Professional Documents
Culture Documents
a b s t r a c t
Layer of protection analysis (LOPA) is a semi-quantitative method that assesses the risk of an accident scenario in
the process industry. The calculation is similar to an event tree principles applied to a single worst case scenario.
However, process risk assessment requires to include all spectrum of possible accidents that subsequently may
exceed the company risk tolerance level. In order to obtain more appropriate and accurate analysis the complete
accident scenario model need to be used. This is the best provided by a “bow-tie” approach being a composition of
fault and event tree. The quantitative application of the “bow-tie” model is proposed in the methodology of LOPA.
Such an approach increases benefits in the risk management process. Further part of this paper focuses on the
application of fuzzy logic system (FLS). It enables to cope with the lack of knowledge of reliability data that describe
probabilities of initiating events (causes) and safety functions. The “bow-tie” model as well as the application of
fuzzy logic may affect the simplicity of traditional LOPA. However, it can be solved by appropriate computer-aided
analyses. The case study of a typical hexane distillation unit illustrates the application of the proposed method.
© 2011 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
Keywords: Fuzzy logic; Fault and event tree analysis; “Bow-tie” accident scenario model; Layer of protection analysis;
Risk analysis; Process risk assessment
∗
Corresponding author. Tel.: +48 426313745; fax: +48 426313745.
E-mail address: markows@wipos.p.lodz.pl (A.S. Markowski).
Received 8 November 2010; Received in revised form 21 April 2011; Accepted 28 April 2011
0957-5820/$ – see front matter © 2011 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
doi:10.1016/j.psep.2011.04.005
206 Process Safety and Environmental Protection 8 9 ( 2 0 1 1 ) 205–213
Nomenclature
Risk analysis methods
“Bow-tie” analysis ETA event tree analysis
ET event tree FTA fault tree analysis
FT fault tree HAZOP hazard and operability study
MCS minimum cut set LOPA layer of protection analysis
FIS fuzzy inference system
FL fuzzy logic Safety systems
FLS fuzzy logic system Ads automatic deluge system
Fb fire brigade
Consequences assessment Fea fatalities in the exposed area
E effectiveness
FP flash point Subscripts
Q amount of release i,j,. . .,k number of IE in minimal cut set in FT
TR time of response m number of OE in ET
n number of MCS in FT
Events (E) o number of SFs
ECE external conditioning event p number of ECEs
ICE internal conditioning event
IE initiating event
IPL independent protection layer
LE loss event
OE outcome event
This idea, which is the object of interest in this paper, was
SF safety function
used in the Aramis project (Dianous and Fievez, 2005) and
TE top event
later in our previous work. However, the presented approach
is extended to the complete accident scenario which takes
Frequencies, probabilities
into account all identified initiating events as well as all pos-
FE frequency of failure of “E” event
sible consequences of the analyzed loss event. The simplified
PE probability of failure of “E” event
scheme of this model is shown in Fig. 2.
Hazards Classical LOPA is a risk estimation method which consid-
FF flash fire ers the calculation of the mitigated frequency (F) as a result of
II immediate ignition activation of all independent protection layers (IPLs), whereas
LI late ignition the severity of the consequences (S) of a top event is assessed
PF pool fire in a traditional manner using the look-up tables developed
VCE vapor cloud explosion by LOPA book (CCPS, 2001) that provide the unmitigated cate-
gory of severity based on the substance type and the release
Linguistic terms for fuzzy frequency numbers amount, determined by an expert opinion.
R remote In our approach the evaluation of the frequency of a
U unlikely particular scenario and the severity of the consequences is
VL very low attempted in a different way. It is assumed that the miti-
L low gated frequency is influenced by the prevention and protection
M moderate safety measures (IPL I and IPL II) only, while the severity of
H high the consequences is decreased by safety measures located in
VH very high the mitigation layer (IPL III). It means that the safety systems
EH extremely high located in a multilayer of protection have different functions.
This approach is illustrated in Fig. 3 (Markowski, 2006).
Risk analysis
AS active system
CR community response
F frequency
P probability C
O
R risk
N
S severity of the consequences C S
S0 severity of the consequences without AS and A E
CR U Q
Loss event
S U
SRI severity reduction index E E
S N
Risk categories C
A acceptable E
S
TA tolerable acceptable
TNA tolerable not acceptable Fault tree Event tree
NA not acceptable
Fig. 1 – General idea of “bow-tie” model.
Process Safety and Environmental Protection 8 9 ( 2 0 1 1 ) 205–213 207
IPL I
IEn IPL III OEm
... TE IPL II ... OE
IE1 OE1
ICE ECE
The mitigated frequency of the top event (FTE ) is calculated ment of the particular accident scenario (Markowski et al.,
on the basis of a minimal cut set equation of the fault tree 2009).
(MCSFT )—Eq. (1).
