Professional Documents
Culture Documents
Print 1 62 Min
Print 1 62 Min
Print 1 62 Min
Hansson and Aven (2014). Is risk analysis scientific? Risk Analysis, 34 (7), 1173-1183 Swuste, P. et al. (2020). The future of safety science. Safety Science, 125, 104593.
11 12
The focal point of safety science Safety?
Residual risks • What is Health? • What is Safety?
• Absence of illness/sickness • Absence of accidents
• How to measure and • How to measure and
maximize? maximize?
Reliability
• Check for any illness or • Check for any accident
Human factors
sickness causing situation - RISK
• Avoid unhealthy conditions • Minimize Risk
• Do regular checkups • Monitor and Manage Risk
• Safety I promotes the general solution, known as • Safety I is the causality credo.
‘find and fix’.
• Safety I promotes a bimodal view of work and • The systems are decomposable into their
activities. constituent parts.
Hollnagel E., Wears R.L. and Braithwaite J. From Safety-I to Safety-II: A White Paper. The
Resilient Health Care Net: Published simultaneously by the University of Southern Denmark, University of 15 16
Florida, USA, and Macquarie University, Australia.
Rapid technological developments The reasons why things work again!
• Replace ‘fallible’humans Some Navy aircraft were ferrying missiles from • Some degrees of variability, flexibility, or
with ‘less fallible’ one point to another. One pilot executed a
technology. planned test by aiming at the aircraft in front adaptivity are required for the system to work.
(as he had been told to do) and firing a dummy
• Problems are selected missile. Apparently nobody knew that the
based on just one criterion: “smart” software was designed to substitute a
• Human makes mistakes but we also provide the
whether they are ‘solvable’ different missile if the one that was
with a nice and clean
commanded to be fired was not in a good capacity of variabillity, flexibility, or adaptivity.
position. In this case, there was an antenna
technological solution at between the dummy missile and the target, so
our disposal. the software decided to fire a live missile
located in a different (better) position instead.
• We must accept that the
What aircraft component(s) failed here?
systems today are
increasingly intractable.
17 18
Smith, D. et al. (2017). Understanding industrial safety: comparing fault tree, Bayesian network, and FRAM
19 approaches. Journal of Loss Prevention in the Process Industries, 45, 88-101. 20
Things that go right and things that go wrong
Transition to Safety II
happen in the same way!
• Focusing on the lack of safety does not show us
which direction to take to improve safety.
Hollnagel E., Wears R.L. and Braithwaite J. From Safety-I to Safety-II: A White Paper. The
Resilient Health Care Net: Published simultaneously by the University of Southern Denmark, University of
21 Florida, USA, and Macquarie University, Australia. 22
23 24
The mechanism and foundation of Safety II Comparision between Safety I and Safety II
Safety I Safety II
Definition of safety That as few things as possible go That as many things as possible go
• Performance variability rather than bimodality worng right
Safety management principe Reactive, respond when something Proactive, continously trying to
• Emergence rather than causality happens or is categorized as an
unacceptable risk
anticipate developments and
events
View of the human factor in safety Humans are predominantly seen as Humans are seen as resource
management liability or hazard. They are a necessary for system flexibility and
problem to be fixed. resilience. They provide flexible
solutions to many potential
problems.
Accident investigation Accidents are caused by failures Things basically happen in the same
and malfunctions. The purpose of way, regardless of the outcome.
an investigation is to identify the The purpose of an investigation is
causes. to understand how things usually
go right as a basis for explaining
how things occasionally go wrong.
Risk assessment Accidents are caused by failures To understand the conditions
and malfunctions. The purpose of where performance variability can
an investigation is to identify causes become difficult or impossible to
and contributory factors. monitor and control.
Casality Emergent
25 26
Risk?
Risk management is not only a matter of financial risk.
29 30
31 32
What do engineers do? -Engineering as a What is the most important thing to you as an engineer?
word
Bhopal accident, 1984.
