Sie sind auf Seite 1von 59

1

CHEMICAL PROCESS SAFETY: ANALYSIS & MANAGEMENT



SECTION I: INTRODUCTION
Process safety emphasizes the use of appropriate technological tools to provide information
for making safety decisions with respect to plant design and operation. Safety, hazard, and
risk are frequently-used terms in chemical process safety. Their definitions follow:
Safety or loss prevention is the prevention of accidents by the use of appropriate
technologies to identify the hazards of a chemical plant and to eliminate them before an
accident occurs.
A hazard is anything with the potential for producing an accident.
Risk = [Frequency of a hazard resulting in an accident] x [Consequence of the accident].
Chemical plants contain a large variety of hazards. First, there are the usual mechanical
hazards that cause worker injuries from tripping, falling, or moving equipment. Second, there
are chemical hazards. These include fire and explosion hazards, reactivity hazards and toxic
hazards.

Nature of the Accident Process
Chemical plant accidents follow typical patterns. It is important to study these patterns in
order to anticipate the types of accidents that will occur. As shown in Table 1, fires are the
most common, followed by explosion and toxic release. With respect to fatalities, the order
reverses, with toxic release having the greatest potential for fatalities.
Table 1: Three Types of Chemical Plant Accidents
Type of accident Probability of
occurrence
Potential for
fatalities
Potential for
economic loss
Fire
Explosion
Toxic Release
High
Intermediate
Low
Low
Intermediate
High
Intermediate
High
Low
Economic loss is consistently high for accidents involving explosions. The most damaging
type of explosion is an unconfined vapour cloud explosion where a large cloud of volatile and
flammable vapor is released and dispersed throughout the plant site followed by ignition and
explosion of the cloud. Toxic release typically results in little damage to capital equipment
but personnel injuries, employee losses, legal compensation, and cleanup liabilities can be
significant.

The Accident Process
Accidents follow a three-step process.
Initiation: the event that starts the accident.
Propagation: the event or events that maintain or expand the accident.
Termination: the event or events that stop the accident or diminish it in size.
In the example cited above, the worker tripped to initiate the accident. The shearing of the
valve and the resulting explosion and fire propagated the accident. The event was terminated
by consumption of all flammable materials.







2
Table 2 Accident Initiating Events
Process upsets Management
systems failures
Human errors External events
Process deviations
Pressure, Temperature
Flow rate, Concentration,
Phase /state change,
Impurities
Reaction rate/ heat of
reaction

Spontaneous reaction
Polymerization, Runaway
reaction
Internal explosion
Decomposition

Containment failures
Pipes, tanks, vessels,
gaskets/seals

Equipment malfunctions
Pumps, valves,
instruments, sensors,
interlock failures

Loss of utilities
Electricity, nitrogen,
water, refrigerator, air,
heat transfer fluids, steam,
ventilation
Inadequate
staffing

Insufficient
training

Lack of
administrative
controls and
audits
Design

Construction

Operations

Maintenance

Testing and
inspection
Extreme weather
conditions

Earthquakes

Nearby accidents
impacts

Vandalism /
sabotage

Table 3 Accident Propagating Factors
Failures: Equipment failure, Safety system failure
Ignition sources: Furnaces, Flares, Incinerators, Vehicles, Electrical switches,
Static electricity, Hot surfaces, Cigarettes
Management systems failure: Inadequate staffing, training etc
Human errors: Omission, Commission, Fault diagnosis, Decision making
Domino effects: Other containment failures, Other material releases
External conditions: Meteorology, Visibility

Table 4 Accident Phenomena
Discharge: Single (liquid/vapour) or two phase flow, flash, evaporation
Dispersion: Neutral or buoyant gas, Dense gas
Fires: Pool fires, Jet fires, Flash fires, Fireballs
Explosions: BLEVEs, Confined explosions, Unconfined vapor cloud explosions,
Physical explosions, Dust explosions, Detonations, Missiles


3

Table 5 Accident Consequences
Effect analysis: Toxic effects, Thermal effects, Overpressure effects
Damage assessments: Community, Workforce, Environment, Company
assets, Production

Risk Analysis and Management
Risk analysis, as used for the assessment of the hazards associated with process plant and
storage installations can be summarized by three questions.
- What can go wrong?
- What are the effects and consequences?
- How often will it happen?
The first and basic step of hazard identification (the first question) is purely qualitative and is
often called a safety study. Such a study may reveal aspects of the plant or installation which
require more consideration. It is then necessary to answer the next two questions in order to
complete the risk analysis. The results of the analysis are used for judgment about the
acceptability of the risk and for decision making (see figure below).
Qualitative answers are often given to the second and third questions. However, recent
developments have involved the application of quantitative techniques for obtaining answers
to these two questions. The use of these techniques is termed as quantitative risk analysis
(QRA). The whole exercise may be called risk assessment.
In earlier years, many companies did not use quantitative techniques after the
identification stage. However, decisions were made and actions taken to control specific
hazards considering (qualitatively) probabilities and consequences. In a sense this is an
elementary form of risk analysis, but at a less sophisticated level than assessments involving
quantitative consideration of probabilities and consequences. However, over the years, the use
of in-depth risk assessment ranging from hazard identification to computation of individual
and societal risk has increased.

Risk Control and Layers of Protection
Safety engineering involves eliminating the initiating step and replacing the propagation steps
by termination events Table 6 presents a few ways to accomplish this. In theory, eliminating
the initiating step can stop accidents. In practice this is not very effective. It is unrealistic to
expect elimination of all initiation. A much more effective approach is to work on all three
areas to insure that accidents, once initiated, do not propagate and will terminate as quickly as
possible.

Risk Measures
Risk is defined as a measure of economic loss or human injury in terms of both the likelihood
and the magnitude of the loss or injury. There are three commonly used ways of combining
information on likelihood and magnitude of loss or injury: risk indices are single numbers or
tabulations that yield simple presentations, individual risk measures consider the risk of an
individual who may be at any point in the effect zones of incidents, and societal risk measures
consider the risk to populations that are in the effect zones of incidents.


4
System Description
Hazard Identification
Scenario Identification
Accident Probability Accident Consequence
Risk Estimation
Accept Risk?
Build System/Operate
Modify Design
Yes
No

Schema of Risk Assessment and Management

Table 6: Mitigating the Accident Process
Step Desired
effect
Procedure
Initiation Diminish Grounding and Bonding
Inerting
Flame proof electricals
Guardrails and guards
Maintenance procedures
Hot-work permits
Human factors design
Process design
Awareness of dangerous properties of chemicals
Propagation Diminish Emergency material transfer
Reduce inventories of flammables
Equipment spacing and layout
Nonflammable construction materials
Termination Increase Firefighting equipment and procedures
Relief systems
Sprinkler systems
Installation of check and emergency shut-off valves


5
Layers of Protection (Fig. 2)
Community Emergency Response
Plant Emergency Response
Physical Protection (Dikes)
Physical Protection (Relief Devices)
Automatic Action SIS or ESD
Critical Alarms, Operator
Supervision, Manual Intervention
Basic Controls, Process Alarms,
Operator Supervision
Typical Layers of Protection

Individual Risk: risk to a person in the vicinity of a hazard (probability of fatality person
per year)
Societal Risk: a measure of risk to a group of people. For example, the likelihood of 10
fatalities at a specific location (x, y) is a type of societal risk measure. The calculation of
societal risk requires the same frequency and consequence information as individual risk.
Additionally, societal risk estimation requires a definition of the population at risk
around the facility. This definition can include the population (e.g. residential, industrial,
school), the likelihood of people being present, or mitigation factors.
The difference between individual and societal risk may be illustrated by the following
example. An office building located near a chemical plant contains 400 people during office
hours and 1 guard at other times. If the likelihood of an incident causing a fatality at the
office building is constant throughout the day, each individual in that building is subject to a
certain individual risk. This individual risk is independent of the number of people present
it is the same for each of the 400 people in the building during office hours and for the single
guard at other times. However, the societal risk is significantly higher during office hours,
when 400 people are affected, than at other times when a single person is affected.

Risk Presentation
The large quantity of frequency and consequence information generated by a Quantitative
Risk Analysis (QRA) must be integrated into a presentation that is relatively easy to
understand and use. The form of presentation will vary depending on the goal of the QRA
and the measure of risk selected. The presentation may be on a relative basis (e.g.
comparison of risk reduction benefits from various remedial measures) or an absolute basis
(e.g. comparison with a risk target).
Risk presentation provides a simple quantitative risk description useful for decision
making. The number of incidents evaluated in a QRA may be very large. Risk presentation
reduces this large volume of information to a manageable form. The end result may be a

6
single-number index, a table, a graph (e.g. F-N plot), and/or a risk map (e.g. individual risk
contour plot).

Individual risk representation
Common form of presentation of Individual Risk is risk contour plots (Figure 3). Risk
contours (isorisk lines) connect points of equal risk around the facility. Places of particular
vulnerability (e.g. schools, hospitals, population concentrations) may be quickly identified.

Societal risk representation
Societal risk addresses the number of people who might be affected by hazardous incidents.
The presentation of societal risk was originally developed for the nuclear industry. A
common form of societal risk is known as an F-N (Frequency-Number) curve. An F-N curve
is a plot of cumulative frequency versus consequences (expressed as number of fatalities). A
logarithmic plot is usually used because the frequency and number of fatalities range over
several orders of magnitude. It is also common to show contributions of selected incidents to
the total F-N curve as this is helpful for identification of major risk contributors. Figure 4
shows an F-N curve for a single liquefied flammable gas facility.

Another form of societal risk presentation is a tabulation of the risk of different group sizes of
people affected (e.g. 1-10, 11-100, 101-1000).
Acceptable Risk

One cannot eliminate risk entirely. Every chemical process has a certain amount of risk
associated with it. Risks from a process plant environment are always greater than the normal
day-to-day risks taken by individuals in their non-industrial environment. For a single
chemical process in a plant comprised of several process, this risk may be too high since the
risks due to multiple exposures are additive. At some point in the design stage someone needs
to decide if the risks are "acceptable". Certainly it would require a substantial effort and
considerable expense to design a process with a risk comparable to the risk of sitting at home.
From an engineering perspective, it is necessary to make every effort to minimize risks within
the economic constraints of the process as well as ensure compliance with the national
regulatory (acceptable) risk standards. The approach to risk management followed today is
based on the ALARP (as low as reasonably practicable) principle, which is a three tiered
framework as illustrated in Fig. 5 below.

