PROCESS SAFETY AND ENVIRONMENTAL PROTECTION 89 ( 2 o i i ) 205-213

Contents lists available at ScienceDirect

Process Safety and Environmental Protection

ELSEV7ER. joumal homepage: www.elsevier.com/locate/psep

"Bow-tie" model in layer of protection analysis

Adam S. Markowski*, Agata Kotynia
Safety Engineering Department, Faculty 0/Process and Enuironmental Engineering, Technical University of Lodz, 90-133 Lodz, ul.
Wolczansfea 213, Poland

A B S T R A C T

Layer of protection analysis (LOPA) is a semi-quantitative method that assesses the risk of an accident scenario in
the process industry. The calculation is similar to an event tree principles applied to a single worst case scenario.
However, process risk assessment requires to include all spectrum of possible accidents that subsequently may
exceed the company risk tolerance level. In order to obtain more appropriate and accurate analysis the complete
accident scenario model need to be used. This is the best provided by a "bow-tie" approach being a composition of
fault and event tree. The quantitative application of the "bow-tie" model is proposed in the methodology of LOPA.
Such an approach increases benefits in the risk management process. Further part of this paper focuses on the
application of fuzzy logic system (FLS). It enables to cope with the lack of knowledge of reliability data that describe
probabilities of initiating events (causes) and safety functions. The "bow-tie" model as well as the application of
fuzzy logic may affect the simplicity of traditional LOPA. However, it can be solved by appropriate computer-aided
analyses. The case study of a typical hexane distillation unit illustrates the application of the proposed method.
© 2011 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
Keyuiords: Fuzzy logic; Fault and event tree analysis; "Bow-tie" accident scenario model; Layer of protection analysis;
Risk analysis; Process dsk assessment

1. Introduction 2. "Bow-tie" accident scenario model in

The aim of this paper is to include an uncertainty aspect in the
layer of protection analysis (LOPA) applied to the risk assess-
ment of a hazardous substance release. It is achieved by the
application of fuzzy logic (FL) to accident scenario risk calcu-
lations which are obtained with the use of the fault and event
tree analysis combined in a "bow-tie" model. All variables are
replaced by the fuzzy sets and the application of fuzzy logic
systems (FLSs) allows us to calculate the fuzzy outcome fre-
quency as well as the fuzzy severity of the consequences for
each path of the "bow-tie" model. Subsequently, using a fuzzy
risk matrix, the fuzzy risk level and its characteristic value
are obtained for the complete accident scenario. The goal of
the analysis is to provide acceptable risk level. Existing and
additional safety measures are considered to reach this goal.
The case study concerning the distillation unit illustrates the
applied method. It also proves that assuming quantitative data
for all variables of the "bow-tie" model, the precise single point
risk estimate can be obtained.
LOPA
In the traditional LOPA, an accident scenario is defined as a
single cause-consequence pair using an event tree approach
(CCPS, 2001). Only one path of the accident scenario which
merely leads to a major hazard is analyzed. For more com-
plex scenarios, LOPA should be used several times, for each
initiating event (IE) separately. Another limitation of LOPA is
the fact that there is no separation of top event or loss event
(TE/LE).
A method that encompasses the complete accident sce-
nario (a loss event scenario) uses a "bow-tie" model. It is
composed of a fault tree (FT) which identifies the causes of the
top event or loss event, usually representing unwanted release
of the substance and an event tree (ET) showing what are the
consequences of such a release. In the "bow-tie" model all con-
nections between initiating events, loss event and outcome
events (OEs) are fully identified.
Fig. 1 presents the idea of the "bow-tie" model.

• Corresponding author. Tel.: +48 426313745; fax: +48 426313745.

