risk assessment data directory

8/2/2019 Risk Assessment Data Directory

1/26

Risk Assessment Data Directory

Report No. 434 20.1

March 2010

I n t e r n a t i o n a l A s s o c i a t i o n o f O i l & G a s P r o d u c e r s

Guide tonding and

using reliabilitydata for QRA


2/26

Publications

Global experience

Te International Association o Oil & Gas Producers has access to a wealth o technicalknowledge and experience with its members operating around the world in many diferentterrains. We collate and distil this valuable knowledge or the industry to use as guidelines

or good practice by individual members.

Consistent high quality database and guidelines

Our overall aim is to ensure a consistent approach to training, management and best prac-tice throughout the world.

Te oil and gas exploration and production industry recognises the need to develop consist-ent databases and records in certain elds. Te OGPs members are encouraged to use theguidelines as a starting point or their operations or to supplement their own policies and

regulations which may apply locally.

Internationally recognised source of industry information

Many o our guidelines have been recognised and used by international authorities andsaety and environmental bodies. Requests come rom governments and non-governmentorganisations around the world as well as rom non-member companies.

Disclaimer

Whilst every e ort has been made to ensure the accuracy of the information contained in this publication,neither the OGP nor any of its members past present or future warrants its accuracy or will, regardlessof its or their negligence, assume liability for any foreseeable or unforeseeable use made thereof, whichliability is hereby excluded. Consequently, such use is at the recipients own risk on the basis that any useby the recipient constitutes agreement to the terms of this disclaimer. e recipient is obliged to inform

any subsequent recipient of such terms.

is document may proide guidance supplemental to the requirements of local legislation. Nothingherein, however, is intended to replace, amend, supersede or otherwise depart om such requirements. Inthe event of any conict or contradiction between the proisions of this document and local legislation,

applicable laws shall prevail.

Copyright notice

e contents of these pages are e International Association of Oil and Gas Producers. Permission

is given to reproduce this report in whole or in part proided (i) that the copyright of OGP and (ii)the source are acknowledged. All other rights are reserved. Any other use requires the prior written

permission of the OGP.

ese Terms and Conditions shall be goerned by and construed in accordance with the laws of Eng-land and Wales. Disputes arising here om shall be exclusively subject to the jurisdiction of the courts of

England and Wales.


3/26

RADD Guide to finding and using reliability data for QRA

OGP

contents

1.0 Scope and Application.............................................................. 3 1.1 Scope.................................................................................................................... 31.2 Application........................................................................................................... 31.3 Definitions............................................................................................................ 32.0 Summary of Recommended Data............................................... 4 2.1 Copyright.............................................................................................................. 42.2 Sources of Reliability Data ................................................................................. 43.0 Guidance on use of data ........................................................... 6 3.1 Introduction.......................................................................................................... 63.2 Failure Rate Calculation...................................................................................... 73.2.1 Background ................................................................................................................... 73.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed........ 83.2.3 Failure Rate Calculation #2 Point Estimate ............................................................. 93.2.4 Failure Rate Calculation #3 Many Failures with Probability Plotting .................. 103.2.5 Treatment of Common Cause Failures ..................................................................... 133.2.6 Failure Rate Calculation using the OREDA Estimator............................................. 133.3 Calculation of on demand Failure Probability............................................. 143.4 Guidance Specific to the OREDA Handbook.................................................. 143.4.1 Selecting Appropriate Data ........................................................................................144.0 Review of data sources ...........................................................16 4.1 OREDA Database and Handbook(s) ................................................................ 164.1.1

OREDA Data Presentation.......................................................................................... 18

4.2 MIL-HDBK-217F ................................................................................................. 194.3 FIDES.................................................................................................................. 194.4 EPRD-97 and NPRD-95...................................................................................... 194.5 PDS Data Handbook.......................................................................................... 204.6 FARADIP III......................................................................................................... 204.7 IEEE 493-1997 .................................................................................................... 204.8 Sintef Reports, SubseaMaster and WellMaster .............................................. 205.0 Recommended data sources for further information ................21 6.0 References ..............................................................................21


4/26


OGP

Abbreviations:

BIT Built-in Test

BOP Blowout PreventerDNV Det Norske Veritas

E&P Exploration and ProductionMTTF Mean Time To FailureMTTR Mean Time To RepairND Nominal DiameterOGP Oil and Gas ProducersOREDA Offshore Reliability Data

QRA Quantitative Risk AssessmentSCSSV Surface Controlled Subsurface Safety Valve


5/26


OGP 3

1.0 Scope and Application1.1 Scope

The reliabilities of fire and gas detection, ESD and blowdown, blowout prevention andfire protection systems are key inputs to Quantitative Risk Assessment (QRA) ofexploration and production facilities. This datasheet provides guidance on obtaining,

selecting and using reliability data for these systems and for their component parts,for use in QRA.

1.2 Application

This datasheet contains specimen data taken from previous OGP datasheets; this

specimen data are presented in Error! Reference source not found. to Error!Reference source not found. . In addition, the recommended data sources that areidentified in section 2.0 should be consulted to ensure that all data are the most up todate and relevant for any particular analysis. Guidance on using and processing datais given in Section 3.0.

