ISO 20815 - 911 - Draft - Text

© ISO 2004 — All rights reserved
ISO TC /SC N
Date: 2005-07-01
ISO/CD 20815
ISO TC /SC /WG
Secretariat: Standards Norway
Petroleum, petrochemical and natural gas industries — Production

assurance and reliability management
Élément introductif — Élément central — Élément complémentaire
Warning
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
change without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.
Document type: International Standard

Document subtype:
Document stage: (20) Preparatory
Document language: E
C:\Documents and Settings\sn-mcs\Desktop\WD 20815 2005-07-08.doc STD Version 2.1

ISO/CD 20815
Copyright notice
This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the
reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards
development process is permitted without prior permission from ISO, neither this document nor any extract
from it may be reproduced, stored or transmitted in any form for any other purpose without prior written
permission from ISO.
Requests for permission to reproduce this document for the purpose of selling it should be addressed as
shown below or to ISO's member body in the country of the requester:
[Indicate the full address, telephone number, fax number, telex number, and electronic mail address, as
appropriate, of the Copyright Manger of the ISO member body responsible for the secretariat of the TC or
SC within the framework of which the working document has been prepared.]
Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.
Violators may be prosecuted.
ii © ISO 2004 — All rights reserved

ISO/CD 20815
Contents Page
Foreword .............................................................................................................................................................v
Introduction........................................................................................................................................................vi
1 Scope ......................................................................................................................................................1
2 Normative reference..............................................................................................................................1
3 Terms, definitions and abbreviated terms ..........................................................................................1
3.1 Terms and definitions ...........................................................................................................................1
3.2 Abbreviated terms .................................................................................................................................7
4 Production assurance and decision support .....................................................................................8
4.1 Framework conditions ..........................................................................................................................8
4.2 Optimisation process............................................................................................................................8
4.3 Production assurance programme....................................................................................................10
4.3.1 Objectives ............................................................................................................................................10
4.3.2 Project risk categorisation .................................................................................................................10
4.3.3 Programme activities ..........................................................................................................................11
4.4 Alternative standards..........................................................................................................................13
5 Core production assurance processes and activities.....................................................................15
5.1 General .................................................................................................................................................15
5.2 Process 1: Reliability requirements ..................................................................................................16
5.3 Process 2: Risk and reliability in design...........................................................................................17
5.4 Process 3: Reliability assurance .......................................................................................................18
5.5 Process 4: Reliability Verification and Validation............................................................................19
5.6 Process 7: Performance tracking and analysis ...............................................................................20
5.7 Process 10: Reliability improvement and risk reduction ................................................................20
6 Interacting processes to production assurance ..............................................................................21
6.1 Introduction..........................................................................................................................................21
6.2 Process 5: Project risk management ................................................................................................21
6.3 Process 6: Reliability and qualification testing................................................................................21
6.4 Process 8: Supply chain management..............................................................................................22
6.5 Process 9: Management of change ...................................................................................................22
6.6 Process 11: Organisational learning .................................................................................................23
7 Production assurance analyses ........................................................................................................24
7.1 General requirements .........................................................................................................................24
7.2 Planning ...............................................................................................................................................24
7.2.1 Objectives ............................................................................................................................................24
7.2.2 Organisation of work...........................................................................................................................24
7.2.3 Content and scope ..............................................................................................................................25
7.3 Execution .............................................................................................................................................25
7.3.1 Technical review..................................................................................................................................25
7.3.2 Study basis ..........................................................................................................................................25
7.3.3 Model development .............................................................................................................................25
7.3.4 Input information .................................................................................................................................26
7.3.5 Analysis and assessment...................................................................................................................26
7.3.6 Reporting..............................................................................................................................................27
7.3.7 Catastrophic events ............................................................................................................................27
7.3.8 Handling of uncertainty ......................................................................................................................27
8 Reliability and performance data.......................................................................................................27
8.1 Collection of reliability data ...............................................................................................................27
8.1.1 General .................................................................................................................................................27
© ISO 2004 — All rights reserved iii

ISO/CD 20815
8.1.2 Equipment boundary and hierarchy definition................................................................................ 28

8.1.3 Data analysis ....................................................................................................................................... 28
8.2 Qualification and application of reliability data............................................................................... 28
8.3 Performance data................................................................................................................................ 29
9 Performance objectives and requirements in contracts ................................................................ 29
9.1 General................................................................................................................................................. 29
9.2 Specifying production assurance ..................................................................................................... 29
9.3 Verification of requirement fulfilment............................................................................................... 30
9.4 Co-operation between operator and supplier.................................................................................. 31
Annex A (informative) Contents of production assurance programme (PAP)........................................... 32
Annex B (informative) Outline of techniques ................................................................................................ 34
B.1 General................................................................................................................................................. 34
B.2 Failure modes and effects analysis (FMEA/FMECA)....................................................................... 34
B.3 Fault tree analysis (FTA) .................................................................................................................... 35
B.4 Reliability block diagram (RBD) ........................................................................................................ 36
B.5 Production availability analysis - simulations................................................................................. 36
B.6 Design reviews.................................................................................................................................... 36
B.7 Hazard and operability study (HAZOP) ............................................................................................ 37
B.8 Performance and operability review (POP)...................................................................................... 38
B.9 Reliability testing ................................................................................................................................ 39
B.10 Human factors..................................................................................................................................... 39
B.11 Software reliability .............................................................................................................................. 39
B.12 Common cause modelling ................................................................................................................. 40
B.13 Life data analysis ................................................................................................................................ 40
B.14 Reliability centred maintenance analysis (RCM)............................................................................. 40
B.15 Risk based inspection analysis (RBI) ............................................................................................... 41
B.16 Test interval optimisation .................................................................................................................. 41
B.17 Spare parts optimisation.................................................................................................................... 41
B.18 Methods of structural reliability analysis (SRA).............................................................................. 42
B.19 Life cycle cost analysis (LCC) ........................................................................................................... 42
B.20 Risk and emergency preparedness analysis................................................................................... 43
B.21 Novelty scoring analysis.................................................................................................................... 43
Annex C (informative) Performance measures ............................................................................................. 45
Annex D (informative) Catastrophic events................................................................................................... 53
Annex E (informative) Handling of uncertainty ............................................................................................. 55
Bibliography ..................................................................................................................................................... 57
iv © ISO 2004 — All rights reserved

ISO/CD 20815
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
ISO 20815 was prepared by Technical Committee ISO/TC 67, Materials, equipment and offshore structures
for petroleum, petrochemical and natural gas industries, WG 4 Data collection.
Annex A, B, C, D and E are for information only.
© ISO 2004 — All rights reserved v

ISO/CD 20815
Introduction
The petroleum and natural gas industries involve large investment costs as well as operational expenditures.
The profitability of these industries is dependent upon the reliability, availability and maintainability of the
systems and components that are used.
This International Standard introduces the concept Production Assurance which covers activities implemented
to achieve and maintain a performance which is at its optimum in terms of the overall economy and at the
same time consistent with applicable framework conditions.
This International Standard recommends processes and activities for production assurance with the aim to
establish the required input to select an economic optimal solution and its implementation in a life cycle
perspective.
This International Standard focuses in particular on the processes needed for management of reliability and
production availability.
vi © ISO 2004 — All rights reserved

COMMITTEE DRAFT ISO/CD 20815
Petroleum, petrochemical and natural gas industries —

Production assurnace and reliability management
1 Scope
This International Standard provides requirements and guidelines for systematic and effective planning,
execution and use of reliability technology to achieve cost-effective solutions structured around the following
main elements:
• production assurance management for optimum economy of the facility through all of its life cycle
phases, while also considering constraints arising from health, safety, environment, quality and
human factors;
• planning, execution and implementation of reliability technology;
• the application of reliability and maintenance data;
• reliability based design and operation improvement;
• establishment and use of reliability clauses in contracts.
This international standard covers analysis of reliability and maintenance of the components, systems and
operations associated with exploration drilling, exploitation, processing and transport of petroleum,
petrochemical and natural gas resources. This international standard focuses on production assurance of oil
and gas production, processing and associated activities. For standards on equipment reliability and
maintenance performance in general see IEC 60300-3-1 and the IEC60701 series.
It is also an objective of this international standard to arrive at a common understanding with respect to use of
reliability technology in the various life cycle phases.
2 Normative reference
The following referenced document is indispensable for the application of this document. For dated references,
only the edition cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
ISO 14224, Petroleum and natural gas industries - Collection and exchange of reliability and maintenance
data for equipment
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
© ISO 2004 — All rights reserved 1

ISO/CD 20815
3.1.1.
active maintenance time
that part of the maintenance time during which a maintenance action is performed on an item, either
automatically or manually, excluding logistic delays
NOTE A maintenance action may be carried out while the item is performing a required function.
[IEC 60 050-191]
3.1.2.
availability
ability of an item to be in a state to perform a required function under given conditions at a given instant of
time or over a given time interval, assuming that the required external resources are provided
[IEC 60 050-191]
3.1.3.
common cause failure
failures of different items resulting from the same direct cause, occurring within a relatively short time, where
these failures are not consequences of another
3.1.4.
corrective maintenance
maintenance which is carried out after a fault recognition and intended to put an item into a state in which it
can perform a required function
[IEC 60 050-191]
NOTE For more specific information, see Figure 191-10 "Maintenance time diagram" in IEC 60 050-191.
3.1.5.
deliverability
ratio of deliveries to planned deliveries over a specified period of time, when the effect of compensating
elements such as substitution from other producers and downstream buffer storage is included
3.1.6.
design life
planned usage time for the total system
NOTE Design life should not be confused with MTTF. The system comprises several items. Items may be allowed to
fail within the design life of the system as long as repair or replacement is feasible.
3.1.7.
down state
internal disabled state of an item characterised either by a fault, or by a possible inability to perform a required
function during preventive maintenance
NOTE This state is related to availability performance.
[IEC 60 500-191]
3.1.8.
down (time)
time interval during which an item is in a down state
[IEC 60 500-191]
NOTE The down time includes all the delays between the item failure and the restoration of its service. Down time
can be either planned or unplanned.
2 © ISO 2004 — All rights reserved

ISO/CD 20815
3.1.9.
downstream
business process most commonly in the petroleum industry to describe post production processes
NOTE Examples: Refining, transportation and marketing of petroleum products
3.1.10.
failure
termination of the ability of an item to perform a required function
NOTE 1 After failure the item has a fault.
NOTE 2 “Failure” is an event, as distinguished from “fault”, which is a state
3.1.11.
failure cause (root cause)
circumstances associated with design, manufacture, installation, use and maintenance, which have led to a
failure
[EN 13 306]
3.1.12.
failure data
data characterising the occurrence of a failure event
3.1.13.
failure mode
effect by which a failure is observed on the failed item
3.1.14.
failure rate
number of failures relative to the corresponding operational time
NOTE 1 In some cases time can be replaced by units of use. In most cases 1/MTTF can be used as the predictor for
the failure rate, i.e. the average number of failures per unit of time in the long run if the units are replaced by an identical
unit at failure.
NOTE 2 Failure rate can be based on operational time or calendar time.
3.1.15.
fault
the state of an item characterised by inability to perform a required function, excluding the inability during
preventive maintenance or other planned actions, or due to lack of external resources
NOTE A fault is often a result of a failure of the item itself, but may exist without a failure.
[IEC 60 500-191]
3.1.16.
item
any part, component, device, subsystem, functional unit, equipment or system that can be individually
considered
[IEC 60 500-191]
3.1.17.
logistic delay
that accumulated time during which maintenance cannot be carried out due to necessity to acquire
maintenance resources, excluding any administrative delay

ISO/CD 20815
[EN 13 306]
NOTE Logistic delays can be due to, for example, travelling to unattended installations, pending arrival of
spare parts, specialist, test equipment and information and delays due to unsuitable environmental conditions
(e.g. waiting on weather).
3.1.18.
lost revenue (LOSTREV)
total cost of lost or deferred production due to downtime
3.1.19.
maintainable item
item that constitutes a part, or an assembly of parts, that is normally the lowest level in the equipment
hierarchy during maintenance
3.1.20.
maintenance
combination of all technical and administrative actions, including supervisory actions, intended to retain an
item in, or restore it to, a state in which it can perform a required function
[IEC 60 500-191]
3.1.21.
maintenance data
data characterising the maintenance action planned or done
3.1.22.
maintainability (general)
ability of an item under given conditions of use, to be retained in, or restored to, a state in which it can perform
a required function, when maintenance is performed under given conditions and using stated procedures and
resources.
[IEC 60 500-191]
3.1.23.
maintenance support performance
ability of a maintenance organisation, under given conditions, to provide upon demand, the resources required
to maintain an item, under a given maintenance policy.
NOTE The given conditions are related to the item itself and to the conditions under which the item is used and
maintained.
[IEC 60 500-191]
3.1.24.
mean time between failures (MTBF)
expectation of the time between failures
NOTE The MTTF of an item could be longer or shorter than the design life of the system.
[IEC 60 500-191]
3.1.25.
mean time to failure (MTTF)
expectation of the time to failure
NOTE The MTTF of an item could be longer or shorter than the design life of the system.
[IEC 60 500-191]

