On Cost‐effective Reuse of Components in the Design of Complex Reconfigurable Systems

Design strategies that benefit from the reuse of system components can reduce costs while maintaining or increasing dependability—we use the term dependability to tie together reliability and availability. D3H2 (aDaptive Dependable Design for systems with Homogeneous and Heterogeneous redundancies) is a methodology that supports the design of complex systems with a focus on reconfiguration and component reuse. D3H2 systematizes the identification of heterogeneous redundancies and optimizes the design of fault detection and reconfiguration mechanisms, by enabling the analysis of design alternatives with respect to dependability and cost. In this paper, we extend D3H2 for application to repairable systems. The method is extended with analysis capabilities allowing dependability assessment of complex reconfigurable systems. Analysed scenarios include time‐dependencies between failure events and the corresponding reconfiguration actions. We demonstrate how D3H2 can support decisions about fault detection and reconfiguration that seek to improve dependability while reducing costs via application to a realistic railway case study. Copyright © 2017 John Wiley & Sons, Ltd.     

The design and analysis of AVTMR (all voting triple modular redundancy) and dual–duplex system

In this paper, we design AVTMR (All Voting Triple Modular Redundancy) and dual–duplex system which have a fault-tolerant characteristic, and two systems are compared in the evaluation of RAMS (Reliability, Availability, Maintainability and Safety) and MTTF (Mean Time To Failure).AVTMR system is designed in a triplicated voter technique and dual–duplex system in a comparator, and two systems are based on MC68000. To evaluate system characteristic, Markov modeling method is designed for reliability, availability, safety and MTTF (Mean Time To Failure), and RELEX6.0 tool is used for the calculation of failure rate of electrical components that is based on MILSPEC-217F.In this paper, we can see two systems are more high dependability than a single system, and AVTMR or dual–duplex system can be selected for a specific application system. Especially, because AVTMR and dual–duplex system have high RAMS better than a single system, they can be applied to life critical system such as an airplane and a high-speed railway system.     

Uncertainty quantification in dynamic system risk assessment: a new approach with randomness and fuzzy theory

Quantifying uncertainty during risk analysis has become an important part of effective decision-making and health risk assessment. However, most risk assessment studies struggle with uncertainty analysis and yet uncertainty with respect to model parameter values is of primary importance. Capturing uncertainty in risk assessment is vital in order to perform a sound risk analysis. In this paper, an approach to uncertainty analysis based on the fuzzy set theory and the Monte Carlo simulation is proposed. The question then arises as to how these two modes of representation of uncertainty can be combined for the purpose of estimating risk. The proposed method is applied to a propylene oxide polymerisation reactor. It takes into account both stochastic and epistemic uncertainties in the risk calculation. This study explores areas where random and fuzzy logic models may be applied to improve risk assessment in industrial plants with a dynamic system (change over time). It discusses the methodology and the process involved when using random and fuzzy logic systems for risk management.     

Construction of event-tree/fault-tree models from a Markov approach to dynamic system reliability

While the event-tree (ET)/fault-tree (FT) methodology is the most popular approach to probability risk assessment (PRA), concerns have been raised in the literature regarding its potential limitations in the reliability modeling of dynamic systems. Markov reliability models have the ability to capture the statistical dependencies between failure events that can arise in complex dynamic systems. A methodology is presented that combines Markov modeling with the cell-to-cell mapping technique (CCMT) to construct dynamic ETs/FTs and addresses the concerns with the traditional ET/FT methodology. The approach is demonstrated using a simple water level control system. It is also shown how the generated ETs/FTs can be incorporated into an existing PRA so that only the (sub)systems requiring dynamic methods need to be analyzed using this approach while still leveraging the static model of the rest of the system.     

