No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Multi-objective optimization of design and testing of safety instrumented systems with MooN voting architectures using a genetic algorithm
Abstract
This paper presents the optimization of design and test policies of safety instrumented systems using MooN voting redundancies by a multi-objective genetic algorithm. The objectives to optimize are the Average Probability of Dangerous Failure on Demand, which represents the system safety integrity, the Spurious Trip Rate and the Lifecycle Cost. In this way safety, reliability and cost are included. This is done by using novel models of time-dependent probability of failure on demand and spurious trip rate, recently published by the authors. These models are capable of delivering the level of modeling detail required by the standard IEC 61508. Modeling includes common cause failure and diagnostic coverage. The Probability of Failure on Demand model also permits to quantify results with changing testing strategies. The optimization is performed using the multi-objective Genetic Algorithm NSGA-II. This allows weighting of the trade-offs between the three objectives and, thus, implementation of safety systems that keep a good balance between safety, reliability and cost. The complete methodology is applied to two separate case studies, one for optimization of system design with redundancy allocation and component selection and another for optimization of testing policies. Both optimization cases are performed for both systems with MooN redundancies and systems with only parallel redundancies. Their results are compared, demonstrating how introducing MooN architectures presents a significant improvement for the optimization process.
... Torres-Echeverria et al. [20] accorde plus d'attention aux stratégies de test et à la manière d'évaluer les performances des SIS par le biais d'un arbre de défaillance pour les couches SIS redondantes ou de type k/n. Ils proposent d'utiliser un modèle compact qui prend en compte plusieurs paramètres tels que DCC, le taux de couverture de diagnostic (DC), les instants des tests de preuve, etc. Brissaud et al. [21] analyse l'impact des tests partiels et développe une formule générale pour évaluer la performance de SIS pour les systèmes à composants multiples. ...
... La qualification de cette performance est déterminée par des niveaux référencés (SIL). Ainsi, le est en fait évalué par l'indisponibilité moyenne du SIS pour assurer la fonction de sécurité à la demande [20]. La norme CEI 61508 [2] établit quatre niveaux de classification basés sur le où SIL 4 représente l'exigence la plus stricte, et SIL 1 la moins stricte. ...
... Après chaque essai/restauration, tous les composants du SIS sont dans leur état initial [21]. Le facteur β est utilisé pour modéliser les DCC [20]. Les défaillances de sécurité ne sont pas prises en compte. ...
Cet article étudie la modélisation de l'indisponibilité des systèmes instrumentés de sécurité (SIS) par les réseaux bayésiens dynamiques (RBD) dans le cas particulier de tests de durée importante. La durée augmente la complexité du modèle lorsque l'on considère l'indisponibilité des composants étant donné le test, mais elle est plus réaliste. Mots Clés-SIS, indisponibilité moyenne, test d'inspection, durée de test, stratégie de test. Abstract-This paper studies the modelling of the unavailability of instrumented security instrumented systems (SIS) by dynamic Bayesian networks (DBNs) in the case of large tests duration. Duration increases the complexity of the model when considering the unavailability of components given the test but is more realistic.
... To date, a considerable amount of literature is available in terms of performance/reliability assessment of the redundant structures, covering topics, including common cause failure [9][10][11], testing and maintenance [12][13][14][15][16], reliability allocation [17,18], cascading failures [19] etc. Exposing to the quite same working conditions, the dependence, especially failure dependence, is attracting more attention [20,21]. Also, many systems are subject to degradation and random shocks simultaneously [22,23]. ...
... Each variable has a certain range from the real perspective as in Eq. (14). ...
... In this case, the variable a and b will be excluded from the decision vector x. The other variables, the activation probability p, the ratio k of the PM and PM threshold M, are assumed in the range as described in Eq. (14). ...
Redundant structure has been widely deployed to improve system reliability, as when one unit fails, the system can continue to function by using another one. Most existing studies rely on the similar assumption that the heterogeneous units are subject to periodic inspections and identical in terms of their aging situations and the numbers of resisted shocks. In practice, it is often adequate to trigger a unit individually in the event of a single shock, which intensifies the degradation of that unit, accordingly, requiring a sooner inspection to ensure its safety. In this study, the stochastic dependency among units is addressed firstly by introducing a novel activation sequence. Secondly, an adaptive system-level inspection policy is proposed by prioritizing the unit with a worse state. Finally, we take advantage of Monte Carlo methods to simulate the whole process and estimate two objectives, referring to the average system unavailability and maintenance cost, in a designed service time. It is found that the two objectives are contradictory through numerical examples. The Non-dominated Sorting Genetic Algorithm III (NSGA-III) algorithm, therefore, has been employed to find the optimal solutions in system unavailability and cost, which provide clues for practitioners in decision-making.
... The qualification of this performance is determined by referred levels of safety (SIL). Thus, the PFD avg is in fact assessed by the average unavailability of SIS to perform the safety function on demand (Bukowski, 2001;Torres-Echeverria et al., 2012). The IEC 61508 standard (IEC61508, 2010) establishes four classification levels based on the PFD avg , where SIL 4 represents the most strict requirement, and SIL 1 the least. ...
... • Random test: In this strategy, the time interval of test of a component does not follow a specific program, the time interval between two tests of components is randomly chosen (Torres-Echeverria et al., 2012) or computed according to the current state (Wu et al., 2018). It is assumed that non-tested components are working. ...
... • The standard β-factor is used to model CCF (Hokstad and Rausand, 2008;Lundteigen and Rausand, 2007;Torres-Echeverria et al., 2012). ...
This paper is devoted to model Safety Instrumented Systems (SISs) availability by Dynamic Bayesian Networks (DBNs). The models integrate several parameters but the main concerns of the study are the integration of test duration and test strategy. The proposed DBN are generic and can be reused for assessing performance and testing the effect of some parameters. More attention has been paid to the performance of the proof test, its harmlessness and particularly its duration. The duration increases the model complexity when considering the components availability given the test but it is more realistic. This parameter should be decided carefully to satisfy the Safety Integrity Level (SIL) objectives.
... The purpose of the optimization is to search the maximum supporting forces as presented in the Equation (8) to (11), that is, to seek the max {T 1 , T 2 , T 3 , T 4 }. In accordance with Equation (12), the former objective functions need to be converted to the opposite to be optimized: min {-T 1 ,-T 2 ,-T 3 , -T 4 }. ...
... In the same time, we can increase the weight of the boom to "balance" part of the exciting force. According to Equation (11), the cause why supporting force determined by the backward condition is insufficient mainly due to the structural length of the excavator, which results in the arm of the excitation hydraulic cylinders to the point L is too long. Because the size of the excavator undercarriage can hardly be changed, it should minimize the length of the other components (such as the boom, arm) to reduce the arm of the force. ...
... [10][11] ...
The dynamic response test to the subgrade plays a very important role in railway construction and a new in-situ test system is proposed. This paper presents the application of non-dominated sorting genetic algorithm-II (NSGA-II) to analyze the stability of the supporting equipment for track subgrade dynamic response in-situ test device. Its stability is related with the extension length of the hydraulic cylinders and the backward condition of the supporting equipment - the hydraulic excavator. The problem is formulated as a multi-objective optimization problem with the objective of maximizing the supporting force for the test device. An 85 tons excavator is picked as the case to study. The first optimal results show the excavator may not support the test system successfully. After redesigning the boom and adding its weight and length as new parameters, the second optimize results indicate the test device can work normally.
... Two main indexes are used for the classification of SIS. The Average Probability of Failure on Demand (PFD avg ) is used in low demand mode [5], [4] or the Probability of Failure per Hour (PFH) is used for a SIS operating in high demand and continuous mode [6]. SIS in low demand mode are the subject of this paper. ...
... The SIS unavailability must be proved by quantitative evaluations preferentially from some referenced methods such as Fault Trees [4], [3], Reliability Block Diagrams [7] as well as Markov chains [4], [5] or Petri Nets [8] to classify it according to (SIL) defined in the standard [9]. If SIS are usually composed of few components, their study can become a bit complex especially in the case of low demand mode where latent failure can occur. ...
... The qualification of this performance is determined by referred levels of safety (SIL). Thus, the index are in fact the unavailability of the system that affects its ability to react to hazards i.e. the safety unavailability [16], [5], [11]. The IEC 61508 standard [9] establishes 4 classification levels. ...
This paper proposed an approach to model Safety Instrumented Systems (SIS). The model is based on Multiphase Markov Chains and integrates several parameters like Common Cause Failure, Diagnostic Coverage, Proof testing, etc. The basic concepts of the Markov chains applied to availability analysis are introduced and a model to compute the unavailability for a case study is presented. We show how the variation of some characteristic parameters induces significant changes on the safety level of the SIS. The proposed method ensures the relevance of the results.
... Torres-Echeverría et al. [19] described the design optimization of SRSs using a multi-objective genetic algorithm based on RAMS+C measures. Torres-Echeverría et al. [20,21] also presented a new approximation method for time-dependent probability to optimize proof-testing policies by genetic algorithms, and proposed the optimization of design and test policies for SRSs using several redundancies through the use of a multi-objective genetic algorithm. Marseguerra et al. [22] proposed a multiple-objective optimization approach by combining genetic algorithms and Monte Carlo simulations for network system design optimization. ...
