Process Safety and Environmental Protection 163 (2022) 82–93

Contents lists available at ScienceDirect

Process Safety and Environmental Protection

journal homepage: www.elsevier.com/locate/psep

Resilience assessment framework for fast response process systems

Bhushan Pawar, Mitchell Huffman, Faisal Khan, Qingsheng Wang
⁎
]]
]]]]]]
]]

Mary Kay O’Connor Process Safety Center, Artie McFerrin Department of Chemical Engineering, Texas A&M University, College Station, TX 77843-3122, USA

a r t i cl e i nfo a bstr ac t

Article history: Resilience is essential to ensure safe and sustainable process operations. It plays a critical role in enabling
Received 29 March 2022 operations in the remote and extreme environments encountered during operations held offshore or in the
Received in revised form 28 April 2022 Arctic. Resilience is a property of the process or system, and considers three distinct characteristics: ab­
Accepted 6 May 2022
sorption, adaptation, and recovery. This work proposes a resilience assessment framework of process
Available online 13 May 2022
systems with fast responses, such as reaction systems. The three characteristics are modelled using system
design variables with covariate consideration. Subsequently, these three characteristics are integrated to
Keywords:
Resilience assess resilience. To enhance the resilience, design changes and operational interventions are explored. The
Reliability and maintainability proposed framework is explained using the assessment of an autocatalytic reactor as a case study. A thermal
Chemical process systems runaway reaction is modelled for resilience, and operational intervention strategy such as adding inhibition
Mathematical modeling is tested to enhance the resilience of the reactor. It was concluded that as the inhibitor injection time was
decreased from 5.8 min to 1 min, the value of the proposed resilience metric increased from 0.7 to 0.9. This
case study confirms the applicability and effectiveness of the proposed framework.
© 2022 Institution of Chemical Engineers. Published by Elsevier Ltd. All rights reserved.

1. Introduction construction, and electricity distribution (Aidoo et al., 2022;

Resilience is essential to sustain the safe operation of process
systems in industry. The frequent disturbances and uncertainties in
process systems due to natural disasters, human errors, or technical
failures can lead to major economic and human losses. Therefore,
process industries are keen to make their systems resilient to all
types of disruptions. By enhancing the resilience of process systems,
losses can be minimized, and profitability can be maximized.
Therefore, there has been an increasing focus on research seeking to
enhance the resilience of process systems. This relatively new field is
often referred to as resilience engineering. A resilient system should
absorb, adapt to, and recover from disruptions. The term ‘resilience’
is still not defined very clearly from an engineering perspective,
however. Most of the work about resilience has been performed by
social scientists and urban planners. Because of this ambiguity, re­
silience is very difficult to assess mathematically. There are two
major challenges: proposing an appropriate definition for the term
‘resilience’ in the context of the system under consideration and
performing the resilience assessment of a system using system
parameters or variables.
These challenges have been addressed from various research
domains such as aviation, health care, railways, manufacturing,
⁎
Corresponding author.
E-mail address: qwang@tamu.edu (Q. Wang).
Fernández-Hernández et al., 2019; Guo et al., 2020; Righi et al., 2015;
Wiig et al., 2020). Therefore, there are multiple definitions of resi­
lience available in the literature (Jain et al., 2018b). For instance,
Woods (2015) illustrated the concept of resilience as the ability to
rebound from trauma and achieve equilibrium, or the ability to
adapt to future surprises as the system conditions vary with time.
Perrings (2006) defined the resilience of economic systems as the
ability to withstand market or environmental shocks without losing
the capacity to supply essential goods and services. Hollnagel et al.
(2006) did pioneer work in defining resilience as an engineering
concept from a sociotechnical perspective, describing it as the ability
to resist change. These definitions were utilized by researchers to
conceptualize and assess resilience from an engineering perspective
(Azadeh et al., 2014, 2015; Jain et al., 2018a, 2018b, 2019; Moreno-
Sader et al., 2019; Salehi et al., 2020; Zarei et al., 2021). These defi­
nitions were then extended to process systems to illustrate the re­
sponse to a disruption. For instance, Jackson (2009) defined
resilience as the ability of a system to adjust its functioning before,
during, and following disturbances, so that it can sustain the re­
quired function under varying conditions. Similarly, Yarveisy et al.
(2020) characterized the resilience of a system based on three ca­
pacities: absorptive, adaptive, and restorative capacity. They pro­
posed these capacities based on the system’s behavior during the
intermediate period between disruption and restoration.