A fuzzy-logic-based approach to qualitative safety modelling for marine systems

Safety assessment based on conventional tools (e.g. probability risk assessment (PRA)) may not be well suited for dealing with systems having a high level of uncertainty, particularly in the feasibility and concept design stages of a maritime or offshore system. By contrast, a safety model using fuzzy logic approach employing fuzzy IF–THEN rules can model the qualitative aspects of human knowledge and reasoning processes without employing precise quantitative analyses. A fuzzy-logic-based approach may be more appropriately used to carry out risk analysis in the initial design stages. This provides a tool for working directly with the linguistic terms commonly used in carrying out safety assessment. This research focuses on the development and representation of linguistic variables to model risk levels subjectively. These variables are then quantified using fuzzy sets. In this paper, the development of a safety model using fuzzy logic approach for modelling various design variables for maritime and offshore safety based decision making in the concept design stage is presented. An example is used to illustrate the proposed approach.     

Integration of dependability in a task allocation problem

The task allocation on various components or processing units composing an automation system needs a design-aided methodology in order to obtain both relevant architecture of this automation system and a sufficiently efficient task allocation. The dependability, mainly illustrated in our approach by the availability of the process and by the reliability that characterizes the risk of incidents or accident occurrences, can be taken into account in the earliest stage of the automation system design. The main interest is that it allows for the definition of reliable operational and functional architectures. To achieve the task allocation, the search method used must integrate a notion of cost that includes both technological and functional aspects and those linked to the dependability. A genetic approach is used for the task allocation, giving a very satisfactory result in a reasonable computational time.     

An analytical methodology for the dependability evaluation of non-Markovian systems with multiple components

Very often, in dependability evaluation, the systems under study are assumed to have a Markovian behavior. This assumption highly simplifies the calculations, but introduces significant errors when the systems contain deterministic or quasi-deterministic processes, as it often happens with industrial systems. Existing methodologies for non-Markovian systems, such as device stage method [1], the supplementary variables method or the imbedded Markov chain method [2] do not provide an effective solution to deal with this class of systems, since their usage is restricted to relatively simple and small systems.This paper presents an analytical methodology for the dependability evaluation of non-Markovian discrete state systems, containing both stochastic and deterministic processes, along with an associated systematic resolution procedure suitable for numerical processing. The methodology was initially developed in the context of a research work [3] addressing the dependability modeling, analysis and evaluation of large industrial information systems. This paper, extends the application domain to the evaluation of reliability oriented indexes and to the assessment of multiple components systems. Examples will be provided throughout the paper, in order to illustrate the fundamental concepts of the methodology, and to demonstrate its practical usefulness.     

Application of the cause–consequence diagram method to static systems

In the last 30 years, various mathematical models have been used to identify the effect of component failures on the performance of a system. The most frequently used technique for system reliability assessment is Fault Tree Analysis (FTA) and a large proportion of its popularity can be attributed to the fact that it provides a very good documentation of the way that the system failure logic was developed. Exact quantification of the fault tree, however, can be problematic for very large systems and in such situations, approximations can be used. Alternatively, an exact result can be obtained via the conversion of the fault tree into a binary decision diagram (BDD). The BDD, however, loses all failure logic documentation during the conversion process.This paper outlines the use of the cause–consequence diagram method as a tool for system risk and reliability analysis. As with the FTA method, the cause–consequence diagram documents the failure logic of the system. In addition to this the cause–consequence diagram produces the exact failure probability in a very efficient calculation procedure. The cause–consequence diagram technique has been applied to a static system and shown to yield the same result as those produced by the solution of the equivalent fault tree and BDD. On the basis of this general rules have been devised for the correct construction of the cause–consequence diagram given a static system. The use of the cause–consequence method in this manner has significant implications in terms of efficiency of the reliability analysis and can be shown to have benefits for static systems.     

