Advertisement

SN Applied Sciences

, 1:1175 | Cite as

Bayesian network-based failure analysis of fire safety barriers in floating LNG facility

  • Haidar IbrahimEmail author
  • Jagannadha Rao Patruni
Research Article
  • 66 Downloads
Part of the following topical collections:
  1. 3. Engineering (general)

Abstract

Fire accidents on floating LNG (FLNG) processing facilities are initiated by the uncontrolled gas leaks and then evolved through the successive failure of relevant safety barriers (SBs). This paper develops a methodology to perform comprehensive failure analysis of fire SBs and corresponding consequences in FLNG system using a Bayesian network (BN). Two BN models were constructed and compared, the independent BN and the dependent BN. The BN models were mapped from Event Tree–Fault Tree (ET–FT) diagram. The inter-dependency between SBs and uncertain causal relationships was completely considered in the dependent BN model. The dependent model also investigated the dependency of all SBs on the release prevention barrier (RPB) as the critical and initial barrier of the fire safety system. The probabilities of SBs failure obtained using the dependent BN were less than that of independent BN values. This could be ascribed to the influence of SBs inter-dependency and the model uncertainty due to uncertain relation relationships between managerial and organization factors (MOFs) and functional failures. Among SBs, it was found that the RPB has the highest failure probability. The diagnostic analysis further identified the MOFs as the most influencing factors contributing to SBs failure. The predictive analysis revealed that the large fire with major damage has a higher probability to occur in comparing with other consequences. Additionally, the BN was extended to estimate the risk levels of consequences by integrating the accident probability, accident severity, and escape, evacuation, and rescue (EER) process reliability. The findings indicated that the EER operations have a major influence on the risk level and suggested to be considered for reliable risk level assessment rather than traditional risk matrix.

Keywords

Failure analysis Fire safety barrier Event Tree Bayesian network Dependency 

1 Introduction

Floating LNG (FLNG) processing facility has been developed to exploit the natural gas from remote reservoirs in the deep seas. FLNG structure consists of complex units installed in a congested space. Therefore, any abnormal event could develop into an incident. FLNG plants are riskier than similar onshore LNG plants due to their complexity, congestion, and harsh operating conditions [1]. The hazardous properties of cryogenic LNG make the FLNG facility more serious than conventional offshore oil platforms [2]. Fire accident represents the most critical and reoccurred risk in an FLNG facility [3]. The majority of fires are initiated by uncontrolled and accidental gas leaks during processing operations of the natural gas. Thus, it is important to conduct an efficient safety and risk analysis to find out the appropriate strategies for fire prevention and control. Accident modeling plays an intrinsic role in the design of safety systems in process plants [2]. The accident model is a conceptual framework that demonstrates the accident evolution from the initial causes to final consequences. The accident is modeled as a sequential failure of relevant safety barriers (SBs), which are defined as physical or non-physical means that are installed to prevent, control, or mitigate the unwanted accidents [4]. The Swiss cheese model that was developed by Reason is an effective method to model the accidents [5]. Kujath [6] developed a new SB model based on the Swiss cheese model for offshore oil and gas process, which further extended by Rathnayaka through adding safety analysis procedure [7]. The accident model can be usually analyzed through a Fault Tree (FT), Event Tree (ET), and Bow-Tie (BT) techniques. However, these conventional techniques are unable to handle the model uncertainty, representing common causes and conditional dependencies, conducting the probability updating given observation, or carrying out the diagnostic analysis. These features are so important to represent and analyze the actual system’s behavior. To overcome these disadvantages, conventional techniques were mapped into a Bayesian network (BN) [8]. Khakzad [9] presented a procedure to convert ET–FT diagram into a BN. A BN was widely employed in risk analysis to describe the causal relationships among random variables through a directed acyclic graph (DAG), which involves nodes that represent the system variables and arcs that denote the dependencies among variables [10]. Recently, several studies were conducted to carry out a dynamic risk and safety analysis by use of the BN in process industries. Rathnayaka proposed an accident modeling-based safety assessment approach in an LNG processing facility [7]. Tan presented a dynamic accident model for high-sulfur gas gathering station [11]. Esmaeil et al. employed BT–BN to perform a dynamic risk analysis of natural gas stations [12]. Kanes et al. [13] utilized a BN and reliability data to develop a dynamic risk assessment approach. Meng et al. [14] developed an integrated method by using the decision-making trial and evaluation laboratory (DEMATEL–BN) for assessment of severe accidents induced by oil and gas leakage. However, previous studies have some limitations, which should be addressed and treated sufficiently. Most of these studies assumed that SBs are independent. They have not considered the dependency of SBs on the release prevention barrier (RPB) as a critical and initial barrier in the fire safety system. When the release occurs, the ignition may be either immediate or delayed. Therefore, the ignition prevention barrier (IPB) consists of the immediate ignition barrier (IIPB) and the delayed ignition barrier (DIPB), which both have to be included in the accident modeling separately. Managerial and organizational factors (MOFs) that influence the performance of SBs need to be adequately investigated. In addition, a recent study [15] has used BN in estimating the success of escape, evacuation, and rescue (EER) on an offshore platform. The authors discovered that the reliable EER could reduce greatly the accident severity on personnel. However, the related studies to the EER operations have not evaluated the interdependency and total EER success probability [15, 16]. As known, the traditional risk matrix based on two parameters (accident probability and consequence severity) is commonly employed to predict the risk levels of consequences. This matrix is qualitative, uncertain and may produce mysterious results. Consequently, a new tool was proposed in this paper by considering EER as an additional risk parameter alongside accident probability and expected severity to determine the actual risk level. The BN was extended by integrating the following three parameters: accident probability, expected accident severity, and EER reliability.

In view of above, the present paper aims to develop a methodology for extensive failure analysis of fire SBs in the FLNG processing system using BN. The SBs interdependency and causal uncertainty were considered through dependent BN. The cause failures of SBs and corresponding consequences were analyzed and evaluated. Finally, three risk parameters (accident probability, expected severity, and EER reliability) were incorporated by using a BN for reliable identification of the risk levels probabilities.

