Handbook of Reliability, Availability, Maintainability and Safety in Engineering Design - Part 81 doc

The conditions description set d i9 can be represented by the set of input vari-ables IV9= {iv1 ,...,ivn}, where di9= conditions description data object with IV9= {function description,

The conditions description set d i9 can be represented by the set of input vari-ables IV9= {iv1 , ,ivn}, where di9= conditions description data object with

IV9= {function description, failure description, failure effects, failure conse-quences, failure causes, failure mode description, failure frequency, restoration tasks description, procedure description, maintainability, etc.}

The conditions failure output variable set d o7 can be represented by the set of output variables OV7= {ov1 , ,ovm}, where do7is the conditions failure data object with OV7= {failure severity, probability of consequence, failure risk, fail-ure criticality, failfail-ure downtime, restoration downtime, availability, etc.}

• Let Ks4be the design assessment module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a design specification set, d i10 , and computes a design criteria output variable set, d o8

The design specification set d i10 can be represented by the set of following in-put variables IV10= {iv1 , ,ivn}, where di10= design specification data object with IV10= {mass, volume, capacity, circulation, agitation, fluids, solids, con-sumption, heat input, energy input, etc.}

The design criteria output variable set d o8can be represented by the set of output variables OV8= {ov1 , ,ovm}, where do8is the design criteria data object with

OV8= {efficiency, flow, precipitation, throughput, output, pressure, viscosity, absorption, temperature, losses, etc.}

• Let Ks5be the hazardous operations (HazOp) assessment module This knowl-edge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as the operational hazards set d i11 , and computes an operational risk output variable set, d o9

The operational hazards set d i11 can be represented by the set of input vari-ables IV11= {iv1 , ,ivn}, where di11= operational hazards data object with

IV11= {efficiency rating, flow rating, throughput rating, output rating, pressure rating, temperature rating, design torque, design stress, etc.}

The operational risk output variable set d o9 can be represented by the set of output variables OV9= {ov1 , ,ovm}, where do9 is the operational risk data object with OV9= {operational failure description, operational failure effects, operational failure consequences, operational failure causes, etc.}

Systems analysis section

• Let Ks6be the systems definition module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a systems description input, d i12 , and computes a systems definition output variable set,

d o10

There is no output variable set for systems description input.

The systems definition output variable set d o10can be represented by the set of output variables OV10= {ov1 , ,ovm}, where do10is the systems definition data object with OV10= {system efficiency rating, system flow rating, system output rating, system pressure rating, system temperature rating, etc.}

• Let Ks7be the functions analysis module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a

func-tions description input, d i13 , and computes a functions definition output variable set, d o11

There is no output variable set for functions description input.

The functions definition output variable set d o11can be represented by the set of output variables OV11= {ov1 , ,ovm}, where do11is the functions definition ob-ject with OV11= {type, make, size, weight, capacity, cooling, insulation, power rating, power source, governing, rotation, speed, acceleration, torque, stress, volt-age, current, etc.}

• Let Ks8be the FMEA module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a failure modes set, d i14,

and computes a failure effects output variable set, d o12

The failure modes set d i14can be represented by the set of input variables IV14=

{iv1, ,ivn}, where di14 is the failure modes data object with IV14= {system failure description, system failure mode description, etc.}

The failure effects output variable set d o12 is represented by the set of output variables OV12= {ov1 , ,ovm}, where do12 is the failure effects data object with OV12= {system failure effects, system failure severity, etc.}

• Ks9is the risk evaluation module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a risk identifica-tion set, d i15 , and computes a failure risk output variable, d o13

The risk identification set d i15 can be represented by the set of input vari-ables IV15= {iv1 , ,ivn}, where di15is the risk identification data object with

IV15= {system failure effects, system failure consequences, system failure mode description, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}

Table 5.28 The AIB blackboard data object construct

Data object input variables Data object output variables

d i7 = Process description d o7 = Conditions failure

d i8 = Performance specification do8 = Design criteria

d i9 = Conditions description d o9 = Operational risk

d i10= Design specification d o10= Systems definition

d i11= Operational hazards d o11= Functions definition

d i12= Systems description d o12= Failure effects

d i13= Functions description d o13= Failure risk

d i14= Failure modes d o14= Failure criticality

d i15= Risk identification

d i16= Failure identification

• Let Ks10be the criticality analysis module This knowledge source makes use of the six global data object inputs d i1 , d i2 , d i3 , d i4 , d i5 and d i6 , as well as a failure identification set, d i16 , and computes a failure criticality output variable, d o14

