificformulaeSpecificformulae

Behavioralmodels

Behavioralmodels

50 years of

experience

50 years of

experience

Markovianapproach

Markovianapproach

BooleanapproachBooleanapproach

Graphicalrepresentations

Graphicalrepresentations

PowerfulalgorithmsPowerful

algorithms

Soundmathematics

Soundmathematics

ApproximationsApproximations

UnderlyinghypothesisUnderlyinghypothesis

Lack offlexibilityLack of

flexibility

Progress directionProgress direction SystemicApproaches

SystemicApproaches

SimplifiedapproachesSimplified

approaches

SafetysystemsSafety

systemsRAM

& safetysystems

Conservatism?

Conservatism?

A single framework

for safety & dependability

A single framework

for safety & dependability

Goodunderstanding

of models

Goodunderstanding

of models


DetailedsolutionsDetailedsolutions

Conclusions

ISO/TR12489

ISO/TR12489

In line with IEC 61508-6In line with IEC 61508-6

Identification of difficultiesIdentification of difficulties

Consolidationsimplified

approaches

Consolidationsimplified

approachesDangerous

failuresDangerous

failures

Spurious failures

Spurious failures

Raising ofwarnings

Raising ofwarnings

Should be usedas a reference

for SIL calculation

Should be usedas a reference

for SIL calculation

Should be used as areference for developingSIL software packages

Should be used as areference for developingSIL software packages

Should be usedby anybody involved inprobabilistic calculation

of safety systems

Should be usedby anybody involved inprobabilistic calculation

of safety systems

Systemic approachesdescribed in ISO/TR 12489

are used dailyin TOTAL

Systemic approachesdescribed in ISO/TR 12489

are used dailyin TOTAL

RAMstudiesRAM

studiesSafetystudiesSafetystudies

HIPSHIPS

They are very effective

They are very effective

They are very easy to handleThey are very easy to handle

Providedrelevant tools

are used

Providedrelevant tools

are used

Provided agood

knowledgeof models

Provided agood

knowledgeof models

Provideaccuratemodels &

results

Provideaccuratemodels &

resultsFeasibilityis done

Feasibilityis done

Commonsafety

systems

Commonsafety

systems

Detailedexplanations

Detailedexplanations

Demystification of systemic approaches

Demystification of systemic approaches

28


That's allFolks...

That's allFolks...

Anyquestions

?...

Anyquestions

?...


SIL Bridge ! PFDavg is not reallya good indicator for worker in operation

PFDavg is not reallya good indicator for worker in operation

29


• Spare Slides


Technologicalwatch

Technologicalwatch

Safety, Reliability and Integrity department (E&P b ranch)

You want the

result next

week, really?!!

You want the

result next

week, really?!!

Reliabilityteam

RAMstudiesRAM

studies

SafetystudiesSafetystudies

ConsultingConsulting

R&DstudiesR&D

studies

Methods & tools

Methods & tools

Study coordination

Study coordination

Interface with contractors

Interface with contractors

TrainingTraining

Reliabilitydata

Reliabilitydata

HotlineHotline

Joint ventureJoint venture

PublicationsDisseminationPublications

Dissemination

StandardizationStandardization

Anticipate future needsAnticipate

future needs

MaintainknowledgeMaintain

knowledge

Satisfactionof project needs

Data collectionData collection

IEC 61508/511ISO/TR 12489

IEC 61508/511ISO/TR 12489

Dependability(IEC TC56)

Dependability(IEC TC56)

Adaptationto functional

safety

Adaptationto functional

safety

OREDAOREDA

Preferreddata set

Preferreddata set

Contractors"encouraged" to

use our tools

Contractors"encouraged" to

use our tools

30


Examples of HIPS studies

• AKPO anti surge

•OFON2

• OML 58

• BUFALO

• PECIKO

• BULISAA

• KAOMBO

• etc

• AKPO anti surge

•OFON2

• OML 58

• BUFALO

• PECIKO

• BULISAA

• KAOMBO

• etc

• ABK

• AL KHALIJ

• L4G

• OFON 2

• OML 100 WH

• MOHO BILONDO

• SP 11

• TP1 by pass

• AL JURF

• GIRASSOL

• etc.