FIE F
Traditional
SCENARIO
ACCIDENT
method
RISK
S MATRIX
FIE F
Proposed
SCENARIO
ACCIDENT
method Legend
RISK
S0 S MATRIX
F
S = S0 - SRI
S
Fault tree
Fuzzy TE
frequency
fFTA
IEn
Fuzzy numbers scale ...
Part 1 for frequency IPL I Calculations fFTE
IE1 according to
MCSFT
Choice of linguistic term
for identified IEs and IPL I ICE
Output fuzzy
frequencies
Event tree
fFOEn
Fuzzy TE Fuzzy frequency
frequency result
fETA
IPL III OEn
Part 2 ... II
IPL ... ... fFOE
fFTE Calculations
according to OE1
MCSET
(2009), Markowski et al. (2010), Pokorádi (2010) and Singer traditional variable. Then, according to MCSFT , with the use
(1990). of fuzzy arithmetic operations (addition and multiplication),
fuzzy frequency of TE is calculated.
4. Fuzzy “bow-tie” LOPA Subsequently, this value (FTE ) is used in the second part
of the method. Similarly, fuzzy numbers for variables which
4.1. “Bow-tie” frequency represents SFs in II and III IPL are chosen by expert, based on
data provided by traditional LOPA. The probability of external
The complete accident scenario described in detail with the conditioning event (ECE) is given by a traditional variable. OEs
use of the “bow-tie” model is applied to LOPA. The methodol- frequencies are calculated according to MCSET , with the use
ogy of FL application to the “bow-tie” accident scenario model of fuzzy arithmetic operations (multiplication).
is presented in Fig. 4. The outcome events’ frequencies of each path of ET are
To calculate a fuzzy frequency of each OE according to Eqs. defuzzified developing crisp values.
(1) and (2) the normalized fuzzy numbers scale is applied as is All OEs’ frequencies are added together and the combined
shown in Fig. 5. mitigated frequency FOE for all paths representing loss event
The proposed fuzzy “bow-tie” LOPA method can be divided scenario is obtained (CCPS, 2001).
into two parts. The first one is based on the fault tree analysis
and leads to the top event or loss event and the second one,
based on the event tree analysis, leads to the outcome event. 4.2. Severity of the consequences
Firstly, an expert selects the fuzzy number for each variable
which represents IEs and safety functions (SFs) in I IPL. The The severity of the consequences is calculated based on LOPA
probability of internal conditioning event (ICE) is given by a book look-up tables (CCPS, 2001). They provide the category of
Remote Unilkely Very low Low Moderate Fairly high High Very high Extremely
(R) (U) (VL) (L) (M) (FH) (H) (VH) high (EH)
Degree of membership
0.5
0 -7
10 10-6 10-5 10
-4
10
-3
10
-2
10
-1
10
0
10
1
V1 PI LCV-06
TO HEXANE
06 COLUMN
FEED P-07 FO
PUMPS
P-06
Conditioning Safety
Initiating event (IE) Intermediate event (IE) Top event (TE) enCE Outcome event (OE)
event (CE) function (SF)
deluge system
exposed area
Late ignition
Fire brigade
Fatalities in
Immediate
Automatic
ignition
A Failure of
PI-08
Failure of over-
pressure protect.
B Failure of
PSV-02
Fire extinguished
(OE1)
YES
C Loss of water
Condenser Loss of
G
rupture cooling Fire extinguished
Condenser Process upset YES (OE1)
YES
failure failure
NO
H Fouling
Pool fire and
fatalities (OE2)
YES
NO
D Failure of
TT-01 NO
hexane release
Pool fire (OE2b)
Catastrophic
E Failure of Overheating Overpressure
TCV-01
Failure of Spill /
I
TIC-01 dispersion (OE3)
Failure of YES
control systems
Failure of
J M Corrosion VCE / FF and
TAH-01 YES
fatalities (OE4)
YES
NO
Failure of Mechanical
F N Material defect NO Vapour cloud
LCV-02 failure NO
Failure of explosion /
K Overfilling flash fire (OE4b)
check valve V1
Outflow
O Human error
blockage
Failure of NO Spill /
L dispersion (OE3)
pump P-06
As an output of fuzzy risk matrix, fuzzy risk set and its vapour cloud explosion (VCE) or flash fire (FF) when late igni-
defuzzified crisp value are obtained for the combined outcome tion (LI) takes place.
frequency (FOE ) and the highest severity of the consequences The minimal cut sets equations of TE and OEs obtained
(S). These are the results of the analysis. from the “bow-tie” model are as follows.
