You are on page 1of 5

SENG 312

Exam 1

February 21, 2012

System Safety Engineering, Exam 1, Solutions


For full or partial credit, show all work and state assumptions and approximations.
1. Briefly describe hazard identification and analysis in the design phase of system
development within the following:
a. Contribution of the inherently safety design (ISD) approach
The contribution of ISD is primarily the reduction or elimination of hazards.
b. Contribution of the management of change (MOC) approach
MOC checks a change for: a) introduction of new hazards
b) effects on operability or system performance
c. State the primary contribution of PHL (preliminary hazard list) to the overall
system safety hazard identification and characterization approach.
A PHL uses checklists to identify well-known hazards of similar systems as a starting point for
the PHA (preliminary hazard analysis).
d. State 3 categories of system information produced by PHA (preliminary hazard
analysis) but not produced by PHL.
1) New hazards (beyond the PHL hazards) identified through analysis of the specific system
2) Causal factors based on system analysis
3) Risk assessment (IMRI, FMRI),
4) Mitigation measures (to reduce mishap consequences)
5) System safety requirements, SSR (to guide further development of system design)

e. Compared to a PHA, state the type of risk-reduction mitigation methods that are
possible in a SSHA (subsystem hazard analysis).
A SSHA traces hazards and causal factors analyzed in PHA to specific subsystem components
or assemblies to identify specific risk reduction actions. Identify new hazards and therefore
mitigation actions based on more detailed and localized analysis within each subsystem.
f. Define IMRI (initial mishap risk index) and how it is related to causal factors.
IMRI is the initial risk estimate from the system design where mishap probability is estimated
from causal factors.
g. Define FMRI (final mishap risk index) and how it is related to SSRs (safety
system requirements)
FMRI is the second risk estimate following suggestions for mitigation measures that can be
converted to SSRs if they are judged to be cost effective and they pass the MOC test.
1/4

SENG 312

Exam 1

February 21, 2012

2. Event tree analysis


a. Consider the storage tank system for a flammable liquid as shown in the figure below.
Note that the overall system includes a level control with alarm subsystem, which is
to be analyzed to the detail of 3 safety components or functions shown below. Use
the plant probability of failure on demand data for the 3 functions shown below.
i. LI level indicator connected to a high-level alarm
ii. FIC flow indicator: flow valve controlled by operator
iii. LIC level indicator/controller: high-level switch (open/close solenoid valve to stop
flow of input liquid)
Function
B
C
D

Description
Probability of failure on demand
High-level alarm
0.01
Operator stops flow
0.1
High-level switch system
0.01

b. Develop and sketch an event tree for this system with the Initiating Event =
failure of the liquid level indicator (LI for liquid levels that exceed LC and
initiates the high-level alarm to alert the operator). Place the three safety functions
from left to right in the order given above, B, C, D, at the top of your event tree.

2/4

SENG 312

Exam 1

February 21, 2012

c. Working from left to right in the event tree, calculate the probability for each event
(succeed, up or fail, down), including the final events (safe or overflow) in the event
tree. Write these probability values on the event tree.
See event tree.
d. Place the initiating event frequency = 4/year on the event tree. For each final event of
your tree, calculate the event frequency and write each frequency value next to the
corresponding final event probability on the event tree.
See event tree.
e. For each final event category (stable system or overflow mishap) calculate the total
frequency (#/year) of all scenarios leading to that event category.
1. Total frequency of category, stable system events:
Stable system: Total Freq = 3.564 + 0.392 + 0.036 + 0.00396 = 3.996/yr ~ 4.0/yr
2. Total frequency of category, overflow events:
Overflow: Total Freq = 0.00396 + 4 x 10-5 ~ 0.00400 ~ 0.004/yr
f. For the liquid overflow of the flammable liquid event category, assume that a fire results
with probability = 1 following overflow of the flammable liquid. For this mishap, select
a reasonable consequence severity (I IV) with regard to system equipment.
Consequence severity = II
g. Using the 4 severities (I IV), 5 probabilities (A E) risk matrix type (MIL STD 882),
estimate a risk value for the liquid overflow scenario from your information. Select
reasonable criteria for tolerable risk levels for your organization and compare the risk
criteria with the estimated risk value for the flammable liquid overflow scenario.
Probability = C; Risk = Unacceptable
h. Propose a measure that could be taken or a safety function that could be added to
lower the probability of liquid overflow and following fire. Estimate the resulting
risk following implementation of this measure.
Redundancy of backup of the high-level switch, high-level alarm, or valve, or solenoid would
reduce the probability from C to D (or E) for example. Risk is reduced from unacceptable to
acceptable-with-waiver or through unacceptable-with-waiver to acceptable (tolerable).
i. Propose a measure or a safety function to lower the severity of liquid overflow and
fire. Estimate the resulting risk following implementation of this measure.
Provide containment for leaking fluid (overflow tank). Use fluid with lower flammability
(lower vp, etc.).
3/4

SENG 312

Exam 1

February 21, 2012

3. Consider the following equation:

PF 1

OC
U

where PF = probability of failure, OC = overall costs, and U = value of favorable outcomes


a. Describe or explain this equation.
Is the system operation worth the risk? This is the worthiness of risk equation with the equal
sign indicates the break-even point with the costs (due to operating costs and upset damages) and
value are equally balanced. The < sign indicates that the U or total value of the outcomes
outweighs the overall costs of the system or process so the failure probability is lowered for
system risk that is cost effective and can yield a profit.
b. State the purpose or usefulness of this equation for risk analysis and system safety
engineering:
This equation is a model that helps to decide whether the risk of system operation is acceptable
and what factors of OC and U could be adjusted (OC lower and U increased) to result in safer
and more cost effective system operation.

4. Performance measurements
a. Define leading indicators, provide an example, and state the usefulness to
estimate level of safety at your plant.
Leading indicators are upstream measures that represent signs prior to loss incidents and that
help to maintain and improve a plant safety program to prevent or reduce loss incidents and limit
their severities. Among the many examples are audit reports, investigation reports of underlying
and root causes, contractor safety records, near miss investigations and reports, implementation
of safety recommendations, safety meeting records, and employee retraining assessments.
b. Define trailing indicators, provide an example, and state the usefulness to
estimate quality of safety performance at your plant.
Trailing indicators are downstream measures that represent loss incidents that result from and
indicate the health and performance of the plant safety program. Among the numerous possible
examples are equipment failure rates, mishap rates, down frequencies, injuries, and lost
workdays. The usefulness of trailing incidents is from lessons learned that can be used to
improve the plant safety program as indicated by reduced values of the trailing indicators.
c. State the value of tracking near-miss events or unusual occurrences. State why
near-miss incidents are examples of upstream indicators, examples of downstream
indicators, or examples of both upstream and downstream indicators.
Investigation of near-miss events or unusual occurrences is an effective way to help maintain and
improve safety continually to avoid costly mishaps. They are both upstream of costly events and
also downstream events that indicate areas of weakness that need attention in system operation.
4/4

SENG 312

Exam 1

5/4

February 21, 2012