Presentation is loading. Please wait.

Presentation is loading. Please wait.

ETA 周达天 2014.12.18. Step 1Step 2Step 3Step 4Step 5Step 6.

Published byElvin Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "ETA 周达天 2014.12.18. Step 1Step 2Step 3Step 4Step 5Step 6."— Presentation transcript:

1 ETA 周达天 dtzhou@bjtu.edu.cn 2014.12.18

2 Step 1Step 2Step 3Step 4Step 5Step 6

3 Step 1Step 2Step 3Step 4Step 5Step 6

4 Step 1Step 2Step 3Step 4Step 5Step 6

5 Step 1Step 2Step 3Step 4Step 5Step 6

6 Step 1Step 2Step 3Step 4Step 5Step 6

7 Step 1Step 2Step 3Step 4Step 5Step 6

8 Fire incident in a nuclear power plant Fire detection, early

9 Fire incident in a nuclear power plant Room closer, fire door closed

10 Fire incident in a nuclear power plant Room closer, fire damper closed.

11 Fire incident in a nuclear power plant Fire suppression, portable existing.

12 Fire incident in a nuclear power plant Fire suppression, fixed installed. early

13 Fire incident in a nuclear power plant Fire detection, late

14 Fire incident in a nuclear power plant Equip. damage from suppr. agent

15 Fire incident in a nuclear power plant

16 According to the materials, construct an event tree for each one starting from the initiating event which you or your group are interested. Discussion

17 Fatal Exposure Tragedy at DuPont http://2013foehs.blog.ehs.cn/video/anquan/616.html

18 Explosion at T2 Laboratory http://anthonywang.blog.ehs.cn/video/guanli/387.html

19 Explosion caused by Purging flammable gases http://anthonywang.blog.ehs.cn/video/guanli/386.html

20 Analysis techniques for Dependability – Event tree analysis (ETA) IEC 62502

21 Scope I.the consolidated basic principles of Event Tree Analysis (ETA) II.modeling the consequences of an initiating event as well as analyzing these consequences qualitatively and quantitatively IEC 62502 (1)

22 Normative references I.IEC 60050-191:1990, International Electrotechnical Vocabulary – Chapter 191: Dependability and quality of service II.IEC 61025:2006, Fault tree analysis (FTA) IEC 62502 (2)

23 Terms, definitions, abbreviations and symbols IEC 62502 (3)

24 Terms, definitions, abbreviations and symbols  Terms and definitions IEC 62502 (3.1) nodecommon cause eventheading initiating eventmitigating factor outcomesequence top eventbranch

25 Terms, definitions, abbreviations and symbols  Terms and definitions  node point in the graphical representation of the event tree depicting two or more possible outcomes for the mitigating factor IEC 62502 (3.1.1)

26 Terms, definitions, abbreviations and symbols  Terms and definitions  common cause cause of occurrence of multiple events IEC 62502 (3.1.2)

27 Terms, definitions, abbreviations and symbols  Terms and definitions  event occurrence of a condition or an action IEC 62502 (3.1.3)

28 Terms, definitions, abbreviations and symbols  Terms and definitions  headings listed mitigating factors in a line above the depiction of the event tree IEC 62502 (3.1.4)

29 Terms, definitions, abbreviations and symbols  Terms and definitions  initiating event event which is the starting point of the event tree and the sequence of events that may lead to different possible outcomes IEC 62502 (3.1.5)

30 Terms, definitions, abbreviations and symbols  Terms and definitions  mitigating factor system, function or other circumstantial factor mitigating the consequences of the initiating event IEC 62502 (3.1.6)

31 Terms, definitions, abbreviations and symbols  Terms and definitions  outcome possible result of the sequence of events after all reactions of relevant mitigating factors have been considered and no further development of the event tree is required IEC 62502 (3.1.7)

32 Terms, definitions, abbreviations and symbols  Terms and definitions  sequence chain of events, from the initiating event, through subsequent events, leading to a specific outcome IEC 62502 (3.1.8)

33 Terms, definitions, abbreviations and symbols  Terms and definitions  top event predefined undesired event which is the starting point of the fault tree analysis, and is of primary interest in the analysis. It has the top position in the hierarchy of events in the fault tree IEC 62502 (3.1.9)

34 Terms, definitions, abbreviations and symbols  Terms and definitions  branch graphical representation of one out of two or more possible outcomes originating from a node IEC 62502 (3.1.10)

