Application of Hybrid Fault Tree and Bayesian Networks in Safety

Management of Oil and Gas Subsea Production Infrastructure

Abe Nezamian1, a
1
WorleyParsons
a
abe.nezamian@worleyparsons.com,

ABSTRACT

Loss of hydrocarbon containment and subsea system failures are among the most undesired and costly
incidents during operation of offshore oil and gas production facilities. The incidence of leaks and
subsea production system failures, together with the regulatory requirements for plans to manage
ageing has galvanised considerable effort and has consolidated an enhanced understanding of the
nature of failure events and their consequences. The dynamic nature of these incidents, resulting from
rapidly changing physical parameters, operational conditions/parameters and time-dependent
degradation mechanisms, necessitates techniques capable of considering time dependencies and
changes during the lifecycle of the operating life of the subsea systems. The challenge is to estimate
the reliable probability of a critical event, leading to a catastrophic failure. The rarity of the event
makes it unlikely that sufficient data exists to determine the frequency of the event. The present work
is aimed at demonstrating the application of Hybrid Bayesian network methods in conducting a risk
analysis and prediction of time of failure with an adequate confident level for the subsea production
system during the operation. Considering the former method, fault trees and an event tree are
developed for potential incident scenarios. In the latter method, firstly, individual Bayesian networks
are developed for the incident scenarios and secondly, an object-oriented Bayesian network is
constructed by connecting these individual networks. The Hybrid Bayesian Network (HBN) method
provides greater value than the other common risk assessment method since it can consider common
cause failures and conditional dependencies along with performing probability updating and
sequential learning using incident precursors.

KEYWORDS: Hybrid Bayesian Network, Safety Management, Subsea Systems, Catastrophic

Failure, Risk Assessment

1.0 INTRODUCTION
Oil and gas offshore production facilities consist of numerous equipment and unit operations,
thousands of control loops, and exhibit dynamic behavior. Different hazards and several types of risk
are associated with these production facilities. These facilities are prone to devastating accidents
dealing with hazardous material at high temperature and/or pressure. Hence, the implementation of
safety measures followed by a comprehensive risk assessment is crucial to maintain the level of risk
below the acceptance criteria.
One of the main threats in operation of offshore production facilities is perceived to arise from
leaks and failure of subsea production systems or pipelines. Restricted accessibility limits the
inspection regime and very little data exists on the condition of systems functioning in deep water,
particularly in the areas below 1,000 m water depth. The incidence of system failures within the
subsea production systems, together with the regulatory requirements for plans to manage ageing has
galvanised considerable effort and has consolidated an enhanced understanding of the nature of failure
events and their consequences. The challenge is to estimate the reliable probability of a critical event,
leading to a catastrophic failure. The rarity of the event makes it unlikely that sufficient data exists to
determine the frequency of the event. The methodology is not immediately obvious, nor is it what
may be considered to be a classical analysis. Very little data exists upon which conclusions may be
readily drawn. Accordingly, the assessment requires creative thinking and exploration of different
techniques to determine if a bespoke solution is possible, based on the optimal use of the existing data
and the common experience and knowledge.
Risk assessment methodologies such as quantitative risk analysis (QRA), probabilistic safety
analysis (PSA), and optimal risk analysis (ORA) comprise different steps among which incident
scenario analysis is a common task. Incident scenario analysis includes accident sequence modeling
and consequence assessment (Khakzad et al. 2013). Several methodologies have been used for

