Risk Assessment Data Directory

Report No. 434 20.1 March 2010

Guide to finding and using reliability data for QRA

International Association of Oil & Gas Producers

ublications

Global experience
The International Association of Oil & Gas Producers has access to a wealth of technical knowledge and experience with its members operating around the world in many different terrains. We collate and distil this valuable knowledge for the industry to use as guidelines for good practice by individual members.

Consistent high quality database and guidelines

Our overall aim is to ensure a consistent approach to training, management and best practice throughout the world. The oil and gas exploration and production industry recognises the need to develop consistent databases and records in certain fields. The OGPs members are encouraged to use the guidelines as a starting point for their operations or to supplement their own policies and regulations which may apply locally.

Internationally recognised source of industry information

Many of our guidelines have been recognised and used by international authorities and safety and environmental bodies. Requests come from governments and non-government organisations around the world as well as from non-member companies.

Disclaimer
Whilst every effort has been made to ensure the accuracy of the information contained in this publication, neither the OGP nor any of its members past present or future warrants its accuracy or will, regardless of its or their negligence, assume liability for any foreseeable or unforeseeable use made thereof, which liability is hereby excluded. Consequently, such use is at the recipients own risk on the basis that any use by the recipient constitutes agreement to the terms of this disclaimer. The recipient is obliged to inform any subsequent recipient of such terms. This document may provide guidance supplemental to the requirements of local legislation. Nothing herein, however, is intended to replace, amend, supersede or otherwise depart from such requirements. In the event of any conflict or contradiction between the provisions of this document and local legislation, applicable laws shall prevail.

Copyright notice
The contents of these pages are The International Association of Oil and Gas Producers. Permission is given to reproduce this report in whole or in part provided (i) that the copyright of OGP and (ii) the source are acknowledged. All other rights are reserved. Any other use requires the prior written permission of the OGP. These Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales. Disputes arising here from shall be exclusively subject to the jurisdiction of the courts of England and Wales.

RADD Guide to finding and using reliability data for QRA

contents
1.0 1.1 1.2 1.3 Scope and Application .............................................................. 3 Scope.................................................................................................................... 3 Application ........................................................................................................... 3 Definitions ............................................................................................................ 3

2.0 Summary of Recommended Data ............................................... 4 2.1 Copyright.............................................................................................................. 4 2.2 Sources of Reliability Data ................................................................................. 4 3.0 Guidance on use of data ........................................................... 6 3.1 Introduction.......................................................................................................... 6 3.2 Failure Rate Calculation...................................................................................... 7 3.2.1 Background ................................................................................................................... 7 3.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed ........ 8 3.2.3 Failure Rate Calculation #2 Point Estimate ............................................................. 9 3.2.4 Failure Rate Calculation #3 Many Failures with Probability Plotting .................. 10 3.2.5 Treatment of Common Cause Failures ..................................................................... 13 3.2.6 Failure Rate Calculation using the OREDA Estimator............................................. 13 3.3 Calculation of on demand Failure Probability............................................. 14 3.4 Guidance Specific to the OREDA Handbook .................................................. 14 3.4.1 Selecting Appropriate Data ........................................................................................ 14 4.0 Review of data sources ........................................................... 16 4.1 OREDA Database and Handbook(s) ................................................................ 16 4.1.1 OREDA Data Presentation.......................................................................................... 18 4.2 MIL-HDBK-217F ................................................................................................. 19 4.3 FIDES .................................................................................................................. 19 4.4 EPRD-97 and NPRD-95...................................................................................... 19 4.5 PDS Data Handbook.......................................................................................... 20 4.6 FARADIP III......................................................................................................... 20 4.7 IEEE 493-1997 .................................................................................................... 20 4.8 Sintef Reports, SubseaMaster and WellMaster .............................................. 20 5.0 Recommended data sources for further information ................ 21 6.0 References .............................................................................. 21

OGP

RADD Guide to finding and using reliability data for QRA

Abbreviations:
BIT BOP DNV E&P MTTF MTTR ND OGP OREDA QRA SCSSV Built-in Test Blowout Preventer Det Norske Veritas Exploration and Production Mean Time To Failure Mean Time To Repair Nominal Diameter Oil and Gas Producers Offshore Reliability Data Quantitative Risk Assessment Surface Controlled Subsurface Safety Valve

OGP

RADD Guide to finding and using reliability data for QRA

1.0 1.1

Scope and Application Scope

The reliabilities of fire and gas detection, ESD and blowdown, blowout prevention and fire protection systems are key inputs to Quantitative Risk Assessment (QRA) of exploration and production facilities. This datasheet provides guidance on obtaining, selecting and using reliability data for these systems and for their component parts, for use in QRA.

1.2

Application

This datasheet contains specimen data taken from previous OGP datasheets; this specimen data are presented in Error! Reference source not found. to Error! Reference source not found.. In addition, the recommended data sources that are identified in section 2.0 should be consulted to ensure that all data are the most up to date and relevant for any particular analysis. Guidance on using and processing data is given in Section 3.0. The data presented are applicable to activities in support of operations within exploration for and production of hydrocarbons.