35 Terms, definitions, abbreviations and symbols  Abbreviations and symbols  Abbreviations  Symbols IEC 62502 (3.2)

36

37

38 Terms, definitions, abbreviations and symbols  Abbreviations and symbols  Abbreviations IEC 62502 (3.2.1)

39

40 Terms, definitions, abbreviations and symbols  Abbreviations and symbols  Symbols IEC 62502 (3.2.2)

41

42 General description Event tree analysis (ETA) is an inductive procedure to model the possible outcomes that could ensue from a given initiating event and the status of the mitigating factors as well as to identify and assess the frequency or probability of the various possible outcomes of a given initiating event. IEC 62502 (4)

43 Benefits and limitations of ETA Benefits Limitations IEC 62502 (5)

44 Benefits and limitations of ETA  Benefits a) it is applicable to all types of systems; b) it provides visualization of event chains following an initiating event; d) it functions simultaneously in the failure or success domain; g) it allows for identification and traceability of failure propagation paths of a system; IEC 62502 (5.1)

45 Benefits and limitations of ETA  Limitations a) the initiating events are not revealed by the analysis itself; it is an analytical task of the people involved in using the method to compile a comprehensive list of initiating events; e) time-dependent evolutions that involve time-dependence of the involved probabilities can be handled only if the relevant systems display a genuine constant probability or failure rate, or if, in the case of recovery and repair strategies, steady state unavailability is assumed to be reached quickly. This aspect is to be taken into account when dealing with periodically tested systems; IEC 62502 (5.2)

46 Relationship with other analysis techniques Combination of ETA and FTA Layer of protection analysis (LOPA) Combination with other techniques IEC 62502 (6)

47 Relationship with other analysis techniques  Combination of ETA and FTA The combination of ETA and FTA (sometimes referred to as Cause-Consequence Analysis (CCA), see [30] and [36]) is commonly used ; One example where ETA and FTA are combined is the so-called PRA (Probabilistic Risk Assessment) made for a nuclear power plant. IEC 62502 (6.1)

48 Relationship with other analysis techniques  Layer of protection analysis (LOPA) LOPA can be considered as an ETA with a restricted set of possible mitigating factors tailored to a particular application environment. It is predominantly used in the process industry. IEC 62502 (6.2)

49 Relationship with other analysis techniques  Combination with other techniques ETA may be combined with any other technique that is helpful for the derivation of the probability of the success or failure of the corresponding mitigating factors, but in these cases, the other techniques only complement the ETA. IEC 62502 (6.3)

50 Development of event trees General Steps in ETA IEC 62502 (7)

51 Development of event trees  General a) functions: the fulfillment (or not) of functions as mitigating factors; b) systems: the intervention (or not) of systems as mitigating factor s which are supposed to take action for preventing the progression of the initiating event into an accident or in the case of failure of the mitigating factors the mitigation of the accident itself; c) phenomena: the occurrence or non-occurrence of physical phenomena. IEC 62502 (7.1)

52 Development of event trees  Steps in ETA  Procedure  Step 1: Definition of the system or activity of interest  Step 2: Identification of the initiating events of interest  Step 3: Identification of mitigating factors and physical phenomena  Step 4: Definition of sequences and outcomes, and their quantification  Step 5: Analysis of the outcomes  Step 6: Uses of ETA results IEC 62502 (7.2)

53 Development of event trees  Steps in ETA  Procedure IEC 62502 (7.2.1) Step 1Step 2Step 3Step 4Step 5Step 6

54 Development of event trees  Steps in ETA  Step 1: Definition of the system or activity of interest Specify and clearly define the boundaries of the system or activity for which ETAs are to be performed. IEC 62502 (7.2.2)

55 Development of event trees  Steps in ETA  Step 2: Identification of the initiating events of interest Conduct a screening to identify the events of interest or categories of events that the analysis will address. Categories include such things as collisions, fires, explosions, toxic releases, etc. IEC 62502 (7.2.3)

56 Development of event trees  Steps in ETA  Step 3: Identification of mitigating factors and physical phenomena Identify the various mitigating factors that can influence the progression of the initiating event to its outcomes. These mitigating factors include both engineered systems and human actions/decisions. IEC 62502 (7.2.4)

57 Development of event trees  Steps in ETA  Step 4: Definition of sequences and outcomes, and their quantification For each initiating event, define the various outcomes (e.g. accident scenarios) that can occur and perform the actual quantitative analysis on the basis of the constructed event tree. IEC 62502 (7.2.5)

58 Development of event trees  Steps in ETA  Step 5: Analysis of the outcomes The various outcomes are then analyzed with respect to their consequences and their impact on the results of the analysis. IEC 62502 (7.2.6)