MCSTE = ABC + ABG + ABH + ABD + ABE + ABIJ
5. Case study of the accident scenario in a
distillation unit + ABFK + ABFL + M + N + O (4)
A TA TNA NA
Degree of membership
1
Risk levels:
0.83 A - acceptable
TA- tolerable acceptable
0.5 TNA - tolerable not acceptable
NA - not accpetable
0.17
0
0 1 2 3 3,17 4 5
safety goal
Human
Table 3 – Standard probability numbers for CEs.
error
10−2
Symbol Conditioning event (CE) Probability
FH
F
value
Material
N
defect
LI Late ignition 0.5
10−2
FH
Enabling CE Staff in affected area 0.5
F
Fatalities 0.5
Corrosion
M
10−2
analyze all identified accident scenario paths and to estimate
FH
F their frequencies.
The frequencies of outcome events and the combined fre-
Failure of
P-06
10−1
in which there are no losses are not taken into consideration.
H
P
10−1
H
P
Failure of
the second to react and provide relief for a rescue action – fire
Symbol
10−2
FH
P
10−1
10−1
TT-01
Table 2 – Fuzzy frequency/probability numbers for IEs.
10−2
FH
application
Loss of
C
water
PI-08
considered.
Table 7 gives the results with the applied additional safety
IE
As can be seen, the satisfactory effect is obtained for the by expert to convert them into specific, precisely determined
Cases 2 and 3. In both of them the additional ignition con- outputs.
trol measures are applied. Further reduction of the risk index The presented case study proves that calculations with the
requires more research to obtain an acceptable risk level (A- use of fuzzy logic provides more realistic value of risk index
TA). and offers an advantage with respect to the traditional single
point estimate. Besides, fuzzy logic may be quite successful
6. Conclusions in precise determination of additional safety measures which
are essential to achieve the safety goal.
Among different qualitative models used for the presentation The proposed hybrid approach (“bow-tie” model, fuzzy
of accident scenario, the “bow-tie” approach is considered to logic and LOPA) enhances management of the protection lay-
be the best pictorial display of the relations between the vari- ers, however, it requires the application of computer-aided
ous hazards (causes), enabling events, safety systems and the analyses which may be in conflict with a simplicity of LOPA.
consequences. This model can introduce entire set of path
events which can be used for all possible accident scenarios.
References
This is a basis for the identification of the safety systems and
tasks which control the worst case accident scenario as well
Bowles, J.B., Pelaez, C.E., 1995. Application of fuzzy logic to
as other contributing scenarios. Such an approach increases reliability engineering. Proc. IEEE 80 (3), 435–449.
benefits in the risk management process. CCPS, 2001. Layer of Protection Analysis: Simplified Process Risk
A quantitative application of the “bow-tie” model carries Assessment. AIChE.
obvious weaknesses which are met in the quantitative fault Dianous, V., Fievez, C., 2005. ARAMIS project: A more explicit
and event tree analysis. In majority, it concerns the input reli- demonstration of risk control through the use of bow–tie
diagrams and the evaluation of safety barrier performance. J.
ability data that may not be available or may be imprecise and
Hazard. Mater. 130, 220–233.
vague.
Dubois, D., Prade, H., 1980. Fuzzy Sets and Systems—Theory and
The lack of knowledge and the encountered uncertainties Applications. Academic Press.
may be successfully improved by the fuzzy logic application. It Fussell, J.B., Vesely, W.E., 1972. A new methodology for obtaining
enables the usage of uncertain, qualitative input data provided cut sets for fault trees. Trans. Am. Nucl. Soc. 15 (1), 262–263.
Process Safety and Environmental Protection 8 9 ( 2 0 1 1 ) 205–213 213
Markowski, A.S., 2006. Layer of Protection Analysis for the Markowski, A.S., Mannan, M.S., Kotynia (Bigoszewska), A., Siuta,
Process Industry. Polish Academy of Science (PAN), Branch D., 2010. Uncertainty aspects in process hazard analysis. J.
Lodz, ISBN: 483-86-492-36-8. Loss Prev. Proc. Ind. 23, 446–454.
Markowski, A.S., Mannan, M.S., 2008. Fuzzy risk matrix. J. Hazard. Pokorádi, L., 2010. Application of fuzzy set theory for risk
Mater. 159, 152–157. assessment. J. KONBiN 2–3 (14/5), 1895–8281.
Markowski, A.S., Mannan, M.S., 2009. Fuzzy logic for piping risk Singer, D., 1990. A fuzzy set approach to fault tree and reliability
assessment (pfLOPA). J. Loss Prev. Proc. Ind. 22, 921–927. analysis. Fuzzy Sets Syst. 34, 145–155.
Markowski, A.S., Mannan, M.S., Bigoszewska, A., 2009. Fuzzy logic Yen, J., Langari, R., 1999. Fuzzy Logic, Intelligence Control and
for process safety analysis. J. Loss Prev. Proc. Ind. 22, 695–702. Information. Prentice Hall PTR, Upper Saddle River, NJ.