risk-based system safety assessment of ammunition process ... · risk-based system safety...
TRANSCRIPT
23rd International System Safety Conference 2005
Risk-based System Safety Assessmentof Ammunition Process Facility
Authors ~
Francis Loi, (Presenter) Defence Science & Technology Agency, Singapore
Andreas F. Bienz, Bienz, Kummer & Partner Ltd, Switzerland
Alfred Tan, Defence Science & Technology Agency, Singapore
Scope
� Introduction
� Approach
� Data Collection
� Quantitative Risk Analysis
� Summary of Results
� Benefits
� Subsequent Actions and Conclusion
Introduction
� Schematic of the Ammunition Process Facility (APF)
� Sited within a disused granite quarry
� Partial reinforced concrete structure and partial rock cavern
Preparation Area
Admin./Utility
Rooms
ZONE A
Test Cell
Preparation Area
Admin./Utility Rooms
Test Cell
ControlRoom
ControlRoom
EntranceBlast Door
EntranceBlast Door
Test CellBlast Door
Test CellBlast Door
ZONE B
* Not to Scale
Approach
� 3-tiered approach:
� General data collectionon 6 system elements:
� Ordnance-specificanalysis
� Situational analysis
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier: General Data Collection
2nd Tier: Ordnance-specific Analysis
3rd Tier: Situational Analysis
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 1. Location
� Layout (nearby buildings and road networks)
� Functions of nearby buildings / facilities
� Personnel- and vehicle-density
Preparation Area
Admin./Utility
Rooms
ZONE A
Test Cell
Preparation Area
Admin./Utility Rooms
Test Cell
ControlRoom
ControlRoom
EntranceBlast Door
EntranceBlast Door
Test CellBlast Door
Test CellBlast Door
ZONE B
* Not to Scale
APF Footprint
Within quarry
Outside quarry
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 2. Infrastructure
� Type of building construction
� Presence of hazardous materials
� Presence of unique building systems (e.g., blastdoors, fire protection systems, electrical equipmentclassification)
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 3. Ordnance
� 5 primary ordnance systems (T1 - T5)were selected
� Basic characteristics (e.g, net explosivesquantity (NEQ), hazard classification,physical conditions, packaging)
� Ordnance utilisation/exposure periods
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 4. Equipment
� Unique equipment used in thetransporting, handling and processing ofordnance
� E.g., ordnance-handling vehicles, cranes,compressed air system
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 5. Personnel
� Number of personnel
� Location of personnel
� Tasks/duties of personnel
� Exposure period to hazardous activities
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� 6. Procedures / Workflow
� Procedures and duration of normaloperations at the APF, including in-loading, preparation, testing / processing,out-loading were documented andcategorised into specific situations
� Quantity and location of personnel andordnance were traced to workflow
ORDNANCE
PERSONNEL
PROCEDURES
LOCATION
INFRASTRUCTURE
EQUIPMENT
1st Tier
3rdt Tier
2nd Tier
Data Collection
� Consolidation of workflow dataBasic Data: Work Flow for Ordnance T3
Room
Preparation
2 t NEQ 2 t NEQ 1.6 t 1.6 t 2 t NEQ 1.6 t 1.6 t 1.6 t 2 t 2 t NEQ
4 Pers. 5 Pers. 0 Pers. 1 Pers. 5 Pers. 1 Pers. 0 Pers. 1 Pers. 5 Pers. 4 Pers.
Take ammo out Disassemble Storage various Assemble / var. Storage various Ass. Put ammo back
Inspection Disassemble Inspection
Test Cell
500 kg NEQ 500 kg NEQ 500 kg NEQ 500 kg NEQ
4 Pers. 4 Pers. 4 Pers. 4 Pers.
Preparation Clean up Preparation Clean up
Control5 Pers. 5 Pers.