59 Development of event trees  Steps in ETA  Step 6: Uses of ETA results The qualitative and quantitative findings of the analysis are then translated into necessary actions. IEC 62502 (7.2.7)

60 Evaluation Preliminary remarks Qualitative analysis – Managing dependencies Quantitative analysis IEC 62502 (8)

61 Evaluation  Preliminary remarks IEC 62502 (8.1)

62 Evaluation  Qualitative analysis – Managing dependencies  General  Functional dependencies  Structural or physical dependencies IEC 62502 (8.2)

63 Evaluation  Qualitative analysis – Managing dependencies  General a) to gain understanding of the factors that might determine dependence between functions or between the components of the system; b) to identify the important potential dependent failure events; c) to facilitate the correct quantitative analysis of the event tree and to establish the proper link with the fault trees. IEC 62502 (8.2.1)

64 Evaluation  Qualitative analysis – Managing dependencies  Functional dependencies a) one mitigating factor represents a support system for the other, or b) changes in the environmental parameters occur in such a way that the success or failure of the other mitigating factor is affected. IEC 62502 (8.2.2)

65

66 Evaluation  Qualitative analysis – Managing dependencies  Structural or physical dependencies Therefore a common-cause analysis is carried out so as to determine the susceptibility of the various mitigating factors to failure from external or internal conditions, systems or functions, such as fires, earthquakes, hurricanes, failures of engineered systems, or human acts such as human errors, or acts of sabotage. IEC 62502 (8.2.3)

67

68 Evaluation  Quantitative analysis  Independent sequence of events  Fault tree linking and boolean reduction IEC 62502 (8.3)

69 Evaluation  Quantitative analysis  Independent sequence of events IEC 62502 (8.3.1)

70

71 Evaluation  Quantitative analysis  Fault tree linking and Boolean reduction If the occurrence of the top event is expressed in terms of failure rates or frequencies, then these measures for the occurrence of the top event cannot be easily combined with the occurrence frequency of the initiating event. IEC 62502 (8.3.2)

72

73 Documentation a) objective and scope of the analysis ( B.2.2), ( B.2.4); b) system description ( B.2.3): 1) design description; 2) system operation; 3) detailed system boundaries definitions. c) assumptions ( B.2.3), ( B.2.4): 1) system design assumptions; 2) operation, maintenance, test and inspection assumptions; 3) reliability and availability modelling assumptions. d) ETA ( B.2.5), ( B.2.6): 1) rationale and sources for the list of initiating events; 2) analysis, including the graphical representation; 3) sources of data used. e) results, conclusions and recommendations ( B.2.7). IEC 62502 (9)

74 Annex A Graphical representation B Examples IEC 62502 (10)

75 Annex  A Graphical representation IEC 62502 (10.1)

76

77

78 Annex  B Examples  Fire incident in a nuclear power plant  ETA for a level-crossing system  Fault tree linking and Boolean reduction IEC 62502 (10.2)

79 Annex  B Examples  Fire incident in a nuclear power plant Overview Screening analysis Quantitative analysis Results IEC 62502 (10.2.1)

80 Annex  B Examples  Fire incident in a nuclear power plant Overview IEC 62502 (10.2.1.1)

81 Annex  B Examples  Fire incident in a nuclear power plant Screening analysis IEC 62502 (10.2.1.2)

82 Annex  B Examples  Fire incident in a nuclear power plant Quantitative analysis IEC 62502 (10.2.1.3)

83 Annex  B Examples  Fire incident in a nuclear power plant Results IEC 62502 (10.2.1.4)

84 Annex  B Examples  ETA for a level-crossing system Symbols and acronyms Objective System definition Hazard identification ETA Quantitative analysis Analysis of the outcomes and definition of necessary action Conclusion IEC 62502 (10.2.2)

85 Annex  B Examples  ETA for a level-crossing system Symbols and acronyms IEC 62502 (10.2.2.1)

86 Annex  B Examples  ETA for a level-crossing system Objective IEC 62502 (10.2.2.2)

87 Annex  B Examples  ETA for a level-crossing system System definition IEC 62502 (10.2.2.3)

88 Annex  B Examples  ETA for a level-crossing system Hazard identification IEC 62502 (10.2.2.4)

89 Annex  B Examples  ETA for a level-crossing system ETA IEC 62502 (10.2.2.5)

90 Annex  B Examples  ETA for a level-crossing system Quantitative analysis IEC 62502 (10.2.2.6)

91 Annex  B Examples  ETA for a level-crossing system Analysis of the outcomes and definition of necessary action IEC 62502 (10.2.2.7)

