risk assessment and safety evaluation using probabilistic fault tree analysis
TRANSCRIPT
This article was downloaded by: [University of California, Riverside Libraries]On: 09 October 2014, At: 13:19Publisher: Taylor & FrancisInforma Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House,37-41 Mortimer Street, London W1T 3JH, UK
Human and Ecological Risk Assessment: AnInternational JournalPublication details, including instructions for authors and subscription information:http://www.tandfonline.com/loi/bher20
Risk Assessment and Safety Evaluation UsingProbabilistic Fault Tree AnalysisFaisal I. Khan a & Tahir Husain aa Faculty of Engineering & Applied Science, Memorial University of Newfoundland, St John's,A1B 3X5, NF, CanadaPublished online: 03 Jun 2010.
To cite this article: Faisal I. Khan & Tahir Husain (2001) Risk Assessment and Safety Evaluation Using Probabilistic Fault TreeAnalysis, Human and Ecological Risk Assessment: An International Journal, 7:7, 1909-1927, DOI: 10.1080/20018091095483
To link to this article: http://dx.doi.org/10.1080/20018091095483
PLEASE SCROLL DOWN FOR ARTICLE
Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) containedin the publications on our platform. However, Taylor & Francis, our agents, and our licensors make norepresentations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of theContent. Any opinions and views expressed in this publication are the opinions and views of the authors, andare not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon andshould be independently verified with primary sources of information. Taylor and Francis shall not be liable forany losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoeveror howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use ofthe Content.
This article may be used for research, teaching, and private study purposes. Any substantial or systematicreproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in anyform to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions
Human and Ecological Risk Assessment: Vol. 7, No. 7, pp. 1909-1927 (2001)
1080-7039/01/$.50© 2001 by ASP
Risk Assessment and Safety Evaluation UsingProbabilistic Fault Tree Analysis
Faisal I. Khan* and Tahir HusainFaculty of Engineering & Applied Science, Memorial University ofNewfoundland, St John’s, A1B 3X5, NF, Canada
ABSTRACT
Risk assessment is an essential prelude to the development of accident preventionstrategies in any chemical or petrochemical industry. Many techniques and method-ologies such as HAZOP, failure mode effect analysis, fault tree analysis, preliminaryhazard analysis, quantitative risk assessment and probabilistic safety analysis areavailable to conduct qualitative, quantitative, and probabilistic risk assessment.However, these methodologies are limited by: extensive data requirements, thelength of study, results are not directly interpretable for decision making, simulationis often difficult, and they are applicable only at the operation or late design stage.Khan et al. (2001a) recently proposed a detailed methodology for risk assessmentand safety evaluation. This methodology is simple, yet it is effective in safety anddesign-related decision making, and it has been applied successfully to many casestudies. It is named SCAP, where S stands for safety, C and A stand for credibleaccident respectively, and P stands for probabilistic fault tree analysis. This paperrecapitulates the SCAP methodology and demonstrates its application to a petro-chemical plant.
Key Words: hazard assessment, industrial safety, quantitative risk analysis,probabilistic risk assessment.
INTRODUCTION
The history of chemical process industries is replete with accidents, of which over3200 are considered major. With growing industrialization, coupled with an ever-increasing world wide demographic pressure (particularly in countries of the south-ern hemisphere), the frequency of accidents and the average damage caused bysuch accidents have steadily increased. India, the second most populous country inthe world, now has the dubious distinction of suffering the world’s worst-ever
* Corresponding author: Tel(voice): 709-737-7652/8963, Tel(fax): 709-737-4042;[email protected]
200455.pgs 12/11/01, 10:51 AM1909
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1910 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
industrial accident (the Bhopal disaster in 1984) as well as the worst accident of theprevious decade (the Vishakhapatnam disaster in 1997). This trend is evident fromthe recent accidents at Ahmadi (Kuwait) in 2000; Shuaiba (Kuwait) in 2000; Wash-ington (USA) in 1999; Tennessee (USA) in 1999; Nigeria in 1998; Texas (USA) in1997 (see Khan et al. 2001a for details). It is estimated that in the United States anindustrial accident occurs every hour (more often in less developed countries);however, with proper control arrangements, the damage consequences are re-stricted (Laplante 1998; Perrow 2000). In order to control the alarming risk posedby these industries, the United States Environmental Protection Agency has re-quested that each manufacturing facility carry out worst-case disaster studies anddevelop risk management programs (Laplante 1998; Perrow 2000).
