SafetyStudy for a Prototypical Mobile R744 AC System - PowerPoint PPT Presentation


Title: SafetyStudy for a Prototypical Mobile R744 AC System


1
Safety-Study for a Prototypical Mobile R744 AC
System
  • On VDA Alternative Refrigerant Wintermeeting
  • January 30-31, Hotel Gut Brandelhof, Saalfelden /
    Austria
  • by Dr.-Ing. U. Hussels, Dr.-Ing. K. Drewes
  • RISA Sicherheitsanalysen GmbH, Germany
  • e-mail risa_at_risa.de

2
Introduction
  • Subject Report on the implementation of a
    complete probabilistic safety analysis (PSA) for
    a R744 AC System
  • RISA Sicherheitsanalysen GmbHCompany of about
    10 engineers specialised in safety analysis for
    power plants and transportation systems as well
    as database design

3
Initiators of the Safety Analysis
OBRIST __ENGINEERING__
  • 5 German car manufacturers
  • 7 suppliers

4
Members of the working group
  • Mr. Mager, BMW (co-ordinator)
  • Dr. Adiprasito, VW
  • Dr. Arnemann, ZEXEL
  • Mr. Fischer, Visteon
  • Mr. Hellmann, VW (IAV)
  • Mr. Könecke, Denso
  • Mr. Scheftschuk BMW
  • Dr. Vetter, Modine
  • Mr. Wertenbach, DC

5
Used Methods in Analysis
  • Basis FMEA (SAE J-1739)
  • Structure FTA (Fault Tree Analysis, based on DIN
    25424)
  • Boundary conditions ETA (Event Tree Analysis,
    similarly too DIN 25419) with a list of External
    Events (Initial Events)
  • Data Empirical Bayes Method

6
Reasons
  • Responsibility of the car manufacturers for the
    safety of their products
  • Avoiding unnecessary work of development by
    accompanying the development process
  • Consideration of international standards on
    qualitative and quantitative proof of the safety
    of the system

7
History of the safety analysisof mobile AC
systems
  • 1998 Investigation of flammable refrigerants in
    motor cars
  • 1999 / 2000 FMEA for a prototypical mobile R744
    AC system (presented on SAE 2000 Automotive
    Alternative Refrigerant Systems Symposium,
    Scottsdale, AZ, USA)
  • 2001 safety analysis (PSA) for the prototypical
    R744 AC system
  • 2002 possibility of (quantitative) sensitive
    analysis based on MCS

8
Targets of the analysis (1)
  • Influence on the design-process to avoid possible
    weak points
  • Investigation on the influence of different
    (alternative) safety devices on the system safety
  • Completeness of the analysis by using improved
    PSA methods

9
Targets of the analysis (2)
  • Proof of the accessibility of a so called safe
    system
  • no single failure event may cause an endangerment
  • Quantification of the analysis to find out the
    absolute safety level of the system
  • there has to be an upper bound of the frequency
    of dangerous system failures

10
Prototypical AC System
  • Includes different (optional) safety devices
    (without their exact realisation)
  • E. g. options for a overpressure safety relief
    devices Bursting disk and/or blow-off valve
  • assumptions for amount of filling, pressures,
    materials, volumes etc.
  • from standards or prototype systems

11
PI-Diagram
12
FMEA (method)
  • Looking up for the possible failure events of
    each component of the AC system
  • Estimations about severity, occurrence and
    detection for each failure event
  • Calculating a risk protection number (RPN) for
    each event for the screening of critical
    components

13
FMEA (work)
  • Revision of the existing FMEA
  • Completion of additional safety devices
  • Adding the corresponding generic failure mode for
    each failure event
  • Recalculation of the RPNs
  • No relevant changes in the screening results

14
Contents of the integrating analysis (1) Safety
goals
  • A safety goal defines an event which has to be
    fulfilled for the safety of the system
  • Systems may have multiple safety goals
  • The violation of one of the safety goals is a
    top-event (undesired event) in the sense of the
    fault tree analysis

15
The 4 safety goals (SG) of the mobile R744 AC
system
  • The failure of one or more components of the AC
    system may not cause
  • (SG 1) loss of concentration of the driver
  • (SG 2) permanent health impairments of the
    passengers
  • (SG 3) permanent health impairments of persons in
    the closer surrounding
  • (SG 4) negative impacts on safety-relevant
    systems of the vehicle

16
Contents of the resuming analysis (2) Boundary
Conditions
  • Decision (status) tree for the determina-tion of
    the statuses of (for the safety goals) relevant
    vehicle systems.Examples Circulation air on/off
  • List of external events, which have a meaning for
    the safety goalsExamples Normal
    conditions,Accident - vehicle still drivingready

17
Generic failure events
  • For the purpose of the examination of the
    completeness of the investigation generally
    accepted types of failure for different component
    types are defined and reflected at the concrete
    failure occurrences.
  • Examples for a mechanical componentLoss of form
    no intended movement possible

