******* This page is under development and will during the spring and summer of 2014 be subject to many changes.****

Brief background of course

This course is the specialization course in reliability, availability, maintenance and safety (RAMS) in the last fall semester of the (2 year) international master program in RAMS and the (5 year) master program in Mechanical Engineering (in Norwegian: Produktdesign og Produksjon - PUP). The course introduces some new methods, and makes a more thorough presentation of methods introduced in previous RAMS-related courses.

Two examples:

Consider a wind turbine: We want this system to be reliable, meaning that it generates the power according to the turbine's operating profile. To ensure that the costs of producing power is sufficiently low, it is necessary to find more cost-efficient wind turbine designs and more cost-efficient ways of operating and maintaining them. This course aims to give you knowledge and competence in RAMS tools and methods help you to solve such tasks.

Consider an instrumented pressure protection system installed in a subsea pipeline that is tied into a topside facility. The system is used to protect the pipeline from over-pressuring upon certain events, such as a downstream blockage. A failure of this instrumented pressure protection system may result in a pipe burst. If the pipe bursts close to the platform, it may eventually create a gas cloud nearby with the potential of escalating into an explosion and fire. If the pipeline bursts on the seabed, it may damage the sea environment. This course aims to give you a set of tools that are needed to define how reliable such safety-systems must be, how they should be designed to meet the reliability requirements, and how the reliability performance may be traced in operation.

The course belongs to the large envelope of RAMS courses which are thought at the department of Production and Quality Engineering at NTNU. The course is adminstred by the RAMS group at this department. It is expected that the students have taken (or have relevant background corresponding to):

TPK 4120: Safety and Reliability
TPK 4140: Maintenance Management
TPK 5160: Risk Analysis

This course replaces the earlier arrangement with two specialization modules in RAMS, one in risk and reliability and one in maintenance optimization (each with 3.75 credit points). In a transition period, TPK 5170 will include some subjects from both of these subject areas: risk/reliability assessment and maintenance optimization. It may be important to note that

This course is now a regular course like any other master courses, and it may not be possible that all students will be able to see a close relationship with their specialization project and the lectured topics (which was easier to ensure with the old system with specialization modules).
You may consider this course as the last fill in of new topics and extensions, and it corresponds to what we in the RAMS group think you should have in your "knowledge & skills" suitcase when you leave NTNU with a specialization in RAMS.

The responsible person for TPK 5170 in the fall of 2014 is Professor Mary Ann Lundteigen. She will give approximately 60% of the lectures. Since this is a specialization course, some "specialists" are brought in for specific topics. For example, Associate Professor Yiliu Liu will lecture methods like PetriNets. Lectures that belong to the topic maintenance optimization are planned to be lectures by Professor Jørn Vatn, and the new Professor Anne Barros who starts from September 1st.

I mentioned that TPK 5170 is in a transition period. The course may, from the fall of 2015, change the name to "Asset management methods". A new course in "Reliability of safety-critical systems" ("SIS course") will at the same time be introduced (from spring 2015). Topics related to reliability assessment will be transferred to the new ("SIS") course, and it is planned that TPK 5170 with its new profile will expand on topics related to maintenance optimization and the estimation of remaining useful life. The changes will be available http://www.ntnu.edu/studies/courses, once implemented.

Course objective and motivation

The main objective of this course is to increase the depth of understanding about RAMS assessment and optimization models and methods. Such models and methods may be useful for several purposes, including:

Definition of requirements (how reliable must a system be?)
Implementation of requirements (how should we design the system in order to meet stated reliability?)
How may we operate the system in order to minimize costs and time?
How may it be required to operate the system to be sufficiently safe?
How can we support our models and methods with data, and can these data be determined?

As already mentioned, the course aims to study already lectured methods and models in more detail, to add more perspectives to the understanding. Some new models methods are also introduced so that the students, after having taken the course, will have a solid toolbox of models and methods to use in their future work career. The lectured methods may also be used in the master project in the last semester.

