Event tree analysis

Shankar Raman Dhanushkodi, PhD

EVENT TREE
ANALYSIS
Event Tree analysis
• evaluates potential accident
outcomes that might result
following an equipment failure
• process upset known as an
initiating event. It is a “forward-
thinking” process,
• analyst begins with an initiating
event
• develops the following sequences
of events that describes potential
accidents
• accounting for both the successes
and failures of the safety functions
as the accident progresses.
Guidelines

1. Identify an initiating event of interest.

2. Identify the safety functions designed to

deal with the initiating event.

3. Construct the event tree.

4. Describe the resulting accident event

sequences.
Problem of
Interest
Step 1 Identify the
initiating event
system or equipment failure
human error
process upset

“Loss of Cooling Water”

to an Oxidation Reactor
Step 2
Identify the • Safety system that automatically respond to the
initiating event.
Safety
• Alarms that alert the operator when the initiating
Functions event occurs and operator actions designed to be
Designed to performed in response to alarms or required by
procedures.
Deal with
• Barriers or Containment methods that are
the Initiating intended to limit the effects of the initiating event.
Event
 Example

OXIDATION REACTOR HIGH OPERATOR REESTABLISH AUTOMATIC SHUTDOWN THESE SAFETY FUNCTIONS ARE
TEMP. ALARM ALERTS OPERATOR COOLING WATER FLOW TO THE SYSTEM STOPS REACTION AT LISTED IN THE ORDER IN WHICH
AT TEMP T1. OXIDATION REACTOR. TEMP. T2. T2 > T1 THEY ARE INTENDED TO OCCUR.
Step 3: Construct the Event Tree
a. Enter the initiating event and safety functions.

Oxidation reactor Operator Automatic

SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation reactor temperature T2
at temperature T1

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

FIRST STEP IN CONSTRUCTING EVENT TREE

Step 3: Construct the Event Tree
b. Evaluate the safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation reactor temperature T2
at temperature T1

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Success

Failure

REPRESENTATION OF THE FIRST SAFETY FUNCTION

Step 3: Construct the Event Tree
b) Evaluate the safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation reactor temperature T2
at temperature T1

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Success

If the safety function does not affect the course of the

accident, the accident path proceeds with no branch pt to
Failure the next safety function.

REPRESENTATION OF THE SECOND SAFETY FUNCTION

Step 3: b. Evaluate safety functions.
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation reactor temperature T2
at temperature T1

INITIATING EVENT:
Loss of cooling water
to oxidation reactor

Success
Completed !

Failure

COMPLETED EVENT TREE

Step 4: Describe the Accident Sequence
Oxidation reactor Operator Automatic
SAFETY high temperature reestablishes shutdown system
FUNCTION alarm alerts cooling water flow stops reaction at
operator
to oxidation reactor temperature T2
at temperature T1

B C D
A Safe condition,
return to normal
operation
AC Safe condition,
process shutdown
INITIATING EVENT:
ACD Unsafe condition,
Loss of cooling water runaway reaction,
to oxidation reactor operator aware of
A problem
AB
Unstable condition,
process shutdown
ABD Unsafe condition,
runaway reaction,
Success operator unaware
of problem

Failure

ACCIDENT SEQUENCES
 High Temp Operator Operator Operator
Safety Function: Alarm Alerts Notices Re-starts Shuts Down
Operator High Temp Cooling Reactor Result

Identifier: B C D E
Failures/Demand: 0.01 0.25 0.25 0.1
A Continue Operation
0.7425
0.99 AD Shut Down
0.2227
0.2475 ADE Runaway
A 0.02475
AB Continue Operation
1 0.005625
Initiating Event: ABD Shut Down
0.0075 0.001688
Loss of Cooling
0.001875 ABDE Runaway
1 Occurrence/yr. 0.0001875
0.01 ABC Continue Operation
0.001875
0.0025 ABCD Shut Down
0.0005625
0.000625 ABCDE Runaway
Shutdown = 0.2227 + 0.001688 + 0.005625 = 0.2250 occurrences/yr. 0.0000625
Runaway = 0.02475 + 0.0001875 + 0.0000625 = 0.02500 occurrences/yr.
Figure 11-9 Event tree for a loss of coolant accident for the reactor of Figure 11-8.
 Safety Function
0.01 Failures/Demand

Initiating Success of Safety Function

Event (1-0.01)*0.5 = 0.495 Occurrence/yr.
0.5 Occurrences/yr.