ISO/CD 20815
3.1.26.
midstream
business category involving the processing, storage and transportation sectors of the petroleum industry
NOTE Examples: Transportation pipelines, terminals, Gas processing and treatment, LNG, LPG and GTL.
3.1.27.
modification
combination of all technical and administrative actions intended to change an item
[IEC 60 500-191]
3.1.28.
observation period
time period during which production performance and reliability data is recorded
3.1.29.
operating state
state when an item is performing a required function
[IEC 60 500-191]
3.1.30.
operating time
time interval during which an item is in operating state
[IEC 60 500-191]
NOTE Operating time includes actual operation of the equipment or the equipment being available for
performing its required function on demand.
3.1.31.
performance objectives
indicative level for the performance/reliability one wishes to achieve
NOTE Objectives are expressed in qualitative or quantitative terms. Objectives are not absolute requirements and
may be deviated based on cost or technical constraints.
3.1.32.
performance requirements
required minimum level for the performance/reliability of a system or in a asset development project
NOTE Requirements are normally quantitative but may be qualitative.
3.1.33.
petrochemicals
business category producing petrochemical, i.e. chemicals derived from petroleum and used as feedstock for
the manufacture of a variety of plastics and other related products.
NOTE Examples: Methanol, Polypropylene.
3.1.34.
preventive maintenance
maintenance carried out at predetermined intervals or according to prescribed criteria, and intended to reduce
the probability of failure or the degradation of the functioning of an item
[IEC 60 500-191]

ISO/CD 20815
3.1.35.
production assurance analysis
systematic evaluations and calculations carried out to assess the production performance of a system
NOTE The term should be used primarily for analysis of total systems, but may also be used for analysis of
production unavailability of a part of the total system.
3.1.36.
production assurance
activities implemented to achieve and maintain a performance which is at its optimum in terms of the overall
economy and at the same time consistent with applicable framework conditions
3.1.37.
production availability
ratio of production to planned production, or any other reference level, over a specified period of time
NOTE 1 This measure is used in connection with analysis of delimited systems without compensating elements such
as substitution from other producers and downstream buffer storage. Battery limits need to be defined in each case.
NOTE 2 The term injection availability may be used meaning the ratio of injection volume to planned injection
volume.
3.1.38.
production performance
describes how a system is capable of meeting demand for deliveries or performance
NOTE 1 Production availability, deliverability or other appropriate measures can be used to express production
performance.
NOTE 2 The use of production performance terms should specify whether it represents a predicted or historic
production performance.
3.1.39.
redundancy
existence of more than one means for performing a required function of an item
3.1.40.
reliability
ability of an item to perform a required function under given conditions for a given time interval.
NOTE The term reliability is also used as a measure of reliability performance and may also be defined as a
probability.
[IEC 60 500-191]
3.1.41.
reliability data
data for reliability, maintainability and maintenance support performance
3.1.42.
required function
function, or combination of functions, of an item which is considered necessary to provide a given service
[IEC 60 500-191]
3.1.43.
up state
state of an item characterised by the fact it can perform a required function, assuming that the external
resources, if required, are provided

ISO/CD 20815
NOTE This relates to availability performance
[IEC 60 500-191]
3.1.44.
upstream
business category of the petroleum industry involving exploration and production
NOTE Examples: Offshore oil/gas production facility, drilling rig, intervention vessel
3.1.45.
uptime
time interval during which an item is in the up state
[IEC 60 500-191]
3.1.46.
variability
variations in performance measures for different time periods under defined framework conditions
NOTE The variations could be a result of the downtime pattern for equipment and systems, operating factors such as
wind, waves and access to certain repair resources.
3.2 Abbreviated terms
For the purpose of this document, the following abbreviated terms apply.
CAPEX capital expenditures

ESD emergency shut down
FMEA failure modes and effects analysis
FMECA failure modes, effects and criticality analysis
FTA fault tree analysis
GTL gas to liquid
HAZID Hazard identification
HAZOP hazard and operability study
ILS integrated logistic support
LCC life cycle cost
LNG liquefied natural gas
LOSTREV lost revenue
LPG liquefied petroleum gases
MTTF mean time to failure
MTTR mean time to repair
NPV net present value
OPEX operational expenditure
OREDA offshore reliability data
PAP production assurance programme
POP performance and operability review
RBD reliability block diagram
RBI risk based inspection
RCM reliability centred maintenance
RISKEX risk expenditure
SRA structural reliability analysis
QA quality assurance

ISO/CD 20815
4 Production assurance and decision support
4.1 Framework conditions
The objective associated with systematic production assurance is to contribute to the alignment of design and
operational decisions with corporate and business objectives.
In order to fulfil this objective, technical and operational means as indicated in Figure 1 may be used during
design or operation to change the performance level. Production assurance shall include surveillance of
project activities and decisions which may have an undesired effect on the performance.
Choice of technology
Technical measures
Redundancy at system level

Redundancy at equipment or component level
Functional dependencies
Capacities
Instrumentation/automation philosophy
Reduced complexity
Material selection
Selection of make
Man-machine interface
Ergonomic design
Protection from the environment
Operational measures
Reliability testing
Self-diagnosis
Buffer and standby storage
Bypass
Flaring
Utilisation of design margins
Spare parts
Maintenance strategy
Maintenance support
Figure 1 - important measures for control of production performance
4.2 Optimisation process
The main principle for optimisation of design or selection between alternative solutions is economic
optimisation within given constraints and framework conditions. The achievement of high performance is of
limited importance unless the associated costs are considered. This International Standard should therefore
be considered together with ISO 15663, part 1 to 3.
Examples of constraints and framework conditions which will affect the optimisation process are:
• requirements to design or operation given in authority regulations;

• requirements given in standards;
• requirements to health, safety and environment;

ISO/CD 20815
• requirements to safety equipment resulting from the risk analysis and the overall safety acceptance
criteria;
• project constraints such as budget, realisation time, national and international agreements;
• conditions in the sales contracts;
• requirements to market performance.
The optimisation process is illustrated in Figure 2. The first step is to identify alternative solutions. Then these
shall be checked with respect to the constraints and framework conditions that apply. The appropriate
production assurance parameters are predicted and the preferred solution is identified based on an
economical evaluation/analysis such as a NPV analysis or another optimisation criterion. The process can be
applied as an iteration process where the selected alternative is further refined and alternative solutions
identified. Sensitivity analyses should be performed to take account of uncertainty in important input
parameters. The execution of the optimisation process requires the production assurance and reliability
function to be addressed by qualified team members.
Start:
Identified alternative solutions
Technically feasible? No
Yes
Modify solution
Compliance with acts,

No
rules and regulations?
Constraints
Yes
Yes
Can the solution be

modified?
HSE acceptable? No
No
Yes
Discard alternative
Acceptable with project solution
No
constraints?
Yes
Have all alternative

No solutions been
assessed?
Yes
Reliability/ Performance evaluation/predictions of

maintenance data acceptable solutions
input
End:
Economical evaluations
Cost data input Select alternative
Figure 2— Optimisation process

ISO/CD 20815
4.3 Production assurance programme
4.3.1 Objectives
A production assurance programme (PAP) shall serve as a management tool in the process of achieving
performance objectives by cost-effective means and shall be a living document through the various life cycle
phases. A PAP shall be established for each asset development project and updated at major milestones as
required as well as being established for existing fields in operation. The PAP shall:
• ensure systematic planning of production assurance/reliability work within the scope of the
programme;
• define optimisation criteria;
• define performance objectives and requirements, if any;
• describe the production assurance activities necessary to fulfil the objectives, how they will be carried
out, by whom and when. These shall be further outlined in separate production assurance or reliability
activity plans;
• ensure that proper consideration is given to interfaces of production assurance and reliability with
other activities.
The PAP shall be at a level of detail which facilitates easy updating and overall co-ordination.
4.3.2 Project risk categorisation
The level of effort to invest in a production assurance program to meet the business objectives needs to be
defined for each life cycle phase. In practice the production assurance effort required will be closely related to
the level of technical risk in a project. It is therefore recommended that one of the first tasks to be performed is
a high level categorization of the technical risks in a project. This will enable project managers to make an
initial general assessment of the level of investment in reliability resources that may have to be made in a
project.
The project risk categorisation will typically vary from one company to another depending on a number of
factors such as financial situation, risk attitude, etc. Hence, company specific risk categorisation schemes
should be established. However, to provide some guidance on the process, a simple risk categorisation
scheme is outlined below.
Projects are classified into three risk classes:
• high risk
• medium risk
• low risk
The features that describe the three risk classes are further outlined in Table 4.3-1. There will typically be a
gradual transition between the three risk categories. Hence a certain degree of individual assessment will be
required. However, the justification for the selected risk category for a project should be included in the
production assurance plan issued in the feasibility or concept phase.
The project risk categorisation (high, medium and low) is further applied in Table 4.3-2 (see 4.3.3) to indicate
what processes should be performed for the different project categories.

ISO/CD 20815
Table 4.3-1: Project risk categorisation

Technology Operating Technical Organisationa Risk Description
envelope system scale l scale and category
and complexity
complexity
Mature Typical Small scale, low Small and Low Low budget, low risk project
technology operating complexity, consistent using field proven equipment in
conditions minimal change of organisation, low same configuration and same
system complexity team with similar operating
configuration condition as previous projects
Mature Typical Moderate scale Small to medium Low-Medium Low to moderate risk project
technology operating and complexity organisation, using field proven equipment in
conditions moderate similar operating envelope to
complexity previous projects but with some
system and organisational
complexity
Non mature Extended/aggres Large scale, high Large organisation, Medium-High Moderate to high risk project
technology for sive operating complexity high complexity using either non mature
extended environment equipment or with extended
operating operating conditions. Project
environment involves large, complex systems
and management organisations
Novel High High risk project using new/novel

technology technology in a new or different
system architecture
4.3.3 Programme activities
Production assurance activities can be carried out in all phases of the life cycle of facilities to provide input to
decisions regarding concept, design, manufacturing, construction, installation, operation and maintenance.
Activities shall be initiated only if they are considered to contribute to added value in the project by improving
quality of information to support decision making, or reduce economic or technological risk.
The production assurance activities to be carried out shall be defined in view of the actual needs, available
personnel resources, budget framework, interfaces, milestones and access to data and general information.
This is necessary to reach a sound balance between the cost and benefit of the activity.
Compliance to this International Standard is limited to the tabulated processes and activities in clause 4 and
clause 5.
If the processes and activities listed in clause 4 and clause 5 can be demonstrated to be non value adding for
a specific delivery project, they can omitted.
Production assurance shall be a continuous activity throughout all life cycle phases. Important tasks of
production assurance are to monitor the overall performance level, manage reliability of critical components
and continuous identification of the need for production assurance activities. A further objective of production
assurance is to contribute with technical or operational recommendations.
The processes and activities listed in clause 4 and clause 5 shall be focused on the main technical risks items
initially identified through a top-down screening process. A criticality classification activity should assist in
identifying performance critical systems that should be subject to more detailed analysis and follow-up.
This is to avoid reliability activities that are redundant, non value adding or too extensive.

ISO/CD 20815
The emphasis of the production assurance activities will change for the various life cycle phases. Early
activities should focus on optimisation of the overall configuration while attention to critical detail will increase
in later phases.
In the feasibility and concept phases, the field layout configuration with the preferred NPV distribution shall be
identified. This also includes defining the degree of redundancy (fault tolerance), overcapacity and flexibility,
on a system level. This requires establishing the CAPEX, OPEX, LOSTREV, RISKEX (cost or benefit of other
risk) and revenue for each alternative.
These functions are in turn fed back into the operators NPV tools, for evaluation of profitability and selection of
the alternative that best fits with the attitude towards risk. Optimal production availability for field layouts
requires that overemphasis on CAPEX is avoided, and this is recommended to be achieved through long term
partnering of both suppliers and operators and suppliers and sub-suppliers. Such long term relationships will
ensure mutual confidence and maturing of the technology together. Early direct intervention of the above
parties, with focus on the overall revenue in a life cycle perspective is advised. This means e.g. implementing
the resulting recommendations as specifications in the Invitations to Tender.
An overview of the production assurance processes are given in Table 4.3-2, while activity requirements for
the processes are given in clause 5. The table provide recommendations (indicated by crosses – “x”) on what
processes should be performed as function of the project risk categorisation. The table also provides
recommendations (indicated by crosses – “x”) as to when the processes should be applied (in what life cycle
phase).
Process 1 (reliability requirements) can be used to illustrate the interpretation of the table. This process, which
is further described in clause 5, should be implemented for medium and high risk projects, and performed in
the feasibility, concept design, engineering and procurement life cycle phases.
The life cycle phases indicated in Table 4.3-2 apply for a typical asset development project. If the phases in a
specific project differ from those below, the activities should be defined and applied as appropriate.
Major modifications may be considered as a project with phases similar to those of an asset development
project. The requirements to production assurance activities as given for the relevant life cycle phases will
apply

ISO/CD 20815
Table 4.3-2— Overview of production assurance processes versus risk levels and life cycle phases
Life Cycle Phase
Pre
Production assurance processes for asset development
contract Post contract award
award
Feasability
Conceptual Design
Engineering
Procurement
Fabrication/Construction/Testing
Installation and Com missioning
Operation
Medium Risk Projects
High Risk Projects
Low Risk Projects
a
Main Processes
x x 1. Reliability Requirements x x x x
x x 2. Risk and Reliability in Design x x x
x x x 3. Reliability Assurance x x x x x x x
x x x 4. Reliability Verification and Validation x x x
x x x 5. Project Risk Management x x x x x x x
x x 6. Reliability and Qualification Testing x x x x
x x x 7. Performance Tracking and Analysis x x
x x 8. Supply Chain Management x
x x x 9. Management of Change x x x x x x
x x 10. Reliability Improvement and Risk Reduction x x x x x
x x x 11. Organisational learning x x x x x x x
a
Including pre-engineering, system engineering and detailed engineering
4.4 Alternative standards
Compliance to this International Standard for delivery projects can be achieved by following the listed
processes and activities in clause. 4 and clause 5.
There are a number of national and international standards and guidelines that support and direct the
implementation of production assurance and reliability activities in projects.
The table below show main production assurance and reliability processes described within this International
Standard links to some of these standards. Work processes carried out in accordance with these standards
will be considered to also satisfy the requirements for relevant processes in this International Standard.
However compliance to this International Standard is limited to the listed processes and activities in clause 4,
5 and 1, i.e. the alternative standards are not normative for this international standard.
The list of standards below is non exhaustive. Other standards may also cover specific requirements in this
International Standard. If alternative standards are referred for compliance to specific requirements, it will be
the responsibility of the user to demonstrate such compliance.
Please note that ISO 14224 compliance is listed as a normative reference, hence not included in the below
table.

