Capturing emerging complex interactions: Safety analysis in air traffic management

The future development of air traffic management (ATM), set by the ATM 2000+ Strategy, involves a structural revision of ATM processes, a new ATM concept and a system approach for the ATM network. This requires ATM services to go through significant structural, operational and cultural changes that will contribute towards the ATM 2000+ Strategy. Moreover, from a technology viewpoint, future ATM services will employ new systems forming the emergent ATM architecture underlying and supporting the European Commission's Single European Sky Initiative. Introducing safety relevant systems in ATM contexts requires us to understand the risk involved in order to mitigate the impact of possible failures. This paper is concerned with some limitations of safety analysis with respect to operational aspects of introducing new systems (functionalities).     

A method for risk modeling of interdependencies in critical infrastructures

Failures in critical infrastructures may be hazardous to population, economy, and national security. There can be strong interdependencies between various infrastructures, but these interdependencies are seldom accounted for in current risk and vulnerability analyses. To reduce probability and mitigate consequences of infrastructure failures, these interdependencies have to be assessed. The objective of this paper is to present a method for assessing interdependencies of critical infrastructures, as part of a cross-sector risk and vulnerability analysis. The method is based on a relatively simple approach applicable for practitioners, but may be extended for more detailed analyses by specialists. Examples from a case study with the Emergency Preparedness Group of the city of Oslo, Norway, are included.     

Evaluation of air traffic management procedures—safety assessment in an experimental environment

This paper presents and discusses the application of safety assessment methodologies to a pre-operational project in the Air Traffic Control field. In the case analysed in the present paper a peculiar aspect was the necessity to effectively assess new operational procedures and tools. In particular we exploited an integrated methodology to evaluate computer-based applications and their interactions with the operational environment. Current ATC safety practices, methodologies, guidelines and standards were critically revised, in order to identify how they could be applied to the project under consideration. Thus specific problematic areas for the safety assessment in a pre-operational experimental project are highlighted and, on the basis of theoretical principles, some possible solutions taken into consideration. The latter are described highlighting the rationale of most relevant decisions, in order to provide guidance for generalisation or re-use.     

A global view on ARAMIS, a risk assessment methodology for industries in the framework of the SEVESO II directive

The ARAMIS methodology was developed in an European project co-funded in the fifth Framework Programme of the European Commission with the objective to answer the specific requirements of the SEVESO II directive. It offers an alternative to purely deterministic and probabilistic approaches to risk assessment of process plants. It also answers the needs of the various stakeholders interested by the results of the risk assessment for land use or emergency planning, enforcement or, more generally, public decision-making. The methodology is divided into the following major steps: identification of major accident hazards (MIMAH), identification of the safety barriers and assessment of their performances, evaluation of safety management efficiency to barrier reliability, identification of reference accident scenarios (MIRAS), assessment and mapping of the risk severity of reference scenarios and of the vulnerability of the plant surroundings. The methodology was tested during five case studies, which provided useful information about the applicability of the method and, by identifying the most sensitive parts of it opened way to new research activity for an improved industrial safety.     

A risk severity index for industrial plants and sites

A risk index (Risk Severity Index, S) has been devised to allow the assessment of the risk level originated by a given installation or site over the affected zone. A set of threshold levels for thermal radiation, toxic concentration and overpressure, together with the probabilities and frequencies associated to critical events and their effects have been the basis for calculating the values of S. A computer tool has been designed to perform a quick calculation of the diverse Risk Severity Indexes (for a critical event, for a dangerous phenomenon, for a type of effect and for the whole installation) and to plot a map of the risk severity levels around the site. The methodology has been applied to diverse test cases and it has proved to be useful for risk assessment, for comparative studies and for land use planning.     

Human error data collection as a precursor to the development of a human reliability assessment capability in air traffic management

Quantified risk and safety assessments are now required for safety cases for European air traffic management (ATM) services. Since ATM is highly human-dependent for its safety, this suggests a need for formal human reliability assessment (HRA), as carried out in other industries such as nuclear power. Since the fundamental aspect of HRA is human error data, in the form of human error probabilities (HEPs), it was decided to take a first step towards development of an ATM HRA approach by deriving some HEPs in an ATM context.This paper reports a study, which collected HEPs via analysing the results of a real-time simulation involving air traffic controllers (ATCOs) and pilots, with a focus on communication errors. This study did indeed derive HEPs that were found to be concordant with other known communication human error data. This is a first step, and shows promise for HRA in ATM, since HEPs have been derived which could be used in safety assessments, although these HEPs are for only one (albeit critical) aspect of ATCOs’ tasks (communications). The paper discusses options and potential ways forward for the development of a full HRA capability in ATM.     