The data presented are applicable to activities in support of operations withinexploration for and production of hydrocarbons.

1.3 Definitions

For the purposes of this document, the following terms and definitions apply.

Failure The inability of an equipment unit or system to performa specified function.

Critical failure Failure of an equipment unit that causes an immediatecessation of the ability to perform a required function.

Non-critical fai lure Failure of an equipment unit that does not cause acessation of the ability to perform a required function.

Dangerous fai lure A failure that has the potential to prevent a safetysystem from achieving its safety function(s) when there

is a true demand. A single dangerous failure may not besufficient to prevent a redundant safety system from

performing its safety function (e.g. two coincidentdangerous failures may be needed to prevent operation

of a 2-out-of-3 voting system).

Non-dangerous fai lure A failure of a safety system that is not dangerous.

Safe fai lure A failure that has the potential to unnecessarily triggera safety function. Revealed fai lure A failure that is evident or that is detected by the

system itself as soon as it occurs. Failures detected bythe built-in diagnostic tests (BIT) of a logic solver arealso considered as revealed failures.

Hidden fai lure A failure that is not revealed to operation ormaintenance personnel and that needs a specific action(e.g. periodic test) in order to be identified.

Common cause fai lure Failure of different items resulting from the same directcause, occurring within a relatively short time, wherethese failures are not consequences of another. Seealso Common mode failure.


6/26


OGP4

Common mode fai lure A subset of Common cause failure whereby two ormore components fail in the same manner.

Demand Activation of a systems function (may includefunctional, operational and test activation).

Failure mode Effect by which a failure is observed on the failed item. Failure on demand Failure that occurs immediately when an item is

instructed to perform its intended function (e.g. stand-by emergency equipment).

Reliability Probability of an item performing a required functionunder stated conditions for a specified time interval.

Observation period Interval of time between the start date and end date ofreliability data collection.

Failure rate Limit, if this exists, of the ratio of the conditionalprobability that the instant of time, T, of a failure of an

item falls within a given time interval, (t + + t) and thelength of this interval, t, when t tends to zero, given

that the item is in an up state at the beginning of thetime interval.

Note:

1. In this definition, t may also denote the time to

failure or the time to first failure.

2. A practical interpretation of failure rate is thenumber of failures relative to the correspondingoperational time. In some cases, time can be

replaced by units of use. In most cases, thereciprocal of MTTF can be used as the predictor for

the failure rate, i.e. the average number of failuresper unit of time in the long run if the units are

replaced by an identical unit at failure.

Mean Time to Failure (MTTF)Expectation of the time to failure. Mean Time Between Failures (MTBF) Expectation of the time between failures.

2.0 Summary of Recommended Data2.1 Copyright

The data that are presented in the sources discussed in Section 2.2 are protected bycopyright and cannot be reproduced without specific written permission from the

copyright holders. Where guideline values are given (Error! Reference source notfound. to Error! Reference source not found. ), these are taken from sourcesthat are either in the public domain or from pre-existing OGP datasheets. It is stronglyadvised that in all analyses the best available data are taken from the relevant sourceas listed in section 4.0.

2.2 Sources of Reliability Data

The recommended sources of reliability data are presented in Table 2.1.


7/26


OGP 5

Table 2.1 Data SourcesData Source Equipment Available FromOREDA Handbooks [1]Note: new issuescheduled for release in2009

Process Equipment (Offshore) Det Norske VeritasN-1322 HvikNorway

MIL-HDBK-217F Reliability Prediction ofElectronic Equipment[10]

Electronic components US Military Handbook

EPRD-97 ElectronicParts Reliability Data(RAC) [12]

Electronic components Reliability Analysis Center201 Mill StreetRome, NY 13440USA

NPRD-95 NonElectronic PartsReliability Data [11]

Mechanical and electro-mechanical components

Reliability Analysis Center201 Mill StreetRome, NY 13440USA

PDS Data Handbook [13] Sensors, detectors, valves &control logic

SydvestSluppenvegen 12EN-7037 TrondheimNorway

FARADIP III [14] Electronic, electrical,mechanical, pneumaticequipment

[email protected]

IEEE 493-1997 [15] Electrical power generation anddistribution

ISBN1-55937-066-1

STF18 A83002,Reliability of SurfaceControlled Subsurface

Safety Valves

Surface Controlled SubsurfaceSafety Valves

ExprosoftN-7465 Trondheimwww.exprosoft.com

STF75 A89054, SubseaBOP Systems, Reliabilityand Testing. Phase V

Subsea Blowout Preventers ExprosoftN-7465 Trondheimwww.exprosoft.com

STF75 A92026,Reliability of SurfaceBlowout Preventers(BOPs)

Surface Blowout Preventers ExprosoftN-7465 Trondheimwww.exprosoft.com

STF38 A99426,Reliability of SubseaBOP Systems forDeepwater Application,

Phase II DW

Subsea Blowout Preventers deepwater subsea


SubseaMaster &WellMaster[9] and [8]

Components in oil wells (BOPsand SCSSVs)


EIREDA DatabaseEuropean IndustryReliability DataHandbook,Electrical Power Plants

Valves, sensors and controllogic (nuclear power stationdata)

EUORSTAT, Paris


8/26


OGP6

3.0 Guidance on use of data3.1 Introduction

The science of reliability prediction is based upon the principals of statistical analysis.Reliability is defined as the probability that equipment will perform a specified

function under stated conditions for a given period of time which defines aprobabilistic approach rather than a deterministic one. This probability can be

calculated or stated to reside within certain statistical confidence limits.