• It is commonly agreed that that term engineer and by extension Immediate death of 2258
engineering comes from the root-word, gene. genə-, also gen-, is
a Proto-Indo-European root meaning "give birth, beget" (You may Ensure “Safety”
find evidence of this root in Sanskrit, Greek and later Latin)
Minimize “Risk”
33 34
Adopted from The Bhopal Plant Disaster, IDEESE Case Study Series, © 2008 IDEESE
35 36
Some facts of the Bhopal accident Contributing factors…
37 38
Adopted from The Bhopal Plant Disaster, IDEESE Case Study Series, © 2008 IDEESE Adopted from The Bhopal Plant Disaster, IDEESE Case Study Series, © 2008 IDEESE
39 40
Risk = Expected loss Events/Scenarios S, Consequences C, Probabilities P
Risk = F (S(C,P))
Risk= Probability ☓
Consequence
41 41 42
• “Head”: +50 Euro • Assumption 1: The platform jacket structure will withstand a ship collision
energy of 20 MJ
• “Tail”: - 10 Euro
• Assumption 2: There will be no hot work on the platform
• Assumption 3: The reliability of the blowdown system is R
• Assumption 4: There will be N crane lifts per year
• …
• ….
• What is your risk?
• …
• Asumption 50:…
• (C,P)
• -10, 1/2
This risk is based on an assumption:
- The coin is fair!
43 44
Main problems with the risk definition Risk perspective
1. Assumptions can
2. Presume Proabability-based
conceal important
existence of
Knowledge dimension Surprises
aspects of risk and
probability models
historial data
uncertainties
3. The probabilities
can be the same
but the knowledge Probabilities, historial Knowledge,
4. Suprises occur
they are built on data, risk matrics surprises
could be strong or
weak
45 46
47 48 48
Risk Dynamic Risk
Conceptual
Conceptual Design • Risk
• Risk
Design
FEED • Risk
Risk= F{s(c, f)} Dynamic Risk= F{s(c, p, k),t}
Detailed
FEED • Risk design
• Risk
49 49 50
Yang, M., Khan, F., Lye, L. (2013). Precursor-based hierarchical Bayesian approach for rare event frequency
estimation: a case of oil spill accidents. Process Safety and Environmental Protection, 91(5), 333-342. 51 52
Examples of hazards Definition of hazard (danger or threat)
• Oxford English Dictionary: (Exposure to) • Safety is the state of being "safe" (from
the possibility of loss, injury, or other French sauf), the condition of being
adverse or unwelcome circumstance; a protected from harm or other non-
chance or situation involving such a desirable outcomes.
possibility. • Safety can also refer to the control of
• Risk of an undesired event is a function recognized hazards in order to achieve
of the probability of the event and the an acceptable level of risk.
effect of the event. It is closely related to
uncertainties in variables.
55 56
Analogy between exact sciences and
Definition of security industrial practices
• Also called social safety or public safety, Healthy person Healthy organization
security addresses the risk of harm due
Optimized
to intentional criminal acts such as Medicine production
assault, burglary or vandalism.
Optimized
• Security is of higher importance to many Biochemistry
management
people than safety. For example, a death
due to murder is considered worse than a Chemistry Sustainability
59 60
The crocodile metaphore Types of barriers
Eliminate hazard
61 62
• Describe (physically) how the failure of a • The real root causes can in most cases
system, process or structure occurs be traced back to a human- or
• The failure mechanisms of a relay which organizational factor, e.g. design failure,
may fail to open or close contacts on operational errors, management failures,
demand: maintenance induced failures,
– corrosion, welding of contacts due to an specification failures, etc.
abnormal electric current, return spring
fatigue failure, unintended command failure,
dust accumulation and blockage of
mechanism
63 64
The engineering risk management process
Risk management methods in general
Problem and
• Systemic thinking: the whole is primary contexts
definition
Risk
• Analytic thinking: the parts are primary communication
and the whole is secondary (static, linear, Identification
simple cause-consequence relationships, Implementation
of interventions
and
consideration of
options
additivity of elementary properties).