Controlling Controlling
Adminor other 1 Pers. 1 Pers.
various various
4-5 h 5-6 h 6-7 h 7-8 h0-1 h 1-2 h 2-3 h 3-4 h
Data Collection
� Consolidation of workflow data into specific situationsResulting Situations for Ordnance T3
Room
Preparation(Inspection)
2 t NEQ 2 t NEQ 1.6 t NEQ 1.6 t NEQ4 Pers. 5 Pers. 1 Pers. 0 Pers.Take ammo out Disassemble/Assemble various StorageVisual inspection
Test Cell
500 kg 500 kg4 Pers. 0 Pers.Preparation Testing
Control5 Pers.Controlling
Adminor other 1 Pers.
various
Situation 4Testing
Situation 3Situation 1Preparation
Situation 2Disassemble/Assemble
2 h / ShiftBefore/After Test
2 h / Shift2 h / Shift 2 h / Shift
Quantitative Risk Analysis
� 4 systematic procedures:
� Event analysis
� Effect analysis
� Exposure analysis
� Risk calculationE1
P1 Pi Pn
Ej
EmR
Risk Calculation
location of eventstype of reactionsprobabilitiesdecisive quantities
distribution of hazardous effectsinjuries/lethality of persons
number, location, time and length of stay of possibly exposed persons
calculation of individual and collective risks
Event Analysis
� Identified the list of hazardous incidents which could occurdue to relevant, multi-folded reasons
� Incidents were derived based on location, decisivequantities of explosives, nature of activity, its duration andbasic frequency
� Basic frequency was obtained from BK&P’s BasicFrequency System, which is a database of eventprobabilities based on statistical, analytical andexperiential approachesS/N Ordnance Location NEQ (kg) Activity Duration (hr) Basic Frequency (1/yr)1.1 2000 Unpack/Pack 2 1.00E-051.2 2000 Drain/Refuel 2 1.00E-041.3 1600 Change/Clean 1.00E-051.4 Test Cell 600 Prepare 3.00E-051.5 Preparation Area 1600 Change/Clean 1.00E-051.6 Test Cell 600 Testing 1.00E-03
Preparation Area
T1 2
2
Effect Analysis
� General effects associated with an explosion wereconsidered (e.g., airblast, debris, fire, building damage)
� Effects (or consequences) were normalised in terms oflethality rates at three locations:
� APF Donor Zone
(PES)
� APF Acceptor Zone
(ES)
� Area outside APF
(ES)
Donor Zone NEQ/QTNT Preparation Area Test Cell Control RoomsPreparation Area 1 - 4 ton 100% 100% 100%
200 - 400 kg 5% - 100% 2% - 13% 5% - 20%Test Cell X00 kg 75% - 100% 100% 1%
50 kg 1% 100% 0%
Event in Lethality in Donor Zone
Event in Donor ZoneNEQ/QTNT
2 - 4 ton 0.5%1 - 2 ton 0.2%
0.3 - 1 ton 0.1%< 0.3 ton 0%
Lethality in Acceptor Zone
LethalityDebris Mass
Density (kg/m 2) 1 ton 2 ton 3 ton
75% 7 20 40 7030% 1.8 110 130 1605% 0.25 240 260 290
0.5% 0.025 400 420 4500.05% 0.0025 550 570 600
Effects Distance (m) for NEQ/Q TNT
Exposure Analysis
� Personnel exposure information were duration- andlocation-specific
� Exposure rate in the Donor zone (PES) was derivedbased on situations or activities
� An average exposure rate was assumed in the Acceptorzones (ES) (i.e., adjacent APF Zone & surrounding areas)due to the low risk-relevance from the lower assumedlethality rates and more-or-less random operations
Risk Calculation
� Quantitative risks were calculated using risk matricescombining data from event, effect and exposure analyses
� Risk categories considered:
� Individual risk
� Real collective risk
- or group risk
� Perceived collective risk
- with aversion factor, ϕ
Risk = Probability • Consequences
effects simultaneity t
dangerous eventprobability p
individual i
Individual: Society: Responsible Party:
( = Aversion)ϕϕϕϕ
Individual Risk:
r i = p. λλλλi .t i
Real Collective Risk:
Rr= p.Σλλλλi.t i=p.C
λλλλ i
i
Rp = ϕ.ϕ.ϕ.ϕ. Rr
Perceived Coll. Risk:
Risk Calculation
� Individual Risk Calculation MatrixRisk Calculation Zone: A
Ammo Type: T1Period of Situation (1 Shift) [h/8766 h]: 0.22 Situation No: 1 - 2
Room Event Pers. PW1-1 PW1-2 PW1-3 PW1-B PW1-EO1 PW1-EO2 PW1-EO3 PW1-E O4
No. No. n 4 3 1 9 2 20 20 20
A A1/1-1 fbi 1.00E-05 tij 25 25 25 25 1.25 2.5 2.5 1.25
λλλλAB 100 100 100 0.5
λλλλDT 90 50 0.1 20
λBD
λFr
λFi
λij 100 100 100 0.5 90 50 0.1 20