92 Annex  B Examples  ETA for a level-crossing system Conclusion IEC 62502 (10.2.2.8)

93 Annex  B Examples  Fault tree linking and Boolean reduction IEC 62502 (10.2.3)

94 Bibliography [1] American Institute of Chemical Engineers, Layer of Protection Analysis – Simplified process risk assessment, New York, USA, October 2001 [2] ANDREWS, J.D., DUNNETT, S.J. Event Tree Analysis using Binary Decision Diagrams, IEEE Trans. Reliability, Vol 49, pp 230 – 238, 2000 [3] ASME Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, 2002, Amended by addenda ASME RA-Sa-2003, ASME RA-Sb 2005, and ASME RA-Sc-2007 [4] BRABAND, J., LENNARTZ, K. A Systematic Process for the Definition of Safety Targets for Railway Signalling Applications, Signal+Draht, 9/99 [5] DOWELL, III, A.M., HENDERSHOT, D.C. Simplified Risk Analysis – Layer of Protection Analysis (LOPA), American Institute of Chemical Engineers, Indianapolis, 2002 [6] Expert Group on Probabilistic Safety Analysis for Nuclear Power Plants: “Methods for Probabilistic Safety Analysis for Nuclear Power Plants, Status: August 2005”, BfSSCHR-37/05, Salzgitter, October 2005 (In German) IEC 62502 (11.1)

95 Bibliography [7] FULLWOOD, R.; HALL, R. Probabilistic Risk Assessment in the Nuclear Power Industry, New York, 1988 [8] GOLDBERG, B.E., EVERHART, K., STEVENS, R., BABBITT III, N., CLEMENS,P., STOUT, L. System Engineering “Toolbox” for Design-Oriented Engineers, NASA Reference Publication 1358, 1994 [9] Guidelines on Modeling Common Cause Failures in Probabilistic Risk Assessment, NUREG/CR-5485, NRC 1998. [10] HENLEY, E.J., KUMAMOTO, H. Reliability Engineering and Risk Assessment, 1981 [11] HOFER, E., KLOOS, M., KRZYKACZ-HAUSMANN, B., PESCHKE, J., SONNENKALB, M. Dynamic Event Trees for Probabilistic Safety Analysis, Gesellschaft für Anlagen- und Reaktorsicherheit (GRS), Proceedings EUROSAFE, Berlin 4-5 November 2002 [12] ISO/IEC 31010, Risk management – Risk assessment guidelines IEC 62502 (11.2)

96 Bibliography [13] IEC 60300-3-1:2003, Dependability Management – Part 3-1: Application guide – Analysis techniques for dependability - Guide on methodology [14] IEC 60300-3-9:1995, Dependability management – Part 3: Application guide – Section 9: Risk analysis of technological systems [15] IEC 60812:2006, Analysis techniques for system reliability – Procedure for failure mode and effects analysis (FMEA) [16] IEC 61078:2006, Analysis techniques for dependability – Reliability block diagram and boolean methods [17] IEC 61165:2006, Application of Markov techniques [18] IEC 61508 (all parts), Functional safety of electrical/electronic/programmable electronic safety-related systems IEC 62502 (11.3)

97 Bibliography [19] IEC 61511-3:2003, Functional safety – Safety instrumented systems for the process industry sector – Part 3: Guidance for the determination of the required safety integrity levels [20] IEC 61703:2001, Mathematical expressions for reliability, availability, maintainability and maintenance support terms [21] IEC 62425:2007, Railway applications – Communication, signalling and processing systems – Safety related electronic systems for signalling [22] IEC 62429:2007, Reliability growth – Stress testing for early failures in unique complex systems [23] IEC 62508:2010, Guidance on human aspects of dependability [24] IEC 62551, Analysis techniques for dependability – Petri net techniques 2 IEC 62502 (11.4)

98 Bibliography [25] ISO 3534-1:2006, Statistics – Vocabulary and symbols – Part 1: General statistical terms and terms used in probability [26] KLOOS, M., PESCHKE, J., MCDET: A Probabilistic Dynamics Method Combining Monte Carlo Simulation with the Discrete Dynamic Event Tree Approach, Nuclear Science and Engineering: 153, 137-156, 2006 [27] LEVESON, N.G. SAFEWARE: System Safety and Computers, Addison-Wesley Publishing Company, 1995 [28] McCORMICK, N.J. Reliability and Risk Analysis – Methods and Nuclear Power Applications, Boston, 1981 [29] Nuclear Regulatory Commission, PRA Procedures Guide, A Guide to the Performance of Probabilistic Risk Assessments for Nuclear Power Plants, Final Report, NUREG/CR-2300 Vol. 1, January 1983 [30] NIELSEN, D.S. The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis, Danish Atomic Energy Commission, RISO-M-1374, May 1971 IEC 62502 (11.5)

