1 / 38

Decision Support in Safety Engineering using GRAPIM

Decision Support in Safety Engineering using GRAPIM. Developed by: Patrick Naylor (Health and Safety Executive) In conjunction with Professor A. Taleb Bendiab (School of Computing and Mathematical Sciences Liverpool John Moores University).

sydney-ayers
Download Presentation

Decision Support in Safety Engineering using GRAPIM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Decision Support in Safety Engineering using GRAPIM Developed by: Patrick Naylor (Health and Safety Executive) In conjunction with Professor A. Taleb Bendiab (School of Computing and Mathematical Sciences Liverpool John Moores University) Generic Risk And Protection Inspection Model, Realised in the UML

  2. Structure of Presentation • Overview & Context • Application Domain • Contribution to Knowledge • Reliability & Risk Assessment concepts • Why OOSE? Why the UML? • The Development Process • High Level Overview

  3. What is Safety Engineering? • Acute Hazards: • Identifying Hazard • Understanding potential Consequences • Estimating probability • Putting Protection in place • Analyse effectiveness of Protection

  4. What is GRAPIM? • Models Risks versus Protection • Informs decision on “acceptability” • Safety Engineering toolset • Structured & systematic methodology • Combines assessment and verification • Object-Oriented / UML model

  5. Overview: The Application Domain • Industrial Major Hazards Industries:Petrochemical/Chemical PlantOffshoreNuclear facilities • Transport:RailRoadAviation Maritime

  6. Context: Conditions for GRAPIM • Installation • Submission • Permissioning Regime consisting of: Regulator Duty Holder Risk Owner • Rule Set

  7. Contribution to Knowledge • Probabilistic Risk Assessment • Reliability Engineering • Object-Oriented Software Engineering:application and extension of the Unified Modelling Language (UML)

  8. Key elements: • Probabilistic Risk Assessment • Root & Branch analysis • Reliability Engineering

  9. GRAPIM package structure

  10. Probabilistic Risk Assessment R = f.C Where R is Individual Risk Per Annum (IRPA) F is frequency of a given event C is consequence of the given event In realilty: an event-tree based summation:

  11. Reliability Engineering Defence in GRAPIM with Probability of Failure on Demand (PFD) Affords a Risk Reduction Factor (RRF): RRFGRAPIM= 1/PFD -3 e.g. a defence with PFD of 1 in 1000 (10 ) affords a risk-reduction factor of 1000. (Linked closely to the fault-”root” analysis)

  12. Traditional Fault “tree” Analysis

  13. Traditional Event Tree Analysis

  14. Root and Branch Analysis Model

  15. Criteria? • Individual Risk Per Annum • Tolerability of Risk – 1 in 1000(from the Nuclear Sector) • Value of Preventing a Fatality (VPE):£1,000,000 (from R2P2 and DOT) • System-based performance standards and specific legislation

  16. The ALARP Triangle Risk cannot be justified except in extraordinary circumstances Unacceptable Region 1xE-03 The ALARP or Tolerability Region (risk is only undertaken if a benefit is desired) 1xE-05 Broadly acceptable region: (no need for detailed working to demonstrate ALARP) Negligible Risk

  17. Probabilistic Risk Assessment R = f.C Where R is Individual Risk Per Annum (IRPA) F is frequency of a given event C is consequence of the given event In realilty: an event-tree based summation:

  18. Reliability Engineering Defences afford: Probability of Failure on Demand (PFD) Risk Reduction Factor (RRF): RRF= 1/PFD -3 e.g. a defence with PFD of 1 in 1000 (10 ) affords a risk-reduction factor of 1000. (Linked closely to the fault-”root” analysis)

  19. Cost-Benefit Analysis: If D Cost / D Risk Reduction… <= £1million/life… then viable… >= £1million/life… then not! (i.e. must cost no more than £1m to save a life! … definition of VPE.)

  20. Simplified (Inspection) Lifecycle Assess Design Redesign N Criteria OK Y Verify Operation Modify Design &/ Operation Y Performs OK N

  21. Risks versus Protection: the acceptability test For all risks and protectors (with associated RRFs)… S N Risk RRF If… =< 1/1000 1 …then acceptable.

  22. Risk versus Protection: • DDoes risk outweigh protection ? (rejection) • DDoes protection “outweigh” risk? (acceptance)

  23. Safety Integrity Level SIL is a concept from IEC61508: (Standard for Computers in Safety Related roles) SIL = - Log10 (PFD) =Log10 (RRF) GRAPIM uses a protection rating system which uses RRF in preference to SIL

  24. Why Object-Orientation? • Class-Object representation of Installation, Submission and Protection • Inheritance • Polymorphism • Continually changing domain/rulesets could intensify software maintenance

  25. Why the UML? • De-facto/pre-eminent language for OOSE • Availability of CASE tools (Rational Rose) • Associated process (RUP)

  26. Development:The Rational Unified Process This project deals principally with the elaboration segment of the process

  27. GRAPIM classes

  28. Submission Generalisation

  29. Class Association

  30. Activity Diagram -assessment

  31. Activity Diagram – Verification

  32. Inspection Use Case Diagram

  33. Assessment Use Case

  34. Verification Use Case

  35. State Diagram for Submission:

  36. Submission Collaboration

  37. Submission Sequence

  38. Summary: • Safety Engineering – analysis of risks and defences; • Define criteria; • Construct root and branch model(s); • Analyse effect of individual protectors; • Do modifications pass CBA test; • Analyse bulk effect of protection; • If tolerability criteria satisfied – case for safety made.

More Related