18
(3) Fault trees
  • Top-gate Violation of one of the safety goals
    (OR-gate)
  • For each safety goal will be combined
  • one system state
  • one external event
  • the adapted fault tree for the safety goal
  • For each fault tree will be combined
  • the cause (source of the endangerment)
  • the fail of the barriers
  • the existence of additional boundary conditions

19
General fault tree structure
20
(4) Minimal cut sets
  • The analysis of the fault trees is made by the
    determination of minimal cut sets
  • A minimal cut set (MCS) is a minimum quantity of
    events, which leads to occurring of the top gate
    of the fault tree
  • A complex fault tree typically have thousands and
    more MCS

21
Number of minimal cut sets of the 4 safety goals
(SG)
  • (SG 1) loss of concentration of the driver 5280
    MCS
  • (SG 2) permanent health impairments of the
    passengers 1120 MCS
  • (SG 3) permanent health impairments of persons in
    the environment 1200 MCS
  • (SG 4) Negative impacts on safety-relevant
    systems of the car 460 MCS

22
(5) Quantification
  • For each event a (failure) frequency (per year
    and vehicle) must be given
  • The value (frequency) of a MCS is the product of
    the event values
  • The value of the top is (in first approximation)
    the sum of its MCS

23
(6) Data
  • Generic data was taken from the literature
  • Specific data was taken from the companies of the
    workgroup members
  • Using the empirical Bayes estimation, the
    different data sources have been combined and
    were anonymizated

24
Benefits
  • Comprehensible proof of safety
  • Qualitative evaluation (structural weakpoint
    analysis)
  • Qualitative evaluation of the absolute safety
    level and of versions (analysis of sensitivity)
  • Derivation of the Design of the Safe System (no
    single fault event may cau-se a violation of one
    of the safety goals)

25
Results
  • Additional safety devices are necessary
  • Single failure events must not cause a dangerous
    situation
  • There is a hazard potential (as with most
    technical systems), but it is controllably in
    quality and quantity
  • It is possible to build a R744 AC system as a
    Save System

26
Outlook
  • The analysis is ready to be recalculated with
    (manufacturer or model) specific data
  • The analysis is ready to be adaped to concrete
    (manufacturer or model specific) R744 AC systems
  • The analysis may be adapted to similar R744 car
    systems
View by Category
About This Presentation
Title:

SafetyStudy for a Prototypical Mobile R744 AC System

Description:

Responsibility of the car manufacturers for the safety of their products ... (SG 4) Negative impacts on safety-relevant systems of the car: 460 MCS ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 27
Provided by: Huss4
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: SafetyStudy for a Prototypical Mobile R744 AC System


1
Safety-Study for a Prototypical Mobile R744 AC
System
  • On VDA Alternative Refrigerant Wintermeeting
  • January 30-31, Hotel Gut Brandelhof, Saalfelden /
    Austria
  • by Dr.-Ing. U. Hussels, Dr.-Ing. K. Drewes
  • RISA Sicherheitsanalysen GmbH, Germany
  • e-mail risa_at_risa.de

2
Introduction
  • Subject Report on the implementation of a
    complete probabilistic safety analysis (PSA) for
    a R744 AC System
  • RISA Sicherheitsanalysen GmbHCompany of about
    10 engineers specialised in safety analysis for
    power plants and transportation systems as well
    as database design

3
Initiators of the Safety Analysis
OBRIST __ENGINEERING__
  • 5 German car manufacturers
  • 7 suppliers

4
Members of the working group
  • Mr. Mager, BMW (co-ordinator)
  • Dr. Adiprasito, VW
  • Dr. Arnemann, ZEXEL
  • Mr. Fischer, Visteon
  • Mr. Hellmann, VW (IAV)
  • Mr. Könecke, Denso
  • Mr. Scheftschuk BMW
  • Dr. Vetter, Modine
  • Mr. Wertenbach, DC

5
Used Methods in Analysis
  • Basis FMEA (SAE J-1739)
  • Structure FTA (Fault Tree Analysis, based on DIN
    25424)
  • Boundary conditions ETA (Event Tree Analysis,
    similarly too DIN 25419) with a list of External
    Events (Initial Events)
  • Data Empirical Bayes Method

6
Reasons
  • Responsibility of the car manufacturers for the
    safety of their products
  • Avoiding unnecessary work of development by
    accompanying the development process
  • Consideration of international standards on
    qualitative and quantitative proof of the safety
    of the system

7
History of the safety analysisof mobile AC
systems
  • 1998 Investigation of flammable refrigerants in
    motor cars
  • 1999 / 2000 FMEA for a prototypical mobile R744
    AC system (presented on SAE 2000 Automotive
    Alternative Refrigerant Systems Symposium,
    Scottsdale, AZ, USA)
  • 2001 safety analysis (PSA) for the prototypical
    R744 AC system
  • 2002 possibility of (quantitative) sensitive
    analysis based on MCS