1.3

Definitions
The inability of an equipment unit or system to perform a specified function. Failure of an equipment unit that causes an immediate cessation of the ability to perform a required function. Failure of an equipment unit that does not cause a cessation of the ability to perform a required function. A failure that has the potential to prevent a safety system from achieving its safety function(s) when there is a true demand. A single dangerous failure may not be sufficient to prevent a redundant safety system from performing its safety function (e.g. two coincident dangerous failures may be needed to prevent operation of a 2-out-of-3 voting system). A failure that has the potential to unnecessarily trigger a safety function. A failure that is evident or that is detected by the system itself as soon as it occurs. Failures detected by the built-in diagnostic tests (BIT) of a logic solver are also considered as revealed failures. A failure that is not revealed to operation or maintenance personnel and that needs a specific action (e.g. periodic test) in order to be identified.

For the purposes of this document, the following terms and definitions apply. Failure Critical failure Non-critical failure Dangerous failure

Non-dangerous failure A failure of a safety system that is not dangerous. Safe failure Revealed failure

Hidden failure

Com m on cause failure Failure of different items resulting from the same direct cause, occurring within a relatively short time, where these failures are not consequences of another. See also Common mode failure.
OGP 3

RADD Guide to finding and using reliability data for QRA

Com m on m ode failure A subset of Common cause failure whereby two or more components fail in the same manner. Demand Failure m ode Failure on dem and Activation of a systems function (may functional, operational and test activation). include

Effect by which a failure is observed on the failed item. Failure that occurs immediately when an item is instructed to perform its intended function (e.g. standby emergency equipment). Probability of an item performing a required function under stated conditions for a specified time interval. Interval of time between the start date and end date of reliability data collection. Limit, if this exists, of the ratio of the conditional probability that the instant of time, T, of a failure of an item falls within a given time interval, (t + + t) and the length of this interval, t, when t tends to zero, given that the item is in an up state at the beginning of the time interval. Note: 1. In this definition, t may also denote the time to failure or the time to first failure. 2. A practical interpretation of failure rate is the number of failures relative to the corresponding operational time. In some cases, time can be replaced by units of use. In most cases, the reciprocal of MTTF can be used as the predictor for the failure rate, i.e. the average number of failures per unit of time in the long run if the units are replaced by an identical unit at failure.

Reliability Observation period Failure rate

M ean Tim e to Failure

(MTTF) Expectation of the time to failure.

M ean Tim e Between Failures (MTBF) Expectation of the time between failures.

2.0 2.1

Summary of Recommended Data Copyright

The data that are presented in the sources discussed in Section 2.2 are protected by copyright and cannot be reproduced without specific written permission from the copyright holders. Where guideline values are given (Error! Reference source not found. to Error! Reference source not found.), these are taken from sources that are either in the public domain or from pre-existing OGP datasheets. It is strongly advised that in all analyses the best available data are taken from the relevant source as listed in section 4.0.

2.2

Sources of Reliability Data

The recommended sources of reliability data are presented in Table 2.1.

OGP

RADD Guide to finding and using reliability data for QRA

Table 2.1 Data Sources

Data Source OREDA Handbooks [1] Note: new issue scheduled for release in 2009 MIL-HDBK-217F Reliability Prediction of Electronic Equipment [10] EPRD-97 Electronic Parts Reliability Data (RAC) [12] NPRD-95 Non Electronic Parts Reliability Data [11] PDS Data Handbook [13] Equipment Process Equipment (Offshore) Available From Det Norske Veritas N-1322 Hvik Norway US Military Handbook

Electronic components

Electronic components

Mechanical and electromechanical components

Reliability Analysis Center 201 Mill Street Rome, NY 13440 USA Reliability Analysis Center 201 Mill Street Rome, NY 13440 USA Sydvest Sluppenvegen 12E N-7037 Trondheim Norway technis@maint2k.com

Sensors, detectors, valves & control logic

FARADIP III [14]

Electronic, electrical, mechanical, pneumatic equipment Electrical power generation and distribution Surface Controlled Subsurface Safety Valves

IEEE 493-1997 [15] STF18 A83002, Reliability of Surface Controlled Subsurface Safety Valves STF75 A89054, Subsea BOP Systems, Reliability and Testing. Phase V STF75 A92026, Reliability of Surface Blowout Preventers (BOPs) STF38 A99426, Reliability of Subsea BOP Systems for Deepwater Application, Phase II DW SubseaMaster & WellMaster [9] and [8] EIREDA Database European Industry Reliability Data Handbook, Electrical Power Plants

ISBN1-55937-066-1 Exprosoft N-7465 Trondheim www.exprosoft.com Exprosoft N-7465 Trondheim www.exprosoft.com Exprosoft N-7465 Trondheim www.exprosoft.com Exprosoft N-7465 Trondheim www.exprosoft.com

Subsea Blowout Preventers

Surface Blowout Preventers

Subsea Blowout Preventers deepwater subsea

Components in oil wells (BOPs and SCSSVs) Valves, sensors and control logic (nuclear power station data)