Choice of
strategy
65 66
Identify risk
Analyse sensitivities
• Approaches scenarios
67 68
Define context and criteria Methods for hazard identification
69 70
Probability Probabilities
71 72
Data sources for probability Consequence analysis
73 74
75 76
Individual Risks near Airport Schiphol
Restricted area Blue = 10-6
Restricted area Red = 10-5
• For the acceptance of an activity it has
been set that the increase of the probability
Mitigation measures
of decease may not exceed 1 %. The Restricted area 1 is called
maximum allowed probability of decease demolition zone
• No building of new
for an activity is then 10-6. houses;
• No building of new
offices and industrial
buildings/factories;
10-6 in a year • Existing houses are
Pfi £ purchased and
Pd fi
demolished on a
voluntary basis;
77 78
79 80
Acceptable RISK? ALARA principle Consequence analysis
As Low as Reasonably Achievable
Intolerable region Risks have to be excluded • Purpose: To assess the extent of damage
• Typical Hazard
• Toxic Release, Fire and Explosion
ALARA or Acceptable only if further • Modelling of hazard scenario
tolerable region reduction is impossible or too
expensive
– Toxic Release: Source (Release) Model, Dispersion
– Fire and explosion: Source Model, Fire and Explosion,
Heat Dispersion
Broadly acceptable region Prevent that the risk increases – Fatality Assessment: Probit Analysis
– Nonfatal Consequence: Skin-burn, Property damage
81 82
83 84
CFD Modeling
FLACS – a CFD fire and explosion software
qThe common method of estimating the overpressure caused by an
explosion (Multi-Energy method and TNT-Equivalence method) assume that
the blast generated is similar in all directions with no directional effects.
However, these methods do not take into account factors such as:
–Directional effects
–Focusing effects
–Reflection effects
–Factors related to the source of the explosion (e.g. initial strength,
shape)
Thus, Computational Fluid Dynamics (CFD) modeling has been introduced
to allow for the better predictions of the strength of blast waves generated
by gaseous explosions.
85 86
•Risk Management
– Strategies
– How far do you need to go
– Acceptance
87 88
Risk management strategy? A case study
• All we have to do is get the numbers right.
• All we have to do is tell them the numbers.
• All we have to do is explain what we mean by
the numbers.
• All we have to do is show them that they’ve
accepted similar risks in the past.
• All we have to do is show them that it’s a good
deal for them.
• All we have to do is treat them nice.
89 90
Thank you!
Group discussion
Lecture 2 of TPM024A
1 2
3 4
Checklist
5 6
HAZOP
HAZOP
• HAZOP was developed by Lawley (1974) of
• HAZOP is a simple structured
ICI. Based on early account by Elliott & Owen
methodology for hazard identification and
(1968).
assessment, PI&D's, PFD, material flow
• Hazop studies are carried out by an diagrams, and operating manuals are
experienced, multidisciplanary team. examined to identify causes and
• Review all physical aspects of a process consequences for all possible deviations
(lines, equipment, instrumentation) to from normal operation that could arise.
discover potential hazards.
7 8
PRINCIPLES OF HAZOPS
Principles of HAZOP
Concept GUIDE WORDS*
NONE
•Systems work well when operating under design conditions.
MORE OF
•Problems arise when deviations from design conditions occur.
LESS OF
PART OF
Basis
MORE THAN
•a word model, a process flow sheet (PFD) or a piping and
OTHER
instrumentation diagram (P&ID)
•Process conditions More recent computerization techniques use a Standard Set Of Generic Deviations
•activities For Specific Section Types. See Dev'ns tab for examples.
•substances
•time
•place
11 12
Deviations Generated by Each Guide Word Common HAZOP Analysis Process
Guide word Deviations Parameters
13 14
The flowsheet shows that raw material streams A and B are transferred
C
b y
pump to a reactor, where they react to form product C. Assume that the
flow rate of B should not exceed that of A. Otherwise, an explosion may
occur. Let’s consider the flow of A in line 1:
FB £ FA
NONE No flow of A
MORE Flow of A greater than design flow
LESS Flow of A less than design flow
AS WELL AS Transfer of some component additional to A
PART OF Failure to transfer a component of A
REVERSE Flow of A in a direction opposite to design direction
OTHER THAN Transfer of some material other than A
15 16
Hazop Select a process
section or
Prepare for the Review Flow operating step
Attitude
Select a process Repeat for all
Preparation Meeting Leadership
variable or task process variables
HAZOP
Review By Documentation Follow-up Apply guide word Repeat for all
to process variable guide words
Team
Table
List possible Assess acceptability
causes of of risk based on
deviation consequences
Deviation Causes Consequences Safeguards Action
Identify existing
safeguards to
prevent deviation
17 18
19 20
HAZOP Example Standard Set of Deviations
To Compressor Inlet ID No. Deviation Column Vessel Line Exchanger Pump Compressor
1 High Flow X
2 High Level X X
LAH
FV Teams tend to quickly identify alarms, shut-downs 3 High Interface X
1 and controls, and claim them for safeguards. 4 High Pressure X X X X
5 High Temperature X X X X
An alarm not tested may not work when called upon 6 High Concentration X X X
Inlet Line to do so. 7 Low / No Flow X X
LIC
1
8 Low Level X X
Nuisance alarms are frequently bypassed and are 9 Low Interface X
not effective as safeguards. 10 Low Pressure X X X X
11 Low Temperature X X X X
Often operators are not monitoring control panel.