There is an urgent need to analyze the possible basic causes of accidents todevelop strategies/plans to avert such situations. A preliminary study provides thefollowing observations.
• Accidents occur despite active safety measures. One of the main causes of accidentsis that the design of safety measures does not properly consider credibleaccident scenarios, and the effectiveness of these measures is not periodicallyevaluated.
• Disaster management or contingency plans are improper or ineffective. Most disastermanagement plans (DMPs) are designed through subjective decision makingwithout quantitative or scientific evaluation. If these programs are tested, it isgenerally a mere formality, and even then for limited known accident sce-narios.
These observations highlight the need for a systematic and comprehensive meth-odology for risk assessment and safety evaluation. Since 1970 several techniques andmethodologies have been proposed for hazard and safety studies. The most fre-quently used are What-if analysis (Zoller and Esping 1993), hazard and operability(HAZOP) study (Montague 1990; Post 2001), fault tree analysis (FTA) (Hauptmanns1988; Lees 1996), failure mode effect analysis (FMEA) (Klaassen and Van Pepper1989), and hazard indices (Doran and Greig 1993; Scheffler 1994; Tyler et al. 1994;Dow 1994). In the 1990s, methodologies which combine two or more techniqueshave been proposed for detailed risk assessment: international study group on riskanalysis (ISGRA 1985), maximum credible accident analysis (MCAA) (CCPS 1989;Khan and Abbasi 1997, 1998a), safety analysis (Suokas 1988), quantitative riskassessment (Van Sciver 1990; Greenberg and Cramer 1991), probabilistic safetyanalysis (Popazoglou et al. 1992), and optimal risk analysis (Khan and Abbasi 1998a,2001a).
It is clear from a detailed review of these techniques and methodologies thatseveral of them are useful in conducting one or more aspects of risk analysis. Forexample, HAZOP is a powerful technique for qualitative hazard identification andassessment, while MCAA is widely applicable in consequence analysis. All of theseconventional risk analysis methodologies require a combination of these tech-niques; some (i.e., HAZOP) are cumbersome and costly, while others (i.e., FMEAand FTA) require extensive reliability data, which is often difficult to obtain. Theseconventional risk analysis procedures become tedious, costly, and prone to errors
200455.pgs 12/11/01, 10:51 AM1910
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1911
Probabilistic Fault Tree Analysis
(when precise basic data is required but unavailable) and it is difficult for thedesigner or decision makers to use them at the early design stage.
The integration of probabilistic fault tree analysis (PFTA) — a revised version ofFTA (Khan and Abbasi 1999a, 2001b) — with maximum credible accident analysis(Khan and Abbasi 1999c), however, introduces a new methodology. The proposedmethodology not only identifies the hazards in an industry, it also quantifies thehazard, forecasts the impact of likely accidents in and around the industry, suggestssafety measures, and loops back to reassess the hazards by incorporating suggestedmethods. It pinpoints the safety measures required and what level of sophisticationis needed to reduce the hazard to an acceptable level. It enables the assessors of anoperating plant to determine whether the existing safety measures are sufficient orneed further attention. It also distinguishes which units cannot be made safe, evenafter the installation of all conventional safety measures. This technique isolates theunits for which the industry must incorporate a special emergency preparednessand disaster management plan. We have given this technique the acronym SCAP:S denotes safety, C and A credible accidents, and P probabilistic fault tree analysis.Due to space limitations only the important steps of the SCAP methodology arepresented here (see Khan et al. 2001a for more details).
SCAP METHODOLOGY
Risk is a quantitative value, which reflects the adverse outcome of an activity orevent along with its probability of occurrence; for example, an individual fatal riskof 1 × 10–3 means an individual is at risk of death at the study area in 1000 years dueto the activities under study. Figure 1 presents the algorithm of SCAP methodology;a brief description of each step is presented below. The Appendix presents formulaefor the indices and other quantities discussed below.
Step 1: Hazard Identification and Ranking Using SWeHI
This step utilizes the SWeHI system (Khan et al. 2001b) for hazard identificationand ranking. This system enables the computation of a fire and explosion damageindex (B1), a toxic damage index (B2) and a safety weighted hazard index (SWeHI).SWeHI provides a ‘single frame’ view of the industry or the desired process unit visa vis the hazards posed by it under a given set of external forcing factors (rangingfrom meteorology to social upheavals). It simultaneously integrates this informationwith the safety measures — as they are and as they ought to be. In quantitative terms,SWeHI represents the radius of the area under hazard (50% probability of fatality/damage) due to the given unit/plant, considering the chemicals, operating condi-tions, and environmental settings involved at that instant. In mathematical terms:
SWeHI = B/A
where B is the quantitative measure of the damage that may be caused by a unit/plant and A represents the credits from control measures and safety arrangements,which counter undesirable situations. B has two components; B1 addresses thedamage due to fire and explosion, while B2 considers the damage due to toxic
200455.pgs 12/11/01, 10:51 AM1911
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1912 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
Figure 1. The SCAP algorithm.