... As the objective function of Model II, Eq. (11) can be used to minimize the total cost, and is defined as the sum of the total component cost and additional fault checking modules costs. Eq. (12) or (21) can be used to determine the probability; this evaluation depends on the frequency dictated by the safety function demand. Eq. (13) defines the constraints for the SFF, similar to Eq. (7). ...
Safety-related systems (SRSs) has widely used in shipbuilding and power generation to prevent fatal accidents and to protect life and property. Thus, SRS performance is a high priority. The safety integrity level (SIL) is the relative performance level of an SRS with regard to its ability to operate reliably in a safe manner. In this article, we proposed an optimal design procedure to achieve the targeted SIL of SRSs. In addition, a more efficient failure mode and effects diagnostic analysis (FMEDA) process and optimization model were developed to improve cost efficiency. Based on previous IEC 61508 diagnostic analyses that revealed unnecessary costs associated with excessive reliability, the new approach consists of two phases: (i) SIL evaluation by FMEDA, and (ii) solution optimization for achieving the target SIL with minimal cost using integer-programming models. The proposed procedure meets the required safety level and minimizes system costs. A case study involving a gas-detection SRS was conducted to demonstrate the effectiveness of the new procedure.
... On the other hand, several researchers have focused on the optimization side of SIS design and maintenance. The optimization of SIS was introduced by Torres-Echeverria et al. [10], who focused on policy testing and the use of genetic algorithms (GAs) in multi-objective optimization to balance performance metrics like lifecycle costs (LCC), spurious trip rate (STR), and probability of failure on demand (PFDavg). A variety of optimization techniques, such as GA, PSO, and stochastic modeling, have been used in other studies to optimize SIS architectures, maintenance plans, and performance metrics while taking safety, environmental, and economic considerations into account. ...
This study aims to present a complete methodology that integrates evaluation and optimization to address the entire Safety Instrumented Systems (SIS) lifecycle. A comprehensive methodology for SIS evaluation and optimization is proposed, specifically targeting a system, called I-1165, responding to a high-high level alarm in a De-ethanizer Reflux Drum V-2, which is used to separate ethane and lighter components from heavier hydrocarbons. The methodology begins with a comprehensive HAZOP study to identify and assess potential risks, which are then estimated using PHAST software. SIL allocation is performed using the LOPA method, followed by the determination of Achieved SIL through analytical formulas. The Achieved SIL is iteratively validated by comparing it with the Required SIL. If the Achieved SIL does not meet the required standards, a genetic algorithm (GA) is employed to optimize the SIS design and maintenance strategies. This process continues until the target SIL is achieved, or an alternative architecture is proposed, ensuring that the SIS performance aligns with safety requirements. Optimization results for the I-1165 system reveal a significant improvement in PFDAvg from 2.1E-2 to 6.10537E-4, meeting and exceeding the required SIL 2 performance. This improvement not only enhances system safety and reliability but also ensures compliance with IEC 61508 standards while reducing lifecycle costs by optimizing the frequency of maintenance and testing intervals.
... Furthermore, Torres-Echeverria et al. [5] explored the impact of component redundancy and diversification in SIS subsystem architectures, demonstrating enhancements in SIS performance during the design phase. Torres-Echeverria et al. [6] investigated the multi-objective optimization of SIS design and testing policies, using K out-off N (KooN) redundancy and the multi-objective genetic algorithm NSGA-II. The study undertook two distinct optimization cases: one focused on system design, encompassing component selection and redundancy allocation, and the other on testing policy optimization. ...
This study introduces a novel framework for analyzing cost-effectiveness in the design and operation of Safety Instrumented Systems (SIS). The primary objective is to achieve an optimal equilibrium among safety integrity, operational integrity, and lifecycle cost of SIS. It is essential to note that these objectives may often be in conflict; for instance, enhancing safety integrity could potentially diminish operational integrity and escalate costs. Achieving this balance is crucial to ensure that the risk level being addressed aligns precisely with the desired objectives while minimizing any adverse effects. The novelty of this paper lies in the refined formulation of a multi-objective optimization problem and the application of a recently developed swarm-based Manta-Ray Foraging Optimization (MRFO) algorithm. The effectiveness of this approach is demonstrated through a typical SIS design challenge, which entails satisfying specific measures in terms of Safety Integrity Level (SIL), spurious trip activation rate, and lifecycle cost. These measures depend on variables such as the number and voting scheme of components, their types, and the intervals for potential proof tests. For validation and comparison, the problem was initially tackled using a conventional approach based on genetic algorithms. Subsequently, the MRFO algorithm was employed, yielding highly satisfactory results and confirming its proficiency in resolving real-world SIS optimization challenges. Notably, the MRFO algorithm produced a greater number of solutions compared to the genetic algorithm approach. This increase in solution options is advantageous, offering decision-makers a broader array of choices for optimal system design. This study contributes significantly to the field of SIS design, presenting an innovative, algorithm-driven approach to balancing safety, operational integrity, and cost in system development. It also contributes to understanding the life cycle costs of security barriers in general
... In this context, it is necessary to have a strong comprehension of the principal parameters related to proof test. For the verification of SIS several proof tests strategies have been defined, in this context Torres-Echeveria et al. [11] proposes a classification of test strategies. ...
This paper presents an alternating test strategy for multi-state Safety Instrumented Systems (SIS) by considering the proof testing parameters according to the observed state in the current test. An approach based on the model of Dynamic Bayesian Network (DBN) is developed to assess the SIS unavailability. The developed model is used for determining the average system performance according to proof tests parameters for a certain service period. Then, the strategy is applied on SIS actuator layer where a structural redundancy is considered. A case study is presented to illustrate the benefits of the proposed testing strategy in improving the SIS performance.
... In some papers, authors have used "k-out-of-n systems with multiple failure modes" to represent the idea of voting systems. Such work can be found in Ben-Dov [12], Jenney and Sherwin [32], Page and Perry [81], Sah and Stiglitz [97], Pham and Pham [89], Pham and Malon [88], Pham [87] and Torres-Echeverría et al. [102,103]. Sah and Stiglitz [97] have studied a k-out-of-n system with binary inputs and two failure types. The paper mainly focuses on determining the optimal value of k to maximize mean profit of the system. ...
This chapter first covers various existing works of voting systems in different aspects, such as design of voting systems, weighted voting systems, weighted voting classifiers and reliability evaluation of voting systems. Then, different inspection policies are reviewed, including periodic inspection, sequential inspection and state dependent inspection. After that, some recent studies on Intervened Decision-making Systems, which are voting systems with inspections and other supervising mechanisms, are presented. Finally, some future research trends are discussed.
... Thus, maintenance is considered merely a rather abstract concept or a very rough estimation of one operational-level detail. Notably, several research papers within this stream (Torres-Echeverria, 2009;Torres-Echeverria, Martorell & Thompson, 2012;Zhao, Si & Cai, 2019) employ multi-objective optimisation based on meta-heuristic algorithms. These papers engage in very detailed studying of the algorithm modalities and result in the produced Pareto optimal set with respect to the conflicting or non-conflicting relationship between various objectives. ...
The safety of operations is vital in any process in the oil and gas sector, especially given that increasingly more hydrocarbon reserves are discovered in non-conventional remote and Arctic locations. Safety systems are designed as a part of a complex IT system for process control. The design of these systems is conducted in the form of an engineering project. This research presents a decision-making framework to facilitate formulating clear and comprehensive recommendations for the requirements specification developed for the safety systems. The contribution of this research to the strategic planning area of IT solutions for hazardous industrial facilities is integrating the problems of designing a safety system, planning its maintenance, and scheduling the employees to conduct the required maintenance. With this joint decision-making, it is possible to explore trade-offs between investments into the systems’ complexity and workforce-related expenditures throughout the solution’s lifecycle. The reliability modelling is conducted with the help of Markov analysis. The multi-objective decision-making framework is employed to deduce straightforward requirements to the safety system design, maintenance strategy, and workforce organisation. This research is relevant to managing the petroleum sector engineering projects with regard to the design of technological solutions.
... In separate work, Torres-Echeverria et al. (2012) have proposed two models of SIS design and test policy optimization using "MooNvotes redundancies" using a multi-objective genetic algorithm. The objective functions to be optimized are PFDavg, STR, and LLC, which is carried out by new models of PFDavg and STR, time-dependent. ...
Purpose
The main objective of safety instrumented systems (SISs) is to maintain a safe condition of a facility if hazardous events occur. However, in some cases, SIS's can be activated prematurely, these activations are characterized in terms of frequency by a Spurious Trip Rate (STR) and their occurrence leads to significant technical, economic and even environmental losses. This work aims to propose an approach to optimize the performances of the SIS by a multi-objective genetic algorithm. The optimization of SIS performances is performed using the multi-objective genetic algorithm by minimizing their probability of failure on demand PFDavg, Spurious Trip Rate (STR) and Life Cycle Costs (LCCavg). A set of constraints related to maintenance costs have been established. These constraints imply specific maintenance strategies which improve the SIS performances and minimize the technical, economic and environmental risks related to spurious shutdowns. Validation of such an approach is applied to an Emergency Shutdown (ESD) of the blower section of an industrial facility (RGTE- In Amenas).