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

incident scenario analysis, each of which benefits from different techniques. For example, Sklet
(2006) used barrier block diagrams to investigate hydrocarbon release accidents on offshore
platforms.
Delvosalle et al. (2005) used the bow-tie (BT) technique to identify major and reference accident
scenarios in process plants. However, it is difficult to find a single technique to completely capture
different phases of an incident from the beginning to the end, and also being flexible enough to fit a
variety of accidents. Nivolianitou et al. (2004) made a comparison between some selected techniques
such as fault trees, event trees, and Petri nets for accident investigation, considering criteria such as
event sequence, event dependency, and modeling assumptions. It is reported that operation risk (i.e.
risk in offshore production facilities due to leaks and failure of subsea systems) leads to fires and
explosions and greatly contributes to the total risk of offshore installations. Also, reactivity, toxic,
hydrocarbon leaks and mechanical hazards have a significant effect on the total risk of operation of
these facilities in terms of environmental, financial and business reputation. Therefore, it is very
important to identify hazards, perform risk assessments, and take proper initiatives to
minimize/remove hazards and risks; else a catastrophic accident may result. From case histories, it has
been observed that catastrophic accidents have a significant effect on people, environment, and
society.
Among accident analysis models, BT has been well proven to be a reliable and efficient tool, partly
due to its ability to incorporate both causes and consequences of an accident in a graphical model. It
has been widely used in different safety and risk contexts such as process safety analysis (Markowski
et al. 2009), accident risk assessment (Delvosalle et al., 2005, 2006; Dianous and Fievez, 2006;
Gowland, 2006), risk management (Cockshott, 2005), and safety barrier implementation (Badreddine
and Ben Amor, 2010). However, as BT consists of a fault tree and an event tree, it suffers limitations
of both the constituents. Fault trees are also incapable of incorporating multi-state variables, which are
frequently encountered in production systems degradation mechanisms modeling. More importantly,
due to their static structures, fault trees and event trees cannot adapt themselves to the dynamicity of
accidents. In other words, these techniques cannot use the real-time information directly obtained
from a facility to update prior beliefs (i.e. prior failure probability of primary events and safety
barriers). To relax the discussed limitations of the above mentioned approaches, Bayesian inference,
may be used in which uncertainty handling and belief updating are inherent characteristics. In such
approaches, Bayes’ theorem is coupled with standard fault tree (Ching and Leu, 2009), event tree
(Meel and Seider, 2006; Kalantarnia et al., 2009; Rathnayaka et al., 2011), and BT analysis
(Badreddine and Ben Amor, 2010). Although Bayes’ theorem helps to obtain posterior probabilities, it
necessitates identifying likelihood functions, which is a difficult task if it is not a conjugate
distribution to prior probability (Meel and Seider, 2006). On the other hand, the BN not only benefits
from Bayes’ theorem to provide updated probabilities, it also takes full advantage of its flexible
structure to fit a wide variety of incidents. Bobbio et al. (2001), Boudali and Dugan (2005), Montani
et al. (2008), and Khakzad et al. (2011) mapped fault trees into BNs. Recently, Weber et al. (2010)
presented an exhaustive review of BN application in dependability, maintenance and risk analysis,
and also compared BNs with other methods such as fault trees, Markov chains, and Petri nets.
The present study demonstrates how the limitations of BT, resulting mostly from its static
constituents, can be relaxed by mapping it into a corresponding BN. The study also considers various
practical modeling aspects offered by BN, making it a well-suited technique for dynamic risk
analysis.

2.0 HYBRID PROBABLISTIC FAULT TREE ANALYSIS

Structural reliability assessment of a subsea production system includes many uncertainties, such as
existing status, corrosion rates and loads. Classical methods are limited in their ability to consider
correlated relationships, incorporate inspection / repair data and capture time dependencies to provide
both a predictive and diagnostic tool. There are several tools available to incorporate uncertainty or
failure probability estimation into a risk analysis model, including Bayesian Networks and fuzzy logic
networks. Bayesian networks are a generalization of the tree formalism, thus can be readily adapted to
represent fault trees, event trees, or bow-tie models, and therefore are the preferred approach for this
particular application. Thus a hybrid approach is recommended, in which established failure analysis
techniques (e.g. existing bow-tie models) are augmented by novel application of
mathematical/statistical processes. Dynamic Bayesian networks can be used to support time history
predictions through the use of temporal nodes. This allows the behavior of distributions of parameters