Expected learning outcome

Knowledge:
Obtain a more thorough understanding of the theoretical foundation and the practical applications of RAMS assessment and optimization methods.

Skills:
Being able to identify suitable frameworks, methods, and software and to use these to solve RAMS assessment and optimization tasks.

General competence:
Understand RAMS as an important cornerstone of industrial and commercial systems and in the public administration.

Industry relevance

Reliability assessments of safety-critical systems are key services provided by many consultancy companies, such as with Safetec, Lloyd's Register Consulting, and DNV-GL (link to the GL-part of the services), and Lilleaker Consulting. Manufacturers like ABB, Siemens, AkerSolutions, FMC, Kongsberg Maritime and many others need to design systems in light of reliability requirements, and also demonstrate (sometimes with assistance of the consultancy companies) that the reliability requirements are met. End users, like railway service providers like Jernbaneverket, oil companies like Statoil, Det Norske, GDF-Suez, Shell and Conoco-Phillips, and Wintershall, and other industries like smelting plants and water power suppliers must be competent to select proper system design, follow up the system performance and select the most suitable maintenance strategies to keep costs and safety within the accepetable limits.

Topics covered

With the prevailing profile of the course, there are two main subject areas of this course:

Subject area 1: Reliability assessment methods with focus on the application with safety-critical systems (approximately 70% weight)
Subject area 2: Maintenance optimization models and methods which have a broader application area (approximately 30%)

Lectured topics within these three subject areas are indicated in the lecture plan below. Textbook for subject area 1 is Reliability of Safety-Critical Systems: Theory and Applications, while the compendium, Maintenance optimization lecture notes,
is available for subject area 2.

A collection of formulas is updated after each lecture. This collection may be brought to the exam.

