Risk Assessment Data Directory

Report No. 434 20.1

March 2010
I n t e r n a t i o n a l A s s o c i a t i o n o f O i l & G a s P r o d u c e r s
Guide to
nding and
using reliability
data for QRA
P
ublications
Global experience
Te International Association of Oil & Gas Producers has access to a wealth of technical
knowledge and experience with its members operating around the world in many diferent
terrains. We collate and distil this valuable knowledge for the industry to use as guidelines
for good practice by individual members.
Consistent high quality database and guidelines
Our overall aim is to ensure a consistent approach to training, management and best prac-
tice throughout the world.
Te oil and gas exploration and production industry recognises the need to develop consist-
ent databases and records in certain felds. Te OGPs members are encouraged to use the
guidelines as a starting point for their operations or to supplement their own policies and
regulations which may apply locally.
Internationally recognised source of industry information
Many of our guidelines have been recognised and used by international authorities and
safety and environmental bodies. Requests come from governments and non-government
organisations around the world as well as from non-member companies.
Disclaimer
Whilst every efort has been made to ensure the accuracy of the information contained in this publication,
neither the OGP nor any of its members past present or future warrants its accuracy or will, regardless
of its or their negligence, assume liability for any foreseeable or unforeseeable use made thereof, which
liability is hereby excluded. Consequently, such use is at the recipients own risk on the basis that any use
by the recipient constitutes agreement to the terms of this disclaimer. Te recipient is obliged to inform
any subsequent recipient of such terms.
Tis document may provide guidance supplemental to the requirements of local legislation. Nothing
herein, however, is intended to replace, amend, supersede or otherwise depart fom such requirements. In
the event of any confict or contradiction between the provisions of this document and local legislation,
applicable laws shall prevail.
Copyright notice
Te contents of these pages are Te International Association of Oil and Gas Producers. Permission
is given to reproduce this report in whole or in part provided (i) that the copyright of OGP and (ii)
the source are acknowledged. All other rights are reserved. Any other use requires the prior written
permission of the OGP.
Tese Terms and Conditions shall be governed by and construed in accordance with the laws of Eng-
land and Wales. Disputes arising here fom shall be exclusively subject to the jurisdiction of the courts of
England and Wales.
RADD Guide to finding and using reliability data for QRA
OGP

contents

1.0 Scope and Application.............................................................. 3
1.1 Scope.................................................................................................................... 3
1.2 Application........................................................................................................... 3
1.3 Definitions............................................................................................................ 3
2.0 Summary of Recommended Data............................................... 4
2.1 Copyright.............................................................................................................. 4
2.2 Sources of Reliability Data ................................................................................. 4
3.0 Guidance on use of data ........................................................... 6
3.1 Introduction.......................................................................................................... 6
3.2 Failure Rate Calculation...................................................................................... 7
3.2.1 Background ................................................................................................................... 7
3.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed........ 8
3.2.3 Failure Rate Calculation #2 Point Estimate ............................................................. 9
3.2.4 Failure Rate Calculation #3 Many Failures with Probability Plotting.................. 10
3.2.5 Treatment of Common Cause Failures ..................................................................... 13
3.2.6 Failure Rate Calculation using the OREDA Estimator............................................. 13
3.3 Calculation of on demand Failure Probability............................................. 14
3.4 Guidance Specific to the OREDA Handbook.................................................. 14
3.4.1 Selecting Appropriate Data........................................................................................ 14
4.0 Review of data sources ........................................................... 16
4.1 OREDA Database and Handbook(s) ................................................................ 16
4.1.1 OREDA Data Presentation.......................................................................................... 18
4.2 MIL-HDBK-217F ................................................................................................. 19
4.3 FIDES.................................................................................................................. 19
4.4 EPRD-97 and NPRD-95...................................................................................... 19
4.5 PDS Data Handbook.......................................................................................... 20
4.6 FARADIP III......................................................................................................... 20
4.7 IEEE 493-1997 .................................................................................................... 20
4.8 Sintef Reports, SubseaMaster and WellMaster .............................................. 20
5.0 Recommended data sources for further information ................ 21
6.0 References .............................................................................. 21

RADD Guide to finding and using reliability data for QRA
OGP

Abbreviations:

BIT Built-in Test
BOP Blowout Preventer
DNV Det Norske Veritas
E&P Exploration and Production
MTTF Mean Time To Failure
MTTR Mean Time To Repair
ND Nominal Diameter
OGP Oil and Gas Producers
OREDA Offshore Reliability Data
QRA Quantitative Risk Assessment
SCSSV Surface Controlled Subsurface Safety Valve
RADD Guide to finding and using reliability data for QRA
OGP

3
1.0 Scope and Application
1.1 Scope
The reliabilities of fire and gas detection, ESD and blowdown, blowout prevention and
fire protection systems are key inputs to Quantitative Risk Assessment (QRA) of
exploration and production facilities. This datasheet provides guidance on obtaining,
selecting and using reliability data for these systems and for their component parts,
for use in QRA.

1.2 Application
This datasheet contains specimen data taken from previous OGP datasheets; this
specimen data are presented in Error! Reference source not found. to Error!
Reference source not found. . In addition, the recommended data sources that are
identified in section 2.0 should be consulted to ensure that all data are the most up to
date and relevant for any particular analysis. Guidance on using and processing data
is given in Section 3.0.
The data presented are applicable to activities in support of operations within
exploration for and production of hydrocarbons.

