...
With the prevailing profile of the course, there are three two main subject areas of this course:
- Subject area 1: Reliability assessment methods with focus on the application with safety-critical systems (approximately 50% 70% weight)
- Subject area 2: Maintenance optimization models and methods which have a broader application area (approximately 40%)Subject area 3: Barrier management (approximately 10%30%)
Lectured topics within these three subject areas are indicated in the lecture plan below. Textbook for subject area 1 is Reliability of Safety-Critical Systems: Theory and Applications, while the compendium, Maintenance optimization lecture notes,
is available for subject area 2.
Week | Date
| Subject | Lectured topics | Motivation | Lecturer | Tutorials | ||
---|---|---|---|---|---|---|---|---|
35 | 25. & 26.8 | All | 1st hour:
2nd-3rd hours
| Inform the students about the course objectives, intended learning outcomes, and practicalities.
| Mary Ann |
| ||
36 | 2.-3.9 | 1 | Safety-critical systems: | IEC 61508 is a key standard on design of safety-critical systems, when the technology used include electrical, | Mary Ann |
| ||
37 | 9.-10.9 | 1 | Safety-critical systems: Development of SIL requirements | The mentioned IEC standard(s) require a structured process for defining SIL requirements. Methods like layers of protection analysis (LOPA) and risk graph are often used for this purpose. Risk graph is used with many applications, such as for machinery and process industry, whereas LOPA is mainly used in the process industry. In the oil and gas industry, for example, it is common to have LOPA-sessions/workshops in an early planning of new systems. A special case of defining SIL requirements is the minimum SIL, advocated in a Norwegian guideline for offshore oil and gas facility, Norsk Olje og Gass guideline 070. This approach builds on principles called GALE or GAMAB. | Mary Ann |
| ||
38 | 16.-17.9 | 1 | Safety-critical systems: (Textbook chapter 5 and 8) | PetriNets is an alternative approach for calculating the the the average probability of failure on demand (PFD). | Yiliu |
| ||
39 | 23.-24.9 | 1 | Safety-critical systems: Quantification of reliability for systems operating on demand - Extending the simplified formulas (Textbook chapter 8) | Students that take this course are familiar with simplified formulas for calculating the average probability of failure on demand (PFD).
| Mary Ann |
| ||
40 | 30.9-1.10 | 1 | Safety-critical systems: Modeling of CCFs and determining of the value of the beta factor. (Textbook chapter 10) | Common cause failures (CCFs) are often the main contributor to the probability of failure for redundant systems. The students
|
| Mary Ann |
| |
41 | 7.-8.10 | 1 | Safety-critical systems: Quantification of reliability for systems operating on demand with focus on partial and imperfect testing (Textbook chapter 11) | |||||
42 | 14.-15.10 | 1 | Safety-critical systems: Quantification of reliability for systems operating in the high demand mode (Textbook chapter 9) | |||||
43 | 21-22.10 | 1 | Safety-critical systems: Quantification of spurious trips (Textbook chapter 10) | |||||
44 | 27&28.10 | 2 | Age, block, and minimal repair strategies | Maintenance optimization:
| Jørn | |||
45 | 4&5.11 | 2 | Age, block, and minimal repair strategies (continued) | Jørn | ||||
46 | 11&12.11 | 2 | Spare-part optimization | Spare parts may be costly to have on the stock, but at the same time it is costly not to have a spare part available when it is needed. This topic concern how to calculate the probability of running out of spares, using simple formulas and Markov analyses. The use of PetriNets for this purpose is also shown. This topic may not be some relevant for very specialized systems, where it is not possible to acquire a spare within short time. For a manufacturer that develops products, such as sensors, in a large scale to e.g. the oil and gas industry, it may be relevant to find the optimal number of spare parts for warranty and repair services. | Yiliu (Mary Ann | |||
47 | 18.&19.11 | N/A | Student presentations (also using tutorial hours) | Students get the possibility to reflect on the lectured topics and in particular to see how these are related to their specialization project, and how they may be applicable for their master project. | ||||
48 | Summary | |||||||
It is not always realistic that the proof tests and the associated repair actions are "perfect", meaning that the system is restored to an as good as new state after each test. One reason may be that it is not safe to simulate a real "demand" (would you test fire detectors by putting fire to a room?). The simulated test (pressing a test-button) may not be so extensive, and some failures may be left undiscovered also after the test. Another reason may be that it is not desired to carry out a perfect test. Testing of valves, for example, require that the valve is operated from opened to closed position (or visa versa), but this may require a full stop of the plant. Instead, it may be suggested to replace some perfect tests with partial tests, so that the valve is just operated some %, and then returned to its initial position. This lecture focus on how to account for such factors in the quantification of PFD. | Mary Ann |
| ||||||
42 | 14.-15.10 | 1 | Safety-critical systems: Quantification of reliability for systems operating in the high demand mode (Textbook chapter 9) | Not all safety-critical systems operate on demand. For example, many machinery safety functions are always or so often demanded that the PFD is no longer a useful reliability measure. Another example is railway signaling systems controlling the setting of light signals and position of rails switches. In this case, another reliability measure is suggested in standards like IEC 61508, called failure frequency (PFH). This lecture explains how the PFH is calculated for typical system architectures. | Mary Ann |