The failure identification set d i16 can be represented by the set of input vari-ables IV16= {iv1 , ,ivn}, where di16is the failure identification data object with

IV16= {system function description, system failure description, system failure consequences, system failure causes, system failure mode description, system failure frequency, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}

The input and output variable sets are summarised in Table 5.28

d) The AIB Blackboard Model Specifications

The AIB blackboard model developed for determining the integrity of engineer-ing design, has basically three levels of application which in effect divides the

blackboard model into three separate blackboard sections: a process design black-board section (B1), a systems design blackblack-board section (B2), and a systems pro-cedures blackboard section (B3) The process design blackboard section, (B1), is constrained to the input and output variables directly related to the process anal-ysis section, while the systems design blackboard section, (B2), is constrained to the input and output variables directly related to the plant analysis section, and the

systems procedures blackboard section, (B3), is constrained to the input and output

variables directly related to the operations analysis section.

Specification of the process design blackboard section (B1)

X i = {d i1,di2,di3,di4,di5,di6,di7,di8,di9,di10,di11};

X o = {d o1,do2,do3,do4,do5,do6,do7,do8,do9};

P i = {IV6 × IV8× IV9× IV10× IV11};

P o = {OV6 × OV7× OV8× OV9};

β = {ks1 ,ks2,ks3,ks4,ks5};

where d i1 , d i2 , d i3 , d i4 , d i5 , d i6= IV6, d o1 , d o2 , d o3 , d o4 , d o5= OV5;

ks1 = {IV6 ,di7,OV5}

ks2 = {IV6 ,di8,do6} = {IV6,IV8,OV6}

ks3 = {IV6 ,di9,do7} = {IV6,IV9,OV7}

ks4 = {IV6 ,di10,do8} = {IV6,IV10,OV8}

ks5 = {IV6 ,di11,do9} = {IV6,IV11,OV9}

For each knowledge source ks j inβ is an input set,Ψj, containing all of the input

variables of ks j, and an output set,Φj , containing all of the output variables of ks j:

