Donald J. Wakefield and Steven A. Epstein
ABSG Consulting Inc.
Irvine, CA, USA
Download the full document as PDF
INTRODUCTION
It has become common practice throughout the industry for PSA analysts to model multi-train support systems using fault trees. Accepted modeling and quantification procedures for doing so, however, are not available. The following is a list of possible issues in such system initiator models and their quantification:
- The desire to minimize the changes from the system fault trees constructed to evaluate the conditional failure probability of a system in response to some other initiator, as compared to the fault tree for the same system used to compute initiating event failure frequencies.
- The difficulties in constructing a fault tree to account for failure combinations within the system failure occurrence fault tree when separate events are used to represent the event occurrence rate versus the component unavailability (i.e., alternate mission times) for the same component failure mode.
- The appropriate accounting of all initial operating configurations of the system (i.e., alignments), especially how the initial alignment changes the equipment assumed to be normally operating. For example, when the normally operating pumps are rotated, multiple initial system alignments are often needed for time-averaged models.
- The proper identification of the normally operating failure modes from the complete list of basic events appearing in the system fault tree, when not all basic events that represent failure modes to operate, involve normally operating equipment. For example, some standby pumps must first start in response to another operating equipment failure mode, and then it too may fail to operate after successfully starting.
- The potential for excessive truncation of low probability system failure combinations during fault tree logic reduction.
- The appropriate use of different mission times for occurrence rates and component unavailabilities for the same component failure mode; e.g., pump failures to run.
- The need to account for the different restoration times of failed components when considering other component failures in the same system failure combination.
- The degree to which the fault tree quantification adequately approximates the Markov model solutions which account for repair assuming constant repair rates.
- The need to incorporate the importance of basic events leading to system failure occurrence frequencies so that their contribution to the core damage frequency can be determined.
- The difficulty in computing and combining basic event importance measures when the same component failure mode may involve different mission times; e.g., for failures per year and for conditional failure probabilities prior to restoration of the first equipment failed.
Many of the above issues are not applicable to system initiators that involve single train systems in which all
components are normally operating. The resulting single element cutsets for single train, normally operating systems are easily quantified using standard fault tree techniques by replacing the event unavailabilities by event occurrence rates as suggested in Reference 1. Similarly, support systems which involve redundancy but in which still only one train is normally operating can also be easily modeled and quantified using the same technique of replacing the event unavailabilities with event occurrence frequencies for the normally operating failure modes. In this case, occurrence frequencies are substituted for the basic events representing the normally operating train and after Boolean reduction exactly only one such occurrence frequency appears in the minimal cutsets.
The issues enumerated address the more general problem; i.e., that for a system with multiple, normally operating trains. The proposed approach which follows addresses each of the above listed issues.