Rigorous Versus Simplified Protection Layer Reliability Calculations and Problems with Popular Risk Analysis Methodologies

A hazard and risk analysis (H&RA) of events or systems, which have multiple preventive or mitigative safety features, usually requires the application of redundancy rules in order to arrive at a credible answer. The process industry typically refers to these preventive or mitigative safety features as protection layers. Aggregate system safety performance assessments can become complicated because of the application of those redundancy rules to the individual protection layers. In industrial engineering settings there is a desire to simplify such assessments. A first simplification can be readily done by expanding the e–λt series, of the individual reliability functions, and using only the first two terms.This is acceptable when λt is small enough; e.g., (λt < 0.01 but places a ceiling condition on the product of λ and the proof test interval, T, which is a maintenance variable.A second simplification is made by using the average probability of failure upon demand (PFDavg = 0.5 λt) of a protection layer as a true probability in probability calculations, regardless of exposure time restrictions. A third simplification occurs when a system, which consists of several parallel redundant protection layers, has its system PFD determined by a simple multiplication of the PFDavg's of the individual protection layers. Industrial H&RAs are usually conducted without reference to any of the implied simplifications. The paper discusses different PFD determination results for several common protection configurations and compares them with current industry H&RA practices. It also exposes deficiencies in the most common current industry practices for safety integrity analysis.