Ψ1 = {IV6 ,di7} Φ1= {OV5 }

Ψ2 = {IV6 ,IV8} Φ2= {OV6 }

Ψ3 = {IV6 ,IV9} Φ3= {OV7 }

Ψ4 = {IV6 ,IV10} Φ4= {OV8 }

Ψ5 = {IV6 ,IV } Φ5= {OV9 }

Table 5.29 Computation ofΓj ,kand θj ,kfor blackboard B1

Γ 1,2= Φ 1∩Φ 2= {OV5} ∩ {OV6} = 0 θ 1,2= Φ 1∩Ψ 2= {OV5} ∩ {IV6,IV8} = 0

Γ 1,3= Φ 1∩Φ 3= {OV5} ∩ {OV7} = 0 θ 1,3= Φ 1∩Ψ 3= {OV5} ∩ {IV6,IV9} = 0

Γ 1,4= Φ 1∩Φ 4= {OV5} ∩ {OV8} = 0 θ 1,4= Φ 1∩Ψ 4= {OV5} ∩ {IV6,IV10} = 0

Γ 1,5= Φ 1∩Φ 5= {OV5} ∩ {OV9} = 0 θ 1,5= Φ 1∩Ψ 5= {OV5} ∩ {IV6,IV11} = 0

Γ 2,1= Φ 2∩Φ 1= {OV6} ∩ {OV5} = 0 θ 2,1= Φ 2∩Ψ 1= {OV6} ∩ {IV6,IV7} = 0

Γ 2,3= Φ 2∩Φ 3= {OV6} ∩ {OV7} = 0 θ 2,3= Φ 2∩Ψ 3= {OV6} ∩ {IV6,IV9} = 0

Γ 2,4= Φ 2∩Φ 4= {OV6} ∩ {OV8} = 0.7 θ 2,4= Φ 2∩Ψ 4= {OV6} ∩ {IV6,IV10} = 0

Γ 2,5= Φ 2∩Φ 5= {OV6} ∩ {OV9} = 0 θ 2,5= Φ 2∩Ψ 5= {OV6} ∩ {IV6,IV11} = 0.7

Γ 3,1= Φ 3∩Φ 1= {OV7} ∩ {OV5} = 0 θ 3,1= Φ 3∩Ψ 1= {OV7} ∩ {IV6,d i7 } = 0

Γ 3,2= Φ 3∩Φ 2= {OV7} ∩ {OV6} = 0 θ 3,2= Φ 3∩Ψ 2= {OV7} ∩ {IV6,IV8} = 0

Γ 3,4= Φ 3∩Φ 4= {OV7} ∩ {OV8} = 0 θ 3,4= Φ 3∩Ψ 4= {OV7} ∩ {IV6,IV10} = 0

Γ 3,5= Φ 3∩Φ 5= {OV7} ∩ {OV9} = 0 θ 3,5= Φ 3∩Ψ 5= {OV7} ∩ {IV6,IV11} = 0

Γ 4,1= Φ 4∩Φ 1= {OV8} ∩ {OV5} = 0 θ 4,1= Φ 4∩Ψ 1= {OV8} ∩ {IV6,d i7 } = 0

Γ 4,2= Φ 4∩Φ 2= {OV8} ∩ {OV6} = 0.6 θ 4,2= Φ 4∩Ψ 2= {OV8} ∩ {IV6,IV8} = 1.0

Γ 4,3= Φ 4∩Φ 3= {OV8} ∩ {OV7} = 0 θ 4,3= Φ 4∩Ψ 3= {OV8} ∩ {IV6,IV9} = 0

Γ 4,5= Φ 4∩Φ 5= {OV8} ∩ {OV9} = 0 θ 4,5= Φ 4∩Ψ 5= {OV8} ∩ {IV6,IV11} = 0.6

Γ 5,1= Φ 5∩Φ 1= {OV9} ∩ {OV5} = 0 θ 5,1= Φ 5∩Ψ 1= {OV9} ∩ {IV6,di7 } = 0

Γ 5,2= Φ 5∩Φ 2= {OV9} ∩ {OV6} = 0 θ 5,2= Φ 5∩Ψ 2= {OV9} ∩ {IV6,IV8} = 0

Γ 5,3= Φ 5∩Φ 3= {OV9} ∩ {OV7} = 0 θ 5,3= Φ 5∩Ψ 3= {OV9} ∩ {IV6,IV9} = 1.0

Γ 5,4= Φ 5∩Φ 4= {OV9} ∩ {OV8} = 0 θ 5,4= Φ 5∩Ψ 4= {OV9} ∩ {IV6,IV10} = 0

OnceΨj and Φj have been established for all ks j in β, the sets Γj ,k and θj ,k

can be computed for all knowledge source pairs {ksj,ksk} in β ( j = k) where

Γj,k =Φj ∩Φk andθj ,k=Φj ∩Ψk The setΓj ,k is computed to assess functional specialisation, whereas the set θj ,k is computed to assess serialisation and interde-pendence (Table 5.29)

Knowledge source specialisationΩj ,kis computed from (Eq 5.120), knowledge source serialisationΣj ,kis computed from (Eq 5.121), and knowledge source inter-dependenceΠj ,kis computed from (Eq 5.122) (McManus 1992)

From Table 5.29, the setsΓj ,kandθj ,kfor the pairs of data objects that are zero

in-dicate that their specialisation, serialisation and interdependence are also zero, with the conclusion that the relevant knowledge sources are highly specialised with no

serialisation and total independence, making these suitable for concurrent execution.