https://doi.org/10.1016/j.psep.2022.05.016
0957-5820/© 2022 Institution of Chemical Engineers. Published by Elsevier Ltd. All rights reserved.
B. Pawar, M. Huffman, F. Khan et al.
After a disruption, the performance of any process system tends
to decrease with time. If there are no safeguards or intervention
actions taken to impede the fall in performance, then the system will
not be functional after some time. However, a resilient system’s
performance may decrease after a disturbance, but will recover to its
initial performance level after a certain time period. Typically, any
resilient system goes through three phases after a disruption
(Azadeh et al., 2014, 2015; Abimbola and Khan, 2019; Salehi et al.,
2020; Yarveisy et al., 2020). These phases are typically referred to as
absorption, adaptation, and recovery. This classification of a system’s
performance into three phases is based on the system’s response to a
disruption. These phases are also dependent on socio-technical
factors such as teamwork, management, and communication, and
organizational factors such as equipment inspection, maintenance
backlog, and experience from past incidents (Baek et. al, 2015;
Bergström et. al, 2015; Patriarca et. al, 2018; Thomas et. al, 2019). In
prior literature, various frameworks have been proposed to quantify
resilience using such socio-technical factors. These frameworks
usually implement surveys to gauge the impact of socio-technical
factors on system’s resilience and propose a resilience metric based
on the data obtained through these surveys. The surveys are often
conducted with professionals from the chemical industry to de­
termine the important socio-technical factors pertaining to resi­
lience based on expert judgement (Azadeh et al., 2014, 2015; Yazdi
and Kabir, 2017; Jain et al., 2018a, 2018b, 2019; Moreno-Sader et al.,
2019; Rostamabadi et al., 2020; Salehi et al., 2020; Zarei et al., 2021).
After collecting the survey data, statistical techniques such as ana­
lytical hierarchy process and fuzzy logic are typically performed to
determine the factors that highly influence the system’s resilience
(Ahmed and Kilic, 2019). This process helps in prioritization, ulti­
mately improving intervention and restoration strategies.
Although the survey methodology begins to identify the factors
contributing to the system’s resilience, it tends to be subjective. This
is because the survey responses will depend on individual opinions
and experiences, which are subject to change. Therefore, there is a
need for a general framework for resilience assessment that is
strictly based on a system’s dynamics, properties, and historical data.
In this study, a general framework for resilience assessment is pro­
posed by modeling the system’s performance during the absorption,
adaptation, and recovery phases. Yarveisy et al. (2020) implemented
a similar approach by modeling the system’s performance using
reliability of the system to quantify the resilience capacities. Based
on this idea, models for the absorption, adaptation, and recovery
performance of the system were proposed using the reliability and
maintainability of the system.
In this proposed framework, the performance models and resi­
lience assessment are solely dependent on system dynamics, safety
constraints, and historical maintenance data. Therefore, this resi­
lience assessment lacks the ambiguity that is a major issue with
survey methodology. The performances for the three phases are
modeled using reliability and maintainability of the system.
Covariate models are used to model the failure and recovery rates of
the system as a function of the system’s operating variables. A re­
silience metric is proposed to quantify the system’s resilience based
on the performance models. This framework can also be used to
assess the resilience of a process system against a disruption for
different design configurations. A system’s design plays an im­
portant role in the intervention action of the system after a dis­
ruption. Using this framework, the resilience metric for different
design configurations can be analyzed by varying the design vari­
ables of the system, and the design with the maximum resilience can
be chosen. The applicability of the proposed framework is tested for
a batch reactor system with a thermal runaway condition.
83
Process Safety and Environmental Protection 163 (2022) 82–93
2. The proposed framework
A framework that models a process system’s performance after
the onset of a disturbance during the three phases of resilience is
proposed. Firstly, the operational variables that determine the safe
operating condition of the process are identified. Later, these vari­
ables are used to model the performance of the process system as a
dimensionless quantity whose magnitude indicates the level of
functionality of the system. Reliability and maintainability concepts
are used to define the performance function using covariate models.
Finally, this model is used to quantify resilience of the process
system. This framework is instrumental in determining the resi­
lience of a process system against a particular disturbance, shock, or
other changing condition. It can be used as a tool to test the resi­
lience of different system designs against various disturbances and
therefore make it easier to choose the most resilient design. All steps
involved in the framework are illustrated in Fig. 1 and are elaborated
in the following sections.
2.1. Identifying performance variables and defining failure
The idea of a resilient system implies that, in the event of a
disruption, the system will not go into a complete failure state. To do
so, an intervention action needs to be taken to continue the system
operation at a lower performance level and later recover the system
to its original performance level. The system’s performance is de­
termined by certain key variables, which also dictate the safety of
the system’s operation. In this framework, such variables are re­
ferred to as performance variables.
Performance variables are the operating variables that determine
the safe operation of the system. Performance variables of a system
have limits beyond which the system becomes unsafe to continue
operation. The system is in failure state if one or more performance
variables have values which are beyond these limits. Therefore, a
failure condition is defined based on the values of performance
variables. Consider a system with n performance variables denoted
by P1, P2, ....,Pn . Every performance variable has an upper and/or
lower limit for safe operation of the system. Therefore, for safe op­
eration of system,
Let F correspond to an event where the system is put into a
failure state. F can be represented as,
F : The event when Pi Pimin or Pi Pimax for any i .
Let Ai be the event when Pi Pimin or Pi Pimax for any i , then
F = {A1 A2 … An }
The criteria for choosing performance variables will depend on a
system’s dynamics and properties. For instance, chemical processes
usually have constraints on the process variables such as maximum
allowable pressure or temperature. Such constraints minimize the
probability of any incident and ensure that the operation can be
performed safely. The next step after defining the failure condition is
to model the system’s performance during the three phases.
2.2. Modeling system performance
After a disruption, a resilient system goes through three phases:
absorption, adaptation, and recovery, as shown in Fig. 2. The sys­
tem’s performance in each phase is distinct and contributes to the
overall resilience of the system. It is therefore necessary to model
the performance of the system during each of the three phases for
resilience assessment. There have been other studies that quantify
absorption, adaptation, and recovery performance of a system, but
B. Pawar, M. Huffman, F. Khan et al.
Fig. 1. The proposed framework for resilience assessment.
Fig. 2. A typical performance curve for a disrupted system.
they are highly dependent on expert judgement obtained through
surveys and questionnaires (Abimbola and Khan, 2019; Jain et al.,
2018a, 2018b, 2019; Moreno-Sader et al., 2019). In this paper, we
have focused on resilience assessment of the system considering
only the design and operational variables of the system. The system’s
performance (Q ) is modeled as a dimensionless quantity with a
magnitude between 0 and 1, as shown in Fig. 2. The value of Q prior
to disruption of the system is 1, which indicates that the system was
performing its function as expected. Q then decreases after the
disruption, indicating a drop in performance, and later increases
during the recovery phase. The following sections propose
84
Process Safety and Environmental Protection 163 (2022) 82–93
mathematical models for the system’s performance during all
phases, taking into consideration the theoretical definitions of ab­
sorption, adaptation, and recovery properties from previous lit­
erature.
2.2.1. Absorption performance modeling
Absorption has been associated with the property of resilience in
various research fields such as ecology, sociology, and civil infra­
structure (Henry and Emmanuel Ramirez-Marquez, 2012; Holling,
1973; Nan and Sansavini, 2017). It is defined as the ability of the
system to effectively absorb disturbances without affecting its per­
formance (Henry and Emmanuel Ramirez-Marquez, 2012; Pawar
et al., 2021). Ideally, a resilient system would absorb all disturbances
while maintaining a constant performance level without any need
for an intervention action. However, it is very difficult to design a
system that would absorb all disturbances. Therefore, a decreasing
performance is observed for most systems during the absorption
phase, as shown in Fig. 2. The decrease in the system’s performance
until the time of intervention determines the absorption capability
of the system (Yarveisy et al., 2020). A large reduction in the system’s
performance during the absorption phase implies that the absorp­
tion capacity of the system is low. Therefore, system design should
include minimization of the drop in system performance after a
disruption. In order to achieve this goal, it is important to quantify
the absorption capacity of the system. Yarveisy et al. (2020) pro­
posed simple and robust metrics for quantifying absorption capacity
using the concept of reliability. They defined the absorption capacity
B. Pawar, M. Huffman, F. Khan et al.
as the ratio of a system’s reliability at the time when intervention
begins to the reliability when disruption occurred.
A similar approach to Yarveisy et al. (2020) has been adopted to
model the absorption performance. After a disruption, the perfor­
mance variables deviate from their normal operating values or range
and approach their limits. As the performance variables approach
their limits, the probability of system failure increases, and the re­
liability of the system decreases. Ebeling (2004) defined reliability as
the probability that a system will perform its function for a given
period when used under stated operating conditions. The function of
the system is to continue its operation safely without going into a
failure state. Reliability incorporates the effects of disruption on the
system’s performance variables. Therefore, it can be used as a
measure of system performance during the absorption phase. The
absorption performance (Q abs ) is defined as,
Q abs (t) = R (t) t [t1, t2] (1)
R (t) is the reliability of the system after the disruption, t1 is the
time of disruption, and is the time at which intervention action is
taken to prevent system failure. If tF is the time when a system
failure event occurs, then
R (t) = Pr {t tF } (2)
Here, Pr {t tF } is the probability that the system will perform its
operation safely over the time period t . The reliability of a system
can also be defined as follows, using its failure rate or hazard rate
function ( ).
t the failure state. The intervention can be automated such as with a
R (t) = exp (t ) dt
0 (3)
(t) gives an instantaneous rate of failure of the system at any
time t (Ebeling, 2004). Using Eqs. (1) and (3), the absorption per­
formance of the system is represented as
t system adaptation. However, the system is not restored to its ori­
Q abs (t) = exp abs (t ) dt t [t1, t2]
t1 (4)
abs (t) is the failure rate of the system during the absorption
phase.
After defining the absorption performance, the next step is to
model the failure rate ( ). During the absorption phase, the failure
rate ( ) of the system can be modeled using the system’s perfor­
mance variables. The failure rate of the system increases as the
system approaches its failure state. Failure state is defined as the
condition where performance variables reach their limiting values
for safe operation. Therefore, the failure rate of the system will in­
crease as the performance variables approach their limiting values.
Covariate models are the most common technique used to model the
failure rate of the system as a function of system’s covariates, or
explanatory variables (Ebeling, 2004). These are variables, which
have an obvious correlation with the failure rate of the system. In
this case, the covariates are the performance variables of the system.
Therefore, the failure rate of the system during absorption phase
( abs ) can be modeled using the covariate approach.
abs (t) = f (P1 (t), P2 (t), …, Pn (t)) (5)
The exact form of f (P1, P2, …, Pn) can be determined by per­
forming experiments to analyze the relationship between the per­
formance variables P1, P2, …, Pn and the failure rate abs . However, if
the relationship is unknown, there are simple models such as a
proportional hazards model that can be used to model abs (Barker
and Baroud, 2014). The proportional hazards model states that the
failure rate ( abs ) is a function of the time driven baseline hazard
function ( o ) and the exponential summation of the covariates
(functions of performance variables), leading to Eq. (6).
85
Process Safety and Environmental Protection 163 (2022) 82–93
n
abs (t) = o (t) exp ai fi (Pi (t))
i=1 (6)
ai ’s are the regression coefficients that represent the impact of
each performance variable on the failure rate. There are simple
linear and exponential models that can alternatively be used when
abs is constant (Ebeling, 2004). These situations can be interpreted
as a special case scenario of Eq. (6).
2.2.2. Adaptation performance modelling
Adaptation is a crucial aspect of a resilient system (Francis and
Bekera, 2014). A system undergoes an adaptation phase when it is
unable to absorb all external disruptions. If the disruptions are se­
vere and beyond the absorption capacity of the system, then the
system adjusts itself to adapt to the disruptions and continue its
operation at a lower performance level. Smit and Wandel (2006)
defined adaptation from a human systems perspective as the ability
of the system to undergo a process or action to better cope with
changing factors such as risk, hazard, or stress. Adger (2006) also
defined adaptation as the capacity of the system to self-organize and
adapt to changing circumstances. Therefore, in accordance with
these definitions, it can be concluded that adaptation is the ability of
the system to readjust itself according to external disruptions and
continue its operation without going into failure state.
The idea of readjustment implies that some intervention is
needed to adapt to the disruption and stop the system from reaching
level controller or pressure controller, or it can be from a human.
When the system adapts to the disruption and operates at a lower
performance level, it is implied that the performance variables are
no longer approaching their limiting values. Instead, the perfor­
mance variables P1, P2, …, Pn of the system become constant after the
ginal configuration during the adaptation phase and is therefore still
at risk of failure. As the system operates in the adaptation phase at a
lower performance level, the reliability of the system decreases and
the probability of failure increases. However, the rate of probability
of failure increase during the adaptation phase is much lower than
during the absorption phase. This is because of the intervention
action, which helps to decrease the failure rate severely. Therefore,
the failure rate during the adaptation phase ( adap ) is very low
compared to the failure rate during the absorption phase ( abs ).
adap abs (7)
Using Eq. (7), it can be concluded that the system’s reliability
during the adaptation phase will decrease more gradually than
during the absorption phase, where the reliability decreases sud­
denly over a short period. The adaptation performance is modeled
using reliability, similar to the absorption performance. A linear
model for adaptation performance is proposed as shown below.
R (t3) R (t2)
Q adap (t) = Q abs (t2) + (t t2) t [t2, t3]
t3 t2 (8)
Because R (t) does not decrease drastically during the adaptation
phase, the adaptation performance curve has been approximated as
a straight line with a slope equal to the average rate of change of
R (t). The slope ( R (t 3)
t3
R (t 2)
t2 ) determines the adaptability of the
system. The magnitude of the slope should be close to zero for highly
adaptable system. This can be achieved by taking the recovery action
as quickly as possible, so that R (t3) R (t2). Eq. (8) can also be ex­
pressed in terms of adap and abs .
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