Design/methodology/approach
The optimization of SIS performances is performed using the multi-objective genetic algorithm by minimizing their probability of failure on demand PFDavg, Spurious Trip Rate (STR) and Life Cycle Costs (LCCavg). A set of constraints related to maintenance costs have been established. These constraints imply specific maintenance strategies which improve the SIS performances and minimize the technical, economic and environmental risks related to spurious shutdowns. Validation of such an approach is applied to an Emergency Shutdown (ESD) of the blower section of an industrial facility (RGTE- In Amenas).
Findings
A case study concerning a safety instrumented system implemented in the RGTE facility has shown the great applicability of the proposed approach and the results are encouraging. The results show that the selection of a good maintenance strategy allows a very significant minimization of the PFDavg, the frequency of spurious trips and Life Cycle Costs of SIS.
Originality/value
The maintenance strategy defined by the system designer can be modified and improved during the operational phase, in particular safety systems. It constitutes one of the least expensive investment strategies for improving SIS performances. It has allowed a considerable minimization of the SIS life cycle costs; PFDavg and the frequency of spurious trips.
... The goal is to find the number of components to apply in each subsystem. In most cases, the goal of optimizing redundancy is to maximize reliability [17][18][19]. These two approaches can be grouped into the category of design for maintenance in favor of reliability [20]. ...
This article describes a new approach to simultaneous optimization of design and maintenance of large-scale multi-component industrial systems. This approach, in a form of an algorithm, aims to help designers in the search for solutions by characterizing the components and their architecture including maintenance issues. The aim is to improve the performance of the industrial systems by maximizing the Total Operational Reliability (TOR) at the lowest Life Cycle Cost (LCC). In the case of this research, the term "design" refers to the reliability properties of the components, possible redundancies, faulty component accessibility, and the ability to improve the component real-time monitoring architecture. The term “maintenance” refers to maintenance plan adapted to the opportunistic dynamic maintenance plan. Simultaneous optimization of design and maintenance is achieved by a two-level hybrid algorithm using evolutionary (genetic) algorithms. The first level identifies the optimal design solutions calculated relative to the TOR and the LCC. The second proposes a dynamic maintenance plan that maximizes the reliability of the system throughout its operating life.
... In the a posteriori mode, a user apply a multi-objective optimisation algorithm to generate a set of non-dominated solutions on a Pareto frontier [2]. Previous reliability engineering studies dealing with k-out-of-N systems employed several algorithms including Non-Dominated Sorting Genetic Algorithm-II (NSGA-II) [16] and ant colony optimisation [17]. The a posteriori mode possesses a major drawback in that the user is still required to make a trade-off from the Pareto frontier to derive the final solution. ...
Devising a long-term maintenance plan for a system of large infrastructure assets is an exacting task. Any maintenance activity that induces system downtime can incur a massive production or service loss. This problem becomes increasingly challenging for a system of which the performance is based on the collective output of assets. Current approaches that optimise each asset in isolation or consider a binary performance relationship insufficiently address this issue because the negligence of performance interactions among assets results in an inaccurate cost estimation. To overcome these hurdles, we formulate a mathematical model that explicitly demonstrates dynamic risk of production loss according to the system aggregate output. Further, we propose an integrated solution method that couples a finite loop search with a Genetic Algorithm. Application of our model to a real-world case study has proved to simultaneously strike the balance between cost and risk. Validated by Monte Carlo simulation, the proposed model has shown to outperform existing approaches. By systematically scheduling maintenance actions over the planning horizon, the resultant strategy has demonstrated to offer considerable maintenance cost savings and significantly prolong the average asset life. Sensitivity analyses also evince the robustness of the proposed model under the volatility in key parameters.
... The second approach, redundancy allocation, is to find the number of components to apply in each subsystem (Ebrahimipour and Sheikhalishahi, 2011). In the majority of cases, the goal of the redundancy is to maximize the reliability (Nourelfath and Ait-Kadi, 2007;Okasha and Frangopol, 2009;Torres-Echeverr ıa et al., 2012). These two approaches, used separately or combined, can be grouped into the category of DFM in favor of reliability (Amari and Pham, 2007). ...
Purpose
This paper proposes a new simultaneous optimization model of the industrial systems design and maintenance. This model aims to help the designer in searching for technical solutions and the product architecture by integrating the maintenance issues from the design stage. The goal is to reduce the life-cycle cost (LCC) of the studied system.
Design/methodology/approach
Literature indicates that the different approaches used in the design for maintenance (DFM) methods are limited to the simultaneous characterization of the reliability and the maintainability of a multicomponent system as well as the modeling of the dynamic maintenance. This article proposes to go further in the optimization of the product, by simultaneously characterizing the design, in terms of reliability and maintainability, as well as the dynamic planning of the maintenance operations. This combinatorial characterization is performed by a two-level hybrid algorithm based on the genetic algorithms.
Findings
The proposed tool offers, depending on the life-cycle expectation, the desired availability, the desired business model (sales or rental), simulations in terms of the LCCs, and so an optimal product architecture.
Research limitations/implications
In this article, the term “design” is limited to reliability properties, possible redundancies, component accessibility (maintainability), and levels of monitoring information.
Originality/value
This work is distinguished by the use of a hybrid optimization algorithm (two-level computation) using genetic algorithms. The first level is to identify an optimal design configuration that takes into account the LCC criterion. The second level consists in proposing a dynamic and optimal maintenance plan based on the maintenance-free operating period (MFOP) concept that takes into account certain criteria, such as replacement costs or the reliability of the system.
... The results indicate that the key to lower the spurious trips in input elements and logic solvers is to find the solution that reduces the CCFs in input elements and logic solvers. The previous studies [14,23,24] proved that, with regard to the spurious activation of the SIS, for a given value of N, the STR decreases when the value of K increases. For a given value of K, the STR increases when the value of N increases. ...
Safety instrumented systems (SISs) used in various industries are designed to perform specific safety functions to prevent possible accident scenarios. However, spurious activation occurs when a SIS is activated in an untimely manner, potentially resulting in production interruption, economic loss as well as risk to present during the system restoration. Therefore, it is necessary to quantify the spurious activation rate to reduce the number of spurious activations and achieve the highest overall level of risk reduction. This study analyzes possible scenarios leading to a spurious trip in SIS subsystems and presents a further development of existing analytical formulas to calculate the spurious trip rate (STR) for any KooN configuration. The proposed formulas are compared to the existing ones to evidence the improvements and are applied in numerical calculations to investigate the operational integrity of SIS subsystems. Results indicate that common cause failure contributes to most of the STR in input elements and logic solvers, and optimal configurations with both lower PFDavg and lower STR are identified in each subsystem. The overall approach is illustrated via a simple case study and some conclusions are drawn.
... The second approach, redundancy allocation, is to find the number of components to apply in each subsystem (Ebrahimipour and Sheikhalishahi, 2011). In most cases, the goal of the redundancy is to maximize reliability (Nourelfath and Ait-Kadi, 2007;Okasha and Frangopol, 2009;Torres-Echeverría et al., 2012). These two approaches, separated or combined, can be grouped into the category of design for maintenance in favor of reliability (Amari and Pham, 2007). ...
The design for maintenance is considered an opportunity to optimize the life cycle cost of a product, particularly in large-scale industrial systems, where maintenance expenses represent more than 60% of life cycle costs. The design of such systems starts with developing the product architecture corresponding to the specifications. On the other hand, the design must take into account maintenance by improving real-time monitoring of equipment through the integration of new technologies such as connected sensors and intelligent actuators. This article proposes a new method of design for maintenance that assists designers to propose dynamic maintenance for multi-component industrial systems. The goal is to maximize the performance of reliability for the lowest cost over the life cycle. Depending on the life cycle duration, the desired availability, and the desired business model (sales or rental), this tool provides visibility of overall costs and optimal product architecture.
... In this second approach, it is assumed that the characteristics of each component such as reliability, weight, cost, etc. are predetermined and the goal is to determine the type and number of components that should be applied in each subsystem. In most cases, the goal of optimizing redundancy is to maximize reliability (Nourelfath, 2007), (Okasha, 2009), (Torres-Echeverría, 2012). ...
This work presents a methodology for simultaneous design and maintenance optimization which objective’s the minimization of the life cycle cost. This methodology helps designers to optimize the design of complex industrial systems (multi-component systems) based on the minimization of the life cycle cost (LCC). The research contribution comes from integrating two optimization tasks which traditionally are carried out in separate ways. In fact, during the design phase, the system architecture is usually optimized by neglecting maintenance expenses. While during the operational phase the system architecture is already finalized and maintenance optimization approaches allow only determining a minimum maintenance cost. In this work, design optimization refers to the optimization of reliability and maintainability characteristics. There are two approaches for optimizing reliability. The first one considers component reliability as a decision variable, and its cost is considered as a predetermined increasing function of component reliability. The second approach aspires to determine the type and number of redundant components of each subsystem. On top of that, there are two approaches for maintainability. The first one considers component accessibility as a decision variable, and its cost is considered as a predetermined increasing function of component accessibility. While, the second approach focuses more on the monitoring architecture. In addition, the maintenance optimization is able to optimally and automatically select what maintenance actions are applied, when they are applied, and to which structural components they are applied, so that the system can perform these missions with the required confidence level.