1.3 Definitions
For the purposes of this document, the following terms and definitions apply.
Fai l ure The inability of an equipment unit or system to perform
a specified function.
Cri ti cal fai l ure Failure of an equipment unit that causes an immediate
cessation of the ability to perform a required function.
Non-cri ti cal fai l ure Failure of an equipment unit that does not cause a
cessation of the ability to perform a required function.
Dangerous fai l ure A failure that has the potential to prevent a safety
system from achieving its safety function(s) when there
is a true demand. A single dangerous failure may not be
sufficient to prevent a redundant safety system from
performing its safety function (e.g. two coincident
dangerous failures may be needed to prevent operation
of a 2-out-of-3 voting system).
Non-dangerous fai l ure A failure of a safety system that is not dangerous.
Safe fai l ure A failure that has the potential to unnecessarily trigger
a safety function.
Reveal ed fai l ure A failure that is evident or that is detected by the
system itself as soon as it occurs. Failures detected by
the built-in diagnostic tests (BIT) of a logic solver are
also considered as revealed failures.
Hi dden fai l ure A failure that is not revealed to operation or
maintenance personnel and that needs a specific action
(e.g. periodic test) in order to be identified.
Common cause fai l ure Failure of different items resulting from the same direct
cause, occurring within a relatively short time, where
these failures are not consequences of another. See
also Common mode failure.
RADD Guide to finding and using reliability data for QRA
OGP

4
Common mode fai l ure A subset of Common cause failure whereby two or
more components fail in the same manner.
!"#$%& Activation of a systems function (may include
functional, operational and test activation).
Fai l ure mode Effect by which a failure is observed on the failed item.
Fai l ure on demand Failure that occurs immediately when an item is
instructed to perform its intended function (e.g. stand-
by emergency equipment).
Rel i abi l i ty Probability of an item performing a required function
under stated conditions for a specified time interval.
Observati on peri od Interval of time between the start date and end date of
reliability data collection.
Fai l ure rate Limit, if this exists, of the ratio of the conditional
probability that the instant of time, T, of a failure of an
item falls within a given time interval, (t + + !t) and the
length of this interval, !t, when !t tends to zero, given
that the item is in an up state at the beginning of the
time interval.
Note:
1. In this definition, t may also denote the time to
failure or the time to first failure.
2. A practical interpretation of failure rate is the
number of failures relative to the corresponding
operational time. In some cases, time can be
replaced by units of use. In most cases, the
reciprocal of MTTF can be used as the predictor for
the failure rate, i.e. the average number of failures
per unit of time in the long run if the units are
replaced by an identical unit at failure.
Mean Ti me to Fai l ure (MTTF) Expectation of the time to failure.
Mean Ti me Between Fai l ures (MTBF) Expectation of the time between failures.


2.0 Summary of Recommended Data
2.1 Copyright
The data that are presented in the sources discussed in Section 2.2 are protected by
copyright and cannot be reproduced without specific written permission from the
copyright holders. Where guideline values are given (Error! Reference source not
found. to Error! Reference source not found. ), these are taken from sources
that are either in the public domain or from pre-existing OGP datasheets. It is strongly
advised that in all analyses the best available data are taken from the relevant source
as listed in section 4.0.
2.2 Sources of Reliability Data
The recommended sources of reliability data are presented in Table 2.1.

RADD Guide to finding and using reliability data for QRA
OGP

5
Tabl e 2. 1 Data Sources
Data Source Equi pment Avai l abl e From
OREDA Handbooks [1]
Note: new issue
scheduled for release in
2009
Process Equipment (Offshore) Det Norske Veritas
N-1322 Hvik
Norway
MIL-HDBK-217F
Reliability Prediction of
Electronic Equipment
[10]
Electronic components US Military Handbook
EPRD-97 Electronic
Parts Reliability Data
(RAC) [12]
Electronic components Reliability Analysis Center
201 Mill Street
Rome, NY 13440
USA
NPRD-95 Non
Electronic Parts
Reliability Data [11]
Mechanical and electro-
mechanical components
Reliability Analysis Center
201 Mill Street
Rome, NY 13440
USA
PDS Data Handbook [13] Sensors, detectors, valves &
control logic
Sydvest
Sluppenvegen 12E
N-7037 Trondheim
Norway
FARADIP III [14] Electronic, electrical,
mechanical, pneumatic
equipment
technis@maint2k.com
IEEE 493-1997 [15]

Electrical power generation and
distribution
ISBN1-55937-066-1
STF18 A83002,
Reliability of Surface
Controlled Subsurface
Safety Valves
Surface Controlled Subsurface
Safety Valves
Exprosoft
N-7465 Trondheim
www.exprosoft.com
STF75 A89054, Subsea
BOP Systems, Reliability
and Testing. Phase V
Subsea Blowout Preventers Exprosoft
N-7465 Trondheim
www.exprosoft.com
STF75 A92026,
Reliability of Surface
Blowout Preventers
(BOPs)
Surface Blowout Preventers Exprosoft
N-7465 Trondheim
www.exprosoft.com
STF38 A99426,
Reliability of Subsea
BOP Systems for
Deepwater Application,
Phase II DW
Subsea Blowout Preventers
deepwater subsea
Exprosoft
N-7465 Trondheim
www.exprosoft.com
SubseaMaster &
WellMaster
[9] and [8]
Components in oil wells (BOPs
and SCSSVs)
Exprosoft
N-7465 Trondheim
www.exprosoft.com
EIREDA Database
European Industry
Reliability Data
Handbook,
Electrical Power Plants
Valves, sensors and control
logic (nuclear power station
data)
EUORSTAT, Paris

