List of Hazards to be used.Wheel falls off of vehicleChristmas tree catches on fireTurkey burns in ovenVehicle does not startCeiling fan falls from ceiling 1) Create a FTA for 1 of the hazards listed. ( at least 3 levels – Do not need to assign probability )2) Use any of the methods from lecture to analyze another hazard listed.( PHA, FTA, FMEA, Bow Tie ) Please follow the same instruction in the slides that I have attachedThe FTA should look like the same thing in the slides
week_11_preliminary_hazard_analysis_student.pptx
Unformatted Attachment Preview
Preliminary Hazard Analysis (PHA)
and Fault Tree Analysis (FTA)
Preliminary Hazard Analysis
• Background
• MIL-STD 882 – beginning of system safety
– PHA is first analysis task
• Very preliminary tool – used early in design
cycle
• Basically a Brainstorming concept
2
Preliminary Hazard Analysis
• PHA execution
• Hazard list
– Mechanical, electrical, chemical, radiation, thermal,
(biological)
• Determine





Cause
Consequence
Initial risk (optional)
Risk reduction measures
Residual risk (optional)
3
Preliminary Hazard Analysis
• Expansion on basic hazard categories:
• Mechanical:
– Crushing surfaces
– Ejected parts/fragments
– Rotating equipment (in-running nip points)
– Sharp edges
– Stability
4
Preliminary Hazard Analysis
• Electrical:
– Arcing
– Electromagnetic interference
– Ignition of combustibles
– Power outage
– Shock
5
Preliminary Hazard Analysis
• Chemical
– Corrosion
– Exposure to aerosol
• Radiation
– Ionizing
– Nonionizing
6
Preliminary Hazard Analysis
• Thermal
– Burns
– Elevated flammability
– Elevated gas/liquid pressure
– Elevated reactivity
– Elevated volatility
7
Preliminary Hazard Analysis
• Sources of information:
– Past incident reports
– Expert opinion (can include many disciplines…not
just engineers!)
– External opinion (fresh eyes from outside the
company) — (link)
8
Preliminary Hazard Analysis
Example: PRT
Hazard
Cause
Consequence
(Mechanical)
Risk
reduction
Assigned to:
Pedestrian
struck by car
Pedestrian on
track
Death
(Eliminate)
Prevent
unauthorized
track access
(Eng Control)
Detect objects
on track and
prevent car
motion
Rider struck by
closing door
Rider unaware
door is closing
Minor injury?
(Admin
Team 2
Control)
Announce door
closing
Note that risk has not been estimated.
Team 1
9
Preliminary Hazard Analysis
In class Group practice (2-4 ppl):
Office Heater
Hazard
Cause
Consequence
Risk
reduction
Assigned to:
10
Preliminary Hazard Analysis
• Summary
• PHA comes early in the designing phase – not
many details needed
• Team approach is important
• Work through the general categories of
hazards
11
Fault Tree Analysis
12
Fault Tree Analysis
• Introduction
• Initiated at Bell Labs for Air Force – 1962
• Deductive technique
– Starts with general and moves toward specific
– Requires knowing the “top event” or end point in
advance
– More detailed design information needed
compared to PHA
13
Fault Tree Analysis
• Methodology…
• General rules:







