Frequency

Analysis
 Objective
Frequency Analysis determines the likelihood of an
event to occur
The larger the number, the bigger the likelihood or
chance for the event to occur.
 Techniques

Among others, two techniques are frequently used

1. Event-Tree analysis
2. Fault Tree Analysis
 Fault Tree Analysis
Fault Tree is a method by which a particular
undesired system failure mode can be expressed in
terms of component failure modes and operator
actions.
The system failure mode to be considered is termed
the top event and fault tree is developed in
branches below this event showing it causes.,
connected by using logic gate
Example: Fault Tree of Pool Fire
 Event Tree Analysis
An event tree is a visual representation of all the events
which can occur in a system.
The goal of an event tree is to determine the probability of
an event based on the outcomes of each event in the
chronological sequence of events leading up to it.
As the number of events increases, the picture fans out like
the branches of a tree.
By analyzing all possible outcomes, you can determine the
percentage of outcomes which lead to the desired result.
 Example

This event tree was constructed to analyze the possible outcomes of a

system fire. The system has 2 components designed to handle this event:
a sprinkler system and an automated call to the fire department. If the fire
department is not notified, the fire will be mostly contained by the
sprinkler system. If the sprinkler system fails as well, the system will be
destroyed.
Fault Tree
Analysis
 Failures in Process Industries

Single Component Failure

Data for failure rates are compiled by industry
Single component or single action
Multiple Component Failure
Failures resulting from several failures and/or actions
Failure rates determined using FTA
 Failure Rates Data
Instrument Faults/year
Controller 0.29
Control valve 0.60
Flow measurements (fluids) 1.14
Flow measurements (solids) 3.75
Flow switch 1.12
Gas liquid chromatograph 30.6
Hand valve 0.13
Indicator lamp 0.044
Level measurements (liquids) 1.70
Level measurements (solids) 6.86
 Failure Rates Data
Instrument Faults/year
Oxygen analyser 5.65
pH meter 5.88
Pressure measurement 1.41
Pressure relief valve 0.022
Pressure switch 0.14
Solenoid valve 0.42
Stepper motor 0.044
Strip chart recorder 0.22
Thermocouple temperature meas. 0.52
Thermometer temperature meas. 0.027
Valve positioner 0.44
 Failure Rates Data
Some data are per hour

Failure Frequency Failure Frequency

Component (hr-1) Component (hr-1)

Gasket Failure (leak) 1.00 x 10-06 Pump Seal Failure 8.00 x 10-07

Gasket Failure (total) 1.00 x 10-07 Alarm Failure 1.00 x 10-05

Pipe Rupture (> 3 in) 1.00 x 10-10 Operator Error 2.00 x 10-05

Pipe Rupture (< 3 in) 1.00 x 10-09 Hose Rupture 2.00 x 10-05

Valve Rupture 1.00 x 10-08

Frequency, Reliability and Probability
Component Failure Rate m Reliability Failure
(faults/year) R=e(-mt) Probability
P=1-R
Control Valve 0.6 0.55 0.45
Controller 0.29 0.75 0.25
DP Cell 1.41 0.24 0.76

p = 1- e -mt
where p is the annual probability of occurrence,
m is the annual frequency and t is time period
(i.e., 1 year).
Conversion is important in OR gate (dimensional homogeneity)
Frequency and Probability - Example

taking the case of gasket failure and assuming

that we have 10 gaskets, the annual probability of
occurrence is:

1 x 10 -7 8760 hr 10
p 1 exp 8.72 x 10 3 year 1
hr year

 What is Fault Tree Analysis

Fault Tree is a method by which a particular

undesired system failure mode can be expressed in
terms of component failure modes and operator
actions.
The system failure mode to be considered is termed
the top event and fault tree is developed in
branches below this event showing it causes.
 Fault Tree Analysis
Fault tree analysis is typically carried out by
a group or people or an individual.
These individuals must have knowledge on
the process so that causes of undesirable
events can be understood
The following information is important
process and equipment description and
specification
process flow diagram, process instrumentation
diagram and design information
plant operation, human factors and
environmental factors
 Two basic Element