| ||
43 | 21-22.10 | 1 | Safety-critical systems: Quantification of spurious trips (Textbook chapter 10) | A fail-safe design of a safety-critical system favors a transition to the safe state, which in most | Mary Ann |
| ||
44 | 27&28.10 | 2 | Age, block, and minimal repair strategies | Maintenance optimization: | ||||
Reliability assessment of safety-critical systems | Lecture material: | |||||||
Lectured topic | Motivation | Topics by key words | ||||||
---|---|---|---|---|---|---|---|---|
Development of reliability requirements
| "Safety integrity level (SIL) is a key reliability performance measure used for safety-critical systems. Reliability requirements are therefore often given as SIL requirements are identified in an extension of the risk analysis, using methods often refered to as SIL allocation, SIL targeting and SIL classification. Key methods like Layers of protection analysis (LOPA), risk graph, and minimum SIL are presented and discussed." | SIL allocation LOPA Risk graph Minimum SIL | ||||||
New reliability assessment methods | In TPK 4120, some analytical formulas were introduced to calculate the average probability of failure on demand (PFD). It was also shown how the average PFD may be calculated using Markov methods and fault tree analysis. This reliability measure is of high importance in relation to SIL, as a relationship is established between a SIL requirement and the maximum PFD tolerated for a safety function. In this course, we go a step further and introduce the foundations for analytical formulas presented in IEC 61508 (a key standard for reliability of safety-critical systems), the PDS method (a method along with a set of analytical formulas widely adapted in the Norwegian oil and gas industry, but which has a wider application area), and dynamic modeling, using Petri Nets." | PDS method PetriNet | ||||||
Special topics (one or two are selected among these) | Architectural constraints: According to standards like IEC 61508, it is not sufficient to demonstrate that a SIL requirement has been met by showing that the average PFD or PFH is sufficiently low and within the specified range of the SIL requirement. A SIL requirement also poses some restrictions on how a safety-critical function can be designed, in terms of architecture. These requirements are sometimes referred to as architectural constraints. Partial testing: For some type of components, like valves, it has been more common to also do partial stroke testing in addition to full functional testing. The reason for introdocing this testing strategy may be to improve safety, or to maintain safety while extending the intervall of full function testing. Analytical models have been suggested for this purpose, and we will review these. Imperfect testing: Many of the methods used to calculate the average PFD assumes that the functional tests are perfect, meaning that all dangerous undetected (DU) falures are revealed by the test. This is not always the case, and the effect of not taking this "imperfectness" into account will be that the average PFD is underestimated. The way this situation is treated overlaps to some extent with how partial testing is modeled. SIL follow-up in operation: It is important to maintain the reliability performance throughout the whole operational life of a safety-critical system. This may explained by using a car as an example. You may buy a car with a certain designed-in performance, including reliability, based on the engine type, safety features, type of chassis, and so on. Still, the experienced performance of the same type of car may be different for different drivers. If we exclude fabrication errors, the performance of the car is influenced by the driver's driving habits, amount of driving, environment (icy, cold, hot,..), age and so on.
| Architectural constraints
Partial stroke testing
Imperfect testing
SIL follow-up | ||||||
Maintenance optimization and management (1) | Lecture material: | |||||||
Lectured topics | Motivation | Topics by key words | ||||||
Age, block and minimal repair strategies. (2 lectures - Jørn V, Anne)
| Jørn | |||||||
45 | 4&5.11 | 2 | Age, block, and minimal repair strategies (continued) | Jørn | ||||
46 | 11&12.11 | 2 | Spare-part optimization: (1 lecture - Yiliu) | Spare parts may be costly to have on the stock, but at the same time it is costly not to have a spare part available when it is needed. This topic concern how to calculate the probability of running out of spares, using simple formulas and Markov analyses. The use of PetriNets for this purpose is also shown. This topic may not be some relevant for very specialized systemsvery specialized systems, where it is not possible to aquire a spare within short time. For a manufacturer that develops products, such as sensors, in a large scale to e.g. the oil and gas industry, it may be relevant to find the optimal number of spare parts for warranty and repair services. | to acquire a spare within short time. For a manufacturer that develops products, such as sensors, in a large scale to e.g. the oil and gas industry, it may be relevant to find the optimal number of spare parts for warranty and repair services. | Yiliu | ||
47 | 18.&19.11 | N/A | Student presentations (also using tutorial hours) | Students get the possibility to reflect on the lectured topics and in particular to see how these are related to their specialization project, and how they may be applicable for their master project. | ||||
48 | 26.11 | Summary (in tutorial hours, due to IPK traveling on 24-25.11) | Mary Ann | |||||
MLE and graphical methods (1 lecture - Anne - kan flyttes til senere) | Nelson Aalen, TTT plot, Kaplan Meier, |
Tutorials & Project
There will be mandatory problems/tasks to solve as part of the course.
...