Exprosoft N-7465 Trondheim www.exprosoft.com EUORSTAT, Paris

OGP

RADD Guide to finding and using reliability data for QRA

3.0 3.1

Guidance on use of data Introduction

The science of reliability prediction is based upon the principals of statistical analysis. Reliability is defined as the probability that equipment will perform a specified function under stated conditions for a given period of time which defines a probabilistic approach rather than a deterministic one. This probability can be calculated or stated to reside within certain statistical confidence limits. Fundamental to such a calculation is the ability to source basic reliability data. Ideally such data should be:

Current Auditable Specific (applicable to equipment/component type) Extensive (large sample with many recorded failures) Applicable to environment Be suitable for life trending

Unfortunately, real world data sources rarely meet these ideals and it is therefore necessary to accept compromises. When performing QRA, it is important that the limitations of the data source are understood, and where necessary alternatives sought. For QRA, the reliability parameters to be taken from the database would be the failure rate (or the mean time to failure) and/or the probability of failure on demand; see Section 3.3 for details of probability of failure on demand calculation. Where information is extracted from the OREDA or another industry standard database it is not (in general) necessary to perform any further statistical analysis of the failure patterns. The approach described in Section 2.3.3 applies where basic information relating to times to failure is available for analysis, for example from maintenance records or breakdown reports. In these circumstances, it is necessary to judge the quality of the data and to then apply the appropriate analytical technique. The techniques for data analysis presented herein are divided into two classifications, those that are based simply on the sample statistics and those that are based on inferences from the associated statistical distributions. The characteristics of distributions are much harder to derive (especially from field breakdown reports rather than laboratory test data), but have the potential to provide more information. Note that it is not the intention to provide a comprehensive theoretical background to data analysis in this document, but instead to provide some practical techniques that may be used to prepare reliability data. Three techniques are outlined, namely:

Prediction of failure rate within defined confidence limits applied where only sparse failure data are available refer to Section 3.2.2 Calculation of point estimate of failure rate applied where adequate data are available refer to Section 3.2.3 Use of probability plotting to derive information relating to the underlying statistical distribution refer to Section 3.2.4

OGP

RADD Guide to finding and using reliability data for QRA

3.2
3.2.1

Failure Rate Calculation

Background

The observed failure rate for a component is defined as the ratio of the total number of failures to the total cumulative observation or operational time. For items displaying a constant failure rate, if is the failure rate of the N items then: = k/T where k is the total number of failures and T is the total observation time across the N items. For the case where components are replaced after failure (as applies to industry field databases) then the total cumulative observation time may be defined as N field operational lifetime. Strictly, this calculation provides a point estimate of the failure rate and if the exercise were repeated with another set of identical equipment and conditions it may yield results that are not identical to the first. Any number of such measurements may be made providing a number of point estimates for the failure rate, with the true value of the failure rate only being provided after all components have failed (for a non replacement test). In practice therefore, it is necessary to make a prediction about the total population of items based on the failure patterns of a sample. This process of statistical inference can be performed using the properties of a X2 (chi squared) distribution. This allows us to bound the population failure rate within confidence limits (typically 90% or 60% may be used). It is also necessary to make some assumptions about the pattern of failures across time, considering the shape of the commonly depicted bathtub curve (Figure 3.1). This curve typifies the expected component failure rate across time and is divided into three distinct area, namely

Early life, characterized by a decreasing failure rate Useful life (constant failure rate) Wear out (increasing failure rate)

OGP

RADD Guide to finding and using reliability data for QRA

Figure 3.1 The Bathtub Curve

In order to perform analysis of failure patterns outside of the constant failure rate period a level of detailed information is required that is typically not available from the recorded data (e.g. actual age of equipment of failure, homogeneous samples). Therefore an assumption is made that all failures recorded are experienced during the useful life phase, and the pattern of these failures may be described by a random, exponential distribution. This can, at least to a certain extent, be justified on the following grounds:

Early life failures resulting from commissioning problems may not be recorded as equipment failures Early life failures resulting from manufacturing defects can be largely eliminated by testing prior to installation Wear out failures largely eliminated by preventative maintenance and planned renewals. Note that this assumption may be less valid for wear out of subsea equipment where no planned maintenance will be performed.

The preceding discussion allows us to analyze the data from each source, and in most cases to calculate a mean value, confidence intervals about the mean value and the associated variance. 3.2.2 Failure Rate Calculation #1 Few Failures, Constant Failure Rate Assumed

Where total number of failures is small (say < 5), or zero, a point estimate of failure rate is inappropriate, therefore a technique of statistical inference and confidence limits should be applied. This can be addressed via a Chi Squared (X2) test using the following methodology: 1. Measure T (total observed time) and k (number of failures) 2. Select a confidence interval 3. = 1 confidence interval