The two mostly used gate symbol are and & or

gates.
And gate is used to indicate that output event occurs
if all input event occurs simultaneously.
Or gate is used when output event occurs if any one of
the input event occurs.
Event symbol mostly used is Rectangle to show
any event. Signify the TOP EVENT by a double box.
 FTA Procedure
1. Define top event
2. Choose events identified by hazard identification method
(i.e HAZOP) which can lead to this top event.
3. Decide on the hierarchical construction of fault tree
4. Construct fault tree. All inputs to a particular gate should
be completely defined before further analysis of one of
them is undertaken.
5. Quantify the base events
6. Quantify the top event
 FTA Procedure

7. Analyze results to determine the significance of

particular base events or combination events
8. Carry out sensitivity analysis to test the following
factors:
uncertainty of basic data
effect of improving reliability of plant and control
systems
effect of varying method of operation on the plant
effect of plant modernization
effect of improved training of operators
 Underlying Principles
Causes of undesirable events can only be understood
with knowledge on how the system functions
through:
chemical/physical processes in the plant
specific information on the whole process
data on hazardous properties of materials
process flow diagram and process instrumentation
diagram
equipment specification
plant operation
human factors and environmental factors
 Example: Pump
A system to pump acetic acid from the supply tank to the
process is illustrated in figure.
The system function automatically.
When the regulator is energized, one of the pumps is started
and acid passes through the feed pipes; if no acid is detected
in the feed pipe the second pump is started.
Construct a fault tree with the top event no flow to the
process.
To make your life easier, consider failure modes listed here.
Is there any other notable failures not listed should be
considered?
 Example: Pump
S E

C1 C2
F1

M
F2 P1
R
P2

E : ELECTRICITY
C1, C2 : CABLES P1,P2 : PUMPS
F1,F2 : FEED PIPES R : REGULATOR
M : MANIFOLD S : SUPPLY TANK
 Failure Modes to Consider

Component Symbol Failure Mode

Cables C1 + C2 short-circuit
Electricity supply E power cut
Feed pipes F1 + F2 rupture of pipe
Manifold M rupture
Pumps P1 + P2 fail to start
Regulator R fail to open on Supply
tank S level too low
 Fault Tree
NO FLOW TO
PROCESS

PROBLEMS WITH
PUMPS
GENERAL PROBLEMS

PUMP P1 PROBLEMS PUMP P2 PROBLEMS

Tanks Manifold
level M
Pump P1 fails to Pipe P2 Cable C2 short
too low fails start ruptures circuits
Power cut
PROBLEM 1 - SIMPLIFIED SYSTEM
Regulator Pipe P1 Cable C1 Pumps P2
fails ruptures short circuits fails to start
 Unit on Fault Tree and Rules
Frequency (failure/year) = probability of failure per operation number of
operation per year
AND GATE rules :
can multiply P and P = unit of probability
can multiply P and F = unit of F
cannot multiply F and F = unit F2 (for example failure/yr2)
OR GATE rules :
can add P and P = unit of P
can add F and F = unit F
cannot add F and P =different unit
RULES for AND GATES
P(A.B) = PA.PB F(AB) = FA.PB
 Boolean Algebra and Minimal Cut Set
Boolean Rules A CUT SET = combination of basic
Differences to numerical events which will produce TOP
manipulation EVENT
Indempotent A+A=A In the example :
A.A=A M, M.Z, W.M, W.Z are all cut set
Absorption A+A.B=A But
A.(A+B)=A Minimal CUT SET is a CUT SET if any
basic event is removed the TOP
For example : EVENT will not occur
(M+W) . (M+Z) Therefore MINIMAL CUT SET is M
= M.M + M.Z +W.M +W.Z and W.Z
= M + M.Z +W.M +W.Z can redraw the FAULT TREE..
= (M + M.Z +M.W) + W.Z
= M+ W.Z
 Example Minimal Cut Set
PUMP FAIL