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

that change over time to be captured, thus facilitating more degradation mechanisms to be captured
(e.g. corrosion rates) in the predictive model. It is understood that operators are content with their
understanding of the consequences of any failure of the production facilities. This would form the
right hand side of a bow-tie analysis, or the event tree. The industry is not however currently
confident with their knowledge of the left hand side of the bow-tie, or the event tree and this is what
the focus is in this study.
An investigative approach will be taken to ask a series of questions about the possible causes of a
failure that would, in part, be informed by either the current FMECA studies, or a revision of this
current study as outlined above. Further questions would be asked to build a series of smaller steps
between the initial design, or conditions, that would ultimately lead to a failure of the Bypass Line
that will be to build a model that shows the separate routes to failure as well as their probability.
These separate but complementary routes through the Fault Tree will hopefully augment each
other, raising the level of confidence that we have in a final solution that will potentially provide an
answer to the problem of when this pipeline might fail.
2.1 Reliability modelling
There are various reliability modelling techniques that are commonly used to model reliability and
assess the impact of management decision on the reliability model. These include the first-order
reliability method (FORM), second-order reliability method (SORM), first-order second moment
method (FOSM) and Monte Carlo simulation (MC). For this study, due to the complex nature of the
problem and the number of variables, it is not considered practical to approximate the failure domain
by an analytical form; therefore MC simulation is the most viable option and can be readily applied to
the hybrid bow-tie Bayesian network (BT-BN) model. Monte Carlo simulation can be applied to
construct dynamic scenarios of the BT-BN model, which allow tracking and evaluation of barriers and
mitigation activities, allowing cost benefit analysis to be undertaken and assist in justification of
management decisions.
2.2 Bow-tie modelling
It is now broadly accepted that failures, such as that of subsea production systems, occur through the
concatenation of many factors, where each is necessary but may not be sufficient to produce the
failure. Causal models can be developed to estimate these rare events in a coherent and rational way.
These are commonly referred to as ‘Swiss cheese models’, or level of protection analysis (LOPA).
Figure 1 illustrates the LOPA phenomenon.
The concept is that a system is defended by a number of layers of protection, where the role of each
layer is to prevent, detect, control, inhibit or mitigate a hazard. However, each defence layer may
contain holes that represent failures in the defence. Provided that the holes in the cheese do not line
up, the hazard trajectories will be blocked by a successful defence.

Figure 1: Swiss cheese Concept Safety Management Model

Should the holes line up, there is the potential for an accident or incident, or, a critical event to
arise. The two most important ways of modelling risk problems are

 Causal models that lead to the critical event – Fault Trees

 Consequence models contingent on the critical event having occurred – Event Trees

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

 Visually, these two types of model come together as a ‘bow-tie’. The left side of the bow tie is a
fault tree showing the causal mechanisms by which the critical event may occur; the right side of the
bow-tie shows the consequence mechanism. The bow-tie concept is illustrated in Figure 2.

PEi
Ci
IEi

TE

SB1
SB2

Figure 2: Bow-tie model

BT in one of the best graphical approaches to represent a complete incident scenario, starting from
incident causes and ending with its consequences. Typical BT, comprised of different components
such as primary events (PEi), intermediate events (IEi), top event (TE), safety barriers (SBi), and
accident consequences (Ci). It helps to understand which possible combination of primary events will
lead to the top event in the fault tree and which safety function failures will escalate the top event to a
particular consequence in the event tree. For example, the simplified occurrence probability of
consequence Ci in Figure 2 can be assessed as:

1 2 1

where P(TE) is the top event probability, and P(SB1) and P(SB2) refer to the non-failure probability
of SB1 and the failure probability of SB2.

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

3.0 BAYESIAN NETWORKS
Bayesian Networks provide a robust probabilistic method of reasoning under uncertainty. It is
recognized that when integrated with Bayesian Networks, the Swiss cheese model provides a flexible
means of modelling risk in complex situations and systems. Also, fault and event trees can be
represented and manipulated as Bayesian Networks. The application of BNs to FTA offers several
advantages
 Calculations in discrete BNs are exact, whereas classical fault trees are only an approximate
method, called ‘cut sets’, relying far more heavily on subjective measures of analysis.
 Unlike classic FTs, BNs can be used in diagnostic as well as predictive mode. Therefore,
given evidence of failure at the top or intermediate events, it can be diagnosed which of the
primary events is the most likely cause of failure. This is useful in fault finding and accident
investigation.
 FTA requires a definite specification for the state of all variables (i.e. [Open, Closed]),
whereas BNs can be extended to create more realistic models (i.e. [Open, Closed, Half-
open]).
 Classic FTA assumes that primary events are independent, which is seldom the case,
especially in the case of common causes of failure and where components suffer from shared
design faults. BNs enable classical FTA to be extended into dynamic fault tree analysis by
taking account of time when assessing risk.