E-mail address: markows@wipos.p.lodz.pl (A.S. Markowski).
Received 8 November 2010; Received in revised form 21 April 2011; Accepted 28 April 2011
0957-5820/$ - see front matter © 2011 The Institution of Chemical Engineers. Published by Elsevier B.V. All rights reserved.
doi:10.1016/;.psep.2011.04.005
206 P R O C E S S S A F E T Y AND E N V I R O N M E N T A L P R O T E C T I O N 89 ( 2 0 1 i) 205-213

Nomenclature
Risk analysis methods
"Bow-tie' analysis ETA event tree analysis
ET event tree FTA fault tree analysis
FT fault tree HAZOP hazard and operability study
MCS minimum cut set LOPA layer of protection analysis
FIS fuzzy inference system
FL fuzzy logic Safety systems
FLS fuzzy logic system Ads automatic deluge system
Fb fire brigade
Consequences assessment Fea fatahties in the exposed area
E effectiveness
FP flash point Subscripts
Q amount of release i,j,.. .,k number of IE in minimal cut set in FT
TR time of response m number of OE in ET
n number of MCS in FT
Events (E) 0 number of SFs
ECE external conditioning event p number of ECEs
ICE internal conditioning event
IE initiating event
IPL independent protection layer
LE loss event
OE outcome event This idea, which is the object of interest in this paper, was
SF safety function used in the Aramis project (Dianous and Fievez, 2005) and
TE top event later in our previous work. However, the presented approach
is extended to the complete accident scenario which takes
Frequencies, probabilities
into account all identified initiating events as well as all pos-
frequency of failure of "E" event
sible consequences of the analyzed loss event. The simplified
PE probability of failure of "E" event scheme of this model is shown in Fig. 2.
Hazards Classical LOPA is a risk estimation method which consid-
FF flash fire ers the calculation of the mitigated frequency (F) as a result of
II immediate ignition activation of all independent protection layers (IPLs), whereas
LI late ignition the severity of the consequences (S) of a top event is assessed
in a traditional manner using the look-up tables developed
PF pool fire
by LOPA book (CCPS, 2001) that provide the unmitigated cate-
VCE vapor cloud explosion
gory of severity based on the substance type and the release
Linguistic terms for fuzzy frequency numbers amount, determined by an expert opinion.
R remote In our approach the evaluation of the frequency of a
U unlikely particular scenario and the severity of the consequences is
VL very low attempted in a different way. It is assumed that the miti-
L low gated frequency is influenced by the prevention and protection
M moderate safety measures {IPL I and IPL II) only, while the severity of
H high the consequences is decreased by safety measures located in
VH very high the mitigation layer (IPL III). It means that the safety systems
EH extremely high located in a multilayer of protection have different functions.
This approach is illustrated in Fig. 3 (Markowski, 2006).
Risk analysis
AS active system
CR community response
F frequency
P probability y c
0
R risk N
S severity of the consequences
c S
So severity of the consequences without AS and A E
U Q
SRI
CR
severity reduction index S
Loss event ^- U
E E
S N
Risk categories C
A acceptable / E
/ S
TA tolerable acceptable
TNA tolerable not acceptable Fault tree Event tree
NA not acceptable
Fig. 1 - General idea of "bow-tie" model.
 P R O C E S S S A F E T Y AND ENVIRONMENTAL PROTECTION 89 (201 i) 205-213 207

Fig. 2 - "Bow-tie" accident scenario model in LOPA.

The mitigated frequency of the top event (FTE) is calculated ment of the particular accident scenario (Markowski et al.,
on the basis of a minimal cut set equation of the fault tree 2009).
(MCSFT)-Eq. (1).