7
Individual Risk Contours around a Plant


Fig 3 Individual Risk (Iso-risk) Contours around a Process Facility

Societal Risk Profile (F N Curve) around a Plant
A
c
c
i
d
e
n
t

F
r
e
q
u
e
n
c
y
Number of Fatalities in the Community
Averaged
Actual

Fig. 4 Societal Risk Profile (F N Curve) around a Plant

Table 7 Risks to life from employment
Sector FAR Risk per person per
year
Firemen in London 1940 1000 2000 x 10
-5

Policemen in Northern Ireland 1973-1992 70 140 x 10
-5

Offshore oil and gas 62 125 x 10
-5

Health and Safety Executive tolerable limit 50 100 x 10
-5

Deep sea fishing 42 84 x 10
-5

Coal mining 7.3 14.5 x 10
-5

Construction 5 10 x 10
-5


8
Railways 4.8 9.6 x 10
-5

All premises covered by the Factories Act (UK) 4 8 x 10
-5

Agriculture 3.7 7.4 x 10
-5

Chemical and allied industries 1.2 2.4 x 10
-5

All manufacturing industry 1.2 2.3 x 10
-5

Vehicle manufacture 0.6 1.2 x 10
-5

Clothing manufacture 0.05 0.1 x 10
-5

UK Health and Safety Executive broadly acceptable
limit
0.05 0.1 x 10
-5

FAR= number of fatalities in 10
8
working hours; i.e., in a group of 1000 people for a working lifetime.
Table 8 Risks to life from employment (Guidelines)
Risk per person per year
Maximum tolerable risk:
employees
public
public (nuclear)

10
-3

10
-4

10
-5

Broadly acceptable risk:
employees and public

10
-6

Negligible risk:
employees and public

10
-7


Fig. 5 Framework for Risk Criteria: As Low as Reasonably Practicable (ALARP)



























Intolerable risk
(Risk cannot be justified
on any ground)
Tolerable only if risk
reduction is impracticable or
if its cost is grossly
disproportionate to the
improvement gained
The ALARP region
Risk is undertaken only if a
benefit is desired
Broadly acceptable region
(no need for detailed QRA to
demonstrate ALARP)

9
SECTION II: ACCIDENT EFFECT ANALYSIS
Table below shows the various accident scenarios and consequences feasible in an industrial
scenario.

Examples of Emission Source (Emergency Unplanned Releases)
Gas discharge
Hole in equipment (pipe, vessel) containing gas under pressure
Relief valve discharge (of vapor only)
Generation of toxic combustion products as a result of fire
Two-phase discharges
Hole in pressurized storage tank or pipe containing a liquid above its normal boiling
point
Relief valve discharge (e.g., due to runaway reaction or foaming liquid)
Liquid discharges
Hole in atmospheric storage tank or other atmospheric pressure vessel or pipe under
liquid head
Hole in vessel or pipe containing pressurized liquid below its normal boiling point

The following sections show the methodology of estimating their effects quantitatively.

1. GAS DISCHARGE
We define a ratio
/( 1)
1
2
crit
r


+ | |
=
|
\
..(1)
If
/( 1)
1
2
s
crit
a
crit
P
r
P


| | + | |
> =
| |
\
\
..(2)
Then the velocity if gas discharging from the leak is sonic. In the above formula where p
s
= absolute
upstream (storage pressure (N/m
2
); p
a
= absolute downstream (atmospheric pressure (N/m
2
); = gas
specific heat ratio (C
p
/C
v
, dimensionless)
Typical values of range from 1.1 to 1.67, which give r values of 1.71 to 2.05. Thus for releases of
most industrial gases to atmosphere, upstream pressures over ~ 1.9 bar absolute will result in sonic
flow. We define X, such that:

( 1) /( 1)
2
( )
1
X

+
=
+
..(3)
Gas mass flow rate through an orifice is given by:

0.5
{( / ) }
V d S
G C AP M RT X =
..(4)
Where G
V
= gas discharge rate (kg/s); C
d
= discharge coefficient (~ 0.8); A = hole area (m
2
); M = gas
molecular weight (kg/kg-mol); R = gas constant (8314 J/kg-mol /
o
K); P
S
, T = storage pressure (N/m
2
)
and temperature (
o
K).










10















2. LIQUID DISCHARGES
Discharge of pure (i.e., nonflashing) liquids through a sharp-edged orifice/nozzle is given by:
G
L
= C
d
A
l
1/ 2
2( )
2
a
l
p p
gH

| |
+
|
\
..(5)
Where G
L
= liquid mass emission rate (kg/s); C
d
= discharge coefficient (dimensionless); A=
discharge hole area (m
2
);
l
= liquid density (kg/m
3
); p = liquid storage pressure (N/m
2

absolute); p
a
= downstream (ambient) pressure (N/m
2
absolute); g = acceleration of gravity
(9.81 m/s
2
); H = height of liquid above hole (m)
The discharge coefficient for fully turbulent discharges from small, sharp edged orifices is 0.6
0.64.













3. TWO-PHASE FLOW
If the liquid is stored at saturation pressure (i.e., p = p
vp
) and equilibrium two-phase choked
flow is established during release through a severed pipeline (i.e., pipe length > 0.1 m), then
the following equation is recommended:
G
LV
= [A/(
g
-1
-

l
-1
)](T
s
C
pl
)
-1/2
..(6)
where G
LV
is total two-phase emission mass rate (kg/s)
is latent heat of vaporization (J/kg)

g
is gas density at storage pressure (kg/m
3
)
T
s
is the storage temperature (
o
K)
C
pl
is specific heat of liquid (K/kg/
o
K)
Example: Calculate the discharge of propane from a tank through a 10-mm
hole at 10 barg, 25
o
C with 2 m liquid head.
Data: Propane density = 490 kg/m
3
; Propane vapor pressure 25
o
C = 8.3 barg
At P = 10 barg, the discharge will initially be liquid. Therefore use the liquid
discharge model; p = 10 barg = 11 x 10
5
N/m
2
abs
p
a
= 1 x 10
5
N/m
2
abs
G
L
= C
d
A
l
2( )
2
a
l
p p
gH

+ =)
2 5
(0.01) 2(10)(10 )
(0.61)(490) 2(9.8)(2)
4 490
1.5 / kg s

+
=


Example: Calculate the discharge rate of propane through a 10-mm hole for conditions
of 25
o
C and 4 barg (5 bara).
Data: Propane heat capacity ratio = 1.15; Propane vapor pressure 25
o
C = 8.3 barg
Since the total pressure is less than the vapor pressure of propane, the discharge must
be as a pure gas. Therefore use a gas discharge equation. Here P
s
/P
a
= 5.0/1.0 = 5.0,
which exceeds r
crit
= 1.74. Thus, the flow is sonic.
( 1)/ ( 1)
2
( ) ; 1.74, X 0.35
1
X with

+
= = =
+


2 5 0.5
(0.8){ (0.01) / 4}(5 10 )[{1.15 44/(8314 298)}(0.35)] 0.09 /
V
G kg s = =


11
This equation applies only if the following condition is met:
x < p(
g
-1
-

l
-1
)(T
s
C
pl
)/
2
..(7)
Where x is the weight fraction of vapor after depressurizing to atmospheric pressure. If this
condition is not met, then a more complicated numerical model is necessary to calculate the
emission rate.

Frictional losses for saturated liquids
For long pipe lengths the mass emission rate, G
LV
, in Eq.(6) should be multiplied by a factor,
F, that accounts for frictional losses. Suggested values for F are given in Table 2, where L
p

and D are pipe length and diameter, respectively.
Table 2: Variation of Factor F with Ratio L
p
/D
L
p
/D F
0
50
100
200
400
1
0.85
0.75
0.65
0.55


4. FRACTION FLASHED FROM LIQUID DISCHARGE
For superheated liquids (i.e., stored at temperature above the normal boiling point), a fraction,
f, of the liquid emission is "flashed" to vapor as the pressure is reduced to ambient. This
fraction is approximated from the thermodynamic relationship
F
V
= C
p
T/H
vap
T = (T - T
b
)
o
K ..(8)
Where T
s
is process line/vessel temperature and T
b
is normal boiling point temperature, H
vap

the heat of vapourization at normal pressure.









Flashing liquids escaping through holes and pipes require very special consideration since
two-phase flow conditions may be present. Several special cases need consideration. If the
fluid path length of the release is very short (through a hole in a thin-walled container), non-
equilibrium conditions exist, and the liquid does not have time to flash within the hole; the
fluid flashes external to the hole. The equations describing incompressible fluid flow through
holes apply.
If the fluid path length through the release is greater than 10 cm (through a pipe or
thick-walled container), equilibrium flashing conditions are achieved and the flow is choked.
A good approximation is to assume a choked pressure equal to the saturation vapor pressure
of the flashing liquid. The result will only be valid for liquids stored at a pressure higher than
the saturation vapor pressure. With this assumption the mass flow rate is given by
G
m
= AC
o
) P - P ( g
sat
c f
2 ..(9)


Example: Leak of hexane from a pressurized pipeline at 5 bar.
Data C
p
= average liquid heat capacity (range T to T
b
) ~2400 J/kg/
o
K
T = operating temperature (i.e boiling point at 5 bar = 130
o
C)
T
b
= atmospheric boiling point (69
o
C)
H
vap
= latent heat of vaporization at T
b
= 3.4 x 10
5
J/kg
Hence
V
130 69
F 2400 0.43
340000
| |
= =
|
\



12
















Where, A is the area of the release, C
o
is the discharge coefficient (unitless),
f
is the density
of the liquid (mass/volume), P is the pressure within the tank, and P
sat
is the saturation vapor
pressure of the flashing liquid at ambient temperature.
For liquids stored at their saturation vapor pressure, P = P
sat
, Equation 10 is used. For this case
the choked, two-phase mass flow rate is given by:
G
LV
=
T C
g
v
A H
p
c
fg
v

..(10)

Small droplets of liquid also form in a jet of flashing vapor. These aerosol droplets are readily
entrained by the wind and transported away from the release site. The assumption that the
quantity of droplets formed is equal to the amount of material flashed is frequently made.





