Complex event tree analysis has also been integrated with Monte Carlo methods to evaluate risk
profiles for consequence mechanisms. This additionally provides a framework within which the cost
benefit of mitigation measures can be evaluated and justified.
In general, BN is a graphical technique that has started to be widely applied in the field of risk
analysis. Known as an inference probabilistic method, BN is composed of nodes, arcs and probability
tables to represent a set of random variables and the conditional dependencies among them. Due to its
flexible structure and probabilistic reasoning engine, BN is a promising method for risk analysis of
large and complex systems. Considering the conditional dependencies of variables, BN represents the
joint probability distribution P(U) of variables U = {A1,….,An}, as:

∏ | 2

where Pa(Ai) is the parent set of variable Ai (Jensen and Nielsen , 2007). Accordingly, the probability
of Ai is calculated as:

∑ / 3

where the summation is taken over all the variables except Ai. The main application of BN is in
probability updating. BN takes advantage of Bayes’ theorem to update the prior probabilities of
variable s given new observations, called evidence E, rendering the updated or posterior probabilities:

, ,
|
,
∑
4
3.1 Fault tree mapping
Mapping from the fault tree into the BN is including a graphical and numerical translation. In the
graphical step, the structure of BN is developed from the fault tree such that primary events,
intermediate events, and the top event of the fault tree are represented as root nodes, intermediate
nodes, and the leaf node in the equivalent BN, respectively. The nodes of BN are connected in the
same way as the corresponding events in the fault tree. In the numerical step, occurrence probabilities
of the primary events are assigned to the corresponding root nodes as prior probabilities. For each
intermediate node as well as the leaf node, a CPT is assigned. CPTs illustrate how intermediate nodes
are related to precedent intermediate or root nodes

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

Figure 3 illustrates thhe hybrid casual logic fraamework and
d the applicaation of HBN
N in developm
ment of
fault treees.

Figure
F 3: Hyybrid Causal logic Framework

4.0 CAS
SE STUDY: PREDICTIV
VE FAILUR
RE MODEL OF
O SUBSEA
A PIPELINE
E SYSTEM
To impllement the previously
p deescribed metthodology, a predictive failure modeel of subsea pipeline
system ccase study was
w selected as a the incideent scenario. The selected
d pipeline suub-system is part of a
risk asseessment, life predicationss and time too failure for 10 systems and 110 subb-systems forr a FPSO
oil and ggas productioon facilities. The subsea production facility incluudes 172 km m flowlines, risers
r and
export liine, 41 km umbilicals,
u 32 operationaal wells and 5 subsea maanifolds withh nominal prroduction
rate of aapproximately 200,000 bo od. The subssea productioon system is located in m
more than 120 00 m in a
very corrrosive enviroonment. Thee risk assessmment was com mpleted baseed on the folllowing inform
mation:

 Condition monitoring
m annd inspectionn data
 Incident reports
 Review of design
d data an nd establish m
minimum accceptance criteria
 Identificatioon of criticaal componennts that do not meet ALARP
A or m
minimum accceptance
criteria

The rrisk assessm fe extension. For the

ment results were used ffor the assett requalification and life
examplee critical subssea pipeline the followinng observatio
ons were mad
de:

 High levels of iron deteccted in produuction monito

oring system
m
 Threats incluuded umbiliccal clogging leading to lo
oss of corrossion protectioon (many occcurrence
was reportedd)
 Mitigation options
o included stoppiing production after 6 hours if cloogging deteccted was
allocated

1st Innternational Confe

erence on Infrastru
ucture Failures annd Consequences (ICIFC2014)
  Need for moore refined predictive
p faiilure models identified an
nd was invesstigated (Fau
ult Trees,
Event Trees, BBN)
 There was minor
m leak incidents reporrted few times

Figure 4 shows two photo o snapshots examples of the repo orted incideent and deg gradation
mechaniisms from thhe subsea insppection by RRemotely Opperated Vehiccles (ROV). The left pho
oto shows
the minoor leak inciddent event th
hat resulted in temporary
y shut down
n of the prodduction facillities and
costly im
mplementatiion of subseea in tubingg repair. Thee right photo shows thee degradatio on of the
pipeline coating systtem.

Figure 4: ROVs snaapshots durin

ng the subseaa inspection

The iincidence off minor leak and system failures witthin the subssea productiion systems, together
with thee regulatory requirements for plans tto manage ageing
a and thhe risk of unnexpected faailure has
galvanissed consideraable effort an
nd has consoolidated an en
nhanced undeerstanding off the nature of
o failure
events aand their consequences to have bett tter planningg in mitigation and alloccation of addequately
planned assurance taask (inspectioon, monitorinng and mainttenance).