Fundamental to such a calculation is the ability to source basic reliability data. Ideallysuch data should be:

Current

Auditable

Specific (applicable to equipment/component type)

Extensive (large sample with many recorded failures)

Applicable to environment

Be suitable for life trending

Unfortunately, real world data sources rarely meet these ideals and it is therefore

necessary to accept compromises. When performing QRA, it is important that thelimitations of the data source are understood, and where necessary alternatives

sought.

For QRA, the reliability parameters to be taken from the database would be the failurerate (or the mean time to failure) and/or the probability of failure on demand; see

Section 3.3 for details of probability of failure on demand calculation.

Where information is extracted from the OREDA or another industry standard

database it is not (in general) necessary to perform any further statistical analysis ofthe failure patterns. The approach described in Section 2.3.3 applies where basicinformation relating to times to failure is available for analysis, for example frommaintenance records or breakdown reports. In these circumstances, it is necessary to

judge the quality of the data and to then apply the appropriate analytical technique.The techniques for data analysis presented herein are divided into two classifications,those that are based simply on the sample statistics and those that are based oninferences from the associated statistical distributions. The characteristics of

distributions are much harder to derive (especially from field breakdown reportsrather than laboratory test data), but have the potential to provide more information.

Note that it is not the intention to provide a comprehensive theoretical background todata analysis in this document, but instead to provide some practical techniques that

may be used to prepare reliability data. Three techniques are outlined, namely: Prediction of failure rate within defined confidence limits applied where only

sparse failure data are available refer to Section 3.2.2

Calculation of point estimate of failure rate applied where adequate data areavailable refer to Section 3.2.3

Use of probability plotting to derive information relating to the underlying

statistical distribution refer to Section 3.2.4


9/26


OGP 7

3.2 Failure Rate Calculation

3.2.1 Background

The observed failure rate for a component is defined as the ratio of the total number offailures to the total cumulative observation or operational time. For items displaying aconstant failure rate, if is the failure rate of the Nitems then:

= k/T

where kis the total number of failures and Tis the total observation time across the Nitems.

For the case where components are replaced after failure (as applies to industry fielddatabases) then the total cumulative observation time may be defined as N field

operational lifetime.

Strictly, this calculation provides a point estimate of the failure rate and if the exercisewere repeated with another set of identical equipment and conditions it may yield

results that are not identical to the first. Any number of such measurements may bemade providing a number of point estimates for the failure rate, with the true value

of the failure rate only being provided after all components have failed (for a non

replacement test). In practice therefore, it is necessary to make a prediction about thetotal population of items based on the failure patterns of a sample. This process ofstatistical inference can be performed using the properties of a X2 (chi squared)distribution. This allows us to bound the population failure rate within confidence

limits (typically 90% or 60% may be used).

It is also necessary to make some assumptions about the pattern of failures acrosstime, considering the shape of the commonly depicted bathtub curve (Figure 3.1).

This curve typifies the expected component failure rate across time and is divided intothree distinct area, namely

Early life, characterized by a decreasing failure rate

Useful life (constant failure rate)

Wear out (increasing failure rate)


10/26


OGP8

Figure 3.1 The Bathtub Curve

In order to perform analysis of failure patterns outside of the constant failure rateperiod a level of detailed information is required that is typically not available from therecorded data (e.g. actual age of equipment of failure, homogeneous samples).

Therefore an assumption is made that all failures recorded are experienced during theuseful life phase, and the pattern of these failures may be described by a random,exponential distribution. This can, at least to a certain extent, be justified on the

following grounds:

Early life failures resulting from commissioning problems may not be recorded asequipment failures

Early life failures resulting from manufacturing defects can be largely eliminated

by testing prior to installation

Wear out failures largely eliminated by preventative maintenance and plannedrenewals. Note that this assumption may be less valid for wear out of subsea

equipment where no planned maintenance will be performed.

The preceding discussion allows us to analyze the data from each source, and in mostcases to calculate a mean value, confidence intervals about the mean value and the

associated variance.

3.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed

Where total number of failures is small (say < 5), or zero, a point estimate of failure

rate is inappropriate, therefore a technique of statistical inference and confidencelimits should be applied. This can be addressed via a Chi Squared (X2) test using thefollowing methodology:

1. Measure T(total observed time) and k(number of failures)

2. Select a confidence interval

3. = 1 confidence interval


11/26


OGP 9

4. n = 2k for failure truncated test

or

n = 2(k+1) for time truncated test

5. Look up value for X2 corresponding to n and (use standard mathematical tables)

6. Failure Rate Confidence Limit at X2/2T

7. For double sided limits use procedure twice to look up value forX2at:

n = 2kand (1 /2) (lower limit)

n = 2k(2k+2) and /2(upper limit)

Note that X2/2T is a conservative estimate i.e. the true value has probability of ofbeing higher than the estimate (based on a single sided upper confidence limit). Usingthe upper bound of the failure rate is a conservative approach and hence it can beused instead of the maximum likelihood estimate when the sample is considered to besmall.