12 Low Concentration X X X
13 Reverse / Misdirected Flow X X
Valve in manual Automatic control routines are often set in manual
14 Tube Leak X
mode.
15 Tube Rupture X
16 Leak X X X X X X
17 Rupture X X X X X X
21 22
25 26
27 28
FMEA FMEA
Why
– Methodology that facilitates process A structured approach to:
improvement
– Identifies and eliminates concerns early in the – Identifying the ways in which a product or
development of a process or design process can fail
– Improve internal and external customer – Estimating risk associated with specific
satisfaction causes
– Focuses on prevention
– Prioritizing the actions that should be taken to
– FMEA may be a customer requirement (likely
contractual) reduce risk
– FMEA may be required by an applicable – Evaluating design validation plan (design
Quality Management System Standard (possibly FMEA) or current control plan (process
ISO) FMEA)
29 30
33 34
35 35 36 36
FMEA Inputs and Outputs An example-seat belt installation process
Inputs Outputs
37 38
Example
Possible failure
Light does not turn on
modes? Light does not turn off
39 40
What if Analysis Examples of What-if Analysis Questions
41 42
Dow Fire and Explosion Index When should one perform an FEI?
• The Dow FEI is a ranking system that gives a
relative index to the risk of individual process
units due to potential fires and explosions. • Late in Phase III Engineering after:
• It serves as a guide for the selection of fire and – P&IDs have been completed,
explosion protection methods. – Equipment has been sized,
• It assists in determining the spacing between – A trial equipment layout has been done
adjacent process units within the ISBL.
• It is a guide for insurance agencies to set
insurance rates.
• It ranks individual process units where special
safety attention can be focused.
43 44
Who Usually Performs the FEI? Material factor estimation
45 46
47 48
Special Process Hazard Special Process Hazards Factors
49 50
51 52
Process Unit Hazard Factor Determination of FEI
• The process Unit Hazard Factor is the • Once that the Material Factor and The
product of the General Process Hazard Process Unit Hazard Factor have been
Factor and the Special Process Hazard calculated, the Fire and Explosion Index can
Factor. The Hazard Factors are be estimated. Fire & Explosion Index =
multiplied, instead that summed, because (Process Unit Factor) x (Material Factor)
generally there are a compounding effect • The Fire and Explosion Index is used for
between them. The Process Unit Hazard estimating the damage would probably result
Factor is commonly present in the range from an incident in a process plant. The FEI
1 up to 8. If the final calculation gives a estimates the harm caused by the potential
loss of control of the process. The direct and
Process Unit Factor greater than 8, use a indirect effect of a fire/Explosion increase
maximum of 8. with the degree of hazard related to the FEI.
53 54
consequences is
• Termination paramount in Incident
designing safety in to COUSES
systems.
Accident
59 60
Unsafe Act
Causes for Accident
Any act that deviates from a generally recognized safe way
or specified method of doing a job and increases the
• Accidents cannot be attributed to a single Potential for an accident, or the activities that contribute to the
cause, are the end result of a number of accident
failures or mistake, caused by occurrence Examples:
• Operating without work permit or inadequate work permit
of chain of errors. • Operating at unsafe speed
• Process accidents are mainly caused by • Poor maintenance or error due to maintenance
• Poor inspection
three causal factors • Rendering safety devices inoperative
• Unsafe Act • Using unsafe equipment, or using it unsafely
• Unsafe methods e.g. loading, carrying, mixing
• Unsafe Condition • Adopting unsafe position or posture
• Working on moving or dangerous equipment
• Management and organizational • Horseplay e.g. distracting, teasing, startling
failures • Failure to wear PPE
• Lack of concentration; fatigue or ill health
• Human Factors
61 62
63 64
Unsafe Act/Unsafe condition/ Management Accident Investigation and Accident
and organizational failure Prediction Model
• It is important to understand the causes of accidents in
complex systems and to develop preventive strategies
Accident potential is to mitigate the occurrence.
