1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the management of accelerator components and infrastructure development for RAMS Douzi Imran Khan Seppo Virtanen TUT, Tampere, Finland. Project: 09/11 – 09/14 Douzi Imran Khan
32
Embed
1 Final Conference, 19th – 23rd January 2015 Geneva, Switzerland RP 1 Design models for the management of accelerator components and infrastructure development.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1Final Conference, 19th – 23rd January 2015Geneva, Switzerland
RP 1
Design models for the management of accelerator components and infrastructure development for
2Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Background Information
• Name: Douzi Imran Khan• Country: India• B. Tech: Industrial & Production Engineering (2007)• M. Tech: Reliability Engineering(2009), IIT Bombay, India.• EMBA from International Institute for Business Management
(IIBM).• Current Designation: Researcher and PhD student, TUT,
Finland.
Supervisor: Prof. Seppo Virtanen
Organization: Tampere University of Technology (TUT), Tampere Finland.
Douzi Imran Khan
3Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Contents
Motivation.
Research Goals vs. Results
Collaboration and Interaction
Summary.
Douzi Imran Khan
4Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Contents
• Motivation.
• Research Goals vs. Results
• Collaboration and Interaction
• Summary
Douzi Imran Khan
7Final Conference, 19th – 23rd January 2015Geneva, Switzerland
System Dependability
Reliability
Maintainability
Availability
Safety
Douzi Imran Khan
11Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Upside Risk Potential.
Availability and Safety
RISK affecting safety and availability of a facility.
Availability Safety
Risk Reduction
Risk Control
System Reliability
Risk taking
Risk
taki
ng impac
t
Douzi Imran Khan
12Final Conference, 19th – 23rd January 2015Geneva, Switzerland
System functional analysis and RAMS
Requirements
Component level RAMS analysis
System analysis, RAMS specifications and
allocation.Structure Categorization
Structure RAMS Analysis and Performance
Allocation for optimal Technical solution.
Structure RAMS Analysis: Consolidation and
justification of the RAMS performances and system-
structure architecture
Component (C)
System RAMS Results: Reports. Risk Management.
Justification of the System RAMS Performances &
Requirements
STRUCTURE (S)
SYSTEM S)
BOTTOM UP
PROCESS
TOP DOWN
PROCESS
Structure level (RAMS) Requirements
Component level (RAMS) Requirements
System RAMS Analysis: System level consolidation.
Risk Analysis.
FUNCTIONAL ANALYSIS (F)
RAMS SE process during system design and development.
Douzi Imran Khan
14Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Contents
• Motivation.
• Research Goals vs. Results
• Collaboration and Interaction
• Summary
Douzi Imran Khan
15Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Goals of the Research.
• Research and development framework for integrating efficiently RAMS in the lifecycle of an accelerator system.
• Concept for modeling FSSC causal relations and their interconnections to the facility (RAMS) performance.
• Method for the Specification and allocation of systems RAMS requirements.
• Method for the Application of RAMS design review to Probabilistic Risk Assessment (PRA) in a large scale facility.
• RAMS analysis and management using FME(C)A, Cause-Consequence logic tree (Combination of FTA and ETA), Safety and Availability analysis.
• To provide the methods for computer supported modeling and analysis of failure logic of a complex system for its RAMS characteristics.
Douzi Imran Khan
16Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Risk Analysis and Management (PRA).
Recognizing the problem. Modeling the event chains, that leads to the
identified problem. Estimating the event probabilities. Modeling the consequences followed by the
identified problem. Estimating the consequences severities. Analytical Risk calculation and Risk simulation. Risk estimation and control plans. Action planning and execution.
Douzi Imran Khan
18Final Conference, 19th – 23rd January 2015Geneva, Switzerland
RAMS engineering and Management.
Iterative design model for RAMS engineering and management.
Probabilistic Risk Assessment (PRA). Simulation, calculation and analysis of design solution to fulfill requirements set for RAMS performance.
Cause-consequence logic tree modeling.
Method for the Management of Design (RAMS) requirements.
Method for modeling Functional hierarchy (Specification and allocation of RAMS requirements and seeking out the best technical solutions).
