Professional Documents
Culture Documents
Bow-Tie Model in Layer of Protection Analysis.
Bow-Tie Model in Layer of Protection Analysis.
A B S T R A C T
Layer of protection analysis (LOPA) is a semi-quantitative method that assesses the risk of an accident scenario in
the process industry. The calculation is similar to an event tree principles applied to a single worst case scenario.
However, process risk assessment requires to include all spectrum of possible accidents that subsequently may
exceed the company risk tolerance level. In order to obtain more appropriate and accurate analysis the complete
accident scenario model need to be used. This is the best provided by a "bow-tie" approach being a composition of
fault and event tree. The quantitative application of the "bow-tie" model is proposed in the methodology of LOPA.
Such an approach increases benefits in the risk management process. Further part of this paper focuses on the
application of fuzzy logic system (FLS). It enables to cope with the lack of knowledge of reliability data that describe
probabilities of initiating events (causes) and safety functions. The "bow-tie" model as well as the application of
fuzzy logic may affect the simplicity of traditional LOPA. However, it can be solved by appropriate computer-aided
analyses. The case study of a typical hexane distillation unit illustrates the application of the proposed method.
© 2011 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
Keyuiords: Fuzzy logic; Fault and event tree analysis; "Bow-tie" accident scenario model; Layer of protection analysis;
Risk analysis; Process dsk assessment
Nomenclature
Risk analysis methods
"Bow-tie' analysis ETA event tree analysis
ET event tree FTA fault tree analysis
FT fault tree HAZOP hazard and operability study
MCS minimum cut set LOPA layer of protection analysis
FIS fuzzy inference system
FL fuzzy logic Safety systems
FLS fuzzy logic system Ads automatic deluge system
Fb fire brigade
Consequences assessment Fea fatahties in the exposed area
E effectiveness
FP flash point Subscripts
Q amount of release i,j,.. .,k number of IE in minimal cut set in FT
TR time of response m number of OE in ET
n number of MCS in FT
Events (E) 0 number of SFs
ECE external conditioning event p number of ECEs
ICE internal conditioning event
IE initiating event
IPL independent protection layer
LE loss event
OE outcome event This idea, which is the object of interest in this paper, was
SF safety function used in the Aramis project (Dianous and Fievez, 2005) and
TE top event later in our previous work. However, the presented approach
is extended to the complete accident scenario which takes
Frequencies, probabilities
into account all identified initiating events as well as all pos-
frequency of failure of "E" event
sible consequences of the analyzed loss event. The simplified
PE probability of failure of "E" event scheme of this model is shown in Fig. 2.
Hazards Classical LOPA is a risk estimation method which consid-
FF flash fire ers the calculation of the mitigated frequency (F) as a result of
II immediate ignition activation of all independent protection layers (IPLs), whereas
LI late ignition the severity of the consequences (S) of a top event is assessed
in a traditional manner using the look-up tables developed
PF pool fire
by LOPA book (CCPS, 2001) that provide the unmitigated cate-
VCE vapor cloud explosion
gory of severity based on the substance type and the release
Linguistic terms for fuzzy frequency numbers amount, determined by an expert opinion.
R remote In our approach the evaluation of the frequency of a
U unlikely particular scenario and the severity of the consequences is
VL very low attempted in a different way. It is assumed that the miti-
L low gated frequency is influenced by the prevention and protection
M moderate safety measures {IPL I and IPL II) only, while the severity of
H high the consequences is decreased by safety measures located in
VH very high the mitigation layer (IPL III). It means that the safety systems
EH extremely high located in a multilayer of protection have different functions.
This approach is illustrated in Fig. 3 (Markowski, 2006).
Risk analysis
AS active system
CR community response
F frequency
P probability y c
0
R risk N
S severity of the consequences
c S
So severity of the consequences without AS and A E
U Q
SRI
CR
severity reduction index S
Loss event ^- U
E E
S N
Risk categories C
A acceptable / E
/ S
TA tolerable acceptable
TNA tolerable not acceptable Fault tree Event tree
NA not acceptable
Fig. 1 - General idea of "bow-tie" model.
P R O C E S S S A F E T Y AND ENVIRONMENTAL PROTECTION 89 (201 i) 205-213 207
The mitigated frequency of the top event (FTE) is calculated ment of the particular accident scenario (Markowski et al.,
on the basis of a minimal cut set equation of the fault tree 2009).
(MCSFT)-Eq. (1).