Example: Propylene is stored at 25
o
C in a tank at its saturation pressure. A 1-cm
diameter hole develops in the tank. Estimate the mass flow rate through the hole. At
these conditions, for propylene,
H
v
= 3.34 x 10
5
J/kg; v
fg
= 0.042 m
3
/kg; p
sat
= 1.15 x 10
6
Pa; C
p
= 2.18 x 10
3
J/kg K
Equation 10 applies to this case. The area of the leak is
A =
( )( )
4
1
4
2
2
m 10 x 3.14

d
2 -
=

= 7.85 x 10
-5
m
2

Using Equation 54,
G
LV
=
T C
g

v
A H
p
c
fg
v

= (3.34 x 10
5
J/kg) (1 N m/J)
( )
( ) kg / m 0.042
m 10 x .
3
2 -5
85 7

x
( ) m/J) N (1 K) ( K J/kg 10 x .
N / ) m/s kg ( .
3
2
298 18 2
0 1
= 0.774kg/s

Example
Liquid ammonia is stored in a tank at 24
o
C and a pressure of 1.4 x 10
6
Pa. A leak of
diameter 0.0945 m forms in the tank. The saturation vapor pressure of liquid ammonia
at this temperature is 0.968 x 10
6
Pa and its density is 603 kg/m
3
. Determine the mass
flow rate through the leak. Equilibrium flashing conditions can be assumed.
Solution. Equation 9 applies for the case of equilibrium flashing conditions. Assume a
discharge coefficient of 0.61.
G
m
= AC
o
) P - P ( g
sat
c f
2 = (0.61)
2
(3.14)(0.0945 m) / 4
x ) m / N ( ) x . x . ( ] N / ) m/s kg ( [ ) kg/m (
2 3 2 6 6
10 968 0 10 4 1 1 603 2
G
m
= 97.6 kg/s


13
5. SLOWLY EVAPORATING POOL
In many cases the hazardous material does not evaporate before it hits the ground surface, and
it is necessary to model the evaporation from a surface pool. If the rate of evaporation is light
to moderate (i.e., the pool temperature is within a few degrees of ambient and the liquid does
not boil), and the liquid is well mixed, then an empirical formula for slowly evaporating pools
can be applied.
G
e
= k
g
Ap
vp
M/R
*
T
p
..(11)
Where G
e
is the evaporative emission rate (kg/s)
A is the pool area (m
2
)
p
vp
is the vapor pressure (N/m
2
)
M is the molecular weight (kg/kg-mol)
R
*
is the gas constant (J/mol/
o
K)
T
p
is the pool temperature (
o
K)
For the case when the wind velocity on the pool surface is very low (< 0.1m/s) the mass
transfer coefficient may be calculated using:
1/3
,
( / )
g g ref ref
k k M M = ..(12)
Where, k
g,ref
is the mass transfer coefficient for a reference fluid (typically water, for which k
g

= 0.83cm/s) and M
ref
is the molecular weight of the reference fluid.
For significant wind velocities across the pool surface, the parameter k
g
is the mass transfer
coefficient (m/s), given by the formula
K
g
= D
m
N
sh
/d ..(13)
Where D
m
is the molecular diffusivity of the vapor I air (m
2
/s)
d is the effective pool diameter (m)
N
sh
is the Sherwood number, given by the correlation
N
Sh
= 0.037(k
m
/D
m
)
1/3
[(ud/k
m
)
0.8
-15200]
Where k
m
is the kinematic viscosity of the air (m
2
/s)
u is the wind speed at 10 m over the pool (m/s)

DISPERSION MODELS
Gases can be released either continuously (plume) or instantaneously (puff). Once released,
they will be dispersed by atmospheric conditions. The dispersion phenomenon depends on
whether the gas is lighter or heavier than air. For light to neutrally buoyant gases the
following table allows the choice of applicable stability class (table 3) which in turn is used to
choose the dispersion coefficients provided in tables 4 and 5.

TABLE 3 Pasquill Stability Meteorological Conditions
a,b

Surface wind
speed (m/s) at
10m height
Daytime insolation Nighttime conditions
Strong Moderate Slight Thin overcast
or low 4/8
cloudiness
3/8
cloudiness
<2
2-3
3-4
4-6
>6
A
A-B
B
C
C
A-B
B
B-C
C-D
D
B
C
C
D
D

E
D
D
D

F
E
D
D
b
A, Extremely unstable conditions; B, moderately unstable conditions; C, slightly unstable conditions; D, neutral
conditions; E, slightly conditions; F, moderately conditions.

14

Neutral and Positively Buoyant Plume and Puff Models
Neutral and positively buoyant plume or puff models are used to predict concentration and
time profiles of flammable or toxic materials downwind or a source based on the concept of
Gaussian dispersion. Plumes refer to with the travel time (time for cloud to reach location of
interest) or sampling (or averaging) time (normally 10 min). The basis for the Pasquill-
Gifford model is Gaussian dispersion in both the horizontal and vertical axes.


FORMULA FOR CONTINUOUS PLUME DISPERSION:

2 2 2
2 2 2
( ) ( )
( , , ) exp{ } exp{ } exp{ }
2 2 2 2
V
y z y z z
G y z H z H
C x y z
u
(
( +
= +
(
(
(

..(14)
Where x,y,z = distance from source, m (x = downwind, y = crosswind, z = vertical)
c = concentration (kg/m
3
) at location x, y, z; G
V
= vapour emission rate (kg/s); H = height of
source above ground level plus plume rise (m);
y
,
z
= dispersion coefficients (m), function
of distance downwind, u = wind velocity (m/s)
Dispersion coefficients
y
and
z
for diffusion of Gaussian plumes are available aa predictive
formulas for these are also available; these differ slightly. Use of such formulas allow for
easier computerization of the method.


FORMULA FOR INSTANTANEOUS PUFF EMISSIONS:
[
2 2 2 2
3/ 2 2 2 2 2
( ) ( ) ( )
( , , , ) exp{ }{ exp exp ]}
(2 ) 2 2 2 2
x y z x y z z
M x ut y z H z H
C x y z t

(
+
= +
(
(


.(15)
Where, M = amount released instantaneously (kg); t = time elapsed after release (s)
Puff emissions have different spreading characteristics from continuous plumes and different
dispersion coefficients (
y
,
z
). Also because of a lack of data, it is often assumed
x
=
y
.


Table 4 Equations for Pasquill Gifford Dispersion Coefficients for
Plume Dispersion (x = distance downwind from source)
Pasquill-Gifford Stability class
y
(m)
z
(m)
A
B
C
D
E
F
0.493x
0.88

0.337x
0.88

0.195x
0.90

0.128x
0.90

0.09x
0.91

0.067x
0.90

0.087x
1.10

0.135x
0.95

0.112x
0.91

0.093x
0.85

0.082x
0.82

0.057x
0.80



Table 5 Equations for Pasquill Gifford Dispersion Coefficients for
Puff Dispersion (x = distance downwind from source)
Pasquill-Gifford Stability class
y
(m) or
x

(m)
z
(m)
A
B
C
0.18x
0.92

0.14x
0.92

0.10x
0.92

0.60x
0.75

0.53x
0.73

0.34x
0.71


15
D
E
F
0.06x
0.92

0.04x
0.92

0.02x
0.89

0.15x
0.70

0.10x
0.65

0.05x
0.63
































2. EXPLOSIONS AND FIRES
The objective of this section is to review the types of models available for estimation of
accidental explosion and fire incident outcomes. An explosion can be thought of as a rapid
equilibrium of a high-pressure gas with the environment. This equilibrium must be rapid
enough that the energy contained in the high-pressure gas is dissipated as a shock wave.
Explosions can arise from strictly physical phenomena such as the catastrophic rupture of a
pressurized gas container or from a chemical reaction such as the combustion of a flammable
gas in air. These latter reactions can occur both in a confined state (i.e., within buildings or
vessels) or an unconfined state (i.e., unconfined vapor cloud explosions or UVCE).
The consequences of concern for explosions in general are shock wave overpressure
effects and projectile effects; for fires the consequences of concern are thermal radiation
effects. When explosions arise from a combustion reaction usually the thermal radiation
effects are ignored because the shock wave effects will predominate.
The following accident scenarios are considered:
Unconfined Vapor Cloud Explosions and Flash Fires
Example on Plume Discharge: Calculate the concentration of chlorine from a
source of 0.3 kg/s located 1 m above ground level at a place 120 m downwind, 10 m
crosswind, and 2 m height. Weather conditions correspond to D stability, 5 m/s wind
(at 10 m height). The leak rate is small, thus dispersion will rapidly ensure that the
dense gas behaviour zone is negligible and a Gaussian model is adequate. The
release occurs at 2 m, the plume is constrained by ground level, so the mean height
for wind estimation is selected as 2 m.
Data: Assume ground roughness is equivalent to urban conditions; Stability
class = D; Ambient temperature, T
a
= 20
o
C (293
o
K); pressure p = 1 atm abs; Chlorine
molecular weight, M
o
= 71; Gas constant, R = 0.082 m
3
atm/kg-mol/
o
K
The following equation is used to estimate the wind speed at a height of 2 m can be
determined: u
z
= u
10
(z/10)
p
= 5(2/10)
0.25
= 3.3 m/s
Dispersion coefficients for D stability evaluated at x = 120 m (using table above)

y
= 0.128x
0.90
= 9.5 m;
z
= 0.093x
0.85
= 5.4 m

Concentration in kg/m
3
can be found from Equation (14):

2 2 2
2 2 2
2 2 2
2 2 2
4 3
( ) ( )
exp exp exp
2 2 2 2
0.3 10 (2 1) (2 1)
exp exp exp
2 (9.5)(5.4)(3.3) 2(9.5) 2(5.4) 2(5.4)
2.72 x 10 kg / m
y z y z z
G y z H z H
C
u

(
( +
= +
(
(
(

( ( +
= +
( (

=

To convert this into ppm (vol), assume that the plume is at near ambient temperature
(T
a
). Then,
( )
3 6 4 6
(0.082)(293)
( / ) 10 2.72 10 10 92
(1)(71)

a
ppm
o
RT
C C kg m x x x x ppm
PM

= = =


16
BLEVE and Fireball
Pool Fire and Jet Fires


Unconfined Vapor Cloud Explosions and Flash Fires
When a large amount of a volatile flammable material is rapidly dispersed to the atmosphere,
a vapor cloud forms and disperses. If this cloud is ignited before the cloud is diluted below its
LFL, a UVCE or flash fire will occur. The main consequence in a UVCE is the shock wave
that results while the main consequence in a flash fire is the thermal radiation.
Two important mechanisms for flame acceleration are thermal expansion and
turbulence. Process structures contribute to partial confinement and turbulence, thus if many
pieces of process equipment and many structures are present, it is likely that a flash fire will
make the transition a UVCE.
Various researchers have concluded that
There may be some minimum mass of flammable material that is required to allow
transition from a flash fire to UVCE. These estimates range from 1 ton to 15 tons.
The presence of some confinement/obstacles may be necessary for transition to
UVCE.
Materials with higher fundamental burning velocities can produce easier transition
to UVCE for a given release quantity.
Peak overpressures of UVCEs are much less than with detonations, typically 1 bar
(15 psi) or less, and positive phase durations of 20-100 ms.
A model of UVCEs is the TNT model. The TNT model is easy to use and has
been applied for many CPQRAs. It is based on the assumption of equivalence between the
flammable material and TNT, factored by an explosion yield term:
W =
cTNT
c
E
ME
..(16)
where W = equivalent mass of TNT (kg or lb); M = mass of flammable material released;
= empirical explosion yield (or efficiency) (ranges from 0.01 to 0.10); E
c
= lower heat of
combustion of flammable gas (kJ/kg or Btu/lb); E
cTNT
= heat of combustion of TNT (4437-
4765 kJ/kg or 1943-2049 Btu/lb.
Figure 1. Scaled overpressure as a function of scaled distance