Example: Equipment maintenance records show that 5 devices each with arecorded running t ime of 1000 hours have no recorded failures. Calculate thefailure rate at 60% confidence (single sided upper l imit).1. T = 5 1000 = 5000 hours

2&3. = (1 0.6) = 0.4 for 60% confidence limit

4. n = 2 (k+1) = 2 (time truncated since no failures have occurred)

5. From tables, X2 = 1.83 (60% confidence limit).

6. Upper bound of failure rate (60% confidence) = X2/2T = 1.83/10000 = 1.83 x 10-4

fails/hour

Note: the decision to use statistical interpretation or point estimate is based on the

number of recorded failures. For items with a very high failure rate a significantnumber of failures could equate to a small amount of experience years, but typically a

large amount of experience years are also required for a point estimate.

3.2.3 Failure Rate Calculation #2 Point Estimate

Where adequate data are available, a point estimate of the failure rate can be madesimply by taking the ratio of the total number of failures to the total cumulative

observed time. If is the failure rate of the Nitems then

= k/T

where kis the total number of failures and Tis the total cumulative observed time.


12/26


OGP10

3.2.4 Failure Rate Calculation #3 Many Failures with Probability Plotting

Where sufficient good quality data are available, probability plotting techniques maybe used to derive information relating to the underlying statistical distribution.Graphical plotting techniques may be implemented manually or by computer and

involve analysis of the cumulative distribution of the data. A commonly useddistribution for failure data is the Weibull Distribution. This distribution originally

postulated in 1951 by Swedish mechanical engineer Waloddi Weibull. It is particularlysuited to reliability life data plotting because of its flexibility, having no specific shapebut instead being described by shaping parameters. It is a three parameterdistribution, but often only two are used the characteristic life () and shape factor

(). There are special cases associated with values of the shape factor:

= 1 corresponds to exponential distribution

< 1 represents burn in (decreasing failure rate)

> 1 represents wear out (increasing failure rate)

NB In line with convention, is used here to represent the shape factor of the Weibulldistribution. This is not the same used to describe the dependent failure fraction of

common cause failures (see Section 3.2.5).By using a graphical plotting technique, the data can be quickly analysed withoutdetailed knowledge of statistical mathematics. A simple procedure for this is asfollows:

Determine test sample size and times to failure

List times to failure in ascending order

Establish median rankings from published tables (or calculate/estimate from

formulae)

Plot times and corresponding ranks on Weibull plot paper. This is essentially log-log graph paper but with scales for reading and

Draw best fit straight line and read off at 63.3% intercept

Draw a parallel line through intercept on y axis and read off

Note that median ranking is the most frequently used method for probability plotting,especially if the data are known not to be normally distributed. Median ranking tables

are available from statistics text books, or they may be estimated by the followingequation:

Ranking = (i - 0.3) / (N + 0.4)

where iis the failure order number and Nis the total number of failures.

The process is best illustrated by means of a simple example:


13/26


OGP 11

Step 1. Rank Data using Median Rank TablesFailureNumber

TimetoFailure

MedianRank

FailureNumber

TimetoFailure

MedianRank

FailureNumber

TimetoFailure

MedianRank

1 10 0.02 11 2000 0.35 21 77000 0.68

2 38 0.06 12 5000 0.38 22 10200 0.713 80 0.09 13 8300 0.42 23 119000 0.75

4 140 0.12 14 1200 0.45 24 134000 0.78

5 215 0.15 15 16300 0.48 25 146000 0.81

6 310 0.19 16 21500 0.52 26 159000 0.85

7 460 0.22 17 27500 0.55 27 172000 0.88

8 670 0.25 18 36000 0.58 28 187000 0.91

9 1050 0.29 19 48200 0.62 29 204000 0.94

10 1900 0.32 20 74000 0.65 30 230000 0.98

Step 2. Plot Times to Failure and Median Ranked Probabil i t ies on WeibullPaper

Step 3. Plot Line and Read Values of characteristic life () and shapefactor ()It is generally acceptable to fit a straight line plot by eye through the data points. The

value of shape factor is read by drawing a line perpendicular to the plotted linethrough the plot origin. The value of can then be read from the intercept of this lineand the scale. The value for the characteristic life may read from the intercept of the

plotted line with the estimator line. The position of the estimator is determined bythe intercept of the perpendicular line with the scale.