RADD Guide to finding and using reliability data for QRA
OGP

6
3.0 Guidance on use of data
3.1 Introduction
The science of reliability prediction is based upon the principals of statistical analysis.
Reliability is defined as the probability that equipment will perform a specified
function under stated conditions for a given period of time which defines a
probabilistic approach rather than a deterministic one. This probability can be
calculated or stated to reside within certain statistical confidence limits.
Fundamental to such a calculation is the ability to source basic reliability data. Ideally
such data should be:
Current
Auditable
Specific (applicable to equipment/component type)
Extensive (large sample with many recorded failures)
Applicable to environment
Be suitable for life trending

Unfortunately, real world data sources rarely meet these ideals and it is therefore
necessary to accept compromises. When performing QRA, it is important that the
limitations of the data source are understood, and where necessary alternatives
sought.
For QRA, the reliability parameters to be taken from the database would be the failure
rate (or the mean time to failure) and/or the probability of failure on demand; see
Section 3.3 for details of probability of failure on demand calculation.
Where information is extracted from the OREDA or another industry standard
database it is not (in general) necessary to perform any further statistical analysis of
the failure patterns. The approach described in Section 2.3.3 applies where basic
information relating to times to failure is available for analysis, for example from
maintenance records or breakdown reports. In these circumstances, it is necessary to
judge the quality of the data and to then apply the appropriate analytical technique.
The techniques for data analysis presented herein are divided into two classifications,
those that are based simply on the sample statistics and those that are based on
inferences from the associated statistical distributions. The characteristics of
distributions are much harder to derive (especially from field breakdown reports
rather than laboratory test data), but have the potential to provide more information.
Note that it is not the intention to provide a comprehensive theoretical background to
data analysis in this document, but instead to provide some practical techniques that
may be used to prepare reliability data. Three techniques are outlined, namely:
Prediction of failure rate within defined confidence limits applied where only
sparse failure data are available refer to Section 3.2.2
Calculation of point estimate of failure rate applied where adequate data are
available refer to Section 3.2.3
Use of probability plotting to derive information relating to the underlying
statistical distribution refer to Section 3.2.4

RADD Guide to finding and using reliability data for QRA
OGP

7
3.2 Failure Rate Calculation
3.2.1 Background
The observed failure rate for a component is defined as the ratio of the total number of
failures to the total cumulative observation or operational time. For items displaying a
constant failure rate, if ! is the failure rate of the N items then:
! = k/T
where k is the total number of failures and T is the total observation time across the N
items.
For the case where components are replaced after failure (as applies to industry field
databases) then the total cumulative observation time may be defined as N " field
operational lifetime.
Strictly, this calculation provides a point estimate of the failure rate and if the exercise
were repeated with another set of identical equipment and conditions it may yield
results that are not identical to the first. Any number of such measurements may be
made providing a number of point estimates for the failure rate, with the true value
of the failure rate only being provided after all components have failed (for a non
replacement test). In practice therefore, it is necessary to make a prediction about the
total population of items based on the failure patterns of a sample. This process of
statistical inference can be performed using the properties of a X
2
(chi squared)
distribution. This allows us to bound the population failure rate within confidence
limits (typically 90% or 60% may be used).
It is also necessary to make some assumptions about the pattern of failures across
time, considering the shape of the commonly depicted bathtub curve (Figure 3.1).
This curve typifies the expected component failure rate across time and is divided into
three distinct area, namely
Early life, characterized by a decreasing failure rate
Useful life (constant failure rate)
Wear out (increasing failure rate)

RADD Guide to finding and using reliability data for QRA
OGP

8
Fi gure 3. 1 The Bathtub Curve


In order to perform analysis of failure patterns outside of the constant failure rate
period a level of detailed information is required that is typically not available from the
recorded data (e.g. actual age of equipment of failure, homogeneous samples).
Therefore an assumption is made that all failures recorded are experienced during the
useful life phase, and the pattern of these failures may be described by a random,
exponential distribution. This can, at least to a certain extent, be justified on the
following grounds:
Early life failures resulting from commissioning problems may not be recorded as
equipment failures
Early life failures resulting from manufacturing defects can be largely eliminated
by testing prior to installation
Wear out failures largely eliminated by preventative maintenance and planned
renewals. Note that this assumption may be less valid for wear out of subsea
equipment where no planned maintenance will be performed.
The preceding discussion allows us to analyze the data from each source, and in most
cases to calculate a mean value, confidence intervals about the mean value and the
associated variance.

3.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed
Where total number of failures is small (say < 5), or zero, a point estimate of failure
rate is inappropriate, therefore a technique of statistical inference and confidence
limits should be applied. This can be addressed via a Chi Squared (X
2
) test using the
following methodology:
1. Measure T (total observed time) and k (number of failures)
2. Select a confidence interval
3. " = 1 confidence interval
RADD Guide to finding and using reliability data for QRA
OGP

9
4. n = 2k for failure truncated test
or
n = 2(k+1) for time truncated test
5. Look up value for X
2
corresponding to n and " (use standard mathematical tables)
6. Failure Rate Confidence Limit at X
2/
2T
7. For double sided limits use procedure twice to look up value for X
2
at:
n = 2k and (1 #/2) (lower limit)
n = 2k(2k+2) and "/2 (upper limit)

Note that X2/2T is a conservative estimate i.e. the true value has probability of # of
being higher than the estimate (based on a single sided upper confidence limit). Using
the upper bound of the failure rate is a conservative approach and hence it can be
used instead of the maximum likelihood estimate when the sample is considered to be
small.