Applying RCM in large scale systems: a case study with railway networks

In 2000, the European Union founded a project named ‘RAIL: Reliability centered maintenance approach for the infrastructure and logistics of railway operation’ aimed to study the application of Reliability centered maintenance (RCM) techniques to the railway infrastructure. In this paper, we present the results obtained into the RAIL project, including a RCM methodology adapted to large infrastructure networks and a RCM toolkit to perform the RCM analysis, including cost aspects and maintenance planning guidance. This paper addresses the problem of applying RCM to large scale railway infrastructure networks to achieve an efficient and effective maintenance concept. Railways use nowadays very traditional preventive maintenance (PM) techniques, relying mostly on ‘blind’ periodic inspection and the ‘know-how’ of maintenance staff. RCM was seen as a promising technique from the beginning of the RAIL project because of several factors. First, technical insights obtained were better than the existing, so that several maintenance processes could be revised and adjusted. Second, the interdisciplinary approach used to make the analysis was very enriching and very encouraging for maintenance staff consulted. Third, using the RCM structured approach allowed to achieve well-documented analysis and clear decision diagrams. Our methodology includes some new features to overcome the problems of RCM observed in other projects. As a whole, our methodology and Computerized Maintenance Management Systems have produced two short-term benefits: reduction of time and paperwork because databases and tools are accessible through Internet, and creation of a permanent, accurate, and better collection of information. It will also have some long-term benefits: better PM will increase equipment life and will help to reduce corrective maintenance costs; Production will increase as unscheduled downtime decreases; purchase costs of parts and materials will be reduced; more effective and up-to-date record of inventory/stores reports; and better knowledge of the systems to help the company to chose those systems with the best LCC. The results have been corroborated with the application of our methodology to signal equipment in several railway network sections, as shown in this paper. Because of the successful conclusion of the project, the Spanish railway company (RENFE) and the German railway company (DB A.G.), not only decided to adopt RCM to enhance PM, but they have started a large project to implement Total Preventive Maintenance relying on the implantation of the RCM methodology.     

The assessment of the damage probability of storage tanks in domino events triggered by fire

An approach aimed to the quantitative assessment of the risk caused by escalation scenarios triggered by fire was developed. Simplified models for the estimation of the vessel time to failure (ttf) with respect to the radiation intensity on the vessel shell were obtained using a multi-level approach to the analysis of vessel wall failure under different fire conditions. Each vessel “time to failure” calculated by this approach for the specific fire scenario of concern was compared to a reference time required for effective mitigation actions and related to the escalation probability. The failure probability of each vessel was correlated to the probability of scenarios involving multiple vessel failure as a consequence of the primary fire, thus allowing a comprehensive assessment of domino scenarios triggered by fire. The application of the methodology to the analysis of several case-studies allowed the estimation of the quantitative contribution of escalation events triggered by fire to the overall individual and societal risk indexes.     

Probabilistic performance indexes for small signal stability enhancement in weak wind-hydro-thermal power systems

Deterministic strategies are still largely used for small signal stability (SSS) assessment and enhancement in most power systems worldwide. However, the solutions obtained with such strategies are very limited since they are correct just around the particular conditions analysed. Therefore it is essential to develop comprehensive strategies to cope with more operating conditions and random factors in SSS studies. This paper presents the development and application of a probabilistic methodology for SSS assessment and enhancement. The approach accounts for uncertainties of generation and nodal load demands as well as the effects of system element outages. Probabilistic performance indexes based on a combination of Monte Carlo method and fuzzy clustering are calculated. It is shown how properly statistical processing of output variables of interest can be adapted to evaluate the proposed indexes, which are the instability risk index and two additional indexes concerning power system stabiliser location and transfer capability as affected by SSS. The results obtained using a 18-power plant power system are analysed and compared against the results obtained through a deterministic approach. Relevant discussion highlights the viewpoint and effectiveness of the proposed methodology in providing instability risk assessment and useful information that aims at minimising the occurrence and impacts of electromechanical oscillations in the context of power system operation around uncertain load conditions.     

Estimating the chronic health risk from coal-fired power plant toxic emissions

A general methodology for performing risk assessment is briefly discussed. This approach provides a framework within which the analyst can use specific environmental transport, exposure, and dose—response models that are appropriate to a particular problem. The framework has been implemented in a computer program that incorporates simplified environmental transport models with the models for calculating exposure rates and chronic health effects. The general framework and computer program are applied to illustrative case studies of coal-fired power plant emissions of arsenic and selenium. The problem of uncertainty in the results is discussed and several potential analysis approaches evaluated. A selected approach to uncertainty analysis is applied to the case studies. General conclusions about the risk assessment process and specific conclusions about the case studies are presented.     