Week	Date	Subject area	Lectured topics	Motivation	Lecturer	Tutorials
34	19 & 20.8	All	1st hour: Introduction to the course Organization of student groups (3 persons per group) 2nd-3rd hours Introduction to two case studies Group work and summary in plenum	Inform the students about the course objectives, intended learning outcomes, and practicalities. Give a more thorough introduction to two systems (A SIS and a windmill) where the lectured models and methods may be applicable. Explain and discuss the technologies involved, with focus on attributes like reliability, availability, maintenance, and safety Group work and summary in plenum	Mary Ann and Jørn	Introduction to applicable software tools: Matlab, Maple, (and GRIF)
35	26.-27.8	1	Safety-critical systems: Key concepts and requirements (Textbook: chapter 1 & 2)	IEC 61508 is a key standard on design of safety-critical systems, when the technology used include electrical, electronic, and programmable electronic systems. Many authority regulations Petroleum, railway, nuclear, automotive, etc) refer to this standard, or standards that are under the "umbrella" of this standard. The standard introduces several key concepts including equipment under control (EUC), safety integrity level (SIL), safety lifecycle, functional safety, risk reduction factor, and many more. Safety design principles, such as fail-safe design and architectural constraints, are also discussed.	Mary Ann	Student seminar this day Problems Chapter 1: 2,5,8,9 Problems Chapter 2: 1, 11, 12, 19 See http://www.ntnu.edu/web/ross/books/sis/problems
36	2.-3.9	1	Safety-critical systems: Development of SIL requirements (chapter 2, plus supplemented material: IEC 61511-3)	The mentioned IEC standard(s) require a structured process for defining SIL requirements. Methods like layers of protection analysis (LOPA) and risk graph are often used for this purpose. Risk graph is used with many applications, such as for machinery and process industry, whereas LOPA is mainly used in the process industry. In the oil and gas industry, for example, it is common to have LOPA-sessions/workshops in an early planning of new systems. A special case of defining SIL requirements is the minimum SIL, advocated in a Norwegian guideline for offshore oil and gas facility, Norsk Olje og Gass guideline 070. This approach builds on principles called GALE or GAMAB.	Mary Ann	Problems chapter 2: 21, 22, NEW (on risk graph calibration) See http://www.ntnu.edu/web/ross/books/sis/problems
37	9.-10.9	1	Safety-critical systems: Quantification of reliability for systems operating on demand - Extending the simplified formulas (Textbook chapter 8)	Students that take this course are familiar with simplified formulas for calculating the average probability of failure on demand (PFD). The deriving of these formulas is not repeated here, but extensions are discussed, including: IEC 61508-6 formulas PDS method if time: Fault tree analysis (compensating for the Schwartz' inequality)	Mary Ann	A SIL verification of a 1oo2 and a 1oo3 system: Comparing the results when using different approaches.
38	16.-17.9	1	Safety-critical systems: Quantification of reliability for systems operating on demand - introducing PetriNets (Textbook chapter 5 and 8)	PetriNets is an alternative approach for calculating the the the average probability of failure on demand (PFD). PetriNets have not been much used for this particular purpose, but the approach is widely used in many other application areas such as the modeling of communication and software. In our context, PetriNets have got increased attention as the newest version of IEC 61508 and a new technical guideline published by ISO, the ISO/TR 12489) mention and give application examples.	Yiliu (Mary Ann at ESREL)	Selected problems
39	23.-24.9	1	Safety-critical systems: Modeling of CCFs and determining of the value of the beta factor. (Textbook chapter 10)	Common cause failures (CCFs) are often the main contributor to the probability of failure for redundant systems. The students are already familiar with the beta factor model, and this model is therefore not lectured here. The focus in this lecture will be on: Main attributes of CCFs, including root causes and coupling factors The multiple-beta factor model and its application with e.g. the PDS method. Methods used to determine the value of beta (checklists and similar)	Mary Ann	Problems chapter 10: 3 (excluding c)), NEW PROBLEM: Application of the Humphrey's method for determining beta.
40	30.9-1.10	1	Safety-critical systems: Quantification of reliability for systems operating on demand with focus on partial and imperfect testing (Textbook chapter 11)	It is not always realistic that the proof tests and the associated repair actions are "perfect", meaning that the system is restored to an as good as new state after each test. One reason may be that it is not safe to simulate a real "demand" (would you test fire detectors by putting fire to a room?). The simulated test (pressing a test-button) may not be so extensive, and some failures may be left undiscovered also after the test. Another reason may be that it is not desired to carry out a perfect test. Testing of valves, for example, require that the valve is operated from opened to closed position (or visa versa), but this may require a full stop of the plant. Instead, it may be suggested to replace some perfect tests with partial tests, so that the valve is just operated some %, and then returned to its initial position. This lecture focus on how to account for such factors in the quantification of PFD.	Mary Ann	Selected problems