2 Proposed methodology

The overall proposed methodology is depicted in Fig. 1, and the main steps were explicitly illustrated as follows:
Fig. 1

The proposed methodology

2.1 System description and target risk identification

Initially, it is essential to specify the scope of work and describe the processing system. The defining of scope aims to determine the target facility, its scale, operating parameters, and process path that needs to be addressed. Afterward, the potential accidents are identified based on the operating parameters and process circumstances, materials involved, as well as accidents reports of similar facilities.

2.2 Safety barrier-based risk modeling

Safety management plans aim to prevent accidents. If safety management is efficient, the accident will be eliminated. Therefore, to prevent accidents successfully, it is necessary to understand the accident causation path. The accident is commonly represented as cascading failure of SBs and involves three phases: initiation, propagation, and termination [17], and the dangerous consequences may evolve in each step. To analyze the accident, it is important to determine the relevant SBs installed to preventing (reducing the likelihood), controlling (limiting the escalation), or mitigating (reducing the severity) the target risk [18]. In offshore oil and gas operations, an SB model developed by Rathnayaka [7] is considered as the focal point for the current safety models construction.

2.3 Cause–consequence analysis of risk

The cause–consequence relationships can be modeled by constructing a joint ET–FT model, which provides a holistic picture of complete accident propagation. ET diagram was applied to investigate the possible consequences resulting from an initiating event by considering the successive failure of SBs [19]. The type of consequence was based on the failure (or success) of SBs that were placed on each consequence path. On another hand, the FT tool was applied in this work to analyze the failure of SBs to their basic causes. The FT is a systematic, deductive, and graphical failure analysis tool, which uses the Boolean gates (AND gates and OR gates) to represent the logical relationship between basic events (BEs) and undesired top event (TE) [20]. The events are assumed as binary (failure/success) and statistically independent. FT diagram starts from the SB failure as a top event, which then is analyzed backwardly to BEs that cause this failure.

2.4 Bayesian network modeling and analysis

A BN is a graphical and probabilistic technique in which the nodes represent the random variables and arcs represent the causal relationship between linked variables [9]. Conditional probability tables (CPTs) for nodes denote to the probabilistic dependency among nodes to demonstrate the marginal probability. Assuming \(Pa\left( {X_{i} } \right)\) is the parent node of \(X_{i}\) and the CPT is denoted by \(P\left( {X_{i} |P(X_{i} )} \right)\), the joint probability distribution can be given by Eq. (1).
$$P(X_{i} , \ldots ,X_{n} )\; = \;\prod P\left( {X_{i} \;|\;P(X_{i} )} \right)$$
(1)

To overcome the deterministic nature of the conventional tools, the BN was mapped from ET–FT diagram according to the algorithm given by Khakzad [9]. The translating algorithm includes a qualitative and quantitative translation. In the qualitative conversion of FT diagram into BN, each BE, intermediate event, and TE are translated into a corresponding root node, an intermediate node, and leaf node, respectively. The nodes of BN are linked in the same manner as the corresponding events in the FT. SBs and consequences in ET diagram are represented as safety nodes and consequence nodes in BN. In the quantitative conversion, occurrence probabilities of BEs are assigned to corresponding root nodes as prior probabilities. For each intermediate node and the leaf node, corresponding CPTs are developed according to logic gates in FT diagram. Besides, the SBs’ probabilities are considered as prior probabilities of safety nodes and CPTs are assigned to the consequence nodes.

Two BNs were modeled in this methodology, the independent BN and dependent BN. The independent BN, which was mapped rigidly from the ET–FT diagram and considers only common cause failures (CCFs). The dependent BN model was developed by considering the model uncertainty and SBs dependency. The SBs’ dependency is due to the interactions among barriers in fire safety system, while the model uncertainty is due to the natural variability of a phenomenon and lack of the precise determination of a causal relationship among model parameters (failure causes and SBs failures). The model uncertainty and SBs dependency were translated and assigned by amending CPTs of SBs nodes in the BN model. For illustrative purpose, in the independent model, the SBs’ dependency was not considered and the OR-gate represented the deterministic relationship between root nodes (BE1 and BE2) and SBs nodes. This relationship was described by the CPT presented in Table 1. Each SB node has two states, success and failure. In the dependent model, when the relationship between the nodes BE1 and BE2 is uncertain, the OR-gate does not represent deterministic relationships between nodes. Therefore, the uncertain causal relationships were modeled through amended CPT, as shown in Table 2. The values 0.2 and 0.8 in Table 2 were assumed to show how the uncertain causal relationship among model parameters affects the probability estimation of SB failure. It can be stated that if BE1 fails and BE2 does not, the SB failure probability was 80%, while it was 100% in CPT in the independent model.
Table 1

CPT of SB node in the independent model

BE1

Yes

No

BE2

Yes

No

Yes

No

Success

0

0

0

1

Failure

1

1

1

0

Table 2

CPT of SB node in the dependent model

BE1

Yes

No

BE2

Yes

No

Yes

No

Success

0

0.2

0

1

Failure

1

0.8

1

0

The analysis of the BN models was carried out using Genie software (graphical user interface), which is available online at https://www.bayesfusion.com/. The analysis of the BN models was implemented by Genie software, and the following analyses are performed: (1) the predictive analysis is to estimate the occurrence probabilities of the consequences in future based on the existing failure probabilities of their BEs. (2) The probability updating is to update the failure probabilities of BEs given evidence to detect the most critical factors causing the observed accident (the updated probability is known as posterior). (3) The forward analysis is to update the probabilities of consequences occurrence given evidence (SB failure). (4) The diagnostic analysis helps in detecting and determining the most likely critical causes of an incident when the top event occurs. (The top event is set as observation nodes, and their BEs are set as target nodes.)

