Industrial Risks: Defence in depth and risk mitigation Part 2: The defence in-depth philosophy

Industrial Risks: Defence in depth and risk mitigation  Part 2: The defence in-depth philosophy

Currently, critical or sensitive systems are designed and integrated; they take into account components, software and human errors. Cognitive engineering[1] indicates a close association between omissions and the planning and recall of procedures. In nuclear power plants, for example, omissions accounted for 42.5% of all incidents [1]. The railways industry has understood and today most of (modern) trains drive themselves. The train driver is mostly activating a control system. If, after certain laps of time, the system is not activated, the train will stop automatically.

Safety combines Human and Technical performance but both can fail. The fault tolerance turns out to be critical. The defense in depth philosophy is intended to deliver a design that is tolerant to uncertainties in the plant behavior, component reliability and operator performance that might compromise safety. The philosophy is applied during the life cycle of the system, associating a certain number of independent layers of prevention and protection. Five independent layers or barriers can be distinguished:

  1. Process (actuators, motors, sensors, valves etc…)
  2. Control layer (programmable logical controllers and links)
  3. Prevention layer (safety instrumented systems)
  4. Protection layer (physical safety)
  5. Civil protection assistance (emergency facilities).

Besides, it is recommended that measures be taken to prevent common cause failures in the different layers: If common cause failures exist, each layer cannot mitigate the failure of previous layer and prevent the actuation of the next level. Common cause failures can affect the defense in depth philosophy.

The analysis of the different scenarios in the study of dangers allows the definition of a perimeter and the means of intervention in case of serious accident. For example, the barriers in a typical nuclear plant are: the fuel is in the form of solid ceramic (UO2) pellets (barrier n°1), and radioactive fission products remain largely bound inside these pellets as the fuel is burned. The pellets are packed inside sealed zirconium alloy tubes to form fuel rods (barrier n°2). These are confined inside a large steel pressure vessel with walls up to 30 cm thick – the associated primary water cooling pipework is also substantial (barrier n°3). All this, in turn, is enclosed inside a robust reinforced concrete containment structure with walls at least one meter thick (barrier n°4). Despite all the preventive measures to reduce the risk at the source, the probability of an accident remains. It is therefore necessary to plan the emergency situations in case of disaster. It is important to mention that the prevention of technological and industrial risks requires the vigilance of everyone within its responsibility. The operator of the dangerous installations must design, construct and operate them while reducing as much as possible the risks of accident, from an unacceptable process risk to a target risk using non-instrumented mitigation measures or safety instrumented functions, under the control of the regulator.

Categories: Other Topics

About Author

Write a Comment


For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.