OGP

RADD Guide to finding and using reliability data for QRA

4. n = 2k for failure truncated test or n = 2(k+1) for time truncated test 5. Look up value for X2 corresponding to n and (use standard mathematical tables) 6. Failure Rate Confidence Limit at X2/2T 7. For double sided limits use procedure twice to look up value for X2 at: n = 2k and (1 /2) (lower limit) n = 2k(2k+2) and /2 (upper limit) Note that X2/2T is a conservative estimate i.e. the true value has probability of of being higher than the estimate (based on a single sided upper confidence limit). Using the upper bound of the failure rate is a conservative approach and hence it can be used instead of the maximum likelihood estimate when the sample is considered to be small. Example: Equipm ent m aintenance records show that 5 devices each with a recorded running time of 1000 hours have no recorded failures. Calculate the failure rate at 60% confidence (single sided upper limit). 1. 2&3. 4. 5. 6. T = 5 1000 = 5000 hours = (1 0.6) = 0.4 for 60% confidence limit n = 2 (k+1) = 2 (time truncated since no failures have occurred) From tables, X2 = 1.83 (60% confidence limit). Upper bound of failure rate (60% confidence) = X2/2T = 1.83/10000 = 1.83 x 10-4 fails/hour

Note: the decision to use statistical interpretation or point estimate is based on the number of recorded failures. For items with a very high failure rate a significant number of failures could equate to a small amount of experience years, but typically a large amount of experience years are also required for a point estimate. 3.2.3 Failure Rate Calculation #2 Point Estimate

Where adequate data are available, a point estimate of the failure rate can be made simply by taking the ratio of the total number of failures to the total cumulative observed time. If is the failure rate of the N items then = k/T where k is the total number of failures and T is the total cumulative observed time.

OGP

RADD Guide to finding and using reliability data for QRA

3.2.4

Failure Rate Calculation #3 Many Failures with Probability Plotting

Where sufficient good quality data are available, probability plotting techniques may be used to derive information relating to the underlying statistical distribution. Graphical plotting techniques may be implemented manually or by computer and involve analysis of the cumulative distribution of the data. A commonly used distribution for failure data is the Weibull Distribution. This distribution originally postulated in 1951 by Swedish mechanical engineer Waloddi Weibull. It is particularly suited to reliability life data plotting because of its flexibility, having no specific shape but instead being described by shaping parameters. It is a three parameter distribution, but often only two are used the characteristic life () and shape factor (). There are special cases associated with values of the shape factor:

= 1 corresponds to exponential distribution < 1 represents burn in (decreasing failure rate) > 1 represents wear out (increasing failure rate)

NB In line with convention, is used here to represent the shape factor of the Weibull distribution. This is not the same used to describe the dependent failure fraction of common cause failures (see Section 3.2.5). By using a graphical plotting technique, the data can be quickly analysed without detailed knowledge of statistical mathematics. A simple procedure for this is as follows:

Determine test sample size and times to failure List times to failure in ascending order Establish median rankings from published tables (or calculate/estimate from formulae) Plot times and corresponding ranks on Weibull plot paper. This is essentially loglog graph paper but with scales for reading and Draw best fit straight line and read off at 63.3% intercept Draw a parallel line through intercept on y axis and read off

Note that median ranking is the most frequently used method for probability plotting, especially if the data are known not to be normally distributed. Median ranking tables are available from statistics text books, or they may be estimated by the following equation: Ranking = (i - 0.3) / (N + 0.4) where i is the failure order number and N is the total number of failures. The process is best illustrated by means of a simple example:

10

OGP

RADD Guide to finding and using reliability data for QRA

Step 1. Rank Data using Median Rank Tables Failure Number 1 2 3 4 5 6 7 8 9 10 Time to Failure 10 38 80 140 215 310 460 670 1050 1900 Median Rank 0.02 0.06 0.09 0.12 0.15 0.19 0.22 0.25 0.29 0.32 Failure Number 11 12 13 14 15 16 17 18 19 20 Time to Failure 2000 5000 8300 1200 16300 21500 27500 36000 48200 74000 Median Rank 0.35 0.38 0.42 0.45 0.48 0.52 0.55 0.58 0.62 0.65 Failure Number 21 22 23 24 25 26 27 28 29 30 Time to Failure 77000 10200 119000 134000 146000 159000 172000 187000 204000 230000 Median Rank 0.68 0.71 0.75 0.78 0.81 0.85 0.88 0.91 0.94 0.98

Step 2. Plot Tim es to Failure and Median Ranked Probabilities on W eibull Paper

Step 3. Plot Line and Read Values of characteristic life () and shape factor () It is generally acceptable to fit a straight line plot by eye through the data points. The value of shape factor is read by drawing a line perpendicular to the plotted line through the plot origin. The value of can then be read from the intercept of this line and the scale. The value for the characteristic life may read from the intercept of the plotted line with the estimator line. The position of the estimator is determined by the intercept of the perpendicular line with the scale.

