3 mile island used as example for subjective and objective FMEA
reasoning.
This commit is contained in:
Robin Clark
parent
52a9dba6b7
commit
fc039d280b
@ -483,9 +483,33 @@ The executive decisions about deploying systems are in the domain of management
|
|||||||
%
|
%
|
||||||
The dangers, or potential negative effects of a safety critical system depend not only on the system its self,
|
The dangers, or potential negative effects of a safety critical system depend not only on the system its self,
|
||||||
but on the environment they are used in
|
but on the environment they are used in
|
||||||
and other human factors such as the training level of operatives~\cite{stranks2007human}.
|
and other human factors such as the training level of operatives, psychological and logical factors in
|
||||||
|
the Human Machine Interface~(HMI) and the environment the equipment is used in~\cite{stranks2007human}.
|
||||||
%
|
%
|
||||||
We could term this subjective reasoning. With the system level failure
|
\paragraph{Objective and Subjective Reasoning in FMEA: Three Mile Island nuclear accident example.}
|
||||||
|
An example of objective and subjective factors can be derived from the accident report on the 1979 3-mile island
|
||||||
|
nuclear accident~\cite{safeware}[App.D]. Here, a vent valve for the primary reactor coolant (pressurised water) became stuck open.
|
||||||
|
This condition causes an objectively derived failure mode, temporary loss of coolant due to a stuck valve.
|
||||||
|
%
|
||||||
|
This, if recognised correctly by the operators would have lead to
|
||||||
|
a short reactor shut-down and then
|
||||||
|
a maintenance procedure to replace the valve.
|
||||||
|
%
|
||||||
|
The failure was not recognised in time however, and coolant was lost
|
||||||
|
until a partial meltdown of the reactor fuel occurred, with a resulting
|
||||||
|
leak of radioactive material into the environment.
|
||||||
|
%
|
||||||
|
For the objective failure mode determined by
|
||||||
|
FMEA, that of temporary loss of coolant,
|
||||||
|
we would not reasonably expect this to go unchecked and cause such a critical failure.
|
||||||
|
%
|
||||||
|
The criticality level is therefore subjective. We cannot know how the operators
|
||||||
|
would have reacted, and deficiencies in the HMI were not a factor in the failure analysis.
|
||||||
|
|
||||||
|
|
||||||
|
\paragraph{Further Work: Objective and Subjective Reasoning in FMEA.}
|
||||||
|
%
|
||||||
|
We could term the criticality prediction to be in the domain of subjective reasoning. With the system level failure
|
||||||
we have to determine its level of criticality, or how serious the risk posed is.
|
we have to determine its level of criticality, or how serious the risk posed is.
|
||||||
%
|
%
|
||||||
Two methodologies have started to consider this aspect, FMECA with its criticality and probability factors, and
|
Two methodologies have started to consider this aspect, FMECA with its criticality and probability factors, and
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user