1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the management of accelerator components and infrastructure development for RAMS Douzi Imran Khan Seppo Virtanen TUT, Tampere, Finland. Project: 09/11 – 09/14 Douzi Imran Khan

2 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Background Information Name: Douzi Imran Khan Country: India B. Tech: Industrial & Production Engineering (2007) M. Tech: Reliability Engineering(2009), IIT Bombay, India. EMBA from International Institute for Business Management (IIBM). Current Designation: Researcher and PhD student, TUT, Finland. Supervisor: Prof. Seppo Virtanen Organization: Tampere University of Technology (TUT), Tampere Finland. Douzi Imran Khan

3 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Contents Motivation. Research Goals vs. Results Collaboration and Interaction Summary. Douzi Imran Khan

4 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Contents Motivation. Research Goals vs. Results Collaboration and Interaction Summary Douzi Imran Khan

5 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Why study RAMS? Product and system complexity is increasing. Many technical products and systems are combinations of software, electronics and mechanical components. Also, the interactions between technical systems and the economical / social systems of our global society are becoming tighter and more inter-dependent. Quantitatively predict product/system performance to decide whether the performance is as good as desired or not, and Systematically identify and remove undesirable/untolerable characteristics which will effect system’s life cycle. Douzi Imran Khan

6 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RAMS is a characteristic of a system’s long term operation and is achieved by the application of established engineering concepts, methods, tools and techniques throughout the lifecycle of the system. The RAMS of a system can be characterized as a qualitative and quantitative indicator of the degree that the system, or the sub-systems and components comprising that system, can be relied upon to function as specified and to be both available and safe. The RAMS of the system is influenced in three ways: by sources of failure introduced internally within the system at any phase of the system life cycle (system conditions) by sources of failure imposed on the system during operation (operating conditions) by sources of failure imposed on the system during maintenance activities (maintenance conditions). What is RAMS? Douzi Imran Khan

7 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland System Dependability Reliability Maintainability Availability Safety Douzi Imran Khan

8 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RAMS Targets 5. operate 1. Inspect & Detect 2. Propose & Corrections 3. Implement 4. Validate RAMS Targets Douzi Imran Khan

9 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RAMS will help in many aspects, for instance: It will provide indicators of how sturdy and reliable a system design can potentially be. It helps to identify which parts of a system are likely to have the major impacts on system level failure, and also which failure modes to expect and which risks they pose to the human, infrastructure and environment. In the planning of cost-effective maintenance and replacement operations. The avoiding of hazards/accidents. Risk assessment helps to improve safety levels. RAMS has increasingly been called on use in the assessment of safety integrity levels. Assessment of how good a design enhancement, like implementation of a new part or redundancy is. Douzi Imran Khan

10 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland The importance of safe functioning of large scale accelerator facilities is essential and all the systems of it have to correspond to high RAMS performance. There is no significant RAMS consideration and therefore the feasible framework for RAMS engineering is required for the facility to last long, to be safe, to be easily managed and maintained. Specification and allocation of RAMS requirements for the functional entities. The concept of allocating RAMS requirements to functional entities enables the design team to elude the problem of being bound to any one particular technical solution. This helps in maintaining an accurate allocation model, since changing the technical solution does not necessarily require a change in the allocation model. Douzi Imran Khan

11 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Upside Risk Potential. Availability and Safety RISK affecting safety and availability of a facility. Availability Safety Risk Reduction Risk Control System Reliability Risk taking Risk taking impact Douzi Imran Khan

12 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Component (C) STRUCTURE (S) RAMS SE process during system design and development. Douzi Imran Khan

13 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Systems RAMS engineering process Systems RAMS engineering process integrated in system design, system realization, and technical management processes. Douzi Imran Khan

14 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Contents Motivation. Research Goals vs. Results Collaboration and Interaction Summary Douzi Imran Khan

15 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Goals of the Research. Research and development framework for integrating efficiently RAMS in the lifecycle of an accelerator system. Concept for modeling FSSC causal relations and their interconnections to the facility (RAMS) performance. Method for the Specification and allocation of systems RAMS requirements. Method for the Application of RAMS design review to Probabilistic Risk Assessment (PRA) in a large scale facility. RAMS analysis and management using FME(C)A, Cause- Consequence logic tree (Combination of FTA and ETA), Safety and Availability analysis. To provide the methods for computer supported modeling and analysis of failure logic of a complex system for its RAMS characteristics. Douzi Imran Khan