14/26


OGP12

In the above plot all three stages of the bathtub curve are displayed, the values areapproximately:

Characteristic life () 87 hours 320 hours 1000hoursShape factor () 0.7 1.0 3.4

3.2.4.1 Probability Plotting Complex Scenarios

If a straight line is not obtained in the Weibull plot, there could be one or moreunderlying reasons, including:

Data having been censored

More than one failure mechanism (mixed Weibull effects)

Errors in sampling

There is a threshold parameter (i.e. a three parameter Weibull distribution applies)

Distribution not Weibull

3.2.4.2 Dealing with Censored Data

At the end of a reliability trial or when processing field data there may be a number ofitems that have not failed. This is referred to as a censored data sample. Those itemsthat have survived are referred to as suspended. To calculate the median ranks inthis situation the following procedure should be followed:

Determine test sample size and times to failure

List times to failure in ascending order

Place suspended test items at the appropriate points in list For each failed item calculate the mean order number iti

where

and n is the sample size

Establish median rankings from published tables (or calculate/estimate from

formulae)

Plot times and corresponding ranks on Weibull plot paper.

3.2.4.3 Mixed Distributions

If the data do not fit to a straight line, especially where an obvious change of slope isseen it may be that more than one mode of failure is being displayed by the sample. Ifthis is the case, the data pertaining to each failure mode must be segregated andanalysed separately.

3.2.4.4 Failure Free Period

Should the data still yield a curve rather than a straight line, it is possible that a failurefree life period is being exhibited i.e. a three value rather than a two value Weibulldistribution is applicable.


15/26


OGP 13

The third Weibull parameter (location parameter), , locates the distribution along the

abscissa. Changing the value of has the effect of "sliding" the distribution and itsassociated function either to the right (if > 0) or to the left (if < 0). The parametermay assume all values and provides an estimate of the earliest time a failure may beobserved. A negative may indicate that failures have occurred prior to the beginningof the test or prior to actual use. The life period 0 to + is the failure free operating

period of such units

To cater for this, an attempt can be made to predict the failure free period. This may bebased on engineering judgement and knowledge of the items under consideration or

may simply the time until the first failure occurs. The data are then replotted from thistime and if a straight line results the failure free period is as estimated and theremaining parameters may be estimated from the plot. If another curve is producedthe process is repeated.

3.2.5 Treatment of Common Cause Failures

A Common Cause Failure (CCF) is the result of an event that, because of

dependencies, causes a coincidence of failure states in two or more separate

channels of a redundant system, leading to the defined system failing to perform itsintended function. CCFs can degrade the performance of any redundant system andare of particular concern when analysing protective functions. A number ofmathematical techniques exist for the treatment of CCFs, one of the simplest and

most practical is the Beta factor approach. In essence this assumes that , the total

failure rate for each redundant unit in the system, is composed of independent anddependent failure contributions as follows:

= c+ i

where i is the failure rate for independent failures

c the failure rate for dependent failures

The parameter beta () can then be defined as:

= c/

NB is also commonly used to represent the shape factor of the Weibull distribution, this is

not the same as used to describe the dependent failure fraction of common cause failures.

Thus beta is the relative contribution of dependent failures to total failures for theitem. The lack of available data relating to dependent failures of sufficient quality

necessitates the use of an estimation technique for beta, guided by a number ofparameter shaping factors (the subjective assessment of defensive mechanisms).Such a quantification method, known as the partial beta factor model may be appliedfor detailed assessment. A full description of the technique, including weighting

factors is presented in [20].

For a simpler approach a representative value ofmay be assumed between 0.01

(highly diverse components or systems) and 0.1 (similar components or systems).

3.2.6 Failure Rate Calculation using the OREDA Estimator

The OREDA handbook recognises that the data it presents are not taken from ahomogeneous sample. To merge these non homogenous data into a single multi

sample estimate with an average failure rate (point estimate of total number of failuredivided by aggregated time in service) is likely therefore to result in an unrealistically

short confidence interval. An approach referred to as the OREDA-estimator is

applied to derive a mean failure rate with associated upper and lower 90% confidencebounds. A description of the theoretical basis for the OREDA-estimator is given in [2].


16/26


OGP14

The handbook also gives point estimates of failure rate; the numerical differencebetween this and the OREDA estimator gives an indication of the degree of diversity in

failure rates between parts of the overall population.

OREDA recommends that the OREDA estimator be used when data are taken from this

source.

3.3 Calculation of on demand Failure Probability

The on-demand failure probability may be listed in the failure data source, e.g. OREDAor occasionally FARADIP. Section 3.4.1.1 illustrates how this is extracted from

OREDA. It is usually more appropriate, however, to calculate a specific probability offailure on demand for a given protective function. Typically such failures areunrevealed and must be detected by means of manual or automatic proof testing.

For a protective system having failure rate and proof test interval T, the probabilityof failure on demand or unavailability due to unrevealed failures is presented in Table3.1.

Table 3.1 Unrevealed Failure ProbabilityNumber of Units Required toOperate Number ofUnits1 2 3

1 T/2

2 2T2/3

3 3T3/4 2T2

4 4T4/5 3T3 22T2

3.4 Guidance Specific to the OREDA Handbook

3.4.1 Selecting Appropriate Data

The item selected from database must be appropriate in terms of fit to the systemunder analysis and in terms of data quality. Specifically, the following should beconsidered:

Technology: does the data correctly represent the equipment being assessed? Itmay be necessary for the analyst to provide or seek expert judgement. e.g. can datafor a diesel engine be used for a spark ignited engine?

