The process industry uses Layer Of Protection Analysis (LOPA) to document extremely small probabilities for catastrophic events. Predictions of 10-5/yr or less are common. The intent is to show that a facility is “safe." Yet, are such low numbers achievable in the real world? How does one prove that you are meeting them? The frequentist approach the method is based upon requires enormous amounts of data to state such a value definitively. A facility will not have, nor will it ever want, enormous amounts of data for rare catastrophic events.
Such low targets are impossible to achieve when one considers the real-world uncertainties of physical systems and factors such as systematic errors. Considering that industry still experiences several disastrous events per year, the current methodology would appear to have a flaw. In fact, we would seem to be off target by up to three orders of magnitude.
We are drowning in data, yet the real problems appear lost in the chaos. When everything appears to be a problem, nothing will be managed effectively. If one could successfully identify actual problems, then effective management could occur. Yet, how might one decipher the data and visualize the impact of potential shortcomings? One way could be with a periodic health check of the various independent protection layers (IPLs). According to the latest version of ISA/IEC 61511, functional safety assessments after a period of operation are now required to do exactly this. Bayes' rule could then be used to provide a means to visualize the findings using a protection layer called a “health meter.”
The Bayesian approach starts with the optimistic rare event assumptions. This initial probability distribution is known as the “prior." The approach combines that with real-world observations, updating the model over time with new evidence to form a “posterior." The Bayesian approach allows all relevant evidence to be factored into the model, including subjective data. This approach allows one to base plant health metrics on observed evidence. Such an approach will likely show a facility isn’t as good as it hoped it was. When Bayes shows that 10-6/yr can’t be met, a facility must step back and ask, “What are we really trying to achieve?”
Every facility needs to focus on the systems that need the most help. The Bayesian approach can show how each individual protection layer is behaving. Advanced warnings could then be given based on evidence. All this aims to discover systematic errors, allowing management to focus on fixing bad actors.