Framework for integrating efficiently RAMS
Douzi Imran Khan
19Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Main function 1
Main function 2
Support functions 1...m
Technical System 1
Technical System 2
Technical System s
Main component 1
Specification and Allocation of a
Facilities RAMS design
requirements
Technical performance
Availability performance
Safety performance
Sub-function 1
Main function n
Sub-function2
Sub-function k-1
Sub-functions k
Structures 1...r
Seeking out and selecting design solutions
Main component 2
Main component u-1
Main component u
Sub-component 1
Sub-component 2
Sub-component u-1
Sub-component u
Func
tion
s, S
yste
ms, S
truc
ture
s an
d C
ompo
nent
s in
terc
onne
ctio
ns an
d cau
sal r
elat
ions
to th
e Fa
cilities
func
tion
s pe
rfor
man
ce
Concept of Functions, Systems,
Structures, Components (FSSC)
interconnections and causal relations to
facility performance.
Functional analysis Concept/Method for RAMS..
Douzi Imran Khan
20Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Specification of requirements for the Facilities Operational
Availability, Safety and O&M Costs (crude estimation)
Request for DMEs proposal including the 1) Specification of RAMS Performance and O&M Data that needs to be attached in the proposal, and2) Description of RAMS Analyses and Design Reviews that need to be carried out during the Facilities Design and development process
Potential DMEs SuppliersIdea Generation and
Screening
Definition of the FacilitiesProcess Objectives
MC = Maintenance CostsDMEs = Design and Manufacturing Entities associated with a facility systems, structures and components, SSCs)
What should the Facilities
achieve?
How can this be achieved?
DME proposals including the1) Specified RAMS Performance and O&M Data2) RAMS Analyses and Reviews to be carried out during the System design and development
Comparison of Proposals
Selection of the DMEs Suppliers
Preparation of Final Contracts of DMEs
Specification and Allocation of RAMS Requirements for DMEs of
the System
Possible Changes to
Yes
No
Yes
Proceed to
Facility Systems- Engineering- Component development & Procurement- Construction and Manufacturing- Assembly & Installation- Commissioning & Start-up- Operation and Maintenance- Waste management and disposal
Data & Information related to:- Market: demand, price & competition- Customer: operation profile, risk tolerance- Product Technology: state of the art - Safety and Environment - Legislation and Directives - Financial and Business - Others
Management concept of RAMS design requirements.
Douzi Imran Khan
21Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Facility“Operation
Maintenance& RiskEvent”
Data Base
Indication of causes and consequences
of the event
Estimation of the root causes’ and the gates’ (conditional) probabilitiesand the extent of damages
Selection of TOP event to be studied
Identification of Events
- Failure modes- Consequences of Failures- Causes of Failure
- Deviation of Process and Environmental conditions- Consequences of Deviation- Causes of Deviation
- Human errors- Consequences of Human errors- Causes of Human error
Definition of the action plan to mitigate the risks under acceptable level
Generated model of thecause and consequence logic
Prioritization of root causes from probability and risk reduction point of view
Calculation of probabilities and risks of the chains of causes lead to TOP and the chains of consequences initiate from the TOP
FMEA
Haz
opH
EA
Implementation and control
of the action plan
C h a i n s o f c o n s e q u e n c e s i n i t i a t e d f r o m t h e T O P - e v e n t
T O P e v e n t
E x p e r t s e s t i m a t e e x t e n t C i o f c o n s e q u e n c e i .
P r o b a b i l i t y p i i s e s t i m a t e d f o r c o n s e q u e n c e i t h r o u g h s t o c h a s t i c s i m u l a t i o n .
i
ii CpRisk
T h e r i s k f u n c t i o n w i l l a m p l i f y t h e i m p o r t a n c e o f e v e n t s w i t h l a r g e d a m a g e s > 1 .
C o n d i -t i o n A
T h e c a u s e t r e e a p p r o a c h i s a p p l i e d t o m o d e l t h e c h a i n s o f c a u s e s l e a d t o c o n d i t i o n s a n d T O P - e v e n t . I t i s p o s s i b l e t h a t t r e e s h a v e r e l a t i o n s a n d s h a r e d e v e n t s .
C o n s e q u e n c e s f r o m t h e i n i t i a t e d e v e n t , f o r e x a m p l e c o n s e q u e n c e s 1 , 2 a n d 3 f r o m T O P - e v e n t , c a n b e e i t h e r e x c l u s i v e o r i n d e p e n d e n t .
C a u s e t r e e
C a u s e t r e e
C o n s e - q u e n c e 1
C o n d i -t i o n B
C a u s e t r e e
C o n s e - q u e n c e 2
C o n d i -t i o n C
C a u s e t r e e
C o n s e - q u e n c e 3
C o n d i -t i o n E
C a u s e t r e e
C o n s e - q u e n c e 2
C o n d i -t i o n D
C a u s e t r e e
C o n s e - q u e n c e 4
C o n d i -t i o n F
C a u s e t r e e
C o n s e - q u e n c e 1 T h e r e m a y b e s e v e r a l
s e p a r a t e c h a i n s o f e v e n t s t h a t l e a d t o c o n s e q u e n c e , f o r e x a m p l e c h a i n s t o c o n s e q u e n c e s 1 a n d 2 .