2.5 Three parameter-based risk level assessment

Three risk parameter-based risk level assessment methods were developed using BN to assess the actual risk level of each consequence on the facility. As explained in the introduction part, the traditional risk matrix is based on two parameters (accident probability and accident severity) and has some drawbacks. Furthermore, a recent study [15] discovered that success (EER) could reduce greatly the risk level on personnel. Therefore, to obtain the risk level more accurately, the EER reliability was included as an additional risk parameter to build the risk picture alongside accident probability and expected severity level. The accident probability was produced by BN calculations, while the expected severity level was acquired from similar cases and the literature. EER success probability was computed by using BN, in which the overall success of EER operations and the interdependency among them was considered. The three parameters were linked as nodes in the BN model. This method is quantitative since it gives a numerical value for the risk level of each consequence on the facility.

3 Result and discussion

A case study of the FLNG processing facility was conducted using the proposed methodology. Figure 2 displays the indicative block diagram highlighting the main process of the typical FLNG facility. In the LNG process, the feed gas is delivered at high pressure from the gas wells and passes through the slug collector in which any associated condensate is separated and stabilized. The gas is then treated from the substances that could freeze at low temperatures or cause corrosion in the subsequent units such as water, acid gases, and mercury. The sweetened gas is pre-chilled by propane coolers to liquefy and separate the heavier hydrocarbons, which further processed to produce liquefied petroleum gas. Thereafter, the chilled gas will enter into the main cryogenic heat exchanger to be further cooled and condensed because of the heat transfer from the gas stream into the refrigerant. Subsequently, the sub-cooled gas will be routed into the LNG expander to reduce pressure and a temperature less than − 163 °C. Finally, the LNG is pumped into a highly insulated LNG storage tanks.
Fig. 2

Process flow diagram of the FLNG system

FLNG facility is a new technology and considered as the riskiest mobile structure in an offshore environment. The LNG fire is the most critical risk that needs to be more addressed. In the FLNG system, fire accident is initiated by the natural gas release and developed through interactions of SBs. An SB-based fire risk model was developed as shown in Fig. 3. The model is comprised of six SBs, namely, release prevention barrier (RPB), immediate ignition prevention barrier (IIPB), release detection barrier (RDB), delayed ignition prevention barrier (DIPB), control system barrier (CSB), and escalation prevention barrier (EPB). The RPB failure represents the initial event of further consequences. Human factors can be considered within failure data of SBs, while MOFs were considered as common causes (CCs) for all barriers’ failure, as it has a considerable impact on all SBs and whole accident evolution process.
Fig. 3

SBs-based fire risk model

The joint ET–FT model was employed to represent the cause–consequence relationships of fire SBs failure. Figure 4 illustrates the ET–FT diagram for possible consequences resulting from RPB failure as an initiating event and the sequential failure of other fire SBs.
Fig. 4

ET–FT diagram of SB failure-based consequence

The two branches of the ET diagram represent the failure and success of specific SB. As the fire accident was initiated by the natural gas leaks, RPB was considered as the initial event for consequences. If RPB is successful, the favorable consequence was C1 (safe). If RPB fails, the next SB (IIPB) will be activated. Moreover, it was assumed that, once the immediate ignition takes place, the RDB and DIB are not activated. Furthermore, if there is no ignition, the EPB will not be activated.

The FT was developed to identify the potential BEs that cause the failure of SBs in the accident model. The SB failure was assigned as the top event of the FT. FTs of various fire SBs are displayed in Fig. 5a–e.
Fig. 5

Fault Trees of SBs failure a RPB, b RDB, c IPB, d CSB, e EPB

The factors leading to the failure were classified into the functional failures (FF) and MOFs. MOFs were modeled as common causes (CCs) of SBs failure. Table 3 presents the failure causes of SBs.
Table 3

BEs of SBs failure

Code

Description

Code

Description

Code

Description

\(\varvec{X}_{1}\)

Absorber failure

\(\varvec{X}_{29}\)

Operation with wrong work permit

\(\varvec{X}_{57}\)

Sprinklers not activated or do not respond

\(\varvec{X}_{2}\)

Regenerator failure

\(\varvec{X}_{30}\)

Operation without work permit

\(\varvec{X}_{58}\)

Fire sprinkler failure

\(\varvec{X}_{3}\)

Reboiler failure

\(\varvec{X}_{31}\)

Failure to follow work permit

\(\varvec{X}_{59}\)

Inadequate firefighting in given time duration

\(\varvec{X}_{4}\)

Pump failure

\(\varvec{X}_{32}\)

Hot surface shielding not available

\(\varvec{X}_{60}\)

Long delay in fire fighting

\(\varvec{X}_{5}\)

Valves and joints failure

\(\varvec{X}_{33}\)

Hot surfaces shielding failed

\(\varvec{X}_{61}\)

Firefighting not performed

\(\varvec{X}_{6}\)

Compressor failure

\(\varvec{X}_{34}\)

Lightening protection facility is not installed

\(\varvec{X}_{62}\)

Flame alarm failure

\(\varvec{X}_{7}\)

Cooler failure

\(\varvec{X}_{35}\)

Deflector damaged

\(\varvec{X}_{63}\)

Flame detection sensor failure

\(\varvec{X}_{8}\)

HEX failure

\(\varvec{X}_{36}\)

Lightening rod damaged

\(\varvec{X}_{64}\)

Flame detection controller failure

\(\varvec{X}_{9}\)

Flash drum failure

\(\varvec{X}_{37}\)

Inadvertent burner flare trip failure

\(\varvec{X}_{65}\)

Inadequate detection coverage of flame

\(\varvec{X}_{10}\)

N-column failure

\(\varvec{X}_{38}\)

Flame detector failure

\(\varvec{X}_{66}\)

Operator did not detect fire

\(\varvec{X}_{11}\)

Pipe failure

\(\varvec{X}_{39}\)

Flame detector not available

\(\varvec{X}_{67}\)

Manual fire alarm failure

\(\varvec{X}_{12}\)

Tank leakage

\(\varvec{X}_{40}\)