17

















BLEVE and Fireball
A Boiling Liquid Expanding Vapor Explosion (BLEVE) occurs when there is a sudden loss of
containment of a pressure vessel containing a superheated liquid or liquefied gas. This section
describes the methods used to calculate the effects of the vessel rupture and the fireball that
results if the released liquid is flammable and is ignited.
A BLEVE is a sudden release of a large mass of pressurized superheated liquid to the
atmosphere The primary cause is usually an external flame impinging on the shell of a vessel
above the liquid level, weakening the container and leading to sudden shell rupture. A
pressure relief valve does not protect against this mode of the failure. It should be noted,
however, that a BLEVE can occur due to any mechanism that results in the sudden failure of
containment allowing a superheated liquid to flash, typically increasing its volume over 200
times. This is sufficient to generate a pressure wave and fragments. If the released liquid is
flammable, a fireball may result.
Useful formulas for BLEVE physical parameters are
Peak fireball diameter (m) D
max
= 6.48 M
0.325
..(18)
Fireball duration (s) t
BLEVE
= 0.825 M
0.26
..(19)
Center height of fireball (m) H
BLEVE
= 0.75 D
max
..(20)
Initial ground level hemisphere diameter (m) D
initial
= 1.3 D
max
..(21)
where M = initial mass of flammable liquid (kg).
The initial diameter is used to describe the short duration initial ground level
hemispherical flaming-volume before buoyancy forces lift it to a semisteady height.
The radiation received by a target (for the duration of the BLEVE incident) is given by
Q
R
= EF
21
..(22)
where Q
R
= radiation received by a black body target (kW/m
2
)
= transmissivity (dimensionless); E = surface emitted flux (kW/m
2
)
F
21
= view factor (dimensionless)
The atmospheric transmissivity , is an important factor. Thermal radiation is absorbed and
scattered by the atmosphere. This causes a reduction in radiation received at target locations.
The correlation formula that accounts for humidity is:
= 2.02(P
w
x)
-0.09
..(23)
where = atmospheric transmissivity (fraction energy transmitted: 0 to 1); P
w
= water partial
pressure (Pascals, N/m
2
); x = path length, distance from flame surface to target (m)
Example
Using the TNT equivalent model, calculate the distance to 5 psi overpressure
(equivalent to heavy building damage) of an UVCE of 10 short tons of
propane.
Data: Mass = 10 tons; Lower heat of combustion of propane (E
c
) = 46350
kJ/kg; Assume an explosion yield () = 0.05; Assume E
cTNT
= 4650 kJ/kg
From Equation (16),
46350
0.05 10000 4530
4650

c
cTNT
ME
W x x kg
E

= = =
From Figure above, the scaled distance (Z
G
) to 5 psi (P
so =
0.33 atm) = 7
m/kg
1/3
. Converting scaled distance to real distance:
R
G
= Z
G
W
1/3
= 7 m/kg
1/3
x (4530 kg)
1/3
= 113 m


18
Thermal radiation is usually calculated using surface emitted flux, E, rather than the
Stefan-Boltzmann equation, as the latter requires the flame temperature. Typical heat fluxes in
BLEVEs (200-350 kW/m
2
) are much higher than in pool fires as the flame is not smoky. The
surface heat flux is based on the radiative fraction of the total heat of combustion. This
fraction is typically 0.25-0.4.
E =
BLEVE
c rad
t D
MH F
2
max
) (
..(24)
where E = surface emitted flux (kW/m
2
); M = mass of LPG in BLEVE (kg); H
c
= heat of
combustion (kJ/kg); D
max
= peak fireball diameter (m); F
rad
= radiation fraction, typically
0.25-0.40; T
BLEVE
= fireball duration (s)
As the effects of a BLEVE mainly relate to human injury, a geometric view factor for
a sphere to a surface normal to the sphere (not the horizontal or vertical components) should
be used.
F
21
=
2
2
4
D
r
..(25)
where F
21
= view factor between sphere and target surface; D = sphere diameter (m)
r = distance from sphere center to target along the ground (m)

BLEVE Schematic
H
BLEVE
Target
r
X
D
max

Pool Fires and Jet Fires
Pool fires and jet fires are common fire types resulting from fires over pools of liquid or from
pressurized releases of gas and/or liquid. They tend to be localized in effect and are mainly of
concern in establishing the potential for domino effects and employee safety zones, rather
than for community risk. Pool and jet fire models, unlike those for dispersion and UVCE, are
made up of a range of independent submodels and the best pool fire model will be based on
the selection of the most appropriate submodels. Pool fire models have been applied to LNG
spills as well as more common flammable materials. The most common application of jet fire
models is the specification of exclusion zones around flares.

Pool Fire Models
Burning Rate: Large pool fires burn at a constant vertical rate, characteristic for the material.
Typical values for hydrocarbons are in the range 0.05 kg/m
2
s (gasoline) to 0.12 (LPG).
Pool Size: In most cases, pool size is fixed by the size of release and by local physical barriers
(e.g., dikes, sloped drainage areas). For a continuous leak, on an infinite flat plane, the
maximum diameter is reached when the product of burning rate and surface area equals the



19

























leakage rate. Circular pools are normally assumed; where dikes lead to square or rectangular
shapes, an equivalent diameter may be used.
Flame Height: Many observations of pool fires show that there is an approximate ratio of
flame height to diameter. Typical values of H/D are in the range 2-3.
Surface Emitted Power: LPG and LNG fires radiate up to 250 kW/m
2
. Upper values for other
hydrocarbon pool fires lie in the range 110-170 kW/m
2
, but smoke obscuration often reduces
this to 20-60 kW/m
2
. The surface emitted power unit per area can be estimated using the
radiation fraction method as follows: (i) Calculate total combustion power (based on burning
rate and pool area) (ii) Multiply by radiation fraction to determine total power radiated (iii)
Determine flame surface area (commonly use only the cylinder side area) (iv) Divide radiated
power by flame surface area. The radiation fraction of total combustion power is often quoted
in the range 0.15-0.35.
Geometric View Factor: The thermal radiation received at a target location is determined by
the geometric view factor (ignoring atmospheric absorption). View factors are discussed in
texts on thermal radiation. The simplest shape factor is the point source that assumes all
radiation arises in a single point and is received by an object oriented perpendicular to this:
F
p
=
2
1/ 4 x ..(26)
Where F
p
= point source view factor (m
-2
); x = distance from point source to target (m). This
must be applied to the total heat output, not to the flux per unit area. The point source view
factor provides a reasonable estimate of received flux at distance far from the flame. At closer
distances, more rigorous formulas or tables are used.
Received Thermal Flux: The received thermal flux (on a target) from a pool fire is given by
Q
x
= Q
R
F
p
..(27)
Example
Calculate the size and duration, and thermal flux at 200 m distance from a BLEVE
of an isolated 100,000 kg (200 m
3
) tank of propane at 20
o
C, 8.2 bara (68
o
F, 120
psia). Atmospheric humidity corresponds to a water partial pressure of 2810 N/m
2

(0.4 psi). BLEVE thermal effects are calculated from Equations 18-25. For M =
100,000 kg, BLEVE parameters are
D
max
= 6.48 M
0.325
= 6.48 x 100,000
0.325
= 273 m
T
BLEVE
= 0.825 M
0.26
= 0.825 x 100,000
0.26
= 16.5 s
H
BLEVE
= 0.75 M = 0.75 x 273 m = 204 m

D
initial
= 1.3 D
max
= 1.3 x 273 m = 354 m
Radiation fraction: F
rad
= 0.25; View Factor [Equation (25)]
At 200 m F
21
=
2
2
2
max
200 4
273
4
2
x r
D
= = 0.47
Path length for transmissivity = Hypotenuse-BLEVE radius
= [204
2
+ 200
2
]
0.5
- 0.5 x 273 = 150 m
Transmissivity [Equation (23)]
= 2.02 x (P
w
x path)
-0.09
= 2.02 x (2820x150)
-0.09
= 0.63
Surface emitted flux [Equation (24)]
E =
BLEVE
c rad
t D
MH F
2
max
) (
=
2 2
0.25 100, 000 46350 /
273 16.5
x kgx kJ kg
x m x s
= 300 kW/m
2

Received flux [Equation (22): Q
R
= EF
21
= 0.63 x 300 kW/m
2
x 0.47 = 89 kW/m
2



20
Where Q
x
= thermal radiation received at distance x (kW/m
2
); = atmospheric transmissivity
(dimensionless); Q
R
= total heat radiated (kW); F
p
= point source view factor (m
-2
)

















Jet Fire Models: Jet fire modeling is not as well developed as for pool fires, but several
reviews have been published. The dimensions of the torch flame which is assumed to be
conical, are given by (for LPG):
L = 9.1 m
0.5
..(28)
W = 0.25L ..(29)
R
s,50
= 1.9 t
0.4
m
0.47
..(30)
where L = length of torch flame (m); W = jet flame conical half-width at flame tip (m); M =
LPG release rate (kg/sec; but subject to 1< m< 3000 kg/s); r
s,50
= side-on hazard range to
50% lethality (m; but subject to r>W); t = exposure time (s; but subject to 10<t<300s)The
end-on hazard zone is 85% of the side-on hazard zone.










ESTIMATION OF EFFECTS OF ACCIDENTS: PROBIT ANALYSIS
Many methods exist for representing the response-dose curve. Here dose refers to the
intensity of accident outcome (air-borne concentration of a toxic material, overpressure due to
an explosion or radiation intensity due to a fire), while response implies the human/property
damage caused by the accident. For single exposures, the probit (probit = probability unit)
method is particularly suited. The probit variable Y is related to the probability P (of a
specified level of response) by:

5 2
1 u
exp du
2 2
Y
P

| |
=
|
\

..(31)
Example: Determine the 50% lethality range for a pressurized release of LPG
@ 25 kg/s lasting for 100s. From Equations (28)-(30) the jet flame
dimensions are determined:
L = 9.1 m
0.5
= 91 x 25
0.5
= 45 m
W = 0.25L = 11 m (half width)
r
s,50
= 1.9 t
0.4
m
0.47
= 1.9x100
0.4
x 25
0.47
= 54 m
Thus, the side-on hazard zone for 50% lenthality is 54 m from the jet flame centerline.
The end-on hazard zone is 85% of this, or 46 m.
Example: Determine the thermal flux received at a distance of 100 m from a pool fire contained in
a 25-m-diameter tank dike. Weather conditions are no wind, 20
o
C and 50% relative humidity.
Data: burning rate = 013 kg/m
2
s; heat of combustion = 43,700 kJ/kg; vapor pressure of water at
50% relative humidity and 20
o
C = 232 Pa
Procedure: (1) Ignore flame tilt as there is no wind (2) Estimate total heat released
Q = M
b
E
c
A
where M
b
= burning rate, kg/m
2
s; E
c
= heat of combustion, kJ/kg; A = pool area, m
2

Q = 0.13 kg/m
2
s x 43,700 kJ/kg x (0./5 x 25)
2
m
2
= 2.8 x 10
6
kJ/s = 2.8 x 10
6
kW
Assume radiant fraction for hydrocarbon fires = 0.35 (conservative, as this radiant fraction is high
for smoky pool fires) then the radiant heat, Q
R
can be estimated.
Q
R
= 0.35 x 2.8 x 10
6
kW = 9.8 x 10
5
kW, F
P
=
2 2
100 4
1
4
1

=
x
= 8.0 x 10
6
m
-2


Using Equation (23) for a distance of 100 m: = 2.02(P
w
x)
-0.09
= 2.02(2320x100)
-0.09
= 0.66
The received thermal flux at 100 m is then calculated using Equation (27)
Q
x
= Q
R
F
p
= 0.66 x 0.98 x 10
6
Kw x 8.0 x 10
6
= 5.2 kW/m
2