Cause-Consequence logic tree modeling.
Douzi Imran Khan
25Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Gate Model.
n
G i Ii ix k I x m U p
10
The characteristics of a gate is given by the data column (k, m, p, μ, ± I1, ± I2, …, ± In)
0 ≤ p ≤ 1, μ ≥ 0,
and Ii are the ID-numbers of the inputs.
Type of gate k m p
OR 1 n 1
AND n n 1
Vouting, k/n (1≤k≤n) k n 1
Inhibit (example) n n <1
Generalized XOR (1≤k<n) k k 1
PriorityAND n n 1
Input(s) produce output when conditional event occurs
Output event occurs if all input events occur in certain order
Where, k & m are nonnegative integers,
The state of a gate (gate event) G is a random variable depending on the states of the input events:
Where U is a random number from the uniform distribution on the unit interval,
And, the truth function Φ (“statement”) equals 1 if “statement” is true, and otherwise 0.
In-Short: The logic of the gate is true with conditionalprobability p, if at least k and at most m inputs are true.
Douzi Imran Khan
26Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Gate Example.
The gate (ID4)
(k, m, p, μ, ± I1, ± I2, …, ± In)
(1, 2, 0.9, 0, 1, -2, 3)
And
X4 = [1 ≤ x1+(1-x2)+x3 ≤ 2] . Φ (U ≤0.9)
GateID = 4P = 0.9
K=1 m=2
CauseID = 1
CauseID = 2
CauseID = 3
n
G i Ii ix k I x m U p
10
NOT
Douzi Imran Khan
28Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Cause tree matrix
Douzi Imran Khan
29Final Conference, 19th – 23rd January 2015Geneva, Switzerland
MR Power outage Cause-Consequence logic.
Mobile Robot (MR) Power
outageID = 13
Facility property damageID = 22
MR hits other machinesID = 20
MR disturbing other operations
ID = 21
Human intervention not
allowedID = 16
Not capable to rechargeID = 15
Facility operation runningID = 7
MR does not have power to
moveID=17
No recharge station nearby
ID = 5
Rescue robot can not take failed MR to recharge station
ID = 14
No information where the failed
MR isID = 4
Rescue robot can not find the way to
failed MRID = 3
Rescue robot fails to place failed MR to recharge station
ID = 6
High radiation dose
ID = 8
MR electronic damage caused
by radiationID = 19
MR can not be taken out before
a weekID = 18
Economical lossID = 23
Back-up batteryconnection
failureID = 10
Back-up battery(BUB) power supply failure
ID = 11
Back-up batteryconnection
succesID = -10
Back-up battery is called
for operationID = 9
Back-up battery
is out of powerID = 12
Back-up batterypower supply
succesID = -11
Failure in main battery power
supplyID = 2
Main battery is out of power
ID = 1
Back-up battery is called
for operationID = 9
Back-up battery is called
for operationID = 9
ID k m p μ I1 I2 I3
9 1 2 1 0 1 2 0
10 1 1 0.1 1.5 9 0 0
11 2 2 0.05 0 -10 9 0
12 2 2 0.01 0 -11 9 0
13 1 1 1 0 10 11 12
14 1 2 1 0 3 4 0
15 1 3 1 0 5 14 6
16 1 2 1 0 7 8 0
17 1 1 1 0 13 0 0
18 3 3 0.6 0 17 16 15
19 1 1 1 0 18 0 0
20 1 1 0.1 0 13 0 0
21 1 1 0.5 0 20 0 0
22 1 1 0.8 0 20 0 0
23 1 3 1 0 19 21 22
Cause tree matrix
Consequence tree matrix
Douzi Imran Khan
30Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Example (Mobile Robot Power Outage).
Cause Tree for MR Power outage.
Back-up batteryconnection
failureID = 10
Back-up battery(BUB) power supply failure
ID = 11
Back-up batteryconnection
succesID = -10
Back-up battery is called
for operationID = 9
Back-up battery
is out of powerID = 12
Back-up batterypower supply
succesID = -11
Failure in main battery power
supplyID = 2
Main battery is out of power
ID = 1
Back-up battery is called
for operationID = 9
Back-up battery is called
for operationID = 9
Mobile Robot Power outage
ID = 13
Cause tree logic matrix
Douzi Imran Khan
31Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Consequence Tree from MR Power outage.Consequence tree logic matrix
Douzi Imran Khan
32Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Risk Importance measures.
