Reliability Analysis Method of a Control System for Subsea All-Electric Christmas Tree
https://doi.org/10.1007/s11804-021-00200-7
-
Abstract
The subsea all-electric Christmas tree (XT) is a key equipment in subsea production systems. Once it fails, the marine environment will be seriously polluted. Therefore, strict reliability analysis and measures to improve reliability must be performed before a subsea all-electric XT is launched; such measures are crucial to subsea safe production. A fault-tolerant control system was developed in this paper to improve the reliability of XT. A dual-factor degradation model for electrical control system components was proposed to improve the evaluation accuracy, and the reliability of the control system was analyzed based on the Markov model. The influences of the common cause failure and the failure rate in key components on the reliability and availability of the control system were studied. The impacts of mean time to repair and incomplete repair strategy on the availability of the control system were also investigated. Research results show the key factors that affect system reliability, and a specific method to improve the reliability and availability of the control system was given. This reliability analysis method for the control system could be applied to general all-electric subsea control systems to guide their safe production.Article Highlights• A dual-factor degradation model for electronic control system components is proposed to improve the evaluation accuracy, and the reliability of the control system is analyzed based on the Markov model.• The influences of the common cause failure (CCF) and the failure rate in key components on the reliability and availability of the control system with the series, parallel, or two-out-of-three voting system were studied respectively.• This reliability analysis method for the subsea all-electric Christmas tree control system could be applied to general all-electric subsea control systems to guide the safe production. -
1 Introduction
Deyab et al. (2018) identified that offshore oil and gas processing equipment operating in harsh environments poses a high risk, which is further increased by harsh environments. Process safety, risk analysis, and reliability evaluation have paramount significance in modern process industries for preventing fatalities and asset and reputation losses caused by an accident (Cai et al. 2019, Wang et al. 2019c, Liu et al. 2020). Subsea all-electric XTs are critical pieces of equipment in subsea production system (Liu et al. 2019a, b). The control system of subsea all-electric Christmas trees (XT) is crucial to ensure the safe production of the equipment. Once a failure occurs, the equipment loses control and will have unimaginable consequences. When an oil spill occurs, the control system will fail to shut down the equipment, thereby causing serious environmental pollution. Leaked oil and gas floating on the sea surface are very likely to cause fire and other safety accidents. Therefore, the reliability of the subsea XT is crucial to ensure the safe production of the subsea system (Artana et al. 2018).
Research on subsea all-electric production system is a current development trend and has unmatched advantages. The all-electric system involves a large number of electronic components; therefore, the theory and technology for reliability evaluation of all-electric control systems have become a hot research topic (Abaei et al. 2018). Reliability evaluation enables the identification of problems at different life cycle stages of a system or equipment. Even certified and tested equipment may experience problems during operation because of incorrect installation, operating environment, operator error, or lack of maintenance (Bitanov 2015; Wang et al. 2020). More importantly, once subsea equipment has been installed, it must be transported to shore for maintenance and repair, which involves considerable financial and material resources. The best way to avoid such large maintenance costs is to improve the reliability of subsea equipment by performing a reliability evaluation before the equipment is launched. Moreover, a reliability evaluation guides the maintenance for engineering staff.
Wanvik, a researcher at the Norwegian University of Science and Technology (Wanvik 2015), identified that oil and gas development in the Arctic is an ongoing process. Subsea XT systems are the only viable equipment that can be utilized in this area because of the presence of ice and icebergs. The Arctic ecosystem is fragile, and oil spills in this area can have irreversible effects; therefore, highly reliable and safe subsea XT systems are required. Safe and reliable subsea production systems will become increasingly important. Chess Subsea Engineering, a world-renowned marine technology service company, developed a reliability model of the subsea XT and its control system over an 8-week period from January 2016 to March 2016 and subsequently performed a reliability evaluation of the subsea XT. From this work, the company accumulated a large volume of data that have important reference value. Silva et al. (2018) used the fault tree model to perform function definition and function analysis of a subsea electrohydraulic control production system, including the electrohydraulic composite tree control system, using data provided by the Offshore Reliability Data Handbook (OREDA Handbook 2002; Moss 2005; Participants 2002; Sandtorv et al. 1996) and completed quantitative and qualitative analyses of its reliability. After the system had operated for 7400 and 26 500 h, its reliability dropped to 82.65% and 17.35%, respectively. This valid and necessary information is vital to enable product planning, operation, and maintenance staff to maintain high availability of production and systems and increase business profitability. Based on a subsea control module (SCM) of the subsea XT, Yu and Zhao (2013) performed reliability evaluation of SCM and fault data analysis of the field data collected during its continuous operation without failure.
Using existing statistical methods (Markov methods that are inference methods based on mathematical formulas), Bitanov (2015) developed reliability and life cycle analysis models to analyze the functions of SCM and, then, performed a fault analysis and reliability evaluation of SCM. Working environment factors have little effect on the performance reliability of SCM; however, the equipment manufacturer (brand) has a considerable impact on its reliability. Stendebakken (2014) used two reliability analysis methods based on commercially available subsea vertical XT reliability assessment data, including forward derivation and reverse derivation, and studied some important factors (related to installation, human intervention, and subsea operations) that influence the reliability and availability of the subsea XT system. Wanvik (2015) studied the main functions of the subsea XT and the reliability of its main components. Additionally, with the use of RAM analysis software, the Monte Carlo method (Barbosa et al. 2019; Cao et al. 2020) was applied to study the reliability, availability, and maintainability of the subsea XT. It also described the differences between the main configurations of the subsea XT and the impact of these differences on the reliability of the subsea production system.
Reliability evaluation methods can be divided into three categories: model-based, signal-based, and data-driven methods (Venkatasubramanian et al. 2003; Henriquez et al. 2013; Labovská et al. 2014; Liu et al. 2020). The model-based method focuses on building mathematical models of complex industrial systems, while the signal-based method compares the detected signal with prior information obtained from a normal industrial system and uses the detected signal to perform real-time online reliability evaluation (Feng et al. 2015). However, for complex industrial and process systems, obtaining accurate mathematical models and signals is difficult. Therefore, data-driven methods that rely on historical data for reliability evaluation, which are particularly suitable for complex industrial systems, are used in such cases. Examples of the three basic analysis methods include the GO-FLOW model method (Matsuoka and Kobayashi 1988), stochastic Petri net (Volovoi 2004; Chen et al. 2018; Li et al. 2018), Markov network (Li et al. 2019), Bayesian network (BN) (Konovessis et al. 2013; Toroody et al. 2016), fault tree (Choi and Chang 2016), and other methods. These methods are widely used in reliability evaluation, risk analysis, and fault diagnosis of subsea production systems (Bhattacharyya and Cheliyan 2019). Data-driven methods such as BN can solve problems in complex systems where knowledge about the system is not enough to apply a model-based method (Nhat et al. 2020). Don and Khan (2019) presented a novel methodology for fault detection and diagnosis based on a combined approach of data and process data-driven techniques. The hidden Markov model detects abnormalities based on process history, while BN diagnoses the root causes of faults. Ramos and de Souza (2017) evaluated the reliability and availability of subsea oil production systems based on stochastic Petri net and conducted a sensitivity analysis to indicate that a long mean time to repair (MTTR) and mean time to failure correspond to increased impact on the availability results. For the underwater BOP system, Elusakin and Shafiee (2020) proposed a reliability analysis method based on stochastic Petri net and a reliability block diagram. In their reliability analysis process, system degradation factors and condition detection information were added to evaluate the performance of five BOP subsystems in terms of their availability, reliability, and mean time between failures. Wang et al. (2019a) established a stochastic defect growth model for reliability evaluation of corroded underground pipelines using Markov model. Wang et al. (2020) proposed a reliability evaluation method of a multistate pipeline system with reconfiguration to identify the non-adjacent transferable Markov model with both deterioration and repairable processes. Kim et al. (2014) proposed a Markov model by considering the demand rate for reliability assessment of subsea production systems. Zhang et al. (2014) evaluated the reliability of offshore oil production systems based on a segmented deterministic Markov process and verified the feasibility of the proposed method by comparing it with the Monte Carlo method and Petri net. Wang et al. (2018) used a Markov process and a multifactor model to model the reliability and safety of the SCM electrical control system of a subsea all-electric XT by considering the impact of multiple factors, including fault detection rates, CCF, and the failure rate of each module to evaluate the impact of system reliability and safety. Based on the traditional non-redundant programmable logic controller system, Wang et al. (2019b) proposed and designed a parallel cross-redundant system for the SCM electrical control system of the subsea all-electric XT to improve the reliability of SCM. Based on the reliability block diagram and system logic relationship, a directional system decomposition method was proposed, which effectively reduced system dimension and solved the system state-space explosion problem caused by the number of system components in Markov models. System reliability and mean time to failure models were established, and the Markov model was used to establish a reliability model. Lyu et al. (2014) proposed a BN model for series, parallel, and voting systems by considering CCF and coverage factors. The model was used to evaluate the reliability of the subsea XT control system at any time, and the difference between posterior probability and prior probability of each component in the event of system failure was obtained. The effects of CCF and single-component failure rate on system reliability were studied. Zhang et al. (2016) used BNs to quantitatively evaluate the reliability of subsea production systems, including the subsea XT, in the early design stages. Reliability evaluation has not only become increasingly important in the field of ocean engineering but also has become an indispensable link in designing ocean equipment.
