The following articles provide information to do with the management of process facilities.

Fault Tree Analysis

Risk can be analyzed in one of two basic ways: inductively or deductively, that is either bottom-up or top-down. In a deductive analysis a system failure is postulated. The analyst then works backwards to deduce what combinations of events could have occurred for the system failure to have taken place (a detective solving a crime is thinking deductively). Fault tree analysis, the topic discussed in this section, is deductive. An inductive analysis works in the other direction. A single failure, such as a pump stopping or a valve closing at the wrong time, is postulated.

Lowest Level of Risk (BSEE)

Overview (BSEE Risk)

As part of its Well Control Rule BSEE appears to have made a major change in the manner in which offshore risk is to be managed. Section 250.107(a)(3) states,

[y]ou must protect health, safety, property and the environment by utilizing recognized engineering practices that reduce risks to the lowest level practicable when conducting design, fabrication, installation, operation, inspection, repair, and maintenance activities.

Acceptable Risk

Acceptable Risk is the level of risk that a community is willing to accept for a project to go forward or for a facility to continue to operate. It is a subjective value depending on factors such as benefit to the community and familiarity with the hazards.

Event Tree Analysis

Event Tree Analysis (ETA) uses the same logical and mathematical techniques as Fault Tree Analysis. However, whereas a fault tree analyzes how an undesirable top event may occur, an event tree considers the impact of the failure of a particular component or item in the system, and works out the effect such a failure will have on the overall system risk or reliability. Event trees use an inductive approach, whereas fault trees are deductive.

Risky Matrices

Risk matrices are widely used in the process industries. Details vary considerably from company to company, particularly with regard to the size of a risk matrix, but generally a process such as the following is used.

1. A hazard is identified.

2. The consequence of that hazard is determined. The most important consequence is usually do with safety, but environmental, economic and public relations impact can also be considered.

Let's not make common cause

A common cause effect (or common mode) event is a single event that causes two or more supposedly redundant equipment items to fail; it negates the value of an AND Gate in a fault tree.

The following simple example is based on a process at a large process facility (the details have been changed for simplicity). 

Double Contingency

During process hazards analyses It is common to hear phrases such as, "Double contingency doesn't count, you know". What the speaker means by this is that only single failures should be considered when determining what could go wrong and how risk can be managed.

Subscribe to Risk