200455.pgs 12/11/01, 10:51 AM1912
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1913
Probabilistic Fault Tree Analysis
release and dispersion. SWeHI represents the damage radii when safety measuresare considered; higher values of SWeHI indicate greater unit vulnerability.
SWeHI accounts for the impact of various process operations and associatedparameters for hazard identification and provides quantitative results of goodreliability. Most of the penalties used in computing hazard potential index B andhazard control index A in SWeHI are derived from extensively used and testedmodels (CCPS 1989; API 1990). A few penalties for B1 and B2 have been quantifiedwith the help of empirical models and hazard ranking procedures such as thenational fire protection agency (NFPA) ranking. Case-to-case calibration is notneeded because the magnitude of SWeHI directly signifies the level of hazard.
As a detailed description of the computation method of SWeHI, B and A (Khanet al. 2001b) is beyond the scope of this paper, a brief explanation of the stepsinvolved in the method of quantification is presented below.
Quantification of B
The quantification of B (B1 and B2) is similar to that used in hazard identifica-tion and ranking analysis (HIRA) methodology (Khan and Abbasi 1998c).
Quantification of B1
B1(fire and explosion hazards) is quantified in a manner similar to the fireexplosion damage index (FEDI) of HIRA methodology, with some additions andmodifications. The important steps are:
• Classification of various industrial units into five categories: (i) storage units,(ii) units involving physical operations: heat transfer, mass transfer, phasechange, pumping and compression, (iii) units involving chemical reactions,(iv) transportation units, and (v) other hazardous units such as furnaces,boilers, and direct-fired heat exchangers;
• Evaluation of energy factors;
• Assignment of penalties;
• Estimation of B1.
Subsequent steps are specific to each unit, and are detailed in Khan and Abbasi(1998b,c) and Khan et al. (2001b).
Storage units
Storage units involve the storage and intermediate-process inventories of chemi-cals. To estimate B1 due to these units, three energy factors (F1, F2, and F3), whichtake into account physical and chemical energy, are defined in the appendix.
These equations are based on the complex thermodynamic expressions forisentropic expansion of pressurized gases and liquids (Lees 1996). Penalties (pn1,…,pn6 in the appendix) have also been assigned to account for the impact of variousparameters on the total damage potential, which is subsequently transformed to B1.
200455.pgs 12/11/01, 10:51 AM1913
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1914 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
The effect of external factors such as earthquakes and hurricanes is ac-counted for by considering the frequency of their occurrence. A penalty (pn7)of 2.0 is assigned if it occurs every year; a penalty of 1.5 to 1.1 if it occurs oncein 5 to 20 years. If an area is highly vulnerable to riots such as those caused byethnic or communal clashes, there is a greater likelihood of damage to theindustry. Studying the area’s history aids in identification of the vulnerability;this is also reflected in a penalty (pn8). A maximum value of 2.0 is assigned toan area that is highly prone to accidents and 1.1 to an area that is not prone toany accident.
The energy factors and penalties estimated above are combined to give thehazard potential, which is further transformed to B1 (see appendix). For details offunctions and methods of B1 calculations for other units, see Khan and Abbasi(1998c) and Khan et al. (2001b).
Quantification of B2
The parameter B2 quantifies the toxic load over an area in terms of the radiusof the area (in meters); it is determined by an index similar to the toxic damageindex (TDI) of the HIRA system and is derived using transport phenomena andempirical models based on the quantity of chemical(s) involved in the unit, thephysical state of the chemical(s), the toxicity of the chemical(s), the operatingconditions, and the site characteristics (Fawcett 1993; Tyler et al. 1994; Khan andAbbasi 1998a,c).
B2 is estimated with one core factor (‘G factor’) and several penalties (pnr1,…,pnr6, see appendix). The G factor forms the base or the ‘core weight’ that providesdimensions to various penalties. The penalties account for operating temperature,operating pressure, vapor density, toxicity of chemical, and site characteristics.