t3 t
R (t3) = exp (t ) dt M (t) = 1 exp µrec (t ) dt
t1 t3 (11)
t2 t3
= exp abs (t ) dt adap (t ) dt µrec is the recovery rate of the system, which is analogous to the
t1 t2
repair rate. M (t) demonstrates the proximity of the system’s current
t2
state to the complete restoration state. In other words, it represents
R (t2) = exp abs (t ) dt the efforts and resources needed to recover the system to its initial
t1
state. The recovery performance should demonstrate the ease with
Q adap (t) which the system can be restored to the state prior to the disruption
(Abimbola and Khan, 2019). Therefore, the recovery performance has
been modeled as a linear function of M (t) as shown below.
= Q abs (t2)
Q rec (t) = c1M (t) + c2
+
exp ( t2
t1 abs (t ) dt
t3
t2 adap (t ) dt ) exp ( t2
t1 abs (t ) dt ) (12)

t3 t2 The constants c1 and c2 can be determined using the continuity

criteria:
(t t2) t [t2, t3] (9)
• At t = t3, Q rec (t3) = Q adap (t3) , and
The adaptation phase may not be observed, or it may only occur • As t , Q rec (t) 1, because if the recovery action is performed
for a short period of time, in some systems which are highly reactive for infinite time, then eventually the system will be completely
to intervention. This is because a system will enter the recovery restored to its initial state.
phase immediately after intervention instead of adapting to the
disruption if a system is highly reactive to intervention. Using the above conditions,
t
2.2.3. Recovery performance modelling Q rec (t) = Q adap (t3) + (1 Q adap (t3)) 1 exp µrec (t ) dt
t3
Recovery is the process of restoring a system’s performance to its
original levels. For a resilient system, the final goal is to recover the t [t3, ) (13)
system after a disruption. The system transitions to recovery phase Eq. (13) represents the model for the recovery performance of the
after it has absorbed maximum possible disruptions during the ab­ system, but it only reaches its initial performance value of ‘1’ after
sorption phase and has successfully adapted to them during the infinite time. This result is expected as it is not possible to fully re­
adaptation phase. There are many research studies, which focus on store or repair any system to its initial state before the disruption.
the mathematical modeling of the recovery performance of civil Therefore, this model represents how close the system is to its initial
infrastructures such as buildings or bridges when they are disrupted state after the recovery action.
by extreme natural events such as earthquakes, floods, and hurri­ Recovery rate is similar to the repair rate of the system. However,
canes (Gardoni et al., 2002; Sharma et al., 2018; Nocera et al., 2019). the repair rate is the rate at which a system is repaired or restored
Probabilistic models are most common method used to define the from a failure state to its initial state, whereas the recovery rate is
recovery curve based on the historical data of recovery activities the rate at which a system is restored to its initial state from a low
such as time needed for damage inspection, mobilization, and re­ performance state. A proportional hazards model can also be used to
pairs (Sharma et al., 2018). Cimellaro et al. (2006) proposed prob­ model recovery rate, similar to the failure rate (Barker and Baroud,
abilistic recovery models for the seismic failure probability of civil 2014). The covariates may or may not include performance variables,
infrastructures. They proposed linear, trigonometric, and ex­ however, because the recovery actions usually depend on socio­
ponential models for the recovery curve based on the time required technical factors such as the number of workers and their experience
to repair the structures after seismic damages. Barker and Baroud or skills. The impact of such factors can be analyzed by using them as
(2014) took a similar approach to model infrastructure recovery covariates for modeling the recovery rate as shown below.
from power outages caused by thunderstorms across the United
n
States. They used maintainability as a measure of recovery, and they
µrec (t) = µo (t) exp bi Ci (t)
implemented a proportional hazards model to define the repair rate (14)
i=1
by considering covariates such as number of customers, loss, and
geographical location. µo is a baseline recovery rate function which is used as a re­
This framework proposes a similar approach for modeling system ference, bi ’s are the regression coefficients, and Ci ’s are the covariates
recovery performance. Maintainability is defined as the probability that can be functions of performance variables Pi ’s and/or socio­
that a failed system can be repaired or restored to a specified state technical factors.
within the period of time in which maintenance activities are per­
formed (Ebeling, 2004). In the case of a resilient system, the system 2.3. Resilience assessment
is recovering from a lower performance state to the initial perfor­
mance state. During this phase, the performance variables There are many studies where resilience assessment of a system
P1, P2, …, Pn are restored to their initial values from before the dis­ is performed using the area integral of the performance curve Q (t)
ruption. Therefore, recovery is proposed as a quantity that is ana­ over the time interval from disruption to restoration (Bruneau and
logous to the maintainability of the system. First, the probability that Reinhorn, 2007; Bonstrom and Corotis, 2016; Sharma et al., 2018).
the system operating at a lower performance level can be repaired or According to these studies, the resilience metric is defined as
restored to its initial performance level within time t is denoted t4
as M (t) . t1
Q (t) dt
Resilience = t4
M (t) = Pr {tR t} (10) t1
dt (15)