• ABK

• AL KHALIJ

• L4G

• OFON 2

• OML 100 WH

• MOHO BILONDO

• SP 11

• TP1 by pass

• AL JURF

• GIRASSOL

• etc.

Studies managed byHeadquarters


AtypicalstudiesAtypicalstudies

KO-DrumoverflowKO-Drumoverflow

• AKPO

• DALIA

• FORVIE

• HILD

• JAFRA

• ROSA-LIRIO

• KHARIR

• TIGF

• SHAH DENIZ

• etc.

• AKPO

• DALIA

• FORVIE

• HILD

• JAFRA

• ROSA-LIRIO

• KHARIR

• TIGF

• SHAH DENIZ

• etc.

Expertise& advicesExpertise& advices



Classicalstudies

Classicalstudies

Most of theseHIPSare

HIPPS

Most of theseHIPSare

HIPPS


Examples of RAM studies

• KASHAGAN

• MOHO BILONDO

• QATAGAS

• DOLPHIN

• FLNG

• ICHTHYS

• JOSLYN

• LAGGAN

• TORMORE

• YAMAL LNG

• etc.

• KASHAGAN

• MOHO BILONDO

• QATAGAS

• DOLPHIN

• FLNG

• ICHTHYS

• JOSLYN

• LAGGAN

• TORMORE

• YAMAL LNG

• etc.

• ABK

• AHNET

• ANGUILLE

• BUL HANINE

• DALIA

• KAOMBO

• KHARYAGA

• MARTIN LINGE

• MLJ

• MOHO

• MTPS

• PNGF

• South SULIGE

• TEMPA ROSSA

• VEGA PLEYADE

• ABK

• AHNET

• ANGUILLE

• BUL HANINE

• DALIA

• KAOMBO

• KHARYAGA

• MARTIN LINGE

• MLJ

• MOHO

• MTPS

• PNGF

• South SULIGE

• TEMPA ROSSA

• VEGA PLEYADE

• ADC

• AL JURF

• CLOV

• EGINA

• K5

• KCTS

• NKARIKA

• NKOSSA

• OML 100

• OML 58

• PAZFLOR

• PECIKO

• TIGF

• USAN

• YLNG

• PECIKO

• ADC

• AL JURF

• CLOV

• EGINA

• K5

• KCTS

• NKARIKA

• NKOSSA

• OML 100

• OML 58

• PAZFLOR

• PECIKO

• TIGF

• USAN

• YLNG

• PECIKO

Managed byHeadquartersManaged byHeadquarters Expertise

& advicesExpertise& advices

Managed byHeadquartersManaged byHeadquarters

31


A systems analysis software for determiningthe key indicators of dependability:

Reliability – Availability – Frequency – Performance – Safety.

A systems analysis software for determiningthe key indicators of dependability:

Reliability – Availability – Frequency – Performance – Safety.

http://grif-workshop.fr/

Fault tree

Fault tree

MarkovMarkov

Petri netsPetri nets

RBDRBDPetroPetro

SILSIL

PFDavgPFDavg PFHPFH

Generaltechniques

Generaltechniques

SpecificmodulesSpecificmodules

Spuriousfailures

Spuriousfailures


Enables to choose the most suitable modelling technique.

Includes pre-configured architectures, making modelling all the easier.

GRIF software packages Three

Packages

Three

Packages

Boolean packageBoolean package

Simulation packageSimulation package

Markovian packageMarkovian package

32


Fault Trees

Reliability Block Diagrams

ALBIZIA

Events Tree

SIL

Boolean package

Developedfor the refining

branch

Developedfor the refining

branch

Calculationengine

Calculationengine

Forthose who

don't want touse faulttrees !!!

Forthose who

don't want touse faulttrees !!!

Allowing using asystemic approachinstead of formulae

Allowing using asystemic approachinstead of formulae

presentation of iso/tr 12489 · risk identification risk analysis modelling & calculations...

Documents