The focus of these studies is to explore the impact of some traditional factors, such as mean maintenance time and coverage factor, on system reliability, and such exploration is especially suitable for real-time and static evaluation of system reliability. The research process assumes that the component failure rate is a fixed value and it ignores the objective changes in the component failure rate, which has a certain impact on the reliability evaluation accuracy. However, few scholars have studied the reliability evaluation method for the all-electric XT control system. To solve the above problems, this paper proposes a reliability evaluation method for the XT control system considering the degradation probability of the dual factors of the components. This method has the following advantages: first, because the all-electric XT control system is composed of many components, the overall Markov model is complex, which is not conducive to calculation and analysis. Therefore, the control system is divided into two parts—ground control system and subsea control system—for analysis, which effectively avoids the problem of state-space explosion caused by Markov model as the number of components increases; second, the ground and subsea maintenance strategies and component forms are very different due to the particularity of the all-electric XT control system; therefore, a two-part analysis can serve as a targeted method to improve the reliability of the system; and third, a dual-factor degradation model for electrical control system components is proposed to improve the evaluation accuracy.
2 Modeling Subsea All-Electric XT Control System
2.1 Subsea All-Electric XT Control System
The subsea all-electric XT is an all-electric control system. A fault tolerance technique is adopted to satisfy the requirement of high system reliability. In this way, failure of some parts will not undermine the normal operation of the entire control system. The principle of the control system for the subsea all-electric XT is shown in Figure 1, which is divided into the ground control and subsea control systems. The XT control system mainly consists of the master control station (MCS), control and communication unit (CCU), ground power distribution unit (GPDU), uninterruptible power supply (UPS), subsea power modulation and communication unit (SPMCU), SCM, drive unit (DU), valves, and sensors.
Figure 1 Schematic of subsea all-electric XT control systemGround control system: The MCS is the core and brain of the control system. It issues all control commands, and the sensor data are recovered to realize real-time monitoring of the working status. The CCU is composed of three PLC. The MCS sends control instructions to the CCU to complete the order. Simultaneously, the CCU reports the collected data to the MCS. The GPDU mainly has two functions. First, it provides electrical support for the mechanical system and the control system and, second, it realizes photoelectric conversion of the control signal. The UPS, which is connected to the system for power supply, is used as a redundant power support measure for when the main power supply system fails.
Subsea control system: The power and communication signals transmitted from the shore are modulated and sent to the SCM by the SPMCU. The SCM is installed on the all-electric XT and directly controls the valve DU. Each DU drives the opening and closing of the valve through servomotors.
The subsea all-electric XT demands extremely high reliability. Thus, the control system design of the whole machine adopts the fault tolerance technique. The units of various electric equipment are connected in series, parallel, or the two-out-of-three voting system mode. A triple-module redundancy system is constructed as a whole, and the CCU consists of three PLC processors with the same model. Failure is allowed to happen on one of the PLC processors, while the other two functioning PLC processors are still able to execute control instructions normally. Similarly, the terminal valve drive module includes three identical servomotors; one of them is allowed to undergo failure, while the two remaining servomotors could complete the driving process.
Two control circuits—the master control and the standby control circuits—are found at the left and right side from the MCS to the terminal. Any one of the two control circuits could perform the control of the system, and in normal working conditions, the master control circuit functions, while the standby control circuit provides backup. Once the master control circuit fails, the standby control circuit will immediately step in and perform the control functions. Both circuits are configured in double-module redundancy and are in parallel; thus, failure in one circuit will not influence the operation of the other. Electrical modules in each control circuit have series structures. However, they have more than two identical electrical units in one module subject to specific needs. Therefore, redundant configuration of electrical units is realized in each module, and the number in the figure denotes the number of electric units in the corresponding module.
2.2 Markov Model of Control System
The CCU and the terminal DU are triple-module redundancy control systems with a two-out-of-three voting system. Three PLC processors and three servomotors execute 3-2-1-0 voting, while both the GPDU and the SPMCU adopt the double-module redundant parallel system and execute 2-1-0 voting. The results of 3-2-1-0 voting and 2-1-0 voting are shown in Table 1, in which A, B, and C represent operation units, and 1 means normal function, while 0 means failure. 3-2-1-0 voting allows one component to fail, and the remaining two components can still ensure that the system works normally. When two or more components fail, the system fails. Similarly, 2-1-0 voting allows only 1 component to fail.
Table 1 Voting results of 3-2-1-0 and 2-1-0A B C 3-2-1-0 2-1-0 1 1 1 1 – 1 1 0 1 – 1 0 1 1 – 0 1 1 1 – 1 0 0 0 – 0 1 0 0 – 0 0 1 0 – 0 0 0 0 – 1 1 – – 1 1 0 – – 1 0 1 – – 1 0 0 – – 0 As the entire control system is composed of many components, the overall Markov model is extremely complicated, which is not conducive to calculation and analysis. Therefore, the entire control system is divided into the ground control system and the subsea control system for analysis. The problem of state space explosion caused by Markov model with the increase in the number of components is effectively avoided. Also, ground and subsea maintenance strategies and component forms vary because of the particularity of the subsea all-electric tree control system. A two-part analysis can not only improve the accuracy of the evaluation results but also provide targeted feedback to determine ways to improve system reliability.
The ground control system consists of 1 MCS, 2 UPSs, 3 PLCs, and 4 GPDUs, while the subsea control system comprises 1 SCM, 3 DUs, and 4 SPMCUs. Seventeen states are defined for the ground control system and denoted by circles, with S0–S15 representing normal working states for the system, while SF1 indicates that the ground system fails. The number in the circles denotes the number of GPDUs, PLCs, UPSs, and MCS in a normal working state from left to right when the system is functioning.