The penalty for external factors (pn6) and area vulnerability (pn7) are estimatedas those for the storage unit section. Finally, the G factor and the penalties arecombined to give B2.
Quantification of A
An industry has to counter its risk potential by safety measures; the extent of thetrade-off between the hazards and the safety cushions determines the level of riskpotential of an industry at a given time. The hazard control measures must beginfrom the design stage. We have broadly characterized the safety measures of aprocess plant in two different groups: measures to control the damage potential ofindividual units, and measures to reduce the frequency of occurrence of the dam-aging event(s).
Factor A quantifies various control measures adopted by the industry and the safeoperation practices implemented in a unit/process:
A = 0.15*(1+cr1)*(1+cr2)*(1+cr3)*(1+cr3)*(1+cr4)*(1+cr5)*(1+cr6)*(1+cr7)*(1+cr8)
where cr1 to cr8 represent the credibility factors due to various control measures:cr1 for emergency resource planning, cr2 for disaster management plan, cr3 forother control measures, cr4 for process control measures, cr5 for detecting devices,
200455.pgs 12/11/01, 10:51 AM1914
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1915
Probabilistic Fault Tree Analysis
cr6 for emergency control measures, cr7 for human error, and cr8 for equipmentreliability (see Khan et al. 2001b for details).
Step 2: Quantitative Hazard Assessment–Maximum Credible Accident Analysis(MCAA)
Maximum credible accident analysis (MCAA) is comprised of two steps: (i)accident scenario forecasting, and (ii) damage estimation for previously envisagedaccident scenarios. The forecasting of likely accident scenarios is the most impor-tant step in this exercise. A number of accident scenarios can be envisaged in a unit;as it may not be possible to analyze all these scenarios, a system that limits consid-eration to the most important scenarios is needed. The screening of accidentscenarios has been debated since originally proposed by CCPS (1989). Subse-quently, a modified “worst case accident scenario” approach has been practiced(Hirst and Carter 2000). Although the CCPS and worst-case approach are effectiveand easy to use, they focus only on one accident parameter, “consequence.” Khan(2001) proposes a “maximum credible accident scenario” (MCAS) approach, whichconsiders both consequence and the likelihood of accident occurrence. MCASdemonstrates that although accidents may not have the worst or serious conse-quences, their high probability of occurrence is a cause for concern. Past accidentanalysis further revealed that worst ranked accident rarely occurred, whereas thosethat were ranked credible occurred quite often. These credible accidents oftenescalate and cause a catastrophe, which is not even modeled by a worse case accidentscenario. The MCAS approach is centered on a theme of credibility (C), which isdefined as a combination of the impact area and the probability of occurrence:
C = (A2 + B2) 1/2
where A and B represent the credibility factor estimated for assets and populationdamage effects, respectively.
A computer-automated tool, MAXCRED (Khan and Abbasi 1999b) and its higherversion MAXCRED-III (Khan and Abbasi 1999c) were developed to conduct maxi-mum credible accident analysis. It enables the simulation of accidents and theestimation of their damage potential. MAXCRED-III provides a more versatile andaccurate tool for rapid risk assessment than is possible with existing packages.Earlier versions of MAXCRED-III have significantly greater capabilities than othercommercial packages, whereas MAXCRED-III further improves its sophistication byincorporating a domino/cascading effect, and the implementation of an advancedconcept of software engineering. This software was developed for the authors’ in-house use; however, it is available from Khan for academic or research purposes.
Step 3: Probabilistic Hazard Assessment — Analytical Simulation Methodology(ASM)
In this step, fault trees are developed for the previously forecasted accidentscenarios. In order to develop and quickly analyze probabilistic fault trees, an‘analytical simulation’ methodology was developed. A computer-automated toolcalled PROFAT (PRObabilistic FAult Tree analysis) (Khan and Abbasi 1999a)
200455.pgs 12/11/01, 10:51 AM1915
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1916 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
performs analytical simulation. Analytical simulation methodology (ASM) is com-prised of five steps. In step 1, a logical dependency between the causes leading tothe top event (accident scenario) is developed and represented in terms of a faulttree. In step 2, the developed fault tree is transformed to a Boolean matrix. If thedimension of the Boolean matrix exceeds available computing resources, a struc-tural modularizing technique may be applied (Shafaghi 1988; Yllera 1988). In step3, the Boolean matrix is solved using an analytical method. In step 4, the results areprocessed for probability estimation. To increase the accuracy of the computationsand to reduce the margin of error due to the inaccuracy involved in the reliabilitydata of the basic events (initiating events), we recommend the use of a fuzzyprobability set. Step 5 enables a study of the importance of each component or eachcause (initiating event), which leads to the top event. The contribution of eachcause is estimated by repeating the last step (step 4) while that particular cause isabsent. Subsequently, the contribution of each cause is transformed into an ‘im-provement index’, which signifies the percentage contribution of each cause inleading to the top event. The higher the improvement index for a cause, the morevulnerable it is in leading the event. Thus, one can easily deduce from the improve-ment index which events would most likely cause an accident and which needimmediate attention.