PUMP A FAILS PUMP B FAILS

Failure of Pump A Failure of Pump B

Power Mechanic PROBLEM 1 - SIMPLIFIED SYSTEM
Power Mechanic
Supply al Failure Supply al Failure
M W M Z
 Unit on FTA

Quantify Fault Tree

Electrical supply failure, P = 0.1
Single pump failure, P = 0.25
Referring to Fault Tree :
Before minimal cut set, Probability of pump fail = 0.1225
After minimal cut set, Probability of pump fail = 0.1625
 Example -Minimum Cut Set
PUMP FAIL

FAILURE OF MECHANICAL FAILURE OF

POWER SUPPLY PUMPS

Pump A
PROBLEM 1 - SIMPLIFIED SYSTEM
Pump B
Mechanical Mechanical
Failure Failure

W Z
Boolean Algebra-Minimum Cut Set
TOP EVENT

A B

D E

C D E C
Boolean Algebra-Minimum Cut Set
(A + B) . [ (C + D) . (E + C) + (D.E) ]
= (A + B) . (C.E + D.E + C.C + D.C + D.E )
= (A + B) . (C.E + D.E + C + D.C + D.E )
= (A + B) . (C + C.E + D.E + D.C + D.E )
= (A + B) . (C + C.D + C.E + D.E + D.E )
INDEMPOTENT LAW
= (A + B) . (C + C.D + C.E + D.E)
ABSORPTION LAW
= (A + B) . (C + D.E )
Boolean Algebra-Minimum Cut Set
TOP EVENT

C
A B

D E
Event Tree
Analysis
 Consequence spectrum
An accidental event is defined as the first significant
deviation from a normal situation that may lead to
unwanted consequences (e.g., gas leak, falling object, start
of fire)
An accidental event may lead to many different
consequences. The potential consequences may be
illustrated by a consequence spectrum

C1

C2
Accidental
Event

Cn
 Barrier
Most well designed systems have one or more
barriers that are implemented to stop or reduce the
consequences of potential accidental events.
The probability that an accidental event will lead to
unwanted consequences will therefore depend on
whether these barriers are functioning or not.
Barriers are also called safety functions or
protection layers, and may be technical and/or
administrative (organizational).
 Cause of a Consequence
Failure of barrier
Other Factors
Whether a gas release is ignited or not
Whether or not there are people present when the
accidental event occurs
Wind direction when the accidental event
 Event Tree Analysis
An event tree analysis (ETA) is an inductive procedure that
shows all possible outcomes resulting from an accidental
(initiating) event, taking into account whether installed
safety barriers are functioning or not, and additional events
and factors.
By studying all relevant accidental events (that have been
identified by a preliminary hazard analysis, a HAZOP, or
some other technique), the ETA can be used to identify all
potential accident scenarios and sequences in a complex
system.
Design and procedural weaknesses can be identified, and
probabilities of the various outcomes from an accidental
event can be determined.
 Event Tree Analysis
Simpler than fault-tree analysis:
Sequence frequencies are products
Can combine sequences by taking sums
However, more judgment is required in how to model
a system as an event tree
Basic goal is to keep the model as simple as
possible:
By taking advantage of independence and conditional
independence relations
Example: Explosion
 Steps in Constructing Event Tree
1. Identify (and define) a relevant accidental (initial) event
that may give rise to unwanted consequences
2. Identify the barriers that are designed to deal with the
accidental event
3. Construct the event tree
4. Describe the (potential) resulting accident sequences
5. Determine the frequency of the accidental event and the
(conditional) probabilities of the branches in the event tree
6. Calculate the probabilities/frequencies for the identified
consequences (outcomes)
7. Compile and present the results from the analysis
 Accidental Event
When defining an accident event, we should answer the
following questions:
What type of event is it? (e.g., leak, fire)
Where does the event take place? (e.g., in the control room)
When does the event occur? (e.g., during normal operation, during
maintenance)
In practical applications there are sometimes discussions
about what should be considered an accidental event (e.g.,
should we start with a gas leak, the resulting fire or an
explosion). Whenever feasible, we should always start with
the first significant deviation that may lead to unwanted
consequences.
 Accidental Event