is the time needed to repair or recover the system to its initial In Eq. (15), resilience is quantified as the ratio of the area under
state. By the definition of maintainability given by Ebeling (2004) the actual performance curve Q (t) to the area under the ideal per­
and Barker and Baroud (2014), M (t) can also be defined as formance curve over the time interval from disruption to restoration.

86
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

The goal of resilience assessment is to propose a mathematical the reactor. This condition leads to a rapid and uncontrolled rise in
quantity that represents the ability of a system to deliver perfor­ the reactor temperature. Such conditions can also result in an ex­
mance as close as possible to ideal performance. Ideally, the per­ plosion because of the sudden increase in temperature over a short
formance value of the system would remain one at any time. period of time. Therefore, it is necessary to design this system to be
However, most systems will experience a decrease in their perfor­ resilient to disruptions such as a loss of control loop. One way to
mance after a disruption as shown in Fig. 2, and an eventual increase achieve this goal is to modify the batch reactor design to include a
after intervention and recovery actions. A resilience metric is needed reaction inhibitor injection mechanism. Reaction inhibition slows
to represent the proximity of the actual performance curve to the the rapidly increasing reactor temperature, preventing a complete
ideal performance curve. The area integrals of the actual and ideal failure condition due to explosion, and creating an opportunity to
performance curves can demonstrate how close the actual system is regain safe operation. Then, the batch reactor can be cleaned, and
to an ideal resilient system. If the ratio in Eq. (15) is high (close to 1), the control loop can be repaired or reinstalled to restore the system
then it can be concluded that the system’s behavior is very close to to original performance level. However, there are multiple design
ideal. Therefore, the system’s resilience to the disruption will also factors that can impact the resilience of the system. For instance, the
be high. time of injection of the inhibitors tinj plays an important role in
Eq. (15) also implies that to maximize the resilience of the enhancing the system’s resilience. Earlier injection of inhibitors
system, the area under the performance curve Q (t) should be should lead to a lower risk of explosion and higher resilience. This
maximized. This equation is also instrumental in analyzing the ef­ hypothesis is verified by applying the proposed resilience assess­
fects of various operating and design variables on a system’s resi­ ment framework to this batch reactor system and thereby proving its
lience. Once the impact of these variables on resilience is analyzed, applicability to process systems.
the system’s design can be modified to maximize the resilience, and Ethyl acetate is used as a solvent and azobis-isobutyronitrile is
the intervention and recovery actions can be planned accordingly. used as an initiator (I) for the polymerization reaction. The initiation,
propagation, and termination kinetics of the uninhibited poly­
merization of MMA are described by reactions I – V.
3. Application of the framework: case study of batch reactor
Initiation
Thermal runaway incidents occur predominantly in batch reactor kd
I 2R· (I)
operations. Liu and Wilhite (2019) developed a model for transient,
non-isothermal, well-mixed batch reactors for a free radical poly­ ki
R· + M P1· (II)
merization of methyl methacrylate (MMA). Within this study, they
investigated reaction inhibitor injection as a procedure for thermal Propagation
runaway mitigation. The impact of injection time on the mitigation kp
procedure was then analyzed. This batch reactor model will be used Pn · + M Pn + 1· (III)
as a case study to prove the applicability of our resilience assessment Termination
framework.
ktc
Pm · + Pn · Dm + n (IV)
3.1. Process description ktd
Pm · + Pn · Dm + Dn (V)
This system consists of a batch reactor with a cooling jacket, as
Here, M, R, P, and D represent monomers, initiator radicals,
shown in Fig. 3. The MMA polymerization reaction is the process
polymer radicals, and dead polymer products respectively. m and n
being analyzed. The system is set up in such a way that there is
are positive integers denoting chain length. The reaction mechanism
insufficient cooling which leads to a thermal runaway scenario. It is
involves free radical initiation, propagation by live polymer radicals,
assumed that there is a control loop failure, which results in the
and termination by combination of two radicals to form dead
reaction heat generation rate being greater than the cooling rate of
polymer products. All side reactions are neglected to investigate the
thermal runaway phenomenon (Liu and Wilhite, 2019). The rate
expressions for the uninhibited polymerization reaction are ob­
tained by using the mass balance. The definitions of the variables
and parameters are shown in Table 1.
d [M]
= k p [M] o
dt (16)

d [I]
= kd [I]
dt (17)

2f [I] kd
o =
kt (18)
These expressions are obtained using the quasi-steady state as­
sumption for the polymer radical concentration. o is the zeroth
moment of free radical concentration, which represents the level of
reactivity inside the reactor. The mathematical model for reactor
temperature is obtained by using the energy balance as follows.
dT Ua ( Hr)
= (Tc T) + kp [M] o
dt Cp V Cp V (19)
After the addition of inhibitors, the rate expressions and the re­
Fig. 3. A batch reactor system for MMA polymerization. actor model get modified slightly because of inhibition action,

87
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

Table 1 Table 2
Process variables/parameters and their definitions. Parameter values for the batch reactor simulation.

