The process industry uses Layer Of Protection Analysis (LOPA) to document extremely small probabilities for catastrophic events. Predictions of 10-5/yr or less are common. The intent is to show that a facility is “safe”. Yet are such low numbers achievable in the real world? How does one prove that you are meeting them? The frequentist approach the method is based upon requires enormous amounts of data to definitively state such a value. A facility will not have, nor will it ever want, enormous amounts of data for rare catastrophic events.
Such low targets are impossible to achieve when one considers the real-world uncertainties of physical systems and factors such as systematic errors. Considering that industry is still experiencing several disastrous events per year, there would appear to be a flaw with the current methodology. In fact, we would seem to be off target by up to three orders of magnitude.
We are drowning in data, yet the real problems appear to be lost in the chaos. When everything appears to be a problem, nothing will be managed effectively. If one could successfully identify actual problems, then effective management could occur. Yet how might one decipher the data and visualize the impact of potential shortcomings? One way could be with a periodic health check of the various independent protection layers (IPLs). According to the latest version of ISA/IEC 61511, functional safety assessments after a period of operation are now required to do exactly this. Bayes rule could then be used to provide a means to visualize the findings using a protection layer “health meter”.
The Bayesian approach starts with the optimistic rare event assumptions. This initial probability distribution is known as the “prior”. The approach combines that with real-world observations, updating the model over time with new evidence, to form a “posterior”. The Bayesian approach allows all relevant evidence to be factored into the model, including subjective data. This approach allows one to base plant health metrics on observed evidence. This turns fantasy into reality. Such an approach will likely show a facility isn’t as good as it hoped it was. When Bayes shows that 10-6/yr can’t be met, a facility will need to step back and ask, “What are we really trying to achieve?”
Every facility needs to focus on the systems that need the most help. The Bayesian approach can show how each individual protection layer is behaving. Advanced warnings could then be given based on evidence. All this is aimed at discovering systematic errors, allowing management to focus on fixing bad actors.