View
3
Download
0
Category
Preview:
Citation preview
Living with Failure-‐‑Finding RCM Notes series
Dr Mark Horton, Numeratis.com, March 2011
1 Introduction This paper provides some background notes to the simple failure-‐‑finding interval formulae used in RCM analysis. These notes are primarily intended to support you in your role as a trainer and you should generally not use them as part of a training course.
Very few RCM group members ever question the basis of the failure-‐‑finding formulae. Of those who do, most do not have a strong mathematical background and the rigorous mathematical derivations are more likely to frighten than to enlighten them. Each derivation is therefore split into two parts: one is the formal derivation of the results; the other is a set of intuitive arguments that you may find more useful in explaining the principles. The mathematical section number has a suffix "ʺM"ʺ; the conceptual section a suffix "ʺC"ʺ. If you ever encounter a real statistician among your trainees, you might like to give him or her a few hints and leave the derivations as an exercise...
2 Assumptions Whether you go for the intuitive methods or mathematical rigour, you should be familiar with the assumptions below which apply to all the formulae in this note.
• The failures of the protective device and of the protective system occur at random (both are pattern E in Nowlan and Heap terms)
• The failure-‐‑finding interval is much less than the mean time between failures of the protective device (preferably less than about 5% of Mdev, certainly less than 10% of Mdev)
• The failure-‐‑finding interval is much less than the mean time between failures of the protected function
It is possible to derive failure-‐‑finding formulae for more general cases, but they can be horribly complicated and results can often only be produced by numerical methods on a computer.
3 Mathematical Notation This note uses the following mathematical notation.
A Availability u Unavailability R(t) Survival function F(t) Probability that the system has failed at
time t Tff Failure-‐‑finding interval λ Failure rate of an individual protective
device in such a way that it does not provide the required protection (λ = 1/Mdev)
µ Demand rate on the protective system (µ = 1/Mdem)
L Is the rate of multiple failures (L = 1/Mmf)
n The number of parallel independent protective devices making up a protective system
Mdem The mean time between demands on the protective system
Mdev The mean time between failures of individual protective devices
4 The Basics C If a protective device fails at random, then we mean by definition that the chance of failure at any time is exactly the same as at any other time. This means that the instantaneous conditional probability of failure, generally better known as the hazard rate, is flat (Nowlan and Heap pattern E below).
RCM NOTES
2 Living with Failure-Finding Copyright © 2011-2012 numeratis.com
As shown in reliability books, if the hazard rate is constant, then the chance that the device is still working at some time in the future follows a negative exponential curve (below).
This is the curve we are interested in, but not quite in this form. If we express it slightly differently, we can show the chance that the device is in a failed state (i.e. not working) at any time.
Although the full curve has to be represented by an exponential function, the first part of it up to about 10% of Mdev can be approximated well by a straight line: this is the linear approximation to an exponential survival curve.
The relationship between time and the chance that the device is in a failed state is given by F = t/Mdev over this interval.
4 The Basics M If a device fails at a random rate λ, then provided that we are certain that the device is functional at time t = 0, the probability that it will operate at time t > 0 is given by the survival curve R(t):
The instantaneous unavailability of the protective device is
These relationships are explained for general hazard rates in any book on reliability theory.
If λ
RCM NOTES
Copyright © 2011-2012 numeratis.com Living with Failure-Finding 3
5 That Factor of Two M If a device is restored to working condition at regular intervals T, the average unavailability of the device over that interval is
Under the approximations listed at the start of this document, the average unavailability of the protective device is
6 Parallel Devices C So far we have been concerned with a single protective device. This section deals with two parallel redundant devices, where either device is able to respond fully to the demand.
A simple (but incorrect) treatment of two parallel devices could go like this. For a short time this “conceptual” section is going to become a little mathematical.
The average unavailability of a single protective device that fails with mean time between failures Mdev and which is tested at equal time intervals Tff is
€
u(T ff ) =T ff2Mdev
If there are two parallel devices, the protection is only completely unavailable if both devices have failed; so the unavailability we would expect is
€
u(T ff ) =T ff2Mdev
.T ff2Mdev
=T ff2
4Mdev2
As we will see, it is not the right answer. This section is concerned with answering the following question of why it is wrong.
Imagine that we have two parallel protective devices and decide that we will check each at an interval given by Tff. We will not check them both at the same time, but we will check one device at time zero, then the second at time Tff/2, the first again at Tff and so on.
What have we achieved by staggering the tests? Remember that the chance of a protective device being in a failed state increases with time during the failure-‐‑finding interval. By staggering the test, the period of high failure probability for one device corresponds to the period of low probability for the other, and vice versa.
Compare this with the situation where both devices are tested at the same time, shown below.
