Software interoperability in consequence assessment: results of a feasibility study

Similar documents
Cybersecurity eit. Software. Certification. Industrial Security Embedded System

INSPIRE status report

Gas Infrastructure Europe. Security Risk Assessment Methodology

GMO Register User Guide

ECC Recommendation (17)04. Numbering for ecall

European Responsible Care Forum. Security & Safe Maintenance

INSPIRE & Environment Data in the EU

EUTurbines comments to. ENTSO-E Public consultation on Connection Codes Implementation Guidance Documents (Overview of questions answered)

Submission of information in the public consultation on potential candidates for substitution under the Biocidal Products Regulation

SEA-Manual. ,,Environmental Protection Objectives. Final report. EIA-Association (Ed.) UVP-Gesellschaft e.v. July 2000

UK EPR GDA PROJECT. Name/Initials Date 30/06/2011 Name/Initials Date 30/06/2011. Resolution Plan Revision History

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Compliance rules and entry-level requirements

CFD ANALYSIS FOR RISK ANALYSIS IN URBAN ENVIRONMENTS TILBURG CITY CASE STUDY. Urban Environment and Safety, TNO, Utrecht, the Netherlands

EU Civil Protection Mechanism

The Accreditation and Verification Regulation - Verification report

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

First Science-Policy- Industry meeting on CBRN-E Introductory words. Philippe Quevauviller. Security Research and Industry. DG Enterprise and Industry

Consolidation Team INSPIRE Annex I data specifications testing Call for Participation

Joint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar November 2013)

The European Programme for Energy Efficiency in Data Centres: The Code of Conduct

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

CROCODILE AUSTRIA Event management

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

EUROPEAN COMMISSION Enterprise Directorate-General

BACKGROUND PAPER. Sub-Regional Platform on Disaster Risk Reduction

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATION SOCIETY AND MEDIA

EU Code of Conduct on Data Centre Energy Efficiency. Endorser Guidelines and Registration Form. Version 3.1.0

TM2.0 Enabling vehicle interaction with traffic management. TF3 Principles for data. Report

D3.1 Validation workshops Workplan v.0

Data Quality Assessment Tool for health and social care. October 2018

ICT-Platform for Object Oriented Knowledge in the Building and Construction Industry

IAEA Action Plan on Nuclear Safety

M403 ehealth Interoperability Overview

Integration of INSPIRE & SDMX data infrastructures for the 2021 population and housing census

RD-Action WP5. Specification and implementation manual of the Master file for statistical reporting with Orphacodes

SCADA Software. 3.1 SCADA communication architectures SCADA system

Monitoring and Reporting Drafting Team Monitoring Indicators Justification Document

Action Plan to enhance preparedness against CBRN security risks

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

Global Monitoring for Environment and Security

Guidance for the format and content of the final study report of non-interventional post-authorisation safety studies

Continuous auditing certification

PATHWAYS TO INNOVATION IN DISASTER RISK MANAGEMENT. Paolo Venturoni CEO European Organisation For Security 4 th June 2018

The European Commission s science and knowledge service. Joint Research Centre

-SQA- SCOTTISH QUALIFICATIONS AUTHORITY HIGHER NATIONAL UNIT SPECIFICATION GENERAL INFORMATION

PART IV GLOSSARY OF TERMS

Framework for conducting Life Cycle Analysis (LCA) of Datacenters

D2.5 Data mediation. Project: ROADIDEA

Paper for Consideration by CHRIS. Cooperation Agreement Between IHO and DGIWG

Pioneer in the economic and ecological facility management

European Conference on Quality and Methodology in Official Statistics (Q2008), 8-11, July, 2008, Rome - Italy

Indicator Framework for Monitoring the Council Recommendation on the integration of the long-term unemployed into the labour market

HPE Energy Efficiency Certification Service

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

EU Customs Policy for Supply Chain Security & Detection Technology (for CBRNE)

Procedure for Network and Network-related devices

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Hellenic Food Authority (EFET) - Greece

Cyber Security of ETCS

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids

Factsheet. Power Generation Service Energy efficiency in power generation and water

JRC Field Tracking Tool Status report. A. Annunziato, D. A. Galliano, R. Guana

The NIS Directive and Cybersecurity in

Critical Infrastructure Protection in the European Union

Science Europe Consultation on Research Data Management

EU Code of Conduct on Data Centre Energy Efficiency

Standardization for DRR: Opportunities or barriers?

