Safety Moment #9: Let’s Not Make Common Cause

Fukushima-Daiichi Tsunami common cause effect

The material shown here has been extracted from the ebook 52 Process Safety Moments and from the book Process Risk and Reliability Management .
 

Contents

  • Overview
  • Utilities
  • Example
  • Fukushima-Daiichi
  • Further Information

Overview

A common cause effect (or common mode) event is a single event that negates the effectiveness of spare equipment or backup systems. If the common cause event occurs before an incident starts, then it effectively negates the AND Gate in a Fault Tree. A common cause event that degrades or eliminates safeguards after the event has occurred effectively negates the AND Gate in an Event Tree. (These are equivalent to the left-hand and right-hand sides of a bow-tie, respectively).

Utilities

Failures in utility systems often become common cause events. The first and most obvious problem to do with utilities is that their failure will create simultaneous problems throughout the facility. For example, a facility-wide electrical power failure would likely cause most of the rotating machinery to shut down. Even if there is a redundant power supply the system could still fail. For example, a critical pump system may have two 100% pumps, with one on stand-by. The normally operating pump is electrically driven; the stand-by pump is steam-driven. However, an electrical power failure could cause the steam system to shut down. Hence both pumps would fail to operate — the steam-driven pump is not truly redundant.

Loss of power can also cause critical instruments to shut down. These instruments should be backed up with an Uninterruptable Power Supply (UPS).

Example

Process flow example common cause effect
Figure 1

Figure 1 shows liquid being pumped from Tank T-100 to Vessel V-101. It is important to keep the liquid flowing so two pumps are installed: P-101A and P-101B. Each has 100% capacity. P-101A is normally operating. However, if it fails for any reason P-101B takes over. To further increase reliability, P-101A is driven by an electric motor, P-101B is driven by a steam turbine. Therefore, if there is an electrical failure, P-101B should continue to operate (assuming that the steam-driven pump does not actually need electrical power to keep its systems running).

P-101A has a predicted failure rate of once every two years (excluding planned downtime), i.e., 0.5 yr-1. P-101B has a predicted failure to start on demand of 0.1 (dimensionless). (P-101A has a failure rate — it has units of measurement. P-101B has a probability of failure on demand. There it is dimensionless.)

The fault tree for this simple system is shown in Figure 2.

Process industries fault tree common cause effect
Figure 2

. . . . .


You are welcome to use our Safety Moments in your workplace. But there are restrictions — please read Use of Safety Moments.

Copyright © Ian Sutton. 2018. All Rights Reserved.