The methodology summarized above was resolved into a computer-automatedtool PROFAT, coded in C++, developed by Khan and Abbasi (1999a) for in-houseuse, but is available from Khan for academic or research purposes.
Step 4: Risk Quantification and Design of Safety Measures
Using the results of the hazard assessment and probabilistic hazard assessmentsteps, the risk is computed and subsequently compared with the regulatory stan-dards. If it exceeds these standards, extra safety measures are added to the unit.After deciding which safety options are to be implemented over the unit, steps 2 and3 are repeated and the risk is again compared with the regulatory standards. Thisis repeated until the risk factors do not fall within the range of acceptable levels.
APPLICATION OF THE SCAP METHODOLOGY TO A PETROCHEMICALPLANT
The SCAP methodology is used to design the safety measures for a petrochemical(propylene glycol) plant to be located in an industrial complex. The units understudy involve the generation of propylene oxide (PO). The process is carried out infour stages: (i) production of chlorohydrin, (ii) saponification, (iii) purification ofpropylene oxide, and (iv) purification of dichloropropane (DCP).
The production of chlorohydrin involves the following reactions:
Cl2 + H2O → ClH + ClOHClOH + C3H6 → ClC3H6OH
Some side reactions take place to form (DCP) as well as dichloroisopropyl ether(DCIPE):
200455.pgs 12/11/01, 10:51 AM1916
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1917
Probabilistic Fault Tree Analysis
C3H6 + Cl2 → C3H6Cl2
C3H6 + ClOH + ClC3H6OH → (C3H6Cl)2O +H2O
The reaction is slightly exothermic and takes place in an aqueous solution.Chlorine is dissolved in water to give hypochlorous acid; propylene reacts with thelatter to form chlorohydrin. Subsequently, chlorohydrin is saponified with lime as:
2ClC3H6OH → 2C3H6O + CaCl2 + 2H2O
Sufficient alkali must be added to the saponifier to neutralize the hydro-chloric acid formed in the chlorohydrin reactor and also to hydrolyze thechlorohydrin to propylene oxide. A 15 to 20% (by weight) lime slurry isintroduced into the chlorohydrin solution upstream from the saponifier toensure proper mixing. An excess of 10% of lime is used so that the concentra-tions of hydroxyl ions remain constant throughout the course of the reaction.The rate of solubility of the lime is in fact the rate-limiting step of the reaction.The PO extracted by stripping from this unit contains water, DCP, DCIPE, andother impurities such as aldehydes. Extracted PO is sent to the distillationcolumn in which aldehydes are dimerlized by the injection of a caustic sodasolution as the catalyst. PO is recovered at the top of the column and con-densed; it is sent to a stripping column in which the lighter fractions areseparated.
The plant poses both toxic and flammable hazards as it deals with many hazard-ous chemicals such as propylene, PO, and chlorine. If released, these chemicals,which are processed under extreme conditions of temperature and pressure, maycause severe damage.
Step 1: Hazard Identification — SWeHI
All units of the petrochemical industry are screened through SWeHI and detailedresults are summarized in Table 1. Propylene storage, chlorohydrin reactor, chlo-rine storage, and PO storage units are identified as highly hazardous, and warrantmore detailed studies.
Step 2: Quantitative Hazard Assessment — MCAA
Envisaging Accident Scenarios Using MCAS
Credible accident scenarios are envisaged for each unit by using MCAS method-ology. Out of these scenarios, the maximum credible accident scenarios are pre-sented for the detailed MCAA of that particular unit.
• Scenario 1: Propylene transportation line — instantaneous release of propylenefrom the pipeline generates a vapor cloud which on ignition causes a fireball.
• Scenario 2: Chlorine transportation line — continuous release of chlorine from thepipeline causes building of the toxic load.
200455.pgs 12/11/01, 10:51 AM1917
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1918 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
• Scenario 3: Chlorohydrin reactor — a boiling liquid expanding vapor explosion(BLEVE) is followed by a fireball. The burned/unburned chemical on disper-sion causes building up of the toxic load.