increased when these
Management &
three factors occur Organizational factor
• Accident models provide a conceptualization of the
characteristics of the accident, which typically show the
simultaneously. Of relation between the causes and effects.
course, this is not to say
Accident
that one of factor alone Potential • Accident model explain why and how accidents occur,
could not result in an Unsafe and are used as technique for risk assessment during
Unsafe
Condition system design and development.
accident. Act
65 66
67 68
Domino Theory
Domino Theory
Five factors in sequence leading to an
accident:
“Industrial Accident Prevention” 1. Ancestry and social environment. Negative
character traits that may lead people to
behave in an unsafe manner can be inherited
(ancestry) or acquired as a result of the social
environment.
2. Fault of person. Negative character traits,
whether inherited or acquired. It looks into why
people behave in an unsafe manner and why
Social Fault of the
hazardous conditions exist.
Unsafe Act
Environment Person or Accident Injury 3. Unsafe acts and mechanical or physical
and Ancestry (Carelessne Condition
ss) hazards. Unsafe acts committed by people
and mechanical or physical hazards.
Mistakes of Human 4. Accident. caused by an unsafe act, an unsafe
condition
5. Injury. Typical injuries resulting from accidents.
69 70
71 72
Epidemiological accident models Systemic accident model
• Systemic accident models describe the
• Epidemiological models describe an accident characteristics on the system level, rather than on
analogues to the spreading of a disease, i.e. as the
outcome of a combination of factors, some manifest the level of specific cause-effect ‘mechanism’ or
and some latent, that happen to exist together in even epidemiological factors.
space and time. • In systemic models, an accident occurs when
• The Epidemiological models can be seen as more several causal factors (such as human, technical,
powerful ways of understanding accident and differ and environmental) exist coincidentally in a specific
from the sequential accident models on four main time and space.
points.
– Performance deviations: help to understand how • Systemic models view accident as emergent
production system gradually deteriorates from normal phenomena, which arise due to the complex
state into a state where an accident occurs interactions between system components that may
– Environmental conditions lead to degradation of system performance, or result
– Barriers: prevent the unexpected consequences from in an accident.
occurring, and which in a sense could stop the
development of accident at the last moment. • Systemic models have their roots in systems theory.
– Latent failures : present within the system well before the • Example: STAMP (Systems-Theoretic Accident
onset of recognizable accident sequence Model and Processes) model
• Example : Swiss Cheese Model
73 74
77 78
• The defensive barriers are like dynamic slices • The model is a holistic and quantitative
against the accident and incidents, with the holes using reliability techniques.
constantly subjected to changes in size and
location. • It is capable of predicting occupational
• When the lines up, meaning that all the defenses accident frequency focused on offshore oil &
fail and a system’s latent vulnerabilities are gas environment
exposed, then the incident occur. • The model development has included the
• A significant attribute of the Reason’s model is that identification of constituent factors and the
each of the contributing factors is seen as determination of their interrelationships.
necessary but not sufficient on its own to cause the
occurrence of an accident. • These factors include direct factors,
• This technique is currently being used in the many cooperate factors, and external factors.
industries, especially aviation industry to prevent • The influences of external elements on
accident due to human error.
• Swiss Cheese Model representation for an accident
corporate actions and corporate actions on
has been applied predominantly to occupational the direct accident process are also included
accidents. in a quantitative manner.
85 86
89 90
• The process accident model is proposed based on Management & Organizational Barrier (M&OB)
the following consideration and Kujath et al. (2010) Human Factor Barrier (HFB)
approach;
– Accidents are events resulting from a series of failures or Damage
errors; i.e. accidents cannot be described by using a single Release Dispersion Ignition Escalation Control &
cause. The causal relationship of the accident process is Normal Prevention Prevention Prevention Catastrophic
represented by causal chains or networks. operation Preventio Emergency Accident
– The accident sequential path can be blocked by applying a Barrier Barrier Barrier
suitable barrier. In doing so, the severity of undesired n Barrier management
(RPB) (DPB) (EPB) Barrier
consequences can be prevented, controlled, or mitigated. (IPB)
– Releases of material or energy and/or process upsets are (DC&EMB)
considered as initiating events.
– The performance (failure or success) of a safety function
determines the progression of the accident process; i.e. the Human Factor Barrier (HFB)
accident is described as one or more barriers that have failed.
