Escolar Documentos
Profissional Documentos
Cultura Documentos
4230
Safety and Risks of Marine Traffic P
• Risk fundamentals
• Some epistemological concepts (risk perspective)
– Events and consequences
– Belief and knowledge
– Uncertainty
– Acceptance
• Some concepts in risk measurement (risk description)
– Probability
• Risk framework
• Hand-on exercises on the use of BBN in risk modelling
In this lecture
– From Greek rhiza meaning cliff, from the hazards of sailing along
rocky coasts.
– The term ‘risk’ has most likely come into English through Spanish or
Portuguese, where it was used to refer to sailing into uncharted
waters.
– The idea of risk appears to have taken hold in the 16th and 17th
centuries, and was first coined by Western explorers as they set off on
their voyages to explore the world.
– From the 16th century onwards, the term therefore attained a beneficial
meaning, for example in middle-high-German Rysigo was a technical
term for business, with the meaning “to dare, to undertake a
business and aspire for economic success”.
http://www.dnv.com/focus/risk_management/more_information/risk_origin/
HISTORICAL BACKGROUND OF RISK
MODELLING 2000
IMO adopted
1960 1988 guidelines for
Aerospace Offshore risk
industry industry assessment
Apollo Piper Alpha procedure
programme disaster FSA
1970 1992
Nuclear Maritime sector
industry Lord Carver’s
report
"a rational and systematic process for assessing the risks associated with shipping
activity and for evaluating the costs and benefits of IMO's options for reducing these
risks."
It can be used as a tool to help evaluate new regulations or to compare proposed changes
with existing standards.
It enables a balance to be drawn between the various technical and operational issues,
including the human element and between safety and costs.
FSA - which was originally developed partly at least as a response the Piper Alpha disaster
of 1988, when an offshore platform exploded in the North Sea and 167 people lost their lives
- is now being applied to the IMO rule making process.
Guidelines for Formal Safety Assessment (FSA) for use in the IMO rule-making process
were approved in 2002.
Risk Assessment
is to review the acceptability of risk that has
been analyzed and evaluated based on the
comparison with standards or criteria that define
the risk tolerability.
Risk Management
is the application of risk assessment with the
intention to inform the decision making process
with the appropriate risk reduction measures and
their possible implementation.
http://www.imo.org/OurWork/HumanElement/VisionPrinciplesGoals/Documents/1023-MEPC392.pdf
FSA – PREPARATORY STEP
In other words: what can be addressed by FSA?
Relevant aspects when addressing ships and, thus, areas for which FSA studies may
be applied are according to the IMO Guidelines (§4.1) the following:
Identification can be done with a combination of creative and analytical techniques that
aim to identify all relevant hazards.
The creative part, which usually means brainstorming sessions, makes the
methodology proactive thus not limited to historical hazards only.
Scenarios considered are, typically, the sequence of events from the initiating event,
up to the consequence, through the intermediate stages of the scenario development.
However this usage has several disadvantages. The most important is that this whole
philosophy of using historical data is reactive rather than proactive and can be
questionable if the formal definition of risk is met (as the risk is about the future) and
therefore:
• it can not be used for new designs,
• it can not measure effects of newly implemented risk control options as it needs to wait
for accident to happen to have sufficient data.
In some cases, especially simple FSAs, historical data can be used, but in general creative
thinking and some modelling is strongly recommended J
5.2.1.1 The approach used for hazard identification generally comprises a combination
of both creative and analytical techniques, the aim being to identify all relevant
hazards. The creative element is to ensure that the process is proactive and not
confined only to hazards that have materialized in the past. It typically consists of
structured group reviews aiming at identifying the causes and effects of accidents and
relevant hazards. Consideration of functional failure may assist in this process.
The group carrying out such structured reviews should include experts in the various
appropriate aspects, such as ship design, operations and management and specialists
to assist in the hazard identification process and incorporation of the human element.
A structured group review session may last over a number of days.
The analytical element ensures that previous experience is properly taken into
account, and typically makes use of background information (for example applicable
regulations and codes, available statistical data on accident categories and lists of
hazards to personnel, hazardous substances, ignition sources, etc.)
