See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/309277883

Reliability Analysis of Redundant Dynamic Positioning Control System With

Human Factor Involved

Conference Paper · June 2016

DOI: 10.1115/OMAE2016-54101

CITATIONS READS
0 316

3 authors, including:

Fang Wang
Hangzhou Dianzi University
16 PUBLICATIONS   49 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Fang Wang on 25 October 2016.

The user has requested enhancement of the downloaded file.

 Proceedings of the ASME 2016 35th International Conference on Ocean, Offshore and Arctic Engineering
OMAE2016
June 19-24, 2016, Busan, South Korea

OMAE2016-54101

RELIABILITY ANALYSIS OF REDUNDANT DYNAMIC POSITIONING CONTROL

SYSTEM WITH HUMAN FACTOR INVOLVED

Fang Wang Yong Bai Feng Xu

School of Mechanical School of Civil Engineering and Wuhan Second Ship Design and
Engineering, Architecture, Research Institute
Hangzhou Dianzi University Zhejiang University Wuhan, Hubei, China
Hangzhou, Zhejiang, China Hangzhou, Zhejiang, China

ABSTRACT For a DP system, the failure mode and effects analysis

Deepwater oil and gas explorations bring more safety and
reliability problems for the dynamically positioned vessels.
With the demands for the safety of vessel crew and onboard
device increasing, the single control architecture of dynamic
positioning (DP) system can not guarantee the long-time
faultless operation for deeper waters, which calls for much
more reliable control architectures, such as the Class 2 and
Class 3 system, which can tolerate a single failure of system
according to International Maritime Organization’s (IMO) DP
classification. The reliability analysis of the main control
station of DP Class 3 system is proposed from a general
technical prospective. The fault transitions of the triple-
redundant DP control system are modeled by Markov process.
The effects of variation in component failure rates on the
system reliability are investigated. Considering the DP
operation involved a human-machine system, the DP operator
factors are taken into account, and the human operation error
failures together with technical failures are incorporated to the
Markov process to predict the reliability of the DP control
system.
INTRODUCTION
The safety and reliability of DP operation become more
and more demanding as oil and gas exploration develop in
deeper and harsh waters. According to the DP classification
notations of the IMO[1] and rules of various Classification
Societies (CS), i.e. DNV GL[2], ABS[3], the Class 2 and Class
3 systems both should have redundant components (position
reference systems, sensors, thrusters, controllers, power units)
to withstand any single failure in an component or system to
prevent loss of position, including a completely burnt fire
subdivision or flooded watertight compartment for the Class 3
notation.
(FMEA) usually should be done before a Class 2 or Class 3
system is delivered, which generally concentrates on system
technical failures. Actually most studies on the safety of
station-keeping systems and floating structures have been
focusing on technical faults and risk analysis[4]-[6], and
corresponding control and measures address mainly the
technological improvements. However, human and
organizational factors and contributions should be taken into
account from a broader perspective as the offshore oil and gas
exploration operations always involve a human-machine
system, like the DP operation for drilling, and DP implication
for tandem offloading between shutter tanker and FPSO[7].
Human reliability analysis (HRA) plays an important role in
the reliability analysis of a human-machine system. Early
researches concerned human factors in the system reliability
were studied by the nuclear power industry and were
summarized by Swain[8] and Alvarenga[9]. For the offshore
industry, Bea[10][11]studied the role of human error in design,
construction, and reliability of marine structures. This paper
makes an effort on the reliability analysis of a redundant DP
control system, the human error factor together with technical
failures is incorporated to the Markov process to predict the
resulting reliability.
CONTINUOUS-TIME MARKOV PROCESS
ILLUSTRATION
The Markov model is a stochastic model used to model
randomly changing systems where it is assumed that future
states are independent of previous states. The state of the
system process at time t is defined as :
X (t )  i , i  0,1, 2,  , N . (1)