Requirements on clinical data in Europe

Code of Conduct on Data Centres Energy Efficiency. Registration Form for Endorsers

Harmonization of usability measurements in ISO9126 software engineering standards

IUCLID 6 workshop. Chemical Industry Regulations 9 September Francois Le Goff Computational Assessment and Dissemination Unit

Request for Expression of Interest. Consultant - Project Coordinator. Project: I-CARE Global Imperative Indicator

Basic Principles of MedWIS - WISE interoperability

Contents. V4.1 Printed March

EN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT

GRIDS INTRODUCTION TO GRID INFRASTRUCTURES. Fabrizio Gagliardi

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

The Analysis and Proposed Modifications to ISO/IEC Software Engineering Software Quality Requirements and Evaluation Quality Requirements

Final Project Report

PROJECT FINAL REPORT. Tel: Fax:

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Assessment of the progress made in the implementation of and follow-up to the outcomes of the World Summit on the Information Society

Industrial Energy Efficiency

Deployment is underway!

THE SUSTAINABLE NUCLEAR ENERGY TECHNOLOGY PLATFORM. Presented on behalf of SNE-TP by Vere Smyth, University of Pavia

Data and Forecasting Summary

Network Code on Operational Security. User s Group System Operations 06/11/2013

Certification of the Galileo SIS The GALCERT Project

Rev 2 May Health and Safety Authority. Function and Scope of REACH and CLP Helpdesk

GEO-SPATIAL METADATA SERVICES ISRO S INITIATIVE

A tool to assist and evalute workstation design

ENCePP Code of Conduct Implementation Guidance for Sharing of ENCePP Study Data

European Union comments CODEX COMMITTEE ON FOOD HYGIENE. Forty-ninth Session. Chicago, Illinois, United States of America, November 2017

EUROPEAN DATA CENTRE STANDARDS

Data Center Efficiency Workshop Commentary-Intel

Safety and Reliability of Embedded Systems. (Sicherheit und Zuverlässigkeit eingebetteter Systeme) Safety and Reliability Analysis Models: Overview

Council of the European Union Brussels, 23 November 2016 (OR. en)

Transcription:

Software interoperability in consequence assessment: results of a feasibility study Sergio Contini 1, Luciano Fabbri 1, Massimo Binda 2 1 European Commission, Joint Research Centre, 21027 Ispra (VA), Italy 2 THS Informatica, Via Roncari 19, 21023 Besozzo (VA), Italy The Competent Authorities responsible for the implementation of the Seveso Directive in their countries have, amongst others, the task of reviewing the safety reports of Seveso-type installations. This activity involves the examination of the hazard identification as well as the results of the frequency and consequence assessment of the identified accident scenarios. This verification activity might be very cumbersome and time consuming if the models and software tools used by the Authority are different from those used by the Operator. This is due to the lack of interoperability among the large number of software tools available for risk analysis, all considered acceptable by the scientific community. Considering that a relevant percentage of input data requested by the different tools is common, the software interoperability would strongly and effectively reduce the burden of work of authorities. Furthermore, the software interoperability in risk analysis would be very valuable also to operators and to models and software developers. The purpose of this paper is to describe the results of a feasibility study, recently completed by the authors, aimed at identifying the main problems associated with the definition of a common data exchange format for a fundamental phase of the risk analysis procedure: the assessment of accident consequences. 1. Introduction Software interoperability is an important aspect that has recently been approached and resolved in many fields such as e.g. geographic information systems, satellite images, communications, building construction processes, by providing indisputable advantages to all involved stakeholders. Interoperability means letting different software on different operating systems do what they do best, while agreeing on a common way to exchange data with one another. In the field of risk analysis the problem of software interoperability has not yet been considered in spite of the advantages that it would actually give. It is very important to emphasise that any effort aiming at achieving the software interoperability should not be confused with an attempt to harmonise and standardise the different methodologies and approaches which are used in the different countries and by the different risk analysis experts. As it is well known, there is not a unique and consolidated way to conduct such type of analysis. By contrast, there are several approaches, which are all potentially valuable. These approaches can be categorised in terms of different aspects as for