21
Equation A provides a relationship between the probability P and the probit variable Y. This
relationship is tabulated in Table 6.
The probit relationship of Equation 31 transforms the typical sigmoid shape of the
normal response versus does curve into a straight line when plotted using a linear probit scale.
Standard curve fitting techniques are used to determine the best fit straight line.
Table 7 shows a variety of probit equations for a number of different types of
exposures. The causative factor represents the dose, V. The probit variable Y is computed
from the following equation:

Probit = Y = k
1
+ k
2
ln V ..( 32)

Table 6: The Transformation from Percentages to Probits

% 0 1 2 3 4 5 6 7 8 9
0 -- 2.67 2.95 3.12 3.25 3.36 3.45 3.52 3.59 3.66
10 3.72 3.77 3.82 3.87 3.92 3.96 4.01 4.05 4.08 4.12
20 4.16 4.19 4.23 4.26 4.29 4.33 4.36 4.39 4.42 4.45
30 4.48 4.50 4.53 4.56 4.59 4.61 4.64 4.67 4.69 4.72
40 4.75 4.77 4.80 4.82 4.85 4.87 4.90 4.92 4.95 4.97
50 5.00 5.03 5.05 5.08 5.10 5.13 5.15 5.18 5.20 5.23
60 5.25 5.28 5.31 5.33 5.36 5.39 5.41 5.44 5.47 5.50
70 5.52 5.55 5.58 5.61 5.64 5.67 5.71 5.74 5.77 5.81
80 5.84 5.88 5.92 5.95 5.99 6.04 6.08 6.13 6.18 6.23
90 6.28 6.34 6.41 6.48 6.55 6.64 6.75 6.88 7.05 7.33
% 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9
99 7.33 7.37 7.41 7.46 7.51 7.58 7.65 7.75 7.88 8.09

Examples:
1. For a probability of 0.1 (or 10%) , the probit is 3.72
2. For a probability of 0.8 (or 80%), the probit is 5.84
3. For a probability of 0.995 (or 99.5%), the probit is 7.58
4. For a probit of 3.36 the probability is 0.05 (or 5%)
5. For a probit of 4.95 the probability is 0.48 (or 48%)
6. For a probit of 7.36 the probability is 0.992 (or 99.2%)
7. For a probit less than 2.67, the probability is 0.
8. For a probit more than 8.09, the probability is 100%.

Table 7: Probit correlations for exposures, the causative variable V is representative of
the magnitude of the exposure.

Type of injury or damage Causative
variable
Probit
Parameters
V k
1
k
2

Fire: Burn deaths from fire
t
e
= effective time of exposure (s); I
e
= effective
radiation intensity received by target (W/m
2
)

t
e
I
e
4/3
/10
4


-14.9

2.56
Explosion:
Deaths from lung hemorrhage
Eardrum ruptures
Structural damage
Glass breakage

p
o

p
o

p
o

p
o


-77.1
-15.6
-23.8
-18.1

6.91
1.93
2.92
2.79

22
p
o
= peak overpressure (N/m
2
)
Toxic release:
Chlorine deaths
C= concentration (ppm); T= time interval (min)

C
2
T

-8.29

0.92





.

Table 9 Thermal Radiation Impact Criteria

Criterion Level
(kW/m
2
)
Likely Effects at Criterion Level
40 Immediate fatality.
20 Incapacitation, leading to fatality unless rescue is effected quickly.
12.5 Extreme pain within 20 seconds and movement to shelter is
instinctive. Limiting flux for secondary fires.
5.1 Threshold value below which escape should always be possible.
The probit method has found less use for thermal injury than it has for toxic effects. A probit
model to estimate injury levels for a given thermal dose from pool and flash fires, based on
nuclear explosion data, is: Y
burn deaths
= 14.9 + 2.56 ln
4/ 3
/10000 tI ..(33)
Where Pr = probit; t = duration of exposure (sec); I = thermal radiation intensity (W/m
2
)

Table 8 Explosion Impact Criteria
Explosion
Overpressure
Effect
35 m bar (0.5 psi) 90% glass breakage
No fatality and very low probability of injury
70 mbar (1 psi) Internal partitions & joinery damaged, but can be repaired
Probability of injury is 10%. No fatality
140 mbar (2 psi) House uninhabitable and badly cracked
210 mbar (3 psi) Reinforced structures distort
Storage tanks fail
20% chance of fatality to a person in a building
350 mbar (5 psi) House uninhabitable
Wagons and plant items overturned
Threshold of eardrum damage
50% chance of fatality for a person in a building and 15%
chance of fatality for a person in the open
700 mbar (10 psi) Threshold of lung damage
100% chance of fatality for a person in a building or in the open;
also, complete demolition of houses
Relatively high blast overpressures (>15 psig) are necessary to produce fatality (primarily due
to lung hemorrhage).


Example:
What is the chance of human fatality for a 60 min exposure to 60 ppm chlorine?
Ans: From table 5, Y
chlorine
= 8.29 + 0.92 ln (C
2
t)
= 8.29 + 0.92 ln (60
2
x 60) = 5.01
Using table 3, the probability of fatality is 50%.


23





















SECTION III: RELIABILITY THEORY
Equipment failures or faults in a process occur as a result of a complex interaction and
failures of the individual components. The overall probability of a failure in a process is
dependent on the nature of this interaction.
Data is collected on the failure rate of a particular hardware component. With
adequate data it can be shown that, on the average, the component fails after a certain period
of time. This is called the average failure rate and is represented by with units of
faults/time. The probability the component will not fail during the time interval (0, t) is given
by:
R(t) = e
-t
..(1)
where, R is the reliability. Equation 1 assumes a constant failure rate; when t the
reliability goes to 0. The complement of the reliability is called the failure probability (or
sometimes the unreliability), P, and is given by
P(t) = 1 - R(t) = 1 - e
-t
. .(2)
The failure density function f(t) is defined as:
f(t) =
t
dP(t)
e
dt


=
..(3)
The area under the plot of complete failure density function is unity, i.e.,

=
0
1 f(t)dt
.
The time interval between two failures of the same component is called the mean time to
failures (MTTF) and is given by the first moment of the failure density function:
Example
1. What is the chance of human fatality for 20s exposure to 20kW/m
2
?
Using Eq 33 (or table 7), Y
burn deaths
= 14.9 + 2.56 ln
4/ 3
/10000 tI
= 14.9 + 2.56 ln
4/ 3
20(20, 000) /10000 (

= 3.00
Hence using table 6 the chance of fatality is ~ 2 %

2. Determine the thermal flux necessary to cause 50% fatalities for 10 and 100
seconds of exposure. Using the probit method, Equation (33) can be rearranged to
solve for the thermal radiation intensity I:
I =
3/ 4
4
10 [(Pr 14.9) / 2.56]/ e t ( +

; For 50% fatality, Pr = 5.0 (Table 4).
For t = 10 s, I = 61 kW/m
2
; For t = 100 s, I = 11 kW/m
2

This example demonstrates the importance of duration of exposure, especially for
short duration incidents such as BLEVEs (on the order of 10-20s). A fixed criterion,
suitable for prolonged exposures, may be inappropriate for such incidents.

Example:
What is chance of death from lung hemorrhage for an exposure to 5 psi blast
pressure? From Table 7 Y
fatality from hemorrhage
= 77.1 + 6.91 ln p
0

Now p
0
= 5 psi = (5/14.7) x 101300 N/m
2
= 34455 N/m
2
Hence Y = 77.1 + 6.91 ln 34455 = 4.9

(From table 6, the chance is negligible)

If overpressure is 15 psi (1 atm): Y = 77.1 + 6.91 ln (103365) = 2.68
The probability of fatality is ~ 1%.
Thus, 15psi overpressure is the approximate threshold for fatality.

24
E(t) = MTTF =
0
1
f(t)dt

..(4)
Equations 1through 5 are only valid for a constant failure rate, . Many components exhibit a
typical "bathtub" failure rates. The failure rate is highest when the component is new (due to
defects in manufacturing/assembly) and when it is old (due to wear and tear in aging).
Between these two periods, the failure rate is reasonably constant and Equation 2 through 4
are valid.


Interaction between Process Units
Accidents in chemical plants are usually the result of a complicated interaction between a
number of process components. In such cases the overall process failure probability is
computed from the individual component failure probabilities.
Process components interact in two different ways. In some cases, a process failure
requires the simultaneous failure of a number of components operating in a "parallel" mode.
In such a case the system unreliability is:
P
sys
=
=
n
1 i
i
P
..(5)
where n is the total number of components and P
i
is the failure probability of each.
R
sys
= 1 -
=
n
1 i
i
) R - (1
..(6)
Where R
i
is the reliability of an individual process component.
Process components also interact in series, in that, they are connected in a "Series"
structure within a system. For series components the overall system process reliability, R
sys
,
is:
R
sys
=
=
n
1 i
i
R
..(7)
P
sys
= 1-
) P - (1
n
1 i
i
=
..(8)
Failure rate data for a number of typical process components are provided in Table 1. These
are average values determined at a typical chemical process facility. These values depend on
manufacturing practices employed by manufacturer, materials of construction, design of the
component, the physico-chemical environment in which the component functions etc.
Table 1 Failure Rate Data for various selected process components
Instrument Faults/year
Controller
Control valve
0.29
0.60
Hand valve
Alarm Indicator lamp
Level measurement meter (liquids)
0.13
0.044
1.70
Pressure gauge
Pressure relief valve
Pressure switch
1.41
0.022
0.14
Solenoid valve
Stepper motor
0.42
0.044

25
Strip chart recorder 0.22
Thermocouple
Thermometer
Valve positioner
0.52
0.027
0.44

FAULT TREES
Fault trees are a deductive method for identifying ways in which hazards can lead to
accidents. The approach starts with a well-defined accident, or top event, and works
backwards towards the various scenarios or events that can cause the accident. Events in fault
tree are not restricted to hardware failures. It can also include software failure, human error,
and environmental abnormities.

For reasonably complex chemical processes, a number of additional logic functions are
needed to construct a fault tree. The AND logic gate is used for describing processes that
interact in parallel. OR gate is used for describing events that need occur alone to result in
output event.

Below is an example of a fault tree for a reactor system for which 2 safety systems are
available (i) an alarm system and (ii) a shutdown system.

Exothermic Reactor System

26

Fault Tree for Exothermic Reactor System

EVENT TREES
An event tree begins with an initiating event and works towards a final result or consequence
through steps. When an accident occurs in a plant, various safety systems come into operation
in order to prevent the accident from propagating. These safety systems may in turn either fail
or succeed in their operation. The event tee approach includes the effects of an event initiation
followed by the impact of the safety systems on the propagation of the accident based on the
performance of the safety systems.

Example: Consider the chemical reactor system shown in Figure below. This system features
a high temperature alarm that has been installed to warn the operator of a high temperature
within the reactor. The operator may also notice the high temperature on his own during
normal inspection. The event tree for a loss of coolant initiating event is shown in the next
figure. Four safety functions are identified. The first safety function is the high temperature
alarm. The second safety function is the operator noticing the high reactor temperature during
normal inspection. The third safety function is the operator re-establishing the coolant flow by
correcting the problem within time. The final safety feature is invoked by the operator
performing an emergency shutdown of the reactor. In constructing the event tree these safety
functions are written across the page in the order in which they logically occur.