Moving down the tree reveals causes
Moving up the tree reveals effects
No gate to gate connections
All gates need at least 2 inputs
No event to event connections
Do not draw lines from two gates to single input
Bottom level of tree should not be rectangles (For
example, need basic event or undeveloped event)
14
Fault Tree Analysis Symbols
AND gate – all inputs to gate required for event
to occur
OR gate – any input to gate is sufficient for event
to occur
Basic event
Event
15
Fault Tree Analysis
Connecting symbol (can be used to jump to
another fault tree)
Undeveloped event
16
Amputate finger
with table saw
Ask: What could cause this?
And
Level
1
Finger contacts
blade
Blade is rotating
And
Or
Level
2
Saw plugged
in
No guard
in place
E-stop not
pushed
Switch
toggled
on
Finger
around guard
17
Fault Tree Analysis
Group Exercise – create the Fault tree using the
events listed below.
Top event – Hot water Heater Explodes
18
Fault Tree Analysis
Events
• pressure relief valve fails
• high temperature
• Relief valve froze
• Relief valve line plugged
• Temp. Regulator fails
• High temp. control cutoff fails
• Relief valve crimped
• Relief valve frozen
• Plug installed in pipe
19
Hot water heater
explodes
Ask: What could cause this?
AND
Level
1
Pressure Relief
valve Fails
High Water Temp.
AND
OR
Level
2
Temp.
Regulator
Fails
Relief Valve
discharge line
plugged
Relief
valve
frozen
Line Frozen
Crimped
Plug install
High Temp.
cut off fails
20
Probability
• And gate
• P(A and B) = P(A) x P(B)
• Or gate
• P (A or B) = P(A) + P(B) – P ( A ∩ B)
• P (A ∩ B) is the probability that event A and B occur at
the sametime.
• If A and B are mutually exclusive,then
• P( A or B)= P (A) + P (B)
21
Hot water heater
explodes
P=?
Level
1
Pressure Relief
valve Fails
Or
Level
2 P=0.006
High Water Temp.
P=0.004
Relief Valve
discharge line
plugged
Relief
valve
frozen
Line Frozen
And
Crimped
Temp.
Regulator
Fails
Plug install
High Temp.
cut off fails
22
Hot water heater
explodes
P=0.01
Level
1
P= ?
Pressure Relief
valve Fails
Or
Level
2
P=0.006
High Water Temp.
P=0.004
P=0.01
Relief Valve
discharge line
plugged
Relief
valve
frozen
Line Frozen
Crimped
Temp.
Regulator
Fails
Plug install
And
P=0.02
High Temp.
cut off fails
23
P= ?
Hot water heater
explodes
P=0.01
Level
1
Pressure Relief
valve Fails
Or
Level
2
P= .0002
P=0.006
Relief
valve
frozen
Line Frozen
High Water Temp.
P=0.004
P=0.01
Relief Valve
discharge line
plugged
Crimped
Temp.
Regulator
Fails
Plug install
And
P=0.02
High Temp.
cut off fails
24
P= 0.000002 Extremely Improbable
Hot water heater
explodes
P=0.01
Reasonably Probable
P= .0002
Remote
Pressure Relief
valve Fails
P=0.006
Occasinal
Relief
valve
frozen
Line Frozen
Or
P=0.004
Occasional
Relief Valve
discharge line
plugged
Crimped
High Water Temp.
P=0.01
And
Reasonably Probable
Temp.
Regulator
Fails
Plug install
P=0.02
Occ.
High Temp.
cut off fails
25
K
Group Exercise #2











P(A)=0. 1
P(B)=0. 2
P(C)=0. 2
P(D)=0. 3
P(F)=0.05
P(H)=0. 1
P(E)=?
P(G)=?
P(I)=?
P(J)=?
P(K)=?
I
E
A
J
H
F
G
B
C
D
26
K
Group Exercise #2