3. Fuzzy logic as a method of uncertainty

reduction

The knowledge of the detailed data of failure rates describing

Afterwards, the outcome frequency (FQE), is obtained using
MCS equations for the second part of "bow-tie" model—event
tree (MCSET). Eq. (2) presents an appropriate model of the cal-
culation.
(2)
0=1 p=l m=l
The calculation of the mitigated severity of the conse-
quences (S) is shown in Section 4.
Both components, that is the outcome frequency and
the severity of the consequences are used for risk assess-
the reliability of safety measures of the multilayer of pro-
tection is required to analyze precisely an accident scenario
which may happen in the installation and its risk of occur-
rence. However, these values in the real situations are kind
of estimations, they are uncertain and ambiguous. They may
provide an imperfect prediction of future accident scenario
risk level related to unwanted release of a dangerous sub-
stance (Markowski et al., 2009).
That is why, methods which can deal with such an uncer-
tainty are needed. One of them is the application of fuzzy logic
(FL). The main advantage of such a method is the use of quali-
tative human knowledge and mapping it into the quantitative
and much more precise values. FL identifies not only true or
false but the entire range of values in between as well.
The direct application of fuzzy logic into LOPA, called
fLOPA, was provided by Markowski (2006) whereas other infor-
mation on the fuzzy logic application to different safety issues
are given by: Bowles and Pelaez (1995), Markowski and Mannan

i PREVENTION i PROTECTION i MITIGATION

OUTCOME
LAYER I LAYER i LAYER
EVENT
IPLI i IPLII \ IPLIII

PFD PFD

Traditional
method
lil i - 1 /
Ü o
RISK
MATRIX
< M

PFD PFD / SRI

Proposed
method Legend
il
OUI
RISK
MATRIX
o o
< w S = S„ - SRI

Fig. 3 - Functions of multilayer of protection in LOPA.

208 P R O C E S S S A F E T Y AND E N V I R O N M E N T A L P R O T E C T I O N 89 (201 i) 205-213

Fault teee

Fuzzy TE
frequency
fFTA
. A A A A A ® O
Part 1 ' Fuzzy numbers scale
for frequency Calculations
according to
V V V V \
Choice of linguistic term
foe identified lEs and IPL I

Output fuzzy
frequencies

Event tree

Fuzzy TE Fuzzy frequency

frequency result
fETA

IPLII Calculations
according to

A A A A , ECE
Fuzzy numbers scale\
for frequency
/ V V V V \
Choice of linguistic terms
for IPL II and IPL III

Fig. 4 - Methodology of fuzzy frequeeicy of accident scenario assessment.

(2009), Markowski et al. (2010), Pokorádi (2010) and Singer
(1990).
4. Fuzzy "bow-tie" LOPA
4.1. "Boiu-tie"/requency
The complete accident scenario described in detail with the
use of the "bow-tie" model is applied to LOPA. The methodol-
ogy of FL apphcation to the "bow-tie" accident scenario model
is presented in Fig. 4.
To calculate a fuzzy frequency of each OE according to Eqs.
(1) and (2) the normalized fuzzy numbers scale is applied as is
shown in Fig. 5.
The proposed fuzzy "bow-tie" LOPA method can be divided
into two parts. The first one is based on the fault tree analysis
and leads to the top event or loss event and the second one,
based on the event tree analysis, leads to the outcome event.
Firstly, an expert selects the fuzzy number for each variable
which represents IEs and safety functions (SFs) in I IPL. The
probability of internal conditioning event (ICE) is given by a
traditional variable. Then, according to MCSFT, with the use
of fuzzy arithmetic operations (addition and multiplication),
fuzzy frequency of TE is calculated.
Subsequently, this value (FXE) is used in the second part
of the method. Similarly, fuzzy numbers for variables which
represents SFs in II and III IPL are chosen by expert, based on
data provided by traditional LOPA. The probability of external
conditioning event (ECE) is given by a traditional variable. OEs
frequencies are calculated according to MCSET, with the use
of fuzzy arithmetic operations (multiplication).
The outcome events' frequencies of each path of ET are
defuzzified developing crisp values.
All OEs' frequencies are added together and the combined
mitigated frequency FOE for all paths representing loss event
scenario is obtained (CCPS, 2001).
4.2. Severity 0/ the consequences
The severity of the consequences is calculated based on LOPA
book look-up tables (CCPS, 2001). They provide the category of

Remote Unilkely Very low Low Moderate Fairly high High Very high Extremely
.(R) (U) (VL) (L) (M) (FH) (H) (VH) high (EH)