8
Targets of the analysis (1)
  • Influence on the design-process to avoid possible
    weak points
  • Investigation on the influence of different
    (alternative) safety devices on the system safety
  • Completeness of the analysis by using improved
    PSA methods

9
Targets of the analysis (2)
  • Proof of the accessibility of a so called safe
    system
  • no single failure event may cause an endangerment
  • Quantification of the analysis to find out the
    absolute safety level of the system
  • there has to be an upper bound of the frequency
    of dangerous system failures

10
Prototypical AC System
  • Includes different (optional) safety devices
    (without their exact realisation)
  • E. g. options for a overpressure safety relief
    devices Bursting disk and/or blow-off valve
  • assumptions for amount of filling, pressures,
    materials, volumes etc.
  • from standards or prototype systems

11
PI-Diagram
12
FMEA (method)
  • Looking up for the possible failure events of
    each component of the AC system
  • Estimations about severity, occurrence and
    detection for each failure event
  • Calculating a risk protection number (RPN) for
    each event for the screening of critical
    components

13
FMEA (work)
  • Revision of the existing FMEA
  • Completion of additional safety devices
  • Adding the corresponding generic failure mode for
    each failure event
  • Recalculation of the RPNs
  • No relevant changes in the screening results

14
Contents of the integrating analysis (1) Safety
goals
  • A safety goal defines an event which has to be
    fulfilled for the safety of the system
  • Systems may have multiple safety goals
  • The violation of one of the safety goals is a
    top-event (undesired event) in the sense of the
    fault tree analysis

15
The 4 safety goals (SG) of the mobile R744 AC
system
  • The failure of one or more components of the AC
    system may not cause
  • (SG 1) loss of concentration of the driver
  • (SG 2) permanent health impairments of the
    passengers
  • (SG 3) permanent health impairments of persons in
    the closer surrounding
  • (SG 4) negative impacts on safety-relevant
    systems of the vehicle

16
Contents of the resuming analysis (2) Boundary
Conditions
  • Decision (status) tree for the determina-tion of
    the statuses of (for the safety goals) relevant
    vehicle systems.Examples Circulation air on/off
  • List of external events, which have a meaning for
    the safety goalsExamples Normal
    conditions,Accident - vehicle still drivingready

17
Generic failure events
  • For the purpose of the examination of the
    completeness of the investigation generally
    accepted types of failure for different component
    types are defined and reflected at the concrete
    failure occurrences.
  • Examples for a mechanical componentLoss of form
    no intended movement possible

18
(3) Fault trees
  • Top-gate Violation of one of the safety goals
    (OR-gate)
  • For each safety goal will be combined
  • one system state
  • one external event
  • the adapted fault tree for the safety goal
  • For each fault tree will be combined
  • the cause (source of the endangerment)
  • the fail of the barriers
  • the existence of additional boundary conditions

19
General fault tree structure
20
(4) Minimal cut sets
  • The analysis of the fault trees is made by the
    determination of minimal cut sets
  • A minimal cut set (MCS) is a minimum quantity of
    events, which leads to occurring of the top gate
    of the fault tree
  • A complex fault tree typically have thousands and
    more MCS

21
Number of minimal cut sets of the 4 safety goals
(SG)
  • (SG 1) loss of concentration of the driver 5280
    MCS
  • (SG 2) permanent health impairments of the
    passengers 1120 MCS
  • (SG 3) permanent health impairments of persons in
    the environment 1200 MCS
  • (SG 4) Negative impacts on safety-relevant
    systems of the car 460 MCS

22
(5) Quantification
  • For each event a (failure) frequency (per year
    and vehicle) must be given
  • The value (frequency) of a MCS is the product of
    the event values
  • The value of the top is (in first approximation)
    the sum of its MCS

23
(6) Data
  • Generic data was taken from the literature
  • Specific data was taken from the companies of the
    workgroup members
  • Using the empirical Bayes estimation, the
    different data sources have been combined and
    were anonymizated

24
Benefits
  • Comprehensible proof of safety
  • Qualitative evaluation (structural weakpoint
    analysis)
  • Qualitative evaluation of the absolute safety
    level and of versions (analysis of sensitivity)
  • Derivation of the Design of the Safe System (no
    single fault event may cau-se a violation of one
    of the safety goals)

25
Results
  • Additional safety devices are necessary
  • Single failure events must not cause a dangerous
    situation
  • There is a hazard potential (as with most
    technical systems), but it is controllably in
    quality and quantity
  • It is possible to build a R744 AC system as a
    Save System

26
Outlook
  • The analysis is ready to be recalculated with
    (manufacturer or model) specific data
  • The analysis is ready to be adaped to concrete
    (manufacturer or model specific) R744 AC systems
  • The analysis may be adapted to similar R744 car
    systems
About PowerShow.com