P(A)=0. 1
P(B)=0. 2
P(C)=0. 2
P(D)=0. 3
P(F)=0.05
P(H)=0. 1
P(E)=0. 3
P(G)=0. 5
P(I)=0.35
P(J)=0.6
P(K)=0.21
I
E
A
J
H
F
G
B
C
D
27
Fault Tree Analysis
• Cut sets – group of events that, if they all
occur, would cause the top event
• Minimal cut set – the cut set with the fewest
events which could lead to the top event
• Single-point failure – single occurrence that
leads to incident
28
Fault Tree Cut sets
29
Fault Tree Analysis
• Summary
• FTA useful to identify basic events (root
causes)
• Identifying cut sets and minimal cut sets is
important
• One disadvantage: You need to know top
events in advance
30
Group Exercise
• Part 1: Pick 1 product or system you are familiar
with and perform a PHA for the product.
Consider hazards from all of the general
categories (mechanical, electrical…) we have
discussed. In the risk reduction column, make
suggestions from two levels of hazard control
hierarchy.
• Part 2: Develop a qualitative fault tree for the
that product
31
Failure Modes and Effects Analysis
(FMEA)
Failure Modes and Effects Analysis
• Introduction…
• Why FMEA?
• Top 3 U.S.-based warranty providers in 2010 ($
in millions):
1) General Motors Co. – $3,204
2) Hewlett-Packard Co. – $2,689
3) Ford Motor Co. – $1,522
33
Failure Modes and Effects Analysis
• Introduction
• Initiated for the military
– MIL-P-1629, “Procedures for Performing a Failure
Mode, Effects, and Criticality Analysis” (1949)
• IEC 60812 – Analysis Techniques For System
Reliability – Procedure For Failure Mode And
Effects Analysis (FMEA)
• Inductive reasoning – Bottom up technique
(different from FTA)
34
Failure Modes and Effects Analysis
• Methodology…
• Answering a series of questions:
– What can fail?
– How does it fail?
– How frequently will it fail?
– What are the effects of the failure?
– What is the reliability/safety consequence of the
failure?
35
Failure Modes and Effects Analysis
• Methodology…
• Risk Priority Number (RPN) = a combination of
severity, occurrence (freq.), and detection. (Raytheon
method below…)
• Severity: Scale 1-10, 1=no impact, 10=catastrophic
impact/hazardous
• Occurrence: Scale 1-10, 1=predicted < 3 defects/million, 10=>500K defects/million
• Detectability: Scale 1-10, 1=always detected by current
control plan, 10=unable to detect – (ability to detect
problem before reaching end user)
36
AIAG = Automotive Industry Action Group
37
Failure Modes and Effects Analysis
Item/
Function
Failure
Mode
Brake cable: Cable breaks
Provides
adjustable
and
calibrated
movement
between the
Cable binds
brake lever
and brake
caliper
Failure Effect
SEV
Failure Cause
OCC
Operator cannot 10
close brake
calipers and
wheel does not
slow down.
Incident possible.
Cable wiring
corrosion (wrong
material)
5
Fatigue cracks in
cable (inadequate
thickness)
2
Increased
cable/sheath
friction and
increased effort
to close brake
calipers.
Cable bend or kink
due to misrouting
3
7
Inadequate
5
lubrication between
cable/sheath
38
Failure Modes and Effects Analysis
ID #
Component
/Function
Failure
mode
Severity Failure
cause
Occur.
Failure
effect
Detect.
RPN
Recom
(SxOxD) mendat
ions
5 “whys”
39
Failure Modes and Effects Analysis
40
Failure Modes and Effects Analysis
41
Failure Modes and Effects Analysis
Five Whys (to assist with recommendations)
1. Why does the cable break? (Because in-use stress
exceeds the strength of the cable).
2. Why does the in-use stress exceed the strength of the
cable? (Because the strength of the current cable
material can degrade under extreme environmental
conditions).
3. Why does the strength of the current cable material
degrade under extreme environmental conditions?
(Because the current cable material corrodes when
exposed to extreme hot and moist operating
environments).
42
Failure Modes and Effects Analysis
Five Whys
4. Why does the current cable material corrode
when exposed to extreme hot and moist
operating environments? (Because the current
material is not suitable for the most extreme
operating conditions for the all-terrain bicycle).
5. Why is the current cable material not suitable
for the most extreme operating conditions for
the all-terrain bicycle? (Because the cable
supplier selected the wrong material for the
brake cable).
43
Failure Modes and Effects Analysis
• Example: Groups again
– Coffee maker (pick two components)
ID #
Component
/Function
Failure
mode
Severity Failure
cause
Occur.
Failure
effect
Detect.
RPN
Recom
mendat
ions
44
Failure Modes and Effects Analysis
• Strengths of the technique:
– Documentation of system safety and risk-based
product/process evaluation (product liability)
– Feedback to designers of product/process
elements which influence reliability
• Weaknesses of the technique:
– Difficult to show relationship of various
product/process failure modes (FTA better at this)
45
Failure Modes and Effects Analysis
• FMEA goals (from Carl Carlson, Senior Reliability
Engineer) — FMEA should…
– Drive product design or process improvements
– Include integration and interface failure modes
– Be completed during the “window of opportunity”
where it can most effectively impact the product
or process design
– Include the right people on the FMEA team
throughout the analysis (4-8 people per team)
46
Failure Modes and Effects Analysis
• Summary
• FMEA is inductive (specific to general)
technique
• FMEA may be better pre-incident tool than
fault tree analysis
• Risk priority number (SxOxD) helps prioritize
risk mitigation (risk reduction)
47
Management Oversight and Risk
Tree (MORT); Bow Tie Analysis
Management Oversight and Risk Tree
• Introduction
• Developed in 1970 by Bill Johnson for
Department of Energy
• An early attempt to combine safety
management with safety engineering
• Typically used retrospectively…or after an
incident to identify root causes
• Very closely related to fault tree analysis…
Management Oversight and Risk Tree
• Introduction…
• MORT analyzes management policy in relation
to risk assessment and hazard analysis
• Tree is pre-developed with 1500 events
• Modern technology uses computer progams
Management Oversight and Risk Tree
• Methodology…
Management Oversight and Risk Tree
Management Oversight and Risk Tree
• Abbreviations in MORT