OGP

11

RADD Guide to finding and using reliability data for QRA

In the above plot all three stages of the bathtub curve are displayed, the values are approximately: Characteristic life () Shape factor () 87 hours 0.7 320 hours 1.0 1000hours 3.4

3.2.4.1 Probability Plotting Complex Scenarios If a straight line is not obtained in the Weibull plot, there could be one or more underlying reasons, including:

Data having been censored More than one failure mechanism (mixed Weibull effects) Errors in sampling There is a threshold parameter (i.e. a three parameter Weibull distribution applies) Distribution not Weibull

3.2.4.2 Dealing with Censored Data At the end of a reliability trial or when processing field data there may be a number of items that have not failed. This is referred to as a censored data sample. Those items that have survived are referred to as suspended. To calculate the median ranks in this situation the following procedure should be followed:

Determine test sample size and times to failure List times to failure in ascending order Place suspended test items at the appropriate points in list For each failed item calculate the mean order number iti

where and n is the sample size

Establish median rankings from published tables (or calculate/estimate from formulae) Plot times and corresponding ranks on Weibull plot paper.

3.2.4.3 Mixed Distributions If the data do not fit to a straight line, especially where an obvious change of slope is seen it may be that more than one mode of failure is being displayed by the sample. If this is the case, the data pertaining to each failure mode must be segregated and analysed separately. 3.2.4.4 Failure Free Period Should the data still yield a curve rather than a straight line, it is possible that a failure free life period is being exhibited i.e. a three value rather than a two value Weibull distribution is applicable.
12 OGP

RADD Guide to finding and using reliability data for QRA

The third Weibull parameter (location parameter), , locates the distribution along the abscissa. Changing the value of has the effect of "sliding" the distribution and its associated function either to the right (if > 0) or to the left (if < 0). The parameter may assume all values and provides an estimate of the earliest time a failure may be observed. A negative may indicate that failures have occurred prior to the beginning of the test or prior to actual use. The life period 0 to + is the failure free operating period of such units To cater for this, an attempt can be made to predict the failure free period. This may be based on engineering judgement and knowledge of the items under consideration or may simply the time until the first failure occurs. The data are then replotted from this time and if a straight line results the failure free period is as estimated and the remaining parameters may be estimated from the plot. If another curve is produced the process is repeated. 3.2.5 Treatment of Common Cause Failures A Common Cause Failure (CCF) is the result of an event that, because of dependencies, causes a coincidence of failure states in two or more separate channels of a redundant system, leading to the defined system failing to perform its intended function. CCFs can degrade the performance of any redundant system and are of particular concern when analysing protective functions. A number of mathematical techniques exist for the treatment of CCFs, one of the simplest and most practical is the Beta factor approach. In essence this assumes that , the total failure rate for each redundant unit in the system, is composed of independent and dependent failure contributions as follows:

= c + i
where i is the failure rate for independent failures

c the failure rate for dependent failures

The parameter beta () can then be defined as:

= c/
NB is also commonly used to represent the shape factor of the Weibull distribution, this is not the same as used to describe the dependent failure fraction of common cause failures. Thus beta is the relative contribution of dependent failures to total failures for the item. The lack of available data relating to dependent failures of sufficient quality necessitates the use of an estimation technique for beta, guided by a number of parameter shaping factors (the subjective assessment of defensive mechanisms). Such a quantification method, known as the partial beta factor model may be applied for detailed assessment. A full description of the technique, including weighting factors is presented in [20]. For a simpler approach a representative value of may be assumed between 0.01 (highly diverse components or systems) and 0.1 (similar components or systems). 3.2.6 Failure Rate Calculation using the OREDA Estimator

The OREDA handbook recognises that the data it presents are not taken from a homogeneous sample. To merge these non homogenous data into a single multi sample estimate with an average failure rate (point estimate of total number of failure divided by aggregated time in service) is likely therefore to result in an unrealistically short confidence interval. An approach referred to as the OREDA-estimator is applied to derive a mean failure rate with associated upper and lower 90% confidence bounds. A description of the theoretical basis for the OREDA-estimator is given in [2].

OGP

13

RADD Guide to finding and using reliability data for QRA

The handbook also gives point estimates of failure rate; the numerical difference between this and the OREDA estimator gives an indication of the degree of diversity in failure rates between parts of the overall population. OREDA recommends that the OREDA estimator be used when data are taken from this source.

3.3

Calculation of on demand Failure Probability

The on-demand failure probability may be listed in the failure data source, e.g. OREDA or occasionally FARADIP. Section 3.4.1.1 illustrates how this is extracted from OREDA. It is usually more appropriate, however, to calculate a specific probability of failure on demand for a given protective function. Typically such failures are unrevealed and must be detected by means of manual or automatic proof testing. For a protective system having failure rate and proof test interval T, the probability of failure on demand or unavailability due to unrevealed failures is presented in Table 3.1. Table 3.1 Unrevealed Failure Probability
Number of Units 1 2 3 4 Number of Units Required to Operate 1 2 3

T/2 2T2/3 3T3/4 4T4/5

2T 2 3T 3

22T2

3.4
3.4.1

Guidance Specific to the OREDA Handbook

Selecting Appropriate Data

The item selected from database must be appropriate in terms of fit to the system under analysis and in terms of data quality. Specifically, the following should be considered: Technology: does the data correctly represent the equipment being assessed? It may be necessary for the analyst to provide or seek expert judgement. e.g. can data for a diesel engine be used for a spark ignited engine? Environm ent: will the environmental conditions influence the failure rate? OREDA data are gathered offshore North Sea. This introduces specific failure mechanisms (saline environment, humidity, temperature), if transferring the data to another environment additional failure modes and mechanisms may be involved. Operational Mode: Equipment operated frequently in a standby mode (emergency generators, firewater pumps) will exhibit different failure modes and frequency compared to equipment operating continuously. Num ber of Recorded Failures: Equipment with few recorded failures will have a large uncertainty associated with their failure rate. Population/Installations: It is desirable for data to be selected for equipment with a large population across a wide number of installations. This avoids data representing localised effects or dominated by one design or manufacturer.

