PROCESS HAZARD ANALYSIS FAILURE MODE EFFECTS ANALYSIS (FMEA)

Failure Mode Effects Analyses (FMEAs) evaluate the ways equipment can fail or be improperly operated and the effects these failures can have. In an FMEA, each individual failure is considered as an independent occurrence with no relation to other failures in the system, except for the subsequent effects the original failure may produce. In short, FMEAs identify single failure modes that either directly result in or contribute significantly to an accident.

Purpose:
FMEAs are conducted to improve the safety of equipment by: 1) Identifying single component, equipment and system failure modes. 2) Determining the potential effects on the equipment, system, or plant associated with each individual failure mode. 3) Generating recommendations for increasing reliability of the component, equipment and/or system.

Deliverables:
1) 2) 3) 4) Qualitative, systematic reference list of equipment, failure modes and effects. Worst case estimate of consequences resulting from a single failure. Documented analysis. Recommendations for improving safety/reliability of appropriate components.

Terms:
1) Failure Mode describes how equipment fails (open, closed, on, off, leaks, etc.) 2) Effect is determined by the systems response to equipment failure.

Procedure:
1) Defining the Scope: Identify specific items for inclusion Determine the level of detail needed Identify the boundary conditions under which these items are analyzed Identify equipment or system to be analyzed Establish the physical system boundaries (i.e., connections with other processes, utilities, and/or support systems) Establish the systems analytical boundaries: Initial operating condition of equipment, failure modes, operating consequences, causes, or existing safeguards which will or will not be analyzed (I.e., may exclude jet liner crashes or earthquakes as a failure mode. The initial operating condition may be a normally open or closed valve.) 2) Performing the Review: Prepare for the review: Select team Identify facilitator and record keeper Gather schematics and other information Use a deliberate, systematic manner to reduce the possibility of omissions and to enhance the completeness (I.e., consistent format for recording information and results which contribute to consistency and detail needed) Evaluate all identified failure modes for each component or system addressed in the FMEA before moving on to the next component. Typically, the FEMA format includes: A unique equipment identifier that relates the equipment and components to a system drawing, process, or location. (I.e., component identification numbers from schematics)
Rev. 1, 01/15/01 PAGraver

Equipment description including the equipment type, operating configuration, and other service characteristics that may influence the failure modes and their effects. (I.e., motor-operated valve, normally open, in a three-inch sulfuric acid line.) Failure modes are listed for each component, which are consistent with the equipment description. Consider all conceivable malfunctions that would alter the equipments normal operating state. For each failure mode, describe both the immediate effects of a failure at the location and the anticipated effects of the failure on other components, equipment, and processes. For each identified failure mode, the analyst should describe any safety features or procedures that can reduce the likelihood of a specific failure occurring or mitigate the consequences of a failure. Recommended corrective actions for reducing the likelihood of effects associated with the specific failure mode are included in the FMEA. 3) Document the results: Systematically and consistently tabulate the effects of equipment failure within a process or system. Equipment identification provides a direct reference between the equipment and system process flow diagrams and schematics.

Process:
Define Objectives & Scope Select Team Gather & Prepare Information for analysis Conduct FMEA

Develop Recommendations

Implement Recommendations

Present Results for Approval

Document Analysis & Recommendations

Track Recommendations to Closure

Example of FMEA Table Format:

Rev. 1, 01/15/01 PAGraver

Example FMEA
System: Firewater Supply
Item No.
1

Component Description
Pump suction piping and screen

Failure Mode
Plugged Broken

Effects
No water supply to firewater pump Debris sucked into pump Loss of firewater supply Loss of firewater supply Loss of firewater supply Loss of firewater supply Loss of firewater supply Loss of firewater supply Air trapped in system, possible hydraulic hammer Firewater leak Damaged firewater pump Diversion of firewater overboard

Safeguards
Redundant pump Periodic testing Redundant pump Periodic testing Redundant pump Redundant pump Periodic testing Redundant pump Periodic testing Redundant pump Periodic testing Redundant pump Check valve in discharge line Redundant pump Periodic testing Periodic testing Periodic testing Redundant pump

Actions

Inspect pump suction strainer periodically

Firewater pump/driver

External rupture Fails to start Fails off while running Operates with degraded head/flow performance External rupture Plugged

Pump discharge pipe from check valve

Air release valve (ARV610/611) PCV-610B/611B

Plugged or fails to operate Stuck open Plugged or fails to open Opens prematurely or fails to close

Check valve

Stuck open

Pipe from pump check valve to firewater header

External rupture Plugged

Potential diversion of firewater backward through idle pump Prevents starting of idle diesel or damages pump during start up Loss of firewater supply Loss of firewater supply Loss of firewater supply Debris plugs firewater nozzles

Add PCV-610B/611B to periodic test schedule Add PCV-610B/611B to periodic test schedule Verify manual close mechanism on PCV610B/611B Test discharge check valve during periodic firewater pump tests

Discharge strainer

Plugged Broken

Redundant pump Manual isolation valves Redundant pump Alternate water path Redundant pump Periodic testing Clean out settings on fire monitors and hoses

Verify strainer material is resistant to marine growth Inspect screen condition periodically

Rev. 1, 01/15/01 PAGraver

Item No.
9

Component Description
Manual test valve

Failure Mode
Prematurely opens Left open after test

Effects
Diversion of firewater overboard

Safeguards
Redundant valve in discharge line Low pressure switch (PSL610B/611B) Pressure control valve (PCV610B/611B)

Actions
Requires indepent check of valve position after tresting & periodically thereafter Indicate pressure switch status in control room

Prematurely closes Left closed during test 10 Isolation valve for firewater loop Prematurely closes Left closed after test

Blocked discharge from firewater pump, possibly damaging pump Loss of firewater supply

Requires independent check of valve position after testing and peridically thereafter Remote starting system Manual starting system Redundant pump & starting system Add pressure switch testing to routine pump test

11

PSL-610B/611B

Spurious low signal Failure to signal

Starts firewater pump Firewater pump fails to start on pressure demand

FMEA Electrical Example

Component Description
Breaker (AB-1)

Failure Mode
Inadvertently opens

Effects
Shutdown of A-100 Shutdown of FCCU

Safeguards
AB-10 opens on low voltage

Actions
Implement an automatic switchover to AB-8 without tripping AB-10 Increase/improve preventive maintenance Include IR scanning in quarterly PMs Provide a mechanism to verify AB-4 loading while the FCCU is operating Implement out-of-phase permissives that prevent closing beakers between voltage sources Initiate additional operator training

Operator cycles breaker

Fails to Open

Potential damage to A-100, A-200, A-300, PR-1, PR-2, PR-3, P100A/B or P-200A/B Potential shutdown of FCCU Potential damage to A-100 Potential shutdown of FCCU

Loss of DC power supply

Loss of breaker control (breakers remain in current positions)

Labels on breakers CB-7 is normally open All breakers open on faults Internal surge protection for A-100 Main bus breakers open on faults AB-6 opens on faults AB-10 opens on faults, high and low voltage, or high current (time delay) Internal surge protection for A-100 DC undervoltage alarm DC ground indicators

Verify that all DC equipment is inside only

Rev. 1, 01/15/01 PAGraver