Variables/Parameters Definitions Parameters Values

T Reactor temperature Tc 300 K

To Initial reactor temperature [X]o 0.55 mol/L
Tc Temperature of cooling fluid [I]o 0.055 mol/L
tinj Time of injection of inhibitor [M]o 10 mol/L
[X] Inhibitor concentration kpo 4.41 × 105 s-1
[X]o Initial inhibitor concentration kto 2.6 × 108 L/mol·s
[I] Initiator concentration kdo 2 × 1015 s-1
[I]o Initial initiator concentration Ep 4348 J/mol
[M] Methyl methacrylate (MMA) concentration Ed 129,615 J/mol
[M]o Initial MMA concentration Et 6393 J/mol
kp , kx , kt , kd , kpo, kto, kdo Reaction rate constants f 0.5
Ep, Ed, Et Reaction activation energies ρ 0.895 g/cm3
f Efficiency factor of initiator Cp 1950 J/kg·K
ρ Density U 490 W/m2·K
Cp Specific heat capacity of reactor contents a 0.063 m2
U Overall heat transfer coefficient V 1L
a Heat transfer area Hr 5.858 × 104 J/mol
V Reactor volume
Hr Heat of polymerization reaction

leaks. Therefore, according to the definition of performance vari­

ables, reactor temperature is used as a performance variable in this
except for Eq. (16). An inhibition reaction is involved along with the case study. The system failure condition is defined as the point when
reactions described in I – V. The kinetics of the inhibition reaction reactor temperature exceeds the critical temperature of MMA;
can be expressed as follows. therefore, the critical temperature is the upper limit of safe reactor
kx
operating temperature. This is because at the critical temperature,
Pn · + X Dn (VI) all reactor contents are in the gaseous phase, and therefore the risk
The rate expressions and reactor model are obtained using the of an explosion or leak is extremely high. The critical temperature of
mass and energy balance equations. For the inhibited condition, the MMA is 567.2 K and the failure condition is described as follows.
zeroth moment of inhibitor concentration ( oinh ) is different from the
T 567.2 K (25)
uninhibited condition. It was obtained using the same quasi steady
state assumption (Liu and Wilhite, 2019). Fig. 4 shows the reactor temperature profile for uninhibited re­
d [M] inh
action and for when inhibitors are injected at time tinj = 5.8min . The
= k p [M] o temperature profile for the inhibited reaction reaches the failure
dt (20)
condition at t = 5.8min when the reactor temperature T = 567.2K , as
d [X] inh shown in Fig. 4. This implies that the intervention action (inhibitor
= k x [X] o
dt (21) injection) should be taken before t = 5.8min to prevent the tem­
perature from reaching its upper limit. Therefore, to ensure the re­
inh k x [X] + (k x [X])2 + 8f [I] k d kt silience of the system during the thermal runaway situation,
o =
2kt (22)
tinj < 5.8 min (26)
dT Ua ( Hr) inh
= (Tc T) + k p [M] o
dt Cp V Cp V (23)
Liu and Wilhite (2019) analyzed the reactor model for multiple
scenarios by varying the kinetic parameters of the inhibition reac­
tion. They analyzed the temperature profile of the reactor for dif­
ferent combinations of k x and kp . In this case study, however, only
one scenario of inhibition reaction is analyzed. Therefore, the rate
constant for the inhibition reaction here is assumed to be
k x = 0.01k p (24)
The values of the system’s parameters were obtained from Liu
and Wilhite’s work. The initial conditions for solving differential Eqs.
(16) – (24) and the values of the system’s parameters are shown in
Table 2.

3.2. Defining the failure condition

According to the framework presented, the first step is to identify

the performance variables and define the failure condition of the
system. Batch reactor systems have a predefined maximum allow­
able temperature (Westerterp and Molga, 2006; Stoessel, 2009; and
Chen et al., 2021). If the reactor temperature increases beyond the Fig. 4. Reactor temperature for uninhibited reaction and reaction with inhibitors
maximum allowable value, then there is a high risk of explosion or at tinj = 5.8min .

88
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

3.3. Modeling the performance tinj

A batch reactor system is highly reactive to intervention actions
such as injection of inhibitors. The reactor temperature decreases
immediately when a sufficient quantity of inhibitors is injected at
the appropriate time. This is not true for all quantities of inhibitors
and injection times. Liu and Wilhite (2019) demonstrated that the
thermal runaway condition can be avoided only by using a certain
range of values of inhibitor concentrations and injection times. They
proved that the reactor temperature would decrease immediately
after the inhibitor injection, but that if the amount of inhibitors is
not enough to stop the polymerization reaction, then the reactor
temperature would increase again after some time and a thermal
runaway condition would still occur. Similarly, if the injection time is
too high, the reactor temperature will increase eventually, and the
reactor will still enter a thermal runaway situation. In this case
study, appropriate parameter values have been chosen from Liu and
Wilhite’s work to model the reactor temperature during a thermal
runaway and inhibition condition.
The reactor temperature profile before and after time tinj was
Q abs (t) = exp abs (t ) dt t [0, tinj]
0 (27)
The failure rate of the system abs (t) is modeled using the pro­
portional hazards model because the data for the failure rate of a
batch reactor system with MMA polymerization reaction in a dis­
rupted state was not available in prior literature. Therefore, covari­
ates that characterize the thermal runaway condition of a batch
reactor were identified. Thermal runaway scenarios are character­
ized by a rapid and uncontrolled rise in reactor temperature
(Westerterp and Molga, 2006; Stoessel, 2009; Wang, 2010; and
Kummer et al., 2020). Ni et al. (2016) proposed that a positive rate of
change of reactor temperature ( ) can be used as a criterion for
dT
dt
dT
identifying thermal runaway. A high value of implies that the
dt
reactor temperature increases rapidly in a very short period. If dT is
dt
high, then the time needed for the reactor temperature to reach its
upper limit is low. Therefore, as dT increases, the failure rate of the
dt
system also increases. Hence, a proportional hazards model is used
to model the system failure rate using dT .
dt

obtained by solving Eqs. (16) – (19) and (20) – (24) respectively in dT (t)
MATLAB, as shown by the dashed curve in Fig. 4. After obtaining the dt
abs (t) = o (t) exp
temperature profile, the performance curve of the system was ob­ ( )dT
dt baseline (28)
tained according to the proposed framework. In this case, only ab­
dT (t)
sorption and recovery phases were observed because the reactor dt
The covariate used in Eq. (28) is . A baseline case is used
temperature decreases immediately after inhibitor injection. After dT
dt baseline
an intervention action was taken, the performance variable (T ) of the
as reference for the proportional hazard model. An assumption is
system stopped approaching its upper limiting value and started
made for the baseline case that the temperature increases at a

( ) and the corresponding baseline

decreasing. This implies that the system was highly reactive to the
intervention action and went into recovery phase immediately after constant rate constant ( ) dT
dt baseline
the intervention action. When the temperature was no longer in­
creasing, the batch reactor was cleaned, the control loop was re­
failure rate o (t) is also constant. o (t) and ( )
dT
dt baseline
are calculated
from Fig. 4 using the uninhibited reactor temperature profile. As the
paired or reinstalled, and the operating conditions were restored to
data for the failure rate is not available in the literature, an as­
their initial values. Thus, after completing all recovery actions, the
sumption is made that the mean time when the reactor temperature
system is restored to its normal operating condition as it was before
reaches its critical value of 567.2 K is approximately 5.8 min.
the disruption.
Therefore, the mean time to failure (MTTF) for the baseline case is
It should be noted that all batch reactor operations are unsteady
5.8 min.
state operations. This implies that the reactor temperature will al­
ways rise and then decrease as the reaction progresses for each 1 1 1
o (t ) = = = 0.17 min
operation cycle when operated at normal conditions. However, this MTTF 5.8 (29)
does not mean that the performance Q (t) of the system also de­
creases and increases according to the changes in temperature. This ( )
dT
dt baseline
is also approximated by assuming that the rise in
is because the system is still working at normal operating condi­ temperature will be essentially linear. Therefore, ( )
dT
dt baseline
is cal­
tions, and therefore it is known that the safety limits of the oper­ culated from Fig. 4 as the average slope of the increasing temperate
ating variables will not be exceeded. This means that operation is curve.
safe and at all times, Q (t) = 1 when the system is operated at normal
operating conditions without any disruptions. dT
= 35 K / min
However, if the batch reactor system experiences disruptions, dt baseline (30)
then its reliability will decrease with time immediately after the
disruption. This implies that the system’s performance Q (t) will also
3.3.2. Modeling recovery performance (Q rec)
decrease during the absorption phase. Therefore, Q (t) 1 when the
After intervention at time t = tinj , the reactor temperature is no
system experiences disruptions such as insufficient cooling. Thus,
longer increasing. Therefore, recovery actions can be commenced
the batch reactor system’s performance is not dependent on the
after t = tinj . As mentioned in the previous section, recovery actions
reactor temperature when the system is operated at normal oper­
can include activities such as cleaning the batch reactor to get rid of
ating conditions without any disruptions. Temperature is only used
the inhibition reaction products, repairing or reinstalling the cooling
as a tool to model the absorption performance or the reliability of
system control loop, and loading the reactor with reactants. The
the system to represent its proximity to the failure condition after a
recovery performance of the system can be given by specifying Eq.
disruption has occurred.
(13) as follows.