Exampl e: Equi pment mai nt enance records show t hat 5 devi ces each wi t h a
recorded runni ng t i me of 1000 hours have no recorded f ai l ures. Cal cul at e t he
f ai l ure rat e at 60% conf i dence (si ngl e si ded upper l i mi t ).
1. T = 5 " 1000 = 5000 hours
2&3. # = (1 0.6) = 0.4 for 60% confidence limit
4. n = 2 " (k+1) = 2 (time truncated since no failures have occurred)
5. From tables, X
2
= 1.83 (60% confidence limit).
6. Upper bound of failure rate (60% confidence) = X
2
/2T = 1.83/10000 = 1.83 x 10
-4
fails/hour
Note: the decision to use statistical interpretation or point estimate is based on the
number of recorded failures. For items with a very high failure rate a significant
number of failures could equate to a small amount of experience years, but typically a
large amount of experience years are also required for a point estimate.

3.2.3 Failure Rate Calculation #2 Point Estimate
Where adequate data are available, a point estimate of the failure rate can be made
simply by taking the ratio of the total number of failures to the total cumulative
observed time. If ! is the failure rate of the N items then
! = k/T
where k is the total number of failures and T is the total cumulative observed time.

RADD Guide to finding and using reliability data for QRA
OGP

10
3.2.4 Failure Rate Calculation #3 Many Failures with Probability Plotting
Where sufficient good quality data are available, probability plotting techniques may
be used to derive information relating to the underlying statistical distribution.
Graphical plotting techniques may be implemented manually or by computer and
involve analysis of the cumulative distribution of the data. A commonly used
distribution for failure data is the Weibull Distribution. This distribution originally
postulated in 1951 by Swedish mechanical engineer Waloddi Weibull. It is particularly
suited to reliability life data plotting because of its flexibility, having no specific shape
but instead being described by shaping parameters. It is a three parameter
distribution, but often only two are used the characteristic life (") and shape factor
(#). There are special cases associated with values of the shape factor:
# = 1 corresponds to exponential distribution
# < 1 represents burn in (decreasing failure rate)
# > 1 represents wear out (increasing failure rate)
NB In line with convention, # is used here to represent the shape factor of the Weibull
distribution. This is not the same # used to describe the dependent failure fraction of
common cause failures (see Section 3.2.5).
By using a graphical plotting technique, the data can be quickly analysed without
detailed knowledge of statistical mathematics. A simple procedure for this is as
follows:
Determine test sample size and times to failure
List times to failure in ascending order
Establish median rankings from published tables (or calculate/estimate from
formulae)
Plot times and corresponding ranks on Weibull plot paper. This is essentially log-
log graph paper but with scales for reading # and "
Draw best fit straight line and read off # at 63.3% intercept
Draw a parallel line through intercept on y axis and read off #

Note that median ranking is the most frequently used method for probability plotting,
especially if the data are known not to be normally distributed. Median ranking tables
are available from statistics text books, or they may be estimated by the following
equation:
Ranking = (i - 0.3) / (N + 0.4)
where i is the failure order number and N is the total number of failures.
The process is best illustrated by means of a simple example:

RADD Guide to finding and using reliability data for QRA
OGP

11
Step 1. Rank Data usi ng Medi an Rank Tabl es

Failure
Number
Time
to
Failure
Median
Rank
Failure
Number
Time
to
Failure
Median
Rank
Failure
Number
Time
to
Failure
Median
Rank
1 10 0.02 11 2000 0.35 21 77000 0.68
2 38 0.06 12 5000 0.38 22 10200 0.71
3 80 0.09 13 8300 0.42 23 119000 0.75
4 140 0.12 14 1200 0.45 24 134000 0.78
5 215 0.15 15 16300 0.48 25 146000 0.81
6 310 0.19 16 21500 0.52 26 159000 0.85
7 460 0.22 17 27500 0.55 27 172000 0.88
8 670 0.25 18 36000 0.58 28 187000 0.91
9 1050 0.29 19 48200 0.62 29 204000 0.94
10 1900 0.32 20 74000 0.65 30 230000 0.98

Step 2. Pl ot Ti mes to Fai l ure and Medi an Ranked Probabi l i ti es on Wei bul l
Paper



Step 3. Pl ot Li ne and Read Val ues of characteri sti c l i fe (#) and shape
factor ($)
It is generally acceptable to fit a straight line plot by eye through the data points. The
value of shape factor is read by drawing a line perpendicular to the plotted line
through the plot origin. The value of $ can then be read from the intercept of this line
and the $ scale. The value for the characteristic life may read from the intercept of the
plotted line with the estimator line. The position of the estimator is determined by
the intercept of the perpendicular line with the " scale.
RADD Guide to finding and using reliability data for QRA
OGP

12
In the above plot all three stages of the bathtub curve are displayed, the values are
approximately:

Characteri sti c l i fe (") 87 hours 320 hours 1000hours
Shape factor ($) 0. 7 1. 0 3. 4

3.2.4.1 Probability Plotting Complex Scenarios
If a straight line is not obtained in the Weibull plot, there could be one or more
underlying reasons, including:
Data having been censored
More than one failure mechanism (mixed Weibull effects)
Errors in sampling
There is a threshold parameter (i.e. a three parameter Weibull distribution applies)
Distribution not Weibull

3.2.4.2 Dealing with Censored Data
At the end of a reliability trial or when processing field data there may be a number of
items that have not failed. This is referred to as a censored data sample. Those items
that have survived are referred to as suspended. To calculate the median ranks in
this situation the following procedure should be followed:
Determine test sample size and times to failure
List times to failure in ascending order
Place suspended test items at the appropriate points in list
For each failed item calculate the mean order number i
ti


where
and n is the sample size
Establish median rankings from published tables (or calculate/estimate from
formulae)
Plot times and corresponding ranks on Weibull plot paper.