Inadequate detector coverage

\(\varvec{X}_{68}\)

Manual activation alarm switch not available

\(\varvec{X}_{13}\)

High pressure

\(\varvec{X}_{41}\)

Manual inspection of ignition source failure

\(\varvec{X}_{69}\)

Smoke alarm failure

\(\varvec{X}_{14}\)

Atmospheric pressure safety valve failure

\(\varvec{X}_{42}\)

Electric spark inhibitors failure

\(\varvec{X}_{70}\)

Smoke detection sensor failure

\(\varvec{X}_{15}\)

Vacuum pressure

\(\varvec{X}_{43}\)

Static spark inhibitors failure

\(\varvec{X}_{71}\)

Smoke detection controller failure

\(\varvec{X}_{16}\)

Vacuum safety valve failure

\(\varvec{X}_{44}\)

Failure of equipment over-speed detection and control

\(\varvec{X}_{72}\)

Inadequate detection coverage of smoke

\(\varvec{X}_{17}\)

High filling level

\(\varvec{X}_{45}\)

Failure of cooling system for rotating part

\(\varvec{X}_{73}\)

Inadequate supervision

\(\varvec{X}_{18}\)

Level switch high failure

\(\varvec{X}_{46}\)

Inflow valve not accessible or wrong valve

\(\varvec{X}_{74}\)

Inadequate training

\(\varvec{X}_{19}\)

Manufacturing defects

\(\varvec{X}_{47}\)

Long delay in manual operation

\(\varvec{X}_{75}\)

Inadequate control systems

\(\varvec{X}_{20}\)

Material defects

\(\varvec{X}_{48}\)

Long delay in operator response

\(\varvec{X}_{76}\)

Inadequate maintenance procedures

\(\varvec{X}_{21}\)

Welding detects

\(\varvec{X}_{49}\)

Manual ESD valve failure

\(\varvec{X}_{77}\)

Inadequate inspection and testing procedures

\(\varvec{X}_{22}\)

Sensor failure

\(\varvec{X}_{50}\)

Operator awareness failure

\(\varvec{X}_{78}\)

Inadequate safety programs

\(\varvec{X}_{23}\)

Overrun

\(\varvec{X}_{51}\)

ESD sensor failure

\(\varvec{X}_{79}\)

Poor risk assessment and decision-making process

\(\varvec{X}_{24}\)

Alarm failure

\(\varvec{X}_{52}\)

ESD controller failure

\(\varvec{X}_{80}\)

Inadequate leadership at critical time

\(\varvec{X}_{25}\)

Controller detection failure

\(\varvec{X}_{53}\)

ESD valve failure

\(\varvec{X}_{81}\)

Poor organizing and reporting structure

\(\varvec{X}_{26}\)

Inadequate detection coverage of gas

\(\varvec{X}_{54}\)

Inadequate fire and explosion resistance

\(\varvec{X}_{82}\)

Inadequate communication

\(\varvec{X}_{27}\)

Long delay in inspection

\(\varvec{X}_{55}\)

Barriers failure to control escalation

\(\varvec{X}_{83}\)

Inadequate onsite technical expertise

\(\varvec{X}_{28}\)

Manual detection of minor release failure

\(\varvec{X}_{56}\)

Sprinklers not available or inadequate

\(\varvec{X}_{84}\)

Inadequate management practices

The ET–FT diagram was further converted to the BN model using (Genie) software. Figure 6 shows the independent BN model, which mapped according to the CPTs provided in Table 1, without considering the relation uncertainty and SBs dependency. In this model, MOFs were modeled as common causes (CCs) of SBs failure, and the causal relationships between them were deterministic.
Fig. 6

Independent BN model

However, in the real process, MOFs do not necessarily cause SBs failure when the functional failure is available. Thus, the modeling of uncertain causal relationships is required. Besides, some SBs may depend on other barriers; therefore, this dependency has to be considered. The model uncertainty and dependency were modeled by developing the independent BN into the dependent BN. The dependent BN has modeled the following SBs dependency: (1) the dependency of all SBs on RPB, this is because the gas release event is the initiating event of a fire. If RPB is successful, there is no any incident and other SBs do not activate. Therefore, the RPB is considered as the critical and initial SB because the fire is not possible without gas release. (2) The dependency of DIB on IIB and CSB, this is because DIB activates only if IPB and early CSB fail. (3) The dependency of CSB on RDB, this is because when RDB is successful in detecting the release, CSB can activate easily and shut down automatically. However, if RDB fails to detect the gas release, the CSB may not get a signal to shut down. (4) The dependency of EPB on IPB, this is because the EPB activates only if the IPB fails and a fire occurs. The conditional dependence among SBs was translated by amending the CPTs for SBs nodes, as presented in Table 4. Figure 7 demonstrates the dependent BN model.
Table 4

CPTs for SBs in the dependent BN model

Release prevention barrier

FF

Yes

No

MOFs

Yes

No

Yes

No

Failure

1

1

0.8

0

Success

0

0

0.2

1

Release detection barrier/ ignition prevention barrier

RPB

Success

Failure

FF*

Yes

No

Yes

No

MOFs

Yes

No

Yes

No

Yes

No

Yes

No

Failure

0

0

0

0

1

1

0.8

0

Success

1

1

1

1

0

0

0.2

1

Delayed ignition

IPB

Success

Failure

IIB

Success

Failure

Success

Failure

CSF

Success

Failure

Success

Failure

Success

Failure

Success

Failure

Failure

0

0

0

0

0.9

0.95

0

0

Success

1

1

1

1

0.1

0.05

1

1

Control safety system barrier

RPB

Success

Failure

RDB

Success

Failure

Success

Failure

FF

Yes

No

Yes

No

Yes

No

Yes

No

MOFs

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Failure

0

0

0

0

0

0

0

0

1

1

0.8

0

1

1

0.99

0.9

Success

1

1

1

1

1

1

1

1

0

0

0.2

1

0

0

0.01

0.1

Escalation prevention barrier

RPB

Success

Failure

IPB

Success

Failure

Success

Failure

FF

Yes

No

Yes

No

Yes

No

Yes

No

MOFs

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No

Failure

0

0

0

0

0

0

0

0

0

0

0

0

1

1

0.8

0

Success

1

1

1

1

1

1

1

1

1

1

1

1

0

0

0.2

1

*FF Functional Failures

Fig. 7

Dependent BN model

The failure probabilities of BEs (prior probabilities) that lead to SBs failure were derived from the literature [7, 11, 20, 21, 22] and presented in Table 5.
Table 5