99 Bibliography [31] Nuclear Regulatory Commission, Reactor Safety Study: An Assessment of Accident Risks in US Commercial Nuclear Power Plants, Rep. WASH-1400-MR (NUREG-75/014), Washington, DC, 1975 [32] PAPAZOGLOU, I. A. Mathematical foundations of event trees, Reliability Engineering and System Safety 61 (2008) 169-183, Northern Island, 2008 [33] Railtrack, Engineering Safety Management System, Issue 2.0, "Yellow Book", 1997 [34] RAUSAND, M., HOYLAND, A. System Reliability Theory – Models, Statistical Methods and Applications, Hoboken, New Jersey, 2004 [35] SIU, N. Risk Assessment for Dynamic Systems: An Overview, Reliability Engineering and System Safety 43, 1994, p. 43-73 [36] SMITH, D.J. Reliability, Maintainability and Risk, Oxford, 2001 IEC 62502 (11.6)

100 Bibliography [37] Special subject: Common cause failure analysis, Kerntechnik Vol 71, No 1-2, Carl Hanser- Verlag, February 2006, pp 8 – 62 [38] VILLEMEUR, A. Reliability, Availability, Maintainability and Safety Assessment. Volume 1. Methods and Techniques, Chichester, Wiley, 1992 [39] XU, H.; DUGAN, J.B. Combining Dynamic Fault Trees and Event Trees for Probabilistic Risk Assessment, University of Virginia, January 2004 [40] ZIO, E. An Introduction to the Basics of Reliability and Risk Analysis, Series in Quality, Reliability and Engineering Statistics, Vol. 13, 2007 IEC 62502 (11.7)

101 See you next time.

Download ppt "ETA 周达天 2014.12.18. Step 1Step 2Step 3Step 4Step 5Step 6."

Similar presentations

Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
International Energy Agency Hydrogen Implementing Agreement Proposed Task on Hydrogen Safety.

International Energy Agency Hydrogen Implementing Agreement Proposed Task on Hydrogen Safety.
5 december 2011 Living Probabilistic Asset Management Dr.ir. J.A. van den Bogaard.

5 december 2011 Living Probabilistic Asset Management Dr.ir. J.A. van den Bogaard.
Lindy Hughes Fleet Fire Protection Program Engineer Southern Nuclear Operating Company June 4, 2013 Fire Protection.

Lindy Hughes Fleet Fire Protection Program Engineer Southern Nuclear Operating Company June 4, 2013 Fire Protection.
PSAEA – CNRA Conference on OEF (Köln, 29-31/05/2006) The relationship between risk analysis and event analysis – PSA based Event Analysis P. De Gelder.

PSAEA – CNRA Conference on OEF (Köln, 29-31/05/2006) The relationship between risk analysis and event analysis – PSA based Event Analysis P. De Gelder.
Reliability Risk Assessment

Reliability Risk Assessment
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Hazards Analysis & Risks Assessment By Sebastien A. Daleyden Vincent M. Goussen.

Hazards Analysis & Risks Assessment By Sebastien A. Daleyden Vincent M. Goussen.
Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.

Annex I: Methods & Tools prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9 QUALITY.
Quality Risk Management ICH Q9 Annex I: Methods & Tools

Quality Risk Management ICH Q9 Annex I: Methods & Tools
Testing safety-critical software systems

Testing safety-critical software systems
What is Fault Tree Analysis?

What is Fault Tree Analysis?
Presented by Dorian S. Conger Conger-Elsea, Inc. 2000 Riveredge Parkway, Suite 740 Atlanta, GA 30328 800-875-8709 phone 770-926-8305 fax

Presented by Dorian S. Conger Conger-Elsea, Inc Riveredge Parkway, Suite 740 Atlanta, GA phone fax
Models for Software Reliability N. El Kadri SEG3202.

Models for Software Reliability N. El Kadri SEG3202.
Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia.

Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia.
Copyright © 2011 Underwriters Laboratories Inc. ® All rights reserved HAZARD ANALYSIS: Hazard Based Safety Engineering & Fault Tree Analysis Tom Lanzisero,

Copyright © 2011 Underwriters Laboratories Inc. ® All rights reserved HAZARD ANALYSIS: Hazard Based Safety Engineering & Fault Tree Analysis Tom Lanzisero,
Quality in Product and Process Design Pertemuan 13-14

Quality in Product and Process Design Pertemuan 13-14

Similar presentations

Ads by Google