... For power transmission networks, Cadini et al [20] addressed the optimal expansion problem, considering the transmission reliability efficiency and the cost of the added transmission links, by adding the new connection links. For safety instrumented systems, Torres-Echeverria et al [21] presented the multi-objective genetic algorithm to solve the optimization of design and test policies considering the average probability of dangerous failure on demand, the spurious trip rate and the lifecycle cost. Safari [22] proposed an improved non-dominated sorting genetic algorithm to solve the multiobjective redundancy allocation problems. ...
... The qualification of this performance is determined by referred levels of safety (SIL). Thus, the PFD avg is in fact the unavailability of the system that affects its ability to react to hazards; i.e. the safety unavailability (Torres-Echeverria et al., 2012). The IEC61508 (2010) standard establishes 4 classification levels based on the PFD avg (for low demand operating systems). ...
... Afin de résoudre ce problème, un problème d'optimisation multi-objective floue a été reformulé en considérant des préférences de fiabilité et de coûts. (Torres-Echeverría, Martorell, & Thompson, 2012) ont présenté leur papier qui prend en compte l'optimisation de l'architecture des systèmes de sécurité par un algorithme multi-objectif qui garde un équilibre entre la sécurité, la fiabilité et les coûts. ...
Au cours de la conception des systèmes automatisés, il est impératifde penser à maintenir la performance qui est susceptible de se dégraderau fil du temps. Lors de l’exploitation de tels systèmes, des opérationsde maintenance préventive permettent de garder cette performanceau dessus d’un niveau requis ; mais en même temps, la réalisation d’unnombre non-étudié de ces interventions, risque d’être un désavantage dul’intégralité du processus. Il est donc indispensable de réfléchir commentdiminuer ces interventions à un nombre optimal, le fait qui impose depratiquer une méthodologie de conception qui ose à organiser les opérationsde maintenance ; mais aussi, de diminuer le temps perdu en ce quiconcerne la détermination des actions à faire lors de l’intervention, et déjàde diminuer le temps perdu suit aux opérations inutiles. Le concepteurdonc est invité à structurer une architecture optimal, capable de réaliserune fonction définie et qui doit permettre au système de maintenir, avecle moindre des dépenses, la performance voulu représentée par un limitede fiabilité à n’est pas dépassé.
... But in fact for many final elements, like actuated valves involving electro-mechanical and/or hydraulic-mechanical components working in a subsea environment, they are more likely to deteriorate with an increasing failure rate instead of constant failure rates over time especially in the wear-out period (Rausand, 2014;Rogova et al., 2015). Moreover, some other assumptions relied by the existing literatures (Innal et al., 2016;Liu and Rausand, 2016;Torres-Echeverría et al., 2012;Wu et al., 2016) are also questionable in a subsea context, e.g. the failure rates are generally assumed to be constant, which mean that all channels restored after a proof test are in an as-good-as-new state. This has been a generally accepted limitation for these methods, but it is not a very well suited assumption for equipment that is subject to degradation of time. ...
Reliability assessment for safety-instrumented systems (SISs) plays a vital role in improving the design of SISs. Traditional methods for SIS reliability assessment that assume constant failure rates are, however, not realistic for many final elements of SISs, e.g. electro-mechanical and hydraulic/mechanical actuators that are subject to degradation. This paper presents an approach for reliability assessment of SIS final elements with time dependent failure rates. Different operational issues, such as partial and full testing, are investigated for their effects on reliability of SISs. Approximation formulas for evaluation of average probability of failure on demand (PFDavg) involving degradation are developed within different subsequent proof testing intervals, and Weibull distributions are adopted to model the degradation processes of the final elements. The corresponding numerical results of PFDavg from the set of the derived formulations are validated by Petri nets models that are developed for different scenarios. Shutdown valves installed as part of a high integrity pressure protection system are analyzed as the case, to illustrate the feasibility of the proposed approach, and also demonstrate that the approximation can provide possibilities for testing strategies design and optimization.
... Han et al. (2013) designed a multi-objective optimization framework for economic-safety-emission optimization of a hydrogen infrastructure using a fuzzy optimization programming. Aven and Hiriart (2013) Although recently many research studies have been devoted to the issue of multi-objective safety-economic concurrent optimizations in different studies (see e.g., Riauke and Bartlett, 2009;Torres-Echeverría et al., 2012;Hoffenson et al., 2014) yet, to the best of the authors' knowledge, no similar model has been proposed yet for the specific case of surface mining operations, and in particular, the off-road-related-accidents in the US surface mine industry. Thus, in the mining industry, there is no published robust procedure/framework for selecting optimal safety measures, among available alternatives, subject to budgetary constraints. ...
Off-road-truck-related accidents are a major cause of considerable losses in the US surface mining industry. Though the rates of fatalities, permanent disabilities and other injuries have shown decreasing trends in the past decade, the associated lost lives and working days are far from a “zero work place accident policy” in this industry. After identification of the root cause(s) of off-road truck related accidents, the major task is to decide on the implementation of appropriate safety measures. In cases that there are several alternatives, an optimal decision should be taken in order to choose the most effective alternative(s) which incur minimum costs while achieving maximum improvements. The three major objectives are defined, in this study, as (i) maximization of loss prevention, (ii) minimization of costs, and (iii) maximization of reliability of safety measures. A multi-objective three-function-two-variable mathematical framework for optimization of the decision is proposed. The framework is examined in a generic mining situation to demonstrate its applicability. The genetic algorithm method was used to solve the multi-objective decision problem. The results identified the most effective safety measures and the optimal time interval that each one should be employed to achieve the best results.
... (Innal et al., 2015) considers KooN structures and uniform RAP, and introduces several parameters for the component choice. (Torres-Echeverría et al., 2012) uses a multi-objective GA to reduce life-cycle cost and considers KooN structures and components choice while integrating several parameters for each kind of components. This paper extends the previous works of the authors (Bicking et al., 2008(Bicking et al., , 2009 and concerns the DRAP and cost minimization under availability and hardware fault tolerance (HFT) constraints. ...
This paper deals with an approach to design a Safety Instrumented System with the aim of reducing design costs under availability constraints. The design involves the determination of the Safety Instrumented Systems (SIS) structure and the allocation of equipment availability and redundancy based on Components off-the-shelf. The SIS structure is interpreted as a p-graph and handled as a Kaufmann reliability network. The optimization approach is genetic method applied to several design problems of increasing complexity.
... In turn, [12] estimated the spurious activation but disregarded the possible strategies for operation and test execution. Other studies [6,13] considered spurious activation and two testing modes in their SIS test optimization models. However, in some situations the selection between the testing modes provided solutions that cannot be applied in real systems in the same way they were modeled. ...
... Deux principaux indices sont utilisés pour la qualification des SIS. La probabilité moyenne de défaillance à la demande (PFD avg ) est utilisé en mode faible demande [3], [4] et la probabilité de défaillance par heure (PFH) est utilisé pour un SIS en mode de forte demande [5]. Les SIS en mode faible demande font l'objet de cet article. ...
Cet article propose une approche pour analyser l’effet des proof tests dans l’évaluation de la performance des systèmes instrumentés de sécurité (SIS). L’analyse est basée sur les chaînes de Markov multi-phases intégrant plusieurs paramètres tels que les défaillances de causes communes (DCC), le taux de couverture de diagnostic, les proofs tests, etc. Nous accordons une attention particulière à la performance et à l’efficacité des proof tests. Les concepts de base des chaînes de Markov multi-phases sont introduits et appliquées. Un modèle de calcul d’indisponibilité pour une étude de cas est présenté montrant l’effet de la performance des proof tests sur celle du système de sécurité.
In summary, the guidelines presented in this research paper offer critical insight into the design and implementation of an effective ESD system. Adherence to these guidelines will ensure that the ESD system is capable of protecting refinery processes in emergency situations while maintaining a high level of availability and low spurious trip rates. The self-diagnostic and modular design features will further enhance the reliability and efficiency of the ESD system, contributing to a safer and more secure refinery operation. Therefore, this paper serves as a valuable resource for refinery engineers and designers in developing an effective ESD system that adheres to industry standards and regulations. The modular design and self-diagnostic features of the ESD system will provide valuable insights into system performance and ensure a robust and reliable ESD system that can help safeguard refinery processes.