3.2.4.3 Mixed Distributions
If the data do not fit to a straight line, especially where an obvious change of slope is
seen it may be that more than one mode of failure is being displayed by the sample. If
this is the case, the data pertaining to each failure mode must be segregated and
analysed separately.

3.2.4.4 Failure Free Period
Should the data still yield a curve rather than a straight line, it is possible that a failure
free life period is being exhibited i.e. a three value rather than a two value Weibull
distribution is applicable.
RADD Guide to finding and using reliability data for QRA
OGP

13

The third Weibull parameter (location parameter), %, locates the distribution along the
abscissa. Changing the value of % has the effect of "sliding" the distribution and its
associated function either to the right (if % > 0) or to the left (if % < 0). The parameter %
may assume all values and provides an estimate of the earliest time a failure may be
observed. A negative % may indicate that failures have occurred prior to the beginning
of the test or prior to actual use. The life period 0 to +% is the failure free operating
period of such units
To cater for this, an attempt can be made to predict the failure free period. This may be
based on engineering judgement and knowledge of the items under consideration or
may simply the time until the first failure occurs. The data are then replotted from this
time and if a straight line results the failure free period is as estimated and the
remaining parameters may be estimated from the plot. If another curve is produced
the process is repeated.
3.2.5 Treatment of Common Cause Failures
A Common Cause Failure (CCF) is the result of an event that, because of
dependencies, causes a coincidence of failure states in two or more separate
channels of a redundant system, leading to the defined system failing to perform its
intended function. CCFs can degrade the performance of any redundant system and
are of particular concern when analysing protective functions. A number of
mathematical techniques exist for the treatment of CCFs, one of the simplest and
most practical is the Beta factor approach. In essence this assumes that !, the total
failure rate for each redundant unit in the system, is composed of independent and
dependent failure contributions as follows:
! = !
c
+ !
i

where !
i
is the failure rate for independent failures
!
c
the failure rate for dependent failures
The parameter beta (") can then be defined as:
" = !
c
/!
NB # is also commonly used to represent the shape factor of the Weibull distribution, this is
not the same as # used to describe the dependent failure fraction of common cause failures.
Thus beta is the relative contribution of dependent failures to total failures for the
item. The lack of available data relating to dependent failures of sufficient quality
necessitates the use of an estimation technique for beta, guided by a number of
parameter shaping factors (the subjective assessment of defensive mechanisms).
Such a quantification method, known as the partial beta factor model may be applied
for detailed assessment. A full description of the technique, including weighting
factors is presented in [20].
For a simpler approach a representative value of " may be assumed between 0.01
(highly diverse components or systems) and 0.1 (similar components or systems).

3.2.6 Failure Rate Calculation using the OREDA Estimator
The OREDA handbook recognises that the data it presents are not taken from a
homogeneous sample. To merge these non homogenous data into a single multi
sample estimate with an average failure rate (point estimate of total number of failure
divided by aggregated time in service) is likely therefore to result in an unrealistically
short confidence interval. An approach referred to as the OREDA-estimator is
applied to derive a mean failure rate with associated upper and lower 90% confidence
bounds. A description of the theoretical basis for the OREDA-estimator is given in [2].
RADD Guide to finding and using reliability data for QRA
OGP

14
The handbook also gives point estimates of failure rate; the numerical difference
between this and the OREDA estimator gives an indication of the degree of diversity in
failure rates between parts of the overall population.
OREDA recommends that the OREDA estimator be used when data are taken from this
source.

3.3 Calculation of on demand Failure Probability
The on-demand failure probability may be listed in the failure data source, e.g. OREDA
or occasionally FARADIP. Section 3.4.1.1 illustrates how this is extracted from
OREDA. It is usually more appropriate, however, to calculate a specific probability of
failure on demand for a given protective function. Typically such failures are
unrevealed and must be detected by means of manual or automatic proof testing.
For a protective system having failure rate & and proof test interval T, the probability
of failure on demand or unavailability due to unrevealed failures is presented in Table
3.1.