For example, "4321" for state S1 means that 4 GPDUs, 3 PLCs, 2 UPSs, and 1 MCS are working normally. States S1–S15 are degraded from S0, indicating that the control system is still working even though one or more parts have failed, which fully demonstrates the reliability of the fault tolerance technique for the control system. Similarly, 9 defined states exist in the subsea control system, and the numbers in the circle are the number of normal working SPMCUs, DUs, and SCM from left to right, while SF2 means that the subsea control system fails. Markov models for the ground control system and the subsea control system are established based on the 3-2-1-0 and 2-1-0 voting systems and the control system. CCF means that two or more redundancies fail simultaneously due to a common cause (Sakurahara et al. 2019; Chebila 2018). In this paper, the fault tolerance technique is used to design the subsea all-electric XT control system. However, CCF nullifies the advantages of the fault tolerance technique. The influence of CCF on the reliability of the fault-tolerant control system for the subsea all-electric XT is discussed. As shown in Figures 2 and 3, the Markov models for the ground control system and the subsea control system are established without considering CCF for the all-electric tree control system.
Figure 2 Markov model for the ground control system without considering CCF
Figure 3 Markov model for subsea control system without considering CCFIn the Markov model without considering CCF, the case of a single-component failure is considered under the situation of redundant combination for the same model. For instance, the transition from state "S0, 4321" to state "S3, 3321" exists, signifying that only one GPDU fails, while the transition from state "S0, 4321" to state "S7, 2321" is not considered. This type of transition is called one-level degradation transition. Therefore, one-level degradation transition only considers the situation where only one component of the redundant components of the same type fails.
Based on Figures 2 and 3, a Markov model that considers CCF is established. Under the situation of a redundant combination for the same model in the control system considering CCF, two or more components may fail simultaneously. For example, the transition from state "S0, 4321" to state "S7, 3321" means that two GPDUs fail; this condition is called multilevel degradation transition with CCF taken into consideration. Similarly, the transition from state "S0, S1, S1, S2, S2, S3, S4, S4, S5, S6, S8" to state "S11, S9, S13, S10, S14, S11, S12, S15, S13, S14, S15" occurs in the ground control system. The transition from state "S0, S0, S1, S1, S2, S4" to state "S3, S6, S5, S7, S6, S7" occurs in the subsea control system. The established Markov models for the all-electric XT control system considering CCF are shown in Figures 4 and 5. The red arrow in the figure indicates the arc of the state transition considering CCF.
Figure 4 Markov model for the ground control system considering CCF
Figure 5 Markov model for subsea control system considering CCFBased on the memoryless characteristic of the Markov model, the reliability and time to repair components should follow the exponential distribution. The directed arc means that the component transitions from one state to another and the symbol on top of the arc show the state transition probability. For instance, in the Markov model for the ground control system, the transition probability from state "S14, 1221" to state "SF1" is λGPDU + 2λPLC + λUPS + λMCS, which indicates that 1 GPDU or 1 UPS or 1 MCS or 1 PLC out of 2 PLCs fails. Definitions for the failure rates of components are shown in Table 2. The repair rate of all the components is defined as α. The ground control system is located on land and can be repaired at any time. Thus, each component has an arc pointing toward state S0. In contrast, the subsea control system is salvaged onto land for repair when the overall system fails to function. Thus, the repair rate arc exists only from state SF2 to state S0.
Table 2 Definitions for the failure rates of componentsSymbol Definition Failure rate (h−1) λGPDU Failure rates of GPDU 4.9576 × 10−6 λPLC Failure rates of PLC 5.3747 × 10−6 λUPS Failure rates of UPS 1.015 × 10−6 λMCS Failure rates of MCS 3.3573 × 10−6 λSPMCU Failure rates of SPMCU 4.9576 × 10−6 λDU Failure rates of DU 2.1373 × 10−6 λSCM Failure rates of SCM 0.8215 × 10−6 2.3 Dual-Factor Degradation Model of Control System Components
The aging of electrical components occurs objectively over time (Cao et al. 2019). Additionally, the influence of other factors on the components will change the failure rate. Therefore, the traditional reliability evaluation method assumes that the failure rate of the component remains unchanged and the evaluation result is deviated from the actual result. The performance of electrical components will naturally deteriorate as the working time increases, which is why the reliability degradation trend under natural use needs to be considered. Personnel experience and improper operation also have a certain impact on the reliability of the control system. Even rigorously trained and experienced operators can perform misoperations, which is one of the influencing factors to be considered in the control system reliability evaluation process. Therefore, we propose a dual-factor degradation model for the reliability evaluation of the control system to improve the evaluation accuracy. Dual factors are component degradation factor and human misoperation factor.
2.3.1 Component Degradation Factor
The components of the electrical control system of the all-electric XT comply with the general life cycle degradation law of general electrical components, and the reliability of each component after degradation is calculated according to Eq. (1):
$$ R(t)={\mathrm{e}}^{-\lambda t}\kern0.5em \left(t \gt 0\right)\kern0.5em $$ (1) The relationship between the instantaneous failure rate and the reliability of the component is shown in Eq. (2), where f(t) is the failure probability density function and follows the Weibull distribution (Lihou and Spence 1988). The values of the Weibull distribution parameters of the corresponding components of the all-electric tree control system are shown in Table 3 (Cai et al. 2016a, b). Finally, the degraded failure rate of the component (Γ) after a specific time can be obtained.
$$ \varGamma =\frac{f(t)}{R(t)}=\frac{f(t)}{{\mathrm{e}}^{-\lambda t}}\kern0.5em \left(t \gt 0\right) $$ (2) Table 3 Parameters of the Weibull distribution for components of control systemComponents Parameters Shape Scale GPDU 2.3 6800 PLC 1.9 7450 UPS 2.1 7050 MCS 2.9 9860 SPMCU 2.3 6800 DU 2.5 8400 SCM 2.9 9860 2.3.2 Human Misoperation Factor
Misoperation occurs randomly and with a certain probability during the production process of natural persons (Xie and Guo 2018), which should conform to the normal distribution and follow the 3σ principle. Its probability density function is shown as follows:
$$ f(x)=\frac{1}{\sqrt{2\pi}\sigma }{\mathrm{e}}^{-\frac{{\left(x-\mu \right)}^2}{2{\sigma}^2}} $$ (3) Assume that the engineering personnel underwent strict training and their work has high operation accuracy. Therefore, they believe that the probability of misoperation should be P{x − μ > 3σ}, which is a small probability event. Thus, the probability of the component degradation due to the superposition of the human misoperation factor is as follows:
$$ {\lambda}_x=\varGamma \cdotp \left(1-P\left(|x-\mu | \gt 3\sigma \right)\right)=\frac{f(t)}{{\mathrm{e}}^{-\lambda t}}\cdotp P\left(|x-\mu | \lt 3\sigma \right) $$ (4) where λ is the component failure rate, Γ is the degraded failure rate of the component after a specific time, and λx is the calculated component failure rate after considering the influence of dual factors.
2.4 State Transition Matrix for Control System Without Considering Common Cause Failure
Before the state transition matrix of the control system is calculated, some basic assumptions are made.
1) At the initial state of the control system, all the components function without failed parts.
2) The failure rate and the repair rate follow exponential distribution.
3) The states of all the components are independent of each other.
4) The repair rates are all α.
5) The repaired system can be recovered to the initial state.
6) The reliability of the remaining components is 1.