However, the setsΓj ,kandθj ,kfor certain pairs of data objects that are not zero

indicate that their specialisation, serialisation or interdependence will also not be

zero, resulting in a diminished capability for concurrent execution These sets’ val-ues are given below (Table 5.30)

Table 5.30 Computation of non-zeroΩj ,k ,Σj ,kand Πj ,kfor blackboard B1

Specification of the systems design blackboard section (B2)

X i = {d i1,di2,di3,di4,di5,di6,di12,di13,di14,di15,di16};

X o = {d o10,do11,do12,do13,do14};

P i = {IV6 × IV14× IV15× IV16};

P o = {OV10 × OV11× OV12};

β = {ks6 ,ks7,ks8,ks9,ks10};

where d i1 , d i2 , d i3 , d i4 , d i5 , d i6= IV6and d o10= OV10;

ks6 = {IV6 ,di12,OV10}

ks7 = {IV6 ,di13,do11} = {IV6,di13,OV11}

ks8 = {IV6 ,di14,do12} = {IV6,di14,OV12}

ks9 = {IV6 ,di15,do13} = {IV6,IV15,do13}

ks10= {IV6 ,di16,do14} = {IV6,IV16,do14}

For each knowledge source ks j inβ is an input set,Ψj, containing all of the input

variables of ks jand an output set,Φj , containing all of the output variables of ks j:

Ψ6 = {IV6 ,di12} Φ6 = {OV10 }

Ψ7 = {IV6 ,di13} Φ7 = {OV11 }

Ψ8 = {IV6 ,IV14} Φ8 = {OV12 }

Ψ9 = {IV6 ,IV15} Φ9 = {d o13}

Ψ10 = {IV6 ,IV16} Φ10= {d o14}

OnceΨj and Φj have been established for all ks j in β, the sets Γj ,k and θj ,k

can be computed for all knowledge source pairs {ks j,ksk} in β ( j = k) where

Γj ,k=Φj ∩Φk andθj ,k=Φj ∩Ψk The set Γj ,k is computed to assess functional specialisation, whereas the setθj ,kis computed to assess serialisation and interde-pendence

From Table 5.31, the setsΓj ,kandθj ,kfor the pairs of data objects that are zero in-dicate that their specialisation, serialisation and interdependence are also zero, with the conclusion that the relevant knowledge sources are highly specialised with no

serialisation and total independence, making these suitable for concurrent execution.

However, the setsΓj ,kandθj ,kfor certain pairs of data objects that are not zero

indicate that their specialisation, serialisation or interdependence will also not be

zero, resulting in a diminished capability for concurrent execution

These sets’ values are given below (Table 5.32)

e) Findings of Specialisation, Serialisation or Interdependence Computation

As previously indicated, the setΓj ,kis computed to assess functional specialisation and the cardinality of the setΓj ,kfor each pair{ksj ,ksk} inβ is a measure of the output overlap for the pair{ks j,ksk} (i.e a measure of the specialisation of pairs of

knowledge sources) Knowledge source pairs{ks j,ksk} with a large output overlap imply that ksj and ks k share a large number of output variables and, thus, have similar functions Knowledge source pairs{ks j,ksk} with a low overlap imply that