0
B1
P1
P0
P B
P A 1 A
I RAW
I B
I RRW
0P1PI B Birnbaum’s importance measure
AB
BRRW PI0PPI
Risk Reduction Worth
AB
BRAW P1IP1PI
Risk Achievement Worth
B
RRW
B
AB
B
CR
P
I
P
PI
P
0P1I
Criticality importance
Importance measures to describe the correlative relation between two events.
Douzi Imran Khan
33Final Conference, 19th – 23rd January 2015Geneva, Switzerland
ID 1 2 3 4 5 6 7 8
0.05 0.01 0.20 0.50 0.80 0.50 0.95 0.95
> 1 >1 >1 >1 >1 >1 >1
ID 10 11 12 18 20 21 22
p 0.10 0.05 0.01 0.60 0.10 0.50 0.80
>1 >1 >1 >1 >1 >1 >1Gate events mean repair
time [d]
Number of one day operation simulation = 1000
Input data for
simulation
Basic events
Gate events conditional
probability
Basic events mean repair
time [d]
Probability that Basic events
come true in one day
Input data for simulation
ID 1 2 3 4 5 6 7 8
1 0 0 0 1 1 1 1 0.1320 0.00715
1 0 0 0 1 0 1 1 0.1250 0.00715
1 0 0 1 1 0 1 1 0.1180 0.00715
1 0 0 1 1 1 1 1 0.1100 0.00715
1 0 1 1 1 1 1 1 0.0390 0.00179
1 0 1 0 1 1 1 1 0.0370 0.00179
1 0 0 1 0 0 1 1 0.0350 0.00179
0 1 0 1 1 0 1 1 0.0340 0.00137
1 0 0 0 0 1 1 1 0.0320 0.00179
0 1 0 0 1 0 1 1 0.0320 0.00137
1 0 1 1 1 0 1 1 0.0280 0.00179
0 1 0 0 1 1 1 1 0.0280 0.00137
1 0 0 1 0 1 1 1 0.0250 0.00179
1 0 1 0 1 0 1 1 0.0190 0.00179
0 1 0 1 1 1 1 1 0.0180 0.0014
1 0 0 0 0 0 1 1 0.0110 0.00179
1 0 1 1 0 0 1 1 0.0100 0.00045
Probability of MR Power Outage (ID 30) occurency in
1 day mission
Probability of Economic loss (ID23) occurency in one
day mission caused by MR Power Outage 0.00584
0.00892
General probability of Combination realization
Combination probability when Economic loss caused by MR
Power Ouage is true
Com
bin
ation o
f basi
c events
lead to E
conom
ic loss
cause
d b
y
MR P
ow
er O
uage
1 2 10 11 12
0.146 0.156 0.988 0.994 0.883
ID 1 2 10 11 12
0.096 0.101 0.657 0.639 0.525
Birnbaum's importance
measureID
How strong connection selected
basic and gate events have in
occurence of MR Power outage
(ID 13)
Event
How strong connection selected
basic and gate events have in
occurence of Economic loss (ID
23) caused by MR Power
Outage
Simulation results.
Douzi Imran Khan
34Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Identification of undesirable events related to the Design:Failure mode- consequences- causeProcess deviations- consequences- causesHuman errors- consequences- causes
Identification and analysis of minimal-cut-sets related to the defined gate-events in TOP cause-consequence tree. (Note. Defined gate-event can be different than TOP-event)
Calculation of conditional probability for the combinations of root-cause-events which lead to the occurrence of the selected gate-event.
Prioritization of the root-cause-events combinations from availability risk point of view, and updating the list of events' criticality based on the availability risks.
Prioritization of the root-cause-events Combinations from safety risk point of view, and updating list of the events' criticality based on the safety risk.
Prioritization of root-cause-events from the availability and safety perspective, and updating the list of events' criticality.
Assessment of the causes' and/or mechanisms' detectability which can lead to the critical events' occurrence.
Assessment of FSSCs criticalityfrom Facility’s availability,safety and costsperspective. Prioritization, Selection and Organizing of the Design to be Reviewed.ELMAS
DatabaseFSSCs cause-consequence
logicRAMS data
Risk reduction tasks
descriptions
Assessment of the feasibility of risk reduction tasks related to the critical events’ occurrence.
Engineering and scheduling of risk reduction tasks to be performed according to the Design Change’s priority (TOP10 list)
Management of required Design Changes associated with the proposed Design solution.