On the proper formulation of safety goals and assessment of safety margins for rare and high-consequence hazards

The issue of ‘uncertainty’ is addressed in the special context of assessing and managing risks from rare, high-consequence hazards. It is suggested that, rather than the usual ‘formal treatments’ on how to combine expert opinions that diverge widely, such ‘uncertainty’ must be approached in each case as a research question that encompasses frame of assessment, approach methodology, risk management, and safety goals, with the aim of obtaining resolution in a clear, consistent, and complete manner. This, together with some basic considerations on ‘defense-in-depth,’ and certain practical aspects of communications and synergism needed for resolution (of such uncertainties), leads us to the Risk Oriented Accident Analysis Methodology (ROAAM). The purpose of this paper is to explain these views, to follow them through to the definition of the methodology and its implementation, and to indicate some of the insights gained through the several practical applications available so far.     

Rapid risk assessment using probability of fracture nomographs

Traditional risk-based design process involves designing the structure based on risk estimates obtained during several iterations of an optimization routine. This approach is computationally expensive for large-scale aircraft structural systems. Therefore, this paper introduces the concept of risk-based design plots that can be used for both structural sizing and risk assessment for fracture strength when maximum allowable crack length is available. In situations when crack length is defined as a probability distribution the presented approach can only be applied for various percentiles of crack lengths. These plots are obtained using normalized probability density models of load and material properties and are applicable for any arbitrary load and strength values. Risk-based design plots serve as a tool for failure probability assessment given geometry and applied load or they can determine geometric constraints to be used in sizing given allowable failure probability. This approach would transform a reliability-based optimization problem into a deterministic optimization problem with geometric constraints that implicitly incorporate risk into the design. In this paper, cracked flat plate and stiffened plate are used to demonstrate the methodology and its applicability.     

Probabilistic assessment of spinning reserve in isolated and interconnected generation systems

The assessment of spinning reserve requirement is an important aspect in short-term generation planning. A number of deterministic approaches are presently used to assess spinning reserve requirements in isolated and interconnected generating systems. The emphasis when using a deterministic approach to unit commitment and spinning reserve assessment is to minimise the total operating cost, and in doing so a system faces different degrees of risk throughout the day. Deterministic approaches do not take the stochastic behaviour of system components in its evaluation process in a consistent manner. A probabilistic approach can be utilised to recognise the stochastic nature of system components during spinning reserve assessment. The basic objective in using a probabilistic approach is to maintain the unit commitment risk equal to or less than a specified value throughout the day. This paper illustrates the spinning reserve assessment in isolated systems with numerical examples. A probabilistic approach for spinning reserve assessment in interconnected system is also presented in this paper. The technique, designated as the ‘two risks concept’, is a logical extension of a probabilistic technique utilised for spinning reserve assessment in isolated systems. The technique is developed on the basis of each area in a multi-area configuration fulfilling two different risk criteria.     

System Effectiveness Simulation Model with Nonparametric Dependability

The simulation model presented here is a useful extension of WSEIAC's system's effectiveness methodology. This model accepts information regarding uncertainty with the parametric estimates of the system's attributes. One of the system's attributes, defined as “dependability,” requires Markovian State Transition Process. Time-dependent queueing process and renewal theory application for this dependability matrix are avoided by resorting to a simulation technique. This dependability matrix requires reliability and repairability estimates, which are obtained based on a non-parametric approach. This approach is based on a test program with a very realistic environment where n identical units are placed on test for a mission duration T. At the end, the number of failed units r is noted. Units failed are not replaced. Times of failed units before failure are unknown. Based on these, the dependability matrix is generated, which results ultimately in generating a sampling distribution of system effectiveness of each subsystem and the overall system. This process is coded in FORTRAN IV.     

