Accident Modeling and Analysis in Process Industries

Faisal Khan Centre for Risk, Integrity & Safety Engineering (CRISE) Faculty of Engineering & Applied Science Memorial University, St John’s, NL, Canada

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Outline • • • • • •

Accident Accident Modelling Approaches SHIP Methodology Dynamic Risk Case Studies Conclusion

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Introduction • • •

•

• •

Recent Process Accidents and losses On January 23, 2010, release of highly toxic phosgene, exposing an operator leading to death at the DuPont facility in Belle, West. On April 20, 2010, a sudden explosion and fire occurred on the BP/Transocean Deepwater Horizon oil rig. The accident resulted in the deaths of 11 workers and caused a massive oil spill into the Gulf of Mexico. On July 22, 2010, an explosion and fire killed two workers at the Horsehead Holding Company zinc recycling facility located in Monaca, PA. The facility recycles and purifies zinc through a high temperature distillation process On January 10, 2012, blowout in KS Endeavour (Nigeria) killing two personnel, fire and spill continued for 46 days. And list goes on...

Source: www.csb.gov SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Introduction • Are these Accidents Preventable? Yes! Most of the times. • How? Knowing their occurrence early (likelihood) and taking appropriate safety measure Predictive Accident Modeling (Occurrence Likelihood) SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

An Accident • Event or activity that is: Unwanted Uncertain Uncontrollable

An accident in process facility caused by process malfunction is termed as Process Accident SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Accident Concept What we see? Good

What we measure/monitor

Bad

What we must Model/Predict

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Process Accident Initiation

Propagation

Termination SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Accident Process Concept Safe (Normal) state Near Miss

Mishap

Incident COUSES Accident

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Accident Pyramid Catastrophic Accident (0)

Frequency increasing

Accident (1)

Incident (5)

Mishap (10)

Near miss (100) SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Consequence increasing

Accident Modeling Approaches • Accident Models Reviewed Domino Loss causation FRAM

Keltz Swiss cheese Daryl's model

Ren’s HOF model Kujath’s Model STAMP

• Observation:  Focus on occupational accidents, and the models focusing on process hazards have been scant  Unable to present a holistic picture of system safety, and are not capable of accommodating modeling of multiple causal factors.  Descriptive models, not predictive models  Not adopted comprehensive quantification (no updating mechanism to reduce the uncertainty)

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Proposed Approach & Model

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Layers of Protection

Active safety and effect Mitigating Measures Passive Protection Measures

Safety instrumented system Critical Alarms

System control

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

SHIPP MethodologySystem Hazard Identification, Prediction and Prevention Methodology

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Process Accident Model Initiation

Progression Layers of protection

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Termination

Occurrence frequency Consequence

WWW.ENGR.MUN.CA/RESEARCH/SREG

Increasing

Increasing

SAFETY AND RISK ENGINEERING GROUP

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Accident Risk Model Causes

Proactive Controls

Reactive Controls

Basic event

Consequences

Outcome

Basic event

Unwanted Event

Outcome

Basic event

Outcome

Safer

Accident Risk Accident Risk

Fault Tree

Event Tree

Accident Risk Modeling using “Bow-tie” diagram SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Risk Conceptual Design

• Risk

Risk= F{s(c, f)} FEED

Risk

• Risk

Detailed design Time

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

• Risk

Current Risk Assessment Approach ■ Limitations: 1.

Unable to capture the dynamic behavior of the process operation

2.

Unable to update the quantitative results

3.

Unable to take account of early into account

4.

Carry significant uncertainty of quantitative estimation

5.

No predictive capabilities

6.

Utilize for risk assessment in early stage of process life cycle (design stage not in operational, or modification stages)

Dynamic Risk Assessment will overcome these drawbacks SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Dynamic Risk Conceptual Design

• Risk FEED

• Risk

Dynamic Risk= F{s(c, f),t} Detailed design

Dynamic Risk

• Risk

Installation

• Risk

Operation

Time

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

• Risk

Symptoms of Accident- Accident Precursors

Regular Failure Statistics White Swan

Rare Event Grey Swan

Unpredictable Event Black Swan

Picture cursey: Rob Rutenbar CS@Illinois

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Operational Risk Assessment Step 1 Step 3-1

Step 2-1

Step 3-2

Step 2-2 Step 2-3

Step 3

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Step 2 23

Updating Mechanism Likelihood probabilities Accident precursor data

Prior probabilities FTA P( xi )

P(data / xi )

Bayesian Inference P(data / xi )  P( xi )  P(data / xi )  P( xi )

Posterior probabilities P( xi / data)

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Application of Operational Risk Assessment Methods