ks j and ks have different functions

Table 5.31 Computation ofΓj ,kand θj ,kfor blackboard B2

Γ 6,7= Φ 6∩Φ 7= {OV10} ∩ {OV11} = 0 θ 6,7= Φ 6∩Ψ 7= {OV10} ∩ {IV6,IV14 } = 0

Γ 6,8= Φ 6∩Φ 8= {OV10} ∩ {OV12} = 0 θ 6,8= Φ 6∩Ψ 8= {OV10} ∩ {IV6,IV14 } = 0

Γ 6,9= Φ 6∩Φ 9= {OV10} ∩ {do13 } = 0 θ 6,9= Φ 6∩Ψ 9= {OV10} ∩ {IV6,IV15 } = 0

Γ 6,10= Φ 6∩Φ 10= {OV10} ∩ {do14 } = 0 θ 6,10= Φ 6∩Ψ 10= {OV10} ∩ {IV6,IV16} = 0

Γ 7,6= Φ 7∩Φ 6= {OV11} ∩ {OV10} = 0 θ 7,6= Φ 7∩Ψ 6= {OV11} ∩ {IV6,d i12 } = 0

Γ 7,8= Φ 7∩Φ 8= {OV11} ∩ {OV12} = 0 θ 7,8= Φ 7∩Ψ 8= {OV11} ∩ {IV6,IV14 } = 0

Γ 7,9= Φ 7∩Φ 9= {OV11} ∩ {do13 } = 0 θ 7,9= Φ 7∩Ψ 9= {OV11} ∩ {IV6,IV15 } = 0

Γ 7,10= Φ 7∩Φ 10= {OV11} ∩ {do14 } = 0 θ 7,10= Φ 7∩Ψ 10= {OV11} ∩ {IV6,IV16} = 0

Γ 8,6= Φ 8∩Φ 6= {OV12} ∩ {OV10} = 0 θ 8,6= Φ 8∩Ψ 6= {OV12} ∩ {IV6,d i12 } = 0

Γ 8,7= Φ 8∩Φ 7= {OV12} ∩ {OV11} = 0 θ 8,7= Φ 8∩Ψ 7= {OV12} ∩ {IV6,d i13 } = 0

Γ 8,9= Φ 8∩Φ 9= {OV12} ∩ {d o13 } = 0 θ 8,9= Φ 8∩Ψ 9= {OV12} ∩ {IV6,IV15} = 1.0

Γ 8,10= Φ 8∩Φ 10= {OV12} ∩ {d o14 } = 0 θ 8,10= Φ 8∩Ψ 10= {OV12} ∩ {IV6,IV16} = 1.0

Γ 9,6= Φ 9∩Φ 6= {d o13 } ∩ {OV10} = 0 θ 9,6= Φ 9∩Ψ 6= {d o13 } ∩ {IV6,d i12 } = 0

Γ 9,7= Φ 9∩Φ 7= {d o13 } ∩ {OV11} = 0 θ 9,7= Φ 9∩Ψ 7= {d o13 } ∩ {IV6,d i13 } = 0

Γ 9,8= Φ 9∩Φ 8= {do13 } ∩ {OV12 } = 0 θ 9,8= Φ 9∩Ψ 8= {do13 } ∩ {IV6,IV14} = 0

Γ 9,10= Φ 9∩Φ 10= {do13 } ∩ {d o14 } = 0 θ 9,10= Φ 9∩Ψ 10= {do13 } ∩ {IV6,IV16} = 1.0

Γ 10,6= Φ 10∩Φ 6= {do14 } ∩ {OV10} = 0 θ 10,6= Φ 10∩Ψ 6= {do14 } ∩ {IV6,d i12 } = 0

Γ 10,7= Φ 10∩Φ 7= {do14 } ∩ {OV11} = 0 θ 10,7= Φ 10∩Ψ 7= {do14 } ∩ {IV6,d i13 } = 0

Γ 10,8= Φ 10∩Φ 8= {do14 } ∩ {OV12} = 0 θ 10,8= Φ 10∩Ψ 8= {do14 } ∩ {IV6,IV14} = 0

Γ 10,9= Φ 10∩Φ 9= {do14 } ∩ {OV13} = 0 θ 10,9= Φ 10∩Ψ 9= {do14 } ∩ {IV6,IV15} = 0

Table 5.32 Computation of non-zeroΩj ,k ,Σj ,kand Πj ,kfor blackboard B2

From Table 5.30, the knowledge sources ks2 = {IV6 ,IV8,OV6} and ks4=

{IV6,IV10,OV8} have a relatively low level of functional specialisation with a large output overlap, where ks2and ks4share a large number of output variables and, thus, have similar functions

The knowledge source ks2= the performance assessment module with output variable set OV6= {efficiency rating, flow rating, throughput rating, output rating,

yield, pressure rating, consistency, temperature rating, productivity, etc.}.

The knowledge source ks4= the design assessment module with output variable set OV8= {efficiency, flow, precipitation, throughput, output, pressure, viscosity,

absorption, temperature, losses, etc.}.

Similarly, the setθj ,kis computed to assess serialisation and interdependence The cardinality of the setθj ,kfor each pair{ks j,ksk} inβ, compared to the car-dinality of the setΨk, is a measure of the input overlap for the pair{ksj,ksk} (i.e.

a measure of the serialisation of pairs of knowledge sources) Knowledge source pairs{ks j,ksk} with a large input overlap imply that ksj and ks kshare a large num-ber of output to input variables and, thus, form serialised execution Knowledge source pairs{ks j,ksk} with a low input overlap imply that ks j and ks kcan execute separately

Knowledge sources ks2= {IV6 ,IV8,OV6}, ks4= {IV6 ,IV10,OV8} and ks5=

{IV6,IV11,OV9} have a relatively high level of serialisation and interdependence

with a large input overlap, and share a large number of output to input variables, thus forming serialised execution in the blackboard section (B1), related to the process analysis section