Prior and posterior probabilities of BEs

Code

Prior probability

Posterior probability

(Posterior/prior)

Code

Prior probability

Posterior probability

(posterior/prior)

\(\varvec{X}_{1}\)

6.70E−04

8.30E−04

1.24

\(\varvec{X}_{43}\)

2.00E−02

2.36E−02

1.18

\(\varvec{X}_{2}\)

1.80E−03

2.23E−03

1.24

\(\varvec{X}_{44}\)

2.50E−02

2.95E−02

1.18

\(\varvec{X}_{3}\)

3.00E−04

3.72E−03

1.24

\(\varvec{X}_{45}\)

2.50E−02

2.95E−02

1.18

\(\varvec{X}_{4}\)

4.79E−05

5.90E−05

1.24

\(\varvec{X}_{46}\)

5.00E−02

5.00E−02

1.00

\(\varvec{X}_{5}\)

2.30E−04

2.80E−04

1.24

\(\varvec{X}_{47}\)

1.00E−02

1.00E−02

1.00

\(\varvec{X}_{6}\)

3.85E−05

4.80E−04

1.24

\(\varvec{X}_{48}\)

1.00E−02

1.00E−02

1.00

\(\varvec{X}_{7}\)

4.90E−04

6.07E−04

1.24

\(\varvec{X}_{49}\)

2.11E−02

2.11E−02

1.05

\(\varvec{X}_{8}\)

1.23E−03

1.52E−03

1.24

\(\varvec{X}_{50}\)

4.00E−02

4.00E−02

1.00

\(\varvec{X}_{9}\)

5.00E−03

6.20E−03

1.24

\(\varvec{X}_{51}\)

2.40E−02

2.40E−02

1.00

\(\varvec{X}_{10}\)

3.00E−03

3.72E−03

1.24

\(\varvec{X}_{52}\)

0.250000

0.250000

1.00

\(\varvec{X}_{11}\)

1.11E−02

1.37E−02

1.24

\(\varvec{X}_{53}\)

0.116500

0.116500

1.00

\(\varvec{X}_{12}\)

1.00E−04

1.24E−04

1.24

\(\varvec{X}_{54}\)

3.00E−03

3.00E−03

1.00

\(\varvec{X}_{13}\)

1.04E−03

1.04E−03

1.00

\(\varvec{X}_{55}\)

3.00E−02

3.00E−02

1.00

\(\varvec{X}_{14}\)

2.12E−05

2.12E−05

1.00

\(\varvec{X}_{56}\)

1.00E−02

1.00E−02

1.00

\(\varvec{X}_{15}\)

1.36E−05

1.36E−05

1.00

\(\varvec{X}_{57}\)

4.00E−02

4.00E−02

1.00

\(\varvec{X}_{16}\)

2.12E−05

2.12E−05

1.00

\(\varvec{X}_{58}\)

4.50E−02

4.50E−02

1.00

\(\varvec{X}_{17}\)

3.70E−04

3.70E−04

1.00

\(\varvec{X}_{59}\)

2.10E−02

2.00E−02

1.00

\(\varvec{X}_{18}\)

1.00E−03

1.00E−03

1.00

\(\varvec{X}_{60}\)

9.00E−02

9.01E−02

1.00

\(\varvec{X}_{19}\)

1.35E−04

1.67E−04

1.24

\(\varvec{X}_{61}\)

1.00E−04

1.00E−04

1.00

\(\varvec{X}_{20}\)

3.44E−03

4.30E−03

1.24

\(\varvec{X}_{62}\)

2.10E−02

2.10E−02

1.00

\(\varvec{X}_{21}\)

1.08E−02

1.30E−02

1.24

\(\varvec{X}_{63}\)

8.00E−02

8.00E−02

1.00

\(\varvec{X}_{22}\)

0.128000

0.129540

1.01

\(\varvec{X}_{64}\)

1.00E−03

1.00E−03

1.00

\(\varvec{X}_{23}\)

3.00E−03

3.04E−03

1.01

\(\varvec{X}_{65}\)

0.200000

0.201000

1.01

\(\varvec{X}_{24}\)

2.00E−02

2.02E−02

1.01

\(\varvec{X}_{66}\)

5.00E−02

5.05E−02

1.01

\(\varvec{X}_{25}\)

1.00E−03

1.01E−03

1.01

\(\varvec{X}_{67}\)

5.00E−02

5.05E−02

1.01

\(\varvec{X}_{26}\)

5.00E−02

5.06E−02

1.01

\(\varvec{X}_{68}\)

1.00E−03

1.01E−03

1.01

\(\varvec{X}_{27}\)

1.00E−02

1.00E−02

1.05

\(\varvec{X}_{69}\)

2.10E−02

2.10E−02

1.00

\(\varvec{X}_{28}\)

5.00E−02

5.23E−02

1.05

\(\varvec{X}_{70}\)

8.00E−02

8.05E−02

1.01

\(\varvec{X}_{29}\)

4.00E−02

4.71E−02

1.18

\(\varvec{X}_{71}\)

1.00E−03

1.01E−03

1.01

\(\varvec{X}_{30}\)

4.50E−02

5.30E−02

1.18

\(\varvec{X}_{72}\)

7.00E−02

7.04E−02

1.01

\(\varvec{X}_{31}\)

1.00E−02

1.18E−02

1.18

\(\varvec{X}_{73}\)

3.40E−02

0.119030

3.50

\(\varvec{X}_{32}\)

