Change search
ReferencesLink to record
Permanent link

Direct link
Improved methods for reliability assessments of safety-critical systems: An application example for BOP systems
Norwegian University of Science and Technology, Faculty of Engineering Science and Technology, Department of Productions and Quality Engineering.
2012 (English)MasteroppgaveStudent thesis
Abstract [en]

The failure of the Deepwater Horizon drilling rig's blowout preventer has been pointed to as one of the main causes of the Macondo accident on April 10th 2010. The blowout preventer system is one the most important safety barriers in a hydrocarbon well. The accident has created a demand for improved methods of assessing the reliability of blowout preventer systems. The objective of this master thesis is to propose improvements to current reliability assessment methods for complex safety critical systems such as the blowout preventer. The report begins by describing the blowout preventer system. It is a system consisting of two main subsea parts containing the annular and ram blowout preventer valves which are used to seal off a well in the event of a subsea well kick. These annular and ram type preventers are governed by an electro-hydraulic control system which is operated by human interaction from control panels located on the rig floor. A functional analysis of the blowout preventer system is presented next. Essential functions are defined, and performance criteria for these functions identified. An approach to classification of blowout preventer functions is also presented, before the report moves on to the analysis of four main operational situations to which the blowout preventer is exposed, and whose characteristics have implications for the system's ability to act as a safety barrier. The pros and cons of different widely used blowout preventer system configurations is also discussed. Three main types of configurations are mentioned in the report; the \emph{modern} configuration, \emph{traditional} configuration and the Deepwater Horizon blowout preventer system configuration. A literature survey which documents previous blowout preventer reliability studies performed by Per Holand on behalf of SINTEF is presented. An evaluation of validity of the operational assumptions which have been made in these previous studies is also provided, such as such as assumptions regarding operational situations, failure input data, and several important assumptions regarding testing of blowout preventer systems. Regulations and guidelines which are relevant to blowout preventer reliability are also described here. The report further discusses how the blowout preventer may fail, and which types of failures modes are considered critical from a safety perspective. Some theoretic principles behind common cause failures are presented, along with a description of how common cause failures should be included in reliability assessments of safety critical systems through an approach called the \emph{PDS approach}. This is followed by a discussion of possible sources for common cause failures in the blowout preventer system. As a suggestion towards how reliability assessments of blowout preventers can be improved, and some of the identified challenges solved, a reliability quantification method is presented. The method is based on post-processing of minimal cut sets from a fault tree analysis of the blowout preventer system, and produces more conservative and accurate approximations of the reliability than those produced through conventonal methods. The method is also capable of taking into account common cause failures. The results from the calculations are presented and discussed. An event tree which illustrates the effect from an escalated well control situation on the blowout preventer's ability to act as a safety barrier is also presented, along with a discussion of how blowout preventer reliability could possibly be more appropriately assessed through event tree analysis. Finally, the conclusions from the thesis are provided. The main conclusions are that the approach based on fault trees and post-processing of minimal cut sets can certainly be used to improve the quality of blowout preventer reliability estimates, and also provides a sound platform for including common cause failures in the analysis. Another key finding is that the fault tree, which is a "static model", poorly illustrates the criticality of "preventer-specific" components in escalated well control situations, since the unavailablility of certain functions due to operational conditions has little or no implication of the reliability estimates produced. In contrast, the criticality of common control system components is certainly emphasised by the fault tree model. The author suggests that quantificaiton of blowout preventer systems through fault tree analysis should be supplemented by event tree analysis to better evaluate the effect from escalation of the well control situation. Furthermore, the author recommends that a test coverage factor should be included when calculating the safety unavailability of components exclusive to shearing rams, since these cannot be fully function tested through conventional, non-destructive blowout preventer tests. It is also recommended that the industry investigate the accuracy with which the location of tool joints in the wellbore annulus can be determined through current methods. Improper spacing of tool joints is critical in a well control situation where the shear rams must be activated.

Place, publisher, year, edition, pages
Institutt for produksjons- og kvalitetsteknikk , 2012. , 131 p.
URN: urn:nbn:no:ntnu:diva-21094Local ID: ntnudaim:8208OAI: diva2:629218
Available from: 2013-06-16 Created: 2013-06-16 Last updated: 2013-06-22Bibliographically approved

Open Access in DiVA

fulltext(2823 kB)1420 downloads
File information
File name FULLTEXT01.pdfFile size 2823 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)38 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Productions and Quality Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 1420 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 331 hits
ReferencesLink to record
Permanent link

Direct link