LTA – “less than adequate”
DN – “did not”
FT – “failed to”
HAP – “hazard analysis process”
JSA – “job safety analysis”
CS&R – “codes standards and regulations”
Management Oversight and Risk Tree
Management Oversight and Risk Tree
• Any factor or event found to be LTA is colored
red on the chart.
• Should be addressed in the incident report
with appropriate recommendations to correct
the deficiency.
Management Oversight and Risk Tree
• Any factor or event found to be adequate is
colored green on the chart.
Management Oversight and Risk Tree
• MORT chart is designed to encompass any
incident situation, therefore not all parts of
the chart may be relevant to the particular
incident that is being investigated.
• Any factor or event found to be not applicable
is color coded black (or simply crossed out) on
the chart.
Management Oversight and Risk Tree
• Blue indicates that the block has been examined,
but insufficient evidence or information is
available to evaluate the block. Suggests to
collect more data.
• Typically these are colored with a blue dot or
check mark due to the fact that they should
change color prior to completing the
investigation.
• All blue blocks should be replaced with another
color by the time the accident investigation is
complete. But this may not always be the case!
Management Oversight and Risk Tree
• Methodology continued…
• Works from an ideal and universal safety
management model
• Prevent management oversight, errors, and
omissions
Management Oversight and Risk Tree
• (MORT chart link)
Management Oversight and Risk Tree
• Advantages
– Very thorough
– Visually based
– Can be quantified
• Disadvantages
– Labor intensive
– Requires training
– Tree size can become quite large
Bow Tie Analysis
• Introduction
• Originated in the oil and gas industry around
1988 after the Piper Alpha incident (according
to some) (video link)
• Visual technique to show relationship
between causes of unintended events, likely
outcomes, and mitigation measures
Bow Tie Analysis
Bow Tie Analysis
• This analysis needs to be supported by a solid
risk assessment
• All major threats and consequences need to
be evaluated
• Threat barriers (prevention) and mitigation
barriers must be adequate – based on ALARP
Bow Tie Analysis
• Hazard – Potential source of harm to people,
assets, the environment and company
reputation
• Top Event – The incident that occurs when a
hazard is realized
• Threats – What could cause the top event to
occur?
• Consequences – What could happen if the top
event occurs?
Bow Tie Analysis
• Barrier – What directly prevents or reduces the
likelihood of a threat?
• Recovery Measure – What prevents, minimizes or
helps recovery from the consequence? (a barrier
on the consequences side)
• Escalation Factor – What could prevent the
barrier or recovery measure from working as
intended?
• Escalation Factor Control – What prevents or
minimizes the chance of barriers or recovery
measures becoming ineffective?
Bow Tie Analysis
• Bow Tie Analysis steps…
• Identify Top Event
• Identify Threats to the Top Event
– Threats are causes of the Top Event
• Identify Barriers to each Threat
– Barriers prevent the Threats from leading to the
Top Event
Bow Tie Analysis
• For each Barrier, identify Escalation Factors
and Controls
– Escalation Factors cause the Barriers to fail
– Controls prevent this failure
• Identify Consequences
– Each top event can have several Consequences
Bow Tie Analysis
• Identify Recovery Preparedness measures for
each Consequence
– Recovery Preparedness measures prevent the Top
Event leading to the Consequence
• For each Recovery Preparedness measure,
identify Escalation factors and Controls
– Escalation factors cause the Recovery
Preparedness measures to fail
– Controls prevent failure
Bow Tie Analysis
• Bow Tie analysis video link
Bow Tie Analysis
