وضوح درختان خطا دینامیکی : آگاهانه تجاری کردن بین روش های تحلیلی و شباهت ظاهری

Safety assessment in industrial plants with ‘major hazards’ requires a rigorous combination of both qualitative and quantitative techniques of RAMS. Quantitative assessment can be executed by static or dynamic tools of dependability but, while the former are not sufficient to model exhaustively time-dependent activities, the latter are still too complex to be used with success by the operators of the industrial field. In this paper we present a review of the procedures that can be used to solve quite general dynamic fault trees (DFT) that present a combination of the following characteristics: time dependencies, repeated events and generalized probability failure. Theoretical foundations of the DFT theory are discussed and the limits of the most known DFT tools are presented. Introducing the concept of weak and strong hierarchy, the well-known modular approach is adapted to study a more generic class of DFT. In order to quantify the approximations introduced, an ad-hoc simulative environment is used as benchmark. In the end, a DFT of an accidental scenario is analyzed with both analytical and simulative approaches. Final results are in good agreement and prove how it is possible to implement a suitable Monte Carlo simulation with the features of a spreadsheet environment, able to overcome the limits of the analytical tools, thus encouraging further researches along this direction.

The RAMS techniques offer qualitative analyses and quantitative techniques for risk assessment. The former (such as HAZOP and FMEA [1]) concern the context analysis (kind of process, geographic issues, internal specifications and rules, etc.) and are used to reveal potential hazards and consequences. The latter concern the risk assessment, computed as the probability of occurrence of undesired events (which are often highlighted by the qualitative analyses). Two main classes of analytical stochastic models are used for quantitative evaluations: • combinatorial models (also known as static) that are straightforward, but unable to describe dynamic dependencies among the components of the system and • state-space models, mostly based on the Markov Chain representation (DTMC, CTMC, MRM, MRGP and GSMP), that overcome many of the limits of the static models but can become too large to be handled [2], [3] and [4]. In the last years researchers have proposed several techniques, which combine the best properties of the previous models [4], [7] and [8] such as the BDMP [5] and [6], the DRBD [9], the DFT [10], the SPN [11], etc. These powerful techniques of modeling are implemented using many reliability tools [2], [5], [12], [13], [14] and [17] that can be used according to their own hypotheses and features, which, often, are not suitable to design and solve any possible type of model. In this paper we focused on the Fault Tree analysis because nowadays it is the most used quantitative technique for accident scenario assessment in the industry. The aim of this paper is to review briefly the improvements of the DFT over the SFT and provide a useful scheme to approach the resolution of a quite general class of DFT that includes nested dynamic gates, events with generalized distributed time to failure and MOE [40] (also known as repeated events). Intentionally, we will not cover other approaches (i.e. SPN, SAN, BDMP, etc.) because they are too general [5] and [6] and their use requires notions that go over the capability covered by the DFT approach. A significant part of this work is devoted to reason about the hierarchical approach for DFT [15], [16], [18] and [19]. The concepts of weak and strong hierarchy are introduced and used to estimate what approximations arise when DFT with nested dynamic gates are analyzed. This paper is organized as follows: in the first part we present an overview of the fault tree analysis, introducing the SFT of the presented case of study and its enhanced model by the mean of the DFT technique. In the second part, the most common analytical techniques of resolution are discussed, in particular the state-space models and an adapted modular approach for general DFTs. The aim of this section is to provide a reference framework to analyze a generic DFT, what techniques apply and what software uses (or combine) to obtain reasonable results. In the final section, the case of study is solved in several manners, according to the scheme of resolution suggested. Among the traditional analytical tools, a novel simulative approach—developed under a well-known commercial spreadsheet [44]—is used as a benchmark to compare the final results. In the end conclusions are drawn and future works are indicated.

This study has been motivated by the need to improve the quality and the performance of the risk assessment of industrial plant, with the aim to find an environment for the reliability assessment with the following requirements: • easy to use by the actors of the industry; • able to match the safety logic and dependability schemes of real plant; • able to provide results with a reasonable time of computation and • suitable to retrieve on-line risk assessment using data reported in real time from the field. The choice of the DFT technique as an instrument for the risk assessment met the first and the second requirement, due to the intuitiveness and the power of the modeling approach. In this paper, the stochastic analytical techniques to solve DFT were discussed with reference to the presence of repeated events and generalized probability distribution function, enlarging the usual domain of application of DFT models often restricted within the Markov domain. Therefore, the first result highlighted a breakdown for the classification of industrial FT; the scheme was used to study the suitability of three of the most known automated tools for DFT models [13], [42] and [43] and classify these software applications according to their capabilities and limits. An adapted hierarchical technique for DFT, based on an exact (strong) and approximated (weak) approach, was experimented in order to improve the performances of the previous tools. This offered the clue for a second result that revealed what kind of approximations are carried by the weak approach (that works in the scope of the continuous time Markov chain) and what class of DFT the strong hierarchy turns in semi-Markov processes. After these results, we could claim that the power of the DFT is not exploited fully because no precise procedures of resolution exist and the ordinary reliability tools for DFT are neither satisfactory nor easy to handle. In this context, we suggested the possibility to develop ad-hoc simulative models to use at least as benchmarks for other analytical evaluations. Therefore, the other contribution of this research was to show how to implement a simulative environment with a commercial spreadsheet [44], as it is a well-known software adopted in many business companies. The solution seems valuable since the spreadsheet environment carries the following interesting characteristics: 1) produced files are easy to distribute and improve the information, sharing among the risk analysts, the managers and employers who are involved in the risk evaluations; 2) Wysiwyg property of the spreadsheet allows access simultaneously to the logics and the results of the DFT, favoring the understanding of the process, which is an added value of the risk analysis; 3) dynamic model can be customized to build up the most known dynamic gates, design other kind of dependencies logics and implement several other means, like the importance measures and 4) it can be integrated with the DCS in force of the plant in order to process data in real time and retrieve fresh information on the real state of the system. In this work, we showed how to prepare the master cells of the spreadsheet environment, which embed the generalized distributions for any BE and the logic of the most used dynamic gates of a DFT; afterwards, they were used to construct a complete model, with quite complex dependencies. Thanks to the framework developed for the case of study, we recognized the existence of singular results when the BEs of the plant are not described by the common exponential distributions. In our opinion, these results offer the cue for new studies since the characteristics of the components and processes inside the industrial field can be quite general. Following this path, in future works, we aim to develop a more flexible and faster simulative environment able to merge the intuitiveness of the DFT representation with the power of the simulative approach and able to support data in real time. Finally, we want to emphasize that quantitative risk assessment, based on any technique, is not significant without an accurate identification of hazards and assessment of scenarios and of their root causes. However, the results provided by quantitative risk assessment are normally used by the supervisory authorities to assess the safety of facilities and therefore it becomes important to provide results that take into account the actual system and its operating modes. In addition, these results may be useful to the plant manager in order to assess the effectiveness of technical solutions that affect the reliability and the safety of the plant.