14

OGP

RADD Guide to finding and using reliability data for QRA

Tim e in Service: It is desirable for data to be selected for equipment with a long time in service (calendar time). The operational time may be considerably less for equipment that is normally on standby (e.g. firewater pumps). 3.4.1.1 Number of Demands Where stated, this value can be used to derive an on-demand failure probability (but note also that an on-demand failure probability is occasionally stated in the comment field). For example, one selected data item (taxonomy code 1.3.2) has 7 recorded critical failures for the mode fails to start on demand. The number of demands is given as 860, and hence the on-demand critical failure probability can be calculated as 7/860 = 0.008. 3.4.1.2 Repair Time Repair times are stated in terms of active repair hours and repair manhours (min, mean and max). In general the active repair hours will be of most interest but this field is sometimes blank. In these instances and estimate can be made at 50% of the repair manhours. Note that the active repair time does not include time for fault realisation, spare parts or crew mobilisation or the impact of any applied maintenance strategy or delays.

OGP

15

RADD Guide to finding and using reliability data for QRA

4.0 4.1

Review of data sources OREDA Database and Handbook(s)

Originally initiated by the Norwegian Petroleum Directorate in 1981 to collect reliability data for safety equipment, OREDA is a project organization sponsored by eight oil companies with worldwide operations. OREDA's main purpose is to collect and exchange reliability data among the participating companies and to act as a forum for co-ordination and management of reliability data collection within the oil and gas industry. OREDA has established a comprehensive databank of reliability and maintenance data for exploration and production equipment from a wide variety of geographic areas, installations, equipment types and operating conditions. Offshore subsea and topside equipment are primarily covered, but onshore equipment may also be included. The data are stored in a database, and specialized software has been developed to collect, retrieve and analyze the information. A more recent addition to the OREDA database is information pertaining to subsea equipment including control systems, flowlines, manifolds, production risers, templates, wellheads and Xmas trees amongst others. NOTE: access to the electronic database is restricted to participants in the OREDA program . A revised edition of this Handbook was released in October 2002 containing OREDA Phase IV (1993-96) and Phase V (1997-00) data. Reliability data collected and processed in the OREDA project has been published in generic form in three Reliability Data Handbooks; 1984 (1st edition), 1992 (2nd edition) and in 1997 (3rd edition). These handbooks contain reliability data on offshore equipment compiled in a form that can easily be used for various safety, reliability and maintenance analyses. The project phases are reported in various handbooks as follows:

Phase I (1983 to 1985) published in OREDA 84 handbook Phase II (1987 to 1990) published in OREDA 92 handbook. This handbook also contains the data collected during phase I Phase III (1990 to 1992) published in OREDA 97 handbook Phase IV (1993 to 1996) and Phase V (1997 to 2000) published in OREDA 2002 handbook

Note that the OREDA handbooks do not catalogue the data recorded in the electronic database; instead they present the results of filters defined by the OREDA committee that are believed to be representative of users needs. OREDA-2002, -97 and -92 data equipment groups and the equipment items covered are listed in Table 4.1.

16

OGP

RADD Guide to finding and using reliability data for QRA

Table 4.1 OREDA-2002, -97 and -92 Data Categories

Data Group (OREDA-2002 and -97) Machinery Equipment Items In OREDA- Data Group (OREDA92) 97 Process Systems Equipment Items

Compressors Gas turbines Pumps Combustion engines

200 2

Vessels Valves Pumps Heat exchangers Compressors Gas turbines Pig launchers and receivers Power generation Power conditioning, Protection and circuit breakers

Electric Equipment

Generators Motors

Electrical Systems

Mechanical Equipment Control and Safety Equipment

Heat exchangers Vessels Heaters and boilers Control logic units Fire and gas detectors Process sensors Valves

Safety Systems Gas and fire detection systems Process alarm sensors Fire fighting systems ESD systems Pressure relieving systems General alarm and communication systems Evacuation systems

Subsea Equipment

Common components Control systems Manifolds Flowlines Isolation systems Risers Running tools Wellhead and Xmas trees

Utility Systems Slop and drainage systems Ventilation and heating systems Hydraulic supply systems Pneumatic supply systems Control instrumentation Diesel hydraulic Diesel friction Drawworks Hoisting equipment Diverter systems Drilling risers BOP systems Mud systems Rotary tables Pipe handling systems