4.1 Fault tree for losss of contain

nment
Followinng the incideent descriptiion, a fault ttree was dev veloped to in nvestigate thhe envisaged d incident
scenarioos and the efffectiveness ofo the variouus safety measures. The objective forr following step s is to
convert the developed fault and d event tree iinto a Bayessian network k. Therefore,, in the first phase, a
methodoology is propposed to con nvert fault treees and evennt trees into a static Bayeesian networrk. In the
second phase, a dyynamic Bayeesian networrk is develop ped from th he static Bayyesian network. The
dynamicc Bayesian network
n provides probabiility of a systtem at differeent time-slicces for differeent states
of the system. The probabilitiess are then coombined witth consequen nce modelinng levels to calculate
risk. Thee proposed methodology
m for developm ment of faultt tree is show
wn in Figure 6.
A leaak and failurre of subseaa productionn system occcurs as a ressult of failurre of the ou uter well,
Christmas tree, mannifold, utilityy and controll systems an nd pipeline secondary baarriers. In facct, a leak
can escaalate into faiilure of a sub
bsea producttion system either
e due to
o mechanicall failure (deg gradation
time dependent meechanisms) of o the seconndary barrierrs or due to o non-detecttion (inspecction and
monitoriing) of the leeak and conssequently noot repair or active
a the barrriers into acction. Aside from the
casing aas passive seccondary barrrier which iss present in most
m phases of the operat ation, other seecondary
barriers vary in typee and placem ment during suubsequent ph hases. For ex xample, duriing productio on phase,
a surfacce-controlled sub surfacee safety valvve (SCSSV) and a Chrisstmas tree arre used as seecondary
barriers and inspectiion and monitoring as asssurance task ks and as prim mary barrierrs. To accoun nt for the
effect of primary annd secondarry barriers oon the integrrity of subsea productioon system, it i is also
importannt to determiine the loss of containm ment path. In fact, a loss of o containmeent can rise up u in the
subsea pproduction syystem throug gh various ppaths such ass the operatiional (humann factor and pressure
control malfunction), mechanicaal degradatioon or failuree of a criticcal componen ent of the prroduction
system, corrosion (innternal and external),
e nattural hazards or external accident
a evennts.

1st Innternational Confe

erence on Infrastru
ucture Failures annd Consequences (ICIFC2014)
 Figuree 5: Framewo
ork for the dyynamic Bayeesian network
k based risk assessment
Objecct-oriented Bayesian
B netw work (OOBN N) is a type of BN, com mprising bothh instance nodes and
usual noodes. An insstance node is a sub-nettwork, representing anotther BN. Ussing OOBNss, a large
complexx BN can bee constructed d as a hieraarchy of sub-networks with
w desired levels of ab bstraction
(Kjaerulllf and Maddsen, 2008).. Therefore, model con nstruction is facilitated and commu unication
betweenn the modell’s sub-netw works is morre effectively performeed. Further, the tedious task of
repeating identical structure frragments annd probabilitty tables is alleviated. Instance nodes are
connecteed to other nodes throu ugh interfacee nodes, including inputt and outputt nodes. Inp put nodes
the same proobability vallues as their immediate parents. Thu
accept th us, each inpuut node can
nnot have
more thaan one parennt. In contrast, output noddes are ordinnary nodes, conveying theeir probability values
to other input nodess or affectingg the probabiilities of oth
her usual noddes. Hence, eeach output node
n can
have moore than one child. Figuree 6, Figure 77, and Figuree 8 illustrate, as an exampple, how a BN can be
developeed using a hiierarchy of sm maller and siimpler BNs.
To coonduct risk analysis
a for a subsea prodduction systeem, both the probability and consequ uences of
potential incident sccenarios neeed to be ideentified. Con nsidering a loss
l of contaainment as the most
undesireed among suuch incidentss, its flow rrate and duraation have to be determ mined to estimate the
potential consequencces. Loss of containmentt flow rate ass a function of o time depennds on a widde variety
of geoloogical and teechnical paraameters whiile loss of co ontainment duration
d deppends on thee type of
mitigatioon or emergency response procedurees and contro olling mechaanisms and hhow long it takes for
these miitigation meaasures to ceaase the loss oof containmeent In this stu
udy, howeveer, the emphaasis is on
probabillity estimatioon of loss off containmennt incidents as
a an important factor inn risk-based decision-
d
making, and consequuence analyssis is not covvered. As a part of the sub bsea system failure modeeling, the