PFD PFD
Traditional
method
lil i - 1 /
Ü o
RISK
MATRIX
< M
Proposed
method Legend
il
OUI
RISK
MATRIX
o o
< w S = S„ - SRI
Fault teee
Fuzzy TE
frequency
fFTA
. A A A A A ® O
Part 1 ' Fuzzy numbers scale
for frequency Calculations
according to
V V V V \
Choice of linguistic term
foe identified lEs and IPL I
Output fuzzy
frequencies
Event tree
IPLII Calculations
according to
A A A A , ECE
Fuzzy numbers scale\
for frequency
/ V V V V \
Choice of linguistic terms
for IPL II and IPL III
(2009), Markowski et al. (2010), Pokorádi (2010) and Singer traditional variable. Then, according to MCSFT, with the use
(1990). of fuzzy arithmetic operations (addition and multiplication),
fuzzy frequency of TE is calculated.
4. Fuzzy "bow-tie" LOPA Subsequently, this value (FXE) is used in the second part
of the method. Similarly, fuzzy numbers for variables which
4.1. "Boiu-tie"/requency represents SFs in II and III IPL are chosen by expert, based on
data provided by traditional LOPA. The probability of external
The complete accident scenario described in detail with the conditioning event (ECE) is given by a traditional variable. OEs
use of the "bow-tie" model is applied to LOPA. The methodol- frequencies are calculated according to MCSET, with the use
ogy of FL apphcation to the "bow-tie" accident scenario model of fuzzy arithmetic operations (multiplication).
is presented in Fig. 4. The outcome events' frequencies of each path of ET are
To calculate a fuzzy frequency of each OE according to Eqs. defuzzified developing crisp values.
(1) and (2) the normalized fuzzy numbers scale is applied as is All OEs' frequencies are added together and the combined
shown in Fig. 5. mitigated frequency FOE for all paths representing loss event
The proposed fuzzy "bow-tie" LOPA method can be divided scenario is obtained (CCPS, 2001).
into two parts. The first one is based on the fault tree analysis
and leads to the top event or loss event and the second one,
based on the event tree analysis, leads to the outcome event. 4.2. Severity 0/ the consequences
Firstly, an expert selects the fuzzy number for each variable
which represents IEs and safety functions (SFs) in I IPL. The The severity of the consequences is calculated based on LOPA
probability of internal conditioning event (ICE) is given by a book look-up tables (CCPS, 2001). They provide the category of
Remote Unilkely Very low Low Moderate Fairly high High Very high Extremely
.(R) (U) (VL) (L) (M) (FH) (H) (VH) high (EH)
FROM QUENCH
Legend
FAL - Fbw Alarm Low
FIC - Flow IndcalngController
FO-FalOpen
F T - Fbw TrarwmiKef
LAL -Level Alarm Low
LCV - Lswl ContiDlIng Valve
LRC - Level Recording Conlroller
LT-Level Transmitter
PAH -Pressure Alarm High
PI - Pressure Indicator
PSV - Pressure Safety Valve
RD-Rupture Disk
TAH ~ Temperatuna Alarm High
TCV - Temperature Ccntroling Valve
TIC - Temperature Indicating
Controller
Tl -Temperature Indicator
TT - Temperali^e Transmitter
V -Valve
G Failure of ov«r-
prassure protect.
G
Fife eniir^gu'shed
I0E1)
YES
CoTKlensar Loss of
ruplufe cookng Fir« «xbr>guish«d
YES (0E1)
YES -
G Fouling NO
Pool Km and
faUdUM (0E2}
YES
NO
NO
Poo) fir» (0E2b
Corrosion
h YES
Sp.ll /
disparaion (OE3)
V C E / F F and
ffHalllM (0E4)
YES
NO
ï>
Mec^ancal
Ualenal dalect NO NO Vapour ctoud
failur«
flash nn (0E4b)
Outflow
Human arTor
blockage
Failure of NO Spill /
pump P-06 dispersion (OE3)
As an output of fuzzy risk matrix, fuzzy risk set and its vapour cloud explosion (VCE) or flash fire (FF) when late igni-
defuzzified crisp value are obtained for the combined outcome tion (LI) takes place.
frequency (FOE) and the highest severity of the consequences The minimal cut sets equations of TE and OEs obtained
(S). These are the results of the analysis. from the "bow-tie" model are as follows.
NA
Risk levels:
A- acceptable
TA- tolerable acceptable
TNA- tolerable not acceptable
NA - not accpetable
safety goal
5 22 a. £ k
5.4. Risk index calculation with the use of fuzzy logic
concept
o
5 9
Su
u. _) o. X i-i
_ o The final LOPA risk calculations' result is shown in Table 6.
A defuzzified crisp value (3.17) belongs to two risk sets—TNA
(tolerable not acceptable) and NA (not acceptable) as is shown
in Fig. 10. It gives information that the additional safety mea-
S H CL.
sures are required to make the analyzed installation safe. The
safety goal requires no more than 50% of TA (tolerable accept-
able) and TNA.