10 10^ 10' 10 10' 10° 10'

Fig. 5 - Normalized fuzzy numbers scale.
 P R O C E S S S A F E T Y AND E N V I R O N M E N T A L P R O T E C T I O N 8 9 ( 2 0 1 i ) 2 0 5 - 2 1 3 209

Fig. 6 - Fuzzy surface for flammable substance.

severity using the potential release amount and the type of
hazardous substance. These data are applied to the severity
fuzzy inference system (S-FIS) as is proposed by Markowski
(2006). The original look-up tables develop "if-then" rules
used to obtain severity of the consequences. This approach
is shown in Fig. 6.
According to Fig. 3 the category of the severity of the conse-
quences is mitigated by the activation of mitigation layer (IPL
Fig. 7 - Fuzzy risk surface.
III). It denotes the so called "severity reduction index" (SRI),
which is based on fuzzy "if-then" rules depending on the effec-
tiveness and the time of response of the active systems (AS)
and the community response (CR) (Markowski, 2006). The SRI
reduces the severity of the consequences as is indicated by Eq.
(3).

S = So-SRI = MAX(SRIAS.SRICR) (3)

Table 1 - Safety and protection systems.
Safety layer
Layer 1—prevention systems
Layer II—protection systems
Layer III—mitigation systems
Measure where So—severity of the consequences without AS and CR.
Good engineering practice (GEP) Similarly to the FOE calculations, the S for each OE is deter-
Basic Process Control Systems mined. For the outcome mitigated severity value, needed for
(BPCS) with indication and alarm LOPA risk estimation, the highest value of S is chosen (CCPS,
in central room: BPCSPAH, BPCSTAH, 2001).
BPCSTAL, BPCSLAL, BPGSFAL, B P C S T I ,
BPCSpi
Safety i n s t r u m e n t e d s y s t e m s (SIS): 4.3. Risk assessment
S I S T (TT, T I G , TGV). SISL (LT, L C R ,
LGV), SISF (FT, FIG, FGV) PSV, RD The fuzzy risk matrix is used for risk estimation and assess-
Automatic deluge s y s t e m (Ads) ment of the risk level (Markowski and Mannan, 2008). Fig. 7
Fire brigade (Fb)
shows the surface of fuzzy risk matrix.

FROM QUENCH

Legend
FAL - Fbw Alarm Low
FIC - Flow IndcalngController
FO-FalOpen
F T - Fbw TrarwmiKef
LAL -Level Alarm Low
LCV - Lswl ContiDlIng Valve
LRC - Level Recording Conlroller
LT-Level Transmitter
PAH -Pressure Alarm High
PI - Pressure Indicator
PSV - Pressure Safety Valve
RD-Rupture Disk
TAH ~ Temperatuna Alarm High
TCV - Temperature Ccntroling Valve
TIC - Temperature Indicating
Controller
Tl -Temperature Indicator
TT - Temperali^e Transmitter
V -Valve

Fig. 8 - Hexane distillation installation.

210 P R O C E S S S A F E T Y AND E N V I R O N M E N T A L P R O T E C T I O N 89 ( 2 0 1 i) 205-213

InihaUng Bv«nl (IE) Oulcoma «veni (OE)

G Failure of ov«r-
prassure protect.

G
Fife eniir^gu'shed
I0E1)
YES

CoTKlensar Loss of
ruplufe cookng Fir« «xbr>guish«d
YES (0E1)
YES -

G Fouling NO
Pool Km and
faUdUM (0E2}
YES
NO

NO
Poo) fir» (0E2b

Corrosion
h YES
Sp.ll /
disparaion (OE3)

V C E / F F and
ffHalllM (0E4)
YES
NO

ï>
Mec^ancal
Ualenal dalect NO NO Vapour ctoud
failur«

flash nn (0E4b)
Outflow
Human arTor
blockage
Failure of NO Spill /
pump P-06 dispersion (OE3)

Fig. 9 - "Bow-tie" accident scenario model.

