PROCESS SAFETY 6:

FAULT TREES

Problem:
1) How do we develop a fault tree for a specific
hazardous event?
2) How do we evaluate the likelihood of this event
occurring?

Based on: Crowl & Louvar, Chemical Process Safety,

Chapter 11.

4/30/99 Safety 6. Fault Trees 1

 BASIC PROCEDURE

u Identify critical events, i.e., accidents

u Work backward to determine intermediate events which
lead to the critical events
u Continue this process until we arrive at the basic events,
i.e., equipment faults that are the bottom level of the tree
of events
u Assess the probability of each of these basic events
u Evaluate the probability of the critical events, i.e., the
MTBF, by working upward through the tree
u If the MTBF is not acceptable, modify the design.
4/30/99 Safety 6. Fault Trees 2
 DESIGN MODIFICATIONS

u Modify basis process design to eliminate the least

reliable components. Examples:
ð Eliminate a pump by revising the pressure rundown
ð Upgrade instrumentation choices
u Add redundant components. Examples:
ð Spare pumps
ð Parallel control valves
u Add safety response features. Example:
ð Purge system
u Add additional features to the safety interlock system

4/30/99 Safety 6. Fault Trees 3

 TANK LEVEL
CONTROL:
VERSION 1

LM-1
LM
T-01

LC LC-1

CV-1
P-01
4/30/99 Safety 6. Fault Trees 4
 FAULT TREE FOR VERSION 1

HIGH
LEVEL

OR

OR

CV-1 LM-1 LC-1 P-01

4/30/99 Safety 6. Fault Trees 5

 MTBF Calculation #1

Failure One year

Component rate (#/yr) reliability R(1)
CV-1 0.6 0.549
LM-1 1.7 0.183
LC-1 0.29 0.748
P-01 5.0 0.00674

Reliability of Control Loop = (0.549)(0.183)(0.748)

= 0.0751
Reliability of Version 1 = (0.0751)(0.00674) = 0.000506
µ = - ln(0.000506) = 7.6; MTBF = 0.13 yr (1.6 mo)
4/30/99 Safety 6. Fault Trees 6
 TANK LEVEL
CONTROL:
VERSION 2

LM-1
T-01 LM

LC LC-1

Add spare pump CV-1

P-01 A&B
4/30/99 Safety 6. Fault Trees 7
 MTBF Calculation #2

Failure One year

Component rate (#/yr) reliability R(1)
CV-1 0.6 0.549
LM-1 1.7 0.183
LC-1 0.29 0.748
P-01 A&B 5.0 0.00674
Reliability of Control Loop = (0.0751) [from Version 1]
Reliablity of pumps = 0.00674 + 0.00674 - (0.00674)2
= 0.0134
Reliability of Version 2 = (0.0751)(0.0134) = 0.001006
µ = - ln(0.0134) = 6.9; MTBF = 0.145 yr (1.7 mo)
4/30/99 Safety 6. Fault Trees 8
 CONCLUSIONS - VERSION 2

Adding a spare pump does not do much for the

overall reliability. However, this analysis assumes
that both pumps are running all the time. This is
not the usual case in practice. P-01B would be off
while P-01A is running. When P-01A fails, P-01B
would be started and P-01A repaired and put back
in service, probably as the spare to P-01B until it
fails.
This is a more complicated situation since it is the
probability that P-01B will start and will keep running
until P-01A is repaired and made available for use.
4/30/99 Safety 6. Fault Trees 9
 SV-1 TANK LEVEL CONTROL
WITH INTERLOCK SYSTEM
HH Level

PLC
LM-1
LM
LM-2 LM
T-01
LC-1
LC

CV-1
P-01 A&B
4/30/99 Safety 6. Fault Trees 10
 MTBF Calculation #3

Failure One year

Component rate (#/yr) reliability R(1)
SV-1 0.42 0.657
LM-2 1.7 0.183
PLC 0.1 0.905
Reliability of Interlock System = (0.657)(0.183)(0.905)
= 0.109
Reliability of Version 3 = 0.001006 + 0.0134 -
(0.001)(0.134)
= 0.0144
µ = - ln(0.0134) = 4.2; MTBF = 0.236 yr (2.8 mo)

4/30/99 Safety 6. Fault Trees 11

 CONCLUSIONS - VERSION 3

Installing an interlock system increases the MTBF from 1.7 mo

for Version 2 to 2.8 mo for Version 3. While this is a 60%
improvement, it is still unacceptable. The weak component in
the control loop and the interlock system is the level meter.
We can either
ð Install redundant level meters or
ð Upgrade to meters of higher reliability if available

4/30/99 Safety 6. Fault Trees 12