Appendix 3 - Hazard Identification and Risk Analysis Techniques
Clasification Society 2024 - Version 9.40
Statutory Documents - IMO Publications and Documents - Circulars - Maritime Safety Committee-Marine Environment Protection Committee Circulars - MSC-MEPC.2 Circulars - MSC-MEPC.2/Circular.12/Rev.2 – Revised Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process – (9 April 2018) - Appendix 3 - Hazard Identification and Risk Analysis Techniques

Appendix 3 - Hazard Identification and Risk Analysis Techniques

1 FAULT TREE ANALYSIS

1.1 A Fault Tree is a logic diagram showing the causal relationship between events which singly or in combination occur to cause the occurrence of a higher level event. It is used in Fault Tree Analysis to determine the probability of a top event, which may be a type of accident or unintended hazardous outcome. Fault Tree Analysis can take account of common cause failures in systems with redundant or standby elements. Fault Trees can include failure events or causes related to human factors.

1.2 The development of a Fault Tree is by a top-down approach, systematically considering the causes or events at levels below the top level. If two or more lower events need to occur to cause the next higher event, this is shown by a logic "and" gate. If any one of two or more lower events can cause the next higher event, this is shown by a logic "or" gate. The logic gates determine the addition or multiplication of probabilities (assuming independence) to obtain the values for the top event.

2 EVENT TREE ANALYSIS

2.1 An Event Tree is a logic diagram used to analyse the effects of an accident, a failure or an unintended event. The diagram shows the probability or frequency of the accident linked to those safeguard actions required to be taken after occurrence of the event to mitigate or prevent escalation.

2.2 The probabilities of success or failure of these actions are analysed. The success and failure paths lead to various consequences of differing severity or magnitude. Multiplying the likelihood of the accident by the probabilities of failure or success in each path gives the likelihood of each consequence.

3 FAILURE MODE AND EFFECT ANALYSIS (FMEA)

FMEA is a technique in which the system to be analysed is defined in terms of functions or hardware. Each item in the system is identified at a required level of analysis. This may be at a replaceable item level. The effects of item failure at that level and at higher levels are analysed to determine their severity on the system as a whole. Any compensating or mitigating provisions in the system are taken account of and recommendations for the reduction of the severity are determined. The analysis indicates single failure modes which may cause system failure.

4 HAZARD AND OPERABILITY STUDIES (HAZOP)

4.1 These studies are carried out to analyse the hazards in a system at progressive phases of its development from concept to operation. The aim is to eliminate or minimize potential hazards.

4.2 Teams of safety analysts and specialists in the subject system, such as designers, constructors and operators are formally constituted. The team members may change at successive phases depending on the expertise required. In examining designs they systematically consider deviations from the intended functions, looking at causes and effects. They record the findings and recommendations and follow-up actions required.

5 WHAT IF ANALYSIS TECHNIQUE

5.1 What If Analysis Technique is a hazard identification technique suited for use in a hazard identification meeting. The typical participants in the meeting may be: a facilitator leader, a recorder and a group of carefully selected experienced persons covering the topics under consideration. Usually a group of 7 to 10 persons is required.

5.2 The group first discusses in detail the system, function or operation under consideration. Drawings, technical descriptions etc. are used, and the experts may have to clarify to each other how the details of the system, function or operation work and may fail.

5.3 The next phase of the meeting is brainstorming, where the facilitator leader guides by asking questions starting with "what if?". The questions span topics like operation errors, measurement errors, equipment malfunction, maintenance, utility failure, loss of containment, emergency operation and external influences. When the ideas are exhausted, previous accident experience may be used to check for completeness.

5.4 The hazards are considered in sequence and structured into a logical sequence, in particular to allow cross-referencing between hazards.

5.5 The hazard identification report is usually developed and agreed in the meeting, and the job is done and reported when the meeting is adjourned.

5.6 The technique requires that the participants are senior personnel with detailed knowledge within their field of experience. A meeting typically takes three days. If the task requires long meetings it should be broken down into smaller sub-tasks.