Q
3 t X
X o 5.5. An e^ect 0/ the additional safety measures
u. H CL u.
u H
application
O ^
The safety goal can be achieved in two ways. One way to
^ 9 o. X increase the safety of the installation is to increase the reliabil-
ity of the systems which have a crucial effect on the frequency
of TE and finally on the risk level. As indicates the impor-
ss X o
tance of reliability measure of Fussell and Vesely (1972) applied
eu u. r^ to a fault tree, these are the components A—failure of PI,
and B—failure of PSV (Fig. 9). Their failure rates need to be
increased by one order in the relation to previous values, A to
FH (fairly high) fuzzy number and B to M (moderate) fuzzy
number—Case 1. The other possibility to obtain the safety
goal is to add the ignition control measures which reduce the
immediate ignition (II) probability to 0.05 and the late ignition
(LI) probability to 0.1—Case 2. In a Case 3, both possibilities are
considered.
„ i|| Table 7 gives the results with the applied additional safety
r: u. u. S measures being proposed.
212 PROCESS SAFETY AND E N V I R O N M E N T A L P R O T E C T I O N 8 9 ( 2 0 1 i ) 205-213
As can be seen, the satisfactory effect is obtained for the by expert to convert them into specific, precisely determined
Cases 2 and 3. In both of them the additional ignition con- outputs.
trol measures are applied. Further reduction of the risk index The presented case study proves that calculations with the
requires more research to obtain an acceptable risk level (A- use of fuzzy logic provides more realistic value of risk index
TA). and offers an advantage with respect to the traditional single
point estimate. Besides, fuzzy logic may be quite successful
6. Conclusions in precise determination of additional safety measures which
are essential to achieve the safety goal.
Among different qualitative models used for the presentation The proposed hybrid approach ("bow-tie" model, fuzzy
of accident scenario, the "bow-tie" approach is considered to logic and LOPA) enhances management of the protection lay-
be the best pictorial display of the relations between the vari- ers, however, it requires the application of computer-aided
ous hazards (causes), enabling events, safety systems and the analyses which may be in conflict with a simplicity of LOPA.
consequences. This model can introduce entire set of path
events which can be used for all possible accident scenarios.
This is a basis for the identification of the safety systems and
References
tasks which control the worst case accident scenario as well
Bowles, J.B., Pelaez, C.E., 1995. Application of fuzzy logic to
as other contributing scenarios. Such an approach increases
reliability engineering. Proc. IEEE 80 (3), 435-449.
benefits in the risk management process. CCPS, 2001. Layer of Protection Analysis: Simplified Process Risk
A quantitative application of the "bow-tie" model carries Assessment. AIChE.
obvious weaknesses which are met in the quantitative fault Dianous, V., Fievez, C, 2005. ARAMIS project: A more explicit
and event tree analysis. In majority, it concerns the input reli- demonstration of risk control through the use of bow-tie
ability data that may not be available or may be imprecise and diagrams and the evaluation of safety barrier performance. J.
Hazard. Mater. 130, 220-233.
vague.
Dubois, D., Prade, H., 1980. Fuzzy Sets and Systems—Theory and
The lack of knowledge and the encountered uncertainties Applications. Academic Press.
may be successfully improved by the fuzzy logic application. It Fussell, J.B., Vesely, W.E., 1972. A new methodology for obtaining
enables the usage of uncertain, qualitative input data provided cut sets for fault trees. Trans. Am. Nucl. Soc. 15 (1), 262-263.
PROCESS SAFETY AND ENVIRONMENTAL PROTECTION 89 (201 i) 205-213 213
Markowski, A.S., 2006. Layer of Protection Analysis for the Markowski, A.S., Mannan, M.S., Kotynia (Bigoszewska), A., Siuta,
Process Industry. Polish Academy of Science (PAN), Branch D., 2010. Uncertainty aspects in process hazard analysis. J.
Lodz, ISBN: 483-86-492-36-8. Loss Prev. Proc. Ind. 23, 446-454.
Markowski, A.S., Mannan, M.S., 2008. Fuzzy risk matrix. J. Hazard. Pokorádi, L., 2010. Application of fuzzy set theory for risk
Mater. 159,152-157. assessment. J. KONBiN 2-3 (14/5), 1895-8281.
Markowski, A.S., Mannan, M.S., 2009. Fuzzy logic for piping risk Singer, D., 1990. A fuzzy set approach to fault tree and reliability
assessment (pfLOPA). J. Loss Prev. Proc. Ind. 22, 921-927. analysis. Fuzzy Sets Syst. 34,145-155.
Markowski, A.S., Mannan, M.S., Bigoszewska, A., 2009. Fuzzy logic Yen, J., Langari, R., 1999. Fuzzy Logic, Intelligence Control and
for process safety analysis. J. Loss Prev. Proc. Ind. 22, 695-702. Information. Prentice Hall PTR, Upper Saddle River, NJ.
Copyright of Process Safety & Environmental Protection: Transactions of the Institution of Chemical Engineers
Part B is the property of Elsevier Science and its content may not be copied or emailed to multiple sites or
posted to a listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.