RCM NOTES
4 Living with Failure-Finding Copyright © 2011-2012 numeratis.com
Now both devices "ʺget old together"ʺ: in other words, the areas of high failure probability now coincide. Therefore checking several parallel redundant devices at the same time results in a lower overall availability than the alternative strategy of staggering the tests. Since a fixed failure-‐‑finding interval gives a lower availability if the devices are tested at the same time, then for a given required availability, we must check the devices more often if the tests are carried out at the same time. The simple approach that introduced this section goes one step further by assuming that each device is tested at an average interval of FFI, but the actual time of any test is decided at random. If you ever see a maintenance management system which supports this type of scheduling, give me a call!
6 Parallel Devices M These systems consist of several identical parallel protective devices, any of which alone can provide full protection when a demand is placed on the system.
A failure-‐‑finding task normally tests all the devices at the same time; any that are not working are repaired or replaced. Notice that it is important here to test the individual devices, and not just to test the overall function of the system; otherwise failed devices could be missed and the expected availability of the system could be far less than expected.
The instantaneous probability that the whole protective system is disabled (unavailable) at a time t after the last test is
where n is the number of parallel protective devices employed. The average unavailability over the failure-‐‑finding interval Tff is
€
u(T ff ) =
(1− e−λt )n dt0
Tff
∫T ff
Under the approximations stated at the start of this document, this becomes
€
u(T ff ) =(λT ff )
n
(n +1)
As in the section above, this represents the average availability over time. The instantaneous availability of the protective system is higher than the average availability at the start of the period, but lower at the end. The rise in unavailability is nonlinear: quadratic, cubic and so on depending on the number of parallel devices. If the failure-‐‑finding interval is lengthened, the unavailability (and hence the potential multiple failure rate) increases as the nth power of the testing interval.
The average multiple failure rate L is given by
€
L = µ(λT ff )
n
(n +1)
So the failure-‐‑finding interval Tff for a given target multiple failure rate L is
€
T ff =1λ(n +1)L
µ
⎛
⎝ ⎜
⎞
⎠ ⎟
1n
which translates into the following in terms of the device mean time between failure and mean demand times.
€
T ff = Mdev(n +1)Mdem
Mmf
⎛
⎝ ⎜ ⎜
⎞
⎠ ⎟ ⎟
1n
As discussed in the previous section, the availability achieved is actually lower than if the tests were staggered or completely unrelated.
As an extreme example, suppose that the individual devices are tested at random with no relationship between the test times. The average availability of one device tested at interval Tff is
RCM NOTES
Copyright © 2011-2012 numeratis.com Living with Failure-Finding 5
€
u(T ff ) =λT ff2
The average unavailability of the protective system as a whole is found by multiplying the individual unavailability figures:
€
u(T ff ) =λnT ff
n
2n
The rate of multiple failures is therefore
€
L = µλnT ff
n
2n
So if we specify the acceptable rate of multiple failures and we know the mean time between failures of the protective device and the demand rate on the protective system, the required failure-‐‑finding interval is
€
T ff =2λ
Lµ
⎛
⎝ ⎜
⎞
⎠ ⎟
1n
Expressed in more familiar terms, this becomes
€
T ff = 2MdevMdemMmf
⎛
⎝ ⎜ ⎜
⎞
⎠ ⎟ ⎟
1n
In a more realistic example, suppose that the protective system consists of two parallel devices. If they were tested at the same time, at intervals Tff, the average availability achieved would be
€
u(T ff ) =λ2T ff
2
3
Compare this with the situation where the devices are checked at the same interval, but the checks are offset by half of the failure-‐‑finding interval. So device 1 is tested at time 0, then device 2 at time Tff/2, device 1 again at Tff, device 2 at 3Tff/2 and so on.
Using the linear approximation to the survival curve, the probability that both devices are in a failed state at time t between 0 and Tff is
€
u(t) = λt.λ t +T ff2
⎛
⎝ ⎜
⎞
⎠ ⎟ for 0 ≤ t < Tff /2
and
€
u(t) = λt.λ t −T ff2
⎛
⎝ ⎜
⎞
⎠ ⎟ for Tff /2 < t ≤ Tff
Integrating over the interval from 0 to Tff, the average availability is
€
u(T ff ) = λ2 T ff
2
3−T ff2
8
⎛
⎝ ⎜ ⎜
⎞
⎠ ⎟ ⎟
which is less than the unavailability for simultaneous testing by 37.5%.
Terms of use and Copyright Neither the author nor the publisher accepts any responsibility for the application of the information and techniques presented in this document, nor for any errors or omissions. The reader should satisfy himself or herself of the correctness and applicability of the techniques described in this document, and bears full responsibility for the consequences of any application.
Copyright © 2011-‐‑2012 numeratis.com. Licensed for personal use only under a Creative Commons Attribution-‐‑Noncommercial-‐‑No Derivatives 3.0 Unported Licence. You may use this work for non-‐‑commercial purposes only. You may copy and distribute this work in its entirety provided that it is attributed to the author in the same way as in the original document and includes the original Terms of Use and Copyright statements. You may not create derivative works based on this work. You may not copy or use the images within this work except when copying or distributing the entire work.
Recommended