1 Copyright © 2016 by ASME

Where i  0 denotes the normal state of the system, while and a single DP control system separated by an A60 class
i  N denotes the completely failed state of the system, division as fire backup. Three sets of sensors and position
i  1, 2,  , N  1 denote the states where the failures take place reference systems must be installed, and one set of sensors and
at some components of the system. The state transition of one position reference system must be connected to the single
Markov process is shown in Fig.1. backup DP system. The main DP control system could be a
dual-redundant system or a triple-redundant system. For the
various types of dynamically positioned vessels for DP Class 3,
the triple-redundant configuration is always used as the main
DP control station for deepwater drilling rigs.
A DP Class 3 system will be degraded to a lower Class
system (Class 2 or Class 1) if one or two of the control systems
fail to correct itself. In this section, the main DP control station
of the Class 3 system is simplified into six modules: three
identical control computers and three identical operator stations
connecting each other through a dual network as shown in
Fig.3.There are two states of normal and failure for every
module in the main DP control station. A state is constantly
transformed from normal to failure, here we do not consider the
Fig.1 The states of Markov process repair from failure to normal. The failure time and failure
The transition probability p ij from state i to state j is probability of each module are random. So the state
formulated as: transformations for each module are random processes, and the
failure random process of the main DP control system can be
p ij ( dt )  P[ X (t  dt )  j | X (t )  i ]   ij  dt   ( dt ) (2) considered a continuous-time Markov process with discrete
Where  ij denotes the transition rate in an infinitesimal quantity states.
Assume the failure transition process of the main DP
time dt ,  (dt ) denotes the high-order term control system corresponds with the following statement[12]:
 ( dt ) 1) The state is discernible.
of dt , lim 0. 2) The failure rate of network is far less than the failure
dt 0dt rates of operator stations and control computers, so the factor of
For the continuous-time Markov process, the state network failure is not taken into account.
transition process is formulated as: 3) The failure rate of each module is approximately
P (t  dt )  P (t )  T (3) regarded as constant, so the reliability distribution of each
According to Chapman-Kolmogorov equation,the module is an exponential distribution.  is a constant technical
transition probability of the system can be derived as : failure rate of control computer (control software and related
dP *
hardware);  a constant technical failure rate of operator station
 P (t )  T (4) (HMI and GUI built in operator station).
dt
where 3) Two or more modules are unable to be in a failure state
simultaneously.
 
N
  0 N 
 j 1 0 j  01
 N 
*
T   10   1 j  1N 
(5)
 j 0
j i 
     
 
 

SYSTEM RELIABILITY ANALYSIS OF DP CONTROL

ARCHITECTURES Fig.2 Simplified structure of DP Class 3 control system
A typical DP system generally consists of four sub- Define the probabilities p1 (t ), p 2 (t ),  p10 ( t ) corresponding
systems, namely DP control system, position reference system, to the states of the system P1, P 2,  P 9, P10, , P10 is the
thruster system and power system, and each subsystem includes
completely failed state of the DP system. The state transition
many components. This section focuses on the reliability
process of the main DP Class 3 control system is shown in
analysis of the main DP control station of the Class 3 system.
Fig.3.
The general configuration of the DP Class 3 control system is
shown in Fig.2, which has a main redundant DP control system

2 Copyright © 2016 by ASME

 Table.1 The DP Class 3 system reliability based on various
technical failure rates
Failure R(t) t /h
rates /F(t) 1 100 1000 8760
  10
2
R(t) 1.0000 0.7512 0.0001  107
3 7
  10 F(t)  10 0.2488 0.9999 1.0000
3
  10 R(t) 1.0000 0.9992 0.7472 0.0004
4 7
  10 F(t)  10 0.0008 0.2528 0.9996
4
  10 R(t) 1.0000 1.0000 0.9991 0.8008
5 7 7
  10 F(t)  10  10 0.0009 0.1992
5
  10 R(t) 1.0000 1.0000 1.0000 0.9994
6 7
  10 F(t) 1 0  10 7
 10 7
0.0006

