220 likes | 436 Views
SAFETY-BARRIER DIAGRAMS FOR DOCUMENTING SAFETY OF HYDROGEN APPLICATIONS. F. Markert and N.J. Duijm Systems Analysis Department, Risø National Laboratory, Technical University of Denmark, P.O. Box 49, DK-4000 Roskilde, Denmark nijs.j.duijm@risoe.dk, frank.markert@risoe.dk. Background.
E N D
SAFETY-BARRIER DIAGRAMS FOR DOCUMENTING SAFETY OF HYDROGEN APPLICATIONS F. Markert and N.J. Duijm Systems Analysis Department, Risø National Laboratory, Technical University of Denmark, P.O. Box 49, DK-4000 Roskilde, Denmark nijs.j.duijm@risoe.dk, frank.markert@risoe.dk
Background • Barrier diagrams serve two main purposes: • Evaluation of adequateness of safety measures • (part of accident prevention) • Are the barrieres reasonable and independent? • Are barriers missing? • 2) Communication to all stakeholders • Illustrating the possible accident scenarios • and safety measures taken to prevent them • - Safety-barrier diagrams have been popular in Denmark as a risk analysis tool. • - Safety-barrier diagrams are also useful for analysisng the new hydrogen technologies Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Level indicator Signal Alarm Button Signal Powered valve Operator Detection Diagnosis Action Definition of a safety barrier • A barrier function is a function planned to prevent, control, or mitigate the propagation of a condition or event into an undesired condition or event; • A safety barrier is a series of elements that implement a barrier function, each element consisting of a technical system or human action. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Graphical presentation of a safety barrier Safety barrier Condition on success is optional Fault tree representation Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
BARRIER DIAGRAMS Barriers can be of different types: • Active versus passive barriers • Automatic versus manual barriers • Examples of barriers: • An alarm for high level in a tank. • A sprinkler system in a building to prevent fires in developing. • A dike surrounding a tank, designed to contain accidental spillage from the tank. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
CONSTRUCTION OF BARRIER DIAGRAMS The construction of barrier diagrams consists of 4 steps: 1. Construction of e.g. the event chains When constructing barrier diagrams one must start with ignoring all the existing barriers! The main structure of the barrier diagram is the event chains, which may consist of elements from both the event tree and the fault tree method. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
STEPS IN CONSTRUCTING BARRIER DIAGRAMS • Inclusion of the barriers. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
STEPS IN CONSTRUCTING BARRIER DIAGRAMS • Once the barrier diagram is finished, the level of safety should be evaluated • to determine whether there are sufficient barriers against the undesired events happening • When evaluating the diagram one must consider: • The frequency/probability of the initiating events • The severity of the end events (consequence assessment) • The number, coverage and reliability of barriers in each of the event chains in the diagram 4. (optional) Classification of barriers according to type or evaluated reliability of the barrier. . Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Safety-barrier diagrams are simpler than fault trees Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Dependency can be included via the ”Common Element” Common Element indicated: ”Single Operator” Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Important properties of safety-barrier diagrams • Barriers may not be bypassed • Events/conditions and barriers are unique • Paths through diagrams can converge and diverge; divergence can be exclusive (as in an event tree) or simultaneous (or parallel) Convergence Divergence Simultaneous/parallel Exclusive Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Important properties (continue) • Diagrams can be split into connected sub-diagrams; Connected diagrams can be put together into a single diagram that fulfils the above conditions • The probability of conditions in a safety-barrier diagram can be derived from the • probability of the initial conditions and • probabilities of failure on demand of the barriers. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Comparison with other (graphical) risk analysis methods • Barrier diagrams are developed from cause-consequence diagrams • Cause-consequence diagrams combine fault trees and event trees • Barrier diagrams simplify the presentation of safety systems (”and” gates in fault trees) • A ”Bowtie” diagram is a safety-barrier diagram with a single ”Critical Event” Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Example safety-barrier diagram Process flow diagram for a hydrogen refuelling facility with cryogenic delivery Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Safety-barrier diagram for the unloading of a LH2-truck Safety-barrier diagram for the unloading of a liquid hydrogen truck at a refuelling station on the basis of the FMEA study by Venkatesh S., et.al.; Failure modes and effects analysis for hydrogen fueling options. California Energy Commission;2004. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Barrier diagram evaluation & type classification Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Barrier diagram evaluation & type classification Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Barrier diagram evaluation & type classification Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Conclusions The methodology of safety-barrier diagrams has been introduced and exemplified by the safety analysis of two sections of a hydrogen refueling station. • Safety-barrier diagrams offer a good overview of the safety precautions that are included in the different sections, and the consequences of the failure of these precautions. • Safety-barrier diagrams support hazard analysis; they do not support or replace the preceding phase of hazard identification, for which exist a range of more suitable methods, such as FMEA or HAZOP • The logic framework used for safety-barrier diagrams and the use of a classification for the different safety barriers forces the analysts toconsider the completeness of the barriers (in terms of the detect-diagnose-act sequence) and the role of the safety barrier in the system. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Conclusions • The safety-barrier diagrams allow both quantitative and qualitative assessments to be made. • The presentation by means of safety-barrier diagrams is simpler, and thereby easier to understand by non-experts than other graphical methods such as fault trees or event trees. • Therefore safety-barrier diagrams are excellent means for documenting system safety and for communication with authorities and other stakeholders. Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007
Thank you for your attention Paper 4.1.143 - 2nd ICHS, San Sebastian 11th-13th September 2007