FSA – STEP 1
HAZARDS IDENTIFICATION (HAZID)
1. Hazards have to be defined.
3. Risk matrices are traceble framework for explicit consideration of hte frequency
and consequences of defined hazards.
4. Risk Matrix is the most important tool that is provided to the expert panel and is
being used to acomplish the first step of FSA (HAZID)
The hazard analysis stage is a very important part of the risk management
process, as no action can be made to avoid, or reduce, the effects of
unidentified hazards.
The hazard analysis stage also has the largest potential for error with little or
no feedback of those errors.
Hazard Analysis
Hazard analysis relies on a structured and systematic approach to identify
potential hazards.
There are a large number of techniques that can be used to perform this task
at various stages during the life cycle of the process.
Concept safety review can only be used to provide insight in to the potential
major hazards of the process, and hence steer the design of the plant to be
more inherently safe. In contrast a HAZOP study is a systematic review of
the process and should be able to identify the causes and consequences of
deviations from the design intent.
Hazard Analysis
It is important to choose the most appropriate identification
technique, as this not only provides the appropriate level of detail,
but can also be aimed at identifying hazards relating to specific
areas.
Generally the earlier in the process life cycle the hazard is identified,
the lower the cost of improving the safety of the process is, as it
allows simple alterations to be performed before any of the items
have been built.
• HAZOP,
• fault tree analysis,
• safety audit,
• failure mode and effect analysis,
• task analysis.
These techniques are all popular for identifying hazards, though are complex
to perform to the appropriate standard, and have been used for a long time.
The newer hazard identification technique, and the common techniques
which are less complex (i.e. ‘what if?’ analysis, checklists), have less
reference material available, and for checklists it mainly consists of lists of
questions to be applied to various processes.
Hazard Analysis
FSA recommends:
• Preliminary hazard analysis
• Fault tree analysis
• Failure Mode and Effect
Analysis (FMEA)
• H a z a r d a n d O p e r a b i l i t y
Studies (HAZOP)
• What If Analysis Technique
3. As a complete risk analysis of a rather simple system. Whether or not a PHA
will be a sufficient analysis depends both on the complexity of the system and the
objectives of the analysis.
3. Collect risk information from previous and similar systems (e.g.,
from accident data bases)
Marvin Rausand. Risk Assessment Section 9.4
Preliminary Hazard Analysis (PHA)
Preliminary Hazard Analysis - procedure
PHA team
How many team members who should participate will depend on the
complexity of the system and also of the objectives of the analysis.
Some team members may participate only in parts of the analysis.
2. Activities
Critch S., Goerlandt F., Montewka J., Kujala P. Towards a risk model for the Baltic maritime winter navigation system.
IWNTM13: International Workshop on Nautical Traffic Models 2013, Delft, The Netherlands, July 5-7, 2013
http://repository.tudelft.nl/view/conferencepapers/uuid:f8e5f51d-7db9-4219-959f-2a39ebf35621/
Marvin Rausand. Risk Assessment Section 9.4
Preliminary Hazard Analysis (PHA)
Preliminary Hazard Analysis - procedure
Hazard identification
All hazards and possible hazardous events must be identified.
• Accident reports/databases
• Accident Investigation Boards
• Accident statistics
• Relevant maritime authorities e.g. HELCOM, DAMSA, TraFi
• Near miss/ dangerous occurrence reports
• VTS reports
• Reports from authorities or governmental bodies
• Expert judgment
• Workshops, interviews, questionnaires.
To determine the risk indicator (RI), the frequency and the severity of each hazardous
event is to be assessed.
A hazardous event may lead to a wide range of consequences, ranging from negligible
to catastrophic.
A fire may, for example, be extinguished very fast and give minor consequences, or
lead to a disaster.
In some applications the severity of an average consequence of a hazardous event is
assessed.
In other applications we consider several possible consequences, including the worst
foreseeable consequence of the hazardous event.
For each hazardous event, we may want to present several consequences with associated
frequencies. Consider a hazardous event where a ship navigating along the ice channel in a
convoy collides with another ship in the convoy. In most cases the consequence of such an
accident be minor (low severity and rather high frequency). In a very seldom case, the collision
may result in a ship loss (high severity and very low frequency). Both consequences should be
recorded in the PHA worksheet.