16 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Risk Analysis and Management (PRA).  Recognizing the problem.  Modeling the event chains, that leads to the identified problem.  Estimating the event probabilities.  Modeling the consequences followed by the identified problem.  Estimating the consequences severities.  Analytical Risk calculation and Risk simulation.  Risk estimation and control plans.  Action planning and execution. Douzi Imran Khan

17 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Risk Analysis and Management (PRA). Douzi Imran Khan

18 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RAMS engineering and Management. Iterative design model for RAMS engineering and management. Probabilistic Risk Assessment (PRA). Simulation, calculation and analysis of design solution to fulfill requirements set for RAMS performance. Cause-consequence logic tree modeling. Method for the Management of Design (RAMS) requirements. Method for modeling Functional hierarchy (Specification and allocation of RAMS requirements and seeking out the best technical solutions). Framework for integrating efficiently RAMS Douzi Imran Khan

19 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Concept of Functions, Systems, Structures, Components (FSSC) interconnections and causal relations to facility performance. Functional analysis Concept/Method for RAMS.. Douzi Imran Khan

20 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Management concept of RAMS design requirements. Douzi Imran Khan

21 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Facility “Operation Maintenance & Risk Event” Data Base Indication of causes and consequences of the event Estimation of the root causes’ and the gates’ (conditional) probabilities and the extent of damages Selection of TOP event to be studied Identification of Events - Failure modes - Consequences of Failures - Causes of Failure - Deviation of Process and Environmental conditions - Consequences of Deviation - Causes of Deviation - Human errors - Consequences of Human errors - Causes of Human error Generated event list Event 1 Event 2 Event 3 Event 4 Event 5. Event n Definition of type of the gates Definition of the action plan to mitigate the risks under acceptable level Generated model of the cause and consequence logic Prioritization of root causes from probability and risk reduction point of view Calculation of probabilities and risks of the chains of causes lead to TOP and the chains of consequences initiate from the TOP FMEA Hazop HEA Implementation and control of the action plan Cause-Consequence logic tree modeling. Douzi Imran Khan

22 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Cause Consequence Logic Cause-consequence logic and analysis is an alternative assessment technique, capable of modeling all system failures on one logic diagram. The method presents logical connections between causes of an undesired (critical) event (Top Event) and the consequences of such event, if one or more mitigating provisions fail. Supports to calculate exact, or obtain bounds for, the mission unreliability by means of the probability that the system fails to function successfully in atleast one phase. Douzi Imran Khan

23 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Cause Consequence Logic The objective of a cause-consequence logic is to evaluate the likelihood or frequency of each outcome that can result from the top event. With the aid of cause-consequence method, one can not only document the failure logic of the system, but can also be able to produce the exact failure probability of the events in a very efficient calculation procedure. It is a tool for the complete system reliability analysis and probabilistic risk assessment (PRA) for risk management. Douzi Imran Khan

24 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Operation and Maintenance Data Management throughout the Plant life cycle Design Review – Probabilistic Risk Assessment & Management Douzi Imran Khan

25 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Gate Model. The characteristics of a gate is given by the data column (k, m, p, μ, ± I 1, ± I 2, …, ± I n ) 0 ≤ p ≤ 1, μ ≥ 0, and I i are the ID-numbers of the inputs. Where, k & m are nonnegative integers, The state of a gate (gate event) G is a random variable depending on the states of the input events: Where U is a random number from the uniform distribution on the unit interval, And, the truth function Φ (“statement”) equals 1 if “statement” is true, and otherwise 0. In-Short: The logic of the gate is true with conditional probability p, if at least k and at most m inputs are true. Douzi Imran Khan

26 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Gate Example. The gate (ID4) (k, m, p, μ, ± I 1, ± I 2, …, ± I n ) (1, 2, 0.9, 0, 1, -2, 3) And X 4 = [1 ≤ x 1 +(1-x 2 )+x 3 ≤ 2]. Φ (U ≤0.9) Gate ID = 4 P = 0.9 K=1 m=2 Cause ID = 1 Cause ID = 2 Cause ID = 3 NOT Douzi Imran Khan