Human factors, human reliability and risk assessment in license renewal of a nuclear power plant

This paper describes human factors and human reliability assessments carried out as a part of operating license renewal of a nuclear power plant. The structure and contents of human factors assessments, the source material and the role of probabilistic safety assessment are described. Similar evaluations are recommended as an integral part of periodic safety reviews of regulated industrial facilities.The qualitative part of the human factors review is structured according to an international guide. The assessments are here enhanced with operating experience evaluations, measured by quantitative statistical data obtained from inspections and assessments made by plant safety and quality assurance personnel, by regulatory authorities and by peer reviews.The quantitative assessment is based on the roles and contributions of human errors in the accident risk of the target plant. The assessment uses importance measures quantified in probabilistic risk assessment. The scope and the quality of the risk assessment and the scope and the quality of human reliability assessments are also taken into account. Furthermore, the assessment describes how risk assessment can be used to reduce errors and improve human factors. The results tend to be very plant-specific, and the errors have very different importances in different operating states and for different initiating event categories. The results are useful for planning preventive actions, i.e. for preventing errors by developing and prioritizing human factors improvement activities.     

Application of classification algorithms for analysis of road safety risk factor dependencies

Transportation continues to be an integral part of modern life, and the importance of road traffic safety cannot be overstated. Consequently, recent road traffic safety studies have focused on analysis of risk factors that impact fatality and injury level (severity) of traffic accidents. While some of the risk factors, such as drug use and drinking, are widely known to affect severity, an accurate modeling of their influences is still an open research topic. Furthermore, there are innumerable risk factors that are waiting to be discovered or analyzed. A promising approach is to investigate historical traffic accident data that have been collected in the past decades. This study inspects traffic accident reports that have been accumulated by the California Highway Patrol (CHP) since 1973 for which each accident report contains around 100 data fields. Among them, we investigate 25 fields between 2004 and 2010 that are most relevant to car accidents. Using two classification methods, the Naive Bayes classifier and the decision tree classifier, the relative importance of the data fields, i.e., risk factors, is revealed with respect to the resulting severity level. Performances of the classifiers are compared to each other and a binary logistic regression model is used as the basis for the comparisons. Some of the high-ranking risk factors are found to be strongly dependent on each other, and their incremental gains on estimating or modeling severity level are evaluated quantitatively. The analysis shows that only a handful of the risk factors in the data dominate the severity level and that dependency among the top risk factors is an imperative trait to consider for an accurate analysis.     

Multi-attribute risk assessment for risk ranking of natural gas pipelines

The paper presents a decision model for risk assessment and for risk ranking of sections of natural gas pipelines based on multi-attribute utility theory. Pipeline hazard scenarios are surveyed and the reasons for a risk assessment model based on a multi-attribute approach are presented. Three dimensions of impact and the need to translate decision-makers’ preferences into risk management decisions are highlighted. The model approaches these factors by using a multi-attribute utility function, in order to produce multi-dimensional risk measurements. By using decision analysis concepts, this model quantitatively incorporates the decision-maker's preferences and behavior regarding risk within clear and consistent risk measurements. In order to support the prioritizing of critical sections of pipeline in natural gas companies, this multi-attribute model also allows sections of pipeline to be ranked into a risk hierarchy. A numerical application based on a real case study was undertaken so that the effectiveness of the decision model could be verified.     

Distribution, correlation and risk assessment of selected metals in urban soils from Islamabad, Pakistan