3.3.1. Modeling absorption performance (Q abs) t

Q rec (t) = Q abs (tinj) + (1 Q abs (tinj)) 1 exp µ rec (t ) dt t
The loss of control loop occurs at time t = 0s , therefore, the tinj

system will enter the absorption phase at t = 0 s. The intervention
action being taken is the injection of inhibitors at t = tinj . Thus, the
system will remain in the absorption phase from t = 0s to t = tinj .
The absorption performance can be modeled by specifying Eq. (4) to
create Eq. (27) as follows.
[tinj, ) (31)
The recovery rate will depend on sociotechnical factors such as
the number of workers and their experience or skills. These factors
will be unique for every system and can be obtained from the

89
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

Fig. 5. Temperature profiles and their corresponding performance for (a) tinj = 5.8min , (b) tinj = 4min , (c) tinj = 2min , and (d) tinj = 1min .

90
B. Pawar, M. Huffman, F. Khan et al. Process Safety and Environmental Protection 163 (2022) 82–93

historical maintenance data of the system. However, models of the

recovery rate of a batch reactor for MMA polymerization reaction are
not available in literature. Therefore, this case study assumes that
the system’s recovery rate µrec (t) is constant. The mean time to re­
pair (MTTR) of the system is assumed to be 100 min. It is also as­
sumed that the recovery actions were completed at time t = 500
minutes. Therefore,
1 1 1
µrec (t) = = = 0.01 min
MTTR 100 (32)

3.4. Resilience assessment of the batch reactor system

After modeling the performance curve Q (t), the resilience of the

system can be calculated using Eq. (14) as follows.
t4
0
Q (t) dt
Resilience = t4
0
dt (33)
t4 is the time when the recovery actions are completed, and the
system is restored to its normal operating condition. Eqs. (27) – (33)
were used to calculate the resilience metric for different inhibitor
injection times.

3.5. Results and discussion

The system’s performance Q (t) was plotted for different inhibitor

injection times (tinj ). Fig. 5 shows the reactor temperature profiles
and their corresponding performance plots. The temperature pro­
files for uninhibited and inhibited conditions are shown to compare
the system’s response to different values of tinj .
Disruption occurs at t = 0 and the system goes into absorption
phase. According to Eq. (27), the absorption performance is defined
by the reliability of the system. When tinj = 5.8 min, the reactor
temperature reaches its limiting value of 567.2 K and therefore, the
absorption performance of the system decreases to nearly zero. This
is because dT increases tremendously at t = 5.8 min, which means
dt
that the failure rate also increases, and the reliability of the system
decreases. As tinj is decreased from 5.8 min to 1 min, the absorption
performance of the system improves, decreasing the drop in sys­
tem’s performance from t = 0 to t = tinj . For instance, at tinj = 1 min, Fig. 6. Summary of (a) reactor temperature profiles, and (b) performance curves at
tinj = 5.8min, 4min, 2min, and 1min .
Q (t) drops from 1 to 0.82, whereas at tinj = 5.8 min, Q (t) drops from
1 to 0.001. Therefore, the area under the Q (t) curve increases as tinj
decreases. This implies that the system becomes more resilient Table 3
Resilience assessment for different tinj values.
when the inhibitors are injected earlier. This can also be observed in
Fig. 5. The system’s response to different values of tinj can be com­ Design variable, tinj (min) Resilience
pared and analyzed from Fig. 6. The performance curve Q (t) ap­ 5.8 0.7
proaches the ideal performance curve as tinj decreases from 5.8 min 4 0.8
to 1 min. Also, the reactor temperature profiles were analyzed for 2 0.9
tinj = 5.8, 4, 2, and 1 min. It can be observed that the maximum re­ 1 0.9

actor temperature decreases when the inhibitors are injected earlier.

For instance, at tinj = 5.8 min, the maximum reactor temperature
value was 567.2 K (the critical temperature of MMA), whereas at
tinj = 1 min, the maximum reactor temperature value was 333.3 K.
This also implies that the reactor operation becomes safer when the
inhibitors are injected earlier. Therefore, it can be concluded from
the reactor temperature profiles and their corresponding Q (t) curves
that the system becomes more resilient when the intervention ac­
tion is taken earlier.
Only two phases, namely, absorption and recovery, were ob­
served for this case study. Because the system is highly reactive to
intervention action, the adaptation phase is very short lived and
occurs at t = tinj . The inhibitor injection time tinj was treated as a
design variable in this case study. The resilience metrics for
tinj = 5.8, 4, 2, and 1 min were calculated and shown in Table 3. The
calculated resilience metrics further prove that as tinj is decreased,
the system becomes more resilient. Therefore, to maximize the re­
silience of the system, tinj should be minimized as much as possible.
From Fig. 6, it can also be observed that the recovery perfor­
mance curve does not overlap with ideal performance curve exactly.
This implies that the value of recovery performance is 1 only at in­
finite time. This is accurate, as in application it is extremely difficult
to restore any system to its exact initial state. Therefore, the pro­
posed maintainability-based model of the recovery performance
gives an accurate representation of the progress from the recovery
actions with time. However, in some cases, it is possible to restore a
system to its initial state depending on the system and recovery
actions. If the damaged components of the system are replaced with
new and more efficient components, then the system might be re­
stored to its initial state or even better state. Recovery also depends

