EVENT TREE ANALYSIS Event tree analysis evaluates potential

EVENT TREE ANALYSIS Event tree analysis evaluates potential accident outcomes that might result following an equipment failure or process upset known as an initiating event. It is a “forward-thinking” process, i. e. the analyst begins with an initiating event and develops the following sequences of events that describes potential accidents, accounting for both the successes and failures of the safety functions as the accident progresses.

Guidelines 1. Identify an initiating event of interest. 2. Identify the safety functions designed to deal with the initiating event. 3. Construct the event tree. 4. Describe the resulting accident event sequences.

Step 1 Identify the initiating event • system or equipment failure • human error • process upset [Example] “Loss of Cooling Water” to an Oxidation Reactor

Step 2 Identify the Safety Functions Designed to Deal with the Initiating Event • Safety system that automatically respond to the initiating event. • Alarms that alert the operator when the initiating event occurs and operator actions designed to be performed in response to alarms or required by procedures. • Barriers or Containment methods that are intended to limit the effects of the initiating event.

Example • Oxidation reactor high temp. Alarm alerts operator at temp T 1. • Operator reestablish cooling water flow to the oxidation reactor. • Automatic shutdown system stops reaction at temp. T 2 > T 1 These safety functions are listed in the order in which they are intended to occur.

Step 3: Construct the Event Tree a. Enter the initiating event and safety functions. SAFETY FUNCTION Oxidation reactor high temperature alarm alerts operator at temperature T 1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T 2 INITIATING EVENT: Loss of cooling water to oxidation reactor FIRST STEP IN CONSTRUCTING EVENT TREE

Step 3: Construct the Event Tree b. Evaluate the safety functions. SAFETY FUNCTION Oxidation reactor high temperature alarm alerts operator at temperature T 1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T 2 INITIATING EVENT: Loss of cooling water to oxidation reactor Success Failure REPRESENTATION OF THE FIRST SAFETY FUNCTION

Step 3: Construct the Event Tree b) Evaluate the safety functions. SAFETY FUNCTION Oxidation reactor high temperature alarm alerts operator at temperature T 1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T 2 INITIATING EVENT: Loss of cooling water to oxidation reactor Success Failure If the safety function does not affect the course of the accident, the accident path proceeds with no branch pt to the next safety function. REPRESENTATION OF THE SECOND SAFETY FUNCTION

Step 3: b. Evaluate safety functions. SAFETY FUNCTION Oxidation reactor high temperature alarm alerts operator at temperature T 1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T 2 INITIATING EVENT: Loss of cooling water to oxidation reactor Success Completed ! Failure COMPLETED EVENT TREE

Step 4: Describe the Accident Sequence Oxidation reactor Operator high temperature reestablishes SAFETY FUNCTION alarm alerts operator cooling water flow at temperature T 1 to oxidation reactor B C Automatic shutdown system stops reaction at temperature T 2 D A Safe condition, return to normal operation AC Safe condition, process shutdown INITIATING EVENT: ACD Unsafe condition, runaway reaction, operator aware of problem AB Unstable condition, process shutdown Loss of cooling water to oxidation reactor A ABD Unsafe condition, runaway reaction, operator unaware of problem Success Failure ACCIDENT SEQUENCES

Cooling Coils Reactor Feed Cooling Water Out Cooling Water In Reactor TIC Temperature Controller Alarm at T > TA TIA Thermocouple High Temperature Alarm Figure 11 -8 Reactor with high temperature alarm and temperature controller.

High Temp Safety Function: Alarm Alerts Operator Identifier: Failures/Demand: Operator Notices High Temp Operator Re-starts Cooling Operator Shuts Down Reactor B C D E 0. 01 0. 25 0. 1 0. 99 0. 2475 A 1 Initiating Event: Loss of Cooling 1 Occurrence/yr. 0. 0075 0. 001875 0. 01 0. 0025 0. 000625 Shutdown = 0. 2227 + 0. 001688 + 0. 005625 = 0. 2250 occurrences/yr. A 0. 7425 AD 0. 2227 ADE 0. 02475 AB 0. 005625 ABD 0. 001688 ABDE 0. 0001875 ABC 0. 001875 ABCD 0. 0005625 ABCDE 0. 0000625 Runaway = 0. 02475 + 0. 0001875 + 0. 0000625 = 0. 02500 occurrences/yr. Figure 11 -9 Event tree for a loss of coolant accident for the reactor of Figure 11 -8. Result Continue Operation Shut Down Runaway

Safety Function 0. 01 Failures/Demand Initiating Event Success of Safety Function (1 -0. 01)*0. 5 = 0. 495 Occurrence/yr. 0. 5 Occurrences/yr. Failure of Safety Function 0. 01*0. 5 = 0. 005 Occurrence/yr. Figure 11 -10 The computational sequence across a safety function in an event tree.

High Temp Safety Function: Alarm Alerts Operator Identifier: Failures/Demand: B 0. 01 Operator Notices High Temp Operator Re-starts Cooling High Temp Shuts Down C 0. 25 D 0. 25 E 0. 01 0. 99 0. 2475 A 1 Initiating Event: Loss of Cooling 1 Occurrence/yr. 0. 00750 0. 001875 0. 01 0. 0025 0. 000625 Operator Shuts Down Reactor Result F 0. 1 A 0. 7425 AD 0. 2450 ADE 0. 002228 ADEF 0. 002475 0. 0002475 AB 0. 005625 ABD 0. 001856 ABDE 0. 00001688 0. 00001875 ABDEF 0. 000001875 ABC 0. 001875 ABCD 0. 0006187 ABCDE 0. 00000563 0. 00000675 ABCDEF 0. 000000625 Continue Operation Shut Down Runaway Continue Operation Shut Down Runaway Shutdown = 0. 2450 + 0. 002228+0. 001856 + 0. 00001688 + 0. 0006187+0. 00000563 = 0. 2497 occurrences/yr. Runaway = 0. 0002475 + 0. 000001875 + 0. 000000625 = 0. 0002500 occurrences/yr. Figure 11 -11 Event tree for the reactor of Figure 11 -8. This includes a high temperature shutdown system.