ISO/CD 20815
Table 4.4-1 - Alternative standards
1. Reliability Requirements
Design
2. Risk and Reliability in
3. Reliability Assurance
Validation
4. Reliability Verification and
5. Project Risk Management
Testing
6. Reliability and Qualification
Analysis
7. Performance Tracking and
8. Supply Chain Management
9. Management of Change
and Risk Reduction

10. Reliability Improvement
11. Organisational learning

Standard
IEC 60300-1: “Dependability management X

Part 1: Dependability management systems”
IEC 60300-2: Dependability management X X

Part 2: Guidelines for dependability
management
IEC 60300-3-2: “Dependability management X

Part 3-2: Application guide Collection of
dependability data from the field”
IEC 60300-3-4: “Dependability Management X

- Part 3: Application Guide - Section 4:
Guide to the Specification of Dependability
Requirements”
IEC 60300-3-9: “Dependability Management X X

- Part 3: Application Guide - Section 9: Risk
Analysis of Technological Systems”
IEC 60300-3-10: “Dependability X

Management-Part 3-10: Application Guide–
Maintainability”
IEC 60300-3-14: “Dependability X

management - Part 3-14: Application guide -
Maintenance and maintenance support”
API 17N: “Reliability & technical risk X X X X X X X X X X X

management”
DNV-RP-A203: “Qualification procedures for X

new technology”

ISO/CD 20815
5 Core production assurance processes and activities
5.1 General
The following clauses give requirements to the core production assurance and reliability processes and
activities that should be carried out, as part of a production assurance program, in the various life cycle
phases of a typical asset development project.
Other projects than asset developments, e.g. drilling units, transportation networks, major modifications, etc.
will have phases that more or less coincides with those described in the following. The activities to be carried
out may, however, differ from those described.
Hence, the production assurance program should be adapted for each part involved to ensure that it fulfils the
business needs.
In addition to the production assurance processes and activities described in this chapter, a number of
interacting processes are described in clause 1. These processes are normally outside the responsibility of
the production assurance discipline, but information flow to and from these processes will be required to
ensure that production performance and reliability requirements can be fulfilled.
Below illustrates what processes are defined as core production assurance processes and what are
considered interacting processes. Details regarding objectives, input, output and activities for each of the
processes are further described in clause 5.2 to 6.6 and in clause 1.
Input from all 5. Project risk

core processes management
7
In
pu
s
es
tf
oc
ro
pr
m
m
pr
ro
oc
tf
es
1. Reliability
pu
s
In
requirements
6. Reliability
11. Organi- 10. Reliability 2. Risk &
&
sational improvement reliability in
qualification
learning & risk design
testing
reduction
Core production
assurance
processes
7.
Performance 3. Reliability
tracking and assurance
analysis
I np
4. Reliability
ut
ss
verification
ce
fro
pro
m
and validation
pr o
m
f ro
ce
s
ut
s1
I np
9. 8. Supply
Management chain
of change management
Interacting
Processes
Figure 3: Core and interacting production assurance processes

ISO/CD 20815
5.2 Process 1: Reliability requirements
Unnecessary limitations in the form of unfounded performance requirements shall be avoided to prevent that
alternatives which could have been favourable in respect of overall economy are rejected during the
optimisation process.
Optimal production availability in the oil and gas business requires a standardized integrated reliability
approach, as this chapter provides for asset development.
This is an economic optimisation problem, with defined framework conditions and constraints. This
optimisation problem involves both production assurance and interfacing processes.
The constraints from other disciplines as outlined in Figure 2 shall be considered together with relevant
performance measures (see Annex C) in the optimisation process.
In the feasibility and concept phases, the asset configuration with the preferred NPV distribution shall be
identified. This also includes the degree of redundancy (fault tolerance), overcapacity and flexibility, on a
system level. This requires establishing the CAPEX, OPEX, LOSTREV (production unavailability), RISKEX
(cost or benefit of other risk) and revenue for each alternative. These functions are in turn fed back into the
operators NPV tools, for evaluation of profitability and selection of the alternative that best fits with the attitude
towards risk. Optimal production availability for field layouts requires that the present overemphasis on
CAPEX is avoided, and this is recommended to be achieved through long term partnering of both suppliers
and operators and suppliers and sub-suppliers. Such long term relationships will ensure mutual confidence
and maturing of the technology together. Early direct intervention of the above parties, with focus on the
overall revenue in a life cycle perspective is advised. This means e.g. implementing the resulting
recommendations as specifications in the Invitations to Tender.
Table 5.2-1: Description of production assurance process 1 - Reliability requirements

Life cycle phase
Feasibility phase Concept phase Engineering Procurement
Objective Provide partial decision Provide partial decision support Allocate the production Ensure that the relevant
support for selecting an for selecting an asset assurance requirements manufacturers at each
asset development plan, configuration, e.g. from the concept phase level of the supply chain
e.g. - Number and type of wells and to the subsystems, as understand what
-Topside or subsea solution manifolds required. reliability is required,
and which reliability
- Capacity, pressure rating - Number of pumps in a pumping standards to comply
and pumping requirements station with.
for a pipeline system - Number of compressors in a
- Process plant process plant
development solution
Input Alternative asset The selected asset development Output from the concept Output from the
development plans. plan, with the estimated phase. engineering phase.
Activity: Production production availability formulated
availability analysis as a system requirement in the
(Process 2) Invitation to Tender.
Estimate the production Alternative field layout
availability for the field configurations.
layouts specified as input Process: 2 Risk and Reliability
on a system level in Design
Activities: Planning, Activity: C Production
reporting and follow up availability Analysis
(Process 3) of the Estimate the production
requirements availability for the field
configurations specified as input
on a system level
Process: 3 Reliability
Assurance
Activities: H Planning, I
reporting and J follow up the
requirements

ISO/CD 20815
Life cycle phase

Feasibility phase Concept phase Engineering Procurement
Production Identify additional Initiate estimation of the Define and allocate the Ensure that the
Assurance constraints. production availability for the production assurance reliability requirements
Activities Initiate estimation of the asset layouts. requirements to the are included in the
production availability for These estimates are aggregated subsystems, as tender documents,
the asset layouts specified from each main supplier’s scope required. through interfacing with
as input on a system level of supply, as defined by the This definition is based the procurement
asset development. on the production organisation.
availability estimation in
process 2.
Output Input to estimation of the Production availability estimates Subsystem production Subsystem reliability
production availability for the options specified as input, availability requirements requirements, including
Production availability allocated according to each main for the selected option, which reliability
estimates for the options supplier’s scope of supply. as required. standards to comply
specified as input. This includes the with.
Estimated production applied subsystem
availability for each option, reliability input data
to be formulated as a (average downtime and
system requirement for the failure frequencies).
option to be selected.
5.3 Process 2: Risk and reliability in design
Optimal technical safety and reliability must be designed into new projects, and integrated into the design
process through all the design phases. In traditional design processes, technical safety and reliability aspects
are generally not considered until some verification of equipment or components is required. This is usually
too late in the system design process to obtain an optimal design. Hence, there is a need for early design for
reliability to support the project development.
The objective is to define a process that can be used to integrate reliability considerations into the design
process, and thus representing a pro-active approach.
The feasibility and concept phase reliability activities shall focus on optimisation of overall configuration and
identification of the critical subsystems, while attention in detail for the critical subsystems will increase in the
engineering phase.
Table 5.3-1: Description of production assurance process 2 - Risk and reliability in design
Life cycle phase
Feasibility phase Concept phase Engineering phase
Objective Provide partial decision support Provide partial decision support for Provide partial detailed design
for selecting an asset selecting an asset configuration, e.g. decision support.
development plan, e.g. - Number and type of wells and
- Topside or subsea solution manifolds
- Capacity, pressure rating and - Number of pumps in a pumping station
pumping requirements for a - Number of compressors in a process
pipeline system plant
-Process plant development
solution
Input Alternative asset development The selected asset development plan, Selected field layout configuration
plans with the estimated production availability Alternative design solutions, as they
Process: 3 Reliability formulated as a system requirement in arise in the design process.
Assurance, Activities: H the Invitation to Tender.
Process: 3 Reliability Assurance,
Planning Alternative field layout configurations. Activities: I reporting and J follow
Process: 3 Reliability Assurance, up the requirements
Activities: I reporting and J follow up
the requirements

ISO/CD 20815
Life cycle phase

Feasibility phase Concept phase Engineering phase
Production C Production Availability C Production Availability Analysis C Production Availability Analysis
assurance Analysis The purpose of production availability The purpose of production availability
Activities The purpose of production analysis in this phase is to contribute to analysis in this phase is mainly to
availability analysis in this phase optimise the field layout configuration. verify compliance to requirements,
is to contribute to optimise the The production availability for 2-3 since most of the decisions
asset development plan. alternative layout configuration options influencing those are already made.
The production availability for shall be established. Identify such However, recommendations for spare
alternative asset development options, by varying the parameters parts shall be established.
plans should be established. below. B Equipment Reliability Analysis
The parameters below are - Fault tolerance, i.e. redundancy The purpose of the equipment
guidance to establish such. - Proven versus novel solutions reliability analysis is to screen the
- Fault tolerance, i.e. redundancy delivery project to identify the critical
- Simplicity, e.g. minimise the amount of parts, and then study such in more
- Proven versus novel solutions required connections, which are potential detail to identify possible
- Flexibility, e.g. possibility for sources of failures. improvements.
alternative routings, - Overcapacity, e.g. in a degraded mode - Equipment quality, e.g. material
reconfigurations and future of operation, the system will still partially selection
expansions or fully fulfil the design intent
- Maintainability, e.g. minimize the - Flexibility, e.g. possibility for alternative
amount of downtime required for routings, reconfigurations and future
maintenance expansions
B Equipment Reliability - Maintainability, e.g. minimize the
Analysis amount of downtime required for
The purpose of the equipment maintenance
reliability analysis is to screen the B Equipment Reliability Analysis
delivery project to identify the The purpose of the equipment reliability
critical parts, and then study such analysis is to screen the delivery project
in more detail to identify possible to identify the critical parts, and then
improvements. study such in more detail to identify
possible improvements.
Output Production availability estimates Production availability estimates for the Production availability estimates for
for the options specified as input. options specified as input. the options specified as input.
Process: 3 Reliability Process: 3 Reliability Assurance, Process: 3 Reliability Assurance,
Assurance, Activities: I reporting Activities: I reporting and J follow up the Activities: I reporting and J follow up
and J follow up the requirements. requirements. the requirements.
5.4 Process 3: Reliability assurance
This process is relevant for all life cycle phases and relates to management of the production assurance
process and demonstration that the production performance and reliability requirements are adhered to. The
main production assurance management tool shall be the production assurance plan (PAP). Further
requirements to the PAP are described in 4.3.
Table 5.4-1: Description of production assurance process 3 - Reliability assurance

Life cycle phase
All phases
Objective Planning; reporting and follow up of the production assurance activities to manage and demonstrate production
assurance.
Input The project plan is required in order to schedule the production assurance activities before the decisions are made,
and after the required background is established.
Reliability Process 5: Project Risk Management, Activity: L The risk register
The Process 1 Reliability requirements
1. Constraints, if required
2. Requirements for production availability on a system level

ISO/CD 20815
Life cycle phase
All phases
Production Reliability assurance (management and demonstration) comprises planning; reporting and follow up of the production
assurance assurance activities and shall be performed for all the project phases.
Activities
Planning of the production assurance process
A Production Assurance Programme (PAP) shall be established and updated for a delivery project. The required
content of this is the Production assurance performance objectives, Organisation and responsibilities and Activity
schedule, ref. annex A. The core of the production assurance program defines the required activities to comply with
the constraints (see figure 3) and the production availability objective. I.e. this activity requires scheduling of the
tabulated production assurance activities for the relevant risk level and project phases. The reliability activities shall
be performed in a timely manner to support decisions before they are made.
The required documentation of the production assurance includes:
1. Production Assurance Programme (PAP) and the activities listed therein. Only the status and reference to
documentation for the scheduled PAP activities is updated in PAP updates in later project phases.
1.1. Document the fulfilment of the reliability requirements. The reliability activities shall be reported to enable
the decision makers to visit the background for the given advices.
1.2. Include references to documentary evidence of fulfilment of the reliability requirements according to 1, 2
and 3 in the PAP.
2. Reference to the risk register. All mitigating actions arising from the reliability program shall be transferred to the
risk register for follow up and close out.
3. Document a statement of compliance of the reliability requirement in 1, 2 and 3.
Follow up of the production assurance process
A follow up system for the production assurance shall be applied to ensure progress of the PAP activities and the
actions from this that are transferred into a risk register.
Output • The asset development production assurance program shall be issued by operator in conceptual design phase.
• The assurance program for each main supplier’s scope of work shall be issued in the engineering phase, and
updated prior to operation.
• Process: 5 Project Risk Management, Activity: L The risk register - Close out of the risk register prior to
operation. It is optional to include this in the PAP.
• Document a statement of compliance of the reliability requirement in 1, 2 and 3. It is optional to include this in
the PAP.
5.5 Process 4: Reliability Verification and Validation
The main objective of this process is to ensure that the implemented reliability performance is in compliance
with the requirements in the production assurance plan. The production assurance verification and validation
process has an important interface towards the design review and other technical verification activities in the
sense that production assurance aspects should be addressed in the review. However, the design review
process itself is normally the responsibility of engineering departments.
Table 5.5-1: Description of production assurance process 4 - Reliability verification and validation
Life cycle phase
Phase 1, 2 and 3 (Installation and Commissioning, and Operation is covered in Process 7)
Objective To ensure that the implemented reliability performance is in compliance with the requirements in the PAP.
Input Reliability process 3 Reliability Assurance, Activity H Planning: The timing of the Reliability Verification and Validation
process is given in the reliability activity and process tables.
Activity: I Reporting (Documentation of the complete production assurance.)
Reliability process 5: Project Risk Management, Activity: L Risk register