Knowledge sources ks8 = {IV6 ,di14,OV12}, ks9 = {IV6 ,IV15,do13} and

ks10= {IV6 ,IV16,do14} also have a relatively high level of serialisation and in-terdependence with an input overlap, and share a varied number of output to input

variables, thus forming serialised execution in the blackboard section (B2), related

to the systems analysis section

The relative input overlaps for knowledge sources ks8and ks9are small compared

to that for knowledge source ks10, which requires a significant effort for re-design

of the knowledge source resulting in concentrated focus on ks10

Knowledge source ks8= the FMEA module with the input variable set IV14=

{system failure description, system failure mode description, etc.} Knowledge source ks9= the risk evaluation module with the input variable set IV15= {system

failure effects, system failure consequences, system failure mode description, sys-tem probability of consequence, syssys-tem failure severity, syssys-tem failure frequency, system failure risk, etc.} Knowledge source ks10= the criticality analysis module with the input variable set IV16= {system function description, system failure

de-scription, system failure effects, system failure consequences, system failure causes, system failure mode description, system failure frequency, system probability of consequence, system failure severity, system failure frequency, system failure risk, etc.}.

It is quite apparent that these knowledge sources share the same input variables, not necessarily requiring serialised execution based on their serialisation value,Σj ,k, but having a tight output to input connectivity (value=1.0) where the knowledge

sources are totally interdependent.

5.4.3 Application Modelling Outcome

Of the ten knowledge sources evaluated in the two blackboard sections, B1 and B2, for the process analysis section and the systems analysis section of the AIB blackboard model respectively, several knowledge sources failed to meet stringent

constraints of specialisation, serialisation or interdependence This prompted

re-design of some of the knowledge sources’ interconnectivity to minimise serialised

execution in the AIB blackboard model, whereby automated continual design re-views could be conducted throughout the engineering design process on the basis of

concurrent evaluations of design integrity in an integrated collaborative engineering design environment

The performance assessment module and the design assessment module of the process analysis section were found to have a relatively low level of functional spe-cialisation with a large output overlap, indicating that a large number of output

vari-ables were common and, thus, had similar functions This necessitated combining the two knowledge sources both in access and in application during re-design of

the knowledge sources, thereby enhancing functional specialisation of the process design blackboard section (B1).

The FMEA module, risk evaluation module, and criticality analysis module of the systems analysis section of the AIB blackboard model had a relative input over-lap, indicating that they shared a varied number of output to input variables, thus forming serialised execution However, the relative input overlap for the FMEA and risk evaluation knowledge sources were small compared to the criticality analysis knowledge source The relatively low serialisation value for the FMEA and risk evaluation modules indicated that these knowledge sources shared the same input variables but did not necessarily have complete serialised execution The criticality analysis module had a relatively high serialisation value (64%), indicating the need for a high level of serialised execution All three knowledge sources had a tight output to input connectivity (value=1.0), where the knowledge sources were totally interdependent This necessitated combining the three knowledge sources both in access and in application during re-design of the knowledge sources, thereby

en-hancing functional independence of the systems design blackboard section (B2).

5.5 Review Exercises and References

Review Exercises

1 Discuss and compare fault-tree analysis (FTA), root cause analysis (RCA), and event tree analysis (ETA) for determining system safety in engineering design

2 Discuss the general application of cause-consequence analysis for determining system safety in engineering design

3 Give a brief account of the process of hazardous operability (HazOp) studies

in designing for safety, considering concepts such as design representations, entities and their attributes, guidewords and interpretations, process parameter selection, point of reference, consequences and safeguards, and deriving recom-mendations

4 Explain deviations from design intent and screening for causes of deviations

5 Discuss the significance of safety and risk analysis in engineering design

6 Describe the use of cost risk models, considering feature-based costing, para-metric costing and risk analysis in designing for safety

7 Discuss traditional cost estimating and consider comparisons between paramet-ric cost estimating and qualitative cost estimating

8 Discuss the significance of risk cost analysis in designing for safety

9 Discuss process operational risk modelling and give an overview of developing

a risk hypothesis and risk equation and measures

10 Give a brief account of the application of hazard and operability (HazOp) studies for risk prediction in designing for safety