• Scenario 4: Recycle line — release of the chemical causes the generation of avapor cloud, which on meeting an ignition source, burns as a flash fire.
Hazard Quantification
The detailed results for scenario 1 are presented in Table 2. The vapor cloudgenerated by instantaneous release on ignition causes a fireball, which generatesa heat radiation effect. It is clear from the table that an area of ~105 m radius facesa 50% probability of damage due to heat load. The heat radiation causes fatalityas well as second-order accidents by seriously damaging other units and accesso-ries. The worst affected units are the propylene oxide reactor and the chlorinestorage. The other units are processed similarly for detailed consequences.
Table 1. Results of SWeHI for process units of the propylene oxide plant.
200455.pgs 12/11/01, 10:51 AM1918
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1919
Probabilistic Fault Tree Analysis
Step 3: Probabilistic Hazard Assessment — ASM
This step is comprised of two activities: (i) fault tree development and (ii) faulttree analysis. Although this step was conducted for all four preidentified units, onlythe propylene line results are discussed here.
Propylene Transportation Line
The top event is identified as instantaneous release, which, on meeting anignition source, leads to a fireball. Twelve basic events may contribute di-rectly or indirectly to the accident scenario (Table 3). Most of the data(failure frequency of basic events) is obtained from the specific industry;however, the values of some of the parameters are obtained from Lees(1996), as industry-specific data for these events was not available. Based onthe process description and the detailed unit study, a fault tree was devel-oped (Figure 2).
The results of the fault tree analysis (output of PROFAT) are presented in Table4. The essential probability of the occurrence of an undesired event is 0.3, when allinitiating events occur. The improvement factor analysis (step 5 of ASM) suggeststhat event 1 is the largest contributor (about 56%) to the probability of the eventualaccident (Tables 3 and 4). It is evident that the events with the lowest contributionto the undesired event are 2, 11, and 12. Particular attention must be paid to events1, 7, 3, and 4 because these are most likely to lead to the eventual accident (topevent).
Table 2. MAXCRED-III results for propylene transportation line — scenario 1.
200455.pgs 12/11/01, 10:51 AM1919
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1920 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
Step 4: Risk Estimation
The risk posed by each unit is estimated on the basis of the results of theconsequence analysis and probabilistic fault tree analysis. As the risk is re-lated, inter alia, to the number of persons likely to be harmed, the populationdistribution in and around the likely accident points is also considered. Theresultant FN (frequency of occurrence versus number of fatalities) curve forthe propylene transportation line is presented in Figure 3. In this case, therisk posed is higher than the acceptable limit. This is similar to the otherunits.
Risk Reduction Through Add-On Safety Measures — MCAA — PFTA ControllerSystem
A list of possible control options to reduce the risk is listed in Table 5. Fromthese options, various combinations of the control measures are selected toreduce the risk potential of a unit. When these measures are accounted for, thefault tree for the unit is modified. Analysis of the new fault tree reveals that thefrequency of occurrence of the top event (envisaged accident) is changed to6.55E-05, which is 1/4500 of the previous value. The risk contour after the
Table 3. Elements of the fault tree for a probable accident in propylenetransportation line.
200455.pgs 12/11/01, 10:51 AM1920
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1921
Probabilistic Fault Tree Analysis
Figure 2. Fault tree diagram for an accident in propylene transportation line (basic eventnumbers 1-12 used in Table 3).
200455.pgs 12/11/01, 10:51 AM1921
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1922 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
Table 4. Results of PROFAT for a probable accident scenario in propylenetransportation line.
200455.pgs 12/11/01, 10:51 AM1922
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1923
Probabilistic Fault Tree Analysis
implementation of control measures (Figure 3) reveals that after safety measuresare considered, the risk profile is reduced to acceptable limits. When SCAP isapplied in the same manner to the reactor unit and the recycle line, a significantlowering of the hazards also results. However, in the fourth unit — involvingchlorine — the incorporation of safety measures failed to reduce the FN curvesto acceptable levels. Therefore, this unit requires special emergency prepared-ness and disaster management plans. It — and all those units, which do notrespond favorably to SCAP treatment — needs to be treated as special redcategory or ‘hot’ units.