ISO/CD 20815
Life cycle phase

Phase 1, 2 and 3 (Installation and Commissioning, and Operation is covered in Process 7)
Production The reliability verification comprises document control and design review. The essence of the document control is to
assurance check that the assumptions, selected methods, input data, results and recommendations are reasonable.
Activities The reliability validation comprises a final check of the implemented reliability performance versus the requirements
in the PAP. The essence of the validation is to check that all the activities scheduled in the PAP are completed, and
that all entries in the risk register are closed out.
ISO 9000 series compliance is regarded as equal fulfilment of this activity.
Output PAP updates including ref. to the closed out activities and actions in the risk register.
5.6 Process 7: Performance tracking and analysis
This process covers the complementary parts of process 4 (Reliability verification and validation) in the sense
that it represents the “verification” and “validation” of the production assurance performance in operation.
Table 5.6-1: : Description of production assurance process 7 - Performance tracing and analysis
Life cycle phase
Installation and commissioning Operation
Objective Prepare for collection and analysis of performance data. Collect and analyse operational performance data to
identify potential improvement potentials and to improve
the data basis for future production assurance and
reliability management activities.
Input • System descriptions from the engineering phase • Inventory models
• Performance records (e.g. from maintenance
management systems)
Production Prior to the operation phase, equipment inventory models During operation, performance data should be collected
assurance should be established to enable start of performance continuously or at predetermined intervals. Analysis of
Activities tracking (data collection) and analysis. Reference is made the collected data should be undertaken regularly to
to ISO 14224 for performance data tracking and analysis identify reliability improvement and risk reduction
requirements. potentials.
Furthermore, collection of performance data related to the
installation process itself should be considered to identify
potentials for future installation performance improvements
Link to None defined Process 10 – Reliability improvement and risk reduction
other
activities
Output • Inventory models • Operational performance data
• Installation performance data • Input to reliability improvement processes
5.7 Process 10: Reliability improvement and risk reduction
Systematic identification of potentials for reliability improvement and risk reduction should be performed in all
life cycle phases, except the feasibility and procure phase where this process is considered less relevant.
Identification of improvement potentials should be based on observed in-service performance data and
analyses.
Table 5.7-1: Description of production assurance process 10 - Reliability improvement and risk
reduction
Life cycle phase
All (except feasibility & procurement)
Objective The objective of this process is twofold:
1. Identify the need for improved system reliability performance or reduced risk is a project to ensure that performance
goals are not compromised
2. Based on tracking and analysis of performance data, identify and communicate potentials for improved equipment or
system reliability or risk reduction to the system or equipment manufacturers.

ISO/CD 20815
Life cycle phase

All (except feasibility & procurement)
Input • Performance data
• Reliability analysis results
• Production availability results
• Risk identification results
Production The specific production assurance and reliability management activities related to this process is performed within other
assurance processes as listed in the table row below. Hence, the only additional activity which should be performed for this
Activities process is related to communicate potential reliability improvement or risk reduction requirements or proposals to the
right instance.
Link to • Risk and reliability in design activities
other
• Reliability assurance
activities
• Project risk management
• Performance tracking and analysis
Output • Reliability improvement or risk reduction proposals
6 Interacting processes to production assurance
6.1 Introduction
The interacting processes described in this chapter are not included in the responsibility of the production
assurance discipline. However, the interacting processes are required in order to achieve the required
production assurance performance.
6.2 Process 5: Project risk management
All mitigating actions arising from the production assurance program shall be linked to or transferred to the risk
register for follow up and close out, in order to have only one register for all kinds of risks. This transferral is
the responsibility of the production assurance discipline.
The risk register and the PAP are the information carriers and the decision tools with regard to risk.
Table 6.2-1: Description of interacting process 5 - Project risk management

Life cycle phase
All phases
Objective The objective of project risk management is to ensure that all risk elements that could jeopardise a successful
execution and completion of the project are identified and controlled/mitigated in a timely manner.
Input Transferred action items from all the production assurance processes.
Activities Follow up and close out of all actions transferred from the production assurance processes
Output Risk register
6.3 Process 6: Reliability and qualification testing
The objective of this testing versus production assurance is to ensure that acceptable robustness against
dominating failure modes for critical technology items is demonstrated through the qualification test program.
Table 6.3-1: Description of interacting process 6 - Reliability and qualification testing

Life cycle phase
Conceptual design Engineering Procurement and fabrication
Objective Identify the technology items requiring Ensure that acceptable robustness Ensure that acceptable robustness
qualification testing by novelty scoring. against dominating failure modes against dominating failure modes
for critical technology items is for critical technology items is
demonstrated through the demonstrated through the

ISO/CD 20815
Life cycle phase
Conceptual design Engineering Procurement and fabrication
qualification test program. qualification test program.
Input Scope of supply Activity: B Equipment Reliability Activity: B Equipment Reliability

Analysis and C Production Analysis and C Production
Design Basis availability analysis. availability analysis.
The reliability processes shall The reliability processes shall

identify the relevant failure modes identify the relevant failure modes
for the technology items to be for the technology items to be
tested and communicate this to tested and communicate this to
the engineering organisation the engineering organisation
through the risk register, which is through the risk register, which is
responsible for establishing the responsible for establishing the
test program. test program.
Activities Identifying the technology items requiring Establish Qualification procedures Establish Qualification procedures
qualification testing
Perform testing Perform testing
Establish Qualification test reports Establish Qualification test reports
Output Listing of technology items requiring The engineering organisation The engineering organisation
qualification testing. should communicate the test should communicate the test
results to the production results to the production
assurance discipline, with respect assurance discipline, with respect
to the relevant failure modes. to the relevant failure modes.
6.4 Process 8: Supply chain management
The main purpose of this interacting process is to ensure that manufacturers at each level of the supply chain
understand what reliability is required and take appropriate actions to increase the probability that the
specified reliability can be achieved
Table 6.4-1: Description of interacting process 8 – Supply chain management

Life cycle phase
Procurement
Objective Ensure that manufacturers at each level of the supply chain understand what reliability is required and take appropriate
actions to increase the probability that the specified reliability can be achieved
Input Reliability requirements from the production assurance discipline.
Activities Ensure that production assurance requirements (e.g. reliability requirements) flow down into the supply chain.
Output Distributed reliability requirements for the supply chain
6.5 Process 9: Management of change
The engineering discipline is responsible for technical changes.

ISO/CD 20815
The objective of the management of change process versus the production assurance is to ensure that no
changes compromise the reliability performance requirements. The consequence of this is that a risk
assessment versus the production assurance is required.
The impact of changes should be qualitatively assessed as part of project risk management to determine the
level of effort required to analyse the impact. The outcome of this assessment may typically be:
• No activities, for changes with minor risk impact versus the production assurance
• Design review, for changes with medium risk impact versus the production assurance
• Equipment reliability- and/or production availability analysis, for changes with high risk impact versus
the production assurance
The assessment of the impact on the production assurance from the changes should normally be an
integrated part of the design review. Hence, the design review form should include a production assurance
checkpoint (e.g. the impact on production availability from the change.).
However, if the risk of compromising the production assurance is deemed high, the Equipment reliability-
and/or production availability analysis should be updated/initiated.
Table 6.5-1: Description of interacting process 9 – Management of change

Life cycle phase
All life cycle phases (except Feasibility)
Objective To ensure that no changes compromise the reliability performance requirements.

Input • Reliability requirements
• Description of the change
Activities Process 2 – Risk and reliability in design

• Design reviews
Link to • Supply chain management

other • Interface management
activities
• Quality assurance and control
Output • Input to or update of the risk register
• Performance impact assessments resulting from changes
• Initiate the Equipment reliability- and/or production availability analysis
6.6 Process 11: Organisational learning
The purpose of the interacting process “organisation learning” in a production assurance perspective should
be to communicate lessons learnt related to reliability and production performance from previous asset
development projects to reduce the likelihood that product and process failure of the past in not repeated. The
process is considered relevant for all life cycle phases.
Table 6.6-1: Description of production assurance process 11 - Organisational learning

Life cycle phase
All life cycle phases
Objective To ensure that product and process failures of the past is not repeated.
Input • Lessons learnt during projects
• Performance data

ISO/CD 20815
Life cycle phase

All life cycle phases
Production The responsibility of the production assurance and reliability management function in projects is to participate in lessons
assurance learnt reviews and other relevant experience transfer reviews. Furthermore, relevant lessons learnt in one project
Activities should be transferred into future projects.
Link to • Reliability assurance
other
• Project risk management
activities
Output Input to:
• Lessons learnt reviews
• Risk register
7 Production assurance analyses
7.1 General requirements
Production assurance analyses shall be planned, executed, used and updated in a controlled and organised
manner according to plans outlined in the PAP.
Production assurance analyses shall provide a basis for decisions concerning choice of solutions and
measures to achieve an optimum economy within the given constraints. This implies that the analysis shall be
performed at a point in time when sufficient details are available to provide sustainable results. However,
results shall be presented in time for input to the decision process.
Production assurance analyses shall be consistent and assumptions and reliability data traceable. Analysis
tools and calculation models are under constant development, and only data, models and computer codes
accepted by the involved parties shall be used.
Requirements given in this section apply to production assurance analyses of complete installations, but will
also apply to reliability and availability analyses of components/systems with obvious modifications.
7.2 Planning
7.2.1 Objectives
The objectives of the analyses shall be clearly stated prior to any analysis. Preferably objectives can be stated
in a production assurance activity plan as a part of the PAP structure. Objectives can be to
• identify operational conditions or equipment units critical to production assurance;
• predict production availability, deliverability, availability, reliability, etc;
• compare alternatives with respect to different production assurance aspects;
• identify technical and operational measures for performance improvement;
• enable selection of facilities, systems, equipment, configuration and capacities based on LCC
methodology;
• provide input to other activities such as risk analyses or maintenance and spare parts planning;
• verify production assurance objectives or requirements.
7.2.2 Organisation of work
A working group shall be set up for conducting the analysis. This group shall have knowledge of methods
used in production assurance analysis and should be acquainted with the system to be assessed. The

ISO/CD 20815
working group may be supplemented with experts who have detailed knowledge of the system or operation in
question, or of other disciplinary fields. Since production assurance analysis is a multi-disciplinary activity,
close co-operation with other relevant disciplines is mandatory.
7.2.3 Content and scope
The system to be analysed shall be defined, with necessary boundaries towards its surroundings. An analysis
of a complete production chain may cover reservoir delivery, wells, process and utilities, product storage, re-
injection, export and tanker shuttling.
Operating modes to be included in the analysis shall be defined. Examples of relevant operating modes are
start-up, normal operation, operation with partial load and run-down. Depending on the objective of the
analysis it may also be relevant to consider testing, maintenance and emergency situations. The operating
phase or period of time to be analysed shall also be defined.
The performance measures to be predicted shall be defined. In production availability and deliverability
predictions, a reference level shall be selected which will provide the desired basis for decision-making. It
shall also be decided whether to include the production performance effect from revision shutdowns as well as
those catastrophic events normally identified and assessed with respect to safety in risk analyses.
The analysis methodology to be used shall be decided on the basis of study objectives and the performance
measures to be predicted.
7.3 Execution
7.3.1 Technical review
A review of available technical documentation shall be performed as the initial activity, as well as establishing
liaison with relevant disciplines. Site visits may be performed and is recommended in some cases.
7.3.2 Study basis
The documentation of study basis has two main parts; system description and reliability data.
The system description shall describe, or refer to documentation of, all technical and operational aspects that
are considered to influence on the results of the production assurance analysis and that are required to
identify the system subject to the analysis. Such information may relate to production profiles or equipment
capacities.
Reliability data shall be documented. A reference to the data source shall be included. Engineering or expert
judgement can be referred to, but historically based data estimation shall be used if this can be accomplished.
Regarding collection and use of reliability data, reference is made to ch clause 6.
The basis for quantification of reliability input data shall be readily available statistics and system/component
reliability data, results from studies of similar systems or expert/engineering judgement. REGOP sessions can
be used to predict plant specific downtimes. In the analysis the approach taken for reliability data selection
and qualification shall be specified and agreed upon by the involved parties. Reference is also made to 6.2.
7.3.3 Model development
Model development includes the following activities:
• functional breakdown of the system;
• evaluation of the consequence of failure, maintenance, etc. for the various subparts;
• evaluation of events to be included in the model including common cause failures;

ISO/CD 20815
• evaluation of the effect of compensating measures if relevant;
• model development and documentation.
7.3.4 Input information
Check list of production assurance analysis information required to undertake analysis (e.g. design basis,
P&ID, PFD, O&M strategies, reliability data, maintainability data, equipment criticality information, C&E
matrices, production profiles, etc).
7.3.5 Analysis and assessment
7.3.5.1 Performance measures
To evaluate the performance of the analysis object, different performance measures can be used. Production
availability and deliverability (whenever relevant) are the most frequently used measures. Depending on the
objectives of the production assurance analysis, the project phase and the framework conditions for the
project, the following additional performance measures can be used:
• the proportion of time production (delivery) is above demand (demand availability);
• the proportion of time production (delivery) is above zero (on-stream availability);
• number of times the production (delivery) is below demand;
• number of times the production (delivery) is below a specified level for a certain period of time;
• number of days with a certain production loss;
• resource consumption for repairs;
• availability of systems/subsystems.
As predictor for the performance measure, the expected (mean) value should be used. The uncertainty related
to this prediction shall be discussed and if possible quantified. See 7.3.8
Annex D provides a guide on the elements to be included in the performance measure for predictions and for
historical performance reporting.
7.3.5.2 Sensitivity analyses
Sensitivity analyses should be considered in order to evaluate the effect on results from issues such as
alternative assumptions, variations in failure and repair data or alternative system configurations.
7.3.5.3 Importance measures
In addition to the performance measure, a list of critical elements (equipment, systems, operational conditions)
shall be established. This list will assist in identifying systems/equipment that should be considered for
production assurance and reliability improvement.
For conventional reliability analysis methods such as FTA, relevant reliability importance measures as found
in literature can be used.
When production availability or deliverability is predicted, importance measures can be defined by the
contribution to production unavailability from each item/event. In order to take account of the effects of
compensating measures, it may be required to establish the criticality list based on successive sensitivity
analyses where the contribution from each event is set to zero.