27

Exothermic Reactor System
If in a certain situation a safety function does not apply or is not relevant, the horizontal line is
continued through the safety function without branching. The sequence description and
consequences are indicated on the extreme right hand side of the event tree. The open circles
indicate safe conditions and the circles with the crosses represent unsafe conditions.










28
Event Tree for the Exothermic Reactor System



29
QRA: A CASE STUDY
The chemical plant X considered is a very simple one, where most phenomena occur as
simple step functions. In the company X the following apply:
All hazards originate at a single point.
Only two weather conditions occur. The atmospheric stability class and wind
speed are always the same. Half of the time the wind blows from the northeast,
and half of the time it blows from the southwest.
There are people located around the site. The specific population distribution will
be described later in the example, when the information is needed.
Incident consequences are simple step functions. The probability of fatality from
a hazardous incident at a particular location is either 0 or 1.
These simple conditions, and the description of the impact zones of incidents as simple
geometric areas, allow easy hand calculation of various risk measures, and is used
primarily to illustrate the QRA methodology. The concepts and techniques used to derive
the risk measures from the underlying incident frequency and consequence information are
the same as would be used for a more complex QRA study (steps shown in Fig below )
which use a variety of models. These models include:
1. Estimation of accident consequence: source and dispersion models
2. Estimation of effects of accident effects on human and property: probit Analysis
3. Estimation of Accident frequency: reliability, fault and event tree models
Define QRA objectives
and describe system
Identify hazards and incident scenarios
Estimate incident consequences
Estimate incident frequency
Estimate risk
Use results to manage and reduce risk

QRA Procedure
Incident Identification
It is important to choose the correct set of representative accident scenarios for QRA. Using
industry-wide historical data, as well as HAZID techniques, the following realistic scenarios
are identified for X:
I. An explosion resulting from detonation of an unstable chemical.
II. A release of a flammable, toxic gas resulting from failure of a vessel.

Incident Outcomes
The identified incidents may have one or more outcomes, depending on the sequence of
events which follows the original incident. For example, a leak of volatile, flammable liquid
from a pipe might catch fire immediately (jet fire), might form a flammable cloud which


30
could ignite and burn (flash fire) or explode (vapor cloud explosion). The material also might
not ignite at all, resulting in a toxic vapor cloud. These are referred to as potential accident
scenarios or as incident outcomes. Some incident outcomes are further subdivided into
incident outcome cases, differentiated by the weather conditions and wind direction, if these
conditions influence the potential damage resulting from the incident.
Event tree logic may be used to identify the incident outcomes and outcome cases.
Incident I, the explosion has only one possible outcome (the explosion), and the consequence
and effects are unaffected by the weather. Therefore, for Incident I there is only one incident
outcome and one incident outcome case; this is represented by an event tree with no branches
(Fig 2).
Incident Incident
Outcomes
Incident
Outcome Cases
Event Tree for Incident I
II Flammable Toxic Gas
Release
II Explosion I Explosion
Event Tree for Incident II
IIA Ignition
(Explosion)
IIB1 Toxic Cloud
to Southwest
IIB No Ignition
Toxic Cloud
IIB2 Toxic Cloud
to Northeast
IIA Ignition

Fig 2. Event Trees for the Incidents I and II
The Incident II, the release of flammable, toxic gas, has several possible outcomes (jet fire,
vapor cloud fire, vapor cloud explosion, toxic cloud) and its event tree is also shown in fig 2.
(Note that for simplicity only two wind directions are assumed for the outcomes cases).
Consequence and Impact Analysis
Incident impact estimation requires two steps.
1. Estimation of a physical concentration of material or energy at each location starting
from the point of origin of the incident: radiant heat from a fire, overpressure from
an explosion, concentration of a toxic material in the atmosphere
2. Estimation of the effects (impact) that this physical concentration of material or
energy has on people, the environment, or property for example, toxic material
dose-response relationships (probit equations).
The application of consequence and impact models to facility X yields simple impact
zone estimates for the identified incident outcome cases:
Incident Outcome Case I (explosion) the explosion is centered at the center
point of the facility; all persons within 200 meters of the explosion center are
killed (probability of fatality = 1.0); all persons beyond this distance are
unaffected (probability of fatality = 0).
Incident Outcome Case IIA (explosion) the explosion is centered at the center
point of the facility; all persons within 100 meters of the explosion center are


31
killed (probability of fatality = 1.0); all persons beyond this distance are
unaffected (probability of fatality = 0).
Incident Outcome Cases IIBI, IIB2 (toxic gas clouds) all persons in a pie
shaped segment of radius 400 meters downwind and 22.5
0
width are killed
(probability of fatality = 1.0); all persons outside this area are unaffected
(probability of fatality = 0).
Figure 3 illustrates these impact zone.
Incident Frequency Analysis
Reliability, fault and event tree methods are used for accident frequency estimation. We
assume that the following values obtain for the 2 potential incidents on X:
Incident I Frequency = 1 x 10
-6
events per year
Incident II Frequency = 3 x 10
-5
events per year (for Incident II Ignition
Probability = 0.33)
We further assume that annually, the wind blows from the Northeast 50% of the time, and
from the Southwest 50% of the time. The above considerations give the frequency estimates
for the four incident outcome cases (shown in the event trees of Figure 4).
Individual Risk Estimation
Individual risk is defined as The risk to a person in the vicinity of a hazard. This includes the
nature of the injury to the individual, the likelihood of the injury occurring, and the time
period over which the injury might occur. In this example, the nature of the injury for both
individual and societal risk calculations will be immediate fatality resulting from fire,
explosion, or exposure to toxic vapors.
Individual Risk Contours
Individual risk at any point is given by:
IR
x,y
=
, ,
1
n
x y I
i
IR
=

..(1)
IR
x,y,I
= f
i
p
f,i
..(2)
where;
IR
x,y
= the total individual risk of fatality at geographical location x,y (probability of
fatality per year)
IR
x,y,i
= the individual risk of fatality at geographical location x,y from incident
outcome case i (probability of fatality per year)
n = the total number of incident outcome cases considered in the analysis
f
i
= frequency of incident outcome case i, (per year)
p
f,i
= probability that incident outcome case I will result in a fatality at location x, y
Each incident outcome case has an equal impact (probability of fatality p
f,i
= 1) throughout its
geographical impact zone. Therefore, within the impact zone for each incident outcome case,
the individual risk from that incident outcome case IR
x,y,i
is equal to the frequency of that
incident outcome case (Equation 2). Outside the impact zone, IR
x,y,i
is zero.
The four impact zones from the four incidents are superimposed on a map of the
region of the plant and its surroundings as shown in Figure 5. The total individual risk of
fatality at each geographical location is then determined by adding the individual risk from all
incident outcome case impact zones that impact that location (using Equation 1). For
example, in the area labeled C in Figure 5, application of Equation 1 gives the results listed
in Table 1.
Similar calculations for the other areas in Figure 5 give the results summarized in
Table 2. Figure 5 is an individual risk contour plot for this example problem, with the
individual risk values for each area listed in Table 2.



32
Prob. of fatality = 1.0
Incident Outcome Case I
Prob. of
fatality = 0
Incident Outcome Case IIA
Prob. of
fatality = 1.0
Prob. of
fatality = 0
Circle Diameter = 200m Circle Diameter = 100m
Prob. of
fatality = 0
Prob. of
fatality = 0
Prob. of
fatality = 1.0
Prob. of
fatality = 1.0
Incident Outcome Case IIB1 Incident Outcome Case IIB2
N
E
Triangle Height = 400m; Angle = 22.5
0
Triangle Height = 400m; Angle = 22.5
0

Fig 3. Impact zones for Incident Outcome Cases
Individual Risk Profile (Risk Transect)
The individual risk profile (risk transect) is a graph showing the individual risk as a
function of distance from the source of the risk in a particular direction. For the
example problem, Figure 6 is the individual risk profile in the northeast direction. For
drawing this transect the necessary numbers are shown in tables 2 and 3.
Table 1 Individual Risk Calculation for Area C In Figure 5
Incident Outcome Case f
i
(per year) P
f,i
IR
i
(per year)
I 10
-6
1 10
-6

IIB2 10
-5
1 10
-5

IR = IR
i
= 1.1 x 10
-5



33
Incident Incident
Outcomes
Incident
Outcome
Cases
Event Tree for Incident I
II Flammable Toxic Gas
Release; f = 3x10
- 5
/yr
I Explosion
f = 10
6
/yr
I Explosion
f = 10
6
/yr
Event Tree for Incident II
IIA Ignition (Explosion)
f = 10
5
/yr
IIB1 Toxic Cloud to
Southwest; f = 10
5
/yr
IIB No Ignition
Toxic Cloud
Prob. = 0.67
IIB2 Toxic Cloud to
Northeast; f = 10
5
/yr
IIA Ignition
Prob. = 0.33
Prob. = 0.5
Prob. = 0.5


Figure 4. Frequency (f) of Incident (final) Outcome Cases

E
C
A
B
D
F
G
H
I
J
K
E
N
Incident
Outcome Case I
Effect Zone
Incident
Outcome Case
IIA
Effect Zone
Incident
Outcome Case
IIB2
Effect Zone
Incident
Outcome Case
IIB1
Effect Zone

Figure 5. Individual Risk Contour Map
Table 2 Individual Risk Results
Region
(see Figure 5)
Incidents Impacting Region Total Individual Risk of Fatality
(per year)
A I, IIA, IIB2 2.1 x 10
-5



34
B I, IIA, IIB1 2.1 x 10
-5

C I, IIB2 1.1 x 10
-5

D I, IIB, B1 1.1 x 10
5

E IIB2 1.0 x 10
-5

F IIB1 1.0 x 10
-5

G I, IIA 1.1 x 10
-5

H I, IIA 1.1 x 10
-5

I I 1.0 x 10
-6


Table 3 Individual Risks in the Northeast Direction
Distance (m) Region Incidents Impacting
Region
Total Individual Risk of
Fatality (per year)
> 400 Beyond E None 0
200 400 E IIB2 1.0 x 10
-5

100 200 C I, IIB2 1.1 x 10
-5

0 100 A I, IIA, IIB2 2.1 x 10
-5


100 200 400 300 500
10
- 6
10
- 5
10
- 7
10
- 4
I
n
d
i
v
i
d
u
a
l

R
i
s
k

p
e
r

y
e
a
r
Distance from the Plant in the Northeast (m)

Figure 6. Individual Risk Transect in the Northeast direction



Figure 7 shows the location of people in the area surrounding the CP facility.