6.70E−02

7.90E−02

1.18

\(\varvec{X}_{74}\)

2.50E−02

8.75E−02

3.50

\(\varvec{X}_{33}\)

1.00E−02

1.18E−02

1.18

\(\varvec{X}_{75}\)

2.50E−02

8.75E−02

3.50

\(\varvec{X}_{34}\)

3.55E−06

4.19E−06

1.18

\(\varvec{X}_{76}\)

2.00E−02

7.00E−02

3.50

\(\varvec{X}_{35}\)

4.80E−04

5.65E−04

1.18

\(\varvec{X}_{77}\)

2.00E−02

7.00E−02

3.50

\(\varvec{X}_{36}\)

3.46E−03

4.07E−03

1.18

\(\varvec{X}_{78}\)

0.100000

0.350100

3.50

\(\varvec{X}_{37}\)

4.40E−02

4.43E−02

1.01

\(\varvec{X}_{79}\)

0.100000

0.350100

3.50

\(\varvec{X}_{38}\)

5.60E−02

5.64E−02

1.01

\(\varvec{X}_{80}\)

0.100000

0.363300

3.60

\(\varvec{X}_{39}\)

5.00E−02

5.04E−02

1.01

\(\varvec{X}_{81}\)

0.100000

0.363300

3.60

\(\varvec{X}_{40}\)

7.00E−02

7.05E−02

1.01

\(\varvec{X}_{82}\)

5.00E−02

0.181650

3.60

\(\varvec{X}_{41}\)

5.00E−02

5.17E−02

1.03

\(\varvec{X}_{83}\)

3.40E−02

0.123502

3.60

\(\varvec{X}_{42}\)

2.00E−02

2.36E−02

1.18

\(\varvec{X}_{84}\)

2.50E−02

9.08E−02

3.60

The difference between the two BN models was demonstrated by conducting the predictive analysis. The failure probabilities of SBs were computed based on prior probabilities of BEs using both BN models, as shown in Table 6. As seen in Table 6, it was observed that the RPB had the highest failure probability. Additionally, the calculated failure probabilities of SBs demonstrated that the values obtained by the BN dependent model were less than that of independent BN values. This could be ascribed to the MOFs uncertainty and inter-dependency among SBs. It is obvious that all SBs failure probability decreased from an independent model to the dependent mode. This is due to uncertain causal relationships between MOFs and functional failures, as well as the dependency of all SBs on the RPB as initiating barrier. Moreover, the RPB failure probability decreased due to the consideration of the causal uncertainty among failure causes.
Table 6

Failure probabilities of fire SBs

SB

BN probabilities

(independent model)

BN probabilities

(dependent model)

RPB

0.113750

9.86E−02

IIPB

3.05E−02

6.25E−03

RDB

8.91E−02

5.13E−02

CSB

8.00E−02

6.09E−02

DIPB

0.274210

5.30E−02

EPB

8.30E−02

4.32E−02

The occurrence probabilities of possible consequences were also computed using both BN models after setting the failure of RPB as evidence. Table 7 provides both prior and posterior probabilities of consequences from dependent and independent BN.
Table 7

Occurrence probabilities of consequences

Code

Consequence

BN probabilities

(independent model)

Posterior probabilities

(RPBF as evidence)

BN probabilities

(dependent model)

Posterior probabilities

(RPBF as evidence)

C1

Safe

0.886250

0.000000

0.886250

0.000000

C2

Minor release

2.70E−02

0.236810

2.75E−02

0.278910

C3

Small fire, minor damage

6.86E−03

6.03E−02

7.20E−03

7.30E−02

C4

Small fire, medium damage

3.33E−05

2.92E−04

1.41E−03

1.43E−02

C5

Major release

4.00E−05

3.47E−04

1.94E−03

1.97E−02

C6

Large fire, medium damage

1.01E−05

8.84E−05

1.46E−03

1.48E−02

C7

Large fire, major damage

4.88E−08

4.29E−07

5.84E−03

5.92E−02

C8

Minor release

3.10E−04

2.73E−03

1.47E−04

1.49E−03

C9

Small fire, minor damage

7.90E−05

6.95E−04

7.75E−05

7.86E−04

C10

Small fire, medium damage

3.83E−07

3.37E−06

2.80E−04

2.84E−03

C11

Major release

7.08E−03

6.22E−02

9.81E−03

9.95E−02

C12

Large fire, medium damage

1.16E−07

1.02E−06

7.36E−03

7.46E−02

C13

Large fire, major damage

6.37E−02

0.559800

2.93E−02

0.297330

C14

Small fire, minor damage

8.57E−04

7.53E−03

8.99E−04

9.11E−03

C15

Small fire, medium damage

4.15E−06

3.65E−05

2.09E−04

2.12E−03

C16

Large fire, major damage

1.26E−06

1.01E−05

1.03E−03

1.05E−02

C17

Catastrophic fire, disastrous damage

7.86E−03

6.91E−02

4.11E−03

4.17E−02

It can be seen from Table 7 that the occurrence probabilities calculated by the dependent BN were also slightly different from the independent BN estimates. This could be also attributed to the inter-dependency and interaction among SBs, which may exist in the real process. For example, the probability of most consequences increased. From Table 7, it can be noticed that there are seven categories of consequences, which occur in one or more paths. Table 8 displays the occurrence probabilities of consequences categories from the dependent BN model. For example, \(P \left( {\text{Minor release }} \right)\; = \;P \left( {{\text{C}}2} \right)\; + \; P \left( {{\text{C}}8} \right)\; = \;2.75{\text{E}}\; - \;02\; + \; 1.47{\text{E}}\; - \;04\; = \;2.76{\text{E}}\; - \;02\). The results from Table 8 showed that the consequence C13 (Large fire with major damage) occurred in three routes and had the highest total occurrence probability. In addition, it was evident that the safe state (favorable state) occurs only in one path in which all the relevant SBs are successful and functioning well (see also the consequence path in Fig. 4).
Table 8