An accidental event may be caused by:

System or equipment failure
Human error
Process upset
The accidental event is normally anticipated. The
system designers have put in barriers that are
designed to respond to the event by terminating
the accident sequence or by mitigating the
consequences of the accident.
 Accidental Event

For each accidental event we should identify:

The potential accident progression(s)
System dependencies
Conditional system responses
 Barriers
The barriers that are relevant for a specific
accidental event should be listed in the sequence
they will be activated.
Examples include:
Automatic detection systems (e.g., fire detection)
Automatic safety systems (e.g., fire extinguishing)
Alarms warning personnel/operators
Procedures and operator actions
Mitigating barriers
 Additional Events/Factors

Additional events and/or factors should be listed

together with the barriers, as far as possible in the
sequence when they may take place.
Some examples of additional events/factors were
given on a previous slide
 Event Sequence
Each barrier should be described by a (negative) statement,
e.g., Barrier X does not function (This means that barrier X
is not able to performs its required function(s) when the
specified accidental event occurs in the specified context).
Additional events and factors should also be described by
(worst case) statements, e.g., gas is ignited, wind blows
toward dwelling area.
Additional Barrier I Barrier II Barrier III Additional
Accidental Outcome /
Accidental does not does not does not Accidental
Event Consequence
Event function function function Event

True
By this way the most severe consequences
will come first
False
 Outcome Alternatives
In most applications only two alternatives (true
and false) are considered. It is, however, possible
to have three or more alternatives, as shown in the
example below:

Wind toward residential area

Gas Release Wind toward Factory

Wind toward empty area

 End Outcomes
In practice, many event trees are ended before the final
consequences are reached
Including these final consequences may give very large
event trees that are impractical for visualization
This is solved by establishing a consequence distribution for
each end event and the probability of each consequence is
determined for each end event
In effect, this is an extension of the event tree, but it gives a
more elegant and simpler presentation and also eases the
summary of the end results
 Results in Decision Making

The results from the event tree analysis may be

used to:
Judge the acceptability of the system
Identify improvement opportunities
Make recommendations for improvements
Justify allocation of resources for improvements
 End Events

Out- Environmental
Freq- Loss of Lives Material Damage
come Damage
uency
descr. 0 1-5 >5 N L M H N L M H
 Pros and Cons
Positive
Visualize event chains following an accidental event
Visualize barriers and sequence of activation
Good basis for evaluating the need
Negative
No standard for the graphical representation of the event
tree
Only one initiating event can be studied in each analysis
Easy to overlook subtle system dependencies
Not well suited for handling common cause failures in the
quantitative analyses
The event tree does not show acts of omission
Generic Example
 Frequencies of Outcome
Let denote the frequency of the accidental (initiating) event.
Let Pr(Bi) denote the probability of event B(i).

When we know that the accidental event has occurred, the

probability of Outcome 1 is:

Pr(Outcome 1 Accidental Event) Pr(B1 B2 B3 B4 )

Pr(B1 ). Pr(B2 B1 ). Pr(B3 B1 B2 ). Pr(B4 B1 B2 B3 )
Note that all the probabilities are conditional given the result of the process
until barrier i is reached. The frequency of Outcome 1 is:

Pr( B1 B2 B3 B4 )
The frequencies of the other outcomes are determined in a similar way.
Pipeline Leak Event Tree
Gas pipeline Rupture Event

Check for error