41	7.-8.10	1	Safety-critical systems: Quantification of reliability for systems operating in the high demand mode (Textbook chapter 9)	Not all safety-critical systems operate on demand. For example, many machinery safety functions are always or so often demanded that the PFD is no longer a useful reliability measure. Another example is railway signaling systems controlling the setting of light signals and position of rails switches. In this case, another reliability measure is suggested in standards like IEC 61508, called failure frequency (PFH). This lecture explains how the PFH is calculated for typical system architectures.	Mary Ann	Selected problems
42	14.-15.10	1	Safety-critical systems: Quantification of spurious trips (Textbook chapter 10)	A fail-safe design of a safety-critical system favors a transition to the safe state, which in most cases is to stop the system being protected. For example, a failure in a railway signaling system will usually result in a stop of all train traffic, while waiting on an investigation of why the failure occurred. So, often the result is "the more safe, the more disturbances caused by the system. It is therefore of interest to also quantify what we refer to as the spurious trip rate, to ensure that this rate is balanced against the PFD or PFH. This lecture presents primarily the analytical formulas for quantifying PFH.	Mary Ann	Selected problems
43	21-22.10	2	Spare-part optimization	Spare parts may be costly to have on the stock, but at the same time it is costly not to have a spare part available when it is needed. This topic concern how to calculate the probability of running out of spares, using simple formulas and Markov analyses. The use of PetriNets for this purpose is also shown. This topic may not be some relevant for very specialized systems, where it is not possible to acquire a spare within short time. For a manufacturer that develops products, such as sensors, in a large scale to e.g. the oil and gas industry, it may be relevant to find the optimal number of spare parts for warranty and repair services.	Yiliu
44	27&28.10	2	Maintenance interval optimization and related issues	The main objective of the lectures on maintenance interval optimization is to understand a set of classical mathematical models for maintenance interval optimization. In the introduction course in maintenance four failure models were introduced, (i) gradual failure progression, (ii) fast failure progression, (iii) non-observable failure progression and (iv) shock type failures. For all four situations the standard cost function to minimize will be developed. Essential in the modelling is the understanding of the effective failure rate¸ and how to calculate it given reliability parameters like MTTF, aging parameter, PF-interval and so on. In this lecture the classical age, block, and minimal repair policies are introduced as a motivation for the modelling. Next we discuss how these models align to the general modelling framework, and the concept of effective failure rate. Special emphasise will be paid on the calculation of the effective failure rate in various situations. This involves use of renewal theory, use of the law of total probability, and Markov methods.	Jørn	Selected problems from http://frigg.ivt.ntnu.no/ross/elearning/maintop/exercises/
45	4&5.11	2	Maintenance interval optimization and related issues (continued)	The second lecture on interval optimization completes the presentation of the four failure models introduced. In the standard cost functions the cost of preventive maintenance is fixed, and not influenced by other tasks. In reality preventive maintenance cost could be reduced by coordination of various maintenance tasks. Models for maintenance grouping are introduced to formulate the optimization problem in such situations. A distinction is made between static and dynamic grouping. The optimization problem now deals both with forming the groups, and determining when to execute each group of activity. Some heuristics are introduced for selected situations.	Jørn	Selected problems from http://frigg.ivt.ntnu.no/ross/elearning/maintop/exercises/
46	11&12.11	2	Degradation modeling and condition based maintenance	This lecture is an introduction to condition based maintenance, that is to say maintenance which is based on a degradation indicator of the system. It mainly concerns preventive maintenance actions which are triggered before failure, in order to avoid failure costs. This kind of maintenance actions are relevant when the failure cost is high compared with the maintenance costs and when at least one degradation indicator is available for the system. This lecture aims at i) giving an overview of useful tools to model degradation (especially continuous state space degradation, e.g. crack propagation), ii) showing how such models can be used for failures prognosis and condition based maintenance optimization.	Anne
47	18.&19.11	N/A	Student presentations (also using tutorial hours)	Students get the possibility to reflect on the lectured topics and in particular to see how these are related to their specialization project, and how they may be applicable for their master project.
48	26.11		Summary (in tutorial hours, due to IPK traveling on 24-25.11)		Mary Ann

Tutorials & Project

It is not compulsory to solve problems and hand in solutions, however, problems are provided as part of the course and the tutorial hours in relation to these. The provision of problems is based on student feedback from earlier years.
There is no compulsory project, however, the students will be organized into groups and given a topic to present in the last lecture. Having oral presentation as part of the course is also based on student feedback from earlier years.

Topic	Problems	Software
Reliability assessment	Problems will be selected from the following booklet	Matlab, Maple, Grif
Maintenance optimization	Selected problems from http://frigg.ivt.ntnu.no/ross/elearning/maintop/exercises/	Excel

Software Matlab, Maple and Grif (the latter is a rather recent software for reliability assessment in use here at the NTNU) will be preferred to assist the reliability analyses.

Page tree

TPK 5170 RAMS Assessment and Optimization