11 Give an example of primary and secondary keywords in a HazOp study for risk prediction in engineering design

12 Briefly describe the steps in the HazOp study methodology

13 Consider the concept of hazard and operability modelling

14 Describe qualitative modelling for hazard identification in contrast to a quanti-tative representation of uncontrolled processes

15 Discuss checking safety by reachability analysis

16 Give a brief description of the application of Markov point processes in design-ing for safety

17 Define point process parameters

18 Explain Markov chains and critical risk in safety analysis

19 Briefly discuss the application of Kolmogorov differential equations

20 Describe the Q-matrix

21 Discuss critical risk theory in designing for safety

22 Explain the concept of delayed fatalities

23 Give a brief account of fault-tree analysis (FTA) for safety systems design and assessment of safety protection systems

24 Discuss design optimisation in designing for safety

25 Describe the process of assessment of safety systems with FTA

26 Describe common cause failures in root cause analysis (RCA)

27 Define CMF and CCF and consider problems with applying CCF in safety and risk analysis for engineering design

28 Explain point process event tree analysis in designing for safety by determining the source of risk and designing for safety requirements

29 Define probabilistic safety evaluation (PSE)

30 Explain point process consequence analysis

31 Discuss the relationship between cause-consequence analysis, FTA and reliabil-ity analysis

32 Give a brief account of fault tree, reliability block diagram, and event tree trans-formations

33 Briefly describe the process of RBD to fault tree transformation

34 Briefly describe fault tree to RBD transformation

35 Briefly describe RBD and fault tree to event tree transformation

36 Briefly describe event tree to RBD and fault tree transformation

37 Give a brief description of structuring the cause-consequence diagram with event ordering and cause-consequence diagram construction

38 Discuss failure modes and safety effects (FMSE) evaluation

39 Define safety criticality analysis

40 Define risk-based maintenance

41 Discuss the significance of safety criticality analysis and risk-based maintenance

in designing for safety

42 Discuss risk analysis and decision criteria in designing for safety

43 Define qualitative criticality analysis

44 Describe residual life evaluation

45 Consider the concepts of failure probability, reliability and residual life in de-signing for safety

46 Define sensitivity testing

47 Consider establishing an analytic basis for developing an intelligent computer automated system, including concepts such as a computer automated design space

48 Discuss preferences and fuzzy rules, and dynamic constraints and scenarios in developing an intelligent computer automated system

49 Discuss evolutionary computing and evolutionary design

50 Define evolutionary algorithms (EA)

51 Describe the fundamentals of evolutionary algorithms

52 Define genetic algorithms (GA)

53 Describe the fundamentals of genetic algorithms (GA)

54 Consider genetic algorithms in optimal safety system design

55 Give a brief account of safety design considerations in the design optimisation problem

56 Discuss systems analysis with GAs and fault trees

57 Describe the concepts of algorithm description and binary decision diagrams in

GA methodology for optimal safety system design

58 Give an example of a genetic algorithm application in designing for safety, with typical results expected of the GA methodology

59 Briefly describe artificial neural network (ANN) modelling in designing for safety

60 Give a brief description of the building blocks of artificial neural networks (ANNs) and consider a typical structure of the ANN

61 Briefly describe the process of learning in artificial neural networks

62 Consider back propagation in artificial neural networks

63 Briefly discuss the application of fuzzy neural rule-based systems in designing for safety

64 Give a brief account of the significance of artificial neural networks in engineer-ing design

65 Describe the various ANN computational architectures

References

AFSC DH 1-6 (1967) System safety design handbook United States Air Force Systems Command AIChE (1985) Guidelines for event tree analysis American Institute of Chemical Engineers, Cen-ter for Chemical Process Safety, New York

AIChE (1992) Guidelines for hazard evaluation procedures American Institute of Chemical Engi-neers, Center for Chemical Process Safety, New York

Akers SB (1978) Binary decision diagrams IEEE Trans Computers vol C-27, no 6, June Andrews JD (1994) Optimal safety system design using fault tree analysis Proc Inst Mech Engrs

208 I Mech E:123–131

Andrews JD, Morgan JM (1986) Application of the digraph method of fault tree construction to process plant Reliability Eng 14:85–106