This paper analyzes the degradation of actuator layer in Safety Instrumented System (SIS) by considering an intermediate degraded state between the working-and failed states. Sometimes, the current system states are not distinguished perfectly during proof tests. The developed approach consists in using the knowledge of both the system’s functioning and, proof testing nature and its parameters. These parameters increase the complexity of the model when considering the unavailability due to the proof test. This approach has been applied to a study case in order to illustrate the effect of proof testing parameters on the SIS performance.KeywordsDynamic Bayesian networkUnavailabilitySafety instrumented systemProof testing
Security surveillance systems, which are used to ensure and enhance the safety level, have wide applications in different areas of modern society, from civil to military, such as homes, banks, airports, and nuclear power plants. They are safety-critical systems, which means that the failure of such systems may cause serious consequences such as loss of lives, serious damage of properties, and pollution of environment. This article considers a security surveillance system with two competing failure modes: degradation processes and multiple states. A state dependent inspection-maintenance strategy with imperfect preventive maintenance is designed and applied to this system to improve the performance. The performability and cost models for this system are developed based on these mechanisms. A modified Nelder–Mead downhill simplex method is proposed to determine the optimal inspection-maintenance strategy to minimize the expected long-run cost rate (ELCR) of the system. To the best of our knowledge, this is the first time that both state dependent inspection-maintenance strategy with imperfect maintenance and competing failure modes described by degradation processes are considered in the modeling of security surveillance systems.
Subsea oil and gas production has always involved the challenging task of determining the overall reliability of safeguarding systems, such as safety instrumented systems (SISs). Partial testing and delayed restoration of SISs are the main issues in operation and maintenance activities. This paper proposes a novel reliability-modeling methodology for subsea SISs subject to partial testing and delayed restoration. The proposed methodology incorporates an increasing failure rate in conjunction with dangerous undetected failures for the final elements. Approximation formulas for evaluating the average probability of failure on demand are derived for SISs in the low-demand operating mode. In addition, the effects of degradation are modeled by following Weibull rules in different subsequent partial testing intervals. In contrast to previous works, the present research accounts for delayed restoration after detecting failures and also considers the repair time for different scenarios. The proposed formulas are compared with the existing ones for partial verification. A case study on the shutdown valves of a subsea high-integrity pressure protection system is presented to illustrate the feasibility of the proposed methodology. It is also proven that the proposed approximation offers a robust opportunity for testing strategy optimization and performance improvement of SISs.
Performance degradation and random shock are commonly regarded as two dependent competing risks for system failures. One method based on effective service age is proposed to jointly model the cumulative effect of random shock and system degradation, and the reliability model of degradation system under Nonhomogeneous Poisson processes (NHPP) shocks is derived. Under the assumption that preventive maintenance (PM) is imperfective and the corrective maintenance (CM) is minimal repair, one maintenance policy which combines PM and CM is presented. Moreover, the two decision variables, PM interval and the number of PMs before replacement, are determined by a multi-objective maintenance optimization method which simultaneously maximizes the system availability and minimizes the system long-run expect cost rate. Finally, the performance of the proposed maintenance optimization policy is demonstrated via a numerical example.
The reliability and risk assessment community recognized that the distinction between different types of uncertainties plays an important role in reliability and risk evaluation. Uncertainty is generally considered to be of two types: aleatory uncertainty which arises from natural stochasticity and epistemic uncertainty which arises from incompleteness of knowledge or data. This chapter summarizes basic notions of the probabilistic and non-probabilistic theories of uncertainty: probability theory, belief functions theory, and possibility theory. It presents the literature review that supports the use of uncertainty theories. Belief functions are uncertainty models that generalize many proposed models of epistemic uncertainty, including fuzzy set theory and possibility theory. The random set theory is a mathematical theory which can handle in a unique framework both aleatory and epistemic uncertainties. The confidence structures (c-boxes) represent inferential uncertainty in unknown parameters.
The process industry has always been faced with the challenging task of determining the overall unavailability of safeguarding systems such as the safety instrumented systems (SISs). This paper proposes an unavailability model for a redundant SIS using Markov chains. The proposed model incorporates process demands in conjunction with dangerous detected and undetected failures for the first time and evaluates their impacts on the unavailability quantification of SIS. The unavailability of the safety instrumented system is quantified by considering the probability of failure on demand (PFD) for low demand systems. The safety performance of the system is also assessed using hazardous event frequency (HEF) to measure the frequency of system entering a hazardous state that will lead to an accident. The accuracy of the proposed Markov model is verified for a case study of a chemical reactor protection system. It is demonstrated that the proposed approach provides a sufficiently robust result for all demand rates, demand durations, dangerous detected and undetected failure rates and associated repair rates for safety instrumented systems utilised in low demand mode of operation. The effectiveness of the proposed model offers a robust opportunity to conduct unavailability assessment of redundant SISs subject to process demands.
This paper proposes a method to analyse the uncertainty problem in assessing of the safety systems performance. The method is based on Bayesian networks and integrates several parameters like the factor of Common Cause Failure. The imperfect knowledge concerns the CCF factors involved in the safety system. The point-valued CCF factors are replaced by triangular fuzzy numbers, allowing experts to express their uncertainty about the CCF values. The proposed method shows how the uncertainties of CCF factors propagate through the Bayesian networks and how this induces an uncertainty to the values of the safety system performance. The proposed method ensures the relevance of the results. This is validated by a comparison with the results of probabilistic analysis of a Monte Carlo sampling, where we consider triangular probability distribution of common cause failures factors.
This article, targets the problem of uncertainty in assessing unavailability of systems, using fuzzy Bayesian networks. The elementary probabilities usually considered in Bayesian networks are replaced by fuzzy numbers. It allows experts to express their uncertainty about the basic parameters of systems and to evaluate the impact of the uncertainty on the safety systems performance. We will demonstrate how the uncertainty on some characteristic parameters values causes significant variations on the systems unavailability. In order to highlight the comparison and to show the exactness of the approach, we propose a Monte Carlo sampling approach where we consider triangular probability distribution of common cause failures factors.
Hydrocarbon leaks have a major accident potential and it could give significant damages to human, property and environment.To prevent these risks from the leak in design aspects, installation of ESD system is representative. Because the ESD system should be operated properly at any time, It needs high reliability and much cost. To make ESD system with high reliability and reasonable cost, it is a need to find specific design method.In this study, we proposed the multi-objective design optimization method and performed the optimization of the ESD system for 1st separation system to satisfy high reliability and cost-effective.‘NSGA-II (Non-dominated Sorting Genetic Algorithm-II)’ was applied and two objective functions of ‘Reliability’ and ‘Cost’ of system were defined. Six design variables were set to related variables for system configuration. To verify the result of the optimization, the results of existing design and optimum design were compared in aspects of reliability and cost. With the optimization method proposed from this study, it was possible to derive the reliable and economical design of the ESD system.
While researchers have concentrated on the optimization of joint redundancy and maintenance mechanism, maintenance in computing systems is quite different from that in traditional systems. Considering a routine monitoring and inspection mechanisms is conducted to detect component status and trigger repair process, this paper pays attention to the optimization problem of joint redundancy and inspection-based maintenance mechanism. After conducting steady state analysis on subsystems using inspection-based maintenance, shared repair facility and component redundancy, optimization model is built to search appropriate system structure and maintenance policy which maximizes system performance while meeting availability and cost constraints. Due to the complexity of uncertain optimization model, genetic algorithm is used to search optimal solution, using triple-element encoding mechanism and specifically designed operators. Illustrative examples are conducted to show that the optimization model and corresponding solution technique could be used to search optimal system configuration under given constraints and different cost constraints would lead to different optimization result while meeting availability constraints.
Accidental gas releases are detected by allocating sensors in optimal places to prevent escalation of the incident. Gas release effects are typically assessed based on calculating the dispersion from releasing points. In this work, a CFD-based approach is proposed to estimate gas dispersion and then to obtain optimal gas sensors allocation. The Ansys-Fluent commercial package is used to estimate concentrations in the open air by solving the governing equations of continuity, momentum, energy and species convection-diffusion combined with the realizable κ-ε model for turbulence viscosity effects. CFD dynamic simulations are carried out for potential gas leaks, assuming worst-case scenarios with F-stability and 2 m/s wind speed during a 4min releasing period and considering 8 wind directions. The result is a scenario-based methodology to allocate gas sensors supported on fluid dynamics models. The three x-y-z geographical coordinates for the sensor allocation are included in this analysis. To highlight the methodology, a case study considers releases from a large container surrounded by different types of geometric units including sections with high obstacles, low obstacles, and no obstacles. A non-redundant set of perfect sensors are firstly allocated to cover completely the detection for all simulations releases. The benefits of redundant detection via a MooN voting arranging scheme is also discussed. Numerical results demonstrate the capabilities of CFD simulations for this application and highlight the dispersion effects through obstacles with different sizes.
In this chapter, specific problems in risk, reliability and maintenance context are described, such as location of backup units, sequencing of maintenance activities, natural disasters, operation planning of a power system network, integrated production and maintenance scheduling, maintenance team sizing and reliability acceptance tests. This chapter presents a multicriteria decision model with an illustrative application for most of these problems. Amongst the MCDM/A approaches considered for the illustrative applications in this chapter are: Multi-attribute utility theory (MAUT), PROMETHEE II, NSGA-II. Regarding the reliability acceptance test an MCDM/A Bayesian approach is presented. For these problems, several aspects have been considered such as: size of population, degree of industrialization, the extent of health services (location of backup units); degree of damage, consumption, electric load, special clients, healthcare services, SAIDI and SAIFI (sequencing of maintenance activities); human, environmental, financial and infrastructure concerns (natural disasters); expected tardiness and maintenance costs (integrated production and maintenance scheduling); waiting time and cost of personnel (maintenance team sizing); probability of accepting equipment not in accordance with the reliability specified by the manufacturer; and delaying the project conclusion (reliability acceptance test). Finally, some aspects of multiobjective optimization are discussed.