Crane Systems Drilling equipment

OGP

17

RADD Guide to finding and using reliability data for QRA

4.1.1

OREDA Data Presentation

The OREDA handbook [1] presents the following data recorded for each equipment taxonomy class recorded. Boundaries Each equipment item class has an inventory description provided at the start of the respective chapter. This should be examined carefully to identify equipment items for the system under consideration that lie outside the defined OREDA boundary. These must then be considered as separate items. An example of this would be a compressor or electrical generator where the prime mover is listed as a separate item. Taxonom y code The taxonomy code gives an identification of the equipment item selected from the database. It is good practice to record this code and to include it within calculations as a reference for any data extracted. Population Total number of items under surveillance. Aggregated tim e in service (calendar tim e) This is the total recorded observation time for the population. Aggregated tim e in service (operational tim e) Total recorded observation time for the population when it is required to fulfil its functional role. Note that this may be an estimated value. Num ber of dem ands Total number of recorded demand cycles for the population. Note that this may be an estimated value. Failure Mode This column presents the recorded modes of failure for the equipment item, divided into severity classes critical, degraded, incipient and unknown. In general, only the critical severity class failures need be considered i.e. those that cause an immediate and complete loss of an items function. Where an equipment item performs more than one function (e.g. process and protective) it may be necessary to review each failure mode and identify the requirement to progress it into the risk calculation, either as an aggregated failure rate value for the equipment item or as individual failure events. i.e. critical failures may include dangerous, non-dangerous and safe failures. These failures may be critical to production but not to the equipments protective function. Num ber of Failures This is the total number of failures aggregated across all modes. In general, the higher the number of failures, the greater the confidence in the calculated failure rate. Failure Rate All failure rates in the OREDA handbook are presented in terms of failures per million hours. The following data are presented for each mode, calculated both in terms of calendar and operational time:

M ean: estimated average failure rate, calculated using the OREDA estimator see Section 3.2.6 for details Lower, Upper: 90% confidence bounds for the failure rate SD: Standard deviation

18

OGP

RADD Guide to finding and using reliability data for QRA

n/T: Point estimate of the failure rate i.e. total number of failures divided by the total time in service

For most calculations it is recommended that the mean value (i.e. based on the OREDA estimator) is used. Note that the difference in value between the point estimate and mean failure rate relates to the degree of diversity in the population.

4.2

MIL-HDBK-217F

The MIL-HDBK-217 handbook contains failure rate models for the various part types used in electronic systems, such as integrated circuits, transistors, diodes, resistors, capacitors, relays, switches, and connectors. The handbook details two methods for reliability prediction, namely parts count and parts stress calculation. Parts count prediction is recommended during the design phase of a project. It is simpler than parts stress and requires less detailed information. To calculate a system failure rate the following method is used: For each component part of a system, a baseline failure rate value is selected from tables based on the type of the part and the operating environment. This value is then modified by multiplying by a quality factor, again selected from a table (e.g. military or commercial specification). For microelectronics, a learning factor may also be applied. The overall system failure rate is then derived by summation of the parts failure rates; hence the title parts count. In general, parts count analysis will provide an adequate estimate of a systems failure rate for use in QRA. Parts stress analysis involves derivation of more multiplying factors that in turn require detailed analysis of the system.

4.3

FIDES

This is reliability standard created by FIDES Group - a consortium of leading French international defence companies: AIRBUS, Eurocopter, Giat, MBDA and THALES. The FIDES methodology is based on the physics of failures and is supported by the analysis of test data, field returns and existing modelling. The FIDES Guide is a global methodology for reliability engineering in electronics. It has two parts, namely a reliability prediction guide and a reliability process control and audit guide. Its key features are: Provides models for electrical, electronic, electromechanical components and some subassemblies. Considers all technological and physical factors that play an identified role in a product's reliability. Considers the mission profile. Considers the electrical, mechanical and thermal overstresses. Failures linked to the development, production, field operation and maintenance processes.

4.4

EPRD-97 and NPRD-95

The databases EPRD-97 (Electronic Parts Reliability) NPRD-95 (Non Electronic Parts Reliability) were developed by the United States Department of Defense Reliability Information Analysis Center (RIAC). The EPRD-97 database contains failure rate data on electronic components, namely capacitors, diodes, integrated circuits, optoelectronic devices, resistors, thyristors, transformers and transistors. The NPRD-

OGP

19

RADD Guide to finding and using reliability data for QRA

95 database contains failure rate data on a wide variety of electrical, electromechanical and mechanical components. Both databases contain data obtained by long-term monitoring of the components in the field. The collection of the data was from the early 1970s through 1994 (for NPRD-95) and through 1996 (for EPRD-97). The purposes of the both databases are to provide failure rate data on commercial quality components, provide failure rates on state-of-the-art components to complement MIL-HDBK-217F by providing data on component types not addressed therein.

4.5

PDS Data Handbook

The PDS Data Handbook provides reliability data estimates for components of control and safety systems. Data for field devices (sensors, valves) and control logic (electronics) are presented, including data for subsea equipment. The data are based on various sources, including OREDA and expert judgement. Some values for factors for analysis of common cause failures are also presented.