Occurrence probabilities of consequences categories

Consequence category

Probability

Safe

0.886250

Minor release

2.76E−02

Major release

1.18E−02

Small fire, minor damage

8.18E−03

Small fire, medium damage

1.90E−03

Large fire, medium damage

8.82E−03

Large fire, major damage

3.62E−02

Catastrophic fire, disastrous damage

4.11E−03

The probability updating is a unique feature of a BN to update the accident scenario and prior probabilities of BEs when new evidence becomes available. The most used evidence is knowledge about the consequences. The failure probabilities of BEs were updated to detect the most influencing causes of consequence occurrence. The consequence C13 (large fire, major damage) was given as evidence, and the posterior probabilities are presented in Table 5. The results revealed that MOFs (X73–X84) have significant posterior probabilities and the highest increasing rate of probability (posterior/prior). As a result, MOFs were the most critical causes of fire occurrence and had a significant impact on the whole release evolution process, which emphasized their key role in causing SBs failure. This result is consistent with the conclusions presented in relevant works [21, 23]. Furthermore, the posterior probability of MOFs was estimated when RPB failure was set as proof. The probabilities from both independent and dependent BN models were calculated to be 0.715 and 0.644, respectively. These findings were well agreed with past researches, which discovered that such factors contributed in about 70–80% of accidents in process industries [12]. Much attention should be paid on these crucial factors to control them, which reduce the probability of fire accident.

In addition, since all barriers depend on RPB in this study, the RPB failure was adopted as evidence to update the occurrence probabilities of consequences by using both BN models. The updated probabilities (posteriors) were reported in columns 4 and 6 in Table 7. It was apparent that the posteriors increased as compared with priors, and the posterior probability of C13 was greater than that of other consequences.

Failure of both RPB and IPB is mandatory for the fire occurrence. This can be justified as follows: the fire requires both gas release and ignition source to occur. RPB failure leads to gas release, and IPB failure results in igniting the released gas and thus creating the fire. Besides, from Fig. 4, it is obvious that if RPB or IPB was successful, the fire cannot take place. Therefore, the fire occurred only if both RPB and IPB failed. Therefore, these two barriers were analyzed by performing the diagnostic analysis to determine the most critical causes that lead to their failure. The RPB and IPB failures were adopted as observation nodes, whereas their BEs were set as target nodes, and the analysis results are displayed in Fig. 8a, b. The diagnostic inference figured out that X80, X81, X78, X79, X82, X11, and X21 are the most critical factors causing the RPB failure, while X79, X78, X80, X81, X40, X32, and X38 are the most crucial factors causing the IPB failure. This indicates that those critical causes play a vital role in contributing to the failure of SBs. It is essential to pay more attention to the identified critical causes to avoid SBs failure and prevent the fire accident effectively.
Fig. 8

Diagnostic analysis: a RPB failure and b IPB failure

The probabilities of risk levels of consequences in the FLNG platform were estimated by three parameter-based methods using dependent BN. The BN was extended by integrating the following three parameters: accident probability, expected accident severity, and EER reliability. Figure 9 demonstrates the extended procedure of the risk level assessment.
Fig. 9

BN-based risk level assessment model

To consider the interdependency among EER steps, it was assumed that the evacuation process failed if the escape process failed. Similarly, once the evacuation process failed, the rescue process failed. The influencing factors of EER process were obtained from the literature [15]. EER success probability was calculated using the dependent BN by considering the EER interdependency. For illustrative purpose, the model was implemented to determine the risk level of the consequence C13. Accident probability was calculated by the dependent model and obtained from Table 7. The expected severity level of each consequence was derived from similar cases and can be assigned based on expertise. Table 9 presents the risk levels probabilities for the consequence C13.
Table 9

Probabilities of risk levels for C13 based on dependent BN

Risk level probabilities

C13

(Prior)

Evidence

(C13 = occurs)

Evidence

(EER = success)

Combined evidences

(C13 = occurs, EER = success)

Combined evidences

(C13 = occurs, EER = failure)

Trivial

0

0

0

0

0

Low

0

0

0

0

0

Medium

0

0

0

0

0

High

2.22E−02

0.75921

0.0292

1

0

Intolerable

7.20E−3

0.24079

0

0

1

Safe

0.9708

0

0.9708

0

0

As can be noted from Table 9, the probabilities of risk levels increased significantly when C13 was set as evidence, while the safe state probability was zero. On the other hand, when EER is in the successful state, the risk probability of high level decreased greatly from 0.75921 to 0.0292, while the safe state probability increased. For two observations (C13 occurrence and EER failure), the estimated risk level was intolerable. These results found that the EER processes have a significant effect on the risk level. This method is more efficient and rigorous than traditional qualitative risk matrix as it gives numerical values and considers the accident probability and EER reliability.

4 Conclusions

This paper proposed a methodology for comprehensive failure analysis of SBs and corresponding consequences in the FLNG processing facility using a BN. The study mainly focused on fire risk more than other consequences in the facility. The fire risk was modeled as a function of the successive failure of relevant SBs. Six SBs were installed, which include RPB, IIPB, RDB, DIPB, CSB, and EPB. The success state of RPB prevents any serious consequences; therefore, the RPB failure was considered as a crucial fire SB and assigned as an initial event for further consequences. ET–FT diagram was then established to predict the potential consequence at each stage of the accident evolution process as function to the sequential failures of relevant SBs. A BN was used to overcome the drawbacks of ET–FT. Two BN models were constructed and compared. The independent BN was built rigidly from ET–FT, while the dependent BN was mapped with considering the SBs inter-dependency and model uncertainty. The values calculated by the dependent BN model were less relative to the values of the independent BN. This could be attributed to the conditional dependence among SBs and the uncertain causal relationship between MOFs and FFs. The diagnostic analysis of SBs failure further identified the MOFs as the most influencing factors contributing to the SBs failure. Consequently, the MOFs are the most critical causes of fire occurrence, which emphasizes their key role in causing SBs failure. The dependent BN represents the actual process and gives more realistic and reasonable results than independent BN. Finally, the novel method was developed by incorporating the accident probability, expected severity and the EER reliability to estimate the actual risk level probabilities of consequences. The results indicated that the EER processes have a major influence on the risk level. This method is more powerful and accurate than conventional risk matrix as it evaluates the risk level numerically and considers the EER influence on accident severity level on personnel.