91
B. Pawar, M. Huffman, F. Khan et al.
on financial aspects such as available budget for restoration ex­
penses. In most cases, the restoration of the system to initial or even
better state is very expensive. For instance, critical infrastructure
systems such as electric power systems usually come under the
jurisdictions of governments and therefore, they can afford to make
huge investments in the recovery actions for such systems (Yodo and
Wang, 2018; Sarker and Lester, 2019). However, if the restoration
costs are more than the available budget, then the system will have
to be restored to a performance level that is lower than its initial
state.
4. Conclusions
In this work, a framework for resilience assessment was devel­
oped by integrating reliability and maintainability concepts. First,
the key operating variables that determine the safety of the system’s
operation were identified. These are performance variables with
limiting values beyond which the system’s operation becomes un­
safe. Second, a failure condition was defined based on the limiting
values of the performance variables. Finally, mathematical models
were proposed for the absorption, adaptation, and recovery perfor­
mance of a system in the event of a disruption. Covariate models
were used to analyze the effect of performance variables Pi on the
system’s performance Q (t), and a resilience metric was defined
using the area integral of Q (t). A case study was performed to apply
the framework on a batch reactor system with an MMA poly­
merization reaction to analyze its resilience in the event of a thermal
runaway. The performance Q (t) of the batch reactor system was
modeled using reactor temperature as a performance variable.
Inhibitor injection was used as an intervention to prevent the system
from reaching the failure condition. Therefore, inhibitor injection
time tinj was used as a design variable. It was found that the resi­
lience of the system increased when tinj was decreased. This was also
verified by obtaining reactor temperature profiles at decreasing va­
lues of tinj . This implied that earlier implementation of intervention
action ensured safer and more resilient operation. This case study
proved the applicability of the framework.
It should be noted that only the constraints on the performance
variables from a safety perspective were considered. Additional
constraints such as economic constraints can also be included for
future work; framing a multi objective optimization problem in
which the economic profit as well as the system’s resilience needs to
be optimized. The modeling of failure rates and recovery rates of
process systems have not been explored thoroughly. Therefore, the
use of Monte Carlo simulations for modeling failure time distribu­
tions and failure rates of process systems is another important di­
rection for future research.
Declaration of Competing Interest
The authors declare that they have no known competing fi­
nancial interests or personal relationships that could have appeared
to influence the work reported in this paper.
References
Abimbola, M., Khan, F., 2019. Resilience modeling of engineering systems using dy­
namic object-oriented Bayesian network approach. Comput. Ind. Eng. 130,
108–118. https://doi.org/10.1016/j.cie.2019.02.022
Adger, W.N., 2006. Vulnerability. Glob. Environ. Chang. 16, 268–281. https://doi.org/
10.1016/j.gloenvcha.2006.02.006
Ahmed, F., Kilic, K., 2019. Fuzzy analytic hierarchy process: a performance analysis of
various algorithms. Fuzzy Sets Syst. 362, 110–128. https://doi.org/10.1016/j.fss.
2018.08.009
Aidoo, I., Fugar, F., Adinyira, E., Ansah, N.B., 2022. Understanding the concept of re­
silience in construction safety management systems. In: Gorse, C., Scott, L., Booth,
C., Dastbaz, M. (Eds.), Climate Emergency – Managing, Building, and Delivering
the Sustainable Development Goals. Springer International Publishing Cham, pp.
217–233.
92
Process Safety and Environmental Protection 163 (2022) 82–93
Azadeh, A., Motevali Haghighi, S., Salehi, V., 2015. Identification of managerial shaping
factors in a petrochemical plant by resilience engineering and data envelopment
analysis. J. Loss Prev. Process Ind. 36, 158–166. https://doi.org/10.1016/j.jlp.2015.
06.002
Azadeh, A., Salehi, V., Ashjari, B., Saberi, M., 2014. Performance evaluation of in­
tegrated resilience engineering factors by data envelopment analysis: the case of
a petrochemical plant. Process Saf. Environ. Prot. 92, 231–241. https://doi.org/10.
1016/j.psep.2013.03.002
Baek, J.S., Meroni, A., Manzini, E., 2015. A socio-technical approach to design for
community resilience: a framework for analysis and design goal forming. Des.
Stud. 40, 60–84. https://doi.org/10.1016/j.destud.2015.06.004
Barker, K., Baroud, H., 2014. Proportional hazards models of infrastructure system
recovery. Reliab. Eng. Syst. Saf. 124, 201–206. https://doi.org/10.1016/j.ress.2013.
12.004
Bergström, J., Van Winsen, R., Henriqson, E., 2015. On the rationale of resilience in the
domain of safety: a literature review. Reliab. Eng. Syst. Saf. 141, 131–141. https://
doi.org/10.1016/j.ress.2015.03.008
Bonstrom, H., Corotis, R.B., 2016. First-order reliability approach to quantify and im­
prove building portfolio resilience. J. Struct. Eng. 142, 1–12. https://doi.org/10.
1061/(asce)st.1943-541x.0001213
Bruneau, M., Reinhorn, A., 2007. Exploring the concept of seismic resilience for acute
care facilities. Earthq. Spectra 23, 41–62. https://doi.org/10.1193/1.2431396
Chen, Q., Ni, L., Jiang, J., Wang, Q., 2021. Modeling of runaway inhibition in batch
reactors using encapsulated phase change materials. Renew. Energy 170,
387–399. https://doi.org/10.1016/j.renene.2021.01.132
Cimellaro, G.P., Reinhorn, A.M., Bruneau, M., 2006. Quantification of seismic resilience.
8th US Natl. Conf. Earthq. Eng. 6, 3208–3217.
Ebeling, C.E., 2004. An Introduction to Reliability and Maintainability Engineering.
Tata McGraw-Hill Education.
Fernández-Hernández, I., Walter, T., Alexander, K., Clark, B., Châtre, E., Hegarty, C.,
Appel, M., Meurer, M., 2019. Increasing International Civil Aviation Resilience: A
Proposal for Nomenclature, Categorization and Treatment of New Interference
Threats. Proceedings of the 2019 International Technical Meeting of The Institute
of Navigation, Reston, Virginia, pp. 389–407.
Francis, R., Bekera, B., 2014. A metric and frameworks for resilience analysis of en­
gineered and infrastructure systems. Reliab. Eng. Syst. Saf. 121, 90–103. https://
doi.org/10.1016/j.ress.2013.07.004
Gardoni, P., Der Kiureghian, A., Mosalam, K.M., 2002. Probabilistic capacity models
and fragility estimates for reinforced concrete columns based on experimental
observations. J. Eng. Mech. 128, 1024–1038. https://doi.org/10.1061/(asce)0733-
9399(2002)128:10(1024)
Guo, Q., Amin, S., Hao, Q., Haas, O., 2020. Resilience assessment of safety system at
subway construction sites applying analytic network process and extension cloud
models. Reliab. Eng. Syst. Saf. 201, 106956. https://doi.org/10.1016/j.ress.2020.
