SAFETYBARRIER DIAGRAMS FOR DOCUMENTING SAFETY OF HYDROGEN APPLICATIONS

1
SAFETY-BARRIER DIAGRAMS FOR DOCUMENTING SAFETY
OF HYDROGEN APPLICATIONS

• F. Markert and N.J. Duijm
• Systems Analysis Department, Risø National
  Laboratory,
• Technical University of Denmark, P.O. Box 49,
  DK-4000 Roskilde, Denmark
• nijs.j.duijm_at_risoe.dk,
• frank.markert_at_risoe.dk

2
Background

• Barrier diagrams serve two main purposes
• Evaluation of adequateness of safety measures
• (part of accident prevention)
• Are the barrieres reasonable and independent?
  
• Are barriers missing?
• 2) Communication to all stakeholders
• Illustrating the possible accident scenarios
• and safety measures taken to prevent them
• - Safety-barrier diagrams have been popular in
  Denmark as a risk analysis tool.
• - Safety-barrier diagrams are also useful for
  analysisng the new hydrogen technologies

3
Definition of a safety barrier

• A barrier function is a function planned to
  prevent, control, or mitigate the propagation of
  a condition or event into an undesired condition
  or event
• A safety barrier is a series of elements that
  implement a barrier function, each element
  consisting of a technical system or human action.

4
Graphical presentation of a safety barrier
Fault tree representation
Safety barrier Condition on success is optional
5
BARRIER DIAGRAMS

• Barriers can be of different types
• Active versus passive barriers
• Automatic versus manual barriers
• Examples of barriers
• An alarm for high level in a tank.
• A sprinkler system in a building to prevent fires
  in developing.
• A dike surrounding a tank, designed to contain
  accidental spillage from the tank.

6
CONSTRUCTION OF BARRIER DIAGRAMS
The construction of barrier diagrams consists of
4 steps 1. Construction of e.g. the event
chains When constructing barrier diagrams
one must start with ignoring all the existing
barriers! The main structure of the barrier
diagram is the event chains, which may consist of
elements from both the event tree and the fault
tree method.
7
STEPS IN CONSTRUCTING BARRIER DIAGRAMS

• Inclusion of the barriers.

8
STEPS IN CONSTRUCTING BARRIER DIAGRAMS

• Once the barrier diagram is finished, the level
  of safety should be evaluated
• to determine whether there are sufficient
  barriers against the undesired events happening
• When evaluating the diagram one must consider
• The frequency/probability of the initiating
  events
• The severity of the end events (consequence
  assessment)
• The number, coverage and reliability of barriers
  in each of the event chains in the diagram
• 4. (optional) Classification of barriers
  according to type or evaluated reliability of the
  barrier.
• .

9
Safety-barrier diagrams are simpler than fault
trees
10
Dependency can be included via the Common
Element
Common Element indicated Single Operator
11
Important properties of safety-barrier diagrams

• Barriers may not be bypassed
• Events/conditions and barriers are unique
• Paths through diagrams can converge and diverge
  divergence can be exclusive (as in an event tree)
  or simultaneous (or parallel)

Divergence
Convergence
Simultaneous/parallel
Exclusive
12
Important properties (continue)

• Diagrams can be split into connected
  sub-diagrams Connected diagrams can be put
  together into a single diagram that fulfils the
  above conditions
• The probability of conditions in a safety-barrier
  diagram can be derived from the
• probability of the initial conditions and
• probabilities of failure on demand of the
  barriers.

13
Comparison with other (graphical) risk analysis
methods

• Barrier diagrams are developed from
  cause-consequence diagrams
• Cause-consequence diagrams combine fault trees
  and event trees
• Barrier diagrams simplify the presentation of
  safety systems (and gates in fault trees)
• A Bowtie diagram is a safety-barrier diagram
  with a single Critical Event

14
Example safety-barrier diagram
Process flow diagram for a hydrogen refuelling
facility with cryogenic delivery
15
Safety-barrier diagram for the unloading of a
LH2-truck
Safety-barrier diagram for the unloading of a
liquid hydrogen truck at a refuelling station on
the basis of the FMEA study by Venkatesh S.,
et.al. Failure modes and effects analysis for
hydrogen fueling options. California Energy
Commission2004.
16
Barrier diagram evaluation type classification
17
Barrier diagram evaluation type classification
18
Barrier diagram evaluation type classification
19
Conclusions

• The methodology of safety-barrier diagrams has
  been introduced and exemplified by the safety
  analysis of two sections of a hydrogen refueling
  station.
• Safety-barrier diagrams offer a good overview of
  the safety precautions that are included in the
  different sections, and the consequences of the
  failure of these precautions.
• Safety-barrier diagrams support hazard analysis
  they do not support or replace the preceding
  phase of hazard identification, for which exist a
  range of more suitable methods, such as FMEA or
  HAZOP
• The logic framework used for safety-barrier
  diagrams and the use of a classification for the
  different safety barriers forces the analysts to
  consider the completeness of the barriers (in
  terms of the detect-diagnose-act sequence) and
  the role of the safety barrier in the system.

20
Conclusions

• The safety-barrier diagrams allow both
  quantitative and qualitative assessments to be
  made.
• The presentation by means of safety-barrier
  diagrams is simpler, and thereby easier to
  understand by non-experts than other graphical
  methods such as fault trees or event trees.
• Therefore safety-barrier diagrams are excellent
  means for documenting system safety and for
  communication with authorities and other
  stakeholders.

21

• Thank you for your attention