Fig.3 Technical fault transition Markov process
The state probabilities of the system
p1 (t ), p 2 (t ),  p10 (t ) can be obtained given an initial state of
T
the system X (0)  [1,0,0,0,0,0,0,0,0,0] . For the main control
station of DP Class 3 system, if one control computer failures in
a triple-redundant system, the remaining two computers
continue working and perform a dual-redundancy procedures in
the same way as a dual system. And if a second computer
failure takes place in the dual system, there will be an
automatic switch-over to the remaining computer, so the main
DP control system reliability is:
9
R (t )   pi (t )
i 1
Actually, if assuming the change-over switch between
main control station and fire-backup is fault-free, and the
backup control unit always keeps faultless hot back-up, the DP
system will be still operational when the main DP control
system is totally disabled. The reliability of the triple-redundant
control system reliability with variation on technical failure
rates is predicted in Table.1. The reliability analysis indicates a
probability of system failure of 100% per year with a combined
2
failure rates of the control computer failure rate   10
3
the operator station failure rate   10 ，the system reliability
will be improved as the combined failure rates decrease. The
probability of failure of system is evaluated to be 6 E-4 per year
5 6
with the combined rates of   10 and   10 .
SYSTEM RELIABILITY ANALYSIS OF DP CONTROL
ARCHITECTURE CONSIDERING HUMAN FACTORS
In above reliability analysis, only technical system failures
are included in the Markov modeling, however a typical DP
operation generally involves a human-machine system, e.g. DP
operators issue control commands based on the information
provided by various sensors and take some actions for the
emergency situation, hence the human factors and
organizational contributions together with technical factors
should be considered in the reliability analysis, as well as in
system safety analysis and risk assessment[11]. In this section,
the human reliability analysis (HRA) technique is incorporated
into the Markov model to estimate the human error rate, so the
(6) reliability of DP control architecture would be predicted with
technical and human factors together.
The state space model of human action for the continuous-
time Markov process[13]-[15] in an infinitesimal quantity
time t is simplified as in Fig.4,
Fig.4 The state model of human action
and The state equations are derived as:
 P0 (t  t )  P0 (t )  P0 (t )t
 (7)
 P1 (t  t )  P1 (t )  P0 (t )t
Where,  is the human error/failure probability,
P0 (t  t ) denotes the probability of human normal action at
the time t  t , P1 (t  t ) denotes the probability of human
error action at the time t  t .
Rewriting Eq.(8). yields:
 P0 (t  t )  P0 (t ) dP0
   P0 (t )
lim
t 0 t dt
 (8)
 lim P1 (t  t )  P1 (t )  dP1  P0 (t )
t 0 t dt

3 Copyright © 2016 by ASME

 P0 (t ) and P1 (t ) are obtained given the initial shown in Fig.5. The probabilities of human malfunction
T T
associated with the nominal human task performance reliability
state [ P0 (0), P1 (0 )]  [1,0] : are developed to be 1 E-6 to 1 E2.
Based on the system failures can develop from intrinsic
 P0 (t )  e  t (technical) and extrinsic (human error) causes, the technical
  t
(9)
system failures are independent of human operational
 P1 (t )  1  e
failures[16], the probability of failure of any module of the DP
The human reliability is solved as:
 t
Class 3 system is:
R (t )  e (10)
P( M i )  P( Ft i  Fhi ) (11)
The human factors associated with the state transition
Where the probability of failure of any module due to technical
from normal action to the error action consist of training, skills,
knowledge, communications, collaboration, mistake, equipment system fault is P (Fsi ) , the probability of failure of any module
interface, environment, organization, and so on. In HRA, due to human error is P ( Fhi ) .
performance shaping factors (PSF) and common performance
conditions (CPC) have been elaborated for describing the
impact on the whole system function to assess the human
failure. For offshore structures including fixed, floating and
mobile platforms, ship and pipelines, the qualitative quality
management assessment system (QMAS) and the quantitative
system risk analysis system (SYRAS) are applied together to
produce the human and organizational performance shaping
factors to analysis the risk and reliability during their life-
cycles.

Fig.6 Technical and human failures transition of Markov

Fig.5 Relationship of qualitative grading and quantitative PSF
According to Bea[10], seven structure system components
are identified as: operators, organizations, procedures,
equipment, structure, environments and interfaces, while
factors and associated attributes are identified for each of the
system components. For the qualitative analysis, grades for
each component factor and attribute are assigned and the
resultant grade level for each factor can be obtained with its
specified weighting. The grade level results, i.e. seven-point
scale, from qualitative analysis are embodied in the qualitative
analysis to produce the human task performance reliability
through absolute probability judgment (APJ) method. The
relationship between qualitative grading and quantitative PSF is
process
The Markov process analysis involved human error is
performed in Fig.6. Different human error failure rates with
associated effects are selected to predict the reliability of DP
Class 3 control system, where the same combinations of control
computer and operator station technical failure rates as Table.1
are applied. The DP control system reliability is directly
influenced by human operation errors, the system fails per 100
1
hours given a human malfunction failure of   10 , as the
probability of human operation failure decreases, the system
reliability will be improved dramatically, where the probability
of human operation failure decreases to the outstanding level of
4
QMAS, i.e.   10 resulting the probability of failure of
14.56%, which is the result of human factors together with
technical failures.