ARAMIS project: a comprehensive methodology for the identification of reference accident scenarios in process industries

In the frame of the Accidental Risk Assessment Methodology for Industries (ARAMIS) project, this paper aims at presenting the work carried out in the part of the project devoted to the definition of accident scenarios. This topic is a key-point in risk assessment and serves as basis for the whole risk quantification.

The first result of the work is the building of a methodology for the identification of major accident hazards (MIMAH), which is carried out with the development of generic fault and event trees based on a typology of equipment and substances. The term “major accidents” must be understood as the worst accidents likely to occur on the equipment, assuming that no safety systems are installed.

A second methodology, called methodology for the identification of reference accident scenarios (MIRAS) takes into account the influence of safety systems on both the frequencies and possible consequences of accidents. This methodology leads to identify more realistic accident scenarios. The reference accident scenarios are chosen with the help of a tool called “risk matrix”, crossing the frequency and the consequences of accidents.

This paper presents both methodologies and an application on an ethylene oxide storage.     

Incorporating organizational factors into Probabilistic Risk Assessment (PRA) of complex socio-technical systems: A hybrid technique formalization

This paper is a result of a research with the primary purpose of extending Probabilistic Risk Assessment (PRA) modeling frameworks to include the effects of organizational factors as the deeper, more fundamental causes of accidents and incidents. There have been significant improvements in the sophistication of quantitative methods of safety and risk assessment, but the progress on techniques most suitable for organizational safety risk frameworks has been limited. The focus of this paper is on the choice of “representational schemes” and “techniques.” A methodology for selecting appropriate candidate techniques and their integration in the form of a “hybrid” approach is proposed. Then an example is given through an integration of System Dynamics (SD), Bayesian Belief Network (BBN), Event Sequence Diagram (ESD), and Fault Tree (FT) in order to demonstrate the feasibility and value of hybrid techniques. The proposed hybrid approach integrates deterministic and probabilistic modeling perspectives, and provides a flexible risk management tool for complex socio-technical systems. An application of the hybrid technique is provided in the aviation safety domain, focusing on airline maintenance systems. The example demonstrates how the hybrid method can be used to analyze the dynamic effects of organizational factors on system risk.     

Use of risk assessment in the nuclear industry with specific reference to the Australian situation

The use of risk assessment in the nuclear industry began in the 1970s as a complementary approach to the deterministic methods used to assess the safety of nuclear facilities. As experience with the theory and application of probabilistic methods has grown, so too has its application. In the last decade, the use of probabilistic safety assessment has become commonplace for all phases of the life of a plant, including siting, design, construction, operation and decommissioning. In the particular case of operation of plant, the use of a ‘living’ safety case or probabilistic safety assessment, building upon operational experience, is becoming more widespread, both as an operational tool and as a basis for communication with the regulator. In the case of deciding upon a site for a proposed reactor, use is also being made of probabilistic methods in defining the effect of design parameters. Going hand in hand with this increased use of risk based methods has been the development of assessment criteria against which to judge the results being obtained from the risk analyses. This paper reviews the use of risk assessment in the light of the need for acceptability criteria and shows how these tools are applied in the Australian nuclear industry, with specific reference to the probabilistic safety assessment (PSA) performed of HIFAR.     

Diagnosis Modelling for Dependability Assessment of Fault‐Tolerant Systems Based on Stochastic Activity Networks

The growing demand for safety, reliability, availability and maintainability in modern technological systems has led these systems to become more and more complex. To improve their dependability, many features and subsystems are employed like the diagnosis system, control system, backup systems, and so on. These subsystems have all their own dynamic, reliability and performances and interact with each other in order to provide a dependable and fault‐tolerant system. This makes the dependability analysis and assessment very difficult. This paper proposes a method to completely model the diagnosis procedure in fault‐tolerant systems using stochastic activity networks. Combined with Monte Carlo simulation, this will allow the dependability assessment by including the diagnosis parameters and performances explicitly. Copyright © 2014 John Wiley & Sons, Ltd.