Environment: will the environmental conditions influence the failure rate? OREDAdata are gathered offshore North Sea. This introduces specific failure mechanisms(saline environment, humidity, temperature), if transferring the data to another

environment additional failure modes and mechanisms may be involved.

Operational Mode: Equipment operated frequently in a standby mode (emergencygenerators, firewater pumps) will exhibit different failure modes and frequency

compared to equipment operating continuously.

Number of R ecorded Failures: Equipment with few recorded failures will have alarge uncertainty associated with their failure rate.

Population/Instal lations: It is desirable for data to be selected for equipment witha large population across a wide number of installations. This avoids data

representing localised effects or dominated by one design or manufacturer.


17/26


OGP 15

Time in Service: It is desirable for data to be selected for equipment with a longtime in service (calendar time). The operational time may be considerably less for

equipment that is normally on standby (e.g. firewater pumps).

3.4.1.1 Number of Demands

Where stated, this value can be used to derive an on-demand failure probability (but

note also that an on-demand failure probability is occasionally stated in the commentfield). For example, one selected data item (taxonomy code 1.3.2) has 7 recordedcritical failures for the mode fails to start on demand. The number of demands isgiven as 860, and hence the on-demand critical failure probability can be calculated as

7/860 = 0.008.

3.4.1.2 Repair Time

Repair times are stated in terms of active repair hours and repair manhours (min,mean and max). In general the active repair hours will be of most interest but thisfield is sometimes blank. In these instances and estimate can be made at 50% of the

repair manhours. Note that the active repair time does not include time for faultrealisation, spare parts or crew mobilisation or the impact of any applied maintenancestrategy or delays.


18/26


OGP16

4.0 Review of data sources4.1 OREDA Database and Handbook(s)

Originally initiated by the Norwegian Petroleum Directorate in 1981 to collect reliabilitydata for safety equipment, OREDA is a project organization sponsored by eight oilcompanies with worldwide operations. OREDA's main purpose is to collect and

exchange reliability data among the participating companies and to act as a forum forco-ordination and management of reliability data collection within the oil and gasindustry. OREDA has established a comprehensive databank of reliability andmaintenance data for exploration and production equipment from a wide variety ofgeographic areas, installations, equipment types and operating conditions. Offshoresubsea and topside equipment are primarily covered, but onshore equipment mayalso be included. The data are stored in a database, and specialized software has been

developed to collect, retrieve and analyze the information. A more recent addition tothe OREDA database is information pertaining to subsea equipment including controlsystems, flowlines, manifolds, production risers, templates, wellheads and Xmas treesamongst others. NOTE: access to the electronic database is restricted toparticipants in the OREDA program.A revised edition of this Handbook was released in October 2002 containing OREDAPhase IV (1993-96) and Phase V (1997-00) data. Reliability data collected and

processed in the OREDA project has been published in generic form in threeReliability Data Handbooks; 1984 (1st edition), 1992 (2nd edition) and in 1997 (3rd

edition). These handbooks contain reliability data on offshore equipment compiled ina form that can easily be used for various safety, reliability and maintenance analyses.

The project phases are reported in various handbooks as follows:

Phase I (1983 to 1985) published in OREDA 84 handbook

Phase II (1987 to 1990) published in OREDA 92 handbook. This handbook alsocontains the data collected during phase I

Phase III (1990 to 1992) published in OREDA 97 handbook

Phase IV (1993 to 1996) and Phase V (1997 to 2000) published in OREDA 2002

handbook

Note that the OREDA handbooks do not catalogue the data recorded in the electronicdatabase; instead they present the results of filters defined by the OREDA committee

that are believed to be representative of users needs.

OREDA-2002, -97 and -92 data equipment groups and the equipment items coveredare listed in Table 4.1.


19/26


OGP 17

Table 4.1 OREDA-2002, -97 and -92 Data CategoriesIn OREDA-ata Group(OREDA-2002and -97)

Equipment Items

200

2 97

DataGroup(OREDA-92)

Equipment Items

Machinery Compressors

Gas turbinesPumpsCombustion engines

Process

Systems

Vessels

ValvesPumpsHeat exchangersCompressorsGas turbinesPig launchers andreceivers

ElectricEquipment

GeneratorsMotors

ElectricalSystems

Power generationPower conditioning,Protection and circuitbreakers

Mechanical

Equipment

Heat exchangers

VesselsHeaters and boilers

Control andSafetyEquipment

Control logic unitsFire and gas detectorsProcess sensorsValves

SafetySystems

Gas and fire detectionsystemsProcess alarm sensorsFire fighting systemsESD systemsPressure relievingsystemsGeneral alarm andcommunication systemsEvacuation systems

SubseaEquipment

Common componentsControl systemsManifoldsFlowlinesIsolation systemsRisersRunning toolsWellhead and Xmastrees

UtilitySystems

Slop and drainagesystemsVentilation and heatingsystems

Hydraulic supply systemsPneumatic supplysystemsControl instrumentation

CraneSystems

Diesel hydraulicDiesel friction

Drillingequipment

DrawworksHoisting equipmentDiverter systemsDrilling risersBOP systemsMud systemsRotary tablesPipe handling systems


20/26


OGP18

4.1.1 OREDA Data Presentation

The OREDA handbook [1] presents the following data recorded for each equipmenttaxonomy class recorded.