Three connection methods for the control system exist: series, parallel, and the two-out-of-three voting system. When two components are connected in series, the series state transition matrix PS is as follows:
$$ {\boldsymbol{P}}_S=\left[\begin{array}{cc}1-{\lambda}_x& {\lambda}_x\\ {}\alpha & 1-\alpha \end{array}\right] $$ (5) where λx is the failure rate of series components, while the subscript x denotes the name of the corresponding component. α is the repair rate, as described above.
In parallel cases, four components in parallel are taken as an example, and the parallel state transition matrix PP is as follows, where the numbers 1–4 represent the serial number of the four components, respectively, with the same model:
$$ {\boldsymbol{P}}_P=\left[\begin{array}{ccccc}1-{\lambda}_1& {\lambda}_1& 0& 0& 0\\ {}\alpha & 1-\alpha -{\lambda}_2& {\lambda}_2& 0& 0\\ {}\alpha & 0& 1-\alpha -{\lambda}_3& {\lambda}_3& 0\\ {}\alpha & 0& 0& 1-a-{\lambda}_4& {\lambda}_4\\ {}\alpha & 0& 0& 0& 1-\alpha \end{array}\right] $$ (6) The state transition matrix PT for the case connected by the two-out-of-three voting system is as follows, and its symbols are consistent with the series and parallel state transition matrices:
$$ {\boldsymbol{P}}_T=\left[\begin{array}{ccc}1-{\lambda}_1& {\lambda}_1& 0\\ {}\alpha & 1-\alpha -{\lambda}_2& {\lambda}_2\\ {}\alpha & 0& 1-\alpha \end{array}\right] $$ (7) Starting from the initial state, according to the connection mode of each component, a corresponding state transition matrix can be obtained without considering common cause failure. Matrix elements can be transformed into the transition probability on the state transition arc, as shown in Figures 2 and 3.
Each state possesses the Markov characteristic, and the repair rate (Carroll et al. 2016) can be calculated by
$$ \alpha =\frac{1}{\mathrm{MTTR}} $$ (8) where α is the component repair rate and MTTR is the mean time to repair for the component. To simplify the calculation of the Markov model for the control system, the MTTR of each component is assumed to be the same and set to 5 h based on experience.
2.5 State Transition Matrix for Control System Considering Common Cause Failure
If CCF is considered, then the transition from one state to another is multilevel degradation, which exists only when components with the same model are non-series-connected. In the specific control system in this paper, CCF refers specifically to the failure of multiple components of the same type. Series components in the proposed control system are different types of components. Therefore, when two components are connected in series, the failure of one component will cause the series circuit to fail. Thus, considering CCF is meaningless because the state transition matrix is the same as the one when CCF is not considered:
$$ {\boldsymbol{P}}_S^{\prime }=\left[\begin{array}{cc}1-{\lambda}_x& {\lambda}_x\\ {}\alpha & 1-\alpha \end{array}\right] $$ (9) The symbols in the equation are the same as above.
The parallel state transition matrix $ {\boldsymbol{P}}_P^{\prime } $ when CCF is considered is shown below. When same-model components are connected in parallel, such as in a case of four identical components, the number 4 in the equation means that four parallel components exist; (4, 1) means that one of the four identical components fails, while (4, 4) means that all four of the identical components fail.
$$ {\boldsymbol{P}}_P^{\prime }=\left[\begin{array}{ccccc}1-{\lambda}_{\left(4, 1\right)}-{\lambda}_{\left(4, 2\right)}-{\lambda}_{\left(4, 3\right)}-{\lambda}_{\left(4, 4\right)}& {\lambda}_{\left(4, 1\right)}& {\lambda}_{\left(4, 2\right)}& {\lambda}_{\left(4, 3\right)}& {\lambda}_{\left(4, 4\right)}\\ {}\alpha & 1-\alpha -{\lambda}_{\left(3, 1\right)}-{\lambda}_{\left(3, 2\right)}-{\lambda}_{\left(3, 3\right)}& {\lambda}_{\left(3, 1\right)}& {\lambda}_{\left(3, 2\right)}& {\lambda}_{\left(3, 3\right)}\\ {}\alpha & 0& 1-\alpha -{\lambda}_{\left(2, 1\right)}-{\lambda}_{\left(2, 2\right)}& {\lambda}_{\left(2, 1\right)}& {\lambda}_{\left(2, 2\right)}\\ {}\alpha & 0& 0& 1-a-\lambda & \lambda \\ {}\alpha & 0& 0& 0& 1-\alpha \end{array}\right] $$ (10) In the above equation, λ1 represents the probability when one of the four components fails, $ {\lambda}_1^2 $ represents the probability when two of the four components fail, $ {\lambda}_1^3 $ means the probability when three of the four components fail, and $ {\lambda}_1^4 $ means the probability when all four components fail.
In the case of CCF, the state transition matrix $ {\boldsymbol{P}}_T^{\prime } $ for the case connected by the two-out-of-three voting system is shown below, and the symbols are consistent with those in $ {\boldsymbol{P}}_P^{\prime } $. The difference is that in the two-out-of-three voting system, a case does not exist in which four components with the same model are connected, and it is not possible for only one component to function. Thus, the first row of the $ {\boldsymbol{P}}_P^{\prime } $ is omitted and the third row is modified.
$$ {\boldsymbol{P}}_T^{\prime }=\left[\begin{array}{cccc}1-{\lambda}_{\left(3, 1\right)}-{\lambda}_{\left(3, 2\right)}-{\lambda}_{\left(3, 3\right)}& {\lambda}_{\left(3, 1\right)}& {\lambda}_{\left(3, 2\right)}& {\lambda}_{\left(3, 3\right)}\\ {}\alpha & 1-\alpha -{\lambda}_{\left(2, 1\right)}-{\lambda}_{\left(2, 2\right)}& {\lambda}_{\left(2, 1\right)}& {\lambda}_{\left(2, 2\right)}\\ {}\alpha & 0& 1-\alpha & 0\\ {}\alpha & 0& 0& 1-\alpha \end{array}\right] $$ (11) Starting from the initial state, according to the connection mode of each component, a corresponding state transition matrix can be obtained with the common cause failure taken into consideration. Matrix elements can be transformed into the transition probability on the state transition arc, as shown in Figures 4 and 5.
2.6 Validation of Modeling
Validation is an important aspect of a proposed model because it provides a reasonable amount of confidence to the results of the model. Several approaches are applied appropriately to the different aspects of a particular model, including sensitivity analysis, response analysis, response surface modeling, and external validation (Rathnayaka et al. 2012). To perform a full validation of the model, the parameters used would need to be closely monitored for a long period of time. For the subsea XT control system, such long-term monitoring is obviously an impractical exercise. In the current work, a three-axiom-based sensitivity analysis method is used for partial validation of the proposed modeling. The following three axioms should be satisfied (Jones et al. 2010):
1) A slight increase/decrease in the failure rate of one component should certainly result in the relative increase/decrease of the evaluation result.
2) Given the variation of the failure rate of components, its influence magnitude on the evaluation result should remain consistent.
3) The total influence magnitudes of the combination of the probability variations from λx attributes on the values should always be greater than that from λy (λx > λy) attributes.
3 Analysis of Reliability and Availability for Control System
3.1 Instantiation of State Transition Matrix
The state probability M(t) of the system at a certain moment can be obtained based on the state transition matrix above, which is shown in the following equation:
$$ M(t)={\boldsymbol{S}}_0\cdotp \boldsymbol{P}(t) $$ (12) where S0 is the initial state probability matrix for the control system. If the control system always starts at a fixed state, then the initial matrix will have only one element, that is, 1, and the matrix is $ \left[1\kern0.5em 0\kern0.5em \begin{array}{cc}L& 0\end{array}\right] $.