This article evaluates 186 papers, published between 1978 and 2013 in 16 representative scientific journals, related to maintenance
and reliability problems that were tackled from a multi-criteria (MC) perspective. An overview and insights are presented.
This study may be useful to researchers and others concerned with maintenance and reliability who seek not only to understand
the potential of MC and multi-objective models but also to develop and apply an MC decision model to help solve a real problem
in these areas. There are some discussions on some principles for the application of MC in maintenance and reliability and
some guidance on how to choose a suitable MC method is given, based on previous applications.
The control of risks generated by modern industrial facilities could not be guaranteed without the use of safety instrumented systems (SIS). The failure of SIS to achieve their assigned functions could result in huge consequences with respect to both (i) the safety of the monitored system (relating to the SIS safety integrity) as well as (ii) its production availability due to false trips (relating to the SIS operational integrity). Furthermore, these two aspects are usually antagonistic. Therefore, the assurance of this double performance comes first by a thoughtful design of SIS. In that case, the aim of this paper is twofold. First, it focuses on the establishment of generic analytical formulations allowing the assessment of the SIS performance regarding safety integrity and operational integrity. Second, it deals with SIS architecture design optimization. The optimization problem is firstly addressed by a preliminary search for a balance between the above two quantities relying on the analysis of the structure of KooN architectures. Then, a more general and suitable approach based on genetic algorithms is proposed, where several performance indicators and the costs of purchase and maintenance are expected to be considered simultaneously. This general approach is illustrated through an application example.
This paper proposes a holistic approach to model the Safety Instrumented Systems (SIS). The model is based on Switching Markov Chain and integrates several parameters like Common Cause Failure, Imperfect Proof testing, partial proof testing, etc. The basic concepts of Switching Markov Chain applied to reliability analysis are introduced and a model to compute the unavailability for a case study is presented. The proposed Switching Markov Chain allows us to assess the effect of each parameter on the SIS performance. The proposed method ensures the relevance of the results.
Multi-objective evolutionary algorithms which use non-dominated sorting and sharing have been mainly criticized for their (i) O(MN³) computational complexity (where M is the number of objectives and N is the population size), (ii) non-elitism approach, and (iii) the need for specifying a sharing parameter. In this paper, we suggest a non-dominated sorting based multi-objective evolutionary algorithm (we called it the Non-dominated Sorting GA-II or NSGA-II) which alleviates all the above three difficulties. Specifically, a fast non-dominated sorting approach with O(MN²) computational complexity is presented. Second, a selection operator is presented which creates a mating pool by combining the parent and child populations and selecting the best (with respect to fitness and spread) N solutions. Simulation results on five difficult test problems show that the proposed NSGA-II, in most problems, is able to find much better spread of solutions and better convergence near the true Pareto-optimal front compared to PAES and SPEA—two other elitist multi-objective EAs which pay special attention towards creating a diverse Pareto-optimal front. Because of NSGA-II's low computational requirements, elitist approach, and parameter-less sharing approach, NSGA-II should find increasing applications in the years to come.
A safety system is an essential part of any industrial system as it operates to prevent the occurrence of certain conditions and their future development into a hazardous situation. Failure of such systems may have catastrophic consequences, from small injuries to even death of members of the workforce and public. Therefore, it is imperative to minimize safety system unavailability and also find the balance between its unavailability and other limitations on its operation, e.g. life cycle cost and spurious trip frequency. Hence, a multiobjective optimization of the system design is required. This paper describes a design optimization scheme using multiobjective genetic algorithms (MOGAs) applied to a firewater deluge system (FDS) on an offshore platform, which works to supply water and foam on demand at a controlled pressure to a specific area on the platform, protected by the deluge system.
This paper presents a practical approach for optimization by evolutionary computation of safety instrumented system design, based on safety and reliability measures, plus life cycle cost. The standard IEC 61508 establishes the necessity of this kind of systems to meet specific safety integrity requirements, expressed in terms of safety integrity levels (SIL). The SIL is determined in terms of average probability of failure on demand (PFDavg) for control systems that operate in demand mode. The optimization executed takes into account the level of modelling detail contemplated by the standard, including multiple failure modes, diagnostic coverage, and common cause failures. This study addresses the case of series-parallel systems. Optimization is approached by treating the problem as one of redundancy and reliability allocation, together with testing intervals specifications. Modelling is made through fault tree analysis with house events. The multi-objective genetic algorithm proposed by Fonseca and Fleming is used as the optimization technique.
Probabilistic Safety Assessment is widely becoming the standard method for assessing, maintaining, assuring and improving the nuclear power plant safety. To achieve one of its many potential benefits, the optimization approach of surveillance requirements in technical specifications was developed. Surveillance requirements in technical specifications define the surveillance test intervals for the equipment to be tested and the testing strategy. This optimization approach based mainly on probabilistic safety assessment results consists of three levels: component level, system level and plant level. The application of this optimization approach on system level has shown that the risk based surveillance requirements differ from existing ones in technical specifications.
This paper introduces a new development for modelling the time-dependent probability of failure on demand of parallel architectures, and illustrates its application to multi-objective optimization of proof testing policies for safety instrumented systems. The model is based on the mean test cycle, which includes the different evaluation intervals that a module goes periodically through its time in service: test, repair and time between tests. The model is aimed at evaluating explicitly the effects of different test frequencies and strategies (i.e. simultaneous, sequential and staggered). It includes quantification of both detected and undetected failures, and puts special emphasis on the quantification of the contribution of the common cause failure to the system probability of failure on demand as an additional component. Subsequently, the paper presents the multi-objective optimization of proof testing policies with genetic algorithms, using this model for quantification of average probability of failure on demand as one of the objectives. The other two objectives are the system spurious trip rate and lifecycle cost. This permits balancing of the most important aspects of safety system implementation. The approach addresses the requirements of the standard IEC 61508. The overall methodology is illustrated through a practical application case of a protective system against high temperature and pressure of a chemical reactor.
System unavailability equations are obtained for redundant standby safety systems with alternative testing strategies. The model is based on time-related general multiple failure rates rather than probabilities per demand. Common cause failures (CCF) of all multiplicities are accounted for. The results indicate that while staggering the tests is advantageous to most systems, extra testing rules may be beneficial in addition for certain types of redundancy. The results for common parallel redundancy systems are used to obtain proper quantitative values for the basic events of general fault tree models of large systems. Several parametric CCF models, their hidden assumptions and mutual relationships are critically evaluated. A certain class of component-caused CCFs is introduced. It turns out that most commonly used models are valid only for the subset of external shocks that are independent of the number of components in a system.Estimation methods are presented for multiple failure rates and other model parameters. Coupling equations between model parameters cause correlations between the parameters and lead to constrained estimation. Numerical examples are used to illustrate the methods and to demonstrate the significance of various aspects of the models.
This report presents a framework for the inclusion of the impact of common cause failures in risk and reliability evaluations. Common cause failures are defined as that cutset of dependent failures for which causes are not explicitly included in the logic model as basic events. The emphasis here is on providing procedures for a practical, systematic approach that can be used to perform and clearly document the analysis. The framework comprises four major stages: (1) System Logic Model Development; (2) Identification of Common Cause Component Groups; (3) Common Cause Modeling and Data Analysis; and (4) System Quantification and Interpretation of Results. The framework and the methods discussed for performing the different stages of the analysis integrate insights obtained from engineering assessments of the system and the historical evidence from multiple failure events into a systematic, reproducible, and defensible analysis. 22 figs., 34 tabs.
The objective of this paper is to compare the performance of three on-line test and maintenance strategies (corrective maintenance, preventive maintenance and predictive maintenance) for standby k-out-of-n safety systems. Each channel of the k-out-of-n system is modelled by an age-dependent unavailability model to reflect the effect of maintenance on the aging process. The system unavailability, the probability of spurious operation and the overall cost under the above maintenance strategies are analyzed and compared to obtain the optimal maintenance strategy. Sensitivity analyses are performed to reveal the effect of different model parameters on the system performance. A standby safety system in Canadian Deuterium–Uranium (CANDU) Nuclear Power Plants (NPPs), the Shutdown System Number One (SDS1), is used to illustrate the proposed analysis and the procedure. It is concluded that maintenance should neither be performed too frequently nor too rarely. When the system deteriorates very slowly, the corrective maintenance is more preferable than the preventive and predictive maintenance. When the failure rate of the system is high, the preventive maintenance results in the best system performance.