SUMMARY AND CONCLUSION
In this paper, we present a new methodology (SCAP) in which safety manage-ment steps in petrochemical industries are interfaced with a hazards quantifica-tion method. The proposed methodology is a combination of the two earlierproposed techniques of MCAA and PFTA. The methodology enables a continu-ous and quantitative determination of the impact of safety measures on the risksposed by an industry. When applied to a propylene oxide reaction unit of apetrochemical industry, SCAP showed how successive safety measures reducedthe risks posed by three components of the unit to within levels defined as ‘safe’.The chlorine transportation line risk potential could not be lowered signifi-cantly despite an intensive input of accident controls, and consequently re-quired an emergency preparedness plan.
Figure 3. FN curves for propylene transportation pipeline.
200455.pgs 12/11/01, 10:51 AM1923
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1924 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
Table 5. Add-on safety options used over different units to bring risk factors toacceptable values.
200455.pgs 12/11/01, 10:51 AM1924
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1925
Probabilistic Fault Tree Analysis
REFERENCESAPI (American Petroleum Institute). 1990. Management of Process Hazards, 1st ed. Washing-
ton, DC, USACCPS. 1989. Guidelines for Chemical Process Quantitative Risk Analysis. American Institu-
tion of Chemical Engineers, NY, NY, USADoran P and Greig TR. 1993. Hazard Assessment Using the Mond Index. Mond Index
Services, Cheshire, UKDow. 1994. Dow’s Chemical Exposure Index. American Institution of Chemical Engineers,
NY, NY, USAFawcett HH. 1993. Toxicity versus hazards. In: Fawcett HH and Wood WS (eds), Safety and
Accident Prevention in Chemical Operations, 2nd ed. John Wiley & Sons, NY, NY, USAGreenberg HR and Cramer JJ. 1991. Risk Assessment and Risk Management for Chemical
Process Industries. Van Nostrand Reinhold, NY, NY, USAHauptmanns U. 1988. Fault tree analysis for process industries: engineering risk and hazard
assessment. In: Kandel A and Avni V (eds), Engineering Risk and Hazard Assessment, vol2, pp 245-60. CRC Press, Boca Raton, FL, USA
Hirst IL and Carter DA. 2000. A “Worst Case” methodology for risk assessment of majoraccident installations. Process Safety Progress 19(2):78-82
ISGRA. 1985. Risk analysis in the process industries – an ISGRA update. Plant/OperationProgress 4(2):63-71
Khan FI. 2001. Development of maximum credible accident scenarios for realistic andreliable risk assessment. Chemical Engineering Progress November: 56–64
Khan FI and Abbasi SA. 1997. A maximum credible accident analysis based quantitative riskassessment study of chemical process industry. Indian Chemical Engineer A39(2):92-8
Khan FI and Abbasi SA. 1998a. Techniques and methodologies for risk analysis in chemicalprocess industries. J Loss Prevention in Process Industries 11:261-77
Khan FI and Abbasi SA. 1998b. Risk Assessment in Chemical Process Industries: AdvanceTechniques. Discovery Publishing House, New Delhi, India
Khan FI and Abbasi SA. 1998c. Multivariate hazard identification and ranking system. ProcessSafety Progress 17(3):157-65
Khan FI and Abbasi SA. 1999a. PROFAT: a user-friendly system for probabilistic fault treeanalysis. Process Safety Progress 18(1):42-53
Khan FI and Abbasi SA. 1999b. MAXCRED – a new software package for rapid risk assessmentin chemical process industries. Environment Modeling and Software 14:11-25
Khan FI and Abbasi SA. 1999c. Assessment of risks posed by chemical industries-applicationof a new computer automated tool MAXCRED-III. J Loss Prevention in Process Industries12(6):455-69
Khan FI and Abbasi SA. 2001a. Risk analysis of a typical chemical industry using ORA. JournalLoss Prevention in Process Industries 14(1):43-59
Khan FI and Abbasi SA. 2001b. Analytical simulation and PROFAT II: a new methodology anda computer automated tool for fault tree analysis in chemical process industries. J Hazard-ous Materials (in press)
Khan FI, Husain T and Abbasi SA. 2001a. Design and evaluation of safety measures using anewly proposed methodology “SCAP”. J Loss Prevention Process Industries (in press)
Khan FI, Husain T and Abbasi, SA. 2001b. Safety Weighted Hazard Index (SWeHI): a newuser-friendly tool for swift yet comprehensive hazard identification and safety evaluationin chemical process industries. Trans IChemE (Environment and Process Safety) 79 B:65-80
Klaassen KB and Van Pepper JCL. 1989. System Reliability Concept and Applications. Chapmanand Hall Inc, NY, NY, USA
200455.pgs 12/11/01, 10:51 AM1925
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
1926 Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001
Khan and Husain
Laplante A. 1998. Too Close To Home: A Report on Chemical Accident Risks in the UnitedStates. U.S. Public Interest Research Group (U.S. PIRG), Washington, DC, USA
Lees FP. 1996. Loss Prevention in CPI. Butterworths, London, UKMontague DF. 1990. Process Risk Evaluation - what method to use? Reliability Engineering
& System Safety 29(1):27-36Perrow C. 2000. PIRG Toxics Too Close to Home. U.S. Public Interest Research Group (U.S.