BoundariesEach equipment item class has an inventory description provided at the start of therespective chapter. This should be examined carefully to identify equipment items for

the system under consideration that lie outside the defined OREDA boundary. Thesemust then be considered as separate items. An example of this would be acompressor or electrical generator where the prime mover is listed as a separate item.

Taxonomy codeThe taxonomy code gives an identification of the equipment item selected from thedatabase. It is good practice to record this code and to include it within calculationsas a reference for any data extracted.

PopulationTotal number of items under surveillance.

Aggregated time in service (calendar time)This is the total recorded observation time for the population.

Aggregated time in service (operational t ime)Total recorded observation time for the population when it is required to fulfil its

functional role. Note that this may be an estimated value.

Number of demandsTotal number of recorded demand cycles for the population. Note that this may be anestimated value.

Failure ModeThis column presents the recorded modes of failure for the equipment item, dividedinto severity classes critical, degraded, incipient and unknown. In general, only thecritical severity class failures need be considered i.e. those that cause an immediateand complete loss of an items function. Where an equipment item performs more than

one function (e.g. process and protective) it may be necessary to review each failuremode and identify the requirement to progress it into the risk calculation, either as an

aggregated failure rate value for the equipment item or as individual failure events. i.e.critical failures may include dangerous, non-dangerous and safe failures. Thesefailures may be critical to production but not to the equipments protective function.

Number of FailuresThis is the total number of failures aggregated across all modes. In general, the higherthe number of failures, the greater the confidence in the calculated failure rate.

Failure RateAll failure rates in the OREDA handbook are presented in terms of failures per millionhours. The following data are presented for each mode, calculated both in terms ofcalendar and operational time:

Mean: estimated average failure rate, calculated using the OREDA estimator see Section 3.2.6 for details

Lower, Upper: 90% confidence bounds for the failure rate SD: Standard deviation


21/26


OGP 19

n/T: Point estimate of the failure rate i.e. total number of failures divided by thetotal time in service

For most calculations it is recommended that the mean value (i.e. based on theOREDA estimator) is used. Note that the difference in value between the point

estimate and mean failure rate relates to the degree of diversity in the population.

4.2 MIL-HDBK-217F

The MIL-HDBK-217 handbook contains failure rate models for the various part typesused in electronic systems, such as integrated circuits, transistors, diodes, resistors,

capacitors, relays, switches, and connectors.

The handbook details two methods for reliability prediction, namely parts count andparts stress calculation. Parts count prediction is recommended during the design

phase of a project. It is simpler than parts stress and requires less detailedinformation. To calculate a system failure rate the following method is used:

For each component part of a system, a baseline failure rate value is selected from

tables based on the type of the part and the operating environment. This value is then

modified by multiplying by a quality factor, again selected from a table (e.g. military orcommercial specification). For microelectronics, a learning factor may also be applied.The overall system failure rate is then derived by summation of the parts failure rates;hence the title parts count. In general, parts count analysis will provide an adequate

estimate of a systems failure rate for use in QRA.

Parts stress analysis involves derivation of more multiplying factors that in turnrequire detailed analysis of the system.

4.3 FIDES

This is reliability standard created by FIDES Group - a consortium of leading French

international defence companies: AIRBUS, Eurocopter, Giat, MBDA and THALES. TheFIDES methodology is based on the physics of failures and is supported by the

analysis of test data, field returns and existing modelling. The FIDES Guide is a globalmethodology for reliability engineering in electronics. It has two parts, namely a

reliability prediction guide and a reliability process control and audit guide.

Its key features are:

Provides models for electrical, electronic, electromechanical components andsome subassemblies.

Considers all technological and physical factors that play an identified role in aproduct's reliability.

Considers the mission profile.

Considers the electrical, mechanical and thermal overstresses.

Failures linked to the development, production, field operation and maintenance

processes.

4.4 EPRD-97 and NPRD-95

The databases EPRD-97 (Electronic Parts Reliability) NPRD-95 (Non Electronic PartsReliability) were developed by the United States Department of Defense ReliabilityInformation Analysis Center (RIAC). The EPRD-97 database contains failure rate data

on electronic components, namely capacitors, diodes, integrated circuits,optoelectronic devices, resistors, thyristors, transformers and transistors. The NPRD-


22/26


OGP20

95 database contains failure rate data on a wide variety of electrical,electromechanical and mechanical components. Both databases contain data

obtained by long-term monitoring of the components in the field. The collection of thedata was from the early 1970s through 1994 (for NPRD-95) and through 1996 (forEPRD-97). The purposes of the both databases are to provide failure rate data oncommercial quality components, provide failure rates on state-of-the-art componentsto complement MIL-HDBK-217F by providing data on component types not addressed

therein.

4.5 PDS Data Handbook

The PDS Data Handbook provides reliability data estimates for components of controland safety systems. Data for field devices (sensors, valves) and control logic

(electronics) are presented, including data for subsea equipment. The data are basedon various sources, including OREDA and expert judgement. Some values for factors for analysis of common cause failures are also presented.