1st Innternational Confe

erence on Infrastru
ucture Failures annd Consequences (ICIFC2014)
phase off the degraddation for rissk analysis nneeds to be determined. The reason is that the type and
placemeent of mitigattion barriers for each deggradation meechanisms diiffer from thoose of the prroduction
phase.

Figure 6: Faullt tree for Lo

oss of Containment

Figure 7: Faault tree for in

nternal corro
osion
Dividding the degrradation mech
hanism into sub-group also helps to better
b identiffy the primarry causes
of the leak. In the present paper, risk anallysis framew
work presentted for the ssubgroup off internal
corrosioon as exampple. Also, as
a the subseea system operated
o in deep waterss, both prim mary and

1st Innternational Confe

erence on Infrastru
ucture Failures annd Consequences (ICIFC2014)
secondarry barriers are
a present annd also a neear-balanced corrosion management
m ppolicy is preeferred to
overbalaance the deggradation meechanisms. F Further, requuired information about formation properties
p
and probbability is presumably
p available
a as industry typpical frequenncy. The totaal risk of the loss of
containm
ment equals the
t sum of th
he risk of thee respective degradation
d sub-groups.
s

Figure 8: Bayesian Netw nternal corrossion

work represeentation of in

4.2 Riskk updating

In additiion to offerinng a flexiblee structure annd a robust reasoning
r engine, the maain applicatioon of BN
is in proobability upddating, whichh cannot be ddone by BT unless
u equippped with otheer techniques such as
Bayes’ theorem or physical mo odels. In rissk updating,, the probab bility of an accident sceenario is
updated; the probabiility updating g is performeed in terms of
o posterior probability
p oof event xi giiven new
evidencee. This also helps
h to iden
ntify the mostt probable coonfiguration of events leaading to the evidence
The mosst common type t of evideence used in probability updating
u is knowledge
k about the top event or
ab
consequuences. In thhe present study,
s the pposterior pro
obabilities of
o basic eveents given a loss of
containm ment, i.e., P(x
P i|Consequeence = loss of containm ment), are estimated andd the most probable
configurration of eveents is determ mined. The ffailure rates were then up pdated basedd on historical record
of incideents, inspectiion and cond dition monitooring data.

5.0 CON
NCLUSIONS
In this w
work, risk analysis of the loss of conttainment (leaak) in the sub bsea productition systems has been
investigaated using booth bow-tie and
a Bayesiann network ap pproaches. Bayesian netw work is show
wn to take
priority over bow-tie since it co onsiders com mmon cause failures as well w as condditional depeendencies
among tthe primary events of th he integrity mmanagementt of the subssea system. H However, it is worth
noting thhat BT is gennerally a moore transparennt and straigght forward teechnique thaan BN, particcularly in
situationns where proobability updating is noot required. Also, the BN approachh, as opposed d to BT,
demandss far more expertise
e in terms
t of eithher condition
nal probabilitty extractionn from data resources
r
or network construcction based on causal reelationships between co omponents. IIn the presen nt study,
object-ooriented Bayeesian networrk was used to model th he complex anda interlinke ked domain ofo loss of
containm ment with significant levels of aabstraction. Thus, the model beccame tractab ble, and
dependeencies amongg the model segments
s weere better sho
own, resulting in more efffective modeeling and
communnication withh stakeholderrs. It is also observed th hat using Bay yesian netwoorks to modeel loss of
containm ment events makes
m it posssible to upddate the probaability of losss of containmment and inttegrity of
subsea ssystem as neew informatiion and histoorical perforrmance of the facility orr the similar facilities
becomess available. A Bayesiaan network risk model also helps to identifyy the most probable
configurration of eveents leading to a loss off containmen nt. This study y has highligghted how seequential

1st Innternational Confe

erence on Infrastru
ucture Failures annd Consequences (ICIFC2014)
learning may be effectively applied for probability adapting while considering incident precursors.
The developed model was successfully applied to a case-study, showing an effective method of
decision-making and providing a better vision of risk assessment and asset integrity management
planning.