ISO/CD 20815
7.3.6 Reporting
The various steps in the analysis as described above shall be reported. All assumptions shall be reported.
The appropriate performance measures shall be reported for all alternatives and sensitivities.
Recommendations identified in the analysis shall be reported. A production assurance management system
shall be used to follow-up and decide upon recommendations. Recommendations may concern design issues
or further production assurance analyses/assessments. In the latter case the interaction with the PAP is
evident. Furthermore recommendations may be categorised as relating to technical, procedural,
organisational or personnel issues. Recommendations may also be categorised as whether they affect the
frequency or the consequence of failures/events.
7.3.7 Catastrophic events
Some serious, infrequent events will cause long-term shutdown of production. These events are classified as
catastrophic, and shall be distinguished from the more frequent events which are considered in analyses of
production availability and deliverability. The expected value contribution from a catastrophic event is normally
a rather small quantity, which is an unrepresentative contribution to the production loss. If the catastrophic
event occurs, the actual loss would be large and this could mean a dramatic reduction in the production
availability or deliverability.
The consequences for production as a result of accidents in production and transportation systems are
normally considered in the risk analysis. The results from the risk analysis may be included in the production
assurance analysis report in order to show all production loss contributors.
Additional guidance is given in Annex D.
7.3.8 Handling of uncertainty
The uncertainty related to the value of the predicted performance measure shall be discussed and if possible
quantified. The quantification may have the form of the uncertainty distribution being the basis for the
expected value of the performance measure, or a measure of the spread of this distribution (e.g. standard
deviation, prediction interval).
The main factors causing variability (and hence uncertainty in the predictions) in the performance measure
shall be identified and discussed. Also factors contributing to uncertainty as a result of the way system
performance is modelled, shall be covered.
Importance and sensitivity analyses may be carried out to describe the sensitivity of the input data used and
the assumptions made.
Additional guidance is given in Annex E.
8 Reliability and performance data
8.1 Collection of reliability data
8.1.1 General
Systematic collection and treatment of operational experience is considered an investment and means for
improvement of production and safety critical equipment and operations. The purpose of establishing and
maintaining databases is to provide feedback to assist in
• product design;
• current product improvement;

ISO/CD 20815
• establishing and calibrating maintenance programme and spare parts programme;
• condition based maintenance;
• identifying contributing factors to production unavailability;
• improving confidence in predictions used for decision support.
8.1.2 Equipment boundary and hierarchy definition
Clear boundary description is imperative, and a strict hierarchy system shall be applied.
Boundaries and equipment hierarchy shall be defined according to ISO 14224. Major data categories are
defined as follows:
• installation part: Description of installation from which reliability data are collected;
• inventory part: Technical description plus operating and environmental conditions;
• failure part: Failure event information such as failure mode, severity, failure cause, etc;
• maintenance part: Corrective maintenance information associated with failure events, and planned
or executed preventive maintenance event information.
8.1.3 Data analysis
To predict the time to failure (or repair) of an item, a probability model shall be determined. The type of model
depends on the purpose of the analysis. An exponential lifetime distribution may be appropriate. If a trend is to
be reflected, a model allowing time-dependent failure rate shall be used.
The establishment of a failure (or repair) time model shall be based on the collected reliability data, using
standard statistical methods.
8.2 Qualification and application of reliability data
The establishment of correct and relevant reliability data (i.e. failure and associated repair/downtime data)
requires a data qualification process which involves conscious attention to original source of data,
interpretation of any available statistics and estimation method for analysis usage. Selection of data shall be
based on the following principles:
• data should originate from the same type of equipment;
• data should originate from equipment using similar technology;
• data should if possible originate from identical equipment models;
• data should originate from periods of stable operation, although first year start-up problems
should be given due consideration;
• data should if possible originate from equipment which has been exposed to comparable
operating and maintenance conditions;
• the basis for the data used should be sufficiently extensive;
• the amount of inventories and failure events used to estimate or predict reliability parameters
should be sufficiently large to avoid bias resulting from 'outliers';

ISO/CD 20815
• the repair and downtime data should reflect site specific conditions;
• the equipment boundary for originating data source and analysis element should match as far as
possible. Study assumptions should otherwise be given;
• population data (e.g. operating time, observation period) should be indicated to reflect statistical
significance (uncertainty related to estimates and predictions) and "technology window";
• data sources shall be quoted.
Data from event databases (e.g. OREDA database) provide relevant basis for meeting the requirements
above. In case of scarce data, proper engineering judgement is needed and sensitivity analysis of input data
should be done.
Reliability data management and co-ordination are needed to ensure reliability data collection for selected
equipment and consistent use of reliability data in the various analyses.
8.3 Performance data
Production performance at facility/installation level shall be reported in a way that enables systematic
production assurance to be carried out. The type of installation and operation will determine the format and
structure of performance reporting. Annex C outlines type of events to be covered for a production facility.
Relationship between facility performance data and critical equipment reliability data is needed. Assessment
of actual performance shall be carried out by installation operator on a periodic basis, in order to identify
specific trends and issues requiring follow-up. Main contributors to performance loss and areas for
improvement can be identified. In this context, reliability techniques can be used for decision-support and
calibration of performance predictions. Comparisons to earlier performance predictions should be done,
thereby gaining experience and provide feedback to future and/or other similar performance predictions.
9 Performance objectives and requirements in contracts
9.1 General
The following clauses give requirements to the specification of production assurance objectives and
requirements. The specification of production assurance objectives and requirements can be considered for
system design, engineering and purchase of equipment as well as operation in defined life cycle periods.
In this respect also IEC 60300-3-4, Part 3, Section 4, [7] should be considered.
9.2 Specifying production assurance
The purpose of specifying production assurance is to ensure proper handling of safety and production
assurance aspects and to minimise economic risk. The cost of design, production and verification of the
system with a specified level of reliability or production assurance shall be considered prior to stating such
production assurance requirements.
Quantitative or qualitative objectives/requirements can be specified. Requirements should be realistic and

should be compatible with the technological state of the art. It shall be stated whether the specification is an
objective or an requirement.
When specifying production assurance requirements it is important to state the following:
• limitations and boundaries;
• application of the system;

ISO/CD 20815
• definition of a fault;
• definition of the period of time for which the production assurance requirements applies (e.g. from first
oil and to the end of design life)
• operating conditions and strategies;
• environmental conditions;
• maintenance conditions and strategies;
• methods intended to be applied for the verification of compliance with the production assurance
requirements;
• If numerical production assurance requirements are specified, the corresponding confidence levels
should be specified.
• definition of non-conformance to the requirement;
• how non-conformance shall be handled.
Quantitative requirements may be expressed based on performance measures such as:
• production availability;
• system availability;
• Survival probability or Minimum Failure Free Operating Period
• time to failure;
• time to repair;
• spare parts mobilisation times;
Qualitative requirements may be expressed in terms of any of the following:
• design criteria for the product;
• system configuration;
• inherent safety (acceptable consequence of a failure);
• production assurance activities to be performed.
9.3 Verification of requirement fulfilment
The method of verification of requirement fulfilment shall be stated. Verification can be by
• field or laboratory testing;
• documented relevant field experience;
• analysis;
• field performance evaluation after delivery;

ISO/CD 20815
Data for calculation shall be based on recognised sources of data, results obtained from operational
experience on similar equipment in the field or from laboratory tests. The reliability data shall be agreed
between the supplier and the customer.
9.4 Co-operation between operator and supplier
In order to reduce the number of failures and downtime of products and systems, it is necessary for suppliers
and operators to co-operate during all phases of the product/project life cycle. It should be specified that the
operator acknowledge the responsibility to monitor performance and reliability in use and exchange field
experience with their suppliers.

ISO/CD 20815
Annex A
(informative)
Contents of production assurance programme (PAP)
A PAP should cover the topics given by the following standard table of contents:
Title:
Production assurance programme (PAP) for “installation/facility/system/operation” (to be specified)
1. Introduction
1.1 Purpose and scope
1.2 System boundaries and life cycle status
1.3 Revision control
Note: Major changes since last update to be given
1.4 Distribution
Note: Depending on the content, all or parts of the PAP are distributed to parties defined.
2. Production assurance philosophy and performance objectives
2.1 Description of overall optimisation criteria
2.2 Definition of performance objectives and requirements
Note: Relevant reference to regularity targets, objectives and requirements in contract documents. Separate
documents may further specify the targets, objectives and requirements. Reference is made to the loss
categories and battery limits to define what is included and what is excluded in the targets.
Note: This section should cover both corporate/company/project specific and regulatory/authority requirements.
2.3 Definition of performance measures
3. Organisation and responsibilities
3.1 Description of organisation and responsibilities
Note: Focusing on production performance and LCC, internal and external communication, responsibilities given
to managers and key personnel, functions, disciplines, sub-projects, contractors, suppliers.
3.2 Action management
Note: A description of the action management system should be included, defining how recommendations and
actions are communicated, evaluated and implemented.
3.3 Verification and validation functions
Note: Specify planned 3rd party verification activities related to production assurance/reliability (if any).

ISO/CD 20815
4. Activity schedule
4.1 Activity/life cycle phase - main overview
Note: A table similar to Table 1 can be included to indicate past and future production assurance, reliability and
LCC activities.
4.2 Production assurance/reliability activities
Note: Production assurance activities that are planned to be carried out shall be listed with a schedule which
refers to main project milestones and interfacing activities. The specific production assurance or reliability
activity plans may exist as stand-alone documents which can be quoted.
Note: The relationship between the various activities should be clearly stated in the programme (input/output
relationship, timing etc.)
5. References
Note: References to key project documentation.

ISO/CD 20815
Annex B
(informative)
Outline of techniques
B.1 General
Reliability and availability analyses are systematic evaluations and calculations which are carried out to
assess the performance of a system. The system may, for example, be a production or transportation system,
a compression train, a pump, a process shutdown system or a valve. Production assurance analyses are part
of a production assurance programme. The term “production assurance analysis” should be used for analysis
of a total facility (e.g., offshore production system). The following can be used as a guide:
• production assurance analysis of installation(s), or operations;
• availability analysis of important systems;
• reliability and availability analysis of equipment/component;
Some relevant analysis methods and techniques are described briefly below. Reference is made to reliability
analysis textbooks or referenced standards in the text for more detailed descriptions.
B.2 Failure modes and effects analysis (FMEA/FMECA)
Analysis Failure Mode and Effect Analysis (FMEA) / Failure Mode, Effect, and Criticality
description Analysis (FMECA)
A FMEA is a technique for establishing the effects of potential failure modes within a
system. The analysis can be performed at any level of assembly. This may be done
with a criticality analysis, in which case it is called a FMECA. The latter is a
quantitative analysis, where you need failure probability and consequence data to
asses the criticality of each failure mode.
Objective of FMECA is a systematic methodology to increase the inherent reliability of a system

analysis or product. It is an iterative process of identifying failure modes, assessing their
probabilities of occurrence and their effects on the system, isolating the causes, and
determining corrective actions or preventive measures. When the analysis is done
from a functional standpoint it is usually performed at a plant or unit level, whereas if
the focus is on the hardware it usually descends down to the maintainable item level;
depending on the focus the amount of data required is different (see next tables for
details),
While it is most often used in the early stages of the design process to improve the
inherent reliability, the technique is equally useful in addressing system safety,
availability, maintainability, or logistics support
Ref. to existing MIL-STD-1629 A – Military Standards: Procedures for performing a Failure Mode,
Standards Effects, and Criticality Analysis
IEC 60812 (1987-05) – Analysis techniques for system reliability – Procedure for
Failure and Effects Analysis (FMEA)

ISO/CD 20815
Overall need for The analysis is an inductive process in which individual failures are generalized into
info potential failure modes, The structured method consists of the following steps:
System definition (both from functional and hardware standpoints)
Identification of failure modes (it must include the operational and environmental
conditions present when failure occurs)
Determination of cause (understanding of failure mechanism, and identification of

the lowest level in hierarchy affected)
Assessment of effect (in terms of system performance, reliability, maintainability and

safety)
Identification of detection means (to verify that suitable detection means exist for all
critical failure modes)
Classifications of severity (to assign priorities to corrective actions; typically 3 or 4

levels)
Estimation of probability of occurrence (based on experience or public data bases)
Computation of criticality index (it combines the probability of occurrence and the
severity of the failure)
Determination of corrective action (by eliminating the cause of the failure, decreasing
their probability of occurrence, or reducing the severity of the failure)
B.3 Fault tree analysis (FTA)
Analysis Fault Tree Analysis (FTA)

description
This is a graphical top-down method used to analyse system reliability / availability
Objective of The objectives are rather numerous, e.g.:

analysis
- build in a systematic a graphic which represent the combinations of the individual
components failures which lead to the whole system failure and doing so that, obtain
the Boolean equation linking the undesirable event (at the whole system level) to the
failure of he individual components;
- analyse qualitatively the reliability/availability of the system by finding and sort the
combinations of basic failures leading to the undesirable event, These combinations
of failures are the so-called "minimal cut sets" (coherent FT) or "prime impliquants"
(non coherent FT);
- analyse semi-quantitatively the reliability/availability of the system by sorting its

minimal cut sets (or prime impliquant) by decreasing probabilities;
- calculate the probability of failure (unreliability / unavailability) of the whole system;
- evaluate various importance factors in order to assess the impact of the failures of
the individual components;
- evaluate the impact of the individual input uncertainties over the result(s);