Urban soil samples were analyzed for Ca, Cd, Co, Cr, Cu, Fe, K, Li, Mg, Mn, Na, Pb, Sr and Zn by atomic absorption spectrophotometric method. Multivariate statistical approach was used to study the apportionment of selected metals in the soil samples during summer and winter. The degree of contamination along with the geoaccumulation index, enrichment factor and contamination factor was also evaluated. In water-extract of the soil samples, relatively higher levels were noted for Na, Ca, K, Fe, Mg, and Pb with average concentrations of 56.38, 33.82, 12.53, 7.127, 5.994, and 1.045 mg/kg during summer, while the mean metal levels during winter were 76.45, 38.05, 3.928, 0.627, 8.726, and 0.878 mg/kg, respectively. In case of acid-extract of the soils, Ca, Fe, Mg, Na, K, Mn and Sr were found at 27,531, 12,784, 2769, 999.9, 737.9, 393.5, and 115.1 mg/kg, during summer and 23,386, 3958, 3206, 254.6, 1511, 453.6, and 53.30 mg/kg, during winter, respectively. Most of the metals showed random distribution with diverse correlations in both seasons. Principal component analysis and cluster analysis revealed significant anthropogenic intrusions of Cd, Pb, Co, Cr, Cu, Li, Zn and Na in the soils. Geoaccumulation indices and contamination factors indicated moderate to heavy contamination for Pb and Cd in the soils, while enrichment factor exhibited significant enrichment (EF > 5) of Cd, Pb, Ca, Co, Li, Mn and Zn by anthropogenic activities. Overall, on the average basis, considerable degree of contamination (C_deg > 16) was observed in both seasons, although it was higher in winter. Present metal levels were also compared with those reported from other areas around the world.     

Towards a better reliability of risk assessment: Development of a qualitative & quantitative risk evaluation model (QREM) for different trades of construction works in Hong Kong

Since the safety professionals are the key decision makers dealing with project safety and risk assessment in the construction industry, their perceptions of safety risk would directly affect the reliability of risk assessment. The safety professionals generally tend to heavily rely on their own past experiences to make subjective decisions on risk assessment without systematic decision making. Indeed, understanding of the underlying principles of risk assessment is significant. In this study, the qualitative analysis on the safety professionals’ beliefs of risk assessment and their perceptions towards risk assessment, including their recognitions of possible accident causes, the degree of differentiations on their perceptions of risk levels of different trades of works, recognitions of the occurrence of different types of accidents, and their inter-relationships with safety performance in terms of accident rates will be explored in the Stage 1.     

A note on supply chain risk classification: discussion and proposal

The main objective of this note is to complement the excellent work on supply chain risk classification by Rangel et al. [International Journal of Production Research, vol. 52 (7), 2014]. In this note, we consider the use of ISO/IEC (International Organisation for Standardisation/International Electrotechnical Commission) norms to support the supply chain risk classification. Its purpose is to develop, maintain and promote standards in the fields of information technology and information communications technology. Therefore, to improve on the work by Rangel et al. (2014), ISO 27036 (Information Security for Supplier Relationship) and ISO 28000 (Specification for Security Management Systems for the Supply Chain) are aligned with ISO 31000 (Risk Management–Risk Assessment Techniques). Furthermore, since supply chain risk management does not have a standardised process, these norms, particularly ISO 31000, can serve as a guide to improve its implementation.     

Layer of protection analysis for reactive chemical risk assessment

Reactive chemical hazards have been a significant concern for the chemical process industries (CPI). Without sufficient control and mitigation of chemical reaction hazards, reactive incidents have led to severe consequences, such as release of flammable and toxic materials, fires and explosions, and threats to human lives, properties, and the environment. Consequence of reactive hazards can be well understood through calorimetric testing and computational techniques. However, risks of incidents caused by reactive chemicals have not been well addressed due partly to sparse failure frequency data. In this paper, the semi-quantitative layer of protection analysis (LOPA) approach is used to estimate reactive chemical risk, and the probabilities or frequencies of failure scenarios are addressed. Using LOPA, reactive risks can be evaluated with respect to predefined criteria, and the effectiveness of risk reduction measures can be assessed. The hydroxylamine (HA) production system is employed as a case study to demonstrate the application of LOPA to reactive chemical risk assessment.     

Some considerations on the treatment of uncertainties in risk assessment for practical decision making

This paper discusses the challenges involved in the representation and treatment of uncertainties in risk assessment, taking the point of view of its use in support to decision making. Two main issues are addressed: (1) how to faithfully represent and express the knowledge available to best support the decision making and (2) how to best inform the decision maker. A general risk-uncertainty framework is presented which provides definitions and interpretations of the key concepts introduced. The framework covers probability theory as well as alternative representations of uncertainty, including interval probability, possibility and evidence theory.     