106956
Henry, D., Emmanuel Ramirez-Marquez, J., 2012. Generic metrics and quantitative
approaches for system resilience as a function of time. Reliab. Eng. Syst. Saf. 99,
114–122. https://doi.org/10.1016/j.ress.2011.09.002
Holling, C.S., 1973. Resilience and stability of ecological systems. Annu. Rev. Ecol. Syst.
4, 1–23.
Hollnagel, E., Woods, D.D., Leveson, N., 2006. Resilience Engineering: Concepts and
Precepts. Ashgate Publishing, Ltd.
Jackson, S., 2009. Architecting Resilient Systems: Accident Avoidance and Survival and
Recovery from Disruptions 66 John Wiley & Sons.
Jain, P., Chakraborty, A., Pistikopoulos, E.N., Mannan, M.S., 2018a. Resilience-based
process upset event prediction analysis for uncertainty management using
bayesian deep learning: application to a polyvinyl chloride process system. Ind.
Eng. Chem. Res. 57, 14822–14836. https://doi.org/10.1021/acs.iecr.8b01069
Jain, P., Mentzer, R., Mannan, M.S., 2018b. Resilience metrics for improved process-risk
decision making: Survey. Anal. Appl. Saf. Sci. 108, 13–28. https://doi.org/10.1016/j.
ssci.2018.04.012
Jain, P., Pistikopoulos, E.N., Mannan, M.S., 2019. Process resilience analysis based data-
driven maintenance optimization: application to cooling tower operations. Comput.
Chem. Eng. 121, 27–45. https://doi.org/10.1016/j.compchemeng.2018.10.019
Kummer, A., Varga, T., Nagy, L., 2020. Semi-batch reactor control with NMPC avoiding
thermal runaway. Comput. Chem. Eng. 134. https://doi.org/10.1016/j.
compchemeng.2019.106694
Liu, G., Wilhite, B.A., 2019. Model-based design for inhibition of thermal runaway in
free-radical polymerization. Ind. Eng. Chem. Res. 58, 17244–17254. https://doi.
org/10.1021/acs.iecr.9b02007
Moreno-Sader, K., Jain, P., Tenorio, L.C.B., Mannan, M.S., El-Halwagi, M.M., 2019.
Integrated approach of safety, sustainability, reliability, and resilience analysis via
a return on investment metric. ACS Sustain. Chem. Eng. 7, 19522–19536. https://
doi.org/10.1021/acssuschemeng.9b04608
Nan, C., Sansavini, G., 2017. A quantitative method for assessing resilience of inter­
dependent infrastructures. Reliab. Eng. Syst. Saf. 157, 35–53. https://doi.org/10.
1016/j.ress.2016.08.013
Ni, L., Mebarki, A., Jiang, J., Zhang, M., Pensee, V., Dou, Z., 2016. Thermal risk in batch
reactors: theoretical framework for runaway and accident. J. Loss Prev. Process
Ind. 43, 75–82. https://doi.org/10.1016/j.jlp.2016.04.004
Nocera, F., Gardoni, P., Cimellaro, G.P., 2019. Time-dependent probability of exceeding
a target level of recovery. ASCE-ASME J. Risk Uncertain. Eng. Syst. Part A Civ. Eng.
5, 04019013. https://doi.org/10.1061/ajrua6.0001019
Patriarca, R., Falegnami, A., Costantino, F., Bilotta, F., 2018. Resilience engineering for
socio-technical risk analysis: application in neuro-surgery. Reliab. Eng. Syst. Saf.
180, 321–335. https://doi.org/10.1016/j.ress.2018.08.001
B. Pawar, M. Huffman, F. Khan et al.
Pawar, B., Park, S., Hu, P., Wang, Q., 2021. Applications of resilience engineering
principles in different fields with a focus on industrial systems: a literature re­
view. J. Loss Prev. Process Ind. 69, 104366. https://doi.org/10.1016/j.jlp.2020.
104366
Perrings, C., 2006. Resilience and sustainable development. Environ. Dev. Econ. 11,
417–427.
Righi, A.W., Saurin, T.A., Wachs, P., 2015. A systematic literature review of resilience
engineering: Research areas and a research agenda proposal. Reliab. Eng. Syst. Saf.
141, 142–152. https://doi.org/10.1016/j.ress.2015.03.007
Rostamabadi, A., Jahangiri, M., Zarei, E., Kamalinia, M., Alimohammadlou, M., 2020. A
novel Fuzzy Bayesian Network approach for safety analysis of process systems; an
application of HFACS and SHIPP methodology. J. Clean. Prod. 244, 118761. https://
doi.org/10.1016/j.jclepro.2019.118761
Salehi, V., Veitch, B., Musharraf, M., 2020. Measuring and improving adaptive capacity
in resilient systems by means of an integrated DEA-Machine learning approach.
Appl. Ergon. 82, 102975. https://doi.org/10.1016/j.apergo.2019.102975
Sarker, P., Lester, H.D., 2019. Post-disaster recovery associations of power systems
dependent critical infrastructures. Infrastructures 4, 1–16. https://doi.org/10.
3390/infrastructures4020030
Sharma, N., Tabandeh, A., Gardoni, P., 2018. Resilience analysis: a mathematical for­
mulation to model resilience of engineering systems. Sustain. Resilient
Infrastruct. 3, 49–67. https://doi.org/10.1080/23789689.2017.1345257
Smit, B., Wandel, J., 2006. Adaptation, adaptive capacity and vulnerability. Glob.
Environ. Chang. 16, 282–292. https://doi.org/10.1016/j.gloenvcha.2006.03.008
Stoessel, F., 2009. Planning protection measures against runaway reactions using
criticality classes. Process Saf. Environ. Prot. 87, 105–112. https://doi.org/10.1016/j.
psep.2008.08.003
Thomas, J.E., Eisenberg, D.A., Seager, T.P., Fisher, E., 2019. A resilience engineering
approach to integrating human and socio-technical system capacities and
93
Process Safety and Environmental Protection 163 (2022) 82–93
processes for national infrastructure resilience. J. Homel. Secur. Emerg. Manag. 16,
1–17. https://doi.org/10.1515/jhsem-2017-0019
Wang, Q., 2010. Theoretical and Experimental Evaluation of Chemical Reactivity. PhD
Dissertation, Texas A&M University, College Station, Texas, USA. 〈https://www.
proquest.com/openview/eefcf7719551c2553f174fe56ebfafdb/1?pq-origsite=
gscholar&cbl=18750〉.
Westerterp, K.R., Molga, E.J., 2006. Safety and runaway prevention in batch and
semibatch reactors - A review. Chem. Eng. Res. Des. 84, 543–552. https://doi.org/
10.1205/cherd.05221
Wiig, S., Aase, K., Billett, S., Canfield, C., Røise, O., Njå, O., Guise, V., Haraldseid-
Driftland, C., Ree, E., Anderson, J.E., Macrae, C., Bourrier, M., Berg, S.H., Bergerød,
I.J., Schibevaag, L., Øyri, S.F., Sjøseth, S., O’Hara, J., Kattouw, C.E., Kalakou, F.T.,
Bentsen, S.B., Manser, T., Jeppesen, E., RiH-team, 2020. Defining the boundaries
and operational concepts of resilience in the resilience in healthcare research
program. BMC Health Serv. Res. 20, 330.
Woods, D.D., 2015. Four concepts for resilience and the implications for the future of
resilience engineering. Reliab. Eng. Syst. Saf. 141, 5–9. https://doi.org/10.1016/j.
ress.2015.03.018
Yarveisy, R., Gao, C., Khan, F., 2020. A simple yet robust resilience assessment metrics.
Reliab. Eng. Syst. Saf. 197, 106810. https://doi.org/10.1016/j.ress.2020.106810
Yazdi, M., Kabir, S., 2017. A fuzzy Bayesian network approach for risk analysis in
process industries. Process Saf. Environ. Prot. 111, 507–519. https://doi.org/10.
1016/j.psep.2017.08.015
Yodo, N., Wang, P., 2018. A control-guided failure restoration framework for the design
of resilient engineering systems. Reliab. Eng. Syst. Saf. 178, 179–190. https://doi.
org/10.1016/j.ress.2018.05.018
Zarei, E., Ramavandi, B., Darabi, A.H., Omidvar, M., 2021. A framework for resilience
assessment in process systems using a fuzzy hybrid MCDM model. J. Loss Prev.
Process Ind. 69, 104375. https://doi.org/10.1016/j.jlp.2020.104375