27 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Cause Tree Gate(s) Logic. Douzi Imran Khan

28 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Cause tree matrix Douzi Imran Khan

29 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland MR Power outage Cause-Consequence logic. Douzi Imran Khan

30 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Example (Mobile Robot Power Outage). Cause Tree for MR Power outage. Cause tree logic matrix Douzi Imran Khan

31 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Consequence Tree from MR Power outage. Consequence tree logic matrix Douzi Imran Khan

32 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Risk Importance measures. Birnbaum’s importance measure Risk Reduction Worth Risk Achievement Worth Criticality importance Importance measures to describe the correlative relation between two events. Douzi Imran Khan

33 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Input data for simulation Simulation results. Douzi Imran Khan

34 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Application of RAMS Design Review to Probabilistic Risk Assessment in a Large Scale Facility Douzi Imran Khan

35 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Analysing RAMS Requirements System / Functional Analysis Iterative Design model for RAMS engineering and management. Douzi Imran Khan

36 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Contents Motivation. Research Goals vs. Results Collaboration and Interaction Summary Douzi Imran Khan

37 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Collaboration and Interaction –Host Organization. (Supervisor and Colleagues) –Other PURESAFE ESR’s and Supevisors –PURESAFE Coordinator and project manager. –University Personnel. Douzi Imran Khan

38 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Private Sector Interaction Collaboration with Ramentor Oy, Finland and discussions on the ELMAS ((Event Logic Modeling and Analysis Software), developed and maintained by Reliability Engineering Research Group, TUT) Collaboration with RELIASOFT, Taipuva Consulting Ltd, Finland and discussions on the FTA/ETA (Fault/Event Tree Analysis) FMEA (Failure Mode and Effect Analysis), and RCM (Reliability Centered Maintenance) for realtime projects. Collaboration with LTU(Luleå University of Technology, Sweden), BARC(Bhabha Atomic Research Center) and IIT Bombay, India for discussions on failure of physics approach and RAMS studies. Interaction with Posiva Oy, Pöyry Oy and STUK, for discussions/training will be on the consideration of safety issues, probabilistic risk assessment(PRA). Douzi Imran Khan

39 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Framework for RAMS engineering and Management STUK. POSIVA PÖYRY RAMENTOR RELIASOFT TAIPUVA PURESAFE RP projects CERN and GSI Radiation and Nuclear Safety Authority, Finland. RadioActive Waste Management Sector. ELMAS and RELIASOFT software for RAMS. Prof. Seppo Virtanen & Team Safety management system Related RP projects inputs? Douzi Imran Khan

40 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Future Work. RAMS modeling and analysis for FAIR Super FRS remote handling systems for maintenance tasks * RAMS study and assessment, from LHC to FCC Douzi Imran Khan

41 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Contents Motivation. Research Goals vs. Results Collaboration and Interaction Summary Douzi Imran Khan

42 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland IMPACT & SUMMARY RAMS analysis and management done through Functional Analysis, FME(C)A, Cause-Consequence logic tree (Combination of FTA and ETA), Reliability and availability analysis technique can guarantee a reasonably good result for a Risk Analysis. Addition to this, a well structured RAMS modeling and management, ensures a safer facility, decreased engineering problems, reduced operation and maintenance costs and increased process up time. Based on experience and assisted by the modeled failure logic, it is possible to find out the problem areas, which during the design and development phase may reduce the system’s RAMS performance and delay its design and development time. It also helps to identify which parts of a system are likely to have the major impacts on system level failure, and also which failure modes to expect and which risks they pose to the human, infrastructure and environment. Douzi Imran Khan

43 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Summary The scientific infrastructure RAMS for reducing the facility life-cycle cost and for the facility to last long, to be safe, to be available, to be easily managed and maintained. A dependable accelerator systems can only be realized through consideration of the interactions of RAMS elements within a system and the specification and achievement of the optimum RAMS combination for the system. Therefore, for design, build, operation and maintenance of an accelerator facility system, it has become increasingly important to assure conformity with respect to requirements in the areas of RAMS. Use or implementation of methodologies and tools that increase the reliability and availability of the machinery and systems in general, decreasing the maintenance costs and ensuring the safety of both workers and equipment. Douzi Imran Khan

44 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland Thank you very much for your kind attention! Douzi Imran Khan