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Applications of ORA The accident modeling and dynamic risk assessment approach has been applied many case studies, few examples are: 1. Processing facility – BP Texas City Refinery Accident 2. LNG Facility – Liquefaction Unit

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

BP Texas city Refinery Accident ■ Background Information ■ On March 23, 2005, a series of explosions and fires at BP’s Texas City refinery killed 15 people and injured another 180, alarmed the community, and resulted in financial losses exceeding $1.5 billion ■ There had been a number of previous events in ISOM involving hydrocarbon leaks, vapor releases, and fires ■ BP Incident investigation observed two major incidents occurred just a few weeks prior to the March 23 fatal event: • February 2005 hydrocarbons leak • March 2005 fire

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

BP Texas city Refinery Accident

Overpressure in splitter (~63 psig) have opened the overhead relief valves to feed directly into unit F-20 (Knockout drum with stack)

This resulted in vapors and liquid emerging ~20 ft above the top of the stack ‘like a geyser’ and running down and pooling around the base of F-20) SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

■ Step 1: Scenario identification Three possible accident scenario states are identified. Process upset (A), Process Shutdown (B) and Fluid release (C)

■ Step 2: Prior function calculation

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Part of the event tree of ISOM unit Total events are 190 Prior end-state probabilities are estimated based on prior failure probability of safety barrier

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

■ Step 3: Formation of Likelihood function

■ Likelihood function is formulated based on accident precursor data ■ Based on conjugate property, Likelihood function is taken as binomial  1 distribution P(ck )   ( xi ) (1  xi ) i ,k

i  SBk

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

i ,k

■ Step 4: Risk Estimation and Perdition Years

Probability of Release Linear Hazard Model

Probability of Release Poisson Process

Discrete

Cumulative

Discrete

Cumulative

1

0.0003

3.00×10-4

8.00×10-4

8.00×10-4

2

0.0003

6.00×10-4

8.00×10-4

1.60×10-3

3

0.0003

9.00×10-4

8.00×10-4

2.40×10-3

4

0.0011

2.00×10-3

1.60×10-3

4.00×10-3

5

0.0035

5.50×10-3

3.99×10-3

7.99×10-3

6

0.0043

9.80×10-3

4.79×10-3

1.28×10-2

7

0.0051

1.49×10-2

5.58×10-3

1.84×10-2

11

0.0083

2.32×10-2

8.76×10-3

2.71×10-2

12

0.0091

3.23×10-2

9.55×10-3 3.67×10-2

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

2004 2005 Predictive results based on 2004

Accident Modeling and Dynamic risk estimation of Liquefaction unit

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Fuel gas

Liquefied and Sub-cooled Fuel gas expander

Downstream and Storage End flash unit

HCHE

Heavy gas removal unit HP C3

MP C3

LNG expander

LNG storage LP C3

Mercury removal unit LP C3

Dehydration unit

Fractionation unit

HP C3

Compressor

Condensate storage Acid gas removal unit

Natural gas

Upstream Processing Purification SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

MP C3

HP C3

Accident Scenario Analysis No

Date

Scenarios

Severity Level

1

04.Jan 09

Steam hammering in the low pressure steam line caused a valve stem cover for a gear operated gate valve to loosen and fall approximately 15 m to the ground

Near miss

2

12.Jan 09

Upper master valve did not close as required during train three depressurization

Safe

3

13.Jan 09

Inadvertent flaring due to wrong opening of pressure control valve on flare line

Near miss

4

14.Jan 09

Gland leak from level control valve when open flame job was in progress inside low pressure knock-out-drum

Incident

5

15.Jan 09

Inadvertent flaring due to wrong opening of pressure control valve on flare line

Near miss

6

19.Jan 09

Flame noticed from main combustion chamber of sulphur recovery unit top side

Mishap

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Deviation from safe state

Release Prevention Barrier (RPB) Fail

Success

Dispersion Prevention Barrier (DPB) Fail

Success

Ignition Prevention Barrier (IPB) Fail

Escalation Prevention Barrier (EPB) Fail

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Success

Success

Safe

Near miss

Mishap

Incident

Accident

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

FT Results • FT are constructed using the proposed generic fault tree models Safety Barrier (xi)

Failure Probability p(xi)

Release Prevention Barrier (RPB)

0.0527

Dispersion Prevention Barrier (DPB)

0.0616

Ignition Prevention Barrier (IPB)

0.1060

Escalation Prevention Barrier (EPB)

0.0271

It is observed that estimated results show significant agreement to real plant data.