Tabl e 3. 1 Unreveal ed Fai l ure Probabi l i ty
Number of Uni ts Requi red to
Operate
Number of
Uni ts
1 2 3
1 &T/2
2 &
2
T
2
/3
3 &
3
T
3
/4 &
2
T
2

4 &
4
T
4
/5 &
3
T
3
2&
2
T
2


3.4 Guidance Specific to the OREDA Handbook
3.4.1 Selecting Appropriate Data
The item selected from database must be appropriate in terms of fit to the system
under analysis and in terms of data quality. Specifically, the following should be
considered:
Technol ogy: does the data correctly represent the equipment being assessed? It
may be necessary for the analyst to provide or seek expert judgement. e.g. can data
for a diesel engine be used for a spark ignited engine?
Envi ronment: will the environmental conditions influence the failure rate? OREDA
data are gathered offshore North Sea. This introduces specific failure mechanisms
(saline environment, humidity, temperature), if transferring the data to another
environment additional failure modes and mechanisms may be involved.
Operati onal Mode: Equipment operated frequently in a standby mode (emergency
generators, firewater pumps) will exhibit different failure modes and frequency
compared to equipment operating continuously.
Number of Recorded Fai l ures: Equipment with few recorded failures will have a
large uncertainty associated with their failure rate.
Popul ati on/ I nstal l ati ons: It is desirable for data to be selected for equipment with
a large population across a wide number of installations. This avoids data
representing localised effects or dominated by one design or manufacturer.
RADD Guide to finding and using reliability data for QRA
OGP

15
Ti me i n Servi ce: It is desirable for data to be selected for equipment with a long
time in service (calendar time). The operational time may be considerably less for
equipment that is normally on standby (e.g. firewater pumps).

3.4.1.1 Number of Demands
Where stated, this value can be used to derive an on-demand failure probability (but
note also that an on-demand failure probability is occasionally stated in the comment
field). For example, one selected data item (taxonomy code 1.3.2) has 7 recorded
critical failures for the mode fails to start on demand. The number of demands is
given as 860, and hence the on-demand critical failure probability can be calculated as
7/860 = 0.008.

3.4.1.2 Repair Time
Repair times are stated in terms of active repair hours and repair manhours (min,
mean and max). In general the active repair hours will be of most interest but this
field is sometimes blank. In these instances and estimate can be made at 50% of the
repair manhours. Note that the active repair time does not include time for fault
realisation, spare parts or crew mobilisation or the impact of any applied maintenance
strategy or delays.

RADD Guide to finding and using reliability data for QRA
OGP

16
4.0 Review of data sources
4.1 OREDA Database and Handbook(s)
Originally initiated by the Norwegian Petroleum Directorate in 1981 to collect reliability
data for safety equipment, OREDA is a project organization sponsored by eight oil
companies with worldwide operations. OREDA's main purpose is to collect and
exchange reliability data among the participating companies and to act as a forum for
co-ordination and management of reliability data collection within the oil and gas
industry. OREDA has established a comprehensive databank of reliability and
maintenance data for exploration and production equipment from a wide variety of
geographic areas, installations, equipment types and operating conditions. Offshore
subsea and topside equipment are primarily covered, but onshore equipment may
also be included. The data are stored in a database, and specialized software has been
developed to collect, retrieve and analyze the information. A more recent addition to
the OREDA database is information pertaining to subsea equipment including control
systems, flowlines, manifolds, production risers, templates, wellheads and Xmas trees
amongst others. NOTE: access to the el ectroni c database i s restri cted to
parti ci pants i n the OREDA program.
A revised edition of this Handbook was released in October 2002 containing OREDA
Phase IV (1993-96) and Phase V (1997-00) data. Reliability data collected and
processed in the OREDA project has been published in generic form in three
Reliability Data Handbooks; 1984 (1st edition), 1992 (2nd edition) and in 1997 (3rd
edition). These handbooks contain reliability data on offshore equipment compiled in
a form that can easily be used for various safety, reliability and maintenance analyses.
The project phases are reported in various handbooks as follows:
Phase I (1983 to 1985) published in OREDA 84 handbook
Phase II (1987 to 1990) published in OREDA 92 handbook. This handbook also
contains the data collected during phase I
Phase III (1990 to 1992) published in OREDA 97 handbook
Phase IV (1993 to 1996) and Phase V (1997 to 2000) published in OREDA 2002
handbook
Note that the OREDA handbooks do not catalogue the data recorded in the electronic
database; instead they present the results of filters defined by the OREDA committee
that are believed to be representative of users needs.
OREDA-2002, -97 and -92 data equipment groups and the equipment items covered
are listed in Table 4.1.

RADD Guide to finding and using reliability data for QRA
OGP

17
Tabl e 4. 1 OREDA-2002, -97 and -92 Data Categori es
I n OREDA- Data Group
(OREDA-2002
and -97)
Equi pment I tems
2
0
0
2

9
7

Data
Group
(OREDA-
92)
Equi pment I tems
Machinery Compressors
Gas turbines
Pumps
Combustion engines
!
!
!
!
!
!
!
Process
Systems
Vessels
Valves
Pumps
Heat exchangers
Compressors
Gas turbines
Pig launchers and
receivers
Electric
Equipment
Generators
Motors
!
!
! Electrical
Systems
Power generation
Power conditioning,
Protection and circuit
breakers
Mechanical
Equipment
Heat exchangers
Vessels
Heaters and boilers
!
!
!
!
!

Control and
Safety
Equipment
Control logic units
Fire and gas detectors
Process sensors
Valves

!
!
!

!
!
!
!

Safety
Systems
Gas and fire detection
systems
Process alarm sensors
Fire fighting systems
ESD systems
Pressure relieving
systems
General alarm and
communication systems
Evacuation systems
Subsea
Equipment
Common components
Control systems
Manifolds
Flowlines
Isolation systems
Risers
Running tools
Wellhead and Xmas
trees
!
!
!
!
!
!
!
!

!





!