The general goal of safety management in Nuclear Power Plants (NPPs) is to make requirements and activities more risk effective and less costly. The technical specification and maintenance (TS&M) activities in a plant are associated with controlling risk or with satisfying requirements, and are candidates to be evaluated for their resource effectiveness in risk-informed applications. Accordingly, the risk-based analysis of technical specification (RBTS) is being considered in evaluating current TS. The multi-objective optimization of the TS&M requirements of a NPP based on risk and cost, gives the pareto-optimal solutions, from which the utility can pick its decision variables suiting its interest. In this paper, a multi-objective evolutionary algorithm technique has been used to make a trade-off between risk and cost both at the system level and at the plant level for loss of coolant accident (LOCA) and main steam line break (MSLB) as initiating events.
This paper addresses the modeling of probability of dangerous failure on demand and spurious trip rate of safety instrumented systems that include MooN voting redundancies in their architecture. MooN systems are a special case of k-out-of-n systems. The first part of the article is devoted to the development of a time-dependent probability of dangerous failure on demand model with capability of handling MooN systems. The model is able to model explicitly common cause failure and diagnostic coverage, as well as different test frequencies and strategies. It includes quantification of both detected and undetected failures, and puts emphasis on the quantification of common cause failure to the system probability of dangerous failure on demand as an additional component. In order to be able to accommodate changes in testing strategies, special treatment is devoted to the analysis of system reconfiguration (including common cause failure) during test of one of its components, what is then included in the model. Another model for spurious trip rate is also analyzed and extended under the same methodology in order to empower it with similar capabilities. These two models are powerful enough, but at the same time simple, to be suitable for handling of dependability measures in multi-objective optimization of both system design and test strategies for safety instrumented systems. The level of modeling detail considered permits compliance with the requirements of the standard IEC 61508. The two models are applied to brief case studies to demonstrate their effectiveness. The results obtained demonstrated that the first model is adequate to quantify time-dependent PFD of MooN systems during different system states (i.e. full operation, test and repair) and different MooN configurations, which values are averaged to obtain the PFDavg. Also, it was demonstrated that the second model is adequate to quantify STR including spurious trips induced by internal component failure and by test itself. Both models were tested for different architectures with 1≤N≤5 and 2≤M≤5 subject to uniform staggered test. The results obtained also showed the effects that modifying M and N has on both PFDavg and STR, and also demonstrated the conflicting nature of these two measures with respect to one another.
Safety systems are designed to operate when certain conditions occur and to act to prevent their development into a hazardous situation. Failure of a safety system for a potentially hazardous industrial system or process may have catastrophic consequences, possibly injuring members of the work force or public and occasionally resulting in loss of life. The purpose of this paper is to describe a design optimization scheme using genetic algorithms applied to a firewater deluge system, which uses available resources to the best possible advantage to obtain an optimal safety system design. Copyright © 2003 John Wiley & Sons, Ltd.
Testing and maintenance activities of safety equipment in nuclear power plants are an important potential for risk and cost reduction. An optimization method is presented based on the simulated annealing algorithm. The method determines the optimal schedule of safety equipment outages due to testing and maintenance based on minimization of selected risk measure. The mean value of the selected time dependent risk measure represents the objective function of the optimization. The time dependent function of the selected risk measure is obtained from probabilistic safety assessment, i.e. the fault tree analysis at the system level and the fault tree/event tree analysis at the plant level, both extended with inclusion of time requirements. Results of several examples showed that it is possible to reduce risk by application of the proposed method. Because of large uncertainties in the probabilistic safety assessment, the most important result of the method may not be a selection of the most suitable schedule of safety equipment outages among those, which results in similarly low risk. But, it may be a prevention of such schedules of safety equipment outages, which result in high risk. Such finding increases the importance of evaluation speed versus the requirement of getting always the global optimum no matter if it is only slightly better that certain local one.
This paper proposes a genetic algorithm (GA) for a redundancy allocation problem for the series-parallel system when the redundancy strategy can be chosen for individual subsystems. Majority of the solution methods for the general redundancy allocation problems assume that the redundancy strategy for each subsystem is predetermined and fixed. In general, active redundancy has received more attention in the past. However, in practice both active and cold-standby redundancies may be used within a particular system design and the choice of the redundancy strategy becomes an additional decision variable. Thus, the problem is to select the best redundancy strategy, component, and redundancy level for each subsystem in order to maximize the system reliability under system-level constraints. This belongs to the NP-hard class of problems. Due to its complexity, it is so difficult to optimally solve such a problem by using traditional optimization tools. It is demonstrated in this paper that GA is an efficient method for solving this type of problems. Finally, computational results for a typical scenario are presented and the robustness of the proposed algorithm is discussed.
This paper presents the design optimization by a multi-objective genetic algorithm of a safety-instrumented system based on RAMS+C measures. This includes optimization of safety and reliability measures plus lifecycle cost. Diverse redundancy is implemented as an option for redundancy allocation, and special attention is paid to its effect on common cause failure and the overall system objectives. The requirements for safety integrity established by the standard IEC 61508 are addressed, as well as the modelling detail required for this purpose. The problem is about reliability and redundancy allocation with diversity for a series–parallel system. The objectives to optimize are the average probability of failure on demand, which represents the system safety integrity, Spurious Trip Rate and Lifecycle Cost. The overall method is illustrated with a practical example from the chemical industry: a safety function against high pressure and temperature for a chemical reactor. In order to implement diversity, each subsystem is given the option of three different technologies, each technology with different reliability and diagnostic coverage characteristics. Finally, the optimization with diversity is compared against optimization without diversity.
This paper discusses the use of genetic algorithms (GA) within the area of reliability, availability, maintainability and safety (RAMS) optimization. First, the multi-objective optimization problem is formulated in general terms and two alternative approaches to its solution are illustrated. Then, the theory behind the operation of GA is presented. The steps of the algorithm are sketched to some details for both the traditional breeding procedure as well as for more sophisticated breeding procedures. The necessity of affine transforming the fitness function, object of the optimization, is discussed in detail, together with the transformation itself. In addition, how to handle constraints by the penalization approach is illustrated. Finally, specific metrics for measuring the performance of a genetic algorithm are introduced.
The role of technical specifications and maintenance (TSM) activities at nuclear power plants (NPP) aims to increase reliability, availability and maintainability (RAM) of Safety-Related Equipment, which, in turn, must yield to an improved level of plant safety. However, more resources (e.g. costs, task force, etc.) have to be assigned in above areas to achieve better scores in reliability, availability, maintainability and safety (RAMS). Current situation at NPP shows different programs implemented at the plant that aim to the improvement of particular TSM-related parameters where the decision-making process is based on the assessment of the impact of the change proposed on a subgroup of RAMS+C attributes.This paper briefly reviews the role of TSM and two main groups of improvement programs at NPP, which suggest the convenience of considering the approach proposed in this paper for the Integrated Multi-Criteria Decision-Making on changes to TSM-related parameters based on RAMS+C criteria as a whole, as it can be seem as a decision-making process more consistent with the role and synergic effects of TSM and the objectives and goals of current improvement programs at NPP. The case of application to the Emergency Diesel Generator system demonstrates the viability and significance of the proposed approach for the Multi-objective Optimization of TSM-related parameters using a Genetic Algorithm.
This paper presents the results of a survey to show the applicability of an approach based on a combination of distribution-free tolerance interval and genetic algorithms for testing and maintenance optimization of safety-related systems based on unavailability and cost estimation acting as uncertain decision criteria. Several strategies have been checked using a combination of Monte Carlo (simulation)––genetic algorithm (search-evolution). Tolerance intervals for the unavailability and cost estimation are obtained to be used by the genetic algorithms. Both single- and multiple-objective genetic algorithms are used. In general, it is shown that the approach is a robust, fast and powerful tool that performs very favorably in the face of noise in the output (i.e. uncertainty) and it is able to find the optimum over a complicated, high-dimensional nonlinear space in a tiny fraction of the time required for enumeration of the decision space. This approach reduces the computational effort by means of providing appropriate balance between accuracy of simulation and evolution; however, negative effects are also shown when a not well-balanced accuracy–evolution couple is used, which can be avoided or mitigated with the use of a single-objective genetic algorithm or the use of a multiple-objective genetic algorithm with additional statistical information.
There is a growing interest from both the regulatory authorities and the nuclear industry to stimulate the use of Probabilistic Risk Analysis (PRA) for risk-informed applications at Nuclear Power Plants (NPPs). Nowadays, special attention is being paid on analyzing plant-specific changes to Test Intervals (TIs) within the Technical Specifications (TSs) of NPPs and it seems to be a consensus on the need of making these requirements more risk-effective and less costly. Resource versus risk-control effectiveness principles formally enters in optimization problems. This paper presents an approach for using the PRA models in conducting the constrained optimization of TIs based on a steady-state genetic algorithm (SSGA) where the cost or the burden is to be minimized while the risk or performance is constrained to be at a given level, or vice versa. The paper encompasses first with the problem formulation, where the objective function and constraints that apply in the constrained optimization of TIs based on risk and cost models at system level are derived. Next, the foundation of the optimizer is given, which is derived by customizing a SSGA in order to allow optimizing TIs under constraints. Also, a case study is performed using this approach, which shows the benefits of adopting both PRA models and genetic algorithms, in particular for the constrained optimization of TIs, although it is also expected a great benefit of using this approach to solve other engineering optimization problems. However, care must be taken in using genetic algorithms in constrained optimization problems as it is concluded in this paper.