4 Copyright © 2016 by ASME

 Table.2 DP control system reliability with the change of and evaluation of collision between shuttle tanker and
human error rate FPSO in tandem offloading,” Reliability Engineering and
Failure R(t) t /h System Safety, 84:169-186.
rates /F(t) 1 100 1000 8760 [7] Haibo Chen, Torgier Moan, Harry Verhoeven., 2009,“Effect
5 7 7
of DGPS failures on dynamic positioning of mobile drilling
R(t) 0.9996  10  10  10
  10
1 units in the North Sea”, Accident Analysis and Prevention,
F(t) 0.0004 0.9999 1.0000 1.0000 93(7):1072-1090.
5 5 [8] Swain, A.D., 1989. “Comparative Evaluation of Methods
R(t) 1.0000 0.8063  10  10
  10
2 for Human Reliability Analysis,” ISBN 3-923875-21-5.
7
F(t)  10 0.1937 0.9999 0.9999 GRS-71.
R(t) 1.0000 0.9996 0.8063  10
4 [9] Alvarenga M.A.B., Frutuoso e Melo P.F., Fonseca R.A.,
  10
3
2014, “A critical review of methods and models for
7
F(t)  10 0.0004 0.1937 0.9999 evaluating organizational factors in human reliability
R(t) 1.0000 1.0000 0.9996 0.8544 analysis,” Progress in Nuclear Energy, 75: 25-41.
4
  10
7 7
[10]Bea, R.G., 2001, “Human factors and risk management of
F(t)  10  10 0.0004 0.1456
offshore structures. In: Proceedings of the International
PEP-IMP Symposium on Risk and Reliability Assessment
CONCLUSIONS for Offshore Structures,” Mexico City, December 3-4,
The reliability analysis of triple-redundant DP control 2001.
system is addressed in this paper, the continue-time Markov [11]Bea, R.G., 2002. “Human & Organizational Factors in
process is applied to model the fault state transition of the Design and Operation of Deepwater Structures,” OTC,
system. Human error factor together with general technical 14293.
failures is taken into account in the analysis. [12] Dhople, S.V. , Chen Y.C., 2013, “A set-theoretic method
The analysis results show that the human operation error for para metri c unce rtai nt y analysis in Markov
has a direct influence on the system reliability, its effect should reliability and reward models,” IEEE Transactions of
be included in the reliability evaluation. Beside the high Reliability, 62(3): 658-669.
requirements of safety and reliability on system components, [13] Dhillon B.S., 2007, “Human Reliability and Error in
the human error probability should be maintained within a safe Transportation Systems,” London: Springer.
level through training, practice, and other methods to guarantee [14] Dhillon B.S., 2009, “ Human Reliability, Error, and
the safe DP operation. Hu m an fa cto r in Eng i n eer in g Main t en an ce: wit h
Reference to Aviation and Power Generation,” Boca
ACKNOWLEDGMENTS Raton: CRC Press.
This work is supported partly by the National Natural [15] Song Chai, Jian-xin Yu, Zun-feng Du, Wen-chao Jin, Qing-
Science Foundation of China (51209062), partly by the ji Zhou, 2011, “ Quantitative human reliability analysis
National Natural Science Foundation of China (51509193), methods and application of offshore engineering, ” Journal
partly by the Zhejiang Provincial Natural Science Foundation of Tianjin University, 44(10): 914-919. (in Chinese)
of China (LQ15E090007), partly by the Zhejiang Provincial [16] Bea, R.G., 2002. “Human and organizational factors in
Natural Science Foundation of China (LY16E090006). reliability assessment and management of offshore
structures,” Risk Analysis, 22(1): 19-35.
REFERENCES
[1] IMO., 1994, “Guidelines for vessels with dynamic
positioning systems,” MSC/Circ. 645, London: Int.
Maritime Org.
[2] DNV GL., 2011, “Newbuildings special equipment and
systems-additional class,” in rules for classification of
ships newbuildings, DNV GL, Part 6, Chapter 7.
[3] ABS., 2013, “Guide for dynamic positioning systems”,
ABS Plaza 16855, Northchase Drive, Houston, USA.
[4] Haibo Chen, Torgier Moan, Harry Verhoeven., 2008,“Safety
of dynamic positioning operation on mobile offshore
drilling units,” Reliability Engineering and System Safety,
93(7):1072-1090.
[5] Torgeir Moan., 2009, “Safety management of deep water
station-keeping systems,” Journal of Marine Science and
Application, 8(2):83-92.
[6] Haibo Chen, Torgeir Moan., 2004, “Probabilistic modeling

5 Copyright © 2016 by ASME

View publication stats