4.6 FARADIP IIIFARADIP (Failure RAte Data In Perspective) is an electronic database that presentsdata concatenated from over 40 published data sources. It provides failure rate data

ranges for a nested hierarchy of items covering electrical, electronic, mechanical,pneumatic, instrumentation and protective devices. Failure mode percentages are

also provided.

4.7 IEEE 493-1997

The objective of this book is to present the fundamentals of reliability analysis appliedto the planning and design of industrial and commercial electric power distribution

systems. The intended audience for this material is primarily plant electricalengineers. It includes a summary of equipment reliability data under the followingheadings:

Mechanical and electrical equipment reliability and availability data collectionconducted between 1990 and 1993

Equipment reliability surveys (19761989)

Equipment reliability surveys conducted prior to 1976

4.8 Sintef Reports, SubseaMaster and WellMaster

ExproSoft is a spin-off of the Norwegian Research Institute SINTEF, and has acquiredall commercial rights to reliability databases previously operated by this institute.These products have since been refined and extended, creating integrated reliability

database and analysis tools for the upstream sector.

A study (JIP) on reliability of well completion equipment (Wellmaster Phase III) wascompleted by SINTEF in November 1999. This has resulted in a database of wellcompletion equipment, with a total of 8000 well-years of completion experience

represented.

A subsea equipment reliability database project was completed by ExproSoft in late2000 (Phase I). This project, led to the development of the SubseaMaster database and

software version 1.0. Phase II of SubseaMaster was launched as a joint industry

project in May 2001. and was completed in April 2003.

ExproSoft sell copies of the Sintef reports referred to in this datasheet.


23/26


OGP 21

5.0 Recommended data sources for further informationThe text book Functional Safety a Straightforward Guide to IEC61508 [16] presentsbackground theory and a number of worked examples including fault trees andanalysis of common cause failures.

Layer of Protection Analysis Simplified Process Risk Assessment [17] also presentsworked examples together with some specimen reliability data.

Background reliability theory can be found in Practical Reliability Engineering [18] and

Reliability, Maintainability and Risk[2]. The latter also contains some reliability data from

FARADIP [14]

Reliability Technology[19] contains (older) reliability data from the nuclear industry.

6.0 References1. OREDA Participants, OREDA 2002 HandbookISBN 82-14-02705-5.

2. Dr David J Smith, Reliability, Maintainability and Risk Sixth edition, ISBN 0-7506-5168-7, 2001.

3. SINTEF, Reliability of Surface Controlled Subsurface Safety Valves, 21/2/1983, STF18A83002.

4. Holand, P.: Subsea BOP Systems, Reliability and Testing. Phase V. STF75 A89054ISBN 82-595-8585-5, 1989).

5. Holand, P.: Reliability of Surface Blowout Preventers (BOPs) STF75 A92026 (ISBN 82-595-7173-0), 1992.

6. SINTEF; Reliability of Surface Controlled Subsurface Safety Valves, Phase IV - MainReport 1991 STF75 A91038.

7. Holand, P.: Reliability of Subsea BOP Systems for Deepwater Application, Phase II

DW.(Unrestricted version). STF38 A99426 (ISBN 82-14-01661-4), 1999.8. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Wellmaster Database,

ongoing.9. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Subseamaster

Database, ongoing.10. US DoD, Reliability Prediction of Electronic Equipment, MIL-HDBK-217F, Notice 2 1995.

11. Non-Electronic Part Reliability Data 1995 (NPRD-95), Reliability Analysis Center, POBox 4700, Rome, NY.

12. Electronic Part Reliability Data 1997 (NPRD-97), Reliability Analysis Center, PO Box4700, Rome, NY.

13. Reliability Data for Safety Instrumented Systems - PDS Data Handbook, 2006 Edition,Sydvest, Trondheim, Norway.

14. FARADIP (FAilure RAte Data In Perspective), Maintenance 2000 Limited,Broadhaugh Building, Suite 110, Camphill Road, Dundee DD5 2ND 1987 onwards.

15. Institute of Electrical and Electronics Engineers IEEE 493-1997, RecommendedPractice for the Design of Reliable Industrial and Commercial Power Systems (GoldBook).

16. Smith & Simpson, Functional Safety, ISBN 0-7506-5270-5, 2001.17. Center for Chemical Process Safety, Layer of Protection Analysis, ISBN 0-8169-0811-

7, 2001.18. OConner, P, Practical Reliability Engineering, ISBN 0-471-95767-4, 1996.

19. Green & Bourne, Reliability Technology, ISBN 0 471 32480-9, 1981.20. Brand, VP, UPM3.1: A pragmatic approach to dependent failures assessment for

standard systems, ISBN 085 356, 1996.


24/26


25/26

For further information and publications,please visit our website at

www.ogp.org.uk


26/26

209-215 Blackfriars RoadLondon SE1 8NLUnited KingdomTelephone: +44 (0)20 7633 0272Fax: +44 (0)20 7633 2350

165 Bd du Souverain

4th FloorB-1160 Brussels, BelgiumTelephone: +32 (0)2 566 9150Fax: +32 (0)2 566 9159

risk assessment data directory

Documents