We present an approach to the optimal plant design (choice of system layout and components) under conflicting safety and economic constraints, based upon the coupling of a Monte Carlo evaluation of plant operation with a Genetic Algorithms-maximization procedure. The Monte Carlo simulation model provides a flexible tool, which enables one to describe relevant aspects of plant design and operation, such as standby modes and deteriorating repairs, not easily captured by analytical models. The effects of deteriorating repairs are described by means of a modified Brown–Proschan model of imperfect repair which accounts for the possibility of an increased proneness to failure of a component after a repair. The transitions of a component from standby to active, and vice versa, are simulated using a multiplicative correlation model. The genetic algorithms procedure is demanded to optimize a profit function which accounts for the plant safety and economic performance and which is evaluated, for each possible design, by the above Monte Carlo simulation.In order to avoid an overwhelming use of computer time, for each potential solution proposed by the genetic algorithm, we perform only few hundreds Monte Carlo histories and, then, exploit the fact that during the genetic algorithm population evolution, the fit chromosomes appear repeatedly many times, so that the results for the solutions of interest (i.e. the best ones) attain statistical significance.
Systems, structures, and components of Nuclear Power Plants are subject to Technical Specifications (TSs) that establish operational limitations and maintenance and test requirements with the objective of keeping the risk associated to the plant within the limits imposed by the regulatory agencies. Recently, in an effort to improve the competitiveness of nuclear energy in a deregulated market, modifications to maintenance policies and TSs are being considered within a risk-informed viewpoint, which judges the effectiveness of a TS, e.g. a particular maintenance policy, with respect to its implications on the safety and economics of the system operation.In this regard, a recent policy statement of the US Nuclear Regulatory Commission declares appropriate the use of Probabilistic Risk Assessment models to evaluate the effects on the system of a particular TS. These models rely on a set of parameters at the component level (failure rates, repair rates, frequencies of failure on demand, human error rates, inspection durations, and others) whose values are typically affected by uncertainties. Thus, the estimate of the system performance parameters corresponding to a given TS value must be supported by some measure of the associated uncertainty.In this paper we propose an approach, based on the effective coupling of genetic algorithms and Monte Carlo simulation, for the multiobjective optimization of the TSs of nuclear safety systems. The method transparently and explicitly accounts for the uncertainties in the model parameters by attempting to minimize both the expected value of the system unavailability and its associated variance. The costs of the alternative TSs solutions are included as constraints in the optimization. An application to the Reactor Protection Instrumentation System of a Pressurized Water Reactor is demonstrated.
A general procedure is presented for optimizing the test and maintenance intervals of safety related systems and components. The method is based on minimizing the total plant-level cost under the constraint that the total accident frequency (risk) remains below a set criterion.The measure of risk is the time-average value of an accident rate. The probabilities of component failures and other basic events are linear functions or inversely proportional to the test or maintenance intervals. Human errors and common cause failures are included in the formalism. Analytical results are obtained for single components and simple systems while a numerical procedure is given for obtaining optimal intervals for complex plants with multiple systems and initiating events.
Multi-objective formulations are realistic models for many complex engineering optimization problems. In many real-life problems, objectives under consideration conflict with each other, and optimizing a particular solution with respect to a single objective can result in unacceptable results with respect to the other objectives. A reasonable solution to a multi-objective problem is to investigate a set of solutions, each of which satisfies the objectives at an acceptable level without being dominated by any other solution. In this paper, an overview and tutorial is presented describing genetic algorithms (GA) developed specifically for problems with multiple objectives. They differ primarily from traditional GA by using specialized fitness functions and introducing methods to promote solution diversity.
This paper optimizes a well known NP-hard combinatorial problem—redundancy allocation—using a combined neural network and genetic algorithm (GA) approach. The GA searches for the minimum cost solution by selecting the appropriate components for a series-parallel system, given a minimum system reliability constraint. A neural network is used to estimate the system reliability value during search. This approach is an example of a computationally efficient method to apply GA optimization to problems for which repeated calculation of the objective function is impractical.
Technical Specifications (TS) define the limits and conditions for operating nuclear plants safely. We selected the Limiting Conditions for Operations (LCO) and Surveillance Requirements (SR), both within TS, as the main items to be evaluated using probabilistic methods. In particular, we focused on the Allowed Outage Time (AOT) and Surveillance Test Interval (STI) requirements in LCO and SR, respectively. Already, significant operating and design experience has accumulated revealing several problems which require modifications in some TS rules. Developments in Probabilistic Safety Assessment (PSA) allow the evaluation of effects due to such modifications in AOT and STI from a risk point of view. Thus, some changes have already been adopted in some plants. However, the combined effect of several changes in AOT and STI, i.e. through their interactions, is not addressed. This paper presents a methodology which encompasses, along with the definition of AOT and STI interactions, the quantification of interactions in terms of risk using PSA methods, an approach for evaluating simultaneous AOT and STI modifications, and an assessment of strategies for giving flexibility to plant operation through simultaneous changes on AOT and STI using trade-off-based risk criteria.
This article was published in the journal, Proceedings of the Institution of Mechanical Engineers, Part E : Journal of Process Mechanical Engineering [© IMechE] and is also available at: http://journals.pepublishing.com/content/119780 This paper describes a design optimization scheme for systems that require a high likelihood of functioning on demand. For safety systems whose failure could result in loss of life it is imperative that the best use of the available resources is made and that a system which is optimal and not just adequate is produced.
A problem-specific genetic algorithm (GA) is developed and demonstrated to analyze series-parallel systems and to determine the optimal design configuration when there are multiple component choices available for each of several k-out-of-n:G subsystems. The problem is to select components and redundancy-levels to optimize some objective function, given system-level constraints on reliability, cost, and/or weight. Previous formulations of the problem have implicit restrictions concerning the type of redundancy allowed, the number of available component choices, and whether mixing of components is allowed. GA is a robust evolutionary optimization search technique with very few restrictions concerning the type or size of the design problem. The solution approach was to solve the dual of a nonlinear optimization problem by using a dynamic penalty function. GA performs very well on two types of problems: (1) redundancy allocation originally proposed by Fyffe, Hines, Lee, and (2) randomly generated problem with more complex k-out-of-n:G configurations.
Multi-objective evolutionary algorithms which use non-dominated sorting and sharing have been mainly criticized for their (i) -4 computational complexity (where is the number of objectives and is the population size), (ii) non-elitism approach, and (iii) the need for specifying a sharing parameter. In this paper, we suggest a non-dominated sorting based multi-objective evolutionary algorithm (we called it the Non-dominated Sorting GA-II or NSGA-II) which alleviates all the above three difficulties. Specifically, a fast non-dominated sorting approach with computational complexity is presented. Second, a selection operator is presented which creates a mating pool by combining the parent and child populations and selecting the best (with respect to fitness and spread) solutions. Simulation results on five difficult test problems show that the proposed NSGA-II is able to find much better spread of solutions in all problems compared to PAES---another elitist multi-objective EA which pays special attention towards creating a diverse Pareto-optimal front. Because of NSGA-II's low computational requirements, elitist approach, and parameter-less sharing approach, NSGA-II should find increasing applications in the years to come.
Preserving elitism is found to be an important issue in the study of evolutionary multi-objective optimization (EMO). Although there exists a number of new elitist algorithms, where elitism is introduced in different ways, the extent of elitism is likely to be an important matter. The desired extent of elitism is directly related to the so-called exploitation-exploration issue of an evolutionary algorithm (EA). For a particular recombination and mutation operators, there may exist a selection operator with a particular extent of elitism that will cause a smooth working of an EA. In this paper, we suggest an approach where the extent of elitism can be controlled by fixing a user-defined parameter. By applying an elitist multi-objective EA (NSGA-II) to a number of difficult test problems, we show that the NSGA-II with controlled elitism has much better convergence property than the original NSGA-II. The need for a controlled elitism in evolutionary multi-objective optimization, demonstrated in this paper should encourage similar or other ways of implementing controlled elitism in other multi-objective evolutionary algorithms.
Reliability Prediction Method for Safety Instrumented Systems. PDS Method Handbook.2006 edn
- S Hauge
- P Hokstad
- H Langseth
- K Oien
Hauge S, Hokstad P, Langseth H, Oien K. Reliability Prediction Method for
Safety Instrumented Systems. PDS Method Handbook.2006 edn. Norway:
SINTEF; 2006.
Aná lisis del periodo de pruebas optimo en la revisió n de especificaciones té cnicas de C.N. relativas a STI's. Aplicació n a un sistema por dos componentes en paralelo
- S A Martorell
- M E Melia
- S M Marti
- J S Garcia
- F Soriano-Melchor
- G Verdu-Martin
- V Serradel
Martorell SA, Melia ME, Marti SM, Garcia JS, Soriano-Melchor F, Verdu-Martin
G, Serradel V. Aná lisis del periodo de pruebas optimo en la revisió n de
especificaciones té cnicas de C.N. relativas a STI's. Aplicació n a un sistema por
dos componentes en paralelo. XIV Annual Meeting of the Spanish Nuclear
Society. Marbella, Spain, 1988.