instance: (i) the general philosophy adopted, (ii) the typology (i.e. probabilistic, deterministic), (iii) the level of calculation accuracy (quantitative, semi-qualitative, and qualitative) and so forth. In addition different approaches and methodologies are also applied for each single step of the risk assessment process. This implies that different software tools are available implementing the same model or models of different complexity. Furthermore databases, developed on different platforms, are used concerning e.g. accidents frequency data, components reliability data, and chemical substances. However, independently of the applied approach a lot of data are common since the phenomena under scrutiny are always the same. For instance, the following information is typical of any methodology addressing the risks of chemical installations: (i) the relevant properties of the hazardous substances, (ii) critical aspects of the involved process and/or components, (iii) vulnerability of the surrounding environment, to mention only a few. In order to establish a strategy to study interoperability problems in risk analysis and to assess the difficulties associated with this course of action, it is necessary to clearly identify for which models the software interoperability is most valuable. A not exhaustive list of some of the models and data applied in the chemical-petrochemical field for risk analysis is provided in Table 1. Table 1. Main methodologies currently in use for risk analysis purposes RA phase Models Data Hazard identification HAZOP FMEA Process variables deviations, causes, consequences, protection systems. Component failure modes, causes, Frequency analysis Consequence assessment (CA) Risk quantification Emergency planning and response FT, RBD, ET, Models from outflow to different types of fires, explosions, and dispersion of toxic/flammable substances. Risk analysis by combining frequency and consequences for each accident scenario. Several models: accident consequences, evacuation, road traffic, spatial resource distribution, etc. consequences, alarms, etc. Structure function, mission time, Components reliability data, Human error probabilities, CCF, etc. Source term, substance data, meteorological data, models parameters, etc. Area site maps; Meteorological data, Population density and distribution, accidents frequencies and consequences, Probit data, etc. As for CA and risk quantification plus data on road traffic; evacuation, resources, etc. HAZOP: Hazard & Operability; FMEA: Failure Modes & Effects Analysis; FT: Fault-Tree; ET: Event-Tree; RBD: Reliability Block Diagram; CCF: Common Cause Failures; CA: Consequence Assessment. A point to note is that the different phases of risk analysis are characterised by completely different objectives. As a consequence it is evident that separate sets of Common Data Exchange Formats (CDEF) have to be defined for achieving the interoperability in the different phases of the process. This is a long and challenging work that would offer many advantages to all organisations involved in risk analysis and risk management of Seveso-type installations. Indeed, the existence of such a data format would be particularly advantageous for the competent authorities in their

verification activity of safety reports. CDEFs would allow to easily importing both input data and results of risk analysis as submitted by the operator. As the authorities make often use of alternative models and tools for the same calculations, in order to conduct a comparison these models have to be run with the same set of input data as used by the operator. Without proper CDEFs the verification activities would be much more complex, time consuming and expensive. The existence of CDEFs would also be beneficial for the operators responsible for the preparation of safety reports. Safety reports have indeed to be reviewed on a periodical basis to account for possible modifications within the plant. The use of CDEFs would allow reusing the previous set of data even if the models in use during the reviewing phase are different. This is a rather typical situation when the operator relies on external consultants for the preparation of their safety report. These consultants may change over the time and the models employed may vary accordingly. Finally, suitable CDEFs would also be of great benefit also to model and software developers for facilitating the comparison of results obtained using other models and tools (test and benchmarking). Generally speaking, the existence of CDEFs would allow substituting one model with a better one with no effort. Having ascertained the advantages of software interoperability in risk analysis the question that comes to mind is: which are the past and current initiatives on this issue? The first attempt to face the interoperability problem started in 2007 in the context of the worldwide OPEN-PSA initiative (http://www.openpsa.org/). The objective was to study the interoperability among software packages used in the nuclear field for probabilistic safety assessment, but open to other industrial fields. Fault trees and Event trees, which are the two main models in PSA, are in fact applied also for the risk analysis of chemical and petrochemical installations. In the framework of this international driven initiative, some general requirements for a sound definition of a common data exchange format were defined. More specifically a common format should be: Clear, to avoid misinterpretations leading to different implementations; Complete, to cover data in all models; Extensible, to leave the possibility to introduce new constructs, even if these are not recognised by all tools; however, any addition should be public to allow other software developers to implement them. Recently, the common exchange format was successfully implemented in XML (Extensible Mark-up Language) and tested on two of the major software packages used in Europe and in the USA: RiskSpectrum and CAFTA. The common exchange format for fault tree was also implemented in ASTRA, the JRC proprietary tool for fault tree analysis. Interoperability tests between ASTRA and RiskSpectrum were successfully carried out. Looking at Table 1, the format defined by the OPEN-PSA covers the accident frequency analysis based on fault trees. 2. Feasibility study on the interoperability of accident consequence assessment software The need of defining a data exchange format also for accident consequence assessment was very clear, not only because it is important for risk analysis but also because of the large number of models and software tools available on the market, whose interoperability would be beneficial to end users. Thus, the feasibility study conducted at the Joint Research Centre (JRC) of the European Commission, aimed at defining a suitable CDEF by considering some of the most popular commercial and freeware software, together with some in-house tools. Obviously the study does not pretend to give a complete specification of the CDEF, but rather to start testing the interoperability

