The Italian Mica Project

Methodologies for Safety and Reliability

Contribution to the Task D: Realization of an Integrated Modeling  Environment for the Hardware/Software/Human Components of  Plant Control Room Systems  

Adam Maria Gadomski  - e-paper (26-07-2001)


 The ARCHIVED  PAGES: previous location of this page (before 2000):


Subjects (a proposal): A Meta-Modeling Framework for the Design of Operator's Decisions Intelligent Support Systems (ODISS -type) for High-Risk Industrial-Plants.

The contribution to the Task D of the Project includes a contribution to the formal development of meta-modeling frames for the representation of a plant super-system composed with:

The objective of this work is to develope a conceptual framework in order to analize abnormal super-system behavior from the three generic points of view, i.e.: The conceptualization should cover the following main aspects of the industrial process exploitation:
safety, economy and production [Rasmunssen].

Meta-modeling should provide an instrument to the integrated description of the following main operator generic-top functions :

The above perspective is crucial for the specification of  the hardware/software/human components of the plant control room systems.

A meta-methodological framework employed in this work could be the semi-formal TOGA (Top-down Object-based Goal-oriented Approach) [Gadomski,1993,1994,1995].

The suggested approach should integrate functional and behavioral vision [ Internet: The World of Function] of the generalized plant system (see the SPG.domain modeling framework)

An application of the concept of the Bayesian Believe Network [ Internet: Bayesian Network ] to the cause and consequence searching is considered.

The work will be mainly focused on the safe exploitation of high-risk industrial plants.

Key Definitions

Safety:  an integrated relative property of a system which value inform whether the system is able to cause  losses for humans (harm) and their world. The system can be considered safe or unsafe under a given set of operational conditions.
Safety is a normative concept and represents a consensus of a social object (organization, society, ...) on the level of risk  which can be neglected or not for a predefined goals.
- For example, safety car driving. Sometimes something similar to an absolute scale of risk is implicitly suggested.

Risk (in abstract sense) is an indicator of possible losses, it is proportional to the probability of  a losses generated event and to this losses value.
From the mathematical perspective, it can be normalized in a quantitative and qualitative sense.
For the reason of  different nature of losses we distinguish: human health, environment, economical and cultural risks (a four values vector).
In the static risk analysis, the risk concept is related to the materials which can cause losses generation process. In this context the probability of contact with a risky material is assumed constant and not neglected, therefore the risk value is accepted to be proportional to the possible consequences of contacts with, for example, a toxic substance.
In consequence the risk can be proportional to the values of specific attributes of the event, such as a 'distance' and 'time of  exposure'.
- Summarizing, in every concrete situation, a safety indicator value ( independently on a scale assumed) always depends on risk estimation methods and  on the criteria of socio-political consensus of humans.

Reliability: an integrated  property of a designed system which determines if/how the system satisfies the designed functions. Its value is usually determined as a probability of the lack of loss of function over a given period of time under a given set of operational conditions.

Fault: an abnormal condition that may cause a reduction in, or loss of, the capability of a functional unit to perform a requested function [ISO/IEC Inf.Technology Vocabulary].

Failure: a termination of the ability of a functional unit to perform a requested function [ISO/IEC Inf.Technology Vocabulary].

Human error: human action or inaction that can produce unintended results  [ISO/ ITC Information Technology Vocabulary,96].

Function; a goal-oriented property of  an artificial system [ TOGA meta-theory,89].


Fig.1. SAFETY BARIERS:  Possible domains of intervention .

The adequate technologies employed are illustrated on Fig.2.


From the perspective of the safety operator-plant interactions in the control room, all causes of the possible plant failures are localized in the layers presented on the Fig.1. but, of course, not all properties of these layers influence the plant safety.
The results of the contribution to the project should be focused on the general re-engineering purposes. 



This research is continued in the frame of new ENEA's mission