35
3
2
**
4
**
10
6
1
**
K
E
N
Incident
Outcome Case I
Effect Zone
Incident
Outcome Case
IIA
Effect Zone
Incident
Outcome Case
IIB2
Effect Zone
Incident
Outcome Case
IIB1
Effect Zone
Indicates X people at specified
location
**
Employees in on-site buildings
X

Figure 7. Population Distribution in and around CP
Data on Population Distribution
Region Incidents Impacting Region No of People
A I, IIA, IIB2 0
B I, IIA, IIB1 0
C I, IIB2 0
D I, IIB, B1 2
E IIB2 3
F IIB1 4
G I, IIA 0
H I, IIA 0
I I 10
J I 1
K None 10

Societal Risk Calculation
Societal risk measures the risk to a group of people. Societal risk measures estimate both the
potential size and likelihood of incidents with multiple adverse outcomes. In this example, the
adverse outcome considered is immediate fatality resulting from fire, explosion, or exposure
to toxic vapors. Societal risk measures are important for managing risk in a situation where
there is a potential for accidents impacting more than one person.
F-N Curve
A common measure of societal risk is the Frequency-Number (F-N) curve. The first step in
generating an F-N Curve for the example problem is to calculate the number of fatalities
resulting from each incident outcome case, as determined by: N
i
=
, ,
,

x y f i
x y
P P

..(5)


36
where N
i
is the number of fatalities resulting from Incident Outcome Case i.
For the example, p
f,i
in Equation 5 equals 1. Because the impact zones for the
example are simple, this calculation can be done graphically by superimposing the impact
zones from Figure 3 onto the population distribution in Figure 7, and counting the number of
people inside the impact zone. Table 4 summarizes the estimated number of fatalities for the
four incident outcome cases.
The data in Table 4 must then be put into cumulative frequency form to plot the F-N
Curve: F
N
=

i
i
F ; for all outcome cases i for which N
i
N ..(6)
where: F
N
= frequency of all incident outcome cases affecting N or more people, per year ; F
i

= frequency of incident outcome case i, per year
Table 5 summarizes the cumulative frequency results. The data in Table 5 can be
plotted to give the societal risk F-N Curve in Figure 8.

Table 4 Estimated Numbers of Fatalities from Each Incident Outcome Case
Incident Outcome Case Frequency F
i

(per year)
Estimated Number of Fatalities
I 1.0 x 10
-6
10 + 2 + 1 = 13
IIA 1.0 x 10
-5
0
IIB1 1.0 x 10
-5
4 + 2 = 6
IIB2 1.0 x 10
-5
3
Table 5 Cumulative Frequency Data for F-N Curve
Number of Fatalities
N
Incident Outcome Cases
Included
Total Frequency
F
N
(per year)
3 + I, IIB1, IIB2 2.1 x 10
-5

6 + I, IIB1 1.x 10
-5

13 + I 1.0 x 10
-6

>13 + None 0

1 10 100
10
- 6
10
- 5
10
- 7
10
- 4
F
r
e
q
u
e
n
c
y

o
f

N

o
r

m
o
r
e

F
a
t
a
l
i
t
i
e
s

,

p
e
r

y
e
a
r

Number of Fatalities (N)


Figure 8. Societal Risk F-N Curve




37
HAZOP: An Introduction
The Hazard and Operability study (HAZOP) systematically questions the design to discover
how it can deviate from the design intention. To enable a thorough examination, the plant is
split into a number of parts. Each part is subjected to a number of questions based on a set of
guidewords for the project. The purpose is to identify all possible deviations from the design
conditions and to identify all the hazards associated with these deviations. The basic concept
behind HAZOP studies is that processes work well when operating under design conditions,
deviations from the process design conditions cause hazards and lead to operability problems.
Where deviations result in hazards, actions are identified. This requires the design
engineer to review and suggest solutions to either remove the hazard or reduce its risk to an
acceptable level. These solutions are reviewed and accepted by the HAZOP team before
implementation.
The questions are formulated using a number of guide words to ensure a consistent
and structured approach. The application of an accepted set of guide words ensures that every
conceivable deviation is considered. The guide words are normally applied in conjunction
with a series of process parameters to arrive at a meaningful deviation. The main process
parameters with their commonly used guide words are as follows
Main Process Parameters Commonly Used Guide Words
flow no, more, less, reverse, sneak (leak)
temperature, pressure, level higher, lower
composition, reaction, phase no, more, less, as well as, part of, other than


38
HAZARD AND OPERABILITY STUDY REORT
Project title: Sheet of
Project number: Date:
P&ID number: Chairman:
Line number: Study team:
Guide word Deviation Cause Consequences Safeguards Action
Numbe
r
By Details Reply
accepted



39

Exothermic Reactor: HAZOP CASE STUDY


HAZOP Study applied to the Exothermic Reactor
Item Study node Process
parameters
Deviations
(guide words)
Possible causes Possible consequences Action required
1A Cooling
coils
Flow No 1. Control valve fails closed
2. Plugged cooling coils


1. Loss of cooling, possible runaway
2. do-


1. Select valve to fail open
2. Install filter with maintenance
procedure Install cooling water flow
meter and low flow alarm Install


40

3. Cooling water service failure
4. Controller fails and closes valve
5. Air pressure fails, closing valve

3. do-
4. do-
5. do-
high temperature alarm to alert
operator
3. Check and monitor reliability of
water service
4. Place controller on critical
instrumentation list
5. See 1A.1
1B High 1. Control valve fails open

2. Controller fails and opens valve
1. Reactor cools, reactant conc.
builds, possible runaway on
heating
2. do -
1. Instruct operators and update
procedures
2. See 1A-4
1C Low 1. Partially plugged cooling line
2. Partial water source failure
3. Control valve fails to respond
1. Diminished cooling, possible
runaway
2. do-
3. do-
1. See 1A.2
2. See 1A.2
3. Place valve on critical
instrumentation list

1D As well as 1. Contamination of water supply 1. Not possible here 1. None
1E Part of 1. Covered under 1C
1F Reverse 1. Failure on water source
resulting in backflow
2. Backflow due to high
backpressure
1. Loss of cooling, possible
runaway
2. do-
1. See1A.2

2. Install check calve
1G Other than, 1. Not considered possible
1H Sooner than 1. Cooling normally started early 1. None
1I Later than 1. Operator error 1. Temperature rises, possible
runaway
1. Interlock between cooling flow
and reactor feed
1J Temperature Low 1 Low water supply temperature 1. None; controller handles 1. None
1K High 1. High water supply temperature 1. Cooling system capacity
limited temp. increases
1. Install high flow alarm and/or
cooling water high temp. alarm
2A Stirrer Agitation No 1. Stirrer motor malfunction
2. Power failure
1. No mixing, possible accumulation
of unreacted materials
2. Monomer feed continues, possible
accumulation of unreacted
materials
1. Interlock with feed line


2. Monomer feed valve must fail
closed on power loss
2B More 1. Stirrer motor controller fails,
resulting in high motor speed
1. None



41
Reliability and Availability Analysis
Reliability Function
N
0
identical items put to test at t=0 for temporal failures
N
s
(t) = No. of components (Items surviving at time t)
N
f
(t) = No. of failed items at t.
N
s
(t) + N
f
(t) = N
0

If N
0
>>1 one may write reliability as
R(t) = N
s
(t)/N
0
F(t) = Failure probability (Unreliability) = N
f
(t)/N
0

Therefore R(t) + F(t) = 1
In general 0 R(t) 1
R(0) = 1; R() = 0
0
0
0
(t)
(t) 1
(t)
(t) 1
(t)
(t)
1
f(t)
f
f
f
N
R
N
dN
dR
f
dt N dt
dN
N dt
=
= =
=

f(t) = Failure Probability Density Function
As dt 0, f(t) gives Instantaneous Failure Rate
0
0
(t)
(t)
(t)
(t)
(t)
1 (t)
(t) ( )
f
s
f
f
s s
dN
dN
dt dt
dN
dR
N
dt dt
N
N dR
N dt N t dt
=
=
=

We define Hazard Rate (t) as
(t)
1
(t)
(t)
f
s
dN
N dt
= = Instantaneous failure probability per surviving component
0
(t)
Using above relations: (t)
(t)
s
N dR
N dt
=
0
1 (t) 1 (t)
(t) ; (t)
( (t) / ) (t)
s
dR dR
N N dt R dt
= =


42
Using 4, thus
( )
( )
( )
f t
t
R t
=
Since
0
(t)
1
(t)
f
dN
f
N dt
= it follows
0
(t) dt 1 f


[ ]
(t)
1
0
0
(t) dt dlnR(t)
lnR(t) (t)
(t) exp ( )
t
R
t
dt
R d


=
=
(
=
(

= dummy variable

Generalized Reliability Function
(t)
0 1
0
(t) dt dR(t)
(t) (t) 1 R(t) F(t)
(t) (t) (t) (t) dt
R t
t
t
f
f dt dR
F f dt R f

=
= = =
= =




Mean Time to Failure of an Item (MTTF)
In discrete terms
,
1
1
i N
f i
i
MTTF t
N
=
=
=


F(t
) R(t)
t
f(t)


43
, f i
t failure time for i
th
item
If N >>1,
0
(t) dt MTTF tf


0 0
(t)
(t) dt
dR
tf t dt
dt

=


= [ ]
0
0
(t) (t) tR R dt


First term above = 0, it follows
0 0 0
Generalized MTTF function ( ) exp ( ) ; dummy variable
t
MTTF R t dt d dt

(

= = = =
` (

)

Hazard Models
(t) is needed for R(t); several hazard rate models are available. Two key examples:
1) Constant , implies (t)=
2) Weibull Model
1. Constant
(t)= represents reasonably well useful-life period for most engineering
equipments
0 0
(t) exp ( ) dt exp dt
(t) e
t t
t
R
R

( (
= =
( (

=


0
1
t
MTTF e dt

= =


2. Weibull Model
1
(t)
m
m t
c c

| |
=
|
\

m = shape parameter;
c = characteristic life parameter
Weibull model is most versatile as by choosing different values of m and c
the (t) for all three stages of life of an equipment may be obtained.