– Management and organizational and human elements are Management & Organizational Barrier (M&OB)
influenced during all stages of the accident process.
Therefore, these two factors are considered as common
influencing factors.
97 98
101 102
Barrier thinking
Barrier-based approach
103 104
What are barriers?
105 106
107 108
Controls – important considerations Who should be involved?
109 110
Thank you!
What is the Bow Tie model?
Start
Prevention Mitigation
here
Questions?
What is QRA
Gains vs. Loss
Gain
• Systematic methodology to assess risks
Option 1 Option 2
€5000 Toss a coin
associated any installation
If head, €10000 – Taking into consideration all forms of hazards
– Uses design information and historical data to
Loss estimate frequency of failure
Option 1 Option 2 – Uses modelling software to assess consequence
Toss a coin
-€5000
If head, -€10000 • Where/when is QRA needed
– CIMAH 1989 – part of CIMAH safety report
– EQA 1985 – a section under EIA
How to translate this into risk management?
– Directive 96/82 (Seveso II Directive)
3 4
Risk = Severity x Likelihood Risk = Expected loss
5 6
Risk perspective
Events/Scenarios S, Consequences C, Probabilities P
Rsik = F (S(C,P))
7 8
The risk concept
How to represent the risk here?
Uncertainty
Knowledge,
data,
information
9 10
Methodology
Introduction to System Safety Analysis
Hazard Identification
Consequence
Frequency Analysis Analysis
Risk Management
11
12 12
Hazard Identification Checklist
13 14
HAZOP
15 16
Principles of HAZOP HAZOP DISPLAY
Concept
•Systems work well when operating under design conditions.
•Problems arise when deviations from design conditions occur.
Basis
•a word model, a process flow sheet (PFD) or a piping and
instrumentation diagram (P&ID)
Method
•use guide words to question every part of process to discover what
deviations from the intention of design can occur and what are their
causes and consequences may be.
17 18
It is an examination of individual
component such as pumps, vessels,
valves, etc. to identify the likely failures
which may have undesired effects on
system operation
https://www.lihoutech.com/
19 20
The FMEA Form FMEA Example
Possible failure
modes?
FMEA software
23
https://www.softexpert.com/produto/fmea/ 24
Probability Assessment Fault Tree Analysis
25 26
Gas
leakage Gas
Explosion leakage
Explosion
http://cliparto.com/image/3033157-rusted-valve-of-outdoor-pipeline/
27 27 28 28
Fault Tree Analysis: a Systematic
Basic Fault Tree Structure
Deductive Process
29 29 30 30
No light
No light Battery
failure
Contact
failure
33 33 34 34
35 35 36 36
Basic Fault Tree Structure The Four Necessary Steps to
Begin a Fault Tree
1. Define the undesired event to be analyzed
(the focus of the FTA)
2. Define the boundary of the system
(the scope of the FTA)
3. Define the basic causal events to be
considered (the resolution of the FTA)
4. Define the initial state of the system
37 37 38 38
39 39 40 40
(not E)= (1 – E): The event that “E does not occur.”
(A & B) = ( A Ç B) : The event that “both A and B occur - intersection”
(A or B)= ( A È B) : The event that “either A or B or both occur - union”
C = AÈ B C = A+ B C is A union B
D = AÇ B D = A´ B D is A intersection B
41 41 42 42
43 43 44 44
Start of BPC FT (1) Continuation of the BPC FT (2)
No power
Motor does supply
not run
Connector A OR
Connector A
OR
A
Connector B Connector B
Battery No Switch
is dead connection malfunction
Motor No power
failed supply
45 45 46 46
Connector A
OR
No Switch
Connector A malfunction
connection Motor Connector B
No power
failed supply
Connector B OR OR
OR
Battery No Switch
is dead connection malfunction
47 47 48 48
Important definitions for FTA Important definitions for FTA
• Cut Set: A cut set is combinations of basic events; if all • Path Set: A path set is a collection of basic events; if none of
these basic events occur the top event is guaranteed to the events in the sets occur, the top event is guaranteed not
occur. to occur.
• Minimal Cut Set: A minimal cut set is one with no • Minimal Path Set: A minimal path set is a path set such that
unnecessary basic event is removed from the set, the if any basic event is removed from the set, the remaining
remaining events collectively are no longer a cut set. events collectively are no longer a path set.
49 50
51 52