The proposed methodology can be employed as an effective tool by the decision-makers to eliminate the SBs failure or mitigate the corresponding consequences, which eventually enhance the industrial safety level on the FLNG facility.

Notes

Compliance with ethical standards

Conflict of interest

There is no conflict of interest related to this research.

References

  1. 1.
    Bunnag M, Amarutanon N, Nitayaphan S, Aimcharoenchaiyakul M (2011) FLNG development: strategic approaches to new growth challenges. In: International petroleum technology conferenceGoogle Scholar
  2. 2.
    Rathnayaka S, Khan F, Amyotte P (2012) Accident modeling approach for safety assessment in an LNG processing facility. J Loss Prev Process Ind 25(2):414–423CrossRefGoogle Scholar
  3. 3.
    Xie B, Liu X, Yu X, Wang C, Zhu X (2014) The floating liquefied natural gas production, storage and offloading technology research. In: Offshore technology conference-AsiaGoogle Scholar
  4. 4.
    Sklet S (2006) Safety barriers: definition, classification, and performance. J Loss Prev Process Ind 19(5):494–506CrossRefGoogle Scholar
  5. 5.
    Reason J (1990) The contribution of latent human failures to the breakdown of complex systems. Philos Trans R Soc B Biol Sci 327(1241):475–484CrossRefGoogle Scholar
  6. 6.
    Kujath M, Amyotte P, Khan F (2010) A conceptual offshore oil and gas process accident model. J Loss Prev Process Ind 23(2):323–330CrossRefGoogle Scholar
  7. 7.
    Rathnayaka S, Khan F, Amyotte P (2011) SHIPP methodology: predictive accident modeling approach. Part I: methodology and model description. Process Saf Environ Prot 89(3):151–164CrossRefGoogle Scholar
  8. 8.
    Khakzad N, Khan F, Amyotte P (2011) Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches. Reliab Eng Syst Saf 96(8):925–932CrossRefGoogle Scholar
  9. 9.
    Khakzad N, Khan F, Amyotte P (2013) Dynamic safety analysis of process systems by mapping bow-tie into Bayesian network. Process Saf Environ Prot 91(1–2):46–53CrossRefGoogle Scholar
  10. 10.
    Barua S, Gao X, Pasman H, Mannan S (2016) Bayesian network based dynamic operational risk assessment. J Loss Prev Process Ind 41:399–410CrossRefGoogle Scholar
  11. 11.
    Tan Q, Chen G, Zhang L, Fu J, Li Z (2014) Dynamic accident modeling for high-sulfur natural gas gathering station. Process Saf Environ Prot 92(6):565–576CrossRefGoogle Scholar
  12. 12.
    Zarei E, Azadeh A, Khakzad N, Aliabadi M, Mohammadfam I (2017) Dynamic safety assessment of natural gas stations using Bayesian network. J Hazard Mater 321:830–840CrossRefGoogle Scholar
  13. 13.
    Kanes R, Ramirez M, Abdel-Moati H, Cranefield J, Véchot L (2017) Developing a framework for dynamic risk assessment using Bayesian networks and reliability data. J Loss Prev Process Ind 50:142–153CrossRefGoogle Scholar
  14. 14.
    Meng X, Chen G, Zhu G, Zhu Y (2019) Dynamic quantitative risk assessment of accidents induced by leakage on offshore platforms using DEMATEL–BN. Int J Nav Archit Ocean Eng 11(1):22–32CrossRefGoogle Scholar
  15. 15.
    Ping P, Wang K, Kong D, Chen G (2018) Estimating probability of success of escape, evacuation, and rescue (EER) on the offshore platform by integrating Bayesian network and Fuzzy AHP. J Loss Prev Process Ind 54:57–68CrossRefGoogle Scholar
  16. 16.
    Deacon T, Amyotte P, Khan F, MacKinnon S (2013) A framework for human error analysis of offshore evacuations. Saf Sci 51(1):319–327CrossRefGoogle Scholar
  17. 17.
    Crowl D, Louvar J (2002) Chemical process safety: fundamentals with applications, 2nd edn. Prentice Hall Inc, Upper Saddle RiverGoogle Scholar
  18. 18.
    Skogdalen J, Vinnem J (2012) Quantitative risk analysis of oil and gas drilling, using Deepwater Horizon as case study. Reliab Eng Syst Saf 100:58–66CrossRefGoogle Scholar
  19. 19.
    Khakzad N, Khan F, Amyotte P (2012) Dynamic risk analysis using bow-tie approach. Reliab Eng Syst Saf 104:36–44CrossRefGoogle Scholar
  20. 20.
    Bobbio A, Portinale L, Minichino M, Ciancamerla E (2001) Improving the analysis of dependable systems by mapping fault trees into Bayesian networks. Reliab Eng Syst Saf 71(3):249–260CrossRefGoogle Scholar
  21. 21.
    Rathnayaka S, Khan F, Amayotte P (2013) Accident modeling and risk assessment framework for safety critical decision-making: application to deepwater drilling operation. Proc Inst Mech Eng Part O J Risk Reliab 227(1):86–105Google Scholar
  22. 22.
    Khakzad S, Khan F, Abbassi R, Khakzad N (2017) Accident risk-based life cycle assessment methodology for green and safe fuel selection. Inst Chem Eng 109:268–287Google Scholar
  23. 23.
    Ibrahim H, Rao P (2019) Fire risk analysis in FLNG processing facility using Bayesian network. JESTEC 14(3):1497–1519Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Chemical Engineering, College of Engineering (A)Andhra UniversityVisakhapatnamIndia

Personalised recommendations