Utility
Systems
Slop and drainage
systems
Ventilation and heating
systems
Hydraulic supply systems
Pneumatic supply
systems
Control instrumentation
Crane
Systems
Diesel hydraulic
Diesel friction
Drilling
equipment
Drawworks
Hoisting equipment
Diverter systems
Drilling risers
BOP systems
Mud systems
Rotary tables
Pipe handling systems
RADD Guide to finding and using reliability data for QRA
OGP

18
4.1.1 OREDA Data Presentation
The OREDA handbook [1] presents the following data recorded for each equipment
taxonomy class recorded.
Boundari es
Each equipment item class has an inventory description provided at the start of the
respective chapter. This should be examined carefully to identify equipment items for
the system under consideration that lie outside the defined OREDA boundary. These
must then be considered as separate items. An example of this would be a
compressor or electrical generator where the prime mover is listed as a separate item.
Taxonomy code
The taxonomy code gives an identification of the equipment item selected from the
database. It is good practice to record this code and to include it within calculations
as a reference for any data extracted.
Popul ati on
Total number of items under surveillance.
Aggregated ti me i n servi ce (cal endar ti me)
This is the total recorded observation time for the population.
Aggregated ti me i n servi ce (operati onal ti me)
Total recorded observation time for the population when it is required to fulfil its
functional role. Note that this may be an estimated value.
Number of demands
Total number of recorded demand cycles for the population. Note that this may be an
estimated value.
Fai l ure Mode
This column presents the recorded modes of failure for the equipment item, divided
into severity classes critical, degraded, incipient and unknown. In general, only the
critical severity class failures need be considered i.e. those that cause an immediate
and complete loss of an items function. Where an equipment item performs more than
one function (e.g. process and protective) it may be necessary to review each failure
mode and identify the requirement to progress it into the risk calculation, either as an
aggregated failure rate value for the equipment item or as individual failure events. i.e.
critical failures may include dangerous, non-dangerous and safe failures. These
failures may be critical to production but not to the equipments protective function.
Number of Fai l ures
This is the total number of failures aggregated across all modes. In general, the higher
the number of failures, the greater the confidence in the calculated failure rate.
Fai l ure Rate
All failure rates in the OREDA handbook are presented in terms of failures per million
hours. The following data are presented for each mode, calculated both in terms of
calendar and operational time:
Mean: estimated average failure rate, calculated using the OREDA estimator
see Section 3.2.6 for details
Lower, Upper: 90% confidence bounds for the failure rate
SD: Standard deviation
RADD Guide to finding and using reliability data for QRA
OGP

19
n/ T: Point estimate of the failure rate i.e. total number of failures divided by the
total time in service
For most calculations it is recommended that the mean value (i.e. based on the
OREDA estimator) is used. Note that the difference in value between the point
estimate and mean failure rate relates to the degree of diversity in the population.

4.2 MIL-HDBK-217F
The MIL-HDBK-217 handbook contains failure rate models for the various part types
used in electronic systems, such as integrated circuits, transistors, diodes, resistors,
capacitors, relays, switches, and connectors.
The handbook details two methods for reliability prediction, namely parts count and
parts stress calculation. Parts count prediction is recommended during the design
phase of a project. It is simpler than parts stress and requires less detailed
information. To calculate a system failure rate the following method is used:
For each component part of a system, a baseline failure rate value is selected from
tables based on the type of the part and the operating environment. This value is then
modified by multiplying by a quality factor, again selected from a table (e.g. military or
commercial specification). For microelectronics, a learning factor may also be applied.
The overall system failure rate is then derived by summation of the parts failure rates;
hence the title parts count. In general, parts count analysis will provide an adequate
estimate of a systems failure rate for use in QRA.
Parts stress analysis involves derivation of more multiplying factors that in turn
require detailed analysis of the system.

4.3 FIDES
This is reliability standard created by FIDES Group - a consortium of leading French
international defence companies: AIRBUS, Eurocopter, Giat, MBDA and THALES. The
FIDES methodology is based on the physics of failures and is supported by the
analysis of test data, field returns and existing modelling. The FIDES Guide is a global
methodology for reliability engineering in electronics. It has two parts, namely a
reliability prediction guide and a reliability process control and audit guide.
Its key features are:
Provides models for electrical, electronic, electromechanical components and
some subassemblies.
Considers all technological and physical factors that play an identified role in a
product's reliability.
Considers the mission profile.
Considers the electrical, mechanical and thermal overstresses.
Failures linked to the development, production, field operation and maintenance
processes.

4.4 EPRD-97 and NPRD-95
The databases EPRD-97 (Electronic Parts Reliability) NPRD-95 (Non Electronic Parts
Reliability) were developed by the United States Department of Defense Reliability
Information Analysis Center (RIAC). The EPRD-97 database contains failure rate data
on electronic components, namely capacitors, diodes, integrated circuits,
optoelectronic devices, resistors, thyristors, transformers and transistors. The NPRD-
RADD Guide to finding and using reliability data for QRA
OGP

20
95 database contains failure rate data on a wide variety of electrical,
electromechanical and mechanical components. Both databases contain data
obtained by long-term monitoring of the components in the field. The collection of the
data was from the early 1970s through 1994 (for NPRD-95) and through 1996 (for
EPRD-97). The purposes of the both databases are to provide failure rate data on
commercial quality components, provide failure rates on state-of-the-art components
to complement MIL-HDBK-217F by providing data on component types not addressed
therein.