As an output of fuzzy risk matrix, fuzzy risk set and its vapour cloud explosion (VCE) or flash fire (FF) when late igni-
defuzzified crisp value are obtained for the combined outcome tion (LI) takes place.
frequency (FOE) and the highest severity of the consequences The minimal cut sets equations of TE and OEs obtained
(S). These are the results of the analysis. from the "bow-tie" model are as follows.

MCSTE = ABC + ABG + ABH + ABD + ABE + ABIJ

5. Case study of the accident scenario in a
distillation unit -l-ABFK-l-ABFL-hM + N - h O (4)

A hexane distillation unit was chosen for a better description

of the above mentioned method. In Fig. 8 the hexane distilla-
tion installation is presented.
Table 1 gives safety and protection systems of the instal-
lation divided into 3 safety layers: prevention, protection and
mitigation.
5.1. Identi/ication of the representative "boiu-tie"
accident scenario
The distillation unit was reviewed in HAZOP where possi-
ble accident scenarios were identified. For simplification one
representative loss event scenario, named the catastrophic
hexane release, is taken into account. The loss event scenario
is further analyzed with the use of the "bow-tie" model which
is shown in Fig. 9.
As can be seen, there are two OEs in which fatalities can
occur: pool fire (PF) in case of immediate ignition (II) and
MCSoE2 = TE . II • Ads • Fb • enCE (5)
= TE . ÏÏ. LI. Ads . enCE (6)
5.2. Frequency calculation with the use of fuzzy logic
concept
The assumptions connected with the calculations of fuzzy
sets according to the MCS Eqs. (4)-(6) are presented in
Tables 2 and 3. The frequency/probability numbers are
obtained based on look-up tables developed by LOPA book
(CCPS, 2001) and experts' knowledge and experience. They are
presented in a form of fuzzy sets chosen from normalized
fuzzy numbers scale (Fig. 5) for IEs and in a form of tradi-
tional variables for CEs. Calculations of fuzzy sets follow the
fuzzy algebra principles (Dubois and Prade, 1980). The appli-
cation of the MSC equations into LOPA makes it possible to

NA
Risk levels:
A- acceptable
TA- tolerable acceptable
TNA- tolerable not acceptable
NA - not accpetable

safety goal

Fig. 10 - Crisp risk value membership to fuzzy risk sets.

 P R O C E S S S A F E T Y AND E N V I R O N M E N T A L P R O T E C T I O N 89 ( 2 0 1 i) 205-213 211

Table 3 - Standard probability numbers for CEs.

t; o <7 Symbol Conditioning event (CE) Probability
X 01 u. u. S
value
II Immediate ignition 0.1
LI Late ignition 0.5
£ 'S Xô Enabling CE Staff in affected area 0.5
^ "O u. u- TH
Fatalities 0.5

analyze all identified accident scenario paths and to estimate

their frequencies.
The frequencies of outcome events and the combined fre-
quency calculations results are presented in Table 4. The cases
in which there are no losses are not taken into consideration.
The combined frequency is calculated for the paths where
o fatalities occur. The mapping of a fuzzy number into a crisp
number (nonfuzzy) is performed with the use of a centroid
u. > a. method in the defuzzification process (Yen and Langari, 1999).

Ö 5.3. Severity 0/ the consequences calculations with the

li a. X
use 0/ the fuzzy logic concept

In the mitigation layer for the catastrophic hexane column

9' '-< release there are two independent safety measures, the first
3 9 to protect against widespread releases from the plant - auto-
matic deluge system (Ads), which is an active system, and
the second to react and provide relief for a rescue action - fire
I> brigade (Fb), which is a community response. Both of them (AS
and CR) have an impact on the severity of the consequences of
0E2 (poolfire),while AS has an influence on the consequences
of 0E4. The results of the mitigated severity of consequences
calculations are shown in Table 5.
Ü