6.0 REFERENCES
Badreddine, A., and Ben Amor, N., (2010). A dynamic barriers implementation in Bayesian-based
bow tie diagrams for risk analysis. In: Proceedings of International Conference on Computer Systems
and Applications, pp. 1–8.
Bobbio, A., Portinale, L., Minichino, M., and Ciancamerla, E., (2001). Improving the analysis of
dependable systems by mapping FTs into Bayesian networks. Journal of Reliability Engineering and
System Safety 71, 249–260.
Boudali, H., and Dugan, J.B., (2005). A new Bayesian approach to solve dynamic FTs. Proceedings
of Reliability and Maintainability Symposium (RAMS’05), pp. 451–456.
Ching, J., and Leu, S.S., (2009). Bayesian updating of reliability of civil infrastructure facilities based
on condition-state data and fault-tree model. Journal of Reliability Engineering and System Safety 94,
1962–1974.
Cockshott, J.E., (2005). Probability bow-ties a transparent risk management tool. Process Safety and
Environmental Protection 83, 307–316.
Delvosalle, C., Fievez, C., Pipart, A., Casal Fabrega, J., Planas, E., Christou, M., and Mushtaq, F.,
(2005). Identification of reference accident scenarios in SEVESO establishments. Reliability
Engineering and System Safety 90, 238–246.
Delvosalle, C., Fievez, C., Pipart, A., and Debray, B., (2006). ARAMIS project: a comprehensive
methodology for the identification of reference scenarios in process industries. Journal of Hazardous
Materials 130, 200–219.
Dianous, V.D., and Fievez, C., (2006). ARAMIS project: a more explicit demonstration of risk
control through the use of bow-tie diagrams and the evaluation of safety barrier performance. Journal
of Hazardous Materials 130, 220–233.
Gowland, R., (2006). The accidental risk assessment methodology for industries (ARAMIS)/layer of
protection analysis (LOPA) methodology: a step forward towards convergent practices in risk
assessment. Journal of Hazardous Materials 130, 307–310.
Kalantarnia, M., Khan, F., and Hawboldt, K., (2009). Dynamic risk assessment using failure
assessment and Bayesian theory. Journal of Loss Prevention in the Process Industries 22, 600–606.
Khakzad, N., Khana, F., and Amyotte, P. (2013). Dynamic safety analysis of process systems by
mapping bow-tie into Bayesian network. Journal of Process Safety and Environmental Protection 91,
46–53

Khakzad, N., Khan, F., and Amyotte, P., (2011). Safety analysis in process facilities: comparison of
fault tree and Bayesian network approaches. Journal of Reliability Engineering and System Safety 96,
925–932.

Markowski, A.S., Mannan, M.S., and Bigoszewska, A., (2009). Fuzzy logic for process safety
analysis. Journal of Loss Prevention in the Process Industries 22, 695–702.

Meel, A., and Seider, W.D., (2006). Plant-specific dynamic failure assessment using Bayesian theory.
Chemical Engineering Science 61, 7036–7056.

Montani, S., Portinale, L., Bobbio, A., and Codetta-Raiteri, D., (2008). RADYBAN: a tool for
reliability analysis of dynamic FTs through conversion into dynamic Bayesian networks. Journal of
Reliability Engineering and System Safety 93, 922–932.

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)

Nivolianitou, Z.S., Leopoulos, V.N., and Konstantinidou, M., (2004). Comparison of techniques for
accident scenario analysis in hazardous systems. Journal of Loss Prevention in the Process Industries
17, 467–475.
Rathnayaka, S., Khan, F., and Amyotte, P., (2011). SHIPP methodology: predictive accident
modeling approach. Part II. Validation with case study. Process Safety and Environmental Protection
89, 75–88.
Sklet, S., (2006). Hydrocarbon release on oil and gas production platforms: release scenarios and
safety barriers. Journal of Loss Prevention in the Process Industries 19, 481–493.
Weber, P., Medina-Oliva, G., Simon, C., and Iung, B., (2010). Overview on Bayesian networks
application for dependability, risk analysis and maintenance areas. Engineering Applications of
Artificial Intelligence.

1st International Conference on Infrastructure Failures and Consequences (ICIFC2014)