Rri 5.14E-06 rij 5.50E-07 5.50E-07 5.50E-07 2.75E-09 2.48E-08 2.75E-08 5.50E-11 5.50E-09
A A1/2-1 fbi 1.00E-04 tij 25 25 25 25 1.25 2.5 2.5 1.25
λλλλAB 100 100 100 0.5
λλλλDT 90 50 0.1 20
λBD
λFr
λFi
λij 100 100 100 0.5 90 50 0.1 20
Rri 5.14E-05 rij 5.50E-06 5.50E-06 5.50E-06 2.75E-08 2.48E-07 2.75E-07 5.50E-10 5.50E-08
Risks in Acceptor Zone (B)
λAB - Lethality rate due to air blastλDT - Lethality rate due to debris throw
Event Persons j
Risks in Donor Zone (A) Risks outside IAPFLegend:Event
Effect
Exposure
Risk Evaluation
� A risk assessment is not complete without risk evaluation andthe definition of the safety (or risk acceptance) criteriapertaining to the case
� Typical levels of risk evaluation:
� Definition of safety (or risk acceptance) criteria
� Proof of safety Responsible party
Safety analyst
Definition of safety criteria
Proof of safety
Responsible party
Safety analyst
Definition of safety criteria
Proof of safety
Risk Evaluation
� Safety (or Risk Acceptance) criteria for individual risk
� Upper Limiting Values Principle
� According to current Swiss safety criteria, maximumacceptable individual risk is
� 10-4/year for directly involved personnel
� 5x10-5/year for indirectly involved personnelUpper Limiting Values Principle:
max
r (Person p)Accepted
Not Accepted
Individual Risk r
Maximum Individual Fatal Risk / Year:
accepted
not accepted
10-2
10
10
10
-3
-4
-5
Risk[1/year]
RiskCategories
directly involved persons indirectly involved persons third persons
Risk Evaluation
� Safety (or Risk Acceptance) criteria for collective risk
� Willingness-to-pay & Marginal Cost Principles
� According to current Swiss safety criteria,
� Marginal cost to prevent one directly-involved fatality isCHF 4m (or SGD 5m or USD 3m)
Marginal Cost Principle:
Tangent ofMarginal Cost[Money/Saved Life]
Optimum Package of Safety Measures
Collective Risk R
Racc
Cost of Safety Measures
Marginal Cost for Preventing 1 Fatality:
RiskCate-gories
100
10
1accepted
Cost[mill CHF]
directly involved persons indirectly involved persons third persons
not accepted
not accepted
1 2 3 4
Summary of Results
� Individual risks
� Within the acceptable Swiss safety criteria for individualrisks
Safety Check (for 1 shift and 1 working year) Ammo Type: T1 (Donor-) Zone: A
Events
PW1-1 PW1-2 PW1-3 PW1-B PW1-EO1 PW1-EO2
n=4 n=4 n=3 n=3 n=1 n=1 n=9 n=9 n=2 n=2 n=20 n=20
Rr [1/y] Rr [1/y] Rr [1/y] Rr [1/y] II DI II DI II DI II DI II DI II DI
Safety Check
Requ. SafetyInvestment
582 [S$/y] r1 = 8.65E-06 r2 = 9.36E-06 r3 = 8.40E-06 r4 = 3.74E-0 8 r5 = 3.73E-07 r6 = 9.34E-07
Total R 1.16E-04 9.37E-05 7.10E-05 2.27E-05 1.04E-08 8.64 E-06 1.04E-08 9.35E-06 1.04E-08 8.39E-06 3.74E-08 0.00E+00 3.73E-07 0.00E+00 9.34E-07 0.00E+00Ammo Type T2 62% 7.08E-09 7.08E-09 7.08E-09 - 7.08E-09 7.08E-09Ammo Type T3 9% 1.50E-09 1.50E-09 1.50E-09 - 1.50E-09 1.50E-09Ammo Type T4 12% 0.00E+00 0.00E+00 0.00E+00 - 0.00E+00 0.00E+00 Ammo Type T5 18% 1.83E-09 1.83E-09 1.83E-09 - 1.83E-09 1.83E-09
A1/1-1 4.40E-06 5.50E-07 5.50E-07 5.50E-078.66E-07 2.75E-09 2.48E-08 2.75E-08
A1/2-1 4.40E-05 5.50E-06 5.50E-06 5.50E-068.66E-06 2.75E-08 2.48E-07 2.75E-07
A1/3-1 4.40E-06 5.50E-07 5.50E-07 5.50E-078.66E-07 2.75E-09 2.48E-08 2.75E-08
A1/3-2 1.21E-05 1.49E-06 1.65E-06 1.24E-064.60E-07 1.65E-09 4.13E-08 1.65E-08
A1/4-1 4.40E-06 5.50E-07 5.50E-07 5.50E-078.66E-07 2.75E-09 2.48E-08 2.75E-08
A1/4-2 1.65E-06 0.00E+00 5.50E-07 0.00E+001.10E-05 0.00E+00 0.00E+00 5.50E-07
Individual Risk
2.37E-05 1.27E-05
1.30E-05 1.26E-05
6.13E-06 5.27E-06
6.13E-05 5.27E-05
6.13E-06 5.27E-06
Individual Risks from Zone B
6.13E-06 5.27E-06
Collective Risk
Grp Adj. DI + II DI II
Donor Zone Acceptor Zone Outside APF
Summary of Results
� Collective risks
� Applying the marginal cost of CHF 4m or SGD 5m to theperceived collective risk of 2.05x10-3/year, the maximumactual costs for significant risk mitigation is approximatelySGD 10,000/year
� No further physical risk mitigation measures can be foundand implemented.