5 22 a. £ k
5.4. Risk index calculation with the use of fuzzy logic
concept
o
5 9
Su
u. _) o. X i-i
_ o The final LOPA risk calculations' result is shown in Table 6.
A defuzzified crisp value (3.17) belongs to two risk sets—TNA
(tolerable not acceptable) and NA (not acceptable) as is shown
in Fig. 10. It gives information that the additional safety mea-
S H CL.
sures are required to make the analyzed installation safe. The
safety goal requires no more than 50% of TA (tolerable accept-
able) and TNA.
Q
3 t X
X o 5.5. An e^ect 0/ the additional safety measures
u. H CL u.
u H
application
O ^
The safety goal can be achieved in two ways. One way to
^ 9 o. X increase the safety of the installation is to increase the reliabil-
ity of the systems which have a crucial effect on the frequency
of TE and finally on the risk level. As indicates the impor-
ss X o
tance of reliability measure of Fussell and Vesely (1972) applied
eu u. r^ to a fault tree, these are the components A—failure of PI,
and B—failure of PSV (Fig. 9). Their failure rates need to be
increased by one order in the relation to previous values, A to
FH (fairly high) fuzzy number and B to M (moderate) fuzzy
number—Case 1. The other possibility to obtain the safety
goal is to add the ignition control measures which reduce the
immediate ignition (II) probability to 0.05 and the late ignition
(LI) probability to 0.1—Case 2. In a Case 3, both possibilities are
considered.
„ i|| Table 7 gives the results with the applied additional safety
r: u. u. S measures being proposed.
212 PROCESS SAFETY AND E N V I R O N M E N T A L P R O T E C T I O N 8 9 ( 2 0 1 i ) 205-213

Table 4 - Results of frequency calculations.

Symbol Event Fuzzy set Crisp value Comment
Left boundary value Mean value Right boundary value
TE Hexane release 0.0030 0.030 0.73 0.18
OEl Fire extinguished 6.00E-06 6.05E-04 0.15 0.024 No losses
0E2 Pool fire and fatalities 7.50E-08 7.56E-06 0.0018 2.96E-04 Fatalities
0E2b Pool fire 6.75E-07 6.80E-05 0.016 0.0027 No losses
0E3 Spill/dispersion 1.35E-06 0.0014 3.29 0.40 No losses
0E4 VCE/FF and fatalities 3.34E-09 3.40E-06 0.0082 0.0010 Fatalities
0E4b VCE/FF 3.04E-08 3.06E-05 0.074 0.0091 No losses
OE Combined consequences 7.84E-08 l.lOE-05 0.010 0.0013 Fatalities

Table 5 - Results of severity of consequences calculations.

Symbol Flammable hexane So Automatic deluge system (Ads)—AS Fire brigade (Fb)—CR SRI (max) S = So — SRImax

FP[ C) Q[ton] E [%] TR [min] SRIAS E [%] TR [min] SRICR

0E2 -22 >100 4.65 70 1 1.30 60 2 0.81 1.30 3.35

0E4 70 1 1.30 1.30 3.35

Table 6- Risk index calculations results.

Symbol Event Crisp frequency, F Crisp severity, S Crisp risk, R Membership to risk set
OE Combined consequences 0.0013 3.35 3.17 TNA—83%, NA—17%

Table 7 - Results of the reduced risk index calculations.

Case no. Symbol of New linguistic Crisp Crisp severity, S Crisp risk, R Membership to
IE/ECE term/probability frequency, F risk set
1 A,B A = FH 7.09E-04 3.35 2.79 TA—20%,
B=M TNA—80%
2 II, LI 11 = 0.05 2.49E-04 3.35 2.41 TA—60%,
LI = 0.1 TNA—40%
3 A, B, II, LI A = FH, B = M 1.39E-04 3.35 2.34 TA—66%,
11 = 0.05, LI = 0.1 TNA—34%