ISO/CD 20815
Ref. to existing IEC 61025 (1990-10) Fault Tree Analysis

Standards
Overall need for Basically a fault tree represents a boolean formula which is used to calculate the
info probability of the corresponding overall event from the individual probabilities of the
basic events appearing in the formula, Therefore the inputs used are pure probability
of failures which must be evaluated from the reliability parameters of the related
components :
- probability of failure upon demand (γ)
- failure rates (λ) - Repair rates (µ)
- test interval (τ) - test efficiency - human error – etc.
FTA is also a very good support for performing common cause failure analyses,
sensitivity analyses and uncertainty analyses
The fault tree can also be used in combination with cause-consequence diagram
(CCD) to analyse underlying causes of the event failure
B.4 Reliability block diagram (RBD)
Analysis The application of Reliability block diagram (RBD) will be the same as for Fault Tree
description Analyses (FTA). In principle RBD can be used for predictions of production
availability for a complete plant. A limitation is that partial failure of the system is not
easily handled.
Objective of The purpose of the RBD technique is to represent failure and success criteria
analysis graphically and to use the resulting logic diagram to evaluate system reliability
performance.
Ref. to existing IEC 61078 Reliability Block Diagram

Standards
Overall need for - failure rates (λ)

info
B.5 Production availability analysis - simulations

Monte-Carlo simulation is a technique in which the failures and repairs of a system are simulated by the use of
random number generators which draw from a probability distribution. Before performing a Monte-Carlo
simulation the reliability structure and the logic of the system being analysed has first to be modelled by a flow
network/RBD or other techniques.
Monte-Carlo simulation is well suited for production availability prediction of a production facility. It can be
used to model a variety of situations including complex failure and repair distributions, the effects of different
repair policies, redundancy, operational aspects, etc.
B.6 Design reviews

Formal design reviews are normally carried out for many systems in the course of a development project.
Special regularity design reviews should be considered, or regularity aspects should be included in other
design reviews. Maintainability aspects may for example be included in working environment design reviews.

ISO/CD 20815
Design reviews should be performed by a group of persons from relevant disciplines. The design review
should be performed with the systematic application of guide words or check lists.
Design reviews can focus on aspects influencing regularity such as
• general quality of products;
• product specifications;
• design margins/safety margins affecting reliability of equipment;
• system configuration/redundancy;
• operational conditions;
• maintenance philosophy;
• maintenance procedures;
• maintainability/access/modularisation;
• working environment for maintenance activities;
• required skills for maintenance personnel;
• spare parts availability;
• tools required;
• safety;
• product experience.
Ref. to existing standards:
• IEC 61160; Formal design review
B.7 Hazard and operability study (HAZOP)

The purpose of HAZOP studies is to identify hazards in process plants and to identify operational problems
and provide essential input to process design. Being useful from a regularity point of view, the HAZOPs may
also be used to identify safe alternative ways of operating the plant in an abnormal situation to avoid shutdown.
HAZOPs may be used on systems as well as operations. Used on operations, such as maintenance or
intervention activity, findings from the HAZOP may provide input to regularity analyses.
• IEC 61882; Hazard and operability studies (HAZOP studies)
• ISO 17776; Guidelines on tools and techniques for hazard identification and risk assessment

ISO/CD 20815
B.8 Performance and operability review (POP)

POP denotes a thorough review of failure and downtime scenarios in the production system to be analysed.
The objectives with the review may be to
• evaluate how failures in the system are identified and which consequences the various failure
modes imply;
• estimate the downtime related to preparation for repair and start-up of production (focus on
process related conditions that may affect these issues); this shall be seen in conjunction with
reliability data qualification and suggested estimates which can be assessed in a POP exercise;
• evaluate preliminary reliability data for a production availability model.
The total downtime related to restoration of a failed item consists of several phases. These are:
• pre-repair phase (e.g., troubleshooting, isolation, depressurisation, gas freeing, mechanical pre-
work);
• active repair time (typically called MTTR);
• post repair phase (e.g., mechanical post-work, start-up).
A POP group is established consisting of regularity analysts and disciplines like process operation and
maintenance. During POP sessions, failure scenarios of each sub-part or stage of the model are evaluated
through a systematic review. Total downtime estimates are established by achieving time estimates for all
downtime phases.
An illustration of downtime associated with a failure event is shown in Figure B.1.
Performance
Failure
Uptime Downtime Uptime
Run- Mobilisation of Active repair Preparation Ramp-up Time

down resources and spares for production
Preparation for repair Start-up
Figure B.1 — Illustration of downtime associated with a failure event

ISO/CD 20815
B.9 Reliability testing

Several types of reliability testing can be performed in order to predict reliability of components.
In accordance with BS 5760, Part 2 [6], tests may include
• reliability growth testing;
• development reliability demonstration testing;
• environmental stress screening, including burn-in, during production;
• production reliability assurance testing;
• in service reliability demonstration.
It should be noted that reliability testing is not applicable for most components, sub-systems and systems in
the petroleum, petrochemical and natural gas industries. Accelerated life time testing involves overstressing in
terms of environmental and operational conditions, which provokes different or alternative failure modes and
degradation mechanisms compared to normal operating conditions. I.e. it has proved extremely challenging to
reproduce normal lifetime degradation from accelerated life time testing.
B.10 Human factors

Interfaces between the product, systems, equipment (including its operations and maintenance
documentation) and its operation and maintenance personnel should be analysed to identify the potential for,
and the effects of, human errors in terms of product fault modes. Particular attention should be given to the
following:
• the analysis of the product to ensure that the human interface, and related human tasks, are
identified;
• the evaluation of potential human mistakes at the interface during operation and maintenance,
their causes and consequences;
• the initiation of product and/or procedure modifications to reduce the possibility of mistakes and
their consequences.
Reference to relevant literature:
• Alarm systems, a guide to design, management and procurement; Engineering Equipment &
Materials Users Association (EEMUA) Publication No 191.
• Process plant control desks utilizing human-computer interface: a guide to design, operational
and human interface issues; Engineering Equipment & Materials Users Association (EEMUA)
Publication 201: 2002
B.11 Software reliability

Software systems are likely to contain faults due to human error in design and development, and these faults
can give rise to failures during operation. The improved reliability of hardware components, and of electronic
components in particular, can reduce the contribution of hardware unreliability to system failure. Hence
systematic failures due to software faults may frequently become the predominant cause of failure in
programmable systems.

ISO/CD 20815
In analysing a system containing software components, the block diagram technique, FME(C)A, and FTA can
all be applied to take account of the effects of software failure on system behaviour. This is useful for
detecting software components that are critical to the function of the system. For these methods to be applied
quantitatively, the reliability of the software components has to be measured.
Note that software systems are special in the manner faults occur, as listed below:
• the faults are latent within the software from the start and are hidden;
• all software which is identical have the same faults;
• once a fault is detected and successfully repaired, it will not occur again;
• extensive testing will eliminate many software faults;
• software shall be developed, designed, tested and used with the same kind of hardware. (i.e.,
change of hardware may activate latent faults within the software).
B.12 Common cause modelling

The classical formulae used to calculate system reliability from component reliability assume that the failures
are independent. Some common cause failures can occur that lead to system performance degradation or
failure through simultaneous deficiency in several system components due to internal or external causes.
External causes can include human or environmental problems while internal causes are generally associated
with hardware.
Regularity predictions should include an evaluation of common cause failures.
B.13 Life data analysis

Life data analysis is used to analyse life data (failure data) to fit the data to a particular distribution. It is then
possible to use the known characteristics of the distribution to gain a more complete understanding of the
failure behaviour of the item. One or more of the many available distributions may be suitable to model a
particular data set.
NOTE The choice of the most appropriate distribution usually requires prior knowledge of the failure regime that is
expected to apply).
B.14 Reliability centred maintenance analysis (RCM)

In a RCM analysis which has the purpose to establish the (preventive) maintenance programme in a
systematic way, the following steps are normally covered:
• functionality analysis – definition of the main functions of the system/equipment;
• criticality analysis – definition of the failure modes of the equipment and their frequency FMECA may
be used to a larger or minor degree;
• identification of failure causes and mechanism for the critical fault modes;
• definition of type of maintenance based on criticality of the failure, the failure probability, the
maintenance cost, etc.
The RCM process shall be updated throughout the life cycle for necessary revision of the maintenance
programme, also using relevant field experience data as well as verifying criticality assessment.

ISO/CD 20815
Valid production assurance analysis information used in early project phases should be fed into the RCM
process when appropriate, to enable consistency and interaction between the two studies. Co-ordination of
reliability data utilised in the two studies shall be ensured. Similarly, the ‘living’ RCM study information should
be consulted when production assurance and reliability analyses are updated during operational stages.
B.15 Risk based inspection analysis (RBI)

RBI is a methodology which aims at establishing an inspection programme based on the aspects of probability
and consequence of a failure. The methodology combines production assurance and risk analysis work and is
typically applied for static process equipment (e.g., piping, pressure vessels and valve bodies). The failure
mode of concern is normally loss of containment.
Interactions between RBI, RCM, production assurance, availability and risk analyses are important to ensure
consistency in relevant failure rates and associated downtime pattern for equipment covered in these
analyses. Experiences of RBI undertaken in the operating phases may also be utilised in connection with
production assurance analysis of design alternatives in the planning stages as well as in early maintenance
planning.
B.16 Test interval optimisation

In order to comply with acceptance criteria and/or more specific requirements for (e.g., safety systems) testing
at certain intervals are necessary. Based on a system analysis, the test interval for both components and the
system in general may be optimised with respect to the specified acceptance criteria/requirement and cost of
testing. The component condition after testing (i.e., good-as-new or bad-as-old) should be clearly stated.
Frequent testing will normally lead to a high safety availability when the test coverage is adequate (by test
coverage is meant the relevance of the tests (i.e., the likelihood of revealing a hidden functional failure during
a test). Testing may, however, be expensive and may also in specific cases deteriorate the system (e.g.,
pressure testing of valves) and even introduce additional failures to the system. The test interval should be
optimised based on an iterative process where the overall system acceptance criteria and costs are among
the optimisation criteria.
B.17 Spare parts optimisation
Analysis Spare part optimisation is based on operational research and selected reliability
description methods and may be analytical, or use Monte-Carlo simulations. The optimisation
process aims at balancing the cost of holding spare parts against the probability and
cost of spare part shortage.
Objective of Optimize spare parts storage in terms of:

analysis
• initial quantity of spare parts
• reorder point
• replenishment quantity
• stock allocation (nominal)
Ref. to existing IEC 60300-3-12

standards
IEC 60706-4

ISO/CD 20815
Overall need for The following data are needed:

info
• demand rates, unit prices and criticality for defined spare parts
• work breakdown structure (configuration)
• turn around times, repair fractions, lead times
• supply links, transportation times, storage and re-supply costs
B.18 Methods of structural reliability analysis (SRA)

The methods of SRA represent a tool for calculating system probabilities where “system failure” is formulated
by means of the so-called limit state function and of a set of random variables called the basic variables. The
basic variables represent causal mechanisms related to load and strength that can give rise to the “system
failure” event. The limit function is based on physical models. Methods of SRA are used to calculate the
probability, and to study the sensitivity of the failure probability to variations of the parameters in the problem.
Often Monte-Carlo simulation is used, but this is a very time consuming technique in cases of small
probabilities.
Methods of SRA are tools for calculating probability. Thus the models used in this type of analysis are
standing in line with other reliability models, like lifetime models for mechanic and electronic equipment,
reliability models for software, availability models for supply systems and models for calculating the reliability
of human actions. All models of this kind can be used to calculate single probabilities that are inputs in
different methods used in risk and regularity analyses such as for the basic events in fault tree and RBD
analysis. A special feature of methods of SRA is, however, that the influence from several random variables
and failure modes may be taken into account in a single analysis. Thus, using methods of SRA, the splitting of
events into detailed sub events is often not necessary to the same extent as in for example FTA.
B.19 Life cycle cost analysis (LCC)

Production assurance predictions are an important input parameter to LCC evaluations. LCC evaluations are
normally performed to select between two or more alternatives. The evaluations may include parts or the
whole facilities. The format of the regularity input shall be suitable to calculate the LOSTREV as part of the
production assurance analysis, whilst CAPEX and OPEX are normally covered in the overall LCC analysis.
One should recognise that OPEX includes the corrective maintenance cost (workload, spares, logistics and
other resource consumption) which can be estimated from the production assurance analysis outlined in this
standard.
Each alternative shall be presented with the appropriate production performance measures as a percentage of
planned production. If production performance varies with time, performance measures shall be presented as
a function of time (one figure for each year of the field life). The related reference level profile shall also be
presented so that the production loss and hence, the LOSTREV can easily be calculated. An important
assumption that needs to be clarified in each case is if, and when, the production loss can be recovered.
Unless the LCC evaluations aim at predicting the total LCC, the production performance input may be limited
to the differences between the alternatives. The production performance input shall include relevant figures for
oil production, gas export and other as required.
• ISO 15663, part 1-3; Life cycle costing

ISO/CD 20815
B.20 Risk and emergency preparedness analysis

Risk and emergency preparedness analyses link many aspects of reliability and production assurance, and
safety and environmental issues. Specifically the interfaces to a risk and emergency preparedness analysis
are as follows:
• input to the risk and emergency preparedness analysis in terms of reliability of safety systems (fire
water system, fire and gas detection system, ESD system). Such individual system analyses may be
a part of the overall production assurance analysis;
• the risk and emergency preparedness analysis may impose reliability requirements on certain
equipment, typically safety systems;
• the risk and emergency preparedness analysis may impose requirements to equipment configuration
that will affect production assurance;
• production unavailability due to catastrophic events (see 7.3.7 and annex E);
• as the production assurance analyses address and quantify operational and maintenance strategies,
such strategies may also affect risk and emergency preparedness analysis assumptions and
predictions. Examples are manning levels, logistics and equipment test strategies;
• co-ordination of study assumptions and data in risk and emergency preparedness analyses and
production assurance analyses is recommended.
B.21 Novelty scoring analysis

Equipment to be qualified can be classified according to: (i) the newness of the technology, and (ii) the
amount of experience from previous application of a similar technology in the actual operational and
environmental context. The DNV RP-A203 applies the classification illustrated in Table 1, where the
technology is classified into four categories:
1. No new technical uncertainties
2. New technical uncertainties
3. New technical challenges
4. Demanding new technical challenges
Table B1: Classification of the new technology

Application Technology
area
Proven Limited New or
field unproven
history
Known 1 2 3
New 2 3 4
This classification applies to the system level as well as to each separate part and function. The classification
is used to highlight which parts and functions that have to be carefully scrutinized in the development process.