FMEA
Hazop
HEA
12 3 4 5
6
810
12 13 14 15
9
Extent and frequency levels identification to the root-cause-events based on defined safety damage classification.
7
16
Work safety
Radiological safety
Fire safety
11
Estimation of RAMS data (frequencies, states’ durations, work and material costs) connected to the gate-events and the root-cause-events.
Review Availability or Safety in the Design. (Deterministic and Probabilistic approach In Failure Tolerance Analysis is applied according to state of the System Design .
Select TOP-event to be studied and connect identified cause and consequence events to it level by level and branch by branch.
Definition of the root-cause-events (according to the state of System Design) and the logic of the gates in the TOP cause-consequence tree
Calculation of importance measures for the root-cause-events associated with the most probable cut-sets.
Updating of Design review related cause-consequence logic and RAMS data of FSSCs 17
Application of RAMS Design Review to Probabilistic Risk Assessment in
a Large Scale Facility
Douzi Imran Khan
35Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Analysing System and its
RAMS requirements
Perfrom Preliminary
Safety Analysis.
Verification and Validation
of RAMS.
Perform Failure Mode Effects and
Analysis (FMEA)
Perform Cause Consequence
Analysis
Analysing RAMS Requirements
System / Functional Analysis
Analyze Maintenance Programme /
actionPerform LCC calculation of the system
Allocate RAMS
requirements to system
architecture
Perform Preliminary
Risk Analysis
Iterative Design model for RAMS engineering and management.
Douzi Imran Khan
36Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Contents
• Motivation.
• Research Goals vs. Results
• Collaboration and Interaction
• Summary
Douzi Imran Khan
37Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Collaboration and Interaction
– Host Organization. (Supervisor and Colleagues)
– Other PURESAFE ESR’s and Supevisors
– PURESAFE Coordinator and project manager.
– University Personnel.
Douzi Imran Khan
38Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Private Sector Interaction• Collaboration with Ramentor Oy, Finland and discussions on the
ELMAS ((Event Logic Modeling and Analysis Software), developed and maintained by Reliability Engineering Research Group, TUT)
• Collaboration with RELIASOFT, Taipuva Consulting Ltd, Finland and discussions on the FTA/ETA (Fault/Event Tree Analysis) FMEA (Failure Mode and Effect Analysis), and RCM (Reliability Centered Maintenance) for realtime projects.
• Collaboration with LTU(Luleå University of Technology, Sweden), BARC(Bhabha Atomic Research Center) and IIT Bombay, India for discussions on failure of physics approach and RAMS studies.
• Interaction with Posiva Oy, Pöyry Oy and STUK, for discussions/training will be on the consideration of safety issues, probabilistic risk assessment(PRA) .
Douzi Imran Khan
39Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Framework for RAMS engineering and Management
STUK.
POSIVA
PÖYRY
RAMENTOR
RELIASOFT
TAIPUVA
PURESAFE
RP projects
CERN and GSI
Radiation and Nuclear Safety
Authority, Finland. RadioActive Waste
Management Sector.
ELMAS and RELIASOFT software for
RAMS.
Prof. Seppo Virtanen &
Team
Safety management
system
Related RP projects inputs?
Douzi Imran Khan
40Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Future Work.
RAMS modeling and analysis for FAIR Super FRS remote handling systems for maintenance tasks
* RAMS study and assessment , from LHC to FCC
Douzi Imran Khan
41Final Conference, 19th – 23rd January 2015Geneva, Switzerland
Contents
• Motivation.
• Research Goals vs. Results
• Collaboration and Interaction
• Summary
Douzi Imran Khan
42Final Conference, 19th – 23rd January 2015Geneva, Switzerland
IMPACT & SUMMARY
• RAMS analysis and management done through Functional Analysis, FME(C)A, Cause-Consequence logic tree (Combination of FTA and ETA), Reliability and availability analysis technique can guarantee a reasonably good result for a Risk Analysis.
• Addition to this, a well structured RAMS modeling and management, ensures a safer facility, decreased engineering problems, reduced operation and maintenance costs and increased process up time.
• Based on experience and assisted by the modeled failure logic, it is possible to find out the problem areas, which during the design and development phase may reduce the system’s RAMS performance and delay its design and development time.
• It also helps to identify which parts of a system are likely to have the major impacts on system level failure, and also which failure modes to expect and which risks they pose to the human, infrastructure and environment.
Douzi Imran Khan
44Final Conference, 19th – 23rd January 2015Geneva, Switzerland