PIRG), Washington, DC, USAPopazoglou IA, Nivoliantiou AO and Christou M. 1992. Probabilistic safety analysis in chemi-
cal installation. J Loss Prevention Process Industries 5(3):181-97Post RL. 2001. HAZROP: an approach to combining HAZOP and RCM – A single merged
activity provides resource savings. Hydrocarbon Processing 80 (5):69-73Scheffler NE. 1994. Improved fire and explosion index hazard classification. Process Safety
Progress 13(4): 214-21Shafaghi A. 1988. Structure modeling of process systems for risk and reliability analysis. In:
Kandel A and Avni V (eds), Engineering risk and hazard assessment, vol 2, pp 45-64. CRCPress, Boca Raton, FL, USA
Suokas J. 1988. The role of safety analysis in accident prevention. Accident Analysis &Prevention 20(1):67-73
Tyler BJ, Thomas AR, Doran P, et al. 1994. A toxicity hazard index. Hazards XII:351-67Van Sciver GR, 1990. Quantitative risk analysis in the chemical process industries. Reliability
Eng & System Safety 29:55-63Yllera J. 1988. Modularization methods for evaluating fault tree of complex technical system.
In: Kandel A and Avni V (eds), Engineering risk and hazard assessment, vol 2, pp 81-100.CRC Press, Boca Raton, FL, USA
Zoller L and Esping JP. 1993. Use ‘What if’ method for process hazard analysis. HydrocarbonProcessing 72(1):132-45
APPENDIX
F1 = 0.1*M * (Hc)/K
F2 = 1.304 * 10–3*PP*V
F3 = 1.0*10–3*1/(T+273)*(PP-VP)2*V
pn1 = ftemp1 (flash fire, auto ignition, and working temperature)
pn2 = fpres1 (AP,VP,PP)
pn3 = floc (distance)
pn4 = fquan (quantity in tons)
pn5 = maximum [1, 0.30*(NR + NF)]
pn6 = (1+%space occupied by the unit in an area of 30 m radius from the
unit /100)
Hazard_potential = (F1*Pn1+F*Pn2)*pn3*pn4*pn5*pn6*pn7*pn8
200455.pgs 12/11/01, 10:51 AM1926
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4
Hum. Ecol. Risk Assess. Vol. 7, No. 7, 2001 1927
Probabilistic Fault Tree Analysis
B1 = 4.76 (Hazard_potential)1/3
pnr1 = f1(ambient, operating, auto ignition, Flash, and Fire temperature)
pnr2 = h1(PP) or -h2(PP), where h1(pp) and h2(pp) are pressure function.
pnr3 = 1.2 * vapor density/air density
pnr4 = maximum (1, 0.6* NH)
pnr5 = fpop (population density)
B2 = a(G* pnr1*pnr2 *pnr3*pnr4*pnr5*pn6*pn7)b
where a = 25.35 and b = 0.425 are constant and are estimated empirically by
studying the release and dispersion of a range of chemicals (super-heated liquids,
liquefied gases, gases, etc.).
M = Mass of chemical, kg or mass release rate (kg/s)
Hc = Heat of combustion, kJ/kg
pn = Penalties for damage index estimation
pnr = Penalties for toxic damage index estimation
SP = Specific heat ratio
T = Temperature, oC
V = Volume of chemical, m3
PP = Processing pressure, kPa
TP = Transportation pressure, kPa
VP = Vapour pressure, kPa
AP = Atmospheric pressure, kPa
K = Constant (3148)
F1, F2, F3 = Core energy factors used in damage index estimation
G = Core toxic load factor used in toxic damage index
estimation
NF, NR, NH = NFPA ranking for flammability, reactivity and human health.
200455.pgs 12/11/01, 10:51 AM1927
Dow
nloa
ded
by [
Uni
vers
ity o
f C
alif
orni
a, R
iver
side
Lib
rari
es]
at 1
3:19
09
Oct
ober
201
4