ISO/CD 20815
Technology in category 1 is proven technology where proven methods for qualification, testing, calculations,
and analysis can be used to document compliance with requirements. Technology defined as categories 2-4
is defined as new technology.

ISO/CD 20815
Annex C
(informative)
Performance measures
Performance measures are used both in analyses for prediction and for reporting of historical performance in
the operational phase. The performance measures will include the effect of downtime caused by a number of
different events. It is imperative to specify in detail the different type of events and whether they shall be
included or excluded when calculating the performance measure. This annex provides a guide to this subject
in order to achieve a common format for performance predictions and reporting among field operators.
Detailed production reporting system will exist, but should enable comparable/exchangeable field reporting as
indicated below.
For a typical production facility the following measures may be of interest for predictions as well as for
historical reporting:
• production availability of oil into storage/for export;
• availability of water injection (time based) or water injection availability (volume based);
• availability of gas injection (time based) or gas injection availability (volume based);
• production availability of gas for export measured at the exit of the process facility;
• deliverability of gas export measured at the delivery point and including the effect of
compensating measures;
• production availability of the subsea installation in isolation without considering downstream

elements;
• availability of the process facilities in isolation.

ISO/CD 20815
An illustration of relationship between some production assurance terms is shown in Figure C.1.
Production Assurance
Availability Availability Production Deliverability

(item) (system) Availability
Uptime Downtime
Reliability Maintainability Consequence Consequence Compensation

Design Organisation of item failure for production Storage
Tolerances Resources Configuration Capacity Linepack
Design margins Tools Utilities Demand Substitution
Quality control Spares etc. etc. etc.
Operating Accessibility
conditions Modularisation
etc. etc.
Figure C.1 - illustration of relationship between some production assurance terms
Production availability (and deliverability) is a volume based performance measure which is defined as
follows:
Production availability = Produced volume (Sm3) / Reference level (Sm3)
The reference level needs to be defined if these measures shall be predicted or reported. Ideally, the same
reference level as used in production availability analyses shall be used also when reporting historical
production availability during the operational phase. Some alternatives are discussed in the following:
contracted volume;
If there is a sales contract, the contracted volume will be a preferred reference level. The contracted volume
may be specified with seasonal variations (swing). In that case the swing profile should be used as a
reference level. The contracted volume may also be specified as an average over a period of time and where
the buyer nominates the daily supplies some time in advance. Reporting historical production availability or
deliverability, the reference level volume should be the actual nominated volumes. In a prediction, a
distribution of volumes reflecting the foreseen variations in the nominated volumes should be used, but the
ability of the facilities to deliver the maximum quantity should also be assessed.
design capacity;
The design capacity of the facility could be used as a reference level. This could be an appropriate reference
level if only a part of the production chain, e.g. a process facility, is subject to analysis. The design capacity is

ISO/CD 20815
easily available in an early project phase. A limitation is that production may be restricted by factors outside
the system boundaries (e.g. well potentials) which may lead to misleading conclusions.
well production potential;

The well production potential can be a reference level if it is less than the design capacity. Especially in the
production decline period this will be the case. It should be kept in mind that reservoir simulations are
associated with uncertainty. The well production potential may be adjusted during the operating phase.
planned production volume assuming no downtime;

This will be the maximum production volume given the constraints of design capacities and well production
potentials assuming that there will be no downtime. This will be the preferred reference level in production
availability predictions. The uncertainty of reservoir simulations should be kept in mind. The length of the
plateau period and the production rates in the decline period are uncertain.
planned production volume.

The planned production volume when expected downtime is considered can be used as a reference level
when reporting historical production availability in the operational phase. If less than average downtime occur
in a period, the performance measure will be greater than 100%. The disadvantage of using this reference
level is that the costs of downtime will be concealed.
In addition to the volume based performance measures, time based measures can be used:
Availability = Uptime (h) / Observation period (h)
The advantage of using availability as a performance measure is that uptime and time in operation is easy to
establish compared to the reference level of the volume based measures. On the other hand, the
disadvantage is that this measure it is not well suited to handle partial shutdowns. In some cases the measure
can be modified by defining uptime and time in operation as well-years.
Table C.1 provides guidance on the events that should be included in production availability predictions and
reporting of historical production availability for a production system (i.e., volume-based performance
measures). Time-based availability predictions or statistics can apply same event categorisation. Event
categorisation for other specific operations (e.g. pipelaying) and its associated system/equipment will typically
have another format which needs to be specified as required. Battery limits for the facilities shall be clearly
defined, also with regards to any third party processing, tie-ins, subsea installations, etc.

ISO/CD 20815
Table C.9.4-1 — Upstream events

Type of event Comments
A Wells (downhole and “Wells” covering everything from (and including) the tubing
subsea/surface) hanger and downwards to (and including) the reservoir
Surface Xmas tree
A1 Reservoir uncertainties Production availability impact due to reservoir uncertainties (e.g.
reservoir producing less than anticipated)
A2 Downhole equipment failure Production availability impact until well intervention starts.
A3 Unplanned downhole well Production availability impact arising from repair of downhole
intervention (workover) failure. Including heavy lifts. Reliability based contingency
preparedness is anticipated
A4 Downhole equipment testing & Figure 7 in ISO 14224 may be referenced (this applies to all
inspection/surveys entries dealing with inspection and other preventive
maintenance activities)
A5 Planned well activities (drilling, Production availability impact including heavy lifts which
completion, logging + planned well depends on simultaneous activity procedures.
maintenance)
A6 Well production testing & logging The production loss caused by the need to undertake such
testing. The production availability impact depends on test
design and procedures.
A7 Well stimulation (scale squeeze, The production downtime and loss caused by the activity shall
re-perforation, side tracking, acid be included. The positive effect on production rate should also
wash, etc.) be considered since this will influence the reference level for the
performance measure.
A8 Flow assurance (Hydrates, etc)
B Subsea
B1 Subsea equipment failure Production availability impact until subsea intervention starts
B2 Unplanned subsea intervention Production availability impact arising from repair of subsea
failure, and may include downhole intervention. Reliability
based contingency preparedness is anticipated
Note: Assess combining B1 and B2
B3 Subsea equipment testing and
inspection
B4 Flow assurance, pigging The production downtime and loss caused by the activity shall
be included. The positive effect on production rate should also
be considered since this will influence the reference level for the
performance measure.
C Topside (process and utility)
C1 Equipment failure and repair Production availability impact until corrective maintenance starts
(including failure of utility/ and the corrective maintenance itself may be split, if needed.
ancillary/auxiliary systems such as
power, chemicals, etc.)
C2 Preventive maintenance Reduction in production caused by the execution of preventive
maintenance (e.g., due to safety barrier procedures). Includes
equipment testing of topsides safety equipment which implies
production.
C3 Spurious trips Instrumentation failures and repair.
C4 Real trips including operator errors Process upsets. Logistic delays included (e.g. on unmanned
platform).
C5 Flow assurance
D Export
D1 Offloading These are shutdowns caused by (e.g. a full storage) offloading
equipment failures or tanker not present.
D2 Downstream process shutdowns These are shutdowns caused by downstream process/receiving
and restrictions facilities outside the battery limits (third party issues)

ISO/CD 20815

D3 Flow assurance
E Drilling
E1 Moving from one well to the next Activities carried out to remove the rig from one location to the
one next one, such as removing and re-installing anchor lines of
floating rigs in offshore scenarios, others.
E2 Drilling well planned activities Drilling, regular BOP and safety equipment related activities,
logging/coring, orienting the well, running and cementing
casings/liners activities and others.
E3 Rig downtime due to rig Activities developed to repair a equipment that is essential to
equipment failure, including proceed with normal operations, including possible safeguards
accessories such as logging tools on the well for repairing and others, e.g. setting a temporary
plug in the well pulling/running/repairing/re-installing the BOP,
other repairing related activities.
E4 Rig downtime due to well Combating a possible kick, fishing activities, re-setting or
problems correcting the wellhead installation, reaming, re-drilling, working
on a well unstable mechanically, adjusting drilling fluid
parameters, correcting cement job, others.
E5 Waiting for something to proceed Waiting on weather, on spare parts, operation definition,
with drilling operations materials, others.
E6 Well formation test Activities related to the evaluation of a possible reservoir in the
well.
E7 Well abandonment and/or Setting temporary or definitive cement plug, setting a bridge
decommissioning plug, removal of equipment from the location and others.
F Intervention and workover
F1 Moving from one well to the next Activities carried out to remove the rig from one location to the
one next one.
F2 Intervention and workover Checking or setting safety barriers in the well before
planned activities intervention, regular BOP and safety equipment related
activities, running/installing Christmas tree, gravel packer and
tubing activities and others.
F3 Rig downtime due to rig Activities developed to repair a equipment that is essential to
equipment failure, including proceed with normal operations, including possible safeguards
accessories such as logging tools on the well for repairing and others, e.g. setting a temporary
plug in the well pulling/running/repairing/re-installing the BOP,
other repairing related activities.
F4 Rig downtime due to well Combating a possible kick, fishing activities, correcting the
problems installation others.
F5 Waiting for something to proceed Waiting on weather, on spare parts, operation definition,
with drilling operations materials, others.
F6 Production test Activities related to the evaluation of a reservoir.

ISO/CD 20815

F7 Well abandonment and/or Setting temporary or definitive cement plug, setting a bridge
decommissioning plug, removal of equipment from the location and others.
G Other
G1 Revision shutdowns Can be considered to be excluded both in predictions and for
historical reporting (e.g., when revision shutdowns are defined
in sales contracts).
G2 Modifications (not equipment Modifications which have impact on production availability and
replacements – this term needs to availability
be further defined)
G3 Bad weather Trips and offloading events may be caused by bad weather.
G4 Accidental events Safety related events.
Downtime caused by events which are of catastrophic type,
should be reported separately in predictions.
G5 Labour conflicts Not to be included in predictions.
G6 Environmental policies (flaring, oil
spill contingencies, etc)
G7 Political restrictions (OPEC, quotas)
G8 Out of product specification (below CO2, BS and W, etc.
and above spec)
G9 Security Terrorism, riots, etc.
Table C.9.4-2 — Midstream events

A Pipeline Covers only line pipe, flanges, block valves, etc.
A1 Preventative maintenance Losses associated with planned maintenance
A2 Planned testing /inspection / Losses arising from planned inspections, hydrostatic testing,
surveys inspection pigging, etc
A3 Unplanned activities and Production assurance impact arising from repair of pipeline
equipment failures failure, including third party damage. Also includes logistic
delays.
Plus geotechnical problems – pipeline movement, river crossing

wash outs, etc
A4 Flow assurance Flow assurance (Hydrates, etc) – flow assurance pigging plus
failure of DRA
A5 Post modifications impact Losses associated with modification work, i.e. Tie-ins
A6 Downstream process shutdowns These are shutdowns caused by downstream process/receiving

and restrictions facilities outside the battery limit of terminal (third party issues)
B Pump / Compressor station All equipment & activities within battery limit of pump /
compressor station, includes process and utilities (power,
chemicals, Instrument air, etc.)
B1 Preventative maintenance Losses associated with planned activities – preventative

ISO/CD 20815
maintenance
B2 Planned equipment testing Includes equipment testing of safety equipment which implies
/inspection / surveys lost production.
B3 Unplanned activities and Losses associated with unplanned activities – Failure of prime
equipment failures movers and utilities (instrumentation, power, etc.)
B4 Real trips including operator errors Process upsets. Logistic delays included (e.g. on unmanned
facilities).
B5 Post modifications impact Losses associated with modification work, i.e. adding new
pumps / compressors to increase capacity.
B6 Operational Impacts Flow assurance
C Terminal All B items, plus event C1-C3
C1 Offloading These are shutdowns caused by (e.g. full storage) offloading

equipment failures or tanker not present, bad weather stops
loading, etc.
C2 Downstream process shutdowns These are shutdowns caused by downstream process/receiving

and restrictions facilities outside the battery limit of terminal (third party issues)
C3 Out of product specification (below CO2, BS and W, etc.

and above spec)
D LNG Plants, Gas Plants, etc All B items, plus event D1-D2
D1 Out of product specification (below CO2, BS and W, water, etc.

and above spec)
D2 Downstream process shutdowns These are shutdowns caused by downstream process/receiving

and restrictions facilities outside the battery limit of plant (third party issues)
E Other
E1 Revision shutdowns Can be considered to be excluded both in predictions and for

historical reporting (e.g., when revision shutdowns are defined
in sales contracts).
E2 Accidental events Safety related events.
Downtime caused by events which are of catastrophic type,

should be reported separately in predictions

ISO/CD 20815
Table C.9.4-3 — Downstream events

A Process Unit Unavailability Process plants typically consists of a number of process units
A0 Unplanned shutdowns Losses arising from equipment failures, power,

instrumentations, utilities.
A1 Domino losses Losses caused by shutdown/slowdown of other process units
A2 Turnarounds Losses associated with planned turnarounds (major overhauls

of process units planned well in advance)
A3 Commercial Losses caused by production constraints due to commercial

aspects of the business
Note: In downstream industry a wide range of performance measures are utilized. Examples are given below.
Mechanical Availability
This indicator measures the average time available for processing accounting for turnarounds and non-
turnaround maintenance.
Operational Availability
This indicator measures the average time available for processing accounting for turnarounds, non-turnaround
maintenance, and regulatory/process downtimes.
On-Stream Availability
This processing indicator accounts for all outages and indicates the average time available for processing
including downtime for annualised turnarounds, regulatory/process-related, non-turnaround maintenance, and
all other downtimes.
Days Down For Routine Maintenance
This indicator represents the annualised down days scheduled and unscheduled outages for repairs that are
not accounted for in the turnaround data.

