Transcript Nogle Aspekter af Risikoanalyse i den danske jernbanesektor

On models of apportionment of safety
targets accounting for human error,
organisational factors and uncertainty
This work was performed under “Aftale om myndighedsbetjening
2010-2011 mellem Trafikstyrelsen, BaneDanmark og Danmarks
Tekniske Unversitet”.
Igor Kozine & Nijs Jan Duijm
Remote target
Develop a model of the railway system that allows the (re)allocation
of safety requirements to the subsystems that can be either a
physical subsystem, human(s) or organisational constituent. An
approach to uncertainty representation and coupling it with the
apportionment model is one target more.
2
DTU Management Engineering, Technical University of Denmark
Aim of the project
1. Collecting the knowledge available on the subject, overview the
existing approaches to the apportionment, the assessment of the
influence of human and organizational factors, causal modeling
and uncertainty representation and interplay between them all.
2. Delineating the way(s) the target can be reached and specifying
the challenges.
3
DTU Management Engineering, Technical University of Denmark
Bow-tie diagram
Organisational factors
4
DTU Management Engineering, Technical University of Denmark
The SAM framework
System-Action-Management
Management
&
Organization
Decisions &
Actions
Technical PRA domain
Physical
System
Risk
Analysis
Model
System
Failure
Probability
Structure of human and management effects on risk
5
DTU Management Engineering, Technical University of Denmark
The SAM framework projected to the railway
sector
r(O) – risk
O – organisational deficits (organisational factors)
f – frequency of an event
Hi - hazard
DAj – Decision-Action (human factor)
ci - consequence
6
DTU Management Engineering, Technical University of Denmark
Immediate challanges
How to assess probabilistic
measures?
What causal model to use?
1. Modified fault trees
2. Bayesian belief networks
3. Safety-barrier diagram
4. Discrete-event simulation
modeling
r(O) – risk, O – organisational factors, f – frequency
Hi - hazard, DAj – human factor, ci - consequence
7
DTU Management Engineering, Technical University of Denmark
Cause-consequence model accounting for
organizational factors
1. Modified fault trees
2. Bayesian belief networks
A
OR
OR
AND
Ao
M
AND
Fma
N
AND
Fna
O
Foa
3. Safety-barrier diagram
4. Discrete-event simulation modeling
Has not been researched
8
DTU Management Engineering, Technical University of Denmark
One more challange
Assessment of the influence of organizational deficits
The ARAMIS approach
Procedures, plans, rules and
goals
Availability, manpower
planning
Routine manual actions
Primary Process
Hard- & Software
Deviation
Design specification,
purchase, construction,
installation, incl. spares
and interface design/layout
Competence, suitability
Commitment, conflict
resolution
Coordination, communication
Corrective manual actions
Safety Barriers
Hard- & Software
Inspection, testing,
performance monitoring,
maintenance and repair
ARAMIS was an EU research project financed within the 5th Framework Programme. ARAMIS stands for
Accidental Risk Assessment Methodology for IndustrieS in the Context of the Seveso II Directive
9
DTU Management Engineering, Technical University of Denmark
The ARAMIS approach
The idea is that each barrier has a “design Probability of Failure on
Demand (PFD)”, and that defects in organizational factors can
reduce these design values during operation:
SILoperational , k
7


 1   (1  S i )  Bi ,k   SILdesign,k
 i 0

Si - the rating for the management factor i
Bi,k - an array of weight factors linking the importance of the factor i
to the barrier type k.
ARAMIS distinguishes 11 types of barriers
10
DTU Management Engineering, Technical University of Denmark
Example: Barrier types, their weights and
ratings
Barrier Name
SIGNAL AND DRIVER OBSERVES SIGNAL
Barrier Type
HUMAN INTERVENTION FOLLOWING ALARM
This barrier requires that A) the signal shows
danger and B) the driver observes the signal and
takes the train to a halt.
Description
1st ARAMIS Item, Manpower Planning
and Availability
2nd ARAMIS Item, Competence and
Suitability
3rd ARAMIS Item, Commitment,
Compliance and Conflict resolution
11
Weight
0.58
Rating
1
Weight
0.36
Rating
1
Weight
0.2
Rating
1
DTU Management Engineering, Technical University of Denmark
Approaches to apportionment
Apportionment approaches practiced in the railway sector and other
domains are the simplest among existing (uniform allocation and
direct statistical determination of safety targets)
There is a variety of allocation techniques. Six different approaches
to reliability allocation were briefly reviewed and further work is
needed to decide on which of them fit best for purpose in the railway
sector.
12
DTU Management Engineering, Technical University of Denmark
Accounting for uncertainty
There are two types of uncertainty:
1. Aleatory (stochastic, inherent, irreducible uncertainty)
2. Epistemic (due to lack of knowledge, reducible, model form
uncertainty, subjective uncertainty)
Interval-valued probabilistic models capture both aleatory and
epistemic uncertainty.
Implementing our in-house algorithm is seen as a starting point and
promising way to model uncertainty
13
DTU Management Engineering, Technical University of Denmark
Conclusions
•There exists a variety of approaches to tackle each facet of the
formulated problem separately but no attempt has been found in the
literature to solve the whole problem within one integrated framework.
•We have endeavored to integrate in one framework the
apportionment of Safety Targets in the railway sector, human and
organizational factors and the uncertainty in knowing precisely the
Safety Targets for the subsystems.
•The framework has been delineated and its compounds briefly
overviewed
•The work to be done to solve the problem has become clear and been
formulated
14
DTU Management Engineering, Technical University of Denmark