4.6

FARADIP III

FARADIP (Failure RAte Data In Perspective) is an electronic database that presents data concatenated from over 40 published data sources. It provides failure rate data ranges for a nested hierarchy of items covering electrical, electronic, mechanical, pneumatic, instrumentation and protective devices. Failure mode percentages are also provided.

4.7

IEEE 493-1997

The objective of this book is to present the fundamentals of reliability analysis applied to the planning and design of industrial and commercial electric power distribution systems. The intended audience for this material is primarily plant electrical engineers. It includes a summary of equipment reliability data under the following headings:

Mechanical and electrical equipment reliability and availability data collection conducted between 1990 and 1993 Equipment reliability surveys (19761989) Equipment reliability surveys conducted prior to 1976

4.8

Sintef Reports, SubseaMaster and WellMaster

ExproSoft is a spin-off of the Norwegian Research Institute SINTEF, and has acquired all commercial rights to reliability databases previously operated by this institute. These products have since been refined and extended, creating integrated reliability database and analysis tools for the upstream sector. A study (JIP) on reliability of well completion equipment (Wellmaster Phase III) was completed by SINTEF in November 1999. This has resulted in a database of well completion equipment, with a total of 8000 well-years of completion experience represented. A subsea equipment reliability database project was completed by ExproSoft in late 2000 (Phase I). This project, led to the development of the SubseaMaster database and software version 1.0. Phase II of SubseaMaster was launched as a joint industry project in May 2001. and was completed in April 2003. ExproSoft sell copies of the Sintef reports referred to in this datasheet.
20 OGP

RADD Guide to finding and using reliability data for QRA

5.0

Recommended data sources for further information

The text book Functional Safety a Straightforward Guide to IEC61508 [16] presents background theory and a number of worked examples including fault trees and analysis of common cause failures. Layer of Protection Analysis Simplified Process Risk Assessment [17] also presents worked examples together with some specimen reliability data. Background reliability theory can be found in Practical Reliability Engineering [18] and Reliability, Maintainability and Risk [2]. The latter also contains some reliability data from FARADIP [14] Reliability Technology [19] contains (older) reliability data from the nuclear industry.

6.0

References

1. OREDA Participants, OREDA 2002 Handbook ISBN 82-14-02705-5. 2. Dr David J Smith, Reliability, Maintainability and Risk Sixth edition, ISBN 0-7506-51687, 2001. 3. SINTEF, Reliability of Surface Controlled Subsurface Safety Valves, 21/2/1983, STF18 A83002. 4. Holand, P.: Subsea BOP Systems, Reliability and Testing. Phase V. STF75 A89054 ISBN 82-595-8585-5, 1989). 5. Holand, P.: Reliability of Surface Blowout Preventers (BOPs) STF75 A92026 (ISBN 82595-7173-0), 1992. 6. SINTEF; Reliability of Surface Controlled Subsurface Safety Valves, Phase IV - Main Report 1991 STF75 A91038. 7. Holand, P.: Reliability of Subsea BOP Systems for Deepwater Application, Phase II DW.(Unrestricted version). STF38 A99426 (ISBN 82-14-01661-4), 1999. 8. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Wellmaster Database, ongoing. 9. Exprosoft, Klbuveien 125, Lerkendal Stadion, Trondheim, Subseamaster Database, ongoing. 10. US DoD, Reliability Prediction of Electronic Equipment, MIL-HDBK-217F, Notice 2 1995. 11. Non-Electronic Part Reliability Data 1995 (NPRD-95), Reliability Analysis Center, PO Box 4700, Rome, NY. 12. Electronic Part Reliability Data 1997 (NPRD-97), Reliability Analysis Center, PO Box 4700, Rome, NY. 13. Reliability Data for Safety Instrumented Systems - PDS Data Handbook, 2006 Edition, Sydvest, Trondheim, Norway. 14. FARADIP (FAilure RAte Data In Perspective), Maintenance 2000 Limited, Broadhaugh Building, Suite 110, Camphill Road, Dundee DD5 2ND 1987 onwards. 15. Institute of Electrical and Electronics Engineers IEEE 493-1997, Recommended Practice for the Design of Reliable Industrial and Commercial Power Systems (Gold Book). 16. Smith & Simpson, Functional Safety, ISBN 0-7506-5270-5, 2001. 17. Center for Chemical Process Safety, Layer of Protection Analysis, ISBN 0-8169-08117, 2001. 18. OConner, P, Practical Reliability Engineering, ISBN 0-471-95767-4, 1996. 19. Green & Bourne, Reliability Technology, ISBN 0 471 32480-9, 1981. 20. Brand, VP, UPM3.1: A pragmatic approach to dependent failures assessment for standard systems, ISBN 085 356, 1996.

OGP

21

For further information and publications, please visit our website at

www.ogp.org.uk

209-215 Blackfriars Road London SE1 8NL United Kingdom Telephone: +44 (0)20 7633 0272 Fax: +44 (0)20 7633 2350 165 Bd du Souverain 4th Floor B-1160 Brussels, Belgium Telephone: +32 (0)2 566 9150 Fax: +32 (0)2 566 9159 Internet site: www.ogp.org.uk e-mail: reception@ogp.org.uk