ISO/CD 20815
Annex D
(informative)
Catastrophic events
Some serious, infrequent events may cause long-term shutdown of production. These events are classified as
catastrophic, and should be distinguished from the more frequent events which are considered in analyses of
production availability and deliverability. The catastrophic events should be treated separately in production
assurance analyses.
Typical catastrophic events include
• earthquakes;
• fires and explosions;
• blowouts;
• sabotage;
• structural collapse;
• major problems with casing or wellheads;
• riser or export pipeline ruptures;
• falling loads with large damage potential;
• other events or combinations of events with large damage potential.
Important factors in the analysis of catastrophic events are considered in more detail below.
The purpose of the availability analyses is to predict the actual production availability A for the installation for
the time period considered. This quantity is uncertain (unknown) when the analysis is carried out and it has
therefore to be predicted. The uncertainty related to the value of A can be expressed by a probability
distribution H(a), with mean or expected value A* being the predictor of A. When performing a Monte-Carlo
study of the production availability we generate a sequence of independent, identically distributed quantities,
say A1,A2, …,An, from this probability distribution. By using the sample A1,A2,...,An we can estimate this
distribution.
In theory and as far as the uncertainty distribution H(a) is concerned, there is no problem in including
catastrophic events into the analysis. If a catastrophic event results in a production loss z and its associated
probability equals p, this is to be reflected in the distribution H. But using the «full distribution» would make it
difficult to predict A using the expected value. The spread around the mean would be very large, and the form
of the probability density could be bimodal far away from the typical Gaussian distribution. The problem is that
the expected value contribution from the catastrophic event is normally a rather small quantity, namely p·z,
which is an unrepresentative contribution to the production loss. If the catastrophic event occurs, the actual
loss would be z and this could mean a dramatic reduction in the production availability A.
If the time period considered is long, then the probability that a catastrophic event shall occur could be quite
large and consequently the contribution p·z significant. Hence in such cases the inclusion of catastrophic
events would be more meaningful.

ISO/CD 20815
Criterion for inclusion in analyses:
The consequences for production as a result of catastrophic events in production and transportation systems
should always be considered either by production availability analysis or total risk analysis. In general,
catastrophic events should not be included in production availability analysis, but in risk and financial analyses.
A criterion for exclusion from production availability analyses may be as follows:
• the probability that the event occur during lifetime of the system is less than 25%; and
• the downtime as a result of one occurrence of the event during the lifetime shall result in a
reduction of the production availability or deliverability of more than 1%.
It should however be considered to refer to the predicted production availability loss value estimated, if this is
a part of the total risk analysis. This will enable consistency check of framework conditions and reference level,
making it comparable to predictions in the production availability analysis.
In analyses limited to subsystems, one shall consider from case to case whether the catastrophic events
should be included.

ISO/CD 20815
Annex E
(informative)
Handling of uncertainty
The purpose of the reliability and production availability analyses is to predict the performance of the system
being analysed. Consider the production availability as an example. Let A be the actual production availability
for the installation for the time period considered. This quantity is uncertain (unknown) when the analysis is
carried out and it has therefore to be predicted. To structure and reduce this uncertainty we develop a model
which describe important phenomena and incorporate relevant experience data. Yet there are uncertainties
associated with the value of the production availability, and this uncertainty can be expressed by a probability
distribution H(a). This distribution is generated by uncertainties on equipment level, reflected for example by
distributions of failure and restoration times, and by a system model linking the various system elements
(equipment, storage, delivery points, etc.) together.
When performing a Monte Carlo study of the production availability we generate a sequence of independent,
identically distributed quantities, say A1, A2, …, An, from this probability distribution. By using the sample A1,
A2,..., An we can estimate this distribution and its mean. Depending on the number of simulations n, the
accuracy of this estimation can be more or less good. If the variance of the distribution is large, for example as
a result of long downtimes in some simulations, a rather high number of simulations is required to estimate the
mean accurately.
The mean (expected value) of the distribution H(a) is normally used as the predictor for the production
availability A. The spread of the distribution (and of A1,A2,...,An), for example expressed by the standard
deviation, gives valuable information about the confidence the analysis team has to obtain an accurate
prediction. If the spread is small, the analysis team is confident that the prediction will be close to the actual
value, whereas if the spread is large, the analysis team would expect relatively significant deviations from the
predicted value.
The value of A and consequently the uncertainty related to the value of this quantity is affected by
the downtime pattern of equipment and systems;

When will a equipment failure occur and what will be the consequences on the production? Depending on the
occurrences of failures and the length of the downtimes, the production availability may vary from one period
of time to another.
operating factors such as wind, waves and access to certain repair resources;
Such factors could induce variations from one period of time to another.
the time period considered;

For a given installation the production availability for any given year may, for example, vary between 95 % and
99 %, while production availability for the same installation measured any day, may vary from 0 % to 100 %.
These factors will influence the uncertainty distribution H(a) and its mean value (the predictor) A*. But H and
A* will in addition be influenced by the way we express and model system performance. Important aspects are
system definition;
The initial project phases will provide limited access to reliable information on technical solutions, production
and sale profiles, operating and maintenance philosophies, logistics conditions etc. The analyses have
therefore to be based on a number of assumptions and conditions. As the project progresses, more
information will be available and this type of uncertainty can be reduced to a minimum.
models used for total system and its elements;

All models have limitations and weaknesses, and consequently they can lead to more or less good predictions
of the actual quantities of interest;

ISO/CD 20815
quality of input data for equipment;

Predictions could be poor for example as a result of using generic data which are not representative for the
relevant type of equipment, small observation time as a basis for applied data, and the use of data being
extracted from operating and environmental conditions which are not representative. Probability distributions
are established for equipment failure times and restoration times, using relevant experience data and expert
judgements, and reflecting the uncertainties of the actual values of these times.
The purpose of importance and sensitivity analyses is to identify critical contributors to production
unavailability (undeliverability) and describe the sensitivity of the input data used and the assumptions made.
In an importance and sensitivity analysis the effects of changes in various parameters on the overall results,
are studied, and these analyses thus represent a tool for expressing certain aspects of uncertainty. Consider
for example an analysis where we study the effect of increasing and decreasing the MTTF of the various type
of equipment with x %. Such an analysis will identify how critical the assumed MTTFs are for the results and
how sensitive the results are for variations in the MTTFs. So if we allow for consideration of a class of
probability distributions corresponding to these MTTFs, reflecting the uncertainties involved in predicting the
lifetimes of the equipment, the results show a range of possible values associated with these different models.
Note that importance and sensitivity analysis only reflect some aspects of uncertainty. Only one parameter is
changed at a time.
Uncertainty is related to information. More information about the system and its performance will reduce
uncertainty. It will however be a question about cost-benefit whether it is worthwhile to obtain more information
to improve the decision basis. The uncertainties will be reduced in the later project phases, but it will never be
completely eliminated.
The following example illustrates how certain types of uncertainty can be handled. Assume that it is not known
whether simultaneous production and maintenance (intervention) will be allowed for a subsea installation. The
following three alternative methods are possible to deal with this in a production availability analysis:
a) it is assumed that simultaneous production and maintenance will be permitted;
b) it is assumed that simultaneous production and maintenance will be permitted, but an additional
sensitivity analysis is carried out in which it is assumed that simultaneous production and maintenance
will not be permitted;
c) the uncertainty related to whether simultaneous production and maintenance is being permitted is
expressed by a probability, for example 70%. This probability is included in the analysis.
In method a) we allow no uncertainty related to the simultaneous production and maintenance. Hence if this
assumption is correct we can obtain accurate predictions, but otherwise, the analysis result could be poor.
Method b) goes one step further and calculates the consequences for production also with the alternative
assumption. So we have in fact two models. In this case the analysis can be used also as a basis for
economic calculations in connection with application for permission for simultaneous production and
maintenance.
The method c) is consistent with the approach presented above for dealing with uncertainties, but it has to be
used with care. In practice (over a period of time) one will either allow simultaneous production and
maintenance, or not, and consequently the predictions could be poor compared to real values. In cases like
this, the total distribution of the production availability should be focused, not only the mean value which is not
so informative.
To reduce unwanted variability from one analysis to another, as a result of arbitrariness and superficiality in
the analysis process, guidelines or standards related to methods and data are required. Such standards could
for example be related to the use of a specific probability distribution for the failure time of equipment.

ISO/CD 20815
Bibliography
[1] BS 5760, Reliability of systems, equipment and components, British Standards Institution,
London.
[2] IEC 60050-191, International Electrotechnical Vocabulary, Chapter 191: Dependability and quality
of service.
[3] IEC 60300-1, Dependability management - Part 1: Dependability programme management
[4] IEC 60300-2, Dependability management - Part 2: Dependability programme elements and tasks.
[5] IEC 60300-3-2, Dependability management - Part 3: Application guide –

Section 2: Collection of dependability data from the field.
[6] IEC 60300-3-3, Dependability management - Part 3: Application guide –

Section 3: Life cycle costing.
[7] IEC 60300-3-4, Dependability management - Part 3: Application guide - Section 4: Guide to the
specification of dependability requirements.
[8] IEC 61508, Functional safety of electrical / electronic / programmable electronic safety-related
systems – (all parts).
[8] IEC 61511, Functional safety - Safety instrumented systems for the process industry sector –
(all parts).
[9] ISO 15663-1, Petroleum and natural gas industries - Life cycle costing - Part 1: Methodology
[10] ISO 15663-2, Petroleum and natural gas industries - Life cycle costing - Part 2: Guidance on
application of methodology and calculation methods
[11] ISO 15663-3, Petroleum and natural gas industries - Life cycle costing Part 3: Implementation
guidelines

ISO 20815 - 911 - Draft - Text

Uploaded by

Copyright:

Available Formats

ISO 20815 - 911 - Draft - Text

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO 20815 - 911 - Draft - Text

Uploaded by

Copyright:

Available Formats

© ISO 2004 — All rights reserved

ISO TC /SC /WG

Secretariat: Standards Norway

Petroleum, petrochemical and natural gas industries — Production

Document type: International Standard

C:\Documents and Settings\sn-mcs\Desktop\WD 20815 2005-07-08.doc STD Version 2.1

Violators may be prosecuted.

ii © ISO 2004 — All rights reserved

© ISO 2004 — All rights reserved iii

8.1.2 Equipment boundary and hierarchy definition................................................................................ 28

iv © ISO 2004 — All rights reserved

Annex A, B, C, D and E are for information only.

© ISO 2004 — All rights reserved v

vi © ISO 2004 — All rights reserved

Petroleum, petrochemical and natural gas industries —

• planning, execution and implementation of reliability technology;

• the application of reliability and maintenance data;

• reliability based design and operation improvement;

• establishment and use of reliability clauses in contracts.

3 Terms, definitions and abbreviated terms

3.1 Terms and definitions

© ISO 2004 — All rights reserved 1

NOTE This state is related to availability performance.

2 © ISO 2004 — All rights reserved

NOTE Examples: Refining, transportation and marketing of petroleum products

NOTE 1 After failure the item has a fault.

NOTE 2 “Failure” is an event, as distinguished from “fault”, which is a state

NOTE 2 Failure rate can be based on operational time or calendar time.

© ISO 2004 — All rights reserved 3

4 © ISO 2004 — All rights reserved

NOTE Requirements are normally quantitative but may be qualitative.

NOTE Examples: Methanol, Polypropylene.

© ISO 2004 — All rights reserved 5

6 © ISO 2004 — All rights reserved

NOTE This relates to availability performance

3.2 Abbreviated terms

CAPEX capital expenditures

© ISO 2004 — All rights reserved 7

4 Production assurance and decision support

4.1 Framework conditions

Redundancy at system level

Figure 1 - important measures for control of production performance

4.2 Optimisation process

• requirements to design or operation given in authority regulations;

8 © ISO 2004 — All rights reserved

• requirements to market performance.

Compliance with acts,

Can the solution be

Have all alternative

Reliability/ Performance evaluation/predictions of

Figure 2— Optimisation process

© ISO 2004 — All rights reserved 9

4.3 Production assurance programme

4.3.2 Project risk categorisation

Projects are classified into three risk classes:

10 © ISO 2004 — All rights reserved

Table 4.3-1: Project risk categorisation

Novel High High risk project using new/novel

4.3.3 Programme activities