Hierarchical, model-based risk management of critical infrastructures

Risk management is a process that includes several steps, from vulnerability analysis to the formulation of a risk mitigation plan that selects countermeasures to be adopted. With reference to an information infrastructure, we present a risk management strategy that considers a sequence of hierarchical models, each describing dependencies among infrastructure components. A dependency exists anytime a security-related attribute of a component depends upon the attributes of other components. We discuss how this notion supports the formal definition of risk mitigation plan and the evaluation of the infrastructure robustness. A hierarchical relation exists among models that are analyzed because each model increases the level of details of some components in a previous one. Since components and dependencies are modeled through a hypergraph, to increase the model detail level, some hypergraph nodes are replaced by more and more detailed hypergraphs. We show how critical information for the assessment can be automatically deduced from the hypergraph and define conditions that determine cases where a hierarchical decomposition simplifies the assessment. In these cases, the assessment has to analyze the hypergraph that replaces the component rather than applying again all the analyses to a more detailed, and hence larger, hypergraph. We also show how the proposed framework supports the definition of a risk mitigation plan and discuss some indicators of the overall infrastructure robustness. Lastly, the development of tools to support the assessment is discussed.     

A new perspective on Renn and Klinke's approach to risk evaluation and management

In this paper we discuss Renn and Klinke's approach for risk evaluation and selection of risk management strategies. The main focus in the discussion is the foundational basis and the understanding of what risk is, and how a different foundational basis may simplify and improve the characterization of risk. We will present and discuss an alternative set of characteristics, and give some recommendations with respect to selection of risk management strategies based on different values or magnitudes of these characteristics. We believe that the main focus when describing and managing risk should be the potential consequences, represented by observable quantities, and the uncertainty related to their future values.     

Dynamic modeling of the tradeoff between productivity and safety in critical engineering systems

Short-term tradeoffs between productivity and safety often exist in the operation of critical facilities such as nuclear power plants, offshore oil platforms, or simply individual cars. For example, interruption of operations for maintenance on demand can decrease short-term productivity but may be needed to ensure safety. Operations are interrupted for several reasons: scheduled maintenance, maintenance on demand, response to warnings, subsystem failure, or a catastrophic accident. The choice of operational procedures (e.g. timing and extent of scheduled maintenance) generally affects the probabilities of both production interruptions and catastrophic failures. In this paper, we present and illustrate a dynamic probabilistic model designed to describe the long-term evolution of such a system through the different phases of operation, shutdown, and possibly accident. The model's parameters represent explicitly the effects of different components' performance on the system's safety and reliability through an engineering probabilistic risk assessment (PRA). In addition to PRA, a Markov model is used to track the evolution of the system and its components through different performance phases. The model parameters are then linked to different operations strategies, to allow computation of the effects of each management strategy on the system's long-term productivity and safety. Decision analysis is then used to support the management of the short-term trade-offs between productivity and safety in order to maximize long-term performance. The value function is that of plant managers, within the constraints set by local utility commissions and national (e.g. energy) agencies. This model is illustrated by the case of outages (planned and unplanned) in nuclear power plants to show how it can be used to guide policy decisions regarding outage frequency and plant lifetime, and more specifically, the choice of a reactor tripping policy as a function of the state of the emergency core cooling subsystem.     

STRRAP system—A software for hazardous materials risk assessment and safe distances calculation

This work presents a powerful computational tool (Stochastic Toxic Release Risk Assessment Package, STRRAP) useful in risk assessment and emergency planning (safe distance calculation), which allows to handle the stochastic uncertainty of atmospheric parameters, critical for risk calculation when diffusion of hazardous gases or particulate matter occur as a consequence of an emission or accidental release. In fact, the random behaviour of wind intensity, wind direction, atmospheric stability and temperature, given a time horizon, (a season or a complete year), is taken into account considering also the day or night condition.STRRAP can be used for releases or emissions from static sources (for example a stack or a fixed tank in a facility) or from transportation accidents (road, rail, maritime and pipeline transport) involving different scenarios.After a stochastic simulation based on well-known diffusion models (dense and light gases, particulate matter) is carried out, the downwind pollutant concentrations are obtained, in order to compute safe distances and/or individual and societal risks.Some study cases are analyzed to show STRRAP capabilities.     

The development of an audit technique to assess the quality of safety barrier management

This paper describes the development of a management model to control barriers devised to prevent major hazard scenarios. Additionally, an audit technique is explained that assesses the quality of such a management system. The final purpose of the audit technique is to quantify those aspects of the management system that have a direct impact on the reliability and effectiveness of the barriers and, hence, the probability of the scenarios involved.

First, an outline of the management model is given and its elements are explained. Then, the development of the audit technique is described. Because the audit technique uses actual major hazard scenarios and barriers within these as its focus, the technique achieves a concreteness and clarity that many other techniques often lack. However, this strength is also its limitation, since the full safety management system is not covered with the technique. Finally, some preliminary experiences obtained from several test sites are compiled and discussed.