between some existing tools, in order to identify the problems to be faced to achieve such an objective, and to evaluate the degree of complexity of this activity. More specifically, a CDEF prototype was created with the main objective of allowing the ease exchange of both input data and results of consequence assessment (CA) calculations. The feasibility study had three main objectives: 1. to identify critical aspects in the definition of a proper CDEF for accident CA models; 2. to develop a prototype of a CDEF structure and to use it for testing a data exchange between different software for CA (i.e. fires, explosions and toxic release); 3. to apply the prototype to actual problems. In particular two examples were identified, i.e.: (i) the comparison of the results of different CA models for the same accident type, and (ii) the data exchange between a risk analysis tool (ARIPAR) and commercially available accident CA packages (PHAST, EFFECTS, ALOHA). 3. Main results of the feasibility study In this section the main achievements of the study are briefly described (see Binda et al., 2009 for details). 3.1 The CDEF structure The following aspects have to be taken into account when defining a CDEF for accident consequence assessment: 1. type of accident (i.e. fire, explosion, or toxic release); 2. specific accident outcome (e.g. for fire: pool fire, jet fire, ); 3. considered type of model (e.g. 1D, 2D); 4. all model s input data and parameters; 5. type of representation of results (e.g. 1D, 2D grid, iso-effect curves). Points 1-3 are necessary for documentation purposes and to cross-check the compatibility of the information exchanged. Point 4 is the most complex because it requires a detailed knowledge of all models relevant for the accident type under scrutiny. Point 5 is essential to compare the models outcomes. To note that when comparing two different models (A, B) for the same accident scenario, it can result that some of the input data used by model A could be different from those of model B. Thus, when the defined CDEF is used to export data from model A to B, it could be required to complement the data with supplementary information. In other cases, together with the input data, the comparison of two models requires the inclusion of the output data in the CDEF. This is the typical case of the comparison between the results of a single model and a multi-model (a set of models run without the user intervention), for which some of the intermediate results can be necessary as input data for the single model. Thus, in general, both input and output data have to be part of the common format. Within the CDEF prototype defined in the present study, the data to be exchanged were organised in a tree-like structure containing three main sections: 1) general information, 2) input section, 3) output section. The input section is clearly the most complex and contains all data necessary to run a model e.g. data to calculate the outflow (source term), the different fire and explosion models; models to determine the air and/or water dispersion of dangerous substances. However, due to the extensibility requirement, this structure should be kept open, in order to give the possibility to include additional data in a later stage, when necessary. The problem of the measuring units used by different software was also considered and solved. By following the example of the OPEN-PSA initiative, the CDEF prototype was developed in XML.

