EVENT TREE ANALYSIS

1. EVENT TREE ANALYSIS • Event tree analysis evaluates potential accident outcomes that might result following an equipment failure or process upset known as an initiating event. • It is a “forward-thinking” process, i.e. the analyst begins with an initiating event and develops the following sequences of events that describes potential accidents, accounting for both the successes and failures of the safety functions as the accident progresses.

2. Guidelines 1. Identify an initiating event of interest. 2. Identify the safety functions designed to deal with the initiating event. 3. Construct the event tree. 4. Describe the resulting accident event sequences.

3. Step 1 Identify the initiating event • system or equipment failure • human error • process upset [Example] “Loss of Cooling Water” to an Oxidation Reactor

4. Step 2 Identify the Safety Functions Designed to Deal with the Initiating Event • Safety system that automatically respond to the initiating event. • Alarms that alert the operator when the initiating event occurs and operator actions designed to be performed in response to alarms or required by procedures. • Barriers or containment methods that are intended to limit the effects of the initiating event.

5. Example • Oxidation reactor high temp. Alarm alerts operator at temp T1. • Operator reestablish cooling water flow to the oxidation reactor. • Automatic shutdown system stops reaction at temp. T2. T2 > T1 These safety functions are listed in the order in which they are intended to occur.

6. Step 3: Construct the Event Tree a. Enter the initiating event and safety functions. Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2 SAFETY FUNCTION INITIATING EVENT: Loss of cooling water to oxidation reactor FIRST STEP IN CONSTRUCTING EVENT TREE

7. Step 3: Construct the Event Tree b. Evaluate the safety functions. Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2 SAFETY FUNCTION INITIATING EVENT: Loss of cooling water to oxidation reactor Success Failure REPRESENTATION OF THE FIRST SAFETY FUNCTION

8. Step 3: Construct the Event Tree b) Evaluate the safety functions. Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2 SAFETY FUNCTION INITIATING EVENT: Loss of cooling water to oxidation reactor Success If the safety function does not affect the course of the accident, the accident path proceeds with no branch pt to the next safety function. Failure REPRESENTATION OF THE SECOND SAFETY FUNCTION

9. Step 3: b. Evaluate safety functions. Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2 SAFETY FUNCTION INITIATING EVENT: Loss of cooling water to oxidation reactor Success Completed ! Failure COMPLETED EVENT TREE

10. Step 4: Describe the Accident Sequence Oxidation reactor high temperature alarm alerts operator at temperature T1 Operator reestablishes cooling water flow to oxidation reactor Automatic shutdown system stops reaction at temperature T2 SAFETY FUNCTION B C D A Safe condition, return to normal operation AC Safe condition, process shutdown INITIATING EVENT: Loss of cooling water to oxidation reactor ACD Unsafe condition, runaway reaction, operator aware of problem A AB Unstable condition, process shutdown ABD Unsafe condition, runaway reaction, operator unaware of problem Success Failure ACCIDENT SEQUENCES

11. Cooling Coils Reactor Feed Cooling Water Out Cooling Water In Reactor TIC Temperature Controller TIA Figure 11-8 Reactor with high temperature alarm and temperature controller. Alarm at T > TA Thermocouple High Temperature Alarm

12. High Temp Alarm Alerts Operator Operator Notices High Temp Operator Re-starts Cooling Operator Shuts Down Reactor Safety Function: Identifier: B C D E Failures/Demand: 0.01 0.25 0.25 0.1 Result A 0.7425 Continue Operation Shut Down Runaway Continue Operation Shut Down Runaway Continue Operation Shut Down Runaway 0.99 AD 0.2227 0.2475 ADE 0.02475 A 1 AB 0.005625 Initiating Event: Loss of Cooling 1 Occurrence/yr. ABD 0.001688 0.0075 0.001875 ABDE 0.0001875 0.01 ABC 0.001875 0.0025 ABCD 0.0005625 0.000625 ABCDE 0.0000625 Shutdown = 0.2227 + 0.001688 + 0.005625 = 0.2250 occurrences/yr. Runaway = 0.02475 + 0.0001875 + 0.0000625 = 0.02500 occurrences/yr. Figure 11-9 Event tree for a loss of coolant accident for the reactor of Figure 11-8.

13. Safety Function 0.01 Failures/Demand Initiating Event 0.5 Occurrences/yr. Success of Safety Function (1-0.01)*0.5 = 0.495 Occurrence/yr. Failure of Safety Function 0.01*0.5 = 0.005 Occurrence/yr. Figure 11-10 The computational sequence across a safety function in an event tree.

14. High Temp Alarm Alerts Operator Operator Notices High Temp Operator Re-starts Cooling High Temp Shuts Down Operator Shuts Down Reactor Safety Function: Identifier: B C D E F Failures/Demand: 0.01 0.25 0.25 0.01 0.1 Result A 0.7425 Continue Operation Shut Down Shut Down Runaway AD 0.2450 0.99 ADE 0.002228 0.2475 0.002475 ADEF 0.0002475 A 1 AB 0.005625 Continue Operation Shut Down Shut Down Runaway Initiating Event: Loss of Cooling 1 Occurrence/yr. ABD 0.001856 0.00750 ABDE 0.00001688 0.001875 0.00001875 ABDEF 0.000001875 0.01 ABC 0.001875 Continue Operation Shut Down Shut Down Runaway ABCD 0.0006187 0.0025 ABCDE 0.00000563 0.000625 0.00000675 ABCDEF 0.000000625 Shutdown = 0.2450 + 0.002228+0.001856 + 0.00001688 + 0.0006187+0.00000563 = 0.2497 occurrences/yr. Runaway = 0.0002475 + 0.000001875 + 0.000000625 = 0.0002500 occurrences/yr. Figure 11-11 Event tree for the reactor of Figure 11-8. This includes a high temperature shutdown system.