• The failure of barriers is assumed independent and mutually exclusive

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Event Tree Analysis RPB SB1

DPB SB2

IPB SB3

EPB SB4

Consequences

C1 - Safe

C2 – Near miss

Deviation from safe mode

C3 - Mishap

X1

C4 - Incident X2

The prior probability of consequence of severity level ( =1, 2, 3, 4, 5), denoted by , is given as;

p(ck ) 

i ,k x  i (1  xi )



jSBk

X3 X4

C5 - Accident

C1(Safe)

9.4×10-1

C2(Near Miss)

4.9×10-2

C3 (Mishap)

2.9×10-3

C4(Incident)

3.3×10-4

C5(Accident)

9.3×10-6 SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Probability

Occurrence Probability p(ck)

Severity

Consequences (ck)

1i ,k

Prediction • The number of abnormal event In the first ten month of year 2009 has been estimated using the results of HAZOP study • Based on these data, λp can be estimated

• The mean value of the number of events is estimated as 22. This implies that the average number of events predicted in the eleventh month is 22. SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

Updated Probability of Abnormal Event Month

C1(Safe)

C2(Near miss)

1

9.27×10-1

6.90×10-2

3.20×10-3

1.90×10-4

0

2

9.14×10-1

8.30×10-2

2.60×10-3

8.00×10-5

0

3

9.09×10-1

8.80×10-2

2.60×10-3

1.00×10-4

0

4

8.64×10-1

1.32×10-1

3.80×10-3

2.80×10-4

7.68×10-7

5

8.51×10-1

1.44×10-1

4.00×10-3

2.70×10-4

6.24×10-7

6

8.50×10-1

1.46×10-1

3.90×10-3

2.70×10-4

5.69×10-7

7

8.54×10-1

1.42×10-1

3.70×10-3

2.90×10-4

1.14×10-6

8

8.55×10-1

1.41×10-1

3.80×10-3

2.80×10-4

1.03×10-6

9

8.51×10-1

1.45×10-1

3.80×10-3

2.70×10-4

9.42×10-7

10

8.50×10-1

1.45×10-1

4.00×10-3

3.00×10-4

9.21×10-7

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

C3 (Mishap) C4 (Incident)

C5 (Accident)

Conclusions • The SHIPP methodology help identifying process hazards, evaluate them, and model probable accident scenarios. • It provides precise information of how system is degrading with time and help to predict potential accidents • It helps to increase the overall safety and performance of the system by applying preventive measures with the knowledge of realistic prediction. • The dynamic risk assessment and management help to identify process risk early and invite to take appropriate safety action •

It has dynamic learning abilities that is effective in preventing accidents and enhancing the overall safety performance of the system

• Source-to-source uncertainty may be modelled using Bayesian analysis SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

References related to presentation • •

• •

•

• • • •

Al-Shanini, A. Ahmad, A., Khan, F. (2014). Accident modeling and safety measure design of a hydrogen station. International Journal of Hydrogen Energy, 39(35), 20362-20370. Rathnayaka, S., Khan, F., Amayotte, P. (2013). Accident modeling and risk assessment framework for safety critical decision-making: application to deepwater drilling operation. Proceedings of the Institution of Mechanical Engineers, Part O: Journal of Risk and Reliability, 227(1), 86–105. Rathnayaka, S., Khan, F., Amyotte, P. (2012). Accident modeling approach for safety assessment in an LNG processing facility. Journal of Loss Prevention in the Process Industries, 25(2), 414–423. Rathnayaka, S., Khan, F., Amyotte, P. (2011). SHIPP methodology: Predictive accident modeling approach, Part I: methodology and model description. Process Safety and Environmental Protection, 89(3), 151-164. Rathnayaka, S., Khan, F., Amyotte, P. (2011). SHIPP methodology: Predictive accident modeling approach, Part II: validation with case study. Process Safety and Environmental Protection, 89(2), 75-88. Kujath, M. F., Amyotte, P., and Khan, F. (2010). A Conceptual offshore oil and gas process accident model. Journal of Loss Prevention in the Process Industries, 23 (2). 323-330. Attwood, D., Khan, F. and Veitch, B. (2006). Occupational accident models-where have we been and where are we going?, Journal of Loss Prevention in the process industries, 19(6), 664-682. Attwood, D., Khan, F. and Veitch, B. (2006). Offshore oil and gas occupational accidents-What is important?, Journal of Loss Prevention in the Process Industries, 19(5), 386-398. Attwood, D., Khan, F. and Veitch, B. (2006). Can we predict process accident frequency?, Process Safety and Environmental Protection, 84(3B), 208-221. SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG

THANK YOU FOR YOUR ATTENTION!!!!!!!!

SAFETY AND RISK ENGINEERING GROUP WWW.ENGR.MUN.CA/RESEARCH/SREG