Failure of Safety Function

0.01*0.5 = 0.005 Occurrence/yr.

Figure 11-10 The computational sequence across a safety function in an

event tree.
 High Temp Operator Operator Operator Operator
Safety Function: Alarm Alerts Notices Re-starts Shuts Down Shuts Down
Operator High Temp Cooling Reactor Result
Identifier: B C D E F
Failures/Demand: 0.01 0.25 0.25 0.01 0.1
A Continue Operation
0.7425
AD Shut Down
0.99 0.2450
ADE
0.2475 0.002228 Shut Down

0.002475 ADEF
0.0002475 Runaway
A
AB Continue Operation
1 0.005625
Initiating Event: ABD Shut Down
0.00750 0.001856
Loss of Cooling
ABDE
Shut Down
1 Occurrence/yr. 0.001875 0.00001688
0.00001875 ABDEF Runaway
0.00000187
5
0.01
ABC Continue Operation
0.001875
ABCD Shut Down
0.0025 0.0006187
ABCDE
0.000625 0.00000563 Shut Down

0.00000675 ABCDEF Runaway

0.00000062
5
Shutdown = 0.2450 + 0.001856 + 0.00001688 + 0.0006187 = 0.2475 occurrences/yr.
Runaway = 0.0002475 + 0.000001875 + 0.000000625 = 0.0002500 occurrences/yr.
Figure 11-11 Event tree for the reactor of Figure 11-8. This includes a high temperature shutdown system.
Fault tree analysis

Shankar Raman Dhanushkodi, PhD

 To design systems work correctly, we
often need to understand and correct
how they can go wrong – Goldin

Introduction

Fault tree analysis

Undesired Unintended
Failure
events events
 Tools Analysis

Evaluate complex Identifies root

system causes
Tools and Identify cause for Deductive
analysis undesired event Risk assessment
Safety, Reliability, • Qualitative (cut set)
unavailability and • Probability
accident (Quantitative)
investigation
 • Visual
• Displays cause –consequence
relationship
Model • Fault event, normal event and
paths
• Probability

Description
• Structured
• Algebra, Boolean, probability and
Method reliability theory
• Follows laws of physics,
engineering and chemistry
Explanation
 top-down logical diagram

displays the interrelations between a critical

system event and its causes

Qualitative and quantitative analyses on the

About basis of a fault tree

Main elements

• TOP event → description of the critical system event

• Basic events → lowest level of identified causes
• Logic gates /OR or AND gates/
• Provides relationship between the TOP event and the
basic events
FTA:
Application
FTA coverage
 FTA
Strengths
 FTA
Misconceptions
FTA : NEEDS
When?
 Some
Examples
 Define
• problem, system, Construct the
and boundary fault tree
conditions

FTA: Steps in
fault tree Identify cut sets
Qualitative
analysis
analysis
Quantitative
analysis
Define : Problem,
system, and
boundary conditions

• Failure of three PT
• Fault tree may be converted into a
reliability block diagram and vice
verse
 Construct
the fault tree
Minimal Cut Sets
• Cut set : set of basic events
whose (simultaneous)
occurrence ensures that the
TOP event occurs
• Minimal cut set: cannot be
reduced without losing its
status as a cut set
Qualitative analysis

Analysis of minimal cut sets Common cause and dependency

analysis
Identify and verify any single points of failure? check if logical events connected by local AND-
Identify that other main contributors gates are independent
• Minimal cutsets up to order 3 seem correct Review minimal cut sets
• Check if there are dependencies and if they
must be modelled
Quantitative Analysis
• The TOP event occurs if one of the minimal
cut sets occurs
• Main challenge is
• to identify the minimal cut sets
• If all minimal cut sets were independent,
we could calculate the the probability of
the top event by