As can be seen, the satisfactory effect is obtained for the
Cases 2 and 3. In both of them the additional ignition con-
trol measures are applied. Further reduction of the risk index
requires more research to obtain an acceptable risk level (A-
TA).
6. Conclusions
Among different qualitative models used for the presentation
of accident scenario, the "bow-tie" approach is considered to
be the best pictorial display of the relations between the vari-
ous hazards (causes), enabling events, safety systems and the
consequences. This model can introduce entire set of path
events which can be used for all possible accident scenarios.
This is a basis for the identification of the safety systems and
tasks which control the worst case accident scenario as well
as other contributing scenarios. Such an approach increases
benefits in the risk management process.
A quantitative application of the "bow-tie" model carries
obvious weaknesses which are met in the quantitative fault
and event tree analysis. In majority, it concerns the input reli-
ability data that may not be available or may be imprecise and
vague.
The lack of knowledge and the encountered uncertainties
may be successfully improved by the fuzzy logic application. It
enables the usage of uncertain, qualitative input data provided
by expert to convert them into specific, precisely determined
outputs.
The presented case study proves that calculations with the
use of fuzzy logic provides more realistic value of risk index
and offers an advantage with respect to the traditional single
point estimate. Besides, fuzzy logic may be quite successful
in precise determination of additional safety measures which
are essential to achieve the safety goal.
The proposed hybrid approach ("bow-tie" model, fuzzy
logic and LOPA) enhances management of the protection lay-
ers, however, it requires the application of computer-aided
analyses which may be in conflict with a simplicity of LOPA.
References
Bowles, J.B., Pelaez, C.E., 1995. Application of fuzzy logic to
reliability engineering. Proc. IEEE 80 (3), 435-449.
CCPS, 2001. Layer of Protection Analysis: Simplified Process Risk
Assessment. AIChE.
Dianous, V., Fievez, C, 2005. ARAMIS project: A more explicit
demonstration of risk control through the use of bow-tie
diagrams and the evaluation of safety barrier performance. J.
Hazard. Mater. 130, 220-233.
Dubois, D., Prade, H., 1980. Fuzzy Sets and Systems—Theory and
Applications. Academic Press.
Fussell, J.B., Vesely, W.E., 1972. A new methodology for obtaining
cut sets for fault trees. Trans. Am. Nucl. Soc. 15 (1), 262-263.
 PROCESS SAFETY AND ENVIRONMENTAL PROTECTION 89
Markowski, A.S., 2006. Layer of Protection Analysis for the
Process Industry. Polish Academy of Science (PAN), Branch
Lodz, ISBN: 483-86-492-36-8.
Markowski, A.S., Mannan, M.S., 2008. Fuzzy risk matrix. J. Hazard.
Mater. 159,152-157.
Markowski, A.S., Mannan, M.S., 2009. Fuzzy logic for piping risk
assessment (pfLOPA). J. Loss Prev. Proc. Ind. 22, 921-927.
Markowski, A.S., Mannan, M.S., Bigoszewska, A., 2009. Fuzzy logic
for process safety analysis. J. Loss Prev. Proc. Ind. 22, 695-702.
(201 i) 205-213 213
Markowski, A.S., Mannan, M.S., Kotynia (Bigoszewska), A., Siuta,
D., 2010. Uncertainty aspects in process hazard analysis. J.
Loss Prev. Proc. Ind. 23, 446-454.
Pokorádi, L., 2010. Application of fuzzy set theory for risk
assessment. J. KONBiN 2-3 (14/5), 1895-8281.
Singer, D., 1990. A fuzzy set approach to fault tree and reliability
analysis. Fuzzy Sets Syst. 34,145-155.
Yen, J., Langari, R., 1999. Fuzzy Logic, Intelligence Control and
Information. Prentice Hall PTR, Upper Saddle River, NJ.
Copyright of Process Safety & Environmental Protection: Transactions of the Institution of Chemical Engineers
Part B is the property of Elsevier Science and its content may not be copied or emailed to multiple sites or
posted to a listserv without the copyright holder's express written permission. However, users may print,
download, or email articles for individual use.