## Analysis of commom cause failures in complex safety instrumented systems

##### Abstract

Common cause failures (CCFs) have been an important issue in reliability analysis for several decades, especially when dealing with safety instrumented systems (SIS). Different approaches have been used in order to describe this CCFs, but the topic is still subject to much research and there does not exist a general consensus as to which method is most suitable for dealing with CCFs. The $beta$-factor model is the most popular method today, even though this model has some well-known limitations. Other, more complicated methods, are also developed to describe situations where the $beta$-factor model is inadequate. The purpose of this thesis is to develop a strategy to suggest in which situations the different CCF methods are applicable. This is done by making a survey which includes several of the existing methods, before applying these in concrete SIS-examples. Observing the specific system in operation is a valuable tool and may help in acquiring feedback data to describe the lifetime of specific components and the number of failed components conditioned on the fact that the total system is failed. Since such feedback data usually are scarce and in our case totally absent, assessing whether the obtained results are accurate is difficult. Thus, the numerical results obtained from the analysis are compared to each other with respect to the assumptions of the particular model. For instance, the PDS method, a method developed for the Norwegian offshore industry, contains some assumptions which are different from the assumptions of the $beta$-factor model, and the report provides a study with respect to how these different assumptions lead to different results. Although other models are introduced, most focus is given to the following four, the $beta$-factor model, the PDS method, Markov analysis and stochastic simulation. For ordinary $M$ out of $N$ architectures with identical components, the PDS method is assumed adequate, and for $N=2$, the $beta$-factor model works well. Markov analysis and stochastic simulation are also well suited for modelling ordinary $M$ out of $N$ SIS, but because of the higher level of complexity, these approaches are not deemed necessary for simple systems. The need for Markov analysis becomes evident when working with SIS of a more complex nature, for instance non-identical components. Both the $beta$-factor model and the PDS method are not able to describe the system in full when dealing with certain types of systems that have different failure rates. An even more complex SIS is also included to illustrate when stochastic simulation is needed. This SIS is modelled by designing a computer algorithm. This computer algorithm describes how the system behaves in the long run, which in turn provides the estimate of interest, namely the average probability of failure on demand (PFD). Finally, it is always important to remember that if there exist any feedback data or expert knowledge describing the distribution of the number of components that fail in a CCF, this is vital in deciding the most descriptive CCF model. By the term ``descriptive model'', we mean a model that both describes the architecture of the system as accurately as possible, and also makes as few assumptions as possible. If it is known, either by applying expert opinion or from feedback data, that if a CCF occurs, all components of the SIS will always be disabled, then the $beta$-factor model is an adequate way of modelling most systems. If such knowledge does not exist, or it is known that a CCF may sometimes disable only a part of the SIS, then the $beta$-factor model will not be the most descriptive model.