4.5 PDS Data Handbook
The PDS Data Handbook provides reliability data estimates for components of control
and safety systems. Data for field devices (sensors, valves) and control logic
(electronics) are presented, including data for subsea equipment. The data are based
on various sources, including OREDA and expert judgement. Some values for $
factors for analysis of common cause failures are also presented.

4.6 FARADIP III
FARADIP (Failure RAte Data In Perspective) is an electronic database that presents
data concatenated from over 40 published data sources. It provides failure rate data
ranges for a nested hierarchy of items covering electrical, electronic, mechanical,
pneumatic, instrumentation and protective devices. Failure mode percentages are
also provided.

4.7 IEEE 493-1997
The objective of this book is to present the fundamentals of reliability analysis applied
to the planning and design of industrial and commercial electric power distribution
systems. The intended audience for this material is primarily plant electrical
engineers. It includes a summary of equipment reliability data under the following
headings:
Mechanical and electrical equipment reliability and availability data collection
conducted between 1990 and 1993
Equipment reliability surveys (19761989)
Equipment reliability surveys conducted prior to 1976

4.8 Sintef Reports, SubseaMaster and WellMaster
ExproSoft is a spin-off of the Norwegian Research Institute SINTEF, and has acquired
all commercial rights to reliability databases previously operated by this institute.
These products have since been refined and extended, creating integrated reliability
database and analysis tools for the upstream sector.
A study (JIP) on reliability of well completion equipment (Wellmaster Phase III) was
completed by SINTEF in November 1999. This has resulted in a database of well
completion equipment, with a total of 8000 well-years of completion experience
represented.
A subsea equipment reliability database project was completed by ExproSoft in late
2000 (Phase I). This project, led to the development of the SubseaMaster database and
software version 1.0. Phase II of SubseaMaster was launched as a joint industry
project in May 2001. and was completed in April 2003.
ExproSoft sell copies of the Sintef reports referred to in this datasheet.
RADD Guide to finding and using reliability data for QRA
OGP

21

5.0 Recommended data sources for further information
The text book Functional Safety a Straightforward Guide to IEC61508 [16] presents
background theory and a number of worked examples including fault trees and
analysis of common cause failures.
Layer of Protection Analysis Simplified Process Risk Assessment [17] also presents
worked examples together with some specimen reliability data.
Background reliability theory can be found in Practical Reliability Engineering [18] and
Reliability, Maintainability and Risk [2]. The latter also contains some reliability data from
FARADIP [14]
Reliability Technology [19] contains (older) reliability data from the nuclear industry.

6.0 References

1. OREDA Participants, OREDA 2002 Handbook ISBN 82-14-02705-5.
2. Dr David J Smith, Reliability, Maintainability and Risk Sixth edition, ISBN 0-7506-5168-
7, 2001.
3. SINTEF, Reliability of Surface Controlled Subsurface Safety Valves, 21/2/1983, STF18
A83002.
4. Holand, P.: Subsea BOP Systems, Reliability and Testing. Phase V. STF75 A89054
ISBN 82-595-8585-5, 1989).
5. Holand, P.: Reliability of Surface Blowout Preventers (BOPs) STF75 A92026 (ISBN 82-
595-7173-0), 1992.
6. SINTEF; Reliability of Surface Controlled Subsurface Safety Valves, Phase IV - Main
Report 1991 STF75 A91038.
7. Holand, P.: Reliability of Subsea BOP Systems for Deepwater Application, Phase II
DW.(Unrestricted version). STF38 A99426 (ISBN 82-14-01661-4), 1999.
8. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Wellmaster Database,
ongoing.
9. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Subseamaster
Database, ongoing.
10. US DoD, Reliability Prediction of Electronic Equipment, MIL-HDBK-217F, Notice 2 1995.
11. Non-Electronic Part Reliability Data 1995 (NPRD-95), Reliability Analysis Center, PO
Box 4700, Rome, NY.
12. Electronic Part Reliability Data 1997 (NPRD-97), Reliability Analysis Center, PO Box
4700, Rome, NY.
13. Reliability Data for Safety Instrumented Systems - PDS Data Handbook, 2006 Edition,
Sydvest, Trondheim, Norway.
14. FARADIP (FAilure RAte Data In Perspective), Maintenance 2000 Limited,
Broadhaugh Building, Suite 110, Camphill Road, Dundee DD5 2ND 1987 onwards.
15. Institute of Electrical and Electronics Engineers IEEE 493-1997, Recommended
Practice for the Design of Reliable Industrial and Commercial Power Systems (Gold
Book).
16. Smith & Simpson, Functional Safety, ISBN 0-7506-5270-5, 2001.
17. Center for Chemical Process Safety, Layer of Protection Analysis, ISBN 0-8169-0811-
7, 2001.
18. OConner, P, Practical Reliability Engineering, ISBN 0-471-95767-4, 1996.
19. Green & Bourne, Reliability Technology, ISBN 0 471 32480-9, 1981.
20. Brand, VP, UPM3.1: A pragmatic approach to dependent failures assessment for
standard systems, ISBN 085 356, 1996.

For further information and publications,
please visit our website at
www.ogp.org.uk
209-215 Blackfriars Road
London SE1 8NL
United Kingdom
Telephone: +44 (0)20 7633 0272
Fax: +44 (0)20 7633 2350
165 Bd du Souverain
4th Floor
B-1160 Brussels, Belgium
Telephone: +32 (0)2 566 9150
Fax: +32 (0)2 566 9159
Internet site: www.ogp.org.uk
e-mail: reception@ogp.org.uk