44

m < 1 : Early life failure pattern
m = 1: Constant hazard rate (useful life)
m > 1 : increasing hazard rate

Example 1: Failure Data by Group

[ ]
[ ]
s
0
0
s
(t) (t t)
(t) ; 1000
(t) (t t)
(t)
(t)
s
s
s
N N
f N
N t
N N
N t

+
= =

+
=


Test Time
(hrs)
0 100 200 300 400 500 600 700 800 900 1000
NS (No. of
surviving
components)
1000 895 810 730 660 600 545 495 450 410 373
(t)
Useful Life
Wearout
Bath-tub
curve
Early
Life
t


45

Hazard Rate (t) ~ 0.094*10
-2
/hr [~Constant]
Example 2: Failure Data (Individual)

Failure Count Failure
Time(hrs)
1 3.04
2 4.45
3 6.25
4 37.1
5 42.7
6 76.6
18 407.9
19 450
20 628

For small population of items, the failure probability F(t) is statistically better defined
as
(i 0.3)
( 0.4)
F
n

=
+
; i: failure count; n-total items

t (hrs) [f(t)*100]/hr [(t)*100]/hr
0-100 0.105 0.105
101-200 0.085 0.095
201-300 0.08 0.099
301-400 0.07 0.096
401-500 0.06 0.091
501-600 0.055 0.092
601-700 0.05 0.092
701-800 0.045 0.091
801-900 0.04 0.089
901-1000 0.037 0.09


46












If one assumes a constant hazard rate
(t) 1
1
ln
1 (t)
t
F e
t
F

=
(
=
(



Thus, slope of
1
ln
1 (t) F
(
(


vs. t gives
For the above data set the slope is found out to be constant; = 0.0053/hr
Weibull Analysis
( ) ( )
( )
( )
( )
1
(t)
(t)
(t) 1
1 (t) exp
1
ln ln ln ln
1 (t)
m
m
m
t
c
t
c
m
m t
c c
R e
F e
t
F
c
m t m c
F

=
=
=
(
=
(

(

=
( `

( )


Plot
1
ln ln
1 (t) F
(

( `

( )

vs ln t (as in the last example no 2)
Slope = m ; Intercept = m ln c (Hence m and c can be estimated)
System Reliability
(1) Series:-
Failure
Time (hrs)
F 1/(1-F)
3.04 0.034 1.035
4.45 0.083 1.091
6.25 0.132 1.152
.. . .
407.9 0.868 7.567
450 0.917 12.03
628 0.966 29.36


47

t
N
i
N
i
t
i system
system
i
e e R R


= =


= = =
1 1

1
N
system i
=


( )
system system
MTTF 1 =
(2) Parallel:-

( )
( )

=
=
=
N
i
t
N
i
i system
i
e
R R
1
1
1 1
1 1


Definition- At least one unit needs to be working for system success.
(3) Series-Parallel:-

N
N
i
i system
R R
|
|

\
|
=

=1
1 1

(3) Parallel -Series:-
2
N
1
M


1
2
N





48

( )
M
N
i
i system
R R
|
|

\
|
=

=1
1 1

Parallel system with partial failures:-


R= reliability of item at t
F= unreliability of item at t
1 = + F R
( ) 1 = +
N
F R
1 .........
1
1
= + + + +
N k N
k
N N N N
F R C F R C R
Probability of kfailed components out of N ( )
k k N
k
N
N
F R C k P

=
Probability of kor fewer failed components ( ) ( )

=
k
N
k P k F
0

If each item/component have individual s
i
` then ( )
1
1
N
N
i i
i
R F
=
+ =

, each term in the


expanded expression provides a system state.
Poisson Distribution:-
To find the probability of n failures of a component during a given time t. Time for
repair is negligible.
Let ( ) = t (constant)
Probability of n failures in the time t ( ) t P
n

1
N
1
N
1
N
M repeats


49
Now ( )
t
e t F

=1
( ) For vanishingly small time interval , t F t t (how?)
Using the difference equations:-
( ) ( )[ ] t t P t t P = + 1
0 0
............................ (1)
0 t , so that only one failure can occur in the t interval
Similarly
( ) ( )[ ] ( )[ ] t t P t t P t t P + = + 1
1 0 1
............................. (2)
( ) ( )[ ] ( )[ ] t t P t t P t t P
n n n
+ = +

1
1
............................... (3)
From (1)
( ) ( )
( ) t P
t
t P t t P
0
0 0
=

+

0 t ;
( )
( ) t P
dt
t dP
0
0
= .................................... (4)
Similarly, from (2)
( )
( ) ( ) t P t P
dt
t dP
1 0
1
= .................................... (5)
Similarly, from (3)
( )
( ) ( ) t P t P
dt
t dP
n n
n
=
1
.................................... (6)
Taking Laplace transforms:-
(4) ( ) ( ) ( ) s P P s SP
0 0 0
0 =
(5) ( ) ( ) ( ) ( ) s P s P P s SP
1 0 1 1
0 =
(6) ( ) ( ) ( ) ( ) s P s P P s SP
n n n n
=
1
0
On solving above set of n equation:- with P
0
(0) = 1, and for all other n, P
n
(0) = 0
( ) ( ) + = s s P 1
0

( ) ( )
2
1
+ = s s P
( ) ( )
1 +
+ =
n n
n
s s P
( )
t
e t P

=
0
, ( )
t
te t P


=
1
, ( ) ( ) ! n e t t P
t n
n


= (Poison Distribution)
Probability of n or fewer failures in timet


50
( )
( ) ( )
|
|

\
|
+ + + + =
=

!
........
! 2
1
!
2
0
n
t t
t e
n e t
n
t
n
t n


Redundant system

System has one hot or active component at any time, and others on cold standby. On
failure of active component the next standby in brought on line by a sensing and
switching device.

( ) ( ) ( )
2 1
1 2! .......... 1 !
n
t
system
R e t t t n

(
= + + + +


Example:- 2 unit (1 active +1 standby)
( ) ( ) ( ) t e i t e t R
t
i
i
i t
system


+ = =

=
=

1 !
1
0

Effect of maintenance on Reliability
There are three types of maintenance protocols:
Corrective (CM)
Preventive maintenance (PM)
Condition-based predictive maintenance (Cb-PM)
Corrective run to failure and then repair
Preventive Periodic maintenance
CbPM periodic/continuous monitoring of equipment by means of sensors and
specific tests.
Effect of PM
PM- every T(time) maintenance is does and failed components in an equipment
replaced and equipment returned to as good as new condition.[Assume that repair
time is negligible]
+ = jT T ;j=1,2,....,0<<T
2
N
1


51
For j=1,=0
( ) ( ) T R T t R
PM
= = ,R=Reliability function
( ) ( ) [ ]
2
2 T R T t R
PM
= =
In general ( ) ( ) [ ] ( ) R T R jT t R
j
PM
= + =
( ) ( ) ( )
( )



=
+
= =
0
1
0
j
T j
jT
PM PM PM
dt t R dt t R MTTF
d dt jT T = + =
( ) ( ) ( )
( )
( )
0
0
0
1
T
T
j
PM
R d
MTTF R T R d
R T

= = (

; [using geometric transformation


formula]

Maintainability and Markov Chain Processes
Hazard Rate =/time
Maintenance Rate =/time
MTTF =1/
MTTR(mean time to repair) = 1/
An engg. System can be in operating or failed (maintenance action) state
a computer may be up or down
a pipeline section may be fine or corroded
S = successful or operating state
F = failed (or maintenance state)



With PM at every Tperiod
t
R
No PM
T 2T


52
Markov Graph

t = Probability of SF transition over t (0)
t = Probability of FS transition over t (0)
( ) ( )( ) ( )( ) t t P t t P t t P
F S F
+ = + 1 (1)
( ) ( ) t P t P
F S
=1 (2)
From (1) and (2) one may show that:-
( )
( )( ) = + + t P
dt
t dP
F
F

( ) ( ) { } t t P
F

+
+
= exp 1
Availability ( ) ( ) ( )
( )
1
t
S F
A t P t P t e



+
= = = +
+ +

( )

+
= A ; ( )
( )
1 2
1 2
2
1
t t
dt t A
t t A
t
t


Probability Theory in Chemical Risk Assessment

The probability concept is the basis for a risk analysis or reliability analysis. One must
be familiar with this concept to be able to determine the value of the input parameters
and to understand the results of a risk or reliability analysis.
A, B, F = events
P = probability
S = entire sample space
n = number of samples in which event A occurred
N = number of experiments
m = number of components in series or in parallel
Operations:
: Operation of union
: Operation of intersection
A: Operation of complementation
: Conditional



53




( ) ( ) ( ) ( ) P A B P A P B P A B = +
Mutually exclusive events: ( ) 0 P A B =
: ( ) ( ) 1 ( ) ( ) 1 Complementary events P A P B P A P A + = + =

Conditional Probabilities:




It follows that:

For independent events:



54

If events are dependent:

Bayesian Estimation
We know that in general:

For any arbitrary event A
i

Or:

Lets consider that one has a set events A
i
which are exhaustive and mutually
exclusive. Exhaustive implies that every conceivable outcome is included in the prior
distribution.
A
B
A
1
A
2
A
3

Considering A
i
as class i, the following conditions hold:

Using the previous relations:



55

The last expression is Bayes theorem. The equation is valid in general for any
number of events A
1
, A
2
,, A
n
. It is important to understand the meaning of the
various terms in the Bayes expression:
B: Collected plant-specific data.
P(A
i
) : Probability of A
i
, prior to learning fact B.(i.e., Available generic data)
P(B|A
i
) : The probability of the observation, given that A, is true. (i.e., Updated
failure data)
P(A
i
|B) : Probability of A
i
after learning fact B.

Probability Distributions
The cumulative distribution function F(x) is defined as the probability that the random
variable x assumes values of less than or equal to the specific value x.



The probability density function f(x) is given by:


t = dummy variable


56

The properties of probability density functions make it possible to treat the areas
under f(x) as probabilities:

Mean, median and mode of a distribution
Mode (X) = the most preferred value of x (the one with the maximum probability)

Median (X
m
) = value of X at which values of X above and below are equally
probable.
Thus: F (X
m
) = 0.5

Mean (or Expectation):

( ) ( ) E X xf x dx
+

= =


In general the expectation of a function G(X) where X is a random variable is:
[ ( )] ( ) ( ) E G X G x f x dx


Variance:
2 2
( ) ( ) ( ) Var X x f x dx
+

= =


Standard Deviation:
( ) ( ) X Var X =
Coefficient of Variation( ) ( ) ( ) / ( ) COV X X X = =
The COV gives the relative spread of X around its mean value.
3 3
[( ) ] ( ) ( ) Skewness E X x f x dx




57
For a symmetric distribution:
3
[( ) ] 0 Skewness E X =
If,
3
[( ) ] 0 Skewness E X > , the values of X > are more widely dispersed than X
< .
If,
3
[( ) ] 0 Skewness E X < , the values of X < are more widely dispersed than X
> .
Skewness Coefficient:
3
3
[( ) ] E X


Moment Generating Function:
In general the n
th
moment of a probability distribution function is given by:
[( ] ( )
n n
E X x f x dx


The moment generating function MGF of a random variable ( )
X
X G s , where:
( ) ( )
sX
X
G s E e , wheres is an auxiliary (deterministic) variable.
Thus, ( ) ( )
sX
X
G s e f x dx


Now it follows that:
0
{ ( )}
( ) ( )
s
d G s
xf x dx E X
ds

=
(
= =
(



It may be shown that in general:
0
{ ( )}
( ) ( )
n
n n
n
s
d G s
x f x dx E X
ds

=
(
= =
(



Binomial Distribution:
p = probability of an event occurring


Exponential Distribution:
( ) Thus, ( ) 1
x x
f x e F x e


= =

Normal Distribution:



58

Standard Normal Distribution:

It follows that: 0, 1
z z
= =

The Normal Distribution Curve

Lognormal Distribution:
The lognormal distribution is used quite frequently in reliability and safety studies.
The relationship to normal distribution is as follows: if the stochastic variable ln(x)
has a normal distribution, x has a lognormal distribution. The probability density
function f(x) is given by:




59

The Lognormal Distribution Curve
Weibull distribution:


= shape parameter; = lowest value life parameter; = characteristic life
Typical shapes of f(x) is shown below with = 0

Poisson Distribution:

The Poisson distribution gives the probability of exactly x occurrences of a rare event
(p 0) in a large number of trials (n infinity). The Poisson distribution is a
discrete probability distribution and not a probability density distribution.