In some applications we may want to present both the frequency of the hazardous event and
frequencies of various consequences.
Acceptable
Acceptable – use ALARP principle and consider further investigation
Not acceptable – risk reducing measures required
Preliminary Hazard Analysis - procedure
Risk index ranking
The matrix defines three risk levels:
1. Negligible risk
2. Acceptable risk if ALARP (As Low As Reasonably Practicable)
3. Unacceptable risk
Risk matrix provides a traceable framework for explicit consideration of the frequency
and consequences of hazards.
Preliminary Hazard Analysis - procedure
Risk index ranking
http://www.lgi.ecp.fr/~li/materials/keynote_Enrico_Zio_PSAM_11_ESREL_2012.pdf
Preliminary Hazard Analysis – reviewing
and revising
Pros:
• Helps ensure that the system is safe.
• Modifications are less expensive and easier to implement in the earlier
stages of design.
• Decreases design time by reducing the number of surprises.
Cons:
• Hazards must be foreseen by the analysts.
• The effects of interactions between hazards are not easily recognized.
• FMECA was one of the first systematic techniques for failure analysis.
• FMECA was developed by the U.S. Military. The first guideline was Military
Procedure MIL-P-1629 “Procedures for performing a failure mode, effects
and criticality analysis” dated November 9, 1949.
• FMECA is the most widely used reliability analysis technique in the initial
stages of product/system development.
• FMECA is usually performed during the conceptual and initial design
phases of the system in order to assure that all potential failure modes
have been considered and the proper provisions have been made to
eliminate these failures.
• Assist in selecting design alternatives with high reliability and high safety
potential during the early design phases.
• Ensure that all conceivable failure modes and their effects on operational
success of the system have been considered.
• List potential failures and identify the severity of their effects.
• Develop early criteria for test planning and requirements for test
equipment.
• Provide historical documentation for future reference to aid in analysis of
field failures and consideration of design changes.
• Provide a basis for maintenance planning.
• Provide a basis for quantitative reliability and availability analyses.
Top-down approach
• The top-down approach is mainly used in an early design phase before
the whole system structure is decided.
• The analysis is usually function oriented. The analysis starts with the main
system functions - and how these may fail. Functional failures with
significant effects are usually prioritized in the analysis.
• The analysis will not necessarily be complete.
• The top-down approach may also be used on an existing system to focus
on problem areas.
3 Collect information about previous and similar designs from internal and
external sources, interviews with design personnel, operations and
maintenance personnel, component suppliers.
• To start on a too low level will give a complete analysis, but may at the
same time be a waste of efforts and money.
• Risk matrix,
RPN = S x O x D
D - the rank of the likelihood the the failure will be detected before the system
reaches the end-user/customer.
• All ranks are given on a scale from 1 to 10 and the smaller the RPN the better.
• Definition of the ranks of O, S, and D depend on the application and the FMECA
standard that is used.
• The O, S, D, and the RPN can have different meanings for each FMECA.
• Sharing numbers between companies and groups is very difficult.
The following personnel may participate in reviewing the FMECA (the participation will
depend on type of equipment, application, and available resources):
• Project manager
• Design engineer (hardware/software/systems)
• Test engineer
• Reliability engineer
• Quality engineer
• Maintenance engineer
• Field service engineer
• Manufacturing/process engineer
• Safety engineer
If improvements are decided, the FMECA worksheets have to be revised and the RPN
should be updated.
Problem solving tools like brainstorming, flow charts, Pareto charts and nominal group
technique may be useful during the review process
The risk reduction related to a corrective action may be comparing the RPN for the
initial and revised concept, respectively. A simple example is given in the following
table.
• Manufacturing.
The FMECA worksheets may be used as input to optimize production,
acceptance testing, etc.
• Maintenance planning.
The FMECA worksheets are used as an important input to maintenance
planning – for example, as part of reliability centered maintenance
(RCM). Maintenance related problems may be identified and corrected.
CONS:
• The FMECA process may be tedious, time-consuming (and expensive).
• The approach is not suitable for multiple failures.
• It is too easy to forget human errors in the analysis.
• Examples