� Sound procedural control is the next level of residual riskmitigation
Dura-tion
AZone
BZone
ExternalObjects
Real Risk(Grp. Adj.)
Estim.Avers.
PerceivedRisk [1/y]
Dura-tion
BZone
AZone
ExternalObjects
Real Risk(Grp. Adj.)
Estim.Avers.
PerceivedRisk [1/y]
T1 47% 6.67E-05 3.16E-07 2.10E-05 1.09E-04 4.00 4.38E-04 - - - - - - -T2 - - - - - - - 62% 7.68E-05 1.41E-07 9.12E-06 9.54E-05 3.48 3.32E-04T3 8.5% 7.85E-06 2.70E-08 2.05E-06 1.20E-05 2.30 2.76E-05 8.5% 7.84E-06 2.99E-08 2.52E-06 1.29E-05 2.30 2.97E-05T4 12% 1.15E-05 1.54E-08 1.33E-07 1.18E-05 2.00 2.36E-05 12% 1.08E-05 0.00E+00 9.25E-08 1.10E-05 2.00 2.21E-05T5 32% 6.09E-05 1.90E-07 6.85E-06 7.50E-05 10.56 7.92E-04 18% 3.43E-05 7.13E-08 3.53E-06 4.15E-05 9.19 3.81E-04
100% 1.47E-04 5.49E-07 3.01E-05 2.08E-04 - 1.28E-03 100% 1.30E-04 2.42E-07 1.53E-05 1.61E-04 - 7.65E-046,403 3,825
Perceived Collective Risk [1/year] 2.05E-03 Marginal Cost [S$/y] 10,228
Total Marginal Cost in S$ Marginal Cost in S$
Ordn.A Zone (Donor) B Zone (Donor)
Summary of Results
� Statistical collective risks of different ordnance
� Provided an overview of the risk environment and acomparison of the risks inherent to the processing of eachordnance system
Statistical Collective Risk [1/year]
0.00E+00
2.00E-05
4.00E-05
6.00E-05
8.00E-05
1.00E-04
1.20E-04
1.40E-04
T1 T2 T3 T4 T5Ordnance
A Zone B Zone
Benefits from the QRA
� Addressing the Maximum Credible Mishap
� Theoretical and mathematical perspective on potentiallydire consequences
� Objectivity and Details
� High level of objectivity and details through the perspectivesof the risk analysts and supported by statistical data
� Appreciation of Activity Interfaces
� Simultaneity of activities and their interfacing risks can bemathematically determined
� Thorough Consideration of Workflow and Procedures
� Early understanding of operations and workflow
Conclusions
� Addressed the maximum credible mishap
� Provided safety assurance on APF engineering andexplosive safety designs, based on current Swiss safetystandards
� Increased the risk awareness of various APF stakeholdersand ordnance operators
Subsequent Actions� Qualitative analysis and safety documentation of the APF
engineering systems
� Qualitative O&S safety assessment to incorporate andintegrate operators’ directives and procedures
The End
Acknowledgement ~
Andreas F. Bienz, Bienz, Kummer & Partner Ltd, Switzerland
Alfred Tan, Defence Science & Technology Agency, Singapore