5.7 SWIFT (Structured What If Technique) is one example of a What If Analysis Technique (http://www.dnv.nl/Syscert/training&consultancy.htm).

6 RISK CONTRIBUTION TREE (RCT)

6.1 RCT may be used as a mechanism for displaying diagrammatically the distribution of risk amongst different accident categories and sub-categories, as shown in figure 6 of the FSA Guidelines. Structuring the tree starts with the accident categories, which may be divided into sub-categories to the extent that available data allow and logic dictates. The preliminary fault and event trees can be developed based on the hazards identified in step 1 to demonstrate how direct causes initiate and combine to cause accidents (using fault trees), and also how accidents may progress further to result in different magnitudes of loss (using event trees). Whilst the example makes use of fault and event tree techniques, other established methods could be used if appropriate.

6.2 Quantifying the RCT is typically undertaken in three stages using available accident statistics:

  • .1 categories and sub-categories of accidents are quantified in terms of the frequency of accidents;

  • .2 the severity of accident outcomes is quantified in terms of magnitude and consequence; and

  • .3 the risk of the categories and sub-categories of accidents can be expressed as F-N curves (see appendix 5) or potential loss of lives (PLL) based on the frequency of accidents and the severity of the outcome of the accidents.

    Thus, the distribution of risks across all the sub-categories of accidents is determined in risk terms, so as to display which categories contribute how much risk.

7 INFLUENCE DIAGRAMS

The purpose of the Influence Diagram approach is to model the network of influences on an event. These influences link failures at the operational level with their direct causes, and with the underlying organizational and regulatory influences. The Influence Diagram approach is derived from decision analysis and, being based on expert judgements, is particularly useful in situations for which there may be little or no empirical data available. The approach is therefore capable of identifying all the influences (and therefore underlying causal information) that help explain why a marine risk profile may show high risk levels in one aspect (or even vessel type) and low risk level in another aspect. As the Influence Diagram recognizes that the risk profile is influenced, for example by human, organizational and regulatory aspects, it allows a holistic understanding of the problem area to be displayed in a hierarchical way.

8 BAYESIAN NETWORK

Bayesian network is a probabilistic graphical model (a type of statistical model) that represents a set of random variables and their conditional dependencies via a directed acyclic graph (DAG; see diagram below). For example, a Bayesian network could represent the probabilistic relationships between diseases and symptoms. Given symptoms, the network can be used to compute the probabilities of the presence of various diseases.

9 SENSITIVITY ANALYSIS AND UNCERTAINTY ANALYSIS

Sensitivity analysis is the study of how the uncertainty in the output of a model (numerical or otherwise) can be apportioned to different sources of uncertainty in the model input. A related practice is uncertainty analysis which focuses rather on quantifying uncertainty in model output. Ideally, uncertainty and sensitivity analysis should be run in tandem.

Uncertainty analysis investigates the uncertainty of variables that are used in decision-making problems in which observations and models represent the knowledge base. In other words, uncertainty analysis aims to make a technical contribution to decision-making through the quantification of uncertainties in the relevant variables.

Uncertainty and sensitivity analysis investigate the robustness of a study when the study includes some form of statistical modelling.

Parent topic: MSC-MEPC.2/Circular.12/Rev.2 – Revised Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process – (9 April 2018)
Copyright 2022 Clasifications Register Group Limited, International Maritime Organization, International Labour Organization or Maritime and Coastguard Agency. All rights reserved. Clasifications Register Group Limited, its affiliates and subsidiaries and their respective officers, employees or agents are, individually and collectively, referred to in this clause as 'Clasifications Register'. Clasifications Register assumes no responsibility and shall not be liable to any person for any loss, damage or expense caused by reliance on the information or advice in this document or howsoever provided, unless that person has signed a contract with the relevant Clasifications Register entity for the provision of this information or advice and in that case any responsibility or liability is exclusively on the terms and conditions set out in that contract.