Reliability assessment of subsea BOP control systems
MetadataVis full innførsel
The subsea blowout preventer (BOP) and the BOP control system were the most important contributors to the Macondo accident in April 2010. A BOP is a large valve system used during the drilling phase; to seal, control, and monitor oil and gas wells. As a consequence of the Macondo accident, improved methods for reliability assessment of BOPs are now required. Over the years, several subsea BOP reliability studies have been performed, where technical solutions and potential failures are thoroughly investigated. As a result of the information gained, both maintenance and reliability of the BOP systems have improved. Despite overall improvements, the BOP is still a main contributor to risk and downtime in the drilling phase. A deeper look into the reliability reports reveals the control system of the BOP as the root of the majority of failures. Most subsea BOPs are equipped with a multiplex control system with a combination of electronics and hydraulics, used to operate the different functions of the BOP. Despite the high level of redundancy, several sections of the system are subject to critical system failures. To prevent BOP failures, national regulations and standards have been developed in several countries. Most of the national requirements are similar, but there are also differences. These similarities and differences are illustrated in this study through a detailed comparison between the relevant regulations and standards in Norway and the United States, with respect to general-, design- and operational BOP requirements. The main focus of this study is the multiplex subsea BOP control system. The potential critical failures of this system are identified and analyzed in a detailed failure mode, effects, and criticality analysis (FMECA). This analysis shows that the shuttle valve, the pod selector valve, the subsea accumulators, and the fluid reservoir are the most safety-critical parts of the control system. The BOP control system has several redundant elements and these may be vulnerable to common-cause failures. Thepotential common-cause failures are examined in this study and found to have a significant influence on the reliability of the control system. Improving current reliability assessments of subsea BOP control systems requires a thorough review of both the system and the previously used methods. In this study, a fault tree analysis is performed to reveal the relevant failure combinations. To improve reliability calculations provided by common fault tree analysis programs, a post-processing of the minimal cut sets in a spreadsheet (i.e., Excel) is proposed to cover the effect of common-cause failures. The method gives a more conservative and accurate approximation compared to the existing methods. An event tree analysis is performed to cover the switching phases between the two pods, showing the time dependencies that can influence the consequences. This type of switching cannot be modeled in the fault tree, therefore, recommendations to apply the event tree analysis to similar situations to get a more accurate reliability estimate, is given. For components such as the shear ram, a perfect function test cannot be conducted. In the performed analysis, no such components are evaluated. However, in an expanded analysis of the subsea BOP control system, such components will be involved, therefore, adding the contribution from the proof test coverage factor to components prone to imperfect testing, is recommended.