• Example: Top event: PRT not running as
scheduled (4 threats and 4 consequences with
barriers)
Bow Tie Analysis
• Advantages
– Visually based
– Easy to understand
• Disadvantages
– Requires prior risk assessment
– Can be difficult to link to quantitative techniques
Functional Safety
Functional Safety
• What is functional safety?
– Standard method for expressing the relative safety
of a system
– Some common methods include:
• SIL (Safety Integrity Level)
• PL (Performance Level)
74
Functional Safety
• ISO 12100:2010 – “Safety of machinery –
General principles for design – Risk
assessment and risk reduction”
– Basic guide for the design of machinery
– 84 page document
75
Functional Safety
• ISO 12100 definitions
• Protective measure: by designer or user to
reduce risk
• Inherently safe design measure: eliminating
hazards or reducing risks by changing design
or operating characteristics without using
guards or protective devices
76
Functional Safety
• ISO 12100 definitions (continued)
• Safeguarding: protective measure using
safeguards when inherently safe design
measures are not feasible
• Reasonably foreseeable misuse: use in a
manner not intended by designer but
predictable
77
Functional Safety
• ISO 12100 definitions (continued)
• Guard: physical barrier
– Fixed: can only be removed with tools or by
destruction
– Movable: can be moved without tools
– Adjustable: can be altered
– Interlocking: hazardous functions cannot operate
until guard is closed or stop command is
generated
78
Functional Safety
• ISO 12100 definitions (continued)
• Protective device: safeguard other than a
guard
79
Functional Safety
• Important to avoid when designing protective
measures:
– the protective measure slows down production or
interferes with another activity or preference of the
user,
– the protective measure is difficult to use,
– persons other than the operator are involved, or
– the protective measure is not recognized by the user
or not accepted as being suitable for its function.
…and do not forget maintainability of protective
measure
80
Functional Safety
• ISO 13849-1 “Safety of machinery — Safetyrelated parts of control systems”
– Guides determination of performance level
requirements for carrying out safety functions
– Example: door interlock mechanism and control
for washing machine
81
Functional Safety
82
To determine PL required…
83
Functional Safety
• PL is made up of:
– MTTFD (mean time to failure dangerous)
– DC (diagnostic coverage)
84
Functional Safety
• MTTFD can be calculated from source data
(Table C1)
– Low: 3-10 yrs
– Medium: 10-30 yrs
– High: 30-100 yrs
85
Functional Safety
• Diagnostic coverage can be calculated from
Table E1…represents % of dangerous failures
detected
86
87
Application of System Safety
Techniques
Application of System Safety
Techniques
• Application of risk assessment process to wind
turbines
• Particular issue in UK – 15% of energy demand
by 2020 must be renewable
• Health and Safety Executive (HSE) in UK
attempting to bring science to a potentially
political issue (link to report)
89
Application of System Safety
Techniques
Scope:
• Specific wind turbine investigated for sample
report is 2.3 MW size
• Looking at risk from turbine structural failure
for on-shore installations
• Multiple data sources are cited
90
91
Application of System Safety
Techniques
Hazards:
• Blade breaking off
• Fall of rotor/nacelle
• Failure of ma …
Purchase answer to see full
attachment

Are you having trouble with the above assignment or one similar?

To date, 239 students have ordered this same assignment from us and received 100% original work. We can do the same for you!

We offers 100% original papers that are written from scratch.We also have a team of editors who check each paper for plagiarism before it is sent to you.

Click this “order now” button to see free Cost Breakdown!