P(t) is the state transition matrix at time t. To show the relationship between P(t) and the transition matrices for series, parallel, or two-out-of-three voting system, P(t) is written in the following form. For the ground control system, 17 system states exist.
$$ \boldsymbol{P}{(t)}_G=\left[\begin{array}{ccccc}{a}_{0000}& {a}_{0001}& {a}_{0002}& \cdots & {a}_{0016}\\ {}{a}_{0100}& {a}_{0101}& {a}_{0102}& \cdots & {a}_{0116}\\ {}{a}_{0200}& {a}_{0201}& {a}_{0202}& \cdots & {a}_{0216}\\ {}\vdots & \vdots & \vdots & \ddots & \vdots \\ {}{a}_{1600}& {a}_{1601}& {a}_{1602}& \cdots & {a}_{1616}\end{array}\right] $$ (13) where the first two digits of the four-digit number means the initial state at the moment and the following two digits represent the prescribed state after transition from the initial state. For example, "a0302" means the transition rate from state "S3" to state "S2" in the ground control system Markov model. If a transition arc exists, then the transition rate is the value of the expression on top of the arc; if no transition arc exists, then the transition rate is 0.
For instance, when CCF is considered, P(t)G is quantized as:
(14) Nine system states for the subsea control system exist, and P(t) is written as:
$$ \boldsymbol{P}{(t)}_S=\left[\begin{array}{ccccc}{a}_{0000}& {a}_{0001}& {a}_{0002}& \cdots & {a}_{0008}\\ {}{a}_{0100}& {a}_{0101}& {a}_{0102}& \cdots & {a}_{0108}\\ {}{a}_{0200}& {a}_{0201}& {a}_{0202}& \cdots & {a}_{0208}\\ {}\vdots & \vdots & \vdots & \ddots & \vdots \\ {}{a}_{0800}& {a}_{0801}& {a}_{0802}& \cdots & {a}_{0808}\end{array}\right] $$ (15) For instance, when CCF is considered, P(t)S is quantized as:
(16) The reliability of a system is a performance indicator that evaluates the normal operation for an uninterrupted period in a certain system. In detail, it is a function of working time and failure rate for a system that starts to work till failure without repair in the process. The availability of a system is an indicator of the evaluation of operation capability in a certain system life circle. It allows for repair and recovery to work if components fail in the process and is, thus, a function of repair rate, failure rate, and working time.
The instantaneous availability of the system A(t) can be calculated by the following equation:
$$ A(t)=M(t)\times \boldsymbol{Q}={\boldsymbol{S}}_0\times \boldsymbol{P}(t)\times \boldsymbol{Q} $$ (17) where Q is a one-column matrix. If a certain component in the control system functions normally, then the corresponding element is 1; if it fails, then the element becomes 0. The matrix takes the form of $ {\left[1\kern0.5em 0\kern0.5em \begin{array}{cc}\cdots & 0\end{array}\right]}^{\mathrm{T}} $.
The calculation of the system reliability R(t) is shown by the following equation:
$$ R(t)=\boldsymbol{T}(t)\times \boldsymbol{Q} $$ (18) where T(t) is the matrix excluding the repair rate from M(t).
For components with the same model to fail simultaneously without considering the influence from other impact models (Hokstad and Bodsberg 1989, Cai et al. 2017) and on the premise that components with the same model have the same failure probability, the overall failure probability is the nth power of the failure probability for a single component. For example, if the failure rate of a UPS is λUPS and the probability for two UPSs to fail is $ {\lambda}_{UPS}^2 $, these data are then entered into P(t)G and P(t)S. Thus, the system transition matrices considering or not considering CCF can be obtained. From Eq. (22), the availability of the ground and subsea control system as a function of time t can be derived, and deleting the repair rate in the system transition matrix can obtain the reliability of the ground and subsea control system as a function of time t.
If the availability and reliability probability of the ground control system are recorded as A(t)G and R(t)G, respectively, then the availability and reliability probability of the subsea control system are recorded as A(t)S, and R(t)S, respectively. The availability and reliability calculation formulas of the entire control system are given by Eqs. (24) and (25).
$$ A{(t)}_A=A{(t)}_G\cdotp A{(t)}_S $$ (19) $$ R{(t)}_A=R{(t)}_G\cdotp R{(t)}_S $$ (20) 3.2 Influence of Common Cause Failure on Reliability and Availability for Control System
The system reliability curve in the first 10 000 h and the availability curve in the first 500 h of the ground control system of the subsea all-electric XT are shown in Figure 6. The reliability of the ground control system decreases over time; the decrease in reliability is slow in the first 2000 h and accelerates after 4000 h of continuous working. The system reliability considering CCF decreases more quickly than that of the case without considering CCF. Therefore, CCF could reduce the reliability of a fault-tolerant system and cannot be neglected in the control system of the subsea all-electric XT.
Figure 6 Reliability and availability curves of ground control systemAfter the ground control system has been working for 10 000 h, the reliability considering CCF or not was reduced to ~0.52 and 0.62, respectively. The absolute difference is 0.1, which gradually increases with time, thereby indicating that the working capacity of the system should be paid sufficient attention to avoid failure. A reasonable operation mode requires downtime maintenance when the system has been working for a certain period of time. As can be seen in Figure 6a, when CCF is considered, the system reliability reduces to 0.8 after functioning for ~7000 h in a row, which can be used as the timing node for downtime maintenance in a ground system.
As shown in Figure 6b, when CCF is not considered, the availability of the ground control system basically remains the same. The system can be repaired at any time, which is why the system availability is rather stable. If CCF is considered, the availability of the system quickly reduces to ~0.957 in the first 150 h and slowly decreases afterward, thereby showing that CCF could reduce the availability of the ground system, especially in the first 150 h.
The system reliability curve in the first 10 000 h and the availability curve in the first 500 h for the subsea control system of the subsea all-electric XT are shown in Figure 7. Figure 7a shows that the reliability trend for the subsea control system of the subsea all-electric XT is basically consistent with that of the ground control system. However, within the same time frame, with or without considering CCF, the reliability of the subsea control system is always higher than that of the ground control system. Even when the subsea control system has been working for 10 000 h, the reliability is still higher than 0.85. The reason for this condition is that the subsea control system has only nine system states, whereas the ground control system has 17 system states. Thus, the smaller number of components in the subsea control system than that of the ground control system is conducive to enhancing system reliability. Similarly, CCF could reduce the reliability of the system.
Figure 7 Reliability and availability curves of subsea control systemFigure 7b shows that the availability curve of the subsea control system is different from that of the ground control system. Whether CCF is considered or not, the system availability quickly drops in the first 100 h, and the system availability becomes stable after 150 h. The subsea control system can only be salvaged for repair on land when the whole equipment fail; thus, only one repair arc from state "SF" to "S0" exists, while no other repair arcs pointing to "S0" exist for other states, thereby rapidly reducing the availability of the subsea control system. Similarly, the availability considering CCF is lower than the case without considering CCF, and CCF could reduce the availability of the subsea control system and, thus, is a factor that requires serious consideration for subsea control systems.
The relationship between CCF and the reliability and availability of the entire control system is shown in Figure 8. The figure shows that the CCF has a small impact on the reliability of the entire control system and will cause a slight decrease in reliability. However, the CCF has a greater impact on the availability of the entire control system and will quickly reduce the availability of the fault-tolerant control system. Therefore, CCF is one of the factors that cannot be ignored in an all-electric XT control system.
Figure 8 Reliability and availability curves of entire control system3.3 Influence of MTTR on Availability for Control System
The aforementioned cases suppose that the MTTR of system components is 5 h. In reality, however, the MTTR differs for different types or numbers of failed components. Therefore, the MTTR is a factor that influences the availability of the system. The ground control system and the subsea control system have different maintenance strategies. The ground control system can be repaired at any time, whereas the subsea control system is repaired only when the overall failure occurs. Therefore, the influence of the repair time on the availability of the ground and subsea control system is discussed respectively. For convenience of analysis, the MTTR of each component is still assumed to be the same.
The relation between the MTTR and the availability of the ground control system is shown in Figure 9(a). The MTTR has more obvious effects on the availability of the ground control system, especially when CCF is considered. When the MTTR increases, the rate of decrease in the availability of the ground control system quickens, and when the repair time is ~14 h, the availability reduces to 0.8 with slashed system operation capacity. Therefore, maintaining the MTTR for the control system within a reasonable range is one of the approaches to enhancing system availability.
Figure 9 Relation between the MTTR and the availability of the control systemThe relation between the MTTR and the availability of the subsea control system is shown in Figure 9b. The MTTR has more obvious effects on the availability of the subsea control system whether CCF is considered or not. When the MTTR increases, the availability of the subsea control system decreases, and when CCF is considered, the rate of decrease in the system availability quickens. When the MTTR is ~24 h, the system availability reduces to 0.925. Once the subsea control system fails, it has to be retrieved for repair, thereby causing high maintenance costs. Therefore, to maintain high availability of the subsea control system, controlling the system repair time is an effective approach. To make sure that the availability of the subsea control system is higher than 0.98, the MTTR should be guaranteed to be shorter than 6 h.
The ground control system and the subsea control system have different maintenance strategies. Once the subsea control system fails, all components need to be checked when they are salvaged for maintenance so that the reliability of all components is restored to 100%; this process is called complete repair. In contrast, the ground control system has multiple multilevel degradation transitions, which can be repaired at any time. Therefore, ground control system can be shut down for maintenance at any time. If complete repair is conducted, then the MTTR will increase, so only the faulty component can be repaired. After the repair, the system can work normally, but it does not mean that all components are restored to the initial state; this situation is called incomplete repair. The Markov model of the ground control system considering incomplete repair is shown in Figure 10. The directed arc in the figure indicates the incomplete repair probability arc. The incomplete repair probability of each component is still assumed to be the same.
Figure 10 Incomplete repair probability arc of ground control systemThe relationship between the impact of incomplete repairs on the availability of ground control system is shown in Figure 11. The no-repair curve in the figure represents the trend of system reliability changes. If the components are incompletely repaired, then a certain degree of system availability will occur, resulting in a slight reduction in system availability. The relationship between the MTTR and the availability of the incomplete repair system is shown in Figure 12. The MTTR has a relatively small impact on the availability of the system considering incomplete repair and has a greater impact on the availability of the completely repaired system, thereby accelerating the reduction of system availability. This finding indicates that incomplete repair can greatly reduce the impact of MTTR on the availability of the ground control system. When the MTTR reaches 24 h, the system's availability can still remain above 0.86. For ground control systems, if all components are inspected one by one for complete repair, then it will inevitably lead to an increase in MTTR, which is generally not conducive to maintaining high availability of the system. Therefore, an incomplete repair strategy should be implemented for the ground control system. Once an electrical module failure occurs, a reasonable strategy is to repair the module without comprehensive maintenance, which is beneficial to reducing the MTTR of the module. Considering the entire life cycle of the system, this method effectively improves the availability of ground control systems.
Figure 11 Impact of incomplete repairs on the availability of ground control system
Figure 12 Relation between the MTTR and the availability considering incomplete repair3.4 Influence of Component Failure Rate on Reliability and Availability for Control System
The influence of the failure rate for a single component on the reliability and availability for the ground and subsea control system when CCF is considered, respectively, is studied. The MTTR is set to 5 h, the operating time when investigating the reliability is 1000 h, and the operating time when investigating the availability is 50 h. The relation curves between the component failure rate and system reliability and availability obtained by multiplying the failure rate of each component in a ground control system are shown in Figure 13.
Figure 13 Relation curves between the component failure rate and the reliability and availability of ground control systemA comparison between Figure 13a and b shows that the component failure rate has a relatively large impact on the reliability of the system while having little influence on the availability of the system. In detail, the influence of the component failure rate on the reliability of the system can be ranked as MCS > UPS > PLC > GPDU, in which the failure rate of the MCS has the largest impact on the decrease in the reliability of the ground control system. When the failure rate of the MCS is enhanced to 2.7 times the original value, the reliability of the ground control system is reduced to 0.97. Therefore, the failure rate of the MCS should be reduced as much as possible to improve system performance.
The relation curves between the component failure rate and system reliability and availability for the subsea control system are shown in Figure 14. The influence trends of the component failure rate in the subsea control system on reliability and availability are basically the same. As the component failure rate increases, the system reliability and availability quickly decreases. The influence of the component failure rate on both the reliability and the availability of the subsea control system can be ranked as SCM > SPMCU > DU, in which the failure rate of the SCM has the largest impact with a nearly linear descent trend and the largest slope. When the failure rate of the SCM is enhanced to be around 2.6 times of the original value, the reliability and the availability for the subsea control system are reduced to 0.98 and 0.97, respectively. Thus, the failure rate of the SCM should be reduced to improve the system reliability and availability.
Figure 14 Relation curves between the component failure rate and the reliability and availability of subsea control systemThe relationship between the component failure rate and the reliability and availability of the entire control system is shown in Figure 15. The percentage in the figure indicates the multiple of the component failure rate. With the increase in the component failure rate, MCS gradually dominates the reliability of the entire control system, and the GPDU failure rate has the lowest impact on the reliability of the system. SCM has always dominated the availability of the entire control system, and PLC has the lowest impact on the availability of the entire system. Therefore, the failure rate of MCS should be decreased to improve the reliability of the entire control system, and the failure rate of SCM should be decreased to improve the availability of the entire system.
Figure 15 Relation curves between the component failure rate and the reliability and availability of entire control system4 Conclusions
In this paper, Markov models for the ground control system and the undersea control system for the subsea all-electric XT were established based on Markov theory. A dual-factor degradation model for electrical control system components was proposed, and the influences of the CCF and the failure rate in key components on the reliability and availability of the control system with the series, parallel, or two-out-of-three voting system were studied. The impacts of MTTR and incomplete repair strategy on the availability of the control system were studied, and the following results were obtained:
1) For the same operation time, the reliability and availability of the ground control system decreased more rapidly than those of the subsea control system, especially the system reliability.
2) When CCF was considered, the system reliability and availability both decreased unlike in the case without considering CCF, and the CCF had a greater impact on the system availability.
3) The influence of the MTTR had a greater impact on the system availability, and incomplete repair strategy should be considered to improve the availability of shore-based control systems. For the ground control system, the increase in the MCS failure rate had the largest influence on the reduction in reliability; for the subsea control system, the increase in the SCM failure rate had the largest influence on the reduction in reliability and availability. The failure rate of MCS should be decreased to improve the reliability of the entire control system, and the failure rate of SCM should be decreased to improve the availability of the entire system.
4) If CCF was considered, the ground control system needs downtime maintenance after working continuously for approximately 7000 h to enhance system reliability. As for the subsea control system, the MTTR should be shorter than 6 h to ensure that the availability is above 0.98.
-
Figure 1 Schematic of subsea all-electric XT control system
Figure 2 Markov model for the ground control system without considering CCF
Figure 3 Markov model for subsea control system without considering CCF
Figure 4 Markov model for the ground control system considering CCF
Figure 5 Markov model for subsea control system considering CCF
Figure 6 Reliability and availability curves of ground control system
Figure 7 Reliability and availability curves of subsea control system
Figure 8 Reliability and availability curves of entire control system
Figure 9 Relation between the MTTR and the availability of the control system
Figure 10 Incomplete repair probability arc of ground control system
Figure 11 Impact of incomplete repairs on the availability of ground control system
Figure 12 Relation between the MTTR and the availability considering incomplete repair
Figure 13 Relation curves between the component failure rate and the reliability and availability of ground control system
Figure 14 Relation curves between the component failure rate and the reliability and availability of subsea control system
Figure 15 Relation curves between the component failure rate and the reliability and availability of entire control system
Table 1 Voting results of 3-2-1-0 and 2-1-0
A B C 3-2-1-0 2-1-0 1 1 1 1 – 1 1 0 1 – 1 0 1 1 – 0 1 1 1 – 1 0 0 0 – 0 1 0 0 – 0 0 1 0 – 0 0 0 0 – 1 1 – – 1 1 0 – – 1 0 1 – – 1 0 0 – – 0 Table 2 Definitions for the failure rates of components
Symbol Definition Failure rate (h−1) λGPDU Failure rates of GPDU 4.9576 × 10−6 λPLC Failure rates of PLC 5.3747 × 10−6 λUPS Failure rates of UPS 1.015 × 10−6 λMCS Failure rates of MCS 3.3573 × 10−6 λSPMCU Failure rates of SPMCU 4.9576 × 10−6 λDU Failure rates of DU 2.1373 × 10−6 λSCM Failure rates of SCM 0.8215 × 10−6 Table 3 Parameters of the Weibull distribution for components of control system
Components Parameters Shape Scale GPDU 2.3 6800 PLC 1.9 7450 UPS 2.1 7050 MCS 2.9 9860 SPMCU 2.3 6800 DU 2.5 8400 SCM 2.9 9860 -
Abaei MM, Abbassi R, Garaniya V, Chai S, Khan F (2018) Reliability assessment of marine floating structures using Bayesian network. Appl Ocean Res 76: 51–60. https://doi.org/10.1016/j.apor.2018.04.004 Artana KB, Pitana T, Dinariyana DP, Ariana M, Kristianto D, Pratiwi E (2018) Real-time monitoring of subsea gas pipelines, offshore platforms, and ship inspection scores using an automatic identification system. J Mar Sci Appl 17(1): 101–111. https://doi.org/10.1007/s11804-018-0003-y Barbosa JD, Santos RC, Romero JFA, Asano PTL, Neto AVS, Camargo JB, Almeida JR, Cugnasca PS (2019) A methodology for reliability assessment of substations using fault tree and Monte Carlo simulation. Electr Eng 101(1): 57–66. https://doi.org/10.1007/s00202-019-00756-2 Bhattacharyya SK, Cheliyan AS (2019) Optimization of a subsea production system for cost and reliability using its fault tree model. Reliab Eng Syst Saf 185: 213–219. https://doi.org/10.1016/j.ress.2018.12.030 Bitanov A (2015) Reliability study of subsea control module with focus on statistical methods. Master thesis, Norwegian University of Science and Technology, Trondheim, 1-5 Cai B, Liu H, Xie M (2016a) A real-time fault diagnosis methodology of complex systems using object-oriented Bayesian networks. Mech Syst Signal Process 80: 31–44. https://doi.org/10.1016/j.ymssp.2016.04.019 Cai B, Liu Y, Xie M (2016b) A dynamic-Bayesian-network-based fault diagnosis methodology considering transient and intermittent faults. IEEE Trans Autom Sci Eng 14(1): 276–285. https://doi.org/10.1109/TASE.2016.2574875 Cai B, Shao X, Liu Y, Kong X, Wang H, Xu H, Ge W (2019) Remaining useful life estimation of structure systems under the influence of multiple causes: subsea pipelines as a case study. IEEE Trans Ind Electron 67(7): 5737–5747. https://doi.org/10.1109/TIE.2019.2931491 Cao L, Li Z, Guo C, Li P, Meng X, Wang T (2019) Design and test of the MEMS coupled piezoelectric–electromagnetic energy harvester. Int J Precis Eng Manuf 20(4): 673–686. https://doi.org/10.1007/s12541-019-00051-x Cao L, Cai Y, Xu G, Cui J (2020) Research on output characteristics of double-ended fixed beam piezoelectric energy harvester under random excitation. Int J Precis Eng Manuf 21: 1075–1083. https://doi.org/10.1007/s12541-020-00322-y Carroll J, McDonald A, McMillan D (2016) Failure rate, repair time and unscheduled O & M cost analysis of offshore wind turbines. Wind Energy 19(6): 1107–1119. https://doi.org/10.1002/we.1887 Chebila M (2018) Simultaneous evaluation of safety integrity's performance indicators with a generalized implementation of common cause failures. Process Saf Environ Prot 117: 214–222. https://doi.org/10.1016/j.psep.2018.04.019 Chen C, Yang Y, Wang M, Zhang X (2018) Characterization and evolution of emergency scenarios using hybrid Petri net. Process Saf Environ Prot 114: 133–142. https://doi.org/10.1016/j.psep.2017.12.016 Choi I-H, Chang D (2016) Reliability and availability assessment of seabed storage tanks using fault tree analysis. Ocean Eng 120: 1–14. https://doi.org/10.1016/j.oceaneng.2016.04.021 Deyab SM, Taleb-Berrouane M, Khan F, Yang M (2018) Failure analysis of the offshore process component considering causation dependence. Process Saf Environ Prot 113: 220–232. https://doi.org/10.1016/j.psep.2017.29010 https://doi.org/10.1016/j.psep.2017.10.010 Don MG, Khan F (2019) Dynamic process fault detection and diagnosis based on a combined approach of hidden Markov and Bayesian network model. Chem Eng Sci 201: 82–96. https://doi.org/10.1016/j.ces.2019.01.060 Elusakin T, Shafiee M (2020) Reliability analysis of subsea blowout preventers with condition-based maintenance using stochastic Petri nets. J Loss Prev Process Ind 63: 104026. https://doi.org/10.1016/j.jlp.2019.104026 Feng G, Wang D, Garbatov Y, Guedes Soares C (2015) Reliability analysis based on a direct ship hull strength assessment. J Mar Sci Appl 14(4): 389–398. https://doi.org/10.1007/s11804-015-1328-4 Henriquez P, Alonso JB, Ferrer MA, Travieso CM (2013) Review of automatic fault diagnosis systems using audio and vibration signals. IEEE Transact Syst Man Cybern: Syst 44(5): 642–652. https://doi.org/10.1109/TSMCC.2013.2257752 Hokstad P, Bodsberg L (1989) Reliability model for computerized safety systems. Proceedings of Annual Reliability and Maintainability Symposium, Atlanta, pp 435–440. https://doi.org/10.1109/ARMS.1989.49641 Jones B, Jenkinson I, Yang Z, Wang J (2010) The use of Bayesian network modelling for maintenance planning in a manufacturing industry. Reliab Eng Syst Saf 95(3): 267–277. https://doi.org/10.1016/j.ress.2009.42007 https://doi.org/10.1016/j.ress.2009.10.007 Kim S, Chung S, Yang Y (2014) Availability analysis of subsea blowout preventer using Markov model considering demand rate. Int J Naval Architect Ocean Eng 6(4): 775–787. https://doi.org/10.2478/IJNAOE-2013-0211 Konovessis D, Cai W, Vassalos D (2013) Development of Bayesian network models for risk-based ship design. J Mar Sci Appl 12(2): 140–151. https://doi.org/10.1007/s11804-013-1179-9 Labovská Z, Labovský J, Jelemenský Ľ, Dudáš J, Markoš J (2014) Model-based hazard identification in multiphase chemical reactors. J Loss Prev Process Ind 29: 155–162. https://doi.org/10.1016/j.jlp.2014.02.004 Li W, Cao Q, He M, Sun Y (2018) Industrial non-routine operation process risk assessment using job safety analysis (JSA) and a revised Petri net. Process Saf Environ Prot 117: 533–538. https://doi.org/10.1016/j.psep.2018.05.029 Li M, Kang J, Sun L, Wang M (2019) Development of optimal maintenance policies for offshore wind turbine gearboxes based on the non-homogeneous continuous-time Markov process. J Mar Sci Appl 18(1): 93–98. https://doi.org/10.1007/s11804-019-00075-9 Lihou DA, Spence GD (1988) Proper use of data with the Weibull distribution. J Loss Prev Process Ind 1(2): 110–113. https://doi.org/10.1016/0950-4230(88)80021-4 Liu G, Li H, Qiu Z, Leng D, Li Z, Li W (2019a) A mini review of recent progress on vortex-induced vibrations of marine risers. Ocean Eng 195: 106704. https://doi.org/10.1016/j.oceaneng.2019.106704 Liu P, Liu Y, Wei X, Xin C, Sun Q, Wu X (2019b) Performance analysis and optimal design based on dynamic characteristics for pressure compensated subsea all-electric valve actuator. Ocean Eng 191: 106568. https://doi.org/10.1016/j.oceaneng.2019.106568 Liu P, Liu Y, Cai B, Wu X, Wang K, Wei X, Xin C (2020) A dynamic Bayesian network based methodology for fault diagnosis of subsea Christmas tree. Appl Ocean Res 94: 101990. https://doi.org/10.1016/j.apor.2019.101990 Lyu S, Duan M, Liang W, Chen J, Xie Z (2014) Reliability evaluation for subsea X-mas tree control system based on Bayesian networks. The Twenty-fourth International Ocean and Polar Engineering Conference, Busan, Korea, 271 Matsuoka T, Kobayashi M (1988) GO-FLOW: a new reliability analysis methodology. Nucl Sci Eng 98(1): 64–78. https://doi.org/10.13182/NSE88-A23526 Moss TR (2005) The reliability data handbook. Wiley-Blackwell, Hoboken, pp 32–37 Nhat DM, Venkatesan R, Khan F (2020) Data-driven Bayesian network model for early kick detection in industrial drilling process. Process Saf Environ Prot 138: 130–138. https://doi.org/10.1016/j.psep.2020.03.017 Participants O (2002) OREDA offshore reliability data handbook. vol. 4th. Det Norske Veritas, Høvik, pp 102–127 Ramos AG, de Souza GFM (2017) Availability assessment of an offshore gas treatment system using Stochastic Petri Nets. The 27th International Ocean and Polar Engineering Conference, California, USA, 197 Rathnayaka S, Khan F, Amyotte P (2012) Accident modeling approach for safety assessment in an LNG processing facility. J Loss Prev Process Ind 25(2): 414–423. https://doi.org/10.1016/j.jlp.2011.09.006 Sakurahara T, Schumock G, Reihani S, Kee E, Mohaghegh Z (2019) Simulation-informed probabilistic methodology for common cause failure analysis. Reliab Eng Syst Saf 185: 84–99. https://doi.org/10.1016/j.ress.2018.12.007 Sandtorv HA, Hokstad P, Thompson DW (1996) Practical experience with a data collection project: the OREDA project. Reliab Eng Syst Saf 51(2): 159–167. https://doi.org/10.1016/0951-8320(95)00113-1 Silva AHM, da Hora, HRM, Fernandes RM (2018) Reliability assessment of a subsea electro-hydraulic control system. Proceedings IRF2018: 6th International Conference Integrity-Reliability-Failure, Lisbon, 1031-1038 Stendebakken OI (2014) A reliability study of a deepwater vertical Xmas tree with attention to XT retrieval rate. Master thesis, Institutt for Marin Teknikk, Norwegian, 21-50 Toroody AB, Abaiee MM, Gholamnia R, Ketabdari MJ (2016) Epistemic-based investigation of the probability of hazard scenarios using Bayesian network for the lifting operation of floating objects. J Mar Sci Appl 15(3): 250–259. https://doi.org/10.1007/s11804-016-1361-y Venkatasubramanian V, Rengaswamy R, Kavuri SN (2003) A review of process fault detection and diagnosis: Part Ⅱ: Qualitative models and search strategies. Comput Chem Eng 27(3): 313–326. https://doi.org/10.1016/S0098-1354(02)00161-8 Volovoi V (2004) Modeling of system reliability Petri nets with aging tokens. Reliab Eng Syst Saf 84(2): 149–161. https://doi.org/10.1016/j.ress.2003.84013 https://doi.org/10.1016/j.ress.2003.10.013 Wang X, Jia P, Lizhang H, Wang L, Yun F, Wang H (2018) Reliability and safety modelling of the electrical control system of the subsea control module based on Markov and multiple beta factor model. IEEE Access 7: 6194–6208. https://doi.org/10.1109/ACCESS.2018.2889104 Wang H, Yajima A, Castaneda H (2019a) A stochastic defect growth model for reliability assessment of corroded underground pipelines. Process Saf Environ Prot 123: 179–189. https://doi.org/10.1016/j.psep.2019.01.005 Wang L, Wang X, Lizhang H, Jia P, Yun F, Wang H (2019b) Design and reliability analysis of the electrical control system of the subsea control module. Proc Inst Mech Eng Part Ⅰ: J Syst Control Eng 233(6): 720–733. https://doi.org/10.1177/0959651818821199 Wang Y, Zhang P, Qin G (2019c) Non-probabilistic time-dependent reliability analysis for suspended pipeline with corrosion defects based on interval model. Process Saf Environ Prot 124: 290–298. https://doi.org/10.1016/j.psep.2019.02.028 Wang Y, Hou X, Zhang P, Qin G (2020) Reliability assessment of multi-state reconfiguration pipeline system with failure interaction based on Cloud inference. Process Saf Environ Prot 137: 116–127. https://doi.org/10.1016/j.psep.2020.02.019 Wanvik PG (2015) Reliability assessment of subsea X-mas tree configurations. Master thesis, Norwegian University of Science and Technology, Trondheim, 12-30 Xie X, Guo D (2018) Human factors risk assessment and management: process safety in engineering. Process Saf Environ Prot 113: 467–482. https://doi.org/10.1016/j.psep.2017.11.018 Yu J, Zhao HL (2013) All-electric subsea production control system. Appl Mech Mater Trans Tech Publ 251: 196–200. https://doi.org/10.4028/www.scientific.net/AMM.251.196 Zhang H, Innal F, Dufour F, Dutuit Y (2014) Piecewise deterministic Markov processes based approach applied to an offshore oil production system. Reliab Eng Syst Saf 126: 126–134. https://doi.org/10.1016/j.ress.2014.01.016 Zhang J, Liu Y, Lundteigen M, Bouillaut L (2016) Using Bayesian networks to quantify the reliability of a subsea system in the early design. Risk, Reliability and Safety: Innovating Theory and Practice: Proceedings of ESREL 2016, Glasgow, Scotland, 404