3.2 Interpolation needs and methods It is very important to stress that an XML file applied to interoperability applications should not exceed a certain dimension in order to make the data upload practicable. The main problem arises when dealing with data spread on a dense 2D grid. A possible way to overcome this problem is to export only part of these data (i.e. sampled points or effect contours) and to reconstruct the overall data set via interpolation methods. Interpolation is also necessary to compare the outcome of two different models. In such a case, the comparison requires the representation of data on a common 2D grid, where the direct comparison is actually done. Several interpolation methods are available in the literature. For the purposes of the present study, the output data of a typical CA model were interpolated using seven different methods. Among the methods considered the linear method provided acceptable results in all cases even though they were too conservative when the number of points was too limited or wrongly distributed. The test was conducted on Gaussian release dispersion, for which exact formulas were available. The Constrained cubic spline (CCS) method (Kruger C.J.C., 2002,) was the best amongst those submitted to test and it gave good results when the number of contours was greater than 5-6. This method was also tested on a more complex accident scenario (i.e. instantaneous heavy gas dispersion) whose consequence effects were calculated by using PHAST. Also in this case the test was successful. 3.3 Examples of CDEF use: comparison of different CA models A first example of the use of a CDEF, was the comparison of the outcome of different CA models applied to the same accident scenario. For this purpose, dedicated software was developed, named Comparison Effects Models (CEM). An example is given in figure 1 showing one of the possible uses of CEM (Binda et al. 2009). The input data and results of a 1D model are exported (XML file 1); the input section of this file is read by the second model; extra data may be manually inputted (if any). The input data and result of the run of this model is exported (XML file 2). The output sections of both models are interpolated on an automatically generated common grid and represented for comparison purposes. Model 1D XML file 1 Output section Interpolation of data applying method x CEM Input section GRID GENERATION AND INTERPOLATION MODULE Comparison of maps Model 2D XML file 2 Output section Interpolation of data applying method x Figure 1: Result of the difference between the 1D model and the 2D model. 3.4 Interoperability between CA and risk assessment tools As a second example the use of the CDEF prototype concerns the interface between the risk assessment tool ARIPAR (Spadoni et al. 2003) and different software packages for accident consequence assessment: PHAST, EFFECTS, ALOHA; in addition in house developed tools were used: GAUSS and STARS. For this experiment, due to the unavailability of the source code of the commercial software, ad-hoc modules were developed to generate the XML files from the output files. As shown in Figure 2 the

overall procedure consisted in generating XML files from the above consequence models, interpolating the effect contours and generating the consequence data grids to be uploaded into ARIPAR. The risks of the different scenarios were calculated and suitably aggregated, and the overall result for individual risk is depicted in the risk map image of Figure 2. Figure 2: Schematic diagram for the experiment aiming to interface ARIPAR with accident consequence tools 4. Conclusions In the present study it was developed a first prototype of a Common Data Exchange Format (CDEF) for accident consequence assessment software. The CDEF prototype was tested on a number of commercially available software for demonstrating their full interoperability. In addition, this preliminary study has allowed addressing the problems on the use of common data format as for instance: the model s parameters to consider, the different measuring units, the use of extra data, multi-model software vs. single model software. This work, together with the common exchange format for Fault trees and Event trees developed by the OPEN-PSA initiative, and the on-going work of the authors for the definition of a CDEF for the hazard identification phase, shows the feasibility of achieving the full software interoperability in risk analysis. Clearly, this can be obtained only with the agreement and the involvement of all relevant stakeholders (i.e. European Committee for Standardization, EU safety authorities, industry representatives, software and model developers, etc.). References ALOHA Software, www.epa.gov/oem/content/cameo/aloha.htm Binda M., Contini S., and Fabbri L., 2009, On software interoperability for accident consequence assessment, EUR Report 23994 EN. Contini S. ed., Rassegna di modelli per il calcolo delle conseguenze di incidenti, JRC Technical Note I.95.126, ISEI/IE/2998/95. EFFECTS Software, www.tno.nl/content.cfm?context Kruger C.J.C., 2002, Constrained Cubic Spline Interpolation for Chemical Engineering Applications, http://www.korf.co.uk/spline.pdf OPEN-PSA initiative, http://www.openpsa.org/ PHAST Software, http://www.dnv.com Spadoni G., Contini S., Uguccioni G., 2003, The New Version of ARIPAR and the Benefits Given in